Get from zero to your first working Zephex tool call in under 5 minutes. You need one API key, one editor config, and one successful tools/list response.
Open Dashboard → API Keys → Create new key. Name it for the environment it belongs to, such as local-dev or production. Copy the full key now. If you lose it, rotate and create a new one.
Choose your editor, paste the config into the exact file or settings screen shown below, and replace YOUR_API_KEY_HERE with your real key.
Paste Location
Create .cursor/mcp.json in your project root.
Restart
Fully quit Cursor with Cmd+Q on macOS or Ctrl+Q on Windows/Linux, then reopen it.
{ "mcpServers": { "zephex": { "command": "npx", "args": ["-y", "zephex"], "env": { "ZEPHEX_API_KEY": "YOUR_API_KEY_HERE" } } }}After restarting the editor, run this curl command. It confirms that the endpoint is reachable and the Authorization header is correct before you debug anything inside the editor UI.
curl -X POST https://zephex.dev/mcp \ -H "Authorization: Bearer YOUR_API_KEY" \ -H "Content-Type: application/json" \ -d '{"jsonrpc":"2.0","id":1,"method":"tools/list","params":{}}'A successful response looks like this:
{ "jsonrpc": "2.0", "id": 1, "result": { "tools": [ { "name": "get_project_context", "description": "Compact, verified project brief before you change code." }, { "name": "read_code", "description": "Extract exact functions, classes, and symbols from source files." }, { "name": "find_code", "description": "Fast repo-wide search using ripgrep." }, { "name": "check_package", "description": "Verify an npm package and compare versions." }, { "name": "audit_package", "description": "Check CVEs, breaking changes, and migration guidance." }, { "name": "explain_architecture", "description": "Trace request, auth, and data flows across the app." }, { "name": "Zephex_dev_info", "description": "Extract clean content from a public URL." }, { "name": "scope_task", "description": "Return the minimum file set to read before coding." }, { "name": "audit_headers", "description": "Audit TLS, redirects, headers, and cookies." }, { "name": "thinking", "description": "Create a structured investigation session with memory." } ] }}If you see 10 tools listed, the connection is working correctly. If you see unauthorized, the key or Bearer header format is wrong.
In your editor, open a repo and ask the agent to call get_project_context. This gives the model a grounded overview before it starts reading or changing files.
“Use the get_project_context tool and give me a compact overview of this project before you make any changes.”
A typical response looks like this:
Stack: Next.js 16, React 19, TypeScript, Bun, ExpressAuth: Bearer API keys (SHA-256 hashed) plus dashboard session authHosting: Vercel (public app), Render (proxy), Supabase (database)Key files: dashboard/src/app/api/mcp/route.ts, dashboard/src/lib/auth.ts, src/services/analyze-routes.tsIntegrations: Stripe (billing), Upstash Redis (rate limiting), Supabase (auth + DB), Sentry (monitoring)Environment variables: SUPABASE_URL, SUPABASE_ANON_KEY, STRIPE_SECRET_KEY, UPSTASH_REDIS_URLThis is the kind of output you should expect: concrete, structured, and grounded in the actual codebase.
unauthorized: The header must be exactly Bearer YOUR_KEY with a space after Bearer.rate_limit_exceeded: Check your monthly request usage in the dashboard. Free includes 300 requests per month.zephex.dev on port 443.