Date: 2026-03-29
Context: Backend development tools that integrate with Claude Code for the plan/implement/verify loop.
This catalog covers best-in-class CLI tools for web backend development, organized by category. Each entry notes the tool's loop phase (plan, implement, verify), install command, and integration method with Claude Code.
Integration methods:
- CLI shell-out -- Claude Code runs the tool via Bash (most common)
- MCP server -- tool exposes a Model Context Protocol server for direct integration
- Hook -- Claude Code pre/post-tool hook triggers the tool automatically
- Plugin -- Claude Code plugin bundles MCP + hooks + skills
Frameworks Claude Code can scaffold, configure, and develop against. All integrate via CLI shell-out for project creation and dev server commands.
| Tool |
What it does |
Install |
Notes |
| Express |
The most widely used Node.js web framework. Mature ecosystem, extensive middleware, massive community. Battle-tested since 2010. |
npm install express |
Largest middleware ecosystem; Claude knows Express patterns deeply due to training data volume. |
| Fastify |
High-performance Node.js framework with built-in schema validation, JSON serialization, and logging. 2-3x faster than Express for JSON APIs. |
npm install fastify |
Built-in JSON Schema validation generates types automatically; excellent for API-first development. |
| Hono |
Ultralight, cross-runtime framework (Node, Deno, Bun, Cloudflare Workers, AWS Lambda). Minimal bundle, fast cold starts. |
npm install hono |
Best for edge/serverless; same code runs on every runtime. Growing fast in 2025-2026. |
| Koa |
Lightweight middleware framework by the Express team. Uses async/await natively with a minimal core. |
npm install koa |
Smaller ecosystem than Express; good for developers who want fine-grained middleware control. |
| Tool |
What it does |
Install |
Notes |
| FastAPI |
Modern async Python framework with automatic OpenAPI docs and Pydantic validation. Handles 20k+ req/s with Uvicorn. Adoption grew 40% YoY through 2025. |
pip install "fastapi[standard]" |
Auto-generates OpenAPI spec; Claude can read the spec to understand endpoints during planning. |
| Django |
Batteries-included full-stack framework with ORM, admin, auth, and migrations built in. The mature Python choice for complex applications. |
pip install django |
manage.py CLI is excellent for Claude shell-out (migrations, shell, test, runserver). |
| Flask |
Lightweight WSGI micro-framework for rapid prototyping. Flexible and simple, with extensions for anything you need. |
pip install flask |
Best for small APIs and prototypes; less opinionated than Django. |
| Tool |
What it does |
Install |
Notes |
| Ruby on Rails |
Full-stack convention-over-configuration framework. Fastest time-to-ship for CRUD apps. Strong CLI generators. |
gem install rails |
rails CLI generates models, controllers, migrations; Claude can drive the full scaffold workflow. |
| Tool |
What it does |
Install |
Notes |
| Gin |
Most popular Go web framework (used by 48% of Go developers). Fast routing, middleware support, JSON rendering. |
go get github.com/gin-gonic/gin |
Best default choice for Go APIs; huge community and documentation. |
| Echo |
Structured Go framework with type safety, middleware chaining, and enterprise patterns. Slightly edges Gin in raw throughput. |
go get github.com/labstack/echo/v4 |
Better for enterprise API gateways; steeper learning curve than Gin. |
| Fiber |
Express-inspired Go framework built on fasthttp. Exceptional performance at the cost of some net/http compatibility. |
go get github.com/gofiber/fiber/v2 |
Familiar to Express developers; fastest Go framework in many benchmarks. |
| Tool |
What it does |
Install |
Notes |
| Spring Boot |
Enterprise Java framework used by JPMorgan, PayPal, Stripe. Auto-configuration, embedded servers, production-ready features. |
sdk install springboot (SDKMAN) or start.spring.io |
spring CLI and Maven/Gradle integration; Claude can generate and modify application.properties. |
| Tool |
What it does |
Install |
Notes |
| ASP.NET Core |
Cross-platform, high-performance .NET framework. Strong typed tooling, integrated with .NET 8+ ecosystem. |
dotnet new webapi |
dotnet CLI is comprehensive; Claude drives project creation, build, run, and publish. |
| Tool |
What it does |
Install |
Integration |
| Prisma Migrate |
Declarative schema-first migrations for TypeScript/Node.js. Prisma 7 (late 2025) dropped the Rust engine for pure TS -- 3.4x faster queries, 9x faster cold starts. |
npm install prisma |
CLI shell-out: npx prisma migrate dev, npx prisma db push |
| Drizzle Kit |
Code-first TypeScript migration generator. Minimal bundle (~7.4KB), SQL-like control. v1.0 beta landed early 2025. |
npm install drizzle-kit |
CLI shell-out: npx drizzle-kit generate, npx drizzle-kit migrate |
| Knex |
SQL query builder with migration support for PostgreSQL, MySQL, SQLite, MSSQL, Oracle, and more. Mature and stable. |
npm install knex |
CLI shell-out: npx knex migrate:latest, npx knex seed:run |
| Alembic |
Migration tool for SQLAlchemy. v1.17.2 released January 2026. The standard for Python/SQLAlchemy projects. |
pip install alembic |
CLI shell-out: alembic upgrade head, alembic revision --autogenerate |
| Django Migrations |
Built-in migration framework for Django ORM. Auto-detects model changes and generates migration files. |
Included with Django |
CLI shell-out: python manage.py makemigrations, python manage.py migrate |
| ActiveRecord Migrations |
Built-in Rails migration system. Convention-driven, supports reversible migrations with rollback. |
Included with Rails |
CLI shell-out: rails db:migrate, rails generate migration |
| Entity Framework Migrations |
.NET migration system with code-first and database-first workflows. Integrated with dotnet CLI. |
dotnet tool install --global dotnet-ef |
CLI shell-out: dotnet ef migrations add, dotnet ef database update |
| Tool |
What it does |
Install |
Integration |
| Prisma |
Type-safe ORM with declarative schema, auto-generated client, and visual Studio. Prisma 7 is pure TypeScript with 85-90% smaller bundle. |
npm install @prisma/client |
CLI shell-out: npx prisma generate, npx prisma studio |
| Drizzle ORM |
Lightweight TypeScript ORM with SQL-like syntax. Zero dependencies, full type safety, optimal for serverless. |
npm install drizzle-orm |
CLI shell-out (via drizzle-kit); code-level integration |
| TypeORM |
Decorator-based ORM for TypeScript supporting Active Record and Data Mapper patterns. Supports MySQL, PostgreSQL, SQLite, MSSQL, Oracle. |
npm install typeorm |
CLI shell-out: npx typeorm migration:run |
| Sequelize |
Promise-based Node.js ORM for PostgreSQL, MySQL, SQLite, MSSQL. Established ecosystem with large community. |
npm install sequelize |
CLI shell-out: npx sequelize-cli db:migrate |
| SQLAlchemy |
The dominant Python SQL toolkit and ORM. Supports both high-level ORM and low-level Core patterns. Standard for FastAPI and data engineering. |
pip install sqlalchemy |
Code-level integration; pairs with Alembic for migrations |
| Django ORM |
Built-in Django ORM with model definitions, querysets, and admin integration. Best for Django projects. |
Included with Django |
CLI shell-out: python manage.py shell, python manage.py dbshell |
| Tool |
What it does |
Install |
Integration |
| psql |
PostgreSQL interactive terminal. Query, inspect schemas (\dt, \d+), manage databases. The standard Postgres CLI. |
Included with PostgreSQL |
CLI shell-out: psql -c "SELECT ..." |
| mysql |
MySQL command-line client. Query execution, schema inspection, database administration. |
Included with MySQL |
CLI shell-out: mysql -e "SHOW TABLES" |
| sqlite3 |
SQLite command-line shell. Dot-commands for schema inspection (.tables, .schema), query execution. |
Included with SQLite / OS |
CLI shell-out: sqlite3 db.sqlite ".tables" |
| mongosh |
Modern MongoDB shell. JavaScript-based, query execution, collection inspection, aggregation pipelines. |
npm install -g mongosh |
CLI shell-out: mongosh --eval "db.collection.find()" |
| PostgreSQL MCP |
Anthropic's official Postgres MCP server. Read-only schema inspection and SELECT queries directly from Claude. |
npm install @modelcontextprotocol/server-postgres |
MCP server (read-only); add to .mcp.json |
| Supabase MCP |
Official Supabase MCP server (v0.7.0, March 2026). 20+ tools for database, auth, storage, edge functions. 832k+ downloads since April 2025 launch. |
npx supabase mcp |
MCP server; OAuth 2.1 auth (cloud-hosted since Oct 2025). Dev/test only -- never connect to production. |
| Tool |
What it does |
Install |
Integration |
| SchemaSpy |
Java CLI that analyzes database metadata and generates browsable HTML/SVG entity-relationship diagrams. Supports 12+ database types. |
java -jar schemaspy.jar (or Docker) |
CLI shell-out: java -jar schemaspy.jar -t pgsql -db mydb |
| dbdiagram.io |
Web tool using DBML DSL for quick schema visualization. Export DDL for multiple engines. |
Browser-based; DBML CLI: npm install -g @dbml/cli |
CLI shell-out: dbml2sql schema.dbml; Claude can generate DBML from schema descriptions |
| tbls |
CLI tool that generates database documentation (Markdown, PlantUML, Mermaid) from live databases. |
brew install k1LoW/tap/tbls |
CLI shell-out: tbls doc postgres://... |
| Tool |
What it does |
Install |
Integration |
| EXPLAIN / EXPLAIN ANALYZE |
Built-in PostgreSQL query plan analysis. Shows execution plan, actual timing, row estimates vs actuals. |
Built into PostgreSQL |
CLI shell-out: psql -c "EXPLAIN ANALYZE SELECT ..." |
| pg_stat_statements |
PostgreSQL extension tracking execution statistics for all queries -- time, calls, rows, I/O. Essential for production query analysis. |
Enable in postgresql.conf |
CLI shell-out: query via psql -c "SELECT * FROM pg_stat_statements ORDER BY total_exec_time DESC" |
| pg_stat_monitor |
Percona's enhanced alternative to pg_stat_statements. Includes actual query plans and more detailed grouping. PostgreSQL 14+. |
Enable in postgresql.conf |
CLI shell-out: query via psql |
| auto_explain |
Logs execution plans for slow queries automatically in production. No application code changes needed. |
Enable in postgresql.conf |
Configuration-based; Claude can analyze log output |
| Tool |
What it does |
Install |
Integration |
| curl |
The universal HTTP client. Available everywhere, supports every protocol. Verbose but complete. |
Pre-installed on most systems |
CLI shell-out: curl -X POST -H "Content-Type: application/json" -d '{}' http://... |
| HTTPie |
Modern, human-readable HTTP client for the terminal. Intuitive syntax, colorized output, JSON support by default. Free and open-source CLI. |
pip install httpie or brew install httpie |
CLI shell-out: http POST api.example.com/users name=John |
| Bruno |
Open-source API client storing collections as plain-text .bru files on your filesystem. Git-friendly, no cloud sync, no account required. |
npm install -g @usebruno/cli |
CLI shell-out: bru run --env production; collections commit to Git alongside code |
| Newman |
Postman collection runner for the command line. Run Postman collections in CI/CD pipelines. |
npm install -g newman |
CLI shell-out: newman run collection.json -e environment.json |
| Tool |
What it does |
Install |
Integration |
| Redocly CLI |
All-in-one OpenAPI utility: lint, bundle, preview, and generate docs. Supports OpenAPI 3.2/3.1/3.0/2.0, AsyncAPI 3.0, Arazzo 1.0. Replaced the deprecated swagger-cli. |
npm install -g @redocly/cli |
CLI shell-out: redocly lint openapi.yaml, redocly build-docs openapi.yaml |
| Redoc |
Open-source three-panel API documentation renderer from OpenAPI specs. Beautiful, responsive output. |
npm install redoc-cli |
CLI shell-out: redoc-cli build openapi.yaml |
| GraphQL Inspector |
Schema diffing, breaking change detection, coverage analysis, and document validation for GraphQL. Modular CLI -- install only what you need. |
npm install @graphql-inspector/cli |
CLI shell-out: graphql-inspector diff old.graphql new.graphql, graphql-inspector validate documents/*.graphql schema.graphql |
| Tool |
What it does |
Install |
Integration |
| Prism |
CLI mock server that generates responses from OpenAPI v2/v3 specs. Validates requests against the spec automatically. |
npm install -g @stoplight/prism-cli |
CLI shell-out: prism mock openapi.yaml (serves on localhost:4010) |
| Mock Service Worker (MSW) |
API mocking library that intercepts network requests at the browser/Node.js level using Service Workers. Industry standard for JS testing. |
npm install msw |
Code-level integration; used in test suites with Vitest/Jest |
| json-server |
Zero-config REST API from a JSON file. Instant fake server for prototyping. |
npm install -g json-server |
CLI shell-out: json-server db.json |
| WireMock |
Heavyweight API mock/stub server for JVM ecosystems. Standalone server or JUnit integration. Enterprise-grade. |
docker run -p 8080:8080 wiremock/wiremock or Java jar |
CLI shell-out: java -jar wiremock-standalone.jar |
| Tool |
What it does |
Install |
Integration |
| Vitest |
Fast test runner for Vite projects. Native ESM/TypeScript, 4x faster cold runs and 30% less memory than Jest. 400% adoption growth in 2023-2024. |
npm install -D vitest |
CLI shell-out: npx vitest run, npx vitest --reporter=verbose |
| Jest |
Established JavaScript testing framework. 35M+ weekly downloads, massive ecosystem. Required for React Native. |
npm install -D jest |
CLI shell-out: npx jest --verbose, npx jest --coverage |
| pytest |
The dominant Python testing framework. Rich plugin ecosystem, fixtures, parametrize, assertion introspection. |
pip install pytest |
CLI shell-out: pytest -v, pytest --tb=short |
| unittest |
Python's built-in test framework. No install needed; xUnit-style with class-based test organization. |
Built into Python |
CLI shell-out: python -m unittest discover |
| RSpec |
BDD testing framework for Ruby. Expressive DSL, rich matchers, widely used with Rails. |
gem install rspec |
CLI shell-out: rspec --format documentation |
| JUnit 5 |
Standard Java testing framework. Annotations, parameterized tests, extensions. |
Maven/Gradle dependency |
CLI shell-out: mvn test, gradle test |
| xUnit.net |
Modern .NET testing framework. Clean, extensible, used by the .NET team itself. |
dotnet add package xunit |
CLI shell-out: dotnet test --verbosity normal |
| Go testing |
Go's built-in test package. Table-driven tests, benchmarks, subtests. No external dependency needed. |
Built into Go |
CLI shell-out: go test ./... -v, go test -bench=. |
| Tool |
What it does |
Install |
Integration |
| Supertest |
HTTP assertion library for Node.js. Test Express/Fastify/Koa endpoints without starting a server. Pairs with Jest or Vitest. |
npm install -D supertest |
Code-level integration; run via npx vitest or npx jest |
| httpx |
Modern Python HTTP client with async support. Used for API testing with pytest. Drop-in replacement for requests with HTTP/2 support. |
pip install httpx |
Code-level integration; run via pytest |
| requests |
The most popular Python HTTP library. Simple API for making HTTP requests in test scripts. |
pip install requests |
Code-level integration; run via pytest |
| REST Assured |
Java DSL for REST API testing. v6.0.0 (December 2025) requires Java 17+, supports Spring 7 + Jackson 3. |
Maven/Gradle dependency |
CLI shell-out: mvn test (tests written as JUnit) |
| Tool |
What it does |
Install |
Integration |
| k6 |
Developer-friendly load testing tool by Grafana Labs (29.9k GitHub stars). Tests written in JavaScript/TypeScript. v1.0 (May 2025) added native TS, extension framework. v1.6.1 released Feb 2026. |
brew install k6 or go install go.k6.io/k6@latest |
CLI shell-out: k6 run script.js --vus 50 --duration 30s |
| Locust |
Python-based load testing with code-defined user behavior. Distributed, scalable, web UI for monitoring. 27.5k GitHub stars. |
pip install locust |
CLI shell-out: locust -f locustfile.py --headless -u 100 -r 10 |
| Artillery |
YAML-defined load testing for HTTP, WebSocket, Socket.io. Quick setup, CI/CD friendly. |
npm install -g artillery |
CLI shell-out: artillery run scenario.yml, artillery quick --count 100 -n 50 http://localhost:3000 |
| autocannon |
Fast HTTP/1.1 benchmarking tool for Node.js. Produces more load than wrk. Both CLI and programmatic API. |
npm install -g autocannon |
CLI shell-out: autocannon -c 100 -d 10 http://localhost:3000 |
| Tool |
What it does |
Install |
Integration |
| npm audit |
Built-in Node.js dependency vulnerability scanner. Checks packages against the npm advisory database. |
Included with npm |
CLI shell-out: npm audit, npm audit fix |
| Snyk |
Developer security platform covering SCA, SAST, containers, and IaC. Monitors 15M+ packages, provides fix PRs, reachability analysis. Proprietary vulnerability database. |
npm install -g snyk |
CLI shell-out: snyk test, snyk monitor; also available as MCP server |
| Socket |
Supply-chain threat detection at install time. Detects malicious packages, typosquatting, and install scripts. Pairs with Dependabot or Snyk. |
npm install -g socket |
CLI shell-out: socket scan; GitHub App integration |
| Dependabot |
GitHub's built-in dependency management. Auto-detects vulnerable dependencies and creates fix PRs. Free for all GitHub repos. |
Configure via .github/dependabot.yml |
GitHub-native; Claude can review Dependabot PRs via gh CLI |
| pip-audit |
Python dependency vulnerability scanner using the OSV database. Official PyPA project. |
pip install pip-audit |
CLI shell-out: pip-audit |
| Tool |
What it does |
Install |
Integration |
| Semgrep |
Fast, open-source SAST with YAML rules that mirror source code syntax. 30+ languages, thousands of pre-written checks. Scans in 10-30 seconds. Used by Dropbox, Figma, Snowflake, HashiCorp. |
pip install semgrep or brew install semgrep |
Plugin (MCP + hooks + skills): Semgrep Claude Code plugin bundles scanning into every file Claude generates. Also CLI shell-out: semgrep scan --config=auto |
| CodeQL |
GitHub's query-based SAST engine. Write custom queries to inspect code behavior across multiple languages. Free for public repos; private repos require GitHub Advanced Security. |
gh codeql (via GitHub CLI extension) |
CLI shell-out: codeql database create, codeql database analyze; GitHub Actions integration |
| Bandit |
Python-specific security linter with 47 built-in checks. Finds common security issues in Python source files. Outputs SARIF for GitHub code scanning. |
pip install bandit |
CLI shell-out: bandit -r ./src |
| Brakeman |
Ruby on Rails security scanner. Static analysis for Rails-specific vulnerabilities. v8.0.3 released February 2026. |
gem install brakeman |
CLI shell-out: brakeman -A |
| SonarQube |
Comprehensive code quality and security platform. 30+ languages, quality gates, technical debt tracking. Community and commercial editions. |
Docker: docker run sonarqube |
CLI shell-out: sonar-scanner; analyzes on CI push |
| gosec |
Go security checker. Inspects Go source for security problems. Produces SARIF output. |
go install github.com/securego/gosec/v2/cmd/gosec@latest |
CLI shell-out: gosec ./... |
| Tool |
What it does |
Install |
Integration |
| Gitleaks |
Fast regex-based secret scanner for Git repos. Best as a pre-commit hook -- blocks secrets in milliseconds. Lightweight and simple. |
brew install gitleaks or go install github.com/gitleaks/gitleaks/v8@latest |
CLI shell-out: gitleaks detect; Hook: pre-commit hook for automatic scanning |
| TruffleHog |
Deep secret scanner that verifies whether detected credentials are still active. 800+ secret types. Scans Git, S3, Docker, Slack. |
brew install trufflehog or pip install trufflehog |
CLI shell-out: trufflehog git file://.; best in CI/CD for depth |
| detect-secrets |
Yelp's baseline-driven secret scanner. Lower false positive rates via curated approach. Focuses on preventing new secret exposure. |
pip install detect-secrets |
CLI shell-out: detect-secrets scan, detect-secrets audit .secrets.baseline |
Recommended combo: Gitleaks pre-commit for speed, TruffleHog in CI/CD for depth.
Tools for verifying backend behavior in development and staging environments.
| Tool |
What it does |
Install |
Integration |
| pino |
High-performance Node.js JSON logger. Structured output ideal for machine parsing. Pairs with pino-pretty for development. |
npm install pino |
Code-level integration; pino-pretty for CLI-readable output |
| structlog |
Structured logging for Python. Key-value pairs, processors, integration with stdlib logging. |
pip install structlog |
Code-level integration; structured JSON output for analysis |
| jq |
Lightweight CLI JSON processor. Essential for parsing structured log output, API responses, and configuration files. |
brew install jq or apt install jq |
CLI shell-out: cat logs.json | jq '.level == "error"' |
| lnav |
Log file navigator for the terminal. Auto-detects log formats, SQL queries on log data, timeline view. |
brew install lnav |
CLI shell-out: lnav /var/log/app.log |
| Tool |
What it does |
Install |
Integration |
| wait-on |
CLI utility that waits for files, ports, HTTP(s) resources. Essential for CI/CD: wait for server before running tests. |
npm install -g wait-on |
CLI shell-out: wait-on http://localhost:3000 && npm test |
| healthcheck (Docker) |
Docker's built-in health check directive. Verifies container readiness via CLI commands. |
Built into Docker |
Dockerfile directive; Claude can generate and verify HEALTHCHECK instructions |
| curl health checks |
Simple HTTP health check via curl. Universal, zero-dependency health verification. |
Pre-installed on most systems |
CLI shell-out: curl -f http://localhost:3000/health |
These are typically production infrastructure rather than CLI tools, but Claude Code can help configure and verify their setup:
| Tool |
What it does |
Install |
Integration |
| Prometheus |
Open-source metrics collection and alerting. CNCF graduated project, de facto standard for Kubernetes monitoring. |
Docker or binary |
Claude can generate prometheus.yml config and verify metrics endpoints |
| Grafana |
Multi-platform visualization for metrics, logs, and traces. Sits on top of Prometheus, Loki, and many other data sources. |
Docker or binary |
Claude can generate dashboard JSON and datasource configurations |
| OpenTelemetry |
Vendor-neutral instrumentation framework for traces, metrics, and logs. The emerging standard for observability. |
Language-specific SDKs |
Claude can add OTel instrumentation to application code |
Tools with dedicated MCP servers that give Claude Code direct access (beyond CLI shell-out):
| MCP Server |
Purpose |
Install |
| PostgreSQL MCP |
Read-only schema inspection and queries |
npm install @modelcontextprotocol/server-postgres |
| Supabase MCP |
Full Supabase backend (DB, auth, storage, functions) |
npx supabase mcp |
| Semgrep Plugin |
Security scanning on every generated file |
MCP + hooks + skills bundle |
| GitHub MCP |
Issues, PRs, repo search, workflow automation |
npm install @modelcontextprotocol/server-github |