Guide v1.5

Cursor & IDE Configuration

Route all AI coding assistant traffic through Smartflow for policy enforcement, usage visibility, cost control, and semantic caching — without changing your daily workflow.

Why route IDEs through Smartflow

What this enables: By pointing your AI coding tools at the Smartflow proxy instead of directly at OpenAI or Anthropic, every completion, chat message, and inline suggestion flows through your organization's control plane. You get:
  • Usage visibility per developer — see exactly which engineers are using which models and how much.
  • Cost control via virtual keys (sk-sf-*) — issue per-developer or per-team keys with optional spend caps and rate limits.
  • MAESTRO policy enforcement — automatic PII redaction, prompt injection blocking, and compliance rules applied to every request before it reaches the LLM.
  • Semantic caching — repeated or near-identical code queries are served from cache, saving tokens and reducing latency.
  • Audit logs — full request/response history searchable from the admin dashboard.

How it works

Smartflow exposes an OpenAI-compatible API surface. Any tool that can set a custom base URL can be routed through Smartflow with zero changes to how you write prompts or select models. The proxy inspects, enforces policies on, and optionally caches each request, then forwards it to the upstream provider.

Request flow — IDE → Smartflow → LLM Provider
Developer Workstation
Cursor IDE
chat · completions
inline edit
VS Code + Continue
chat · autocomplete
inline edit
Aider / Windsurf
CLI · agentic
code gen
JetBrains AI
IntelliJ · PyCharm
GoLand
HTTPS  ·  /v1/chat/completions  ·  base_url = https://your-proxy.example.com
⚡ Smartflow Proxy  ·  port 7775
Virtual Key Authsk-sf-* budget & rate limits
MAESTRO PolicyPII redaction · prompt injection
Semantic Cache4-phase lookup · token savings
Provider RoutingOpenAI · Anthropic · Azure · local
Audit Logging & Analyticsfull request trace · VAS compliance log
OpenAI
GPT-4o · o3
DALL·E · Whisper
Anthropic
Claude 3.5 · 3
Sonnet · Haiku
Azure OpenAI
Enterprise
deployments
Local / Other
Ollama · vLLM
Groq · Mistral

All IDE tools make requests to the same paths they normally would (/v1/chat/completions, /v1/models, etc.) — Smartflow is 100% API-compatible with OpenAI's REST interface.

Cursor IDE

Cursor is the primary use case for Smartflow IDE integration. It supports a custom OpenAI base URL and a custom Anthropic base URL in its settings, making it trivial to proxy all AI traffic.

Best practice: Create one sk-sf-* virtual key per developer in the Smartflow admin panel, then distribute those keys via your MDM or secrets manager. Each developer's activity is attributed to their key in the usage dashboard.

Setting the API base URL

  1. Open Cursor and press Cmd+Shift+J (macOS) or Ctrl+Shift+J (Windows/Linux) to open Cursor Settings.
  2. Navigate to Models in the left sidebar.
  3. Scroll down to the OpenAI API Key section. Click Override OpenAI Base URL.
  4. Enter your Smartflow proxy URL: https://YOUR-PROXY.example.com
  5. In the API Key field, paste your virtual key: sk-sf-xxxxxxxxxxxxxxxx
    Alternatively, paste your real OpenAI key — the proxy will route it correctly.
  6. Click Verify to confirm connectivity, then click Save.
Important: The base URL should not include a trailing path. Enter https://your-proxy.example.com, not https://your-proxy.example.com/v1. Cursor automatically appends /v1/chat/completions.

Model selection

Once the base URL is set, Cursor will query /v1/models on your proxy to populate the model dropdown. Smartflow returns the full list of models available to your account, including any model aliases you have configured in the routing rules.

To use Claude models via Cursor's native Anthropic integration also through Smartflow:

  1. In Cursor Settings → Models, find the Anthropic API Key section.
  2. Enable Override Anthropic Base URL.
  3. Enter: https://YOUR-PROXY.example.com/anthropic
  4. Use your sk-sf-* virtual key (or your real Anthropic key — the proxy rewrites the auth header appropriately).
Smartflow's /anthropic path accepts the full Anthropic Messages API format (/anthropic/v1/messages) and applies all the same policy/cache/logging steps as the OpenAI-compatible path.

Using virtual keys (sk-sf-*)

Virtual keys are issued from the Smartflow admin dashboard under Key Vault → New Key. Each key can have:

Setting Description Example
name Human-readable label shown in usage reports alice@corp.com — Cursor
model_allowlist Restrict key to specific models only ["gpt-4o", "claude-3-5-sonnet"]
monthly_spend_cap Hard USD limit; key returns 429 when exceeded 50.00
rpm_limit Requests per minute ceiling 60
tpm_limit Tokens per minute ceiling 100000
policy_set Named MAESTRO policy bundle applied to all requests engineering-team

The key format is sk-sf- followed by a 32-character random string. It is indistinguishable in length/format from a real OpenAI key, so existing tooling that validates key prefixes will accept it.

Per-project configuration

Cursor respects a .cursor/config.json file at the root of your workspace. You can use this to enforce a specific model or base URL for a given repository, useful when different projects require different policy sets or cost centers.

{
  "openai": {
    "baseUrl": "https://YOUR-PROXY.example.com",
    "apiKey": "sk-sf-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
  },
  "defaultModel": "gpt-4o",
  "anthropic": {
    "baseUrl": "https://YOUR-PROXY.example.com/anthropic",
    "apiKey": "sk-sf-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
  }
}
Do not commit real API keys to version control. For per-project keys, prefer referencing an environment variable via your shell profile (~/.zshrc / ~/.bashrc) or your team's secrets manager, and leave the apiKey field empty in the committed config — Cursor will fall back to the value set in global settings.

VS Code + Copilot Chat

GitHub Copilot routing

GitHub Copilot Business and Enterprise accounts with a proxy-enabled organization policy can route Copilot traffic through Smartflow. This requires configuring the proxy at the GitHub organization level — individual developers cannot override Copilot's endpoint.

For organizations without GitHub's proxy policy feature, the recommended path is to use the Continue extension (below) alongside or instead of Copilot for chat and generation tasks.

GitHub Copilot inline completions (tab suggestions) use a proprietary protocol that cannot be intercepted by a standard OpenAI-compatible proxy. Only Copilot Chat uses the OpenAI chat completions format. Use Continue for full proxy coverage of all coding-assistant requests.

Continue extension setup

Continue is an open-source VS Code (and JetBrains) extension that fully supports custom OpenAI-compatible endpoints. It covers chat, inline edit, and autocomplete — making it a complete Copilot alternative routed entirely through Smartflow.

Install Continue

Install from the VS Code Marketplace: search for Continue by Continue.dev, or run:

ext install Continue.continue

Configure ~/.continue/config.json

Open the Continue config file via the Command Palette: Continue: Open config.json. Replace or merge the following:

{
  "models": [
    {
      "title": "GPT-4o via Smartflow",
      "provider": "openai",
      "model": "gpt-4o",
      "apiBase": "https://YOUR-PROXY.example.com/v1",
      "apiKey": "sk-sf-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
    },
    {
      "title": "Claude 3.5 Sonnet via Smartflow",
      "provider": "anthropic",
      "model": "claude-3-5-sonnet-20241022",
      "apiBase": "https://YOUR-PROXY.example.com/anthropic",
      "apiKey": "sk-sf-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
    }
  ],
  "tabAutocompleteModel": {
    "title": "Autocomplete via Smartflow",
    "provider": "openai",
    "model": "gpt-4o-mini",
    "apiBase": "https://YOUR-PROXY.example.com/v1",
    "apiKey": "sk-sf-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
  }
}
Note on apiBase in Continue: Unlike Cursor, the Continue extension expects the base URL to include /v1 (e.g., https://your-proxy.example.com/v1). Check the Continue release notes if this behavior changes across versions.

Per-workspace Continue config

You can place a .continuerc.json in the root of any workspace to override the global config for that project. The format is identical to ~/.continue/config.json and supports partial overrides (keys are merged, not replaced).

{
  "models": [
    {
      "title": "GPT-4o (Project Alpha)",
      "provider": "openai",
      "model": "gpt-4o",
      "apiBase": "https://YOUR-PROXY.example.com/v1",
      "apiKey": "sk-sf-project-alpha-key"
    }
  ]
}

JetBrains AI Assistant

JetBrains AI Assistant (bundled in IntelliJ IDEA 2023.3+, PyCharm, GoLand, WebStorm, etc.) supports a custom OpenAI-compatible server as its backend.

  1. Open Settings / Preferences (Cmd+, / Ctrl+Alt+S).
  2. Navigate to Tools → AI Assistant → OpenAI-compatible server.
  3. Enable Use custom server.
  4. Set Server URL to: https://YOUR-PROXY.example.com/v1
  5. Set API Key to your virtual key: sk-sf-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
  6. Choose your Model from the dropdown (populated from /v1/models on your proxy).
  7. Click Verify Connection, then Apply.
JetBrains version note: The "OpenAI-compatible server" option was introduced in AI Assistant plugin v2.1.7 (bundled with the 2024.1 IDE generation). Earlier versions only support JetBrains' own AI service and cannot be redirected to a custom proxy. Update your IDE to the latest stable release.

JetBrains AI Assistant uses chat completions for its AI Chat panel and the Generate/Refactor/Explain actions in the editor. All of these will flow through Smartflow once the server URL is configured.

Windsurf

Windsurf (by Codeium) supports a custom OpenAI base URL for its Cascade agent and inline completions via the same settings pattern as Cursor.

  1. Open Windsurf and navigate to Settings (gear icon in the bottom-left).
  2. Go to AI Models → Custom OpenAI-Compatible Provider.
  3. Set Base URL to: https://YOUR-PROXY.example.com
  4. Set API Key to your sk-sf-* virtual key.
  5. In the Model field, enter the model name (e.g., gpt-4o or claude-3-5-sonnet-20241022).
  6. Click Save & Test.

Windsurf's Cascade multi-step agent makes a series of chat completions requests for each task. With Smartflow in the path, each step is individually logged and subject to policy checks, giving you complete visibility into agentic coding sessions.

If Windsurf shows a "model not found" error, verify that the model name you entered matches one returned by GET https://YOUR-PROXY.example.com/v1/models. You can check this in your browser or with curl (see Testing the connection).

Aider / CLI Tools

Aider is an open-source CLI coding assistant that pairs a conversational agent with your local git repository. It uses the OpenAI SDK under the hood, so routing through Smartflow requires only environment variables.

Environment variables

# Add to ~/.zshrc, ~/.bashrc, or your shell profile
export OPENAI_API_BASE="https://YOUR-PROXY.example.com/v1"
export OPENAI_API_KEY="sk-sf-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

# For Claude models via the Anthropic endpoint:
export ANTHROPIC_BASE_URL="https://YOUR-PROXY.example.com/anthropic"
export ANTHROPIC_API_KEY="sk-sf-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

Then invoke aider normally:

aider --model gpt-4o
aider --model claude-3-5-sonnet-20241022

Aider config file (~/.aider.conf.yml)

Alternatively, persist these settings in aider's YAML config:

# ~/.aider.conf.yml
openai-api-base: https://YOUR-PROXY.example.com/v1
openai-api-key: sk-sf-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
model: gpt-4o
Other CLI tools: Any tool using the openai Python package or the OpenAI Node SDK can be redirected with the same two environment variables (OPENAI_API_BASE and OPENAI_API_KEY). This includes LangChain CLI, LlamaIndex scripts, Fabric, Shell-GPT, and any custom scripts you've written.

Enterprise Deployment

MDM-pushed configuration

For organizations managing developer machines with an MDM solution (Jamf, Kandji, Intune, Mosyle), you can pre-configure the Smartflow proxy URL and a shared or individual virtual key without requiring any manual steps from developers.

macOS / Jamf — shell profile injection

# Deploy as a Jamf script (Policies → Scripts → Add)
# Run as: current user, After
#!/bin/bash
SHELL_PROFILE="/Users/$( stat -f %Su /dev/console )/.zshrc"

BLOCK='
# ── Smartflow IDE Proxy ──────────────────────────────────────────────
export OPENAI_API_BASE="https://YOUR-PROXY.example.com/v1"
export OPENAI_API_KEY="sk-sf-team-shared-key"
export ANTHROPIC_BASE_URL="https://YOUR-PROXY.example.com/anthropic"
export ANTHROPIC_API_KEY="sk-sf-team-shared-key"
# ────────────────────────────────────────────────────────────────────'

if ! grep -q "Smartflow IDE Proxy" "$SHELL_PROFILE"; then
  echo "$BLOCK" >> "$SHELL_PROFILE"
fi
Team keys vs. individual keys: Using a single shared sk-sf-team-* key across all developers means usage in the dashboard is attributed to that key rather than to individual engineers. For per-developer attribution, generate one key per user in the Key Vault and distribute via a secrets manager (e.g., 1Password Secrets Automation, HashiCorp Vault) or your MDM's managed preferences.

Cursor global settings via managed file (macOS)

Cursor stores its global settings at ~/Library/Application Support/Cursor/User/settings.json. You can pre-populate this file from your MDM during device enrollment:

{
  "cursor.openai.apiBaseUrl": "https://YOUR-PROXY.example.com",
  "cursor.openai.apiKey": "sk-sf-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
  "cursor.anthropic.apiBaseUrl": "https://YOUR-PROXY.example.com/anthropic"
}

Team rollout checklist

  1. Create a virtual key per developer (or per team) in the Smartflow Key Vault with appropriate spend caps and policy sets.
  2. Distribute keys via your secrets manager, MDM, or a password-protected internal onboarding doc. Never email raw keys.
  3. Distribute the proxy URL — use your internal hostname (e.g., https://ai.corp.example.com) so you can update the backend without reconfiguring all IDEs.
  4. Document the two-step IDE setup for each tool your team uses (Cursor, VS Code, etc.) in your internal wiki, linking to this page.
  5. Set up a MAESTRO policy bundle for engineering that applies PII redaction and blocks prompt injection — confirm it in the admin dashboard before going live.
  6. Monitor the dashboard for the first week to confirm traffic is flowing and no keys are misconfigured.

Verifying traffic in the dashboard

After configuring an IDE, send a test message (e.g., "Explain this function" in Cursor chat) and then check the Smartflow admin dashboard:

If requests do not appear after 30 seconds, see Common issues below.

Virtual keys for teams

Virtual keys (sk-sf-*) are the primary mechanism for multi-developer environments. Each key acts as a proxy credential that Smartflow maps to a real upstream API key stored in the Key Vault — developers never see the real key.

Creating a virtual key

  1. Go to Key Vault in the admin dashboard.
  2. Click New Virtual Key.
  3. Fill in the key name (e.g., dev-alice), optional limits, and the MAESTRO policy set to apply.
  4. Copy the generated sk-sf-* value — it is only shown once. Store it in your secrets manager immediately.

Revoking access

If a developer leaves or a key is compromised, disable or delete it in Key Vault. All IDE traffic using that key will immediately return 401 Unauthorized. The real upstream keys are unaffected.

Usage attribution

Every request logged in Smartflow carries the virtual key ID as its primary attribution identifier. The Usage Analytics dashboard can filter, group, and export usage data by key, model, date range, and policy outcome.

Environment variable reference

Variable Used by Value Notes
OPENAI_API_BASE openai-python SDK, Aider, LangChain, LlamaIndex, Shell-GPT https://YOUR-PROXY.example.com/v1 Include /v1 suffix for SDK compatibility
OPENAI_BASE_URL openai-python SDK v1.x+ https://YOUR-PROXY.example.com/v1 Newer alias for OPENAI_API_BASE; set both to be safe
OPENAI_API_KEY All OpenAI SDK-based tools sk-sf-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Your Smartflow virtual key
ANTHROPIC_BASE_URL anthropic-python SDK, Aider with Claude https://YOUR-PROXY.example.com/anthropic Do NOT include /v1 — Anthropic SDK appends its own path
ANTHROPIC_API_KEY anthropic-python SDK sk-sf-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Proxy rewrites to your real Anthropic key server-side
AZURE_OPENAI_ENDPOINT Azure OpenAI SDK https://YOUR-PROXY.example.com/azure Optional — only needed if routing Azure-formatted requests

Troubleshooting

Common issues

Symptom Likely cause Fix
Cursor shows "Could not connect to OpenAI" Wrong base URL format (trailing slash, wrong protocol, path included) Use exactly https://YOUR-PROXY.example.com — no trailing slash, no /v1
401 Unauthorized in logs Virtual key was revoked, expired, or typo in the key Verify key in Key Vault is active; re-copy the key value
429 Too Many Requests Key has hit its RPM or spend cap Check key limits in Key Vault; increase or reset cap as needed
Model not found / empty model list in Cursor Proxy returning non-standard /v1/models response Run the curl test below; check proxy logs for errors
Requests not appearing in dashboard after 60 seconds IDE still using direct OpenAI URL (settings not saved, or second installation) Confirm base URL in IDE settings; check for .cursor/settings.json in workspace overriding global config
MAESTRO policy blocking expected requests Policy set overly aggressive for coding context Review blocked request in Audit Logs; adjust the policy set in MAESTRO editor
Streaming responses truncated or broken in VS Code Continue Proxy nginx/Caddy buffer configuration stripping SSE events Ensure X-Accel-Buffering: no is set on streaming responses in your Caddyfile; see Deployment Best Practices
SSL certificate error Self-signed cert on internal proxy; IDE doesn't trust the CA Add your internal CA to the OS trust store, or use a publicly-trusted cert (Let's Encrypt via Caddy is recommended)

Testing the connection

Use curl to verify the proxy is reachable and your key is valid before configuring any IDE:

1. Check the models list

curl -s https://YOUR-PROXY.example.com/v1/models \
  -H "Authorization: Bearer sk-sf-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" \
  | python3 -m json.tool | head -40

Expected: a JSON object with a data array of model objects. If you see an empty list or an error, check the proxy logs and ensure your upstream API keys are configured.

2. Send a test chat completion

curl -s https://YOUR-PROXY.example.com/v1/chat/completions \
  -H "Authorization: Bearer sk-sf-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" \
  -H "Content-Type: application/json" \
  -d '{
    "model": "gpt-4o-mini",
    "messages": [{"role": "user", "content": "Reply with exactly: SMARTFLOW_OK"}],
    "max_tokens": 10
  }'

Expected response body:

{
  "id": "chatcmpl-...",
  "object": "chat.completion",
  "choices": [
    {
      "message": {
        "role": "assistant",
        "content": "SMARTFLOW_OK"
      },
      "finish_reason": "stop"
    }
  ]
}

3. Verify the request appeared in the dashboard

Navigate to Usage & Logs → Recent Requests in the admin dashboard. You should see the test request within a few seconds with:

All three checks pass? Your proxy is correctly configured and your virtual key is working. You're ready to configure your IDEs.

Further reading