zephex
CLIGet StartedPricingMCP ToolsCommunityGuidesDocs
←BackSign in
CLIGet StartedPricingMCP ToolsCommunityGuidesDocs
Get started freeSign in
DocsAPIToolsEditorsChangelogHelp

GET STARTED

WelcomeQuickstartSetup videoMCP Q&A (learn)BlogWhat is MCP?Who is Zephex for?Plans & PricingZ-GASAB benchmarkBenchmark chart (live)Changelog

INSTALLATION

Web Terminal tools (plain English)Terminal tools (complete)Connect MCPVS Code Marketplace extensionCLI (no AI agent)CLI init (first run)CLI account & logoutNPX (Recommended)Test Pulse (check test)Test Pulse commandsProject MemorySupply Pulse (supply)Supply Pulse commandsTerminal CLI referenceSlash commands (37 palette)Web Terminal (dashboard)Command CompassCLI commandsCLI in DockerCLI: All editors (one command)CLI: Crush, Hermes, ChatGPT, KiloOAuth & HTTP setupInstall overviewHTTP APISetup WalkthroughHTTP vs stdio

API & KEYS

API Key ManagementKey Naming & FormatAuthenticationKey Dashboard

CONFIGURATION

Universal RequirementsSupported EditorsHow It WorksArchitectureCLAUDE.md TemplateAGENTS.md Template

EDITORS28 guides

Supported EditorsVS CodeVS Code extension (Marketplace)Claude CodeCursorWindsurfJetBrains

PLATFORM

macOSWindowsLinux

TOOLS10 tools

Capabilities OverviewTools OverviewTool FilteringTool Workflowsget_project_contextread_codefind_codecheck_packageexplain_architectureZephex_dev_infocheck_testaudit_headerskeep_thinkingproject_memory

GUIDES

Best PracticesToken EfficiencyUse CasesZephex vs Local MCPZephex vs Context7Zephex vs GitHub MCPZephex vs SmitheryMCP EcosystemMarkdown Access

SUPPORT

Help CenterMCP troubleshootingTeam rolloutFAQConnection IssuesRate LimitsDowntime & ErrorsBillingTier GuidePro & Max guideUsage LimitsUsage Analytics

LEGAL

System StatusTerms (summary)Privacy (summary)Data UseSecurityAuthenticationSecurityData HandlingPrivacy PolicyTerms of Service

Quick Links

API Reference

Complete API documentation

Troubleshooting

Common issues and solutions

Community

Join our Discord community

Plugins

Editor and CLI integrations

Pricing

Free, Pro, and Max plans

Enter
Zephex_devzephex-devzephexzephexhello@zephex.dev
© 2026 Zephex. All systems operational.

Editor setup

Grok MCP Server

Grok does not have a self-serve Featured catalog listing (GitHub, Notion, etc. are partner-only). Any Grok user can add Zephex via Bring Your Own MCP at grok.com/connectors → New Connector → Custom. OAuth links your Zephex account — you do not paste an API key into Grok.

Official Grok MCP documentation: xAI Grok connectors docs

MCP endpointhttps://zephex.dev/mcp
AuthenticationOAuth (browser sign-in to Zephex — PKCE, no client secret)
Config filegrok.com/connectors → New Connector → Custom

Why Zephex

Without MCP, your agent guesses project layout and misses supply-chain risk. Zephex connects one hosted endpoint so every session gets the same ten tools — no per-machine npm installs, no version drift across the team.

Before you start

  • Grok account with access to grok.com/connectors.
  • Browser pop-ups allowed for zephex.dev during OAuth.
  • Server URL is the MCP endpoint (https://zephex.dev/mcp) — not the authorize URL.

Setup policy for Grok

Matches the published CLI (mcp-proxy/src/commands/setup.ts). One command signs you in, writes the correct transport, and verifies 10 tools.

Recommended commandnpx -y zephex setup
Project-scopednpx -y zephex setup --project
Transportstdio (npx -y zephex + ZEPHEX_API_KEY)

Global vs project config

  • Global setup is the default — run setup without --project so Zephex works in every folder you open.
  • Global setup also removes stale project-level Zephex entries that shadow your user config.
  • Add --project only when you intentionally want workspace-scoped config (e.g. .cursor/mcp.json in one repo).

After setup

  • Run setup to match the published CLI.
  • Fully quit the editor after setup — reload window alone is often not enough.
  • Start a new agent/chat session so MCP tools register.

Account teardown: logout vs disconnect · Connect MCP walkthrough

Find where setup wrote your config

Search docs for “where is my MCP file” — the answer is always: run list first, then open the path it prints.

  1. Run npx -y zephex@latest list — canonical path list for grok.
  2. See Configuration section on this page.
  3. macOS uses ~/ and ~/.config; Windows uses %USERPROFILE% and %APPDATA%; Linux uses ~/.config.

Documented paths: Run npx -y zephex@latest list

Hosted HTTP vs npx stdio

  • Run npx -y zephex setup when unsure — it matches this repo’s published CLI (see mcp-proxy/src/commands/setup.ts).
  • Hosted endpoint: https://zephex.dev/mcp
  • Never keep two zephex entries (stdio + HTTP) in the same config — pick one transport.
  • Cloud-only tools (check_package, project_memory, audit_headers, keep_thinking, Zephex_dev_info) work on both transports.
  • Repo tools (get_project_context, read_code, find_code, explain_architecture, check_test) need either stdio/npx setup or an explicit github:owner/repo or absolute path on HTTP.

Full comparison: HTTP vs stdio · npx zephex reference

How to connect Zephex

Grok uses a two-screen Custom Connector flow. Screen 1 is the server URL; Screen 2 appears only if Grok asks for OAuth credentials.

  1. Open https://grok.com/connectors.
  2. Click New Connector → Custom.
  3. Screen 1 — Name: Zephex. Server URL: https://zephex.dev/mcp (no trailing slash, not /oauth/authorize).
  4. If Grok shows OAuth Credentials Required (Screen 2), paste the values in the configuration block below — leave Client Secret blank.
  5. Complete OAuth when prompted — you land on zephex.dev/cli/auth with Grok-branded copy, sign in, then return to Grok.
  6. Confirm Zephex appears under Installed connectors (Custom, not Featured).
  7. In Grok chat, ask the agent to use a Zephex tool — e.g. audit_headers on https://example.com.
  8. For repo tools, include github:owner/repo in the same message — Grok does not auto-detect your local filesystem.

Configuration

Common mistake: putting https://zephex.dev/oauth/authorize in Server URL. Grok needs https://zephex.dev/mcp — OAuth discovery handles authorize/token endpoints.

Screen 1 — Server URL

Paste this into the Custom connector Server URL field. This is the MCP endpoint Grok calls after OAuth.

text
https://zephex.dev/mcp

Screen 2 — OAuth credentials (if prompted)

Optional second screen. Use the shared public PKCE client — same pattern as other hosted MCP vendors.

text
Client ID: 2JrCMEKyOdY1YDZxInqTamSGNSCX9DaSClient Secret: (leave blank)Authorization Endpoint: https://zephex.dev/oauth/authorizeToken Endpoint: https://zephex.dev/oauth/tokenScopes: openid profile email offline_accessToken Auth Method: none (PKCE)

Tip

Featured connectors (GitHub, Notion, Linear) require an x.ai partnership — Custom MCP works for all Grok users today.

Note

Last verified: July 2026 — Custom MCP at grok.com/connectors is the supported path. Featured catalog is partner-only (x.ai/contact-sales).

Verify, repair, disconnect (CLI)

Run these in a terminal when the editor UI is unclear — catches stale npm, wrong transport, and project shadows.

shell
npx -y zephex@latest listnpx -y zephex@latest doctornpx -y zephex@latest repair# Fully quit the editor (Cmd+Q / Alt+F4), reopen, start a new agent session

Repair policy

  • npx -y zephex@latest repair pins stdio to zephex@latest, fixes OpenCode command-array shape, and adds PATH hints for GUI-launched apps.
  • repair migrates legacy HTTP → stdio for filesystem editors — not for Cursor, Claude Code global HTTP, or Crush.

Disconnect & skills

  • disconnect --<editor> removes Zephex from config files the CLI knows about and revokes the API key found in those files.
  • There is no disconnect --project flag — disconnect checks both global and project paths (project paths use your current terminal cwd).
  • Terminal-only sign-out: mcpcli logout (editors unchanged). Full teardown: mcpcli logout --all.
  • mcpcli disconnect --all
  • Fresh OAuth: mcpcli reconnect --cursor
  • Add agent guidance: mcpcli setup <editor> --with-skill or mcpcli skills --<editor>.
  • Remove skills from one editor: mcpcli reset <editor> (disconnect + skill files).
  • Remove all skill copies: mcpcli skills --remove.

Check that it works

After saving your config, confirm Zephex is connected before you rely on it in real work.

  1. grok.com/connectors lists Zephex under Custom / Installed without an error.
  2. OAuth completes and zephex.dev/cli/auth shows Grok branding (editor=grok-connector).
  3. Ask: audit_headers on https://example.com — should return a security grade.
  4. Ask: check_package on express — registry intel without a local path.
  5. get_project_context on github:vercel/next.js returns stack info.

Common searches

Questions people ask when Grok does not show Zephex tools — indexed for docs search.

How do I connect Zephex to grok?

Fastest: npx -y zephex setup (browser sign-in, writes config, verifies 10 tools). Or paste manual config on this page, save, fully quit the app, reopen.

Where did setup save my grok MCP config?

Run npx -y zephex@latest list — it prints every config path on this machine that references Zephex.

grok works in terminal but not in the editor

GUI apps often lack nvm/fnm PATH. Run npx -y zephex@latest repair, ensure Node is on system PATH, fully quit the editor.

How do I disconnect Zephex from grok?

mcpcli disconnect --all or remove the zephex block manually from your config file.

Example ways to use the tools

You do not call tools yourself — ask your agent in plain language. Try these once Zephex is connected:

“Use audit_headers on https://example.com and summarize the security grade.”

URL-only tool works in Grok chat without a local project path.

“Use check_package on express before I add it to package.json.”

Registry safety intel from Grok without cloning a repo.

“Use get_project_context on github:vercel/next.js — high-level stack only.”

GitHub URL is the right path when Grok cannot see your laptop folders.

Which tools need your project path?

Grok Custom connector cannot see your disk by default. Use github:owner/repo for public code; paste paths for private work.

Need a repo or folder path

  • get_project_context — full stack snapshot for one repo
  • read_code — read functions/classes by symbol name
  • find_code — search definitions and usages
  • explain_architecture — Mermaid diagrams for the repo
  • check_test — minimal file list for a task you describe

Work without a local project

  • check_package — npm/PyPI/Cargo/Go registry safety (no repo path)
  • project_memory — Cross-session project memory: remember decisions, gotchas, goals, conventions across sessions via local SQLite (stdio only).
  • audit_headers — security grade for any HTTPS URL you own or may test
  • keep_thinking — structured debugging notes across steps
  • Zephex_dev_info — vetted patterns (auth, DB, deploy, etc.)

How to tell the agent where the code lives

  • GitHub (no clone required): say github:owner/repo — example: github:vercel/next.js
  • Local folder: give the absolute path to the project root (the folder that contains package.json, pyproject.toml, or go.mod).
  • If your editor already has the repo open, try “use get_project_context on this workspace” first; if the tool returns empty, repeat with the full path or github: URL in the same chat.
  • For read_code / find_code, name the symbol or search term in the same message as the path (e.g. “find_code AuthService in github:myorg/api”).

macOS and Windows paths

  • macOS example path: /Users/yourname/Developer/my-app
  • Windows example path: C:\Users\yourname\projects\my-app
  • Replace yourname with your Mac or Windows login — the agent cannot guess your home directory.
  • Cloud-only tools (check_package, audit_headers) never need your username or project folder.

When Zephex will not connect

These situations usually mean the setup cannot work until you fix the underlying issue:

  • Connector shows “connected” but tools never run — tools/list works without OAuth; you must finish sign-in at zephex.dev/cli/auth (Disconnect → reconnect, allow pop-ups).
  • Server URL set to /oauth/authorize instead of /mcp.
  • Trailing slash removed from Grok callback or wrong OAuth redirect (must match grok.com/connectors-oauth-exchange-code/).
  • OAuth blocked by pop-up blocker or corporate SSO.
  • Expecting Zephex in Featured catalog — use Custom connector instead.
  • Agent answers without calling tools — say explicitly “use the Zephex MCP tool audit_headers”.
  • Error says “0 requests” on free tier — usually OAuth incomplete or a transient usage-service error; reconnect OAuth; your dashboard usage may still show hundreds remaining.

If something goes wrong

Missing connector session on zephex.dev/cli/auth

Do not open cli/auth manually. Disconnect in grok.com/connectors → Connect again so Grok opens /oauth/authorize first (URL must include ?session=). Allow pop-ups; finish sign-in within 10 minutes.

invalid_redirect_uri or register fails

Deploy must include Grok callback in HOSTED_MCP_CALLBACKS. Run npm run verify:mcp-connectors from mcp-proxy — expect ✓ Grok authorize → cli/auth?editor=grok-connector.

OAuth screen confusion (two screens)

Screen 1 = MCP URL only. Screen 2 = optional static OAuth fields — use values in the docs block above.

Tools return no project / empty context

Include github:owner/repo in the prompt — Grok has no automatic workspace root.

Looking for API key field

Grok Custom connector uses OAuth for Zephex — create API keys only for other editors at Dashboard → API Keys.

Still stuck? Quickstart · MCP troubleshooting

Tools included with Zephex

Enable the Zephex Custom connector in Grok chat — xAI invokes these ten MCP tools server-side:

  • get_project_context

    Reads your project structure, dependencies, scripts, env vars, and framework markers in one call. Replaces manually opening package.json, tsconfig, and multiple config files at the start of every session.

  • read_code

    AST-based code extraction: pass a symbol name and get the implementation without reading entire files. Supports symbol lookup, batched file reads, and structural outlines for large files.

  • find_code

    Ranked search across the repo for definitions, usages, and patterns. Faster than blind grep when the agent does not know where a symbol lives.

  • check_package

    Live registry lookup for npm, PyPI, Cargo, and Go modules. Surfaces typosquat risk, maintainer changes, and suspicious version jumps before you run install.

  • explain_architecture

    Generates Mermaid diagrams for auth flows, service boundaries, and module dependencies so the agent reasons about structure instead of guessing.

  • check_test

    Turns a task description into the smallest file set to read or edit, with risk ratings and caller impact notes.

  • audit_headers

    Grades a deployed URL for CSP, HSTS, TLS, cookies, and redirects. Returns fix snippets for common hosts (Vercel, Cloudflare, Nginx).

  • keep_thinking

    Structured multi-step debugging: tracks hypotheses and conclusions so long investigations do not loop.

  • Zephex_dev_info

    Expert patterns for authentication, databases, frontend frameworks, deployment, and mobile stacks when the agent needs vetted guidance.

  • project_memory

    Persists decisions, gotchas, and conventions per project in ~/.zephex/memory (SQLite FTS5). recall before unfamiliar areas; remember after discoveries. Local stdio only on npx zephex.

Related

  • OAuth MCP setup guide
  • ChatGPT connector setup
  • Perplexity Custom Remote connector
  • audit_headers reference
  • check_package reference
  • Quickstart — create your first API key
  • HTTP vs stdio — which to use
  • npx zephex setup commands
  • MCP troubleshooting
  • All supported editors
  • All 10 MCP tools
  • Install wizard
  • Pricing and limits