M
MCP Server
AI-powered code analysis via Model Context Protocol
Created 12/5/2025
Updated 8 days ago
README
Repository documentation and setup instructions
SnapBack MCP Server
AI-powered code analysis and snapshot management via Model Context Protocol
Integrate SnapBack's code safety features directly into Claude Desktop, Cursor, and any MCP-compatible AI tool.
Quick Start
npm install -g @snapback/mcp-server
snapback-mcp
Works immediately - no configuration required!
Features
🆓 Free (No Account Needed)
- ✅ Risk Analysis: Detect secrets, vulnerabilities in code changes
- ✅ Dependency Checking: Validate package.json changes
- ✅ Local Analysis: Basic secret detection and security scanning
- ✅ Offline Mode: Works without internet connection
- ✅ Context7 Integration: Library documentation and code search
☁️ Pro Features (Optional API Key)
Get a free API key from snapback.dev to unlock:
- 🔐 Advanced ML Analysis: AI-powered risk detection
- 🔐 Snapshot Management: Create and restore code snapshots
- 🔐 Cloud Sync: Access snapshots across devices
- 🔐 Team Sharing: Collaborate on code safety
Installation
Claude Desktop
Add to ~/Library/Application Support/Claude/claude_desktop_config.json:
{
"mcpServers": {
"snapback": {
"command": "npx",
"args": ["-y", "@snapback/mcp-server"]
}
}
}
With API Key (Optional)
{
"mcpServers": {
"snapback": {
"command": "npx",
"args": ["-y", "@snapback/mcp-server"],
"env": {
"SNAPBACK_API_KEY": "your_api_key_here"
}
}
}
}
Cursor / Other MCP Clients
# Install globally
npm install -g @snapback/mcp-server
# Run with stdio transport
snapback-mcp
Available Tools
snapback.analyze_risk
Analyze code changes for potential security risks before applying them.
When to use:
- Before accepting AI-generated code
- When reviewing complex changes
- For critical files (auth, database, config)
Example:
// AI detects you want to add authentication
// Before applying changes, it calls:
snapback.analyze_risk({
changes: [
{ added: true, value: "const API_KEY = 'sk_live_...';" }
]
})
// Returns: ⚠️ HIGH RISK: Hardcoded secret detected
snapback.check_dependencies
Check for dependency-related risks when package.json changes.
Example:
snapback.check_dependencies({
before: { "lodash": "^4.17.15" },
after: { "lodash": "^4.17.21" }
})
// Returns: ℹ️ Security update available
snapback.create_snapshot (Pro)
Create a code snapshot before risky changes.
Example:
snapback.create_snapshot({
reason: "Before major refactor",
files: ["src/auth.ts", "src/db.ts"]
})
// Returns: ✅ Snapshot created: snap_xyz123
snapback.list_snapshots (Pro)
List all available snapshots.
snapback.restore_snapshot (Pro)
Restore code from a previous snapshot.
Context7 Tools
ctx7.resolve-library-id: Find library documentationctx7.get-library-docs: Fetch library docs and examples
Configuration
Environment Variables
# Optional: SnapBack API key for Pro features
SNAPBACK_API_KEY=sk_...
# Optional: Custom API URL
SNAPBACK_API_URL=https://api.snapback.dev
# Optional: Context7 API key for enhanced docs
CONTEXT7_API_KEY=...
# Optional: Log level
LOG_LEVEL=info
Offline Mode
Works perfectly without any configuration or API keys:
# No env vars needed!
npx @snapback/mcp-server
What works offline:
- Risk analysis (basic)
- Dependency checking
- Secret detection
- Context7 library search (cached)
What requires API key:
- Advanced ML risk analysis
- Snapshot creation/restoration
- Cloud sync
- Team features
Architecture
┌─────────────────┐
│ AI Tool │ (Claude, Cursor, etc.)
│ (MCP Client) │
└────────┬────────┘
│ MCP Protocol
│
┌────────▼─────────────────────────────────┐
│ SnapBack MCP Server │
│ ┌──────────────┐ ┌──────────────────┐ │
│ │ Free Tools │ │ Pro Tools │ │
│ │ - analyze │ │ - snapshots │ │
│ │ - check_deps │ │ - cloud sync │ │
│ └──────────────┘ └──────────────────┘ │
└───────────┬──────────────────────────────┘
│
┌───┴────┐
│ │
┌────▼───┐ ┌─▼─────────┐
│ Local │ │ SnapBack │
│Analysis│ │ API │
└────────┘ └───────────┘
Development
Running Locally
git clone https://github.com/snapback-dev/mcp-server.git
cd mcp-server
pnpm install
pnpm build
pnpm start
Testing
# Run tests
pnpm test
# Test without API key (offline mode)
unset SNAPBACK_API_KEY
pnpm start
# Test with API key
export SNAPBACK_API_KEY=sk_test_...
pnpm start
Building
pnpm build
# Output: dist/index.js (ESM)
Troubleshooting
Server won't start
- Check Node.js version:
node -v(requires 18+) - Clear cache:
rm -rf node_modules && npm install - Check permissions:
chmod +x $(which snapback-mcp)
API key not working
- Verify key format:
sk_live_...orsk_test_... - Check env var:
echo $SNAPBACK_API_KEY - Get new key: snapback.dev/settings/api
Tools not showing in Claude
- Restart Claude Desktop completely
- Check config file syntax (JSON must be valid)
- Look for errors in Claude's console logs
Security
- All secrets handled via environment variables
- No data sent to SnapBack without API key
- Local analysis runs offline
- Open source - audit the code yourself
Report security issues: security@snapback.dev
Links
- Documentation: docs.snapback.dev
- Main Repository: Marcelle-Labs/snapback.dev
- Issues: github.com/snapback-dev/mcp-server/issues
- NPM: @snapback/mcp-server
License
Apache-2.0 © SnapBack
Related
snapbackVS Code Extension@snapback/sdk- TypeScript SDK@snapback/contracts- Type definitions
Quick Setup
Installation guide for this server
Install Package (if required)
npx @modelcontextprotocol/server-mcp-server
Cursor configuration (mcp.json)
{
"mcpServers": {
"snapback-dev-mcp-server": {
"command": "npx",
"args": [
"snapback-dev-mcp-server"
]
}
}
}