"My Zephex MCP just saved me from a bad Stripe upgrade. Two prompts in Claude Code. check_package → Stripe is clean, no red flags."— r/ClaudeAI
Your AI editor keeps forgetting your project. Zephex fixes that.
One hosted MCP endpoint gives Cursor, Claude Code, VS Code, and Windsurf instant project context — your stack, your packages, your architecture — every session. Paste one config. Free to start.
How it works
Stop re-explaining your codebase.
Connect once.
Instead of wiring each editor separately, you point everything at zephex.dev/mcp once and Zephex handles validation, routing, and limits from there.
- One config per editor. Same endpoint, same tools, everywhere.
- Rotate or revoke keys from the dashboard — not buried in config files.
- 10 tools activate instantly across every connected editor.
Connect once
Paste one config and move on
Pick your client, copy the snippet, add your key, and point it at the Zephex endpoint.
.cursor/mcp.json
Setup steps
- 1Copy the JSON snippet aboveYour API key is already filled in.
- 2Create .cursor/mcp.json in your project rootIn your project folder, create a .cursor folder, then create mcp.json inside it.
- 3Paste the JSON and saveMake sure the file contains valid JSON — no extra text before or after the braces.
- 4Fully restart CursorMac: Cmd+Q then reopen. Windows: Ctrl+Q then reopen. A window reload is not enough.
- 5Confirm in Settings → Tools & MCPsYou should see "zephex" listed. If you see a JSON error, open the file and check for typos.
No packages or commands required. Just paste the config file and restart your editor. The connection uses native Streamable HTTP — no npx, no bridge packages.
MCP toolbox
10 tools your AI uses to actually know your codebase
Built-in tools that scan your real repo, your live packages, and your running architecture — so your AI works with what's actually there, not what it remembers or guesses.
get_project_context
Instant codebase snapshot. Your AI knows your stack before you type the first prompt.
Summarizes the repo’s stack and key integration points (auth, hosting, billing, queues) based on what’s actually present in code and config.
When to use
- You just opened a new repo
- You need the stack + key entry points
- You want a safe overview before changing code
Built for real workflows
Who uses Zephex
Teams that need MCP to feel operational: one endpoint, one control layer, less config drift.
One endpointOne control layerLess config drift
Profile 01
Solo developers
One setup that survives repo switches, editor changes, and client work.
Where it breaks
You bounce between side projects, contract repos, and multiple editors. Native MCP means duplicated config, duplicated tools, and drift every time something changes.
What changes with Zephex
Keep one endpoint and one tool surface. Use separate keys for local and client work without rebuilding the whole MCP setup each time.
Repo hoppingMulti-editor setupSeparate local and client keys
Profile 02
Startups and product teams
A shared control layer for local, staging, and production work.
Where it breaks
Different people use different editors, environments, and tool sets. Access rules end up buried in config files and break quietly when the stack shifts.
What changes with Zephex
Point everyone at the same hosted endpoint, issue keys per person or environment, and keep tool availability consistent while the product changes underneath.
Team-wide rolloutStaging and productionFewer secret handoffs
Profile 03
Platform and ops teams
Operate MCP like infrastructure instead of tribal knowledge.
Where it breaks
Rate limits, key rotation, and usage tracking get patched into each client separately, which makes audits, ownership, and incident response harder than they should be.
What changes with Zephex
Centralize auth, usage visibility, and key lifecycle control at the proxy layer so policy changes happen once instead of repo by repo.
Key lifecycle controlRuntime limitsAudit visibility
Profile 04
AI agent builders
Give your agents real codebase intelligence without building the infrastructure yourself.
Where it breaks
Agents that run against a codebase need to know the stack, the package versions, the auth flows, and the architecture — but building that context layer from scratch is weeks of work and breaks every time the repo shifts.
What changes with Zephex
Point your agent at the /mcp endpoint with a scoped key. It gets get_project_context, check_package, audit_package, explain_architecture, and read_code instantly — no infrastructure, no maintenance, no drift.
Scoped agent keysInstant context toolsNo infra to maintain
Operational trust
Security and data boundaries users can verify
Show the controls, the runtime protections, and the policy surface people check before they trust a proxy.
Hash-only key storageProxy-level enforcementExplicit data-use policy
Key storage
API keys are hashed, rotated, and managed from the dashboard
Raw keys are shown once at creation. Server-side verification uses hashing, and exposed keys can be rotated or revoked without changing the endpoint users hit.
- Raw key shown only at creation
- Dashboard-based revoke and rotate flows
- No plaintext key storage in the database
Runtime controls
Limits and abuse controls live at the proxy boundary
Per-key enforcement, usage tracking, and request ceilings happen where traffic enters instead of being bolted onto each client separately.
- Per-key rate limiting and request ceilings
- Usage visibility for billing and ops
- Shared enforcement across clients and environments
Data boundary
Data-use policy is explicit about what is and is not processed
Security, privacy, and data-use docs explain what is needed to operate the service and state that prompts, tool inputs, outputs, and code are not used to train models.
- Dedicated Security page
- Dedicated Data Use page
- No model training on customer content
Zephex vs. local MCP and documentation tools
Scans your codebase, not a cached library
ZephexScans your actual codebase and live npm data
OthersReads indexed docs that may be days or weeks old
ZephexKnows your installed package versions, your auth flows, your real architecture
OthersKnows what the docs say — not what's actually running in your repo
ZephexOne hosted endpoint — no local server, no npx, no bridge packages
OthersLocal install required per editor, per machine, per project
ZephexAPI key management, usage tracking, key rotation from one dashboard
OthersManual config file edits per environment
This is why Zephex users catch breaking changes Context7 misses — it reads your repo, not a cached library.See the tools →
Plans
Simple pricing, clear limits.
Start free. Upgrade when you need more requests, more backends, or custom key scopes.
$0/mo
FREE
Requests300 / mo
API Keys3
MCP Backends1
Key scopesFull only
Recommended
$7 / 3.5k req
$7/mo
PRO
Requests3,500 / mo
API KeysUnlimited
MCP Backends10
Key scopesCustom
$19 / 10k req
$19/mo
MAX
Requests10,000 / mo
API KeysUnlimited
MCP Backends20
Key scopesCustom
API access
Create a key, send one header, call tools.
Generate the key in the dashboard, use it as a Bearer token, confirm tools/list, and route actual MCP traffic through the same endpoint.
Step 01
Create the key in the dashboard
Generate it once and keep separate keys for local, staging, and production.
Step 02
Send it as Bearer auth
Use the key in the Authorization header from an editor client or direct request.
Step 03
Confirm the tool catalog
Call `tools/list` first so the client sees exactly which tools this key can access.
Step 04
Route real MCP traffic
After discovery, send `tools/call` through the same endpoint and let Zephex enforce the boundary.
First request
Endpoint
https://zephex.dev/mcpAuthorization
Bearer mcp_sk_xxxcurl -X POST https://zephex.dev/mcp \
-H "Authorization: Bearer mcp_sk_xxx" \
-H "Content-Type: application/json" \
-d '{"jsonrpc":"2.0","id":1,"method":"tools/list","params":{}}'Expected response
{
"jsonrpc": "2.0",
"id": 1,
"result": {
"tools": [
{ "name": "read_code" },
{ "name": "find_code" },
{ "name": "inspect_url" }
]
}
}tools/list tells the client which tools this key can access before any real tool call runs.
Key handling rules
Separate environments
Use different keys for local, staging, and production so rotation stays precise.
Rotate on exposure
If a key lands in logs, a repo, or a screenshot, revoke it and mint a new one immediately.
Keep keys out of git
Store them in secret managers, not config committed to repositories or shared snippets.
FAQ
Questions beforeyou connect
Quick answers for evaluation, setup, and security review.
Most users connect in a few minutes — create a key, paste one config snippet into your editor, and call the MCP endpoint. No long onboarding, no infrastructure to provision.
Zephex provides setup guidance for Cursor, Claude Code, VS Code, Windsurf, and JetBrains, and any other MCP-compatible client. If it speaks MCP, it works.
No. Zephex does not use your prompts, tool inputs, tool outputs, or code to train AI models. Your data is routed and enforced at the boundary — nothing is retained for model training.
Treat every key like a secret: keep them out of public repos, rotate any exposed key immediately, and use isolated keys per environment. Zephex makes this easier with scoped key policies from your dashboard.
Zephex surfaces the failure in your operational dashboard in real time. The boundary enforcer catches tool-call errors before they propagate and logs them with full trace context so you can diagnose without reproducing.
Yes. The single-endpoint model means you control exactly what crosses the boundary. Scoped keys and policy rules let you permit or block specific tools, namespaces, and output shapes — without modifying your client configuration.
A local MCP server is tied to one machine and one editor. You re-install it for every new project, every team member, and every environment. Zephex is hosted — one endpoint that works across all your editors, machines, and teammates from the moment you paste the config.
Requests over your plan ceiling are blocked and surfaced in your dashboard so you can see exactly where the spike happened. You can upgrade at any time — limits reset monthly, and there is no surprise overage billing on Free or Pro.
Yes. Anything that can send an HTTP request with a Bearer token can call the /mcp endpoint. That includes automated agents, CI workflows, and custom scripts — not just interactive editors. Scoped keys let you give automation a narrower surface than your personal key.
Yes. Every tool call is logged in your dashboard — name, timestamp, key, and result status. This makes it easy to see what your AI is actually using, catch runaway usage patterns, and verify the right tools are hitting the right backends.