A backend developer does not need twenty MCP servers — they need five that cover code, data, history and the web, without blowing past Cursor's tool cap. Here is a loadout we run daily, and why each server is in it.
The stack
- Filesystem — read and write project files. Scope it to your repo, not your home folder. Setup.
- GitHub — issues, PRs, code search, review. Setup.
- Postgres (or DBHub for mixed engines) — query schema and data in read-only mode. Postgres setup · MySQL/DBHub setup.
- Memory — persist project facts and decisions across sessions so the agent stops re-asking.
- Brave Search / Exa — live web grounding for current library docs and errors.
That is roughly the tool budget Cursor allows (~40 tools across servers) without crowding anything out.
Example config
{
"mcpServers": {
"filesystem": { "command": "npx", "args": ["-y", "@modelcontextprotocol/server-filesystem", "/Users/you/app"] },
"github": { "command": "docker", "args": ["run","-i","--rm","-e","GITHUB_PERSONAL_ACCESS_TOKEN","ghcr.io/github/github-mcp-server"], "env": { "GITHUB_PERSONAL_ACCESS_TOKEN": "ghp_xxx" } },
"postgres": { "command": "npx", "args": ["-y","@bytebase/dbhub","--transport","stdio","--readonly","--dsn","postgres://user:pass@localhost:5432/db"] }
}
}
Add Memory and a search server the same way. See MCP config file location for where this goes per client.
Why read-only everywhere
Backend work means touching real databases and real repos. Start every data server read-only and every token least-privilege — the agent can explore and propose, you stay in control of writes. See MCP security best practices.
Variations
- Data engineer — swap Postgres for BigQuery or Snowflake.
- Full-stack — add Playwright for E2E testing and Figma for UI work.
Browse more role-based stacks in our curated loadouts.