Was this page helpful?
Configuration
Zephex is a hosted MCP server. Your editor sends JSON-RPC requests through a thin local client, and the hosted endpoint routes them to the right tool. No local server processes, no infrastructure to manage.
Every tool call follows the same path regardless of which editor you use. The Model Context Protocol (MCP) standardizes the communication so Cursor, Claude Code, VS Code, Windsurf, JetBrains, and every other supported editor sends requests in the same format.
Your Editor (Cursor, Claude Code, VS Code, etc.) │ ▼ JSON-RPC 2.0 request over stdio or HTTP │Zephex CLI (npx zephex) — local thin client │ ▼ HTTPS POST with Bearer token │https://zephex.dev/mcp — hosted endpoint │ ▼ Authenticates API key, checks rate limits │Tool Router — picks the right tool (e.g. read_code, check_package) │ ▼ Executes tool logic against your project files │Response — JSON-RPC result back to your editorEvery request includes your API key as a Bearer token in the Authorization header. The hosted endpoint validates the key, checks your plan limits, and routes the request to the appropriate tool. Keys are stored as SHA-256 hashes — the plain text is never saved on the server.
KEY FORMATS
Zephex API keys use the format mcp_prod_word-number.secret for production or mcp_dev_word-number.secret for development. The environment prefix helps you identify which key belongs where without exposing the secret portion.
When your AI agent decides it needs project context, code search, or package information, it sends a tools/call request with the tool name and parameters. The hosted endpoint executes the tool and returns structured results that the agent uses to inform its next response.
EXAMPLE: AGENT ASKS ABOUT YOUR PROJECT
You ask Cursor: "What framework is this project using?" → Cursor calls get_project_context → Zephex reads your package.json, tsconfig, and config files → Returns framework, dependencies, scripts, and env vars → Cursor answers with accurate information instead of guessing.
Your source code is processed in-memory during tool execution and never stored on disk or in any database. API keys are hashed with SHA-256 before storage. Request logs track tool names and timestamps for usage billing but do not contain file contents or code snippets. The hosted endpoint runs on isolated infrastructure with TLS 1.3 encryption for all connections.
Local MCP servers require you to install, configure, and maintain separate processes for each editor on each machine. A hosted server eliminates that overhead: one endpoint works everywhere, updates happen server-side without touching your config, and your team shares the same tool surface without per-developer setup differences.