@backstop/mcp-server
Advanced tools
MCP server for using backstop as the database tool for AI agents.
{
"mcpServers": {
"backstop": {
"command": "npx",
"args": ["@backstop/mcp-server"],
"env": {
"BACKSTOP_POSTGRES_URL": "postgresql://postgres:password@localhost:5432/app",
"BACKSTOP_AGENT_ID": "cursor-local"
}
}
}
}
If BACKSTOP_URL is omitted, the MCP package starts and manages a local
Backstop runtime automatically for that user. This keeps the real Backstop
gateway/sync/recovery path intact without making the user manually start Docker
or type a localhost gateway URL.
For local PostgreSQL development, BACKSTOP_POSTGRES_URL may be a normal
postgresql://...@localhost:5432/... URL. Managed local mode automatically
adds sslmode=disable for localhost if you did not specify an sslmode
yourself.
BACKSTOP_AGENT_ID is not issued by backstop. It is a stable name chosen by the
developer or operator so audit logs and approval screens can identify the
caller. Good values are cursor-local, claude-desktop-dev,
codex-staging-agent, or a team/service name.
Approval tools are disabled by default. Enable them only for trusted operator clients:
BACKSTOP_MCP_MODE=operator
Modes:
agent: execute/analyze/status, no approval tools.operator: approve/deny/audit/alerts/restore plans, no SQL execution.readonly: analyze/status/audit/alerts only.admin: all tools, including emergency pause/resume.BACKSTOP_MCP_ENABLE_APPROVAL_TOOLS=true is kept for compatibility and maps to
operator when BACKSTOP_MCP_MODE is not set.
Operator/admin mode also exposes backstop_prepare_restore_snapshot. It returns
a secret-safe CLI restore plan that uses BACKSTOP_RESTORE_DB; the MCP server
never sends the raw PostgreSQL password back to the AI client.
FAQs
MCP server for safe AI-agent database access through backstop.
The npm package @backstop/mcp-server receives a total of 6 weekly downloads. As such, @backstop/mcp-server popularity was classified as not popular.
We found that @backstop/mcp-server demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Product
Socket MCP now lets AI assistants review org alerts, investigate threats using the Socket threat feed, and inspect package files in addition to dependency scoring.
Product
Socket Firewall blocks malicious VS Code and Open VSX extensions before install, protecting developers from compromised editor marketplaces.
Research
More than 140 Mastra npm packages were compromised in a supply chain attack that used a typosquatted dependency to deliver a cross-platform infostealer during installation.