Corrupt MCP
A Model Context Protocol server that turns AI agents into a site factory. Claude, Cursor, or any MCP client can scaffold white-label web platforms — and for the Pro tier, provision Supabase, deploy to Vercel, and verify security, end to end.
github.com/CorruptFun/corrupt-mcp · Python 3.10+ · FastMCP · built for the community
What It Does
Three Generators
A static dealership site (zero backend), a full Next.js + Supabase dealership platform with a real admin portal, and a membership/booking SaaS engine with Stripe billing.
Full Stand-Up Automation
The Pro pipeline provisions the Supabase project, applies the schema, seeds the first admin, deploys edge functions and the Vercel site, then runs an RLS regression suite as a security gate.
Agent-Native
Runs as a local stdio MCP server. No terminal prompts — structured tool calls with everything an agent needs to build autonomously, plus a human CLI when you want it.
Quick Start
Clone
git clone https://github.com/CorruptFun/corrupt-mcp.git
Install Deps
Python 3.10+, then pip3 install -r requirements-optional.txt from the repo root — pulls in mcp and requests.
Register Server
Add corrupt-mcp/server.pyto your agent's MCP config — snippets for each client below.
Ask Your Agent
"Stand up a dealership site for Sunset Motors." The agent picks the tier, calls the tools, and reports back with URLs and credentials.
Connect Your Agent
Add the server to claude_desktop_config.json, using the absolute path to your checkout:
{
"mcpServers": {
"corrupt-engine": {
"command": "python3",
"args": [
"/path/to/corrupt-mcp/corrupt-mcp/server.py"
]
}
}
}> If mcp is installed in a virtualenv, point "command" at that env’s python instead of the system python3.
Tool Directory
One tool call scaffolds a complete, deployable codebase.
Builds the static dealership / local-service site (Simple tier). Zero backend — a config JSON plus inventory JSON render to a single HTML deliverable with real lead capture.
Builds the Next.js + Supabase membership & booking platform with Stripe billing, scheduling, RLS, and optional liability waivers and email.
Tokens & Security Model
Required Tokens (Pro tier only)
- >
SUPABASE_ACCESS_TOKEN— a personal access token (sbp_…). Project keys won't work for the Management API. - >
VERCEL_TOKEN— create one at vercel.com/account/tokens. - >Deploy/verify steps expect the
vercelCLI on PATH, pluspsqlandbashfor the RLS gate. Provisioning itself is pure REST — no Supabase CLI, no Docker.
Handling Rules
- >Tokens are read from tool arguments or the environment — never written into committed files.
- >Generated secrets (database password, webhook shared secret) are returned in the tool output. Record them — Supabase can't show them again.
- >Offline test suite covers the Pro pipeline against a local mock of both APIs:
python3 -m unittest discover -s corrupt-mcp/tests
Go deeper
The repo ships full documentation: an architecture guide comparing the three generators, and the operator walkthrough for the Pro stand-up — prerequisites, tokens, DNS, and recovery paths.