Was this page helpful?
Connect Zephex through ChatGPT Developer Mode on the web. There is no mcp.json on your computer — you create an app, paste the MCP server URL, and sign in with OAuth once. ChatGPT Desktop reuses the same app when you use the same OpenAI account. See OpenAI MCP docs for how ChatGPT handles MCP on their side.
Do everything on the website first; Desktop only mirrors what you created online.
If OAuth fails, try an incognito window, disable blockers for zephex.dev and zephex.us.auth0.com, then create the app again.
Copy this URL into the Create app form. You do not paste an API key into ChatGPT — OAuth links your Zephex account.
https://zephex.dev/mcpTip
After OAuth succeeds, usage counts against your Zephex plan (300 free requests/month). Tool errors about “project” mean add github:owner/repo — not an OAuth problem.
After saving your config, confirm Zephex is connected before you rely on it in real work.
You do not call tools yourself — ask your agent in plain language. Try these once Zephex is connected:
“With the Zephex app enabled, check_package on colorama before I add it to requirements.txt.”
PyPI safety from ChatGPT without a local Python environment.
“get_project_context on github:rails/rails — high-level stack only, no clone.”
GitHub URL is the right path when ChatGPT cannot see your laptop folders.
“scope_task on github:myorg/private-api (after I paste access): add pagination to /users.”
Task scoping once the repo is identifiable — upload files if the agent needs private files.
“audit_headers on https://shop.example.com — shopper-facing security only.”
URL-only tool fits ChatGPT’s cloud-only model.
“explain_architecture how our three services in the uploaded zip depend on each other.”
Works with uploaded archives when github: is not an option.
“Zephex_dev_info: OWASP checklist for a new JSON API — bullet actions for me.”
Expert security content without MCP reading your disk.
ChatGPT cannot see your disk by default. Use github:owner/repo for public code; upload files or paste absolute paths for private work.
These situations usually mean the setup cannot work until you fix the underlying issue:
Developer Mode not visible
Confirm plan tier with OpenAI docs. Try another browser profile or account tier that includes MCP apps.
Desktop missing the app
Create on web first, same OpenAI email, force-quit Desktop, sign in again, wait one minute.
OAuth loop or authorization failed
Clear cookies for auth0.com, retry in incognito. URL must be exactly https://zephex.dev/mcp.
Tools return no project / empty context
Not a connection bug — include github:owner/repo or upload files. ChatGPT has no automatic workspace root like VS Code.
Looking for API key field
ChatGPT uses OAuth for Zephex — create keys only for other editors at Dashboard → API Keys.
Enable the Zephex app per chat — OpenAI invokes these ten MCP tools server-side:
get_project_context
Reads your project structure, dependencies, scripts, env vars, and framework markers in one call. Replaces manually opening package.json, tsconfig, and multiple config files at the start of every session.
read_code
AST-based code extraction: pass a symbol name and get the implementation without reading entire files. Supports symbol lookup, batched file reads, and structural outlines for large files.
find_code
Ranked search across the repo for definitions, usages, and patterns. Faster than blind grep when the agent does not know where a symbol lives.
check_package
Live registry lookup for npm, PyPI, Cargo, and Go modules. Surfaces typosquat risk, maintainer changes, and suspicious version jumps before you run install.
audit_package
Deep package intelligence: CVEs with severity, breaking changes between versions, migration notes, and peer-dependency conflicts.
explain_architecture
Generates Mermaid diagrams for auth flows, service boundaries, and module dependencies so the agent reasons about structure instead of guessing.
scope_task
Turns a task description into the smallest file set to read or edit, with risk ratings and caller impact notes.
audit_headers
Grades a deployed URL for CSP, HSTS, TLS, cookies, and redirects. Returns fix snippets for common hosts (Vercel, Cloudflare, Nginx).
keep_thinking
Structured multi-step debugging: tracks hypotheses and conclusions so long investigations do not loop.
Zephex_dev_info
Expert patterns for authentication, databases, frontend frameworks, deployment, and mobile stacks when the agent needs vetted guidance.