Core documentation content is fully readable without JavaScript. The table of contents, assistant, and some copy buttons enhance the experience but are not required.

Kiro CLI MCP Server

npx -y zephex setup --kiro writes stdio to ~/.kiro/settings/mcp.json (writeKiroConfig in setup.ts). type http is optional.

Official Kiro CLI MCP documentation: Kiro CLI MCP docs

MCP endpointhttps://zephex.dev/mcp

AuthenticationZEPHEX_API_KEY (stdio) or Bearer (HTTP)

Config file~/.kiro/settings/mcp.json or .kiro/settings/mcp.json (project root)

Before you start

Kiro CLI installed.
Node.js 18+.
Zephex API key (setup creates one).

Get and paste your API key

HTTP and stdio setups both need a key from your Zephex dashboard. OAuth-only flows (ChatGPT, Claude.ai web) sign you in in the browser instead — skip this section for those.

Sign in at zephex.dev → Dashboard → API Keys (or /dashboard/api-keys).
Click Create API key, give it a name you will recognize (e.g. "Kilo — work laptop"), then create.
Copy the key as soon as it appears — Zephex only shows the full secret once. It starts with mcp_sk_ or a newer mcp_prod_… format.
Paste into your config: either only the key in an env field (ZEPHEX_API_KEY), or the full HTTP header value Authorization: Bearer YOUR_KEY — match what your editor’s form asks for.
Do not wrap the key in extra quotes inside JSON unless the file already quotes other string values.
Never commit API keys to git. Revoke and create a new key in the dashboard if one leaks.

Fastest install

Kiro hot-reloads stdio config — matches working Kiro setups in the wild.

Guided install (matches published CLI)

Runs the same code as mcp-proxy/src/commands/setup.ts — OAuth in browser, creates a CLI key, writes your editor config, verifies tools.

npx -y zephex setup --kiro

Already have a key?

Skip browser OAuth — paste a key from zephex.dev/dashboard/keys. Must start with mcp_prod_, mcp_dev_, or mcp_sk_.

npx -y zephex setup --kiro --api-key mcp_prod_your-key-here

What setup writes (stdio)

mcpServers command/args/env: Transport: stdio (see ~/.kiro/settings/mcp.json or <project>/.kiro/settings/mcp.json).

{  "mcpServers": {    "zephex": {      "command": "npx",      "args": ["-y", "zephex"],      "env": {        "ZEPHEX_API_KEY": "mcp_sk_your_key_here"      }    }  }}

After CLI install, fully restart the app if tools do not appear. Manual JSON/TOML blocks below are equivalent — use them when CLI commands are unavailable.

Hosted HTTP vs npx stdio

Recommended: npx -y zephex setup --kiro — Kiro hot-reloads stdio config — matches working Kiro setups in the wild.
Config path: ~/.kiro/settings/mcp.json or <project>/.kiro/settings/mcp.json
Manual stdio shape: command "npx", args ["-y","zephex"], env ZEPHEX_API_KEY (parent key: mcpServers).
Optional hosted HTTP (https://zephex.dev/mcp + Bearer) only if you do not need automatic workspace file access — pass github: URLs in prompts.
Never keep two zephex entries (stdio + HTTP) in the same config — pick one transport.
Cloud-only tools (check_package, audit_package, audit_headers, keep_thinking, Zephex_dev_info) work on both transports.
Repo tools (get_project_context, read_code, find_code, explain_architecture, scope_task) need either stdio/npx setup or an explicit github:owner/repo or absolute path on HTTP.

Full comparison: HTTP vs stdio · npx zephex reference

How to connect Zephex

kiro-cli mcp add with --type http or edit ~/.kiro/settings/mcp.json — then run /mcp inside a session to confirm zephex loaded.

Run npx -y zephex setup --kiro.
Restart Kiro CLI session.
Confirm zephex tools; test get_project_context.

Configuration

Replace mcp_sk_your_key_here with your key from Dashboard → API Keys. Copy the full key once at creation — paste into Authorization: Bearer … for HTTP configs, or into ZEPHEX_API_KEY for stdio/npx configs.

stdio (what setup writes)

command/args/env — recommended.

{  "mcpServers": {    "zephex": {      "command": "npx",      "args": ["-y", "zephex"],      "env": {        "ZEPHEX_API_KEY": "mcp_sk_your_key_here"      }    }  }}

Optional: type http

Hosted URL only if you use github: paths for repo tools.

{  "mcpServers": {    "zephex": {      "type": "http",      "url": "https://zephex.dev/mcp",      "headers": {        "Authorization": "Bearer mcp_sk_your_key_here"      },      "disabled": false    }  }}

Tip

Project .kiro/settings/mcp.json wins over ~/.kiro when both define zephex.

Note

Kiro IDE uses the same ~/.kiro/settings/mcp.json path — different app, same file shape.

Check that it works

After saving your config, confirm Zephex is connected before you rely on it in real work.

/mcp output includes zephex server.
Interactive session: check_package on requests.
Project .kiro/settings/mcp.json overrides user file when both exist.

Example ways to use the tools

You do not call tools yourself — ask your agent in plain language. Try these once Zephex is connected:

“kiro-cli chat: get_project_context on ~/.kiro/settings/mcp.json project or global cwd.”

HTTP mcp.json loads zephex for /mcp slash command visibility.

“read_code the main agent loop in our CLI package.”

Symbol read for CLI maintainers.

“check_package on uv/typer-related deps before kiro-cli mcp add workflow.”

Python CLI ecosystem safety.

“scope_task: add --json output flag to three subcommands.”

Scoped cmd/ tree changes.

“find_code error types returned from MCP client wrapper.”

Debug connection issues faster.

“Zephex_dev_info for MCP OAuth vs API keys — which fits our CLI?”

Integration design without guessing MCP spec details.

Which tools need your project path?

Run /mcp in an interactive kiro-cli session to confirm zephex loaded. Project .kiro/settings/mcp.json overrides user ~/.kiro/settings/mcp.json.

Need a repo or folder path

get_project_context — full stack snapshot for one repo
read_code — read functions/classes by symbol name
find_code — search definitions and usages
explain_architecture — Mermaid diagrams for the repo
scope_task — minimal file list for a task you describe

Work without a local project

check_package — npm/PyPI/Cargo/Go registry safety (no repo path)
audit_package — CVEs and breaking changes between versions
audit_headers — security grade for any HTTPS URL you own or may test
keep_thinking — structured debugging notes across steps
Zephex_dev_info — vetted patterns (auth, DB, deploy, etc.)

How to tell the agent where the code lives

GitHub (no clone required): say github:owner/repo — example: github:vercel/next.js
Local folder: give the absolute path to the project root (the folder that contains package.json, pyproject.toml, or go.mod).
If your editor already has the repo open, try “use get_project_context on this workspace” first; if the tool returns empty, repeat with the full path or github: URL in the same chat.
For read_code / find_code, name the symbol or search term in the same message as the path (e.g. “find_code AuthService in github:myorg/api”).

macOS and Windows paths

macOS example path: /Users/yourname/Developer/my-app
Windows example path: C:\Users\yourname\projects\my-app
Replace yourname with your Mac or Windows login — the agent cannot guess your home directory.
Cloud-only tools (check_package, audit_headers) never need your username or project folder.

When Zephex will not connect

These situations usually mean the setup cannot work until you fix the underlying issue:

No internet or a firewall blocks outbound HTTPS to zephex.dev (port 443).
API key never created, revoked, or pasted incorrectly (missing Bearer , extra quotes, or truncated copy).
Wrong MCP URL — must be exactly https://zephex.dev/mcp (not /docs, not /api, no wrong host).
Mixed stdio + HTTP — two zephex entries (npx and url) confuse many clients; keep one transport.
Corporate proxy strips Authorization headers or chunked transfer encoding.
Monthly request limit reached on the Free plan (555 requests/month) — tools stop until next cycle, share for bonus requests, or upgrade.
Editing the wrong config file — global vs project-level paths differ by editor and OS.
App not fully quit after save — MCP often loads only on a cold start (especially IDEs).
Tools connect but return “no project” — not a connection failure; add github:owner/repo or an absolute path (see tool usage section).
Node.js or npx not on PATH when the desktop app launches (common on macOS Dock launches).
Invalid JSON in the config file (comments, trailing commas, or wrong wrapper key).
ZEPHEX_API_KEY missing, still set to the placeholder, or pasted in the wrong field (stdio uses env, not Bearer headers).
You edited Claude Code’s config but opened Claude Desktop (different files).
App was not fully quit after saving the config — MCP only reloads on a cold start.
npx works in Terminal but not inside the app — use absolute paths to node/npx in the command block if needed.
First npx -y zephex run can take 30–60s — increase startup_timeout_sec where the editor supports it.
Still have an HTTP url block while testing stdio — remove the duplicate zephex server.

If something goes wrong

Server not loaded

Valid ~/.kiro/settings/mcp.json JSON.

0 tools

type http + url + headers.

mcp add error

Match kiro-cli version flags from kiro.dev docs.

OAuth prompt

Zephex uses Bearer only — not OAuth.

Tools excluded

See Kiro validation rules for tool name length.

Still stuck? Quickstart · MCP troubleshooting

Tools included with Zephex

kiro-cli mcp.json type http — ten tools; verify with /mcp:

get_project_context
Reads your project structure, dependencies, scripts, env vars, and framework markers in one call. Replaces manually opening package.json, tsconfig, and multiple config files at the start of every session.
read_code
AST-based code extraction: pass a symbol name and get the implementation without reading entire files. Supports symbol lookup, batched file reads, and structural outlines for large files.
find_code
Ranked search across the repo for definitions, usages, and patterns. Faster than blind grep when the agent does not know where a symbol lives.
check_package
Live registry lookup for npm, PyPI, Cargo, and Go modules. Surfaces typosquat risk, maintainer changes, and suspicious version jumps before you run install.
audit_package
Deep package intelligence: CVEs with severity, breaking changes between versions, migration notes, and peer-dependency conflicts.
explain_architecture
Generates Mermaid diagrams for auth flows, service boundaries, and module dependencies so the agent reasons about structure instead of guessing.
scope_task
Turns a task description into the smallest file set to read or edit, with risk ratings and caller impact notes.
audit_headers
Grades a deployed URL for CSP, HSTS, TLS, cookies, and redirects. Returns fix snippets for common hosts (Vercel, Cloudflare, Nginx).
keep_thinking
Structured multi-step debugging: tracks hypotheses and conclusions so long investigations do not loop.
Zephex_dev_info
Expert patterns for authentication, databases, frontend frameworks, deployment, and mobile stacks when the agent needs vetted guidance.

Was this page helpful?

Kiro CLI MCP Server

Before you start

Get and paste your API key

Fastest install

Guided install (matches published CLI)

Already have a key?

What setup writes (stdio)

Hosted HTTP vs npx stdio

How to connect Zephex

Configuration

stdio (what setup writes)

Optional: type http

Check that it works

Example ways to use the tools

Which tools need your project path?

Need a repo or folder path

Work without a local project

How to tell the agent where the code lives

macOS and Windows paths

When Zephex will not connect

If something goes wrong

Tools included with Zephex

Related

Quick Links

API Reference

Troubleshooting

Community

Plugins

Pricing

Kiro CLI MCP Server

Before you start

Get and paste your API key

Fastest install

Guided install (matches published CLI)

Already have a key?

What setup writes (stdio)

Hosted HTTP vs npx stdio

How to connect Zephex

Configuration

stdio (what setup writes)

Optional: type http

Check that it works

Example ways to use the tools

Which tools need your project path?

Need a repo or folder path

Work without a local project

How to tell the agent where the code lives

macOS and Windows paths

When Zephex will not connect

If something goes wrong

Tools included with Zephex

Related