Quickback Docs

AI Developer Tools

MCP server, Claude Code skill, and Cursor rules for AI-powered Quickback development

Build Quickback apps faster with AI. The Quickback CLI ships with an MCP server, Claude Code skill, and Cursor IDE rules — so any AI tool can help you write security configurations, define features, and understand your project.

Quick Install

# Install the CLI (includes all AI tools)
npm install -g @kardoe/quickback

# Claude Code skill
quickback claude install

# Cursor IDE rules
quickback cursor install

# MCP server (configure in your AI tool, see below)
quickback mcp

MCP Server

The MCP server makes Quickback documentation and project context available to any MCP-compatible AI tool.

Configuration

Add to your AI tool's MCP config:

{
  "mcpServers": {
    "quickback": {
      "command": "npx",
      "args": ["@kardoe/quickback", "mcp"]
    }
  }
}
ToolConfig File
Claude Desktop~/Library/Application Support/Claude/claude_desktop_config.json (macOS)
Cursor.cursor/mcp.json in your project
VS Code.vscode/mcp.json in your project

Available Tools

ToolDescription
list_topicsList all 100+ documentation topics
get_docGet a specific doc (supports fuzzy matching — e.g., "firewall")
search_docsSearch documentation by keyword
read_configRead your project's quickback.config.ts
list_featuresList features and their table files
read_featureRead a specific feature's source code
read_schema_registryRead the compiled schema-registry.json

All documentation topics are also registered as MCP resources at quickback://docs/{topic}.

Claude Code Skill

Installation

Install via the CLI (recommended):

quickback claude install --global    # All projects (~/.claude/)
quickback claude install --local     # This project only

Or install the standalone npm package:

npm install -g @kardoe/quickback-skill

Or when creating a new project, the skill is included automatically:

npx @kardoe/quickback create cloudflare my-app

What You Get

When you install the Quickback skill, you get:

Quickback Skill

Claude understands Quickback concepts and can answer questions about:

  • Security layers - Firewall, Access, Guards, Masking, Actions
  • Common patterns - Multi-tenant, owner-scoped, hierarchical access
  • Best practices - Field protection, role-based access, PII handling
  • Database dialects - SQLite/D1, PostgreSQL, MySQL syntax

Quickback Specialist Agent

Claude also gets a specialized agent that activates automatically when you're:

  • Creating new resources with schemas and security configurations
  • Configuring security layers (Firewall, Access, Guards, Masking)
  • Defining actions for business logic
  • Debugging configuration issues

The agent generates complete, working code in your quickback/features/ directory.

Usage

Let Claude help automatically

Just describe what you need. Claude will use Quickback knowledge when relevant:

"Create a tasks resource where users can only see their own tasks,
but admins can see all tasks in the organization"

Invoke directly

Use /quickback to explicitly activate the skill:

/quickback How do I configure soft delete?

Example Conversations

Building a New Resource

You: "I need a resource for invoices. Users should only see invoices from their organization. The status field should only be changeable through approve/reject actions. Mask the customer email for non-admins."

Claude: Creates complete configuration with:

  • Firewall scoped to organization
  • Protected status field with approve/reject actions
  • Email masking with admin bypass
  • Appropriate guards for createable/updatable fields

Understanding Existing Code

You: "Explain what this firewall configuration does"

Claude: Breaks down the WHERE clauses, explains the security implications, and identifies potential issues.

Debugging Configuration

You: "My users can see records from other organizations. What's wrong?"

Claude: Analyzes your firewall setup, checks for exception: true or missing organization scope, and suggests fixes.

What Claude Knows

Security Layers

LayerWhat Claude Helps With
FirewallData isolation patterns, WHERE clause generation, soft delete
AccessRole-based permissions, record-level conditions, combining rules
GuardsField protection, createable vs updatable, immutable fields
MaskingPII redaction, role-based visibility, mask types
ActionsCustom endpoints, protected field updates, input validation

Common Patterns

Claude recognizes and can implement these patterns:

  • Multi-tenant SaaS - Organization-scoped with role hierarchy
  • Personal data apps - Owner-scoped resources
  • Hierarchical access - Admins see all, users see own
  • Public resources - Reference data, system tables
  • Workflow resources - Status fields with action-based transitions

Database Support

Claude generates correct syntax for your database:

// SQLite / Cloudflare D1
createdAt: integer('created_at', { mode: 'timestamp' })

// PostgreSQL / Supabase
createdAt: timestamp('created_at').defaultNow()

// MySQL
createdAt: timestamp('created_at')

Tips for Best Results

Be specific about security requirements:

// Good
"Users can only see their own tasks. Admins can see all tasks
in the organization. The priority field can only be set by admins."

// Less helpful
"Create a tasks resource"

Describe your user types:

"We have three roles: admin (full access), manager (can approve),
and member (can only edit their own records)"

Mention sensitive fields:

"The ssn field should be masked for everyone except HR admins"

Common Tasks

Create a complete resource

"Create an employees resource for a multi-tenant HR app. Include
fields for name, email, department, salary. Mask salary for
non-admins. Only HR can create/delete employees."

Add an action to existing resource

"Add an 'approve' action to the expenses resource that sets
status to 'approved' and records the approver"

Configure access control

"Update the projects resource so managers can edit any project
in their organization, but members can only edit projects they created"

Set up masking

"Add masking to the customers resource: email partially masked,
phone last 4 digits only, SSN fully redacted except for finance role"

Troubleshooting

Skill not found

Verify the skill is installed:

ls ~/.claude/skills/quickback/SKILL.md

If missing, reinstall:

npm install -g @kardoe/quickback-skill

Claude doesn't understand Quickback

Make sure the skill file exists and Claude Code is restarted. You can also invoke it directly with /quickback to force it to load.

Generated code has errors

Run quickback compile to validate. Share the error messages with Claude for fixes.

Cursor IDE Rules

Cursor rules provide Quickback context when editing quickback/**/*.ts files.

Installation

quickback cursor install

This installs quickback.mdc to .cursor/rules/ in your project. Commit this file so your team gets the rules automatically.

Management

quickback cursor status    # Check installation
quickback cursor update    # Update to latest version
quickback cursor remove    # Remove the rules

Updating

To update all AI tools to the latest version:

npm update -g @kardoe/quickback
quickback claude update    # Update Claude skill
quickback cursor update    # Update Cursor rules

The MCP server always uses the latest installed version automatically.

Resources

Feedback

Found an issue with the AI tools integration?

Upgrade Anonymous Plugin

@kardoe/better-auth-upgrade-anonymous — Convert anonymous users to full accounts.

On this page

Quick InstallMCP ServerConfigurationAvailable ToolsClaude Code SkillInstallationWhat You GetQuickback SkillQuickback Specialist AgentUsageLet Claude help automaticallyInvoke directlyExample ConversationsBuilding a New ResourceUnderstanding Existing CodeDebugging ConfigurationWhat Claude KnowsSecurity LayersCommon PatternsDatabase SupportTips for Best ResultsCommon TasksCreate a complete resourceAdd an action to existing resourceConfigure access controlSet up maskingTroubleshootingSkill not foundClaude doesn't understand QuickbackGenerated code has errorsCursor IDE RulesInstallationManagementUpdatingResourcesFeedback