Backend MCP Tools
π§ Coming Soon: Backend MCP features are currently in development. This documentation describes the planned API for Solo, Team, and Enterprise plans. The local MCP tools (snap, check, etc.) are available now on all tiers.
Backend MCP will extend SnapBackβs local MCP integration with cloud-powered features including advanced AI risk scoring, team collaboration, and cloud backup. Available on Solo, Team, and Enterprise plans.
π Unlock Backend MCP: Upgrade to Solo, Team, or Enterprise to access cloud features, API authentication, and team collaboration.
Whatβs Planned
Backend MCP will add cloud-powered capabilities to your local MCP integration:
Cloud Backup
Automatically sync snapshots to encrypted cloud storage with configurable retention.
Advanced AI Scoring
Cloud-based Guardian AI analyzes code for security risks with higher accuracy.
Team Collaboration
Share snapshots and policies across your team with granular access controls.
Privacy Notice
π Privacy & Consent: Backend MCP requires explicit consent before sending data to SnapBack servers. Metadata (file paths, risk scores, timestamps) is uploaded with end-to-end encryption. File contents are never sent unless you explicitly enable cloud backup.
Whatβs Uploaded
When Backend MCP is enabled:
- β Snapshot metadata: File paths, sizes, hashes (encrypted)
- β Risk analysis results: Severity scores, violation types (no code content)
- β Session metadata: Session names, durations, tag data
- β Policy configurations: File policies, team .snapbackrc settings
Whatβs Never Uploaded
- β File contents (unless cloud backup is explicitly enabled)
- β API keys or secrets (always redacted)
- β Personal identifiable information (PII is sanitized)
- β Source code snippets (only metadata and hashes)
Planned Backend MCP Tools
The following tools are planned for Backend MCP. They are not yet available.
1. cloud_backup (Planned)
Upload a snapshot to encrypted cloud storage.
Parameters:
{
snapshotId: string;
workspacePath: string;
retention?: number; // days (default: tier-based)
}Response:
{
cloudSnapshotId: string;
uploadedAt: string; // ISO 8601
size: number; // bytes
retention: number; // days
expiresAt: string; // ISO 8601
}Usage Example:
// AI assistant can back up important snapshots to cloud
const result = await mcp.call('cloud_backup', {
snapshotId: 'snap_local_12345',
workspacePath: '/Users/dev/my-project',
retention: 90 // Override tier default
});2. cloud_restore (Planned)
Restore a snapshot from cloud storage to your local machine.
Parameters:
{
cloudSnapshotId: string;
targetPath: string;
options?: {
overwrite?: boolean;
excludePatterns?: string[];
};
}Response:
{
restoredFiles: number;
skippedFiles: number;
errors: string[];
localSnapshotId: string;
}3. guardian_ai_score (Planned)
Analyze code using cloud-based Guardian AI for enhanced risk detection.
Parameters:
{
filePaths: string[];
workspacePath: string;
options?: {
includeExplanations?: boolean;
threshold?: 'low' | 'medium' | 'high';
};
}Response:
{
findings: Array<{
file: string;
type: 'secret' | 'mock_leakage' | 'phantom_dependency' | 'ai_risk';
severity: 'low' | 'medium' | 'high' | 'critical';
line: number;
column: number;
message: string;
explanation?: string; // Only if includeExplanations: true
suggestedFix?: string;
}>;
overallRisk: number; // 0-10 with decimal precision
confidence: number; // 0-100 (AI model confidence)
}Key Differences from Local analyze_risk:
- βοΈ Cloud-based ML model (higher accuracy)
- π Confidence scores and explanations
- π§ Suggested fixes for violations
- π Faster analysis for large codebases (parallel processing)
4. team_share_snapshot (Planned)
Share a snapshot with team members.
Parameters:
{
snapshotId: string;
teamId: string;
permissions: {
members?: string[]; // User IDs, omit for all team members
canRestore?: boolean; // Default: true
canDelete?: boolean; // Default: false
};
}Response:
{
sharedSnapshotId: string;
shareUrl: string;
sharedWith: number; // Member count
expiresAt?: string; // Optional expiration
}5. team_get_shared
List snapshots shared with your team.
Parameters:
{
teamId: string;
filters?: {
sharedBy?: string; // User ID
tags?: string[];
since?: string; // ISO 8601 date
};
}Response:
{
snapshots: Array<{
id: string;
name: string;
sharedBy: string;
sharedAt: string;
size: number;
tags: string[];
canRestore: boolean;
}>;
total: number;
}Authentication
Backend MCP requires API key authentication:
Obtaining an API Key
- Upgrade to Solo, Team, or Enterprise
- Navigate to Dashboard β Settings β API Keys
- Click βGenerate New Keyβ
- Copy the key (displayed once only)
- Store securely in your environment variables
API Key Format:
sb_live_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6Scopes (configurable per key):
snapshots:read- List and download snapshotssnapshots:write- Create and upload snapshotssnapshots:delete- Delete snapshotsguardian:analyze- Use Guardian AI scoringteam:read- View team snapshotsteam:write- Share snapshots with team
Configuring Authentication
# Set API key as environment variable
export SNAPBACK_API_KEY="sb_live_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6"
# Or add to .snapbackconfig
{
"mcp": {
"backend": {
"enabled": true,
"apiKey": "${SNAPBACK_API_KEY}", // Use env var reference
"endpoint": "https://api.snapback.dev" // Optional: custom endpoint
}
}
}Security Best Practices:
- β Store API keys in environment variables (not version control)
- β Use separate keys for development and production
- β Rotate keys every 90 days
- β Revoke compromised keys immediately via dashboard
Configuration
Enabling Backend MCP
// .snapbackconfig
{
"mcp": {
"local": {
"enabled": true // Keep local MCP enabled
},
"backend": {
"enabled": true,
"apiKey": "${SNAPBACK_API_KEY}",
"cloudBackup": {
"auto": true, // Auto-backup after each snapshot
"retention": 90, // Days (tier-dependent)
"exclude": ["node_modules/", ".git/", "*.log"]
},
"guardianAI": {
"enabled": true,
"threshold": "medium", // low | medium | high
"autoAnalyze": true // Analyze on save
}
}
}
}VS Code Extension Settings
// VS Code settings.json
{
"snapback.mcp.backend.enabled": true,
"snapback.mcp.backend.cloudBackup.auto": true,
"snapback.mcp.backend.guardianAI.enabled": true,
"snapback.mcp.backend.guardianAI.threshold": "medium"
}Tier-Specific Limits
| Feature | Solo | Team | Enterprise |
|---|---|---|---|
| Cloud Storage | 5GB | 50GB | 100GB+ |
| Cloud Retention | 30 days | 90 days | Custom |
| API Rate Limit | 100/hr | 500/hr | Unlimited |
| Guardian AI Calls | 50/hr | 200/hr | Unlimited |
| Team Members | 1 | 10 | Unlimited |
| Snapshot Sharing | β | β | β |
| SSO/SAML | β | β | β |
Usage Examples
Automatic Cloud Backup
// AI assistant creates and backs up snapshot
const snapshot = await mcp.call('create_snapshot', {
workspacePath: '/Users/dev/my-project',
message: 'Before refactoring'
});
const backup = await mcp.call('cloud_backup', {
snapshotId: snapshot.id,
workspacePath: '/Users/dev/my-project'
});
console.log(`Snapshot backed up to cloud: ${backup.cloudSnapshotId}`);Advanced Risk Analysis
// AI assistant analyzes code with Guardian AI
const analysis = await mcp.call('guardian_ai_score', {
filePaths: ['src/auth.ts', 'src/api.ts'],
workspacePath: '/Users/dev/my-project',
options: {
includeExplanations: true,
threshold: 'medium'
}
});
for (const finding of analysis.findings) {
console.log(`${finding.severity}: ${finding.message}`);
if (finding.suggestedFix) {
console.log(`Suggested fix: ${finding.suggestedFix}`);
}
}Team Collaboration
// Share snapshot with team
const share = await mcp.call('team_share_snapshot', {
snapshotId: 'snap_12345',
teamId: 'team_acme',
permissions: {
canRestore: true,
canDelete: false
}
});
console.log(`Shared with ${share.sharedWith} team members`);
console.log(`Share URL: ${share.shareUrl}`);Troubleshooting
Authentication Errors
# Verify API key is set
echo $SNAPBACK_API_KEY
# Test API connection
snapback mcp test-backend
# Check API key permissions
snapback api whoamiCommon Issues:
401 Unauthorized: Invalid or expired API key403 Forbidden: Insufficient permissions (check scopes)429 Too Many Requests: Rate limit exceeded (upgrade tier)
Cloud Backup Failures
- Check storage quota:
snapback cloud status - Verify network connectivity:
ping api.snapback.dev - Review excluded patterns: Ensure important files arenβt excluded
- Check logs:
snapback mcp logs --backend
Guardian AI Timeout
If Guardian AI analysis times out:
- Reduce file count per analysis (max 50 files recommended)
- Increase timeout in config:
guardianAI.timeout: 30000(ms) - Check rate limits:
snapback api limits
CLI Commands
# Test backend MCP connection
snapback mcp test-backend
# Check cloud storage status
snapback cloud status
# List cloud snapshots
snapback cloud list [--limit 10]
# Upload snapshot to cloud
snapback cloud backup <snapshot-id>
# Restore from cloud
snapback cloud restore <cloud-snapshot-id> [--target ./restored]
# Analyze with Guardian AI
snapback guardian analyze <file-paths...> [--cloud]
# Team commands (Team+ only)
snapback team share <snapshot-id> [--members user1,user2]
snapback team list-sharedBest Practices
π Secure Your API Key
Never commit API keys to version control. Use environment variables or secure vaults.
βοΈ Configure Retention
Set appropriate retention periods to balance storage costs and recovery needs.
π€ Use Guardian AI Selectively
Run cloud analysis on critical files to conserve rate limits and reduce latency.
π₯ Review Team Permissions
Regularly audit who has access to shared snapshots and revoke as needed.
Related Documentation
- Local MCP Integration - Offline MCP features
- Plans & Pricing - Feature comparison by tier
- CLI Reference - Command-line tools
- Privacy & Data Protection - Data handling practices
Privacy First: SnapBack works 100% offline on the Free plan. MCP is optional and requires explicit consent on paid plans. Learn more β