Claude Code Integration
Get AI-powered assistance when building Quickback applications
Build Quickback apps faster with Claude Code. The Quickback skill gives Claude deep knowledge of security layers, patterns, and best practices—so you can describe what you want and let Claude write the configuration.
Installation
Option 1: Install globally (Recommended)
Install the skill once and use it across all your projects:
npm install -g @kardoe/quickback-skillThis installs to ~/.claude/skills/quickback/ and is automatically available in Claude Code.
Option 2: New Quickback project
Create a new Quickback project—the skill is included automatically:
npx @kardoe/quickback create cloudflare my-app
cd my-appOption 3: Manual installation
Download the skill directly:
mkdir -p ~/.claude/skills/quickback
curl -o ~/.claude/skills/quickback/SKILL.md \
https://raw.githubusercontent.com/kardoe/quickback/main/.claude/skills/quickback/SKILL.mdWhat You Get
When you install the Quickback skill, you get:
Quickback Skill
Claude understands Quickback concepts and can answer questions about:
- Security layers - Firewall, Access, Guards, Masking, Actions
- Common patterns - Multi-tenant, owner-scoped, hierarchical access
- Best practices - Field protection, role-based access, PII handling
- Database dialects - SQLite/D1, PostgreSQL, MySQL syntax
Quickback Specialist Agent
Claude also gets a specialized agent that activates automatically when you're:
- Creating new resources with schemas and security configurations
- Configuring security layers (Firewall, Access, Guards, Masking)
- Defining actions for business logic
- Debugging configuration issues
The agent generates complete, working code in your definitions/features/ directory.
Usage
Let Claude help automatically
Just describe what you need. Claude will use Quickback knowledge when relevant:
"Create a tasks resource where users can only see their own tasks,
but admins can see all tasks in the organization"Invoke directly
Use /quickback to explicitly activate the skill:
/quickback How do I configure soft delete?Example Conversations
Building a New Resource
You: "I need a resource for invoices. Users should only see invoices from their organization. The status field should only be changeable through approve/reject actions. Mask the customer email for non-admins."
Claude: Creates complete configuration with:
- Firewall scoped to organization
- Protected status field with approve/reject actions
- Email masking with admin bypass
- Appropriate guards for createable/updatable fields
Understanding Existing Code
You: "Explain what this firewall configuration does"
Claude: Breaks down the WHERE clauses, explains the security implications, and identifies potential issues.
Debugging Configuration
You: "My users can see records from other organizations. What's wrong?"
Claude: Analyzes your firewall setup, checks for exception: true or missing organization scope, and suggests fixes.
What Claude Knows
Security Layers
| Layer | What Claude Helps With |
|---|---|
| Firewall | Data isolation patterns, WHERE clause generation, soft delete |
| Access | Role-based permissions, record-level conditions, combining rules |
| Guards | Field protection, createable vs updatable, immutable fields |
| Masking | PII redaction, role-based visibility, mask types |
| Actions | Custom endpoints, protected field updates, input validation |
Common Patterns
Claude recognizes and can implement these patterns:
- Multi-tenant SaaS - Organization-scoped with role hierarchy
- Personal data apps - Owner-scoped resources
- Hierarchical access - Admins see all, users see own
- Public resources - Reference data, system tables
- Workflow resources - Status fields with action-based transitions
Database Support
Claude generates correct syntax for your database:
// SQLite / Cloudflare D1
createdAt: integer('created_at', { mode: 'timestamp' })
// PostgreSQL / Supabase
createdAt: timestamp('created_at').defaultNow()
// MySQL
createdAt: timestamp('created_at')Tips for Best Results
Be specific about security requirements:
// Good
"Users can only see their own tasks. Admins can see all tasks
in the organization. The priority field can only be set by admins."
// Less helpful
"Create a tasks resource"Describe your user types:
"We have three roles: admin (full access), manager (can approve),
and member (can only edit their own records)"Mention sensitive fields:
"The ssn field should be masked for everyone except HR admins"Common Tasks
Create a complete resource
"Create an employees resource for a multi-tenant HR app. Include
fields for name, email, department, salary. Mask salary for
non-admins. Only HR can create/delete employees."Add an action to existing resource
"Add an 'approve' action to the expenses resource that sets
status to 'approved' and records the approver"Configure access control
"Update the projects resource so managers can edit any project
in their organization, but members can only edit projects they created"Set up masking
"Add masking to the customers resource: email partially masked,
phone last 4 digits only, SSN fully redacted except for finance role"Troubleshooting
Skill not found
Verify the skill is installed:
ls ~/.claude/skills/quickback/SKILL.mdIf missing, reinstall:
npm install -g @kardoe/quickback-skillClaude doesn't understand Quickback
Make sure the skill file exists and Claude Code is restarted. You can also invoke it directly with /quickback to force it to load.
Generated code has errors
Run quickback compile to validate. Share the error messages with Claude for fixes.
Updating the Skill
To get the latest version:
npm update -g @kardoe/quickback-skillResources
- Getting Started - Get your first Quickback project running
- Definitions Overview - Understand the security layer model
- npm package - Skill package
Feedback
Found an issue with the Claude Code integration?