Zephex

What is Zephex?

Zephex is a hosted MCP gateway for AI coding editors. Instead of running a local MCP server yourself, Zephex gives you one managed endpoint at https://zephex.dev/mcp — already deployed, always online, and ready to connect in under 2 minutes.

It ships with 10 built-in developer tools covering the full AI coding workflow: understanding a codebase, reading and searching code, checking packages for vulnerabilities, scoping tasks before writing code, and auditing security headers on live endpoints.

Works with Cursor, Claude Code, VS Code, Windsurf, JetBrains, Kiro, Goose, Warp, Codex CLI, Gemini CLI, and more.

How to use Zephex?

1. Sign up at zephex.dev and get your free API key (format: mcp_sk_xxx)
2. Add this to your editor's MCP config:

{
  "mcpServers": {
    "zephex": {
      "url": "https://zephex.dev/mcp",
      "headers": {
        "Authorization": "Bearer YOUR_ZEPHEX_API_KEY"
      }
    }
  }
}

3. Your AI agent now has access to all 10 Zephex tools automatically.

Full setup guides for every editor at zephex.dev/docs.

Key Features

• One endpoint, every editor — single API key works across Cursor, Claude Code, VS Code, Windsurf, JetBrains, and 15+ more editors
• No local runtime — nothing to install, nothing to maintain, nothing breaks when Node.js updates
• Live npm intelligence — real-time package data including CVE scans via OSV database, not cached snapshots
• Security-first tools — audit HTTP headers, scan for supply chain risks, check for known vulnerabilities before shipping
• Built for agentic workflows — tools designed so AI agents chain them together: scope a task → read relevant code → verify the fix

The 10 Built-in Tools

get_project_context — Gives the AI a fast, high-signal summary of any codebase. Works from pasted code or a public repo URL. Use it at the start of every session so the agent understands the project before touching anything.

read_code — Extracts functions, classes, and imports using AST analysis. More precise than grep — understands code structure, not just text patterns.

find_code — Searches through code by pattern with exact line numbers and surrounding context. Finds where something is used, defined, or imported across a project.

check_package — Real-time npm package lookup: latest version, weekly downloads, license type, deprecation status. Stops agents from installing outdated or deprecated packages.

audit_package — CVE and breaking change scan for npm packages using the OSV database. Flags known vulnerabilities before they make it into your dependencies.

explain_architecture — Traces request flows, auth patterns, and data flows from code content. Useful when working on an unfamiliar service or planning a refactor.

Zephex_dev_info — Reads any public URL and returns the content in a model-friendly format. Useful for pulling in documentation, API references, or external context mid-session.

scope_task — Returns the minimal set of files the AI needs to read for a specific task, in the correct reading order. Prevents the agent from wasting context on irrelevant files.

audit_headers — Runs a security audit on HTTP and TLS response headers for any live endpoint URL. Checks for missing security headers, misconfigured CORS, and weak TLS settings.

thinking — Lets the AI plan, verify assumptions, and maintain structured notes across multiple tool calls in a session. Keeps long agentic workflows coherent.

Use Cases

• Onboarding to a new codebase — run get_project_context and explain_architecture before writing a single line
• Dependency security review — chain check_package and audit_package to vet every dependency before a release
• Safe refactoring — use scope_task to find only the files that matter, then read_code and find_code to understand the impact
• Pre-deployment security check — run audit_headers on staging before going live
• Agentic coding sessions — scope_task → read_code → write code → audit_package → ship

Pricing

Free tier available. Pro ($7/mo) and Max ($19/mo) plans for higher usage. Full pricing at zephex.dev/pricing.