Was this page helpful?
Add this to your Crush configuration file (crush.json in the project or ~/.config/crush/crush.json). Zephex connects over HTTP to https://zephex.dev/mcp — internet required, no local npx server. See Crush documentation for how Crush handles MCP on their side.
HTTP and stdio setups both need a key from your Zephex dashboard. OAuth-only flows (ChatGPT, Claude.ai web) sign you in in the browser instead — skip this section for those.
Crush uses a top-level mcp key — not Cursor’s mcpServers wrapper. Wrong shape is the most common mistake.
Replace mcp_sk_your_key_here with your key from Dashboard → API Keys. Copy the full key once at creation — paste into Authorization: Bearer … for HTTP configs, or into ZEPHEX_API_KEY for stdio/npx configs.
Type must be "http". Do not use command/npx for Zephex — that runs a local process instead of the hosted endpoint.
{ "$schema": "https://charm.land/crush.json", "mcp": { "zephex": { "type": "http", "url": "https://zephex.dev/mcp", "headers": { "Authorization": "Bearer mcp_sk_your_key_here" } } }}Tip
Launch Crush from the project directory when you want project crush.json to apply; global config applies when no project file exists.
After saving your config, confirm Zephex is connected before you rely on it in real work.
You do not call tools yourself — ask your agent in plain language. Try these once Zephex is connected:
“In Crush TUI, check_package on a Go module before go get in this Charm workspace.”
Terminal agent gets registry intel over HTTP MCP.
“get_project_context on the repo where crush.json lives.”
Stack snapshot for Bubble Tea / Go layouts.
“read_code the Update function in our view model — compact mode on.”
Small focused reads fit narrow terminal panes.
“find_code tea.KeyMsg handlers in this codebase.”
Idiomatic search for Charm ecosystem patterns.
“scope_task: add config file hot-reload to our CLI.”
Minimal touch list before Crush edits multiple packages.
“audit_headers on our project's public demo URL.”
Quick security sanity check from the same session.
You do not pick tools from a menu — ask your agent in normal sentences. Half of the tools only need a package name or URL; the other half need to know which codebase you mean (your Mac/Windows project folder or a GitHub repo).
These situations usually mean the setup cannot work until you fix the underlying issue:
Wrong JSON shape
Use mcp.zephex at top level per crush.json schema — not mcpServers.
Config not loaded
Check project crush.json vs ~/.config/crush/crush.json. Restart Crush from the intended cwd.
401 Unauthorized
"Authorization": "Bearer mcp_sk_..." — quotes around the full header value in JSON.
type http not recognized
Update Crush to a build that supports HTTP MCP per Charm docs.
find_code returns nothing
Name the repo: github:owner/repo or absolute path on Mac/Windows in the same message.
Crush http MCP block unlocks ten developer tools in the TUI agent:
get_project_context
Reads your project structure, dependencies, scripts, env vars, and framework markers in one call. Replaces manually opening package.json, tsconfig, and multiple config files at the start of every session.
read_code
AST-based code extraction: pass a symbol name and get the implementation without reading entire files. Supports symbol lookup, batched file reads, and structural outlines for large files.
find_code
Ranked search across the repo for definitions, usages, and patterns. Faster than blind grep when the agent does not know where a symbol lives.
check_package
Live registry lookup for npm, PyPI, Cargo, and Go modules. Surfaces typosquat risk, maintainer changes, and suspicious version jumps before you run install.
audit_package
Deep package intelligence: CVEs with severity, breaking changes between versions, migration notes, and peer-dependency conflicts.
explain_architecture
Generates Mermaid diagrams for auth flows, service boundaries, and module dependencies so the agent reasons about structure instead of guessing.
scope_task
Turns a task description into the smallest file set to read or edit, with risk ratings and caller impact notes.
audit_headers
Grades a deployed URL for CSP, HSTS, TLS, cookies, and redirects. Returns fix snippets for common hosts (Vercel, Cloudflare, Nginx).
keep_thinking
Structured multi-step debugging: tracks hypotheses and conclusions so long investigations do not loop.
Zephex_dev_info
Expert patterns for authentication, databases, frontend frameworks, deployment, and mobile stacks when the agent needs vetted guidance.