Skip to content
Arcjet Docs

Agent get started

Arcjet is the runtime security platform that ships with your code. Enforce budgets, stop prompt injection, detect bots, and protect personal information with Arcjet’s AI security building blocks.

Arcjet protects two types of entry points:

  • Request-based — HTTP route handlers and API endpoints. Use protect() with any supported framework.
  • Guards — tool calls, queue consumers, agentic pipelines, and anywhere else you process untrusted input without an HTTP request. Use guard() to pass inputs directly. See Guards.

The recommended path for an agentic workflow is to install a skill that gives your agent the documentation to integrate the Arcjet SDK, then connect to the Arcjet API via the CLI or MCP server to create sites, retrieve credentials, and verify decisions.

Skills

Section titled “Skills”

Skills are the primary entry point for setting up Arcjet in an agentic workflow. They give your agent the documentation to detect your framework, install the SDK, and wire up protection rules.

Install the Arcjet skills:

Terminal window
npx skills add arcjet/skills

The two canonical skills are:

  • add-request-protection — protect HTTP routes and API endpoints with rate limiting, bot detection, email validation, and shield.
  • add-guard-protection — protect non-HTTP code paths (AI agent tool calls, MCP tool handlers, queue workers, background jobs) with @arcjet/guard (JS/TS) or arcjet.guard (Python).

You can also install a single skill directly:

Terminal window
npx skills add arcjet/skills --skill add-request-protection
npx skills add arcjet/skills --skill add-guard-protection

Then describe what you want to protect. The skill handles the rest.

Source: github.com/arcjet/skills

Connect to the Arcjet API

Section titled “Connect to the Arcjet API”

Skills handle the SDK and rule integration in your code. To create sites, retrieve ARCJET_KEY, inspect requests, and manage remote rules, the agent needs to talk to the Arcjet API. There are two parallel support transports — pick whichever fits your working style:

  • Arcjet CLI — for agents and humans working in a terminal (Claude Code, Codex, plugin tasks, CI). No editor or MCP setup required.
  • MCP server — for online clients without shell access (ChatGPT, Claude Desktop) and editors with built-in MCP support (VS Code Copilot, Windsurf, Cursor).

Both transports expose the same management-plane surface. The sections below describe each path end to end.

Path A: Connect with the CLI

Section titled “Path A: Connect with the CLI”

The Arcjet CLI lets you manage sites, keys, and rules from your terminal:

Terminal window
npx -y @arcjet/cli@latest auth login
npx -y @arcjet/cli@latest teams list
npx -y @arcjet/cli@latest sites list --team-id team_01abc123
npx -y @arcjet/cli@latest sites get-key --site-id site_01abc123

For frequent use, install the binary so you can run arcjet <command> directly. See CLI install paths.

Set the key in the project environment:

# .env.local (Next.js, Astro) or .env (other frameworks)
ARCJET_KEY=ajkey_yourkey

Then continue with Install the SDK and Add protection below.

Path B: Connect with the MCP server

Section titled “Path B: Connect with the MCP server”

Use this path if you are using a tool with built-in MCP support (VS Code Copilot, Windsurf, ChatGPT, Claude Code, Claude Desktop, Cursor).

The Arcjet MCP server lets you manage your account directly from your AI coding tool. See MCP server setup for the per-client configuration steps.

OAuth authentication happens automatically on first connection — a browser window will open for the user to sign in.

Once connected, retrieve your site key with the MCP tools:

  1. Call list-teams to get available teams.
  2. Call list-sites with the team ID to find the site (or call create-site to create a new one).
  3. Call get-site-key with the site ID to retrieve the ARCJET_KEY.

Set the key in the project environment:

# .env.local (Next.js, Astro) or .env (other frameworks)
ARCJET_KEY=ajkey_yourkey
ARCJET_ENV=development

ARCJET_ENV is read by the Arcjet SDK in your local app to switch into development mode. It is not used by the MCP connection itself.

If the user doesn’t have an Arcjet account yet, direct them to app.arcjet.com to create one (free trial).

Install the SDK

Section titled “Install the SDK”

Detect the framework by checking the project files:

  • package.json — look for next, express, fastify, @nestjs/core, @sveltejs/kit, hono, @remix-run/node, react-router, astro, nuxt, or check if the runtime is Bun or Deno.
  • pyproject.toml / requirements.txt — look for fastapi or flask.

Then install the correct package:

FrameworkInstall command
Next.jsnpm i @arcjet/next
Expressnpm i @arcjet/node @arcjet/inspect
Node.jsnpm i @arcjet/node @arcjet/inspect
Node.js + Hononpm i @arcjet/node @arcjet/inspect
Fastifynpm i @arcjet/fastify
NestJSnpm i @arcjet/nest
SvelteKitnpm i @arcjet/sveltekit @arcjet/inspect
Remixnpm i @arcjet/remix @arcjet/inspect
React Routernpm i @arcjet/react-router @arcjet/inspect
Bunbun add @arcjet/bun @arcjet/inspect
Bun + Honobun add @arcjet/bun @arcjet/inspect
Denodeno add npm:@arcjet/deno npm:@arcjet/inspect
Nuxtnpx nuxt module add @arcjet/nuxt
Astronpx astro add @arcjet/astro
Python FastAPIpip install arcjet or uv add arcjet
Python Flaskpip install arcjet or uv add arcjet

Add protection

Section titled “Add protection”

Add Arcjet rules to protect the application. See the llms.txt file for complete, copy-paste code examples for every framework, including the rule parameter reference and decision API.

The typical setup is:

  1. Create an Arcjet client instance once, outside request handlers.
  2. Configure rules: shield (WAF), detectBot, rate limiting (tokenBucket, fixedWindow, or slidingWindow), and optionally sensitiveInfo or detectPromptInjection for AI apps.
  3. Call protect() inside each route handler and check decision.isDenied().
Section titled “Recommended rules by app type”
App typeRules
AI / LLM chatshield + detectBot + tokenBucket + sensitiveInfo + detectPromptInjection
Public APIshield + detectBot + fixedWindow or tokenBucket
Signup / login formshield + detectBot + validateEmail + slidingWindow
Internal / admin routeshield + filter (country/VPN blocking)
Any web appshield + detectBot (good baseline)

Verify

Section titled “Verify”

After adding protection and starting the app:

  1. Send a test request to a protected route.
  2. List recent requests via the CLI (arcjet requests list --site-id <id>) or the MCP list-requests tool to confirm requests are flowing to Arcjet.
  3. Inspect individual decisions via the CLI (arcjet requests details, arcjet requests explain) or the MCP tools (get-request-details, explain-decision).
  4. Use arcjet analyze traffic --site-id <id> (CLI) or analyze-traffic (MCP) for a dashboard-level overview of request patterns.
  5. Check the Arcjet dashboard for real-time request monitoring.

If requests are not appearing, verify that ARCJET_KEY and ARCJET_ENV are set correctly and that protect() is being called in the route handler.

Common agent prompts

Section titled “Common agent prompts”

These prompts work well when given to an AI coding agent with skills installed and either the CLI or MCP server connected (the Arcjet plugin is a bundled alternative for Claude Code and Cursor users):

  • “Protect my API routes with Arcjet” — adds shield, bot detection, and rate limiting to all API routes.
  • “Add rate limiting to my app” — adds a token bucket or fixed window rate limit.
  • “Set up bot protection” — blocks automated clients while allowing search engines.
  • “Add prompt injection detection to my AI chat endpoint” — adds detectPromptInjection with message scanning.
  • “Block sensitive data from reaching my LLM” — adds sensitiveInfo (JS) or detect_sensitive_info (Python) to scan for PII.
  • “Set up Arcjet security for my app” — full end-to-end setup with shield, bot detection, and rate limiting.
  • “Give me a security briefing for my site” — calls get-security-briefing to return traffic analysis, threat landscape, anomalies, and recommendations.
  • “Investigate this suspicious IP address” — calls investigate-ip for geo, threat intelligence, and request activity.
  • “What would happen if I promote my dry-run rules to live?” — calls get-dry-run-impact to show blocked requests, affected IPs, and false-positive risk.

See also

Section titled “See also”
  • Arcjet Plugin — bundled experience for Claude Code and Cursor users who prefer a single-command install that wires up MCP, skills, and coding rules together. Not the recommended first step for general agentic workflows, but a convenient alternative if you are already in one of those editors.

Reference

Section titled “Reference”
  • Quick start guide — framework-specific setup with full code examples
  • Guards — protect tool calls, queues, and agentic pipelines without an HTTP request
  • Arcjet CLI — manage sites, keys, and rules from the terminal
  • MCP server — full MCP tool reference and client setup
  • Arcjet Plugin — bundled experience for Claude Code and Cursor
  • llms.txt — machine-readable reference with all framework examples, rule parameters, and decision API
  • Remote rules — manage rules from the dashboard or MCP server without code changes
  • Best practices — recommended patterns and anti-patterns