Setup in VS Code with Copilot
Before configuring, choose a distribution (Docker or npm) and set up authentication (API key or OAuth 2.0). Then add the matching configuration below.
The configuration can be used at either a project-level or a user-settings-level (across all projects). For project-level configuration, create a .vscode/mcp.json file in your workspace. For a user-settings-level configuration, add an MCP server to your existing user configuration file. For more information, see the VS Code MCP documentation.
Docker
API key
{
"inputs": [
{
"type": "promptString",
"id": "axe-api-key",
"description": "axe MCP Server API Key",
"password": true
}
],
"servers": {
"axe-mcp-server": {
"command": "docker",
"args": [
"run",
"--add-host=host.docker.internal:host-gateway",
"-i",
"--rm",
"-e",
"AXE_SERVER_URL",
"-e",
"AXE_API_KEY",
"dequesystems/axe-mcp-server:latest"
],
"env": {
"AXE_API_KEY": "${input:axe-api-key}"
}
}
}
}The configuration uses "AXE_API_KEY": "${input:axe-api-key}" for secure input handling. This will prompt you for your API key when the server starts for the first time.
Using a regional, private cloud, or on-premises axe instance? Add AXE_SERVER_URL to the env block with your instance's base URL:
"env": {
"AXE_API_KEY": "${input:axe-api-key}",
"AXE_SERVER_URL": "https://your-axe-instance.example.com"
}If omitted, the server defaults to https://axe.deque.com (Deque's shared US SaaS instance). See Configuration Reference for details.
OAuth 2.0
Before configuring, complete Step 1: Authenticate in the Authentication guide.
This uses @deque/axe-auth token to obtain a fresh access token each time the server starts. No inputs block is needed — the token is retrieved from your system keychain automatically.
{
"servers": {
"axe-mcp-server": {
"command": "sh",
"args": [
"-c",
"docker run --add-host=host.docker.internal:host-gateway -i --rm -e \"AXE_ACCESS_TOKEN=$(npx -y @deque/axe-auth token)\" dequesystems/axe-mcp-server:latest"
]
}
}
}Using a regional, private cloud, or on-premises axe instance? Add AXE_SERVER_URL to the Docker command and an env block with your instance's base URL:
"args": [
"-c",
"docker run --add-host=host.docker.internal:host-gateway -i --rm -e AXE_SERVER_URL -e \"AXE_ACCESS_TOKEN=$(npx -y @deque/axe-auth token)\" dequesystems/axe-mcp-server:latest"
],
"env": {
"AXE_SERVER_URL": "https://your-axe-instance.example.com"
}If omitted, the server defaults to https://axe.deque.com (Deque's shared US SaaS instance). See Configuration Reference for details.
This configuration uses sh -c to allow shell substitution. $(npx -y @deque/axe-auth token) runs at server startup and injects a valid access token into the Docker container. The -y flag skips the first-run "Ok to proceed?" prompt that npx would otherwise ask in a non-interactive shell. Do not set AXE_API_KEY alongside AXE_ACCESS_TOKEN.
Windows users: This configuration uses a POSIX shell (sh) and command substitution ($(...)), which is not available in cmd.exe or PowerShell by default. Run your editor from a Git Bash or WSL shell so that sh is on your PATH.
npm
The npm distribution runs on Node.js. Use an active Node.js LTS release — older releases may not be supported.
The npm distribution needs a Chromium browser — either install one via Playwright or point at an existing binary. See Choosing a Distribution.
API key
Create a .vscode/mcp.json file in your workspace (project-level) or add the server to your user configuration:
{
"servers": {
"axe-mcp-server": {
"command": "npx",
"args": ["-y", "axe-mcp-server"],
"env": {
"AXE_API_KEY": "your-api-key-here"
}
}
}
}Your configuration contains a credential in its env block. Project-level files like .vscode/mcp.json live in your repository — add them to .gitignore, or keep credentials in your user configuration instead. See Handling secrets safely below.
OAuth 2.0
OAuth 2.0 is supported with the npm distribution as well — set AXE_ACCESS_TOKEN instead of AXE_API_KEY, injecting a fresh token from @deque/axe-auth token at startup. See Authentication for the full flow.
Set either AXE_API_KEY or AXE_ACCESS_TOKEN — not both. The server will fail at startup if both variables are set.
Handling secrets safely
If you inline a credential in the env block, treat that file like any other secret:
- Never commit it to source control. Project-level files like
.vscode/mcp.jsonlive in your repository — add them to your.gitignore, or keep credentials in your user configuration instead. - Prefer your OS keychain or a secret manager where supported. For OAuth,
@deque/axe-authalready stores tokens in your system keychain — see Authentication. - Restrict file permissions so only your user can read the file (for example,
chmod 600 .vscode/mcp.jsonon macOS and Linux).
Start the MCP Server
- Open VS Code with your configured settings
- Locate the
"axe-mcp-server"entry in yourmcp.jsonfile - Click the Start button that appears above the server configuration
- If you configured API key authentication, enter your API key when prompted. If you configured OAuth, the server starts without a prompt and retrieves a token from your system keychain.
Submit Prompts to Copilot
Once the axe MCP Server is running, you can use it through VS Code's Copilot chat interface:
- Open Copilot chat in VS Code
- Ensure you're in agent mode to allow tool usage
- Submit prompts to analyze websites and remediate accessibility issues
For recommended custom instructions that guide Copilot through the analyze-then-remediate workflow, see Configuring Your AI Agent.
