Connecting services and preparing your dashboard.
These patterns consistently produce better results when AI coding sessions use Zephex tools deliberately instead of ad hoc.
Call get_project_context once at the start of the session to establish the stack, auth method, hosting, and key files. If the task touches a specific area such as auth, billing, or the database, follow it with explain_architecture scoped to that area.
Example: ask for get_project_context with “summarize the stack, auth flow, billing integration, and deployment targets in this repo,” then call explain_architecture with “trace API key validation from the inbound request to the database lookup.” That gives the agent a grounded map before any code is changed.
Describe the task in plain English and let scope_task return the smallest useful file set. This removes most wasted context reads before the agent starts changing code.
Example: “Add request retry logging to failed Stripe webhook handling without touching unrelated billing UI.” A good scope_task result should come back with the webhook handler, shared retry utility, and affected tests instead of the whole billing surface.
When you need one function or class, use read_code with the symbol name and file path. You get the exact implementation, imports, and callers without spending tokens on the rest of the file.
Example: after scope_task points to auth.ts, call read_code for validateApiKey instead of pasting the full file into context.
Search for existing utilities, env vars, or TODOs before assuming they do not exist. A fast find_code call prevents duplicate implementations and surfaces context the agent would otherwise miss.
Example: search for Retry-After, rate_limit, or an existing toast helper before building a new limit-handling branch from scratch.
When a bug spans multiple files or has several plausible causes, call thinking to anchor the session. It tracks what has been checked, what was ruled out, and what the next action should be so the agent does not loop or forget prior conclusions.
Example: “The docs page flashes unauthenticated state, then fails to load billing data for signed-in users. List likely causes, rule them out one by one, and tell me the next file to inspect.” That keeps the debugging path explicit instead of bouncing between guesses.
After every deployment, run audit_headers against the production URL. It checks TLS validity, security headers, cookie flags, and redirect behavior, which makes it a good team-wide release gate instead of a one-off manual check.
Example: run it against https://zephex.dev after deployment. If it reports missing HSTS or a weak CSP on one release, fix that as a blocking regression instead of leaving it to manual browser inspection.
get_project_context once and reuse that output across the session.scope_task before reading files.find_code before read_code when you are still locating the right symbol or file.get_project_context → scope_task → find_code → read_code. That usually keeps the first pass under a fraction of the context cost of opening whole files.Create at least local-dev, staging, and production keys. Do not share keys between teammates. If a key leaks, you can rotate only the exposed key instead of disrupting every environment or user.
Example: if a contractor only needs package analysis in staging, issue a dedicated staging key with the right scope and revoke that one key when the work ends instead of rotating the entire team’s production access.