Core documentation content is fully readable without JavaScript. The table of contents, assistant, and some copy buttons enhance the experience but are not required.

Factory AI (Droid) MCP Server

npx -y zephex setup --droid writes stdio to ~/.factory/mcp.json or <repo>/.factory/mcp.json (command/args/env). HTTP type:http blocks are optional.

Official Factory AI (Droid) MCP documentation: Factory Droid MCP docs

MCP endpointhttps://zephex.dev/mcp

AuthenticationAuthorization: Bearer mcp_sk_... in headers (or ${ZEPHEX_API_KEY} env expansion)

Config file.factory/mcp.json (project root) or ~/.factory/mcp.json

Before you start

Factory Droid installed (factory.ai).
A Zephex API key from Dashboard → API Keys.
Run droid from the repository root when using project-level .factory/mcp.json.
Never commit API keys in project .factory/mcp.json — use env expansion or user config.

Get and paste your API key

HTTP and stdio setups both need a key from your Zephex dashboard. OAuth-only flows (ChatGPT, Claude.ai web) sign you in in the browser instead — skip this section for those.

Sign in at zephex.dev → Dashboard → API Keys (or /dashboard/api-keys).
Click Create API key, give it a name you will recognize (e.g. "Kilo — work laptop"), then create.
Copy the key as soon as it appears — Zephex only shows the full secret once. It starts with mcp_sk_ or a newer mcp_prod_… format.
Paste into your config: either only the key in an env field (ZEPHEX_API_KEY), or the full HTTP header value Authorization: Bearer YOUR_KEY — match what your editor’s form asks for.
Do not wrap the key in extra quotes inside JSON unless the file already quotes other string values.
Never commit API keys to git. Revoke and create a new key in the dashboard if one leaks.
For team repos: put keys in ~/.factory/mcp.json only, or use ${ZEPHEX_API_KEY} in project JSON with export ZEPHEX_API_KEY in your shell (Factory expands env at load time).

Fastest install

Factory Droid wizard writes command/args/env (stdio), not type http — use HTTP manually only if you accept github: paths for repo tools.

Guided install (matches published CLI)

Runs the same code as mcp-proxy/src/commands/setup.ts — OAuth in browser, creates a CLI key, writes your editor config, verifies tools.

npx -y zephex setup --droid

Already have a key?

Skip browser OAuth — paste a key from zephex.dev/dashboard/keys. Must start with mcp_prod_, mcp_dev_, or mcp_sk_.

npx -y zephex setup --droid --api-key mcp_prod_your-key-here

What setup writes (stdio)

No type:http — command/args/env only: Transport: stdio (see ~/.factory/mcp.json or <project>/.factory/mcp.json).

{  "mcpServers": {    "zephex": {      "command": "npx",      "args": ["-y", "zephex"],      "env": {        "ZEPHEX_API_KEY": "mcp_sk_your_key_here"      }    }  }}

After CLI install, fully restart the app if tools do not appear. Manual JSON/TOML blocks below are equivalent — use them when CLI commands are unavailable.

Hosted HTTP vs npx stdio

Recommended: npx -y zephex setup --droid — Factory Droid wizard writes command/args/env (stdio), not type http — use HTTP manually only if you accept github: paths for repo tools.
Config path: ~/.factory/mcp.json or <project>/.factory/mcp.json
Manual stdio shape: command "npx", args ["-y","zephex"], env ZEPHEX_API_KEY (parent key: mcpServers).
Optional hosted HTTP (https://zephex.dev/mcp + Bearer) only if you do not need automatic workspace file access — pass github: URLs in prompts.
Never keep two zephex entries (stdio + HTTP) in the same config — pick one transport.
Cloud-only tools (check_package, audit_package, audit_headers, keep_thinking, Zephex_dev_info) work on both transports.
Repo tools (get_project_context, read_code, find_code, explain_architecture, scope_task) need either stdio/npx setup or an explicit github:owner/repo or absolute path on HTTP.

Full comparison: HTTP vs stdio · npx zephex reference

How to connect Zephex

Run npx zephex setup --droid (add --project from repo root for .factory/mcp.json).

Run npx -y zephex setup --droid.
droid from repo root; /mcp shows zephex.
Test get_project_context on this project.

Configuration

Replace mcp_sk_your_key_here with your key from Dashboard → API Keys. Copy the full key once at creation — paste into Authorization: Bearer … for HTTP configs, or into ZEPHEX_API_KEY for stdio/npx configs.

stdio (what setup writes)

No type:http — command/args/env per writeDroidConfig.

{  "mcpServers": {    "zephex": {      "command": "npx",      "args": ["-y", "zephex"],      "env": {        "ZEPHEX_API_KEY": "mcp_sk_your_key_here"      }    }  }}

Optional: HTTP (user config)

Best for API keys: ~/.factory/mcp.json is not committed to git. Matches Factory docs for type http + url + headers.

{  "mcpServers": {    "zephex": {      "type": "http",      "url": "https://zephex.dev/mcp",      "headers": {        "Authorization": "Bearer mcp_sk_your_key_here"      },      "disabled": false    }  }}

Project config with env expansion (team-safe)

Commit this to the repo without secrets. Export ZEPHEX_API_KEY=mcp_sk_... in your shell before droid starts.

{  "mcpServers": {    "zephex": {      "type": "http",      "url": "https://zephex.dev/mcp",      "headers": {        "Authorization": "Bearer ${ZEPHEX_API_KEY}"      },      "disabled": false    }  }}

Tip

Type /mcp inside droid to enable/disable servers, view tools, and clear OAuth (not needed for Zephex Bearer auth).

Note

Factory layers user, folder, and project mcp.json — user wins over project for the same server name. Project-defined servers cannot be removed via CLI; edit the file directly.

Check that it works

After saving your config, confirm Zephex is connected before you rely on it in real work.

Inside droid run /mcp — zephex listed, not disabled.
Tool list shows Zephex tools (up to 10).
Prompt: “Use check_package on express”.
With repo open at root: “Use get_project_context on this project” or github:org/repo.
If disabled in UI, re-enable or set disabled: false in JSON.

Example ways to use the tools

You do not call tools yourself — ask your agent in plain language. Try these once Zephex is connected:

“Droid: audit_package comparing our pinned eslint-config version to latest stable.”

Breaking-change summary before Factory refactors lint rules across repos.

“get_project_context on this .factory/mcp.json project root.”

Stack snapshot aligns Droid with your actual package manifests.

“find_code usages of deprecated API keys in src/lib/billing.”

Search narrows a refactor blast radius.

“scope_task: add webhook signature verification to inbound routes.”

Risk-rated file list for autonomous Droid edits.

“check_package on a private-scope npm name we might vendor.”

Typosquat and maintainer signals pre-install.

“Zephex_dev_info for Stripe webhook idempotency in Node — then read_code our handler.”

Pattern guidance plus precise code slice.

Which tools need your project path?

You do not pick tools from a menu — ask your agent in normal sentences. Half of the tools only need a package name or URL; the other half need to know which codebase you mean (your Mac/Windows project folder or a GitHub repo).

Need a repo or folder path

get_project_context — full stack snapshot for one repo
read_code — read functions/classes by symbol name
find_code — search definitions and usages
explain_architecture — Mermaid diagrams for the repo
scope_task — minimal file list for a task you describe

Work without a local project

check_package — npm/PyPI/Cargo/Go registry safety (no repo path)
audit_package — CVEs and breaking changes between versions
audit_headers — security grade for any HTTPS URL you own or may test
keep_thinking — structured debugging notes across steps
Zephex_dev_info — vetted patterns (auth, DB, deploy, etc.)

How to tell the agent where the code lives

GitHub (no clone required): say github:owner/repo — example: github:vercel/next.js
Local folder: give the absolute path to the project root (the folder that contains package.json, pyproject.toml, or go.mod).
If your editor already has the repo open, try “use get_project_context on this workspace” first; if the tool returns empty, repeat with the full path or github: URL in the same chat.
For read_code / find_code, name the symbol or search term in the same message as the path (e.g. “find_code AuthService in github:myorg/api”).

macOS and Windows paths

macOS example path: /Users/yourname/Developer/my-app
Windows example path: C:\Users\yourname\projects\my-app
Replace yourname with your Mac or Windows login — the agent cannot guess your home directory.
Cloud-only tools (check_package, audit_headers) never need your username or project folder.

When Zephex will not connect

These situations usually mean the setup cannot work until you fix the underlying issue:

No internet or a firewall blocks outbound HTTPS to zephex.dev (port 443).
API key never created, revoked, or pasted incorrectly (missing Bearer , extra quotes, or truncated copy).
Wrong MCP URL — must be exactly https://zephex.dev/mcp (not /docs, not /api, no wrong host).
Mixed stdio + HTTP — two zephex entries (npx and url) confuse many clients; keep one transport.
Corporate proxy strips Authorization headers or chunked transfer encoding.
Monthly request limit reached on the Free plan (555 requests/month) — tools stop until next cycle, share for bonus requests, or upgrade.
Editing the wrong config file — global vs project-level paths differ by editor and OS.
App not fully quit after save — MCP often loads only on a cold start (especially IDEs).
Tools connect but return “no project” — not a connection failure; add github:owner/repo or an absolute path (see tool usage section).
Node.js or npx not on PATH when the desktop app launches (common on macOS Dock launches).
Invalid JSON in the config file (comments, trailing commas, or wrong wrapper key).
ZEPHEX_API_KEY missing, still set to the placeholder, or pasted in the wrong field (stdio uses env, not Bearer headers).
You edited Claude Code’s config but opened Claude Desktop (different files).
App was not fully quit after saving the config — MCP only reloads on a cold start.
npx works in Terminal but not inside the app — use absolute paths to node/npx in the command block if needed.
First npx -y zephex run can take 30–60s — increase startup_timeout_sec where the editor supports it.
Still have an HTTP url block while testing stdio — remove the duplicate zephex server.
API key committed in project .factory/mcp.json — rotate key; move to ~/.factory/mcp.json.
type stdio with npx still in file — remove command/args when using http url.
Started droid from a subfolder while .factory/mcp.json is at repo root — cd to root first.
Enterprise mcpPolicy allowlist blocks zephex.dev — ask admin to allow host zephex.dev.
disabled: true or toggled off in /mcp UI.

If something goes wrong

zephex does not appear in /mcp

Confirm .factory/mcp.json at project root (case-sensitive on Linux). Use type http + url. Check user ~/.factory for overrides.

401 / unauthorized

Bearer + full key in headers, or export ZEPHEX_API_KEY when using ${ZEPHEX_API_KEY} in JSON.

Connection fails immediately

URL must be https://zephex.dev/mcp. Not serverUrl (that is Windsurf) — Factory uses url.

npx not found (stdio leftover)

Remove stdio block — this guide is HTTP-only to the hosted endpoint.

Tools empty for code but packages work

Pass github:owner/repo or absolute path — Droid does not auto-detect monorepo subpackages.

Cannot remove server via CLI

Project-level entries: edit .factory/mcp.json or droid mcp remove only works for user-added servers.

Still stuck? Quickstart · MCP troubleshooting

Tools included with Zephex

Factory Droid shares one hosted toolset across user and project mcp.json:

get_project_context
Reads your project structure, dependencies, scripts, env vars, and framework markers in one call. Replaces manually opening package.json, tsconfig, and multiple config files at the start of every session.
read_code
AST-based code extraction: pass a symbol name and get the implementation without reading entire files. Supports symbol lookup, batched file reads, and structural outlines for large files.
find_code
Ranked search across the repo for definitions, usages, and patterns. Faster than blind grep when the agent does not know where a symbol lives.
check_package
Live registry lookup for npm, PyPI, Cargo, and Go modules. Surfaces typosquat risk, maintainer changes, and suspicious version jumps before you run install.
audit_package
Deep package intelligence: CVEs with severity, breaking changes between versions, migration notes, and peer-dependency conflicts.
explain_architecture
Generates Mermaid diagrams for auth flows, service boundaries, and module dependencies so the agent reasons about structure instead of guessing.
scope_task
Turns a task description into the smallest file set to read or edit, with risk ratings and caller impact notes.
audit_headers
Grades a deployed URL for CSP, HSTS, TLS, cookies, and redirects. Returns fix snippets for common hosts (Vercel, Cloudflare, Nginx).
keep_thinking
Structured multi-step debugging: tracks hypotheses and conclusions so long investigations do not loop.
Zephex_dev_info
Expert patterns for authentication, databases, frontend frameworks, deployment, and mobile stacks when the agent needs vetted guidance.

Was this page helpful?

Factory AI (Droid) MCP Server

Before you start

Get and paste your API key

Fastest install

Guided install (matches published CLI)

Already have a key?

What setup writes (stdio)

Hosted HTTP vs npx stdio

How to connect Zephex

Configuration

stdio (what setup writes)

Optional: HTTP (user config)

Project config with env expansion (team-safe)

Check that it works

Example ways to use the tools

Which tools need your project path?

Need a repo or folder path

Work without a local project

How to tell the agent where the code lives

macOS and Windows paths

When Zephex will not connect

If something goes wrong

Tools included with Zephex

Related

Quick Links

API Reference

Troubleshooting

Community

Plugins

Pricing

Factory AI (Droid) MCP Server

Before you start

Get and paste your API key

Fastest install

Guided install (matches published CLI)

Already have a key?

What setup writes (stdio)

Hosted HTTP vs npx stdio

How to connect Zephex

Configuration

stdio (what setup writes)

Optional: HTTP (user config)

Project config with env expansion (team-safe)

Check that it works

Example ways to use the tools

Which tools need your project path?

Need a repo or folder path

Work without a local project

How to tell the agent where the code lives

macOS and Windows paths

When Zephex will not connect

If something goes wrong

Tools included with Zephex

Related