Add Zephex to ~/.copilot/mcp-config.json (type http), run npx -y zephex setup, or stdio npx fallback. Hosted https://zephex.dev/mcp is recommended — separate from VS Code .vscode/mcp.json.
Official GitHub Copilot CLI MCP documentation: GitHub Copilot CLI docs
Without MCP, your agent guesses project layout and misses supply-chain risk. Zephex connects one hosted endpoint so every session gets the same ten tools — no per-machine npm installs, no version drift across the team.
HTTP and stdio setups both need a key from your Zephex dashboard. OAuth-only flows (ChatGPT, Claude.ai web) sign you in in the browser instead — skip this section for those.
Matches the published CLI (mcp-proxy/src/commands/setup.ts). One command signs you in, writes the correct transport, and verifies 10 tools.
Account teardown: logout vs disconnect · Connect MCP walkthrough
Search docs for “where is my MCP file” — the answer is always: run list first, then open the path it prints.
Documented paths: ~/.copilot/mcp-config.json or <project>/.mcp.json
Copilot CLI wizard writes stdio mcpServers entry.
Runs the same code as mcp-proxy/src/commands/setup.ts — OAuth in browser, creates a CLI key, writes your editor config, verifies tools.
npx -y zephex setup --copilotSkip browser OAuth — paste a key from zephex.dev/dashboard/keys. Must start with mcp_prod_, mcp_dev_, or mcp_sk_.
npx -y zephex setup --copilot --api-key mcp_prod_your-key-heremcpServers command/args/env: Transport: stdio (see ~/.copilot/mcp-config.json or <project>/.mcp.json).
{ "mcpServers": { "zephex": { "command": "npx", "args": ["-y", "zephex"], "env": { "ZEPHEX_API_KEY": "mcp_sk_your_key_here" } } }}After CLI install, fully restart the app if tools do not appear. Manual JSON/TOML blocks below are equivalent — use them when CLI commands are unavailable.
Full comparison: HTTP vs stdio · npx zephex reference
GitHub Copilot CLI reads ~/.copilot/mcp-config.json at startup. type http + url is the hosted pattern; do not use type local with npx for Zephex.
Replace mcp_sk_your_key_here with your key from Dashboard → API Keys. Copy the full key once at creation — paste into Authorization: Bearer … for HTTP configs, or into ZEPHEX_API_KEY for stdio/npx configs.
type: "http" with url and headers — recommended.
{ "mcpServers": { "zephex": { "type": "http", "url": "https://zephex.dev/mcp", "headers": { "Authorization": "Bearer mcp_sk_your_key_here" } } }}Legacy local spawn via npx — use only if type http fails. Copilot uses env.ZEPHEX_API_KEY in the env object.
{ "mcpServers": { "zephex": { "command": "npx", "args": ["-y", "zephex"], "env": { "ZEPHEX_API_KEY": "mcp_sk_your_key_here" } } }}Tip
Copilot CLI config is separate from VS Code .vscode/mcp.json — edit ~/.copilot/mcp-config.json specifically.
Run these in a terminal when the editor UI is unclear — catches stale npm, wrong transport, and project shadows.
npx -y zephex@latest listnpx -y zephex@latest doctornpx -y zephex@latest repair# Fully quit the editor (Cmd+Q / Alt+F4), reopen, start a new agent sessionAfter saving your config, confirm Zephex is connected before you rely on it in real work.
Questions people ask when GitHub Copilot CLI does not show Zephex tools — indexed for docs search.
How do I connect Zephex to copilot-cli?
Fastest: npx -y zephex setup --copilot (browser sign-in, writes config, verifies 10 tools). Or paste manual config on this page, save, fully quit the app, reopen.
Where did setup save my copilot-cli MCP config?
Run npx -y zephex@latest list — it prints every config path on this machine that references Zephex.
copilot-cli works in terminal but not in the editor
GUI apps often lack nvm/fnm PATH. Run npx -y zephex@latest repair, ensure Node is on system PATH, fully quit the editor.
How do I disconnect Zephex from copilot-cli?
mcpcli disconnect --copilot — revokes key and strips config.
You do not call tools yourself — ask your agent in plain language. Try these once Zephex is connected:
“copilot CLI: get_project_context on the git root before suggesting a PR plan.”
~/.copilot/mcp-config.json http server exposes tools to terminal Copilot.
“find_code CODEOWNERS-related path filters in this GitHub Action repo.”
Ops repo search from the shell.
“check_package on a GitHub Action dependency someone added to package.json.”
CI supply-chain check.
“check_test: add required status checks to our workflow files.”
Scoped .github/workflows edits.
“read_code the reusable workflow entry job definition.”
YAML-adjacent repos still benefit from read_code on scripts.
“audit_headers on our open-source project's docs site URL.”
Public docs security from CLI.
Copilot CLI sees the git root of the directory you run from. cd into the repo before starting copilot with MCP tools.
These situations usually mean the setup cannot work until you fix the underlying issue:
No MCP
~/.copilot/mcp-config.json with mcpServers.zephex.
0 tools
type http, not type local.
Auth error
Authorization Bearer in headers object.
Wrong product
CLI config, not VS Code .vscode/mcp.json.
Stale session
Restart copilot after config save.
Copilot CLI mcp-config.json http — ten tools in the shell:
get_project_context
Reads your project structure, dependencies, scripts, env vars, and framework markers in one call. Replaces manually opening package.json, tsconfig, and multiple config files at the start of every session.
read_code
AST-based code extraction: pass a symbol name and get the implementation without reading entire files. Supports symbol lookup, batched file reads, and structural outlines for large files.
find_code
Ranked search across the repo for definitions, usages, and patterns. Faster than blind grep when the agent does not know where a symbol lives.
check_package
Live registry lookup for npm, PyPI, Cargo, and Go modules. Surfaces typosquat risk, maintainer changes, and suspicious version jumps before you run install.
explain_architecture
Generates Mermaid diagrams for auth flows, service boundaries, and module dependencies so the agent reasons about structure instead of guessing.
check_test
Turns a task description into the smallest file set to read or edit, with risk ratings and caller impact notes.
audit_headers
Grades a deployed URL for CSP, HSTS, TLS, cookies, and redirects. Returns fix snippets for common hosts (Vercel, Cloudflare, Nginx).
keep_thinking
Structured multi-step debugging: tracks hypotheses and conclusions so long investigations do not loop.
Zephex_dev_info
Expert patterns for authentication, databases, frontend frameworks, deployment, and mobile stacks when the agent needs vetted guidance.
project_memory
Persists decisions, gotchas, and conventions per project in ~/.zephex/memory (SQLite FTS5). recall before unfamiliar areas; remember after discoveries. Local stdio only on npx zephex.