Corex MCP

View Source

Introduction

You expose Corex component metadata to AI tools (Cursor, Claude Desktop, VS Code) from your running app. The MCP server is self-hosted—no external SaaS.

Built on Tidewave Phoenix (Apache-2.0). Corex MCP keeps Tidewave's HTTP transport and security model but ships read-only component tools only. When upgrading Corex, compare lib/mcp/ against the reference Tidewave version noted in lib/mcp/server.ex.

Do not enable MCP in production. The tools are read-only, but the endpoint still widens your attack surface. Use it only while developing locally (or in :test when generated apps include it for CI). plug Corex.MCP raises at boot in :prod unless you pass force: true (discouraged).

Before you start

RequirementNotes
{:corex, "~> 0.1.0"}In mix.exs
Running HTTP serverPhoenix endpoint or Tableau Bandit child

Phoenix endpoint

Add plug Corex.MCP in lib/my_app_web/endpoint.ex after Plug.Static and before the code reloader block:

if Mix.env() == :dev do
  plug Corex.MCP
end

Start the app. MCP is available at http://localhost:4000/corex/mcp (adjust host and port).

Cursor.cursor/mcp.json:

{
  "mcpServers": {
    "corex": {
      "url": "http://localhost:4000/corex/mcp"
    }
  }
}

Claude Desktopclaude_desktop_config.json:

{
  "mcpServers": {
    "corex": {
      "transport": {
        "type": "http",
        "url": "http://localhost:4000/corex/mcp"
      }
    }
  }
}

Tableau Bandit

Tableau has no Phoenix endpoint. Run MCP on a separate Bandit port—see Tableau (MCP section).

Point your client at http://localhost:4004 when using the default MCP port there.

Tools

All tools are read-only.

ToolPurpose
list_componentsAll component ids (accordion, date_picker, …)
get_componentModule, slots, docs, repo-relative source_path for one id
installation_guideInstall steps for new or existing projects (scenario: new_project, existing_project, or omit for all)

Call list_components before get_component when you need a valid id. Invalid tool arguments return an MCP error instead of being silently ignored.

Security

Corex MCP follows the Tidewave dev-server security model:

  • Loopback by default. Only requests from localhost are accepted unless you set allow_remote_access: true on the plug (discouraged outside trusted networks).
  • Origin header. POST /corex/mcp and GET /corex/config reject requests that include an Origin header. Clients such as Cursor typically omit it.
  • Read-only tools. No code evaluation, SQL, or log access. Component ids are allowlisted before lookup.
  • Never production. Mount in :dev / :test only. The plug refuses to initialize in :prod unless force: true is passed.

Unlike Tidewave, Corex MCP does not modify your app's Content-Security-Policy or X-Frame-Options headers. Tidewave weakens CSP globally because its landing page loads an embedded browser client; Corex serves static HTML only.

Configuration

plug Corex.MCP,
  allow_remote_access: false,
  force: false
OptionDefaultDescription
allow_remote_accessfalseAllow non-loopback clients when true
forcefalseAllow mounting in :prod when true (discouraged)

Optional application config:

config :corex, mcp_root: "/path/to/project"

mcp_root sets the directory used to relativize source_path in get_component (defaults to File.cwd!()). Useful in umbrella apps or CI.

Verbose MCP logging:

config :corex, debug: true

Security

SettingDefaultPurpose
Loopback-only accessonNon-loopback clients receive 403 unless you opt in
allow_remote_access: trueoffAllows non-loopback IPs; logs a warning at plug init. Restrict with a firewall or VPN. Never use in production.
config :corex, mcp_verbose_errors: falseoffTool failures return a generic message to MCP clients; full exceptions stay in server logs
config :corex, debug: trueoffEnables verbose MCP JSON-RPC debug logging in server logs

Example for local debugging only:

config :corex, debug: true, mcp_verbose_errors: true

Remote access (discouraged outside trusted networks):

plug Corex.MCP, allow_remote_access: true