BackendMax
π©Ί AI-powered backend diagnostic MCP server. Understands what you're building and makes sure it actually works. Cross-boundary contract verification, living API docs, issue lifecycle tracking.
Install / Use
/learn @rish-e/BackendMaxQuality Score
Category
Development & EngineeringSupported Platforms
README
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β β
β βββββββ ββββββ ββββββββββ βββββββββββββββ ββββββββββ β
β βββββββββββββββββββββββββββ βββββββββββββββββ ββββββββββββ
β βββββββββββββββββββ βββββββ ββββββ ββββββ ββββββ ββββ
β βββββββββββββββββββ βββββββ ββββββ βββββββββββββ ββββ
β βββββββββββ ββββββββββββββ ββββββββββββββ βββββββββββββββ
β βββββββ βββ βββ ββββββββββ ββββββββββββββ βββββββββββββ
β β
β ββββ ββββ ββββββ βββ βββ β
β βββββ βββββββββββββββββββββ β
β βββββββββββββββββββ ββββββ β
β βββββββββββββββββββ ββββββ β
β βββ βββ ββββββ βββββββ βββ β
β βββ ββββββ ββββββ βββ β
β β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
π©Ί AI-Powered Backend Diagnostics for Claude Code
The backend bugs your linter can't see. The contract drift your tests don't cover. Caught before deploy.
<br />
Quick Start Β· Features Β· Tools Β· Roadmap
</div> <!-- βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ --> <br />π€ What Is This?
Backend Max is a Model Context Protocol (MCP) server that gives Claude deep diagnostic vision into your backend. It statically analyzes your codebase β both frontend and backend β to surface bugs, contract drift, missing validation, security gaps, and performance anti-patterns that no other single tool catches.
Think of it as a senior backend engineer that reviews every route, checks every contract, and never goes on vacation.
<br /> <!-- βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ -->π How It Works
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β β
β π Your Codebase π©Ί Backend Max π Report β
β β
β βββββββββββββ ββββββββββββββββ βββββββββββββ β
β β Frontend ββββββββββΆ β Cross- β β Health β β
β β API Calls β β Boundary ββββββββΆ β Score β β
β βββββββββββββ β Analysis β βββββββββββββ€ β
β β β β Issues β β
β βββββββββββββ β ββββββββββββ β βββββββββββββ€ β
β β Backend ββββββββββΆ β β 6 Audit β ββββββββΆ β API Docs β β
β β Routes β β β Engines β β βββββββββββββ€ β
β βββββββββββββ β ββββββββββββ β β Fixes β β
β β β β Guide β β
β βββββββββββββ β ββββββββββββ β βββββββββββββ β
β β Config ββββββββββΆ β β Intent β β β
β β & Env β β β Engine β β β
β βββββββββββββ β ββββββββββββ β β
β ββββββββββββββββ β
β β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β‘ Why Backend Max?
Existing tools catch syntax errors and type mismatches. Backend Max catches the bugs that ship to production.
| Bug Category | TypeScript | ESLint | Jest/Vitest | Backend Max |
|:---|:---:|:---:|:---:|:---:|
| Frontend calls /api/user but backend exposes /api/users | β | β | β | β
|
| Frontend sends { name } but backend expects { username } | β | β | β | β
|
| Route handler missing try/catch | β | β | β | β
|
| Zod schema missing on POST route | β | β | β | β
|
| process.env.SECRET used but not in .env | β | β | β | β
|
| Auth middleware missing on sensitive route | β | β | β | β
|
| N+1 query in a loop | β | β | β | β
|
| API docs out of date | β | β | β | β
|
<br /> <!-- βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ -->π‘ Backend Max doesn't replace your existing tools. It catches what they architecturally cannot β cross-boundary issues that require understanding both sides of the stack.
π Quick Start
Install with your MCP client
<details> <summary><strong>Claude Code (recommended)</strong></summary>claude mcp add backend-max -- npx -y backend-max
Done. Open any project and type /backendmax run a full diagnosis.
Add to your claude_desktop_config.json:
{
"mcpServers": {
"backend-max": {
"command": "npx",
"args": ["-y", "backend-max"]
}
}
}
Add to .vscode/settings.json:
{
"mcp.servers": {
"backend-max": {
"command": "npx",
"args": ["-y", "backend-max"]
}
}
}
Add to your MCP config:
{
"mcpServers": {
"backend-max": {
"command": "npx",
"args": ["-y", "backend-max"]
}
}
}
git clone https://github.com/rish-e/backend-max.git
cd backend-max
npm install && npm run build
Then add to your MCP client config:
{
"command": "node",
"args": ["/path/to/backend-max/dist/server.js"]
}
Run Your First Diagnosis
Open your MCP client in any project and ask:
/backendmax run a full diagnosis on my project
That's it. Backend Max will analyze your project and return a full diagnostic report with health score, issues, and fix suggestions.
4. CI/CD Mode (Optional)
Run diagnostics from the command line or GitHub Actions:
# Basic diagnosis
npx backend-max-cli diagnose ./my-project
# CI mode β fail if health score drops below 75 or critical issues found
npx backend-max-cli diagnose ./my-project --ci --min-score 75 --fail-on critical
# Output formats
npx backend-max-cli diagnose ./my-project --format markdown # PR comments
npx backend-max-cli diagnose ./my-project --format sarif # GitHub Code Scanning
npx backend-max-cli diagnose ./my-project --format json # Raw data
π¬ Features Deep Dive
π v2.2 β Tier 2 Feature Drop
| Feature | Description | |---------|-------------| | β‘ Fastify Support | Full route analysis with built-in JSON Schema validation detection, error handler checks, param extraction | | π₯ Hono Support | Route analysis with basePath resolution, zValidator detection, middleware arg parsing | | π¦ Rate Limiting Audit | Detects rate limiting packages/patterns, flags unprotected auth endpoints, checks caching coverage | | π API Versioning | Detects path/header versioning, finds version gaps, flags inconsistent versioning | | π Middleware Visualization | Maps global/inline middleware chains per route, checks ordering, generates markdown visualization | | π Multi-Layer Type Tracing | Traces types across frontend β route β service β repository β DB, finds cross-layer mismatches |
v2.1 β Tier 1 Feature Drop
| Feature | Description |
|---------|-------------|
| π§ Auto-Fix Engine | Generates real unified diff patches for common issues β try/catch wrapping, Zod validation, auth guards, pagination. Apply with git apply |
| ποΈ Watch Mode | Incremental analysis β shows new issues, fixed issues, and health score delta since last run. No full re-scan needed |
| π tRPC Support | Full router analysis β procedures, input validation, protected/public, queries vs mutations. 3 tRPC-specific checks |
| πΈοΈ GraphQL Analysis | Resolver scanning for Apollo, Yoga, Mercurius, type-graphql, NestJS. N+1 detection, auth checks, input validation |
| π¦ Dependency Scanner | Built-in vulnerability database (12+ packages), deprecated package detection, lock file checks, npm audit integration |
v2.0 Features
| Feature | Description |
|---------|-------------|
| ποΈ Prisma Schema Integration | Parses your .prisma schema and cross-references every database call β catches nonexistent models, fields, and missing indexes |
| π Deep Type Flow Analysis | Traces frontend response variables to check property access against backend return types β catches data.user.firstName vs data.user.first_name |
| β‘ Server Actions | Full audit of Next.js Server Actions ('use server') β validation, auth, error handling, database patterns |
| π CI/CD Mode | CLI entry point with --ci, --min-score, --fail-on, and 4 output formats (text, markdown, JSON, SARIF) |
| π’ Express.js Support | Route scanning, middleware detection, Express-specific checks (error middleware, 404, helmet/CORS) |
| π Pages Router | Next.js Pages Router API routes (pages/api/) full
