Arcjet Plugin
The Arcjet plugin turns any supported AI coding agent into a security expert. It pre-loads agents with knowledge of the Arcjet security platform and automatically injects the right guidance based on what you’re working on — framework-specific SDK patterns, protection rules, and best practices.
Installation
Section titled “Installation”Install the plugin with a single command:
npx plugins add arcjet/arcjet-pluginnpx plugins add arcjet/arcjet-pluginThe plugin activates automatically after installation. There are no additional setup steps or commands to learn.
Prerequisites
Section titled “Prerequisites”- Claude Code or Cursor
- Node.js 18+
- An Arcjet account (free)
What the plugin provides
Section titled “What the plugin provides”The plugin includes four main components that work together to enhance your AI coding agent:
| Component | Description |
|---|---|
| MCP integration | Connects to the Arcjet MCP server for traffic analysis, request inspection, IP investigation, and remote rule management |
| Security-aware coding rules | Framework-specific guidance that auto-activates when you’re working in relevant files |
| Skills | Task-oriented workflows for implementing protection |
| Security analyst agent | Monitors threats, analyzes traffic patterns, and manages rules |
How it works
Section titled “How it works”After installing, the plugin detects what you’re working on from your tool calls, file paths, and project configuration, then injects the right expertise at the right time. You use your AI agent as you normally would and the plugin handles the rest.
Auto-activated rules
Section titled “Auto-activated rules”Guidance triggers automatically in specific contexts:
| Context | File patterns | What it provides |
|---|---|---|
| SDK patterns | **/lib/arcjet* | Single instance setup, protect() usage, decision handling |
| Next.js | app/**/route.ts, pages/api/** | Import validation, handler vs. component distinctions |
| Express / Node | **/server.ts | Adapter packages, configuration patterns |
| Python | **/*.py | Snake case API conventions, async/sync client handling |
| AI apps | **/chat/**, **/api/chat* | Layered protection, token budgets, PII blocking |
Skills
Section titled “Skills”Invoke skills directly within your AI coding agent:
| Skill | Purpose |
|---|---|
/arcjet:protect-route | Designed for web apps. Adds protection to route handlers with automatic framework detection |
/arcjet:add-ai-protection | Designed for AI apps. Implements prompt injection detection, PII blocking, and token budget rate limiting |
Supported frameworks
Section titled “Supported frameworks”The Arcjet Plugin supports all the languages and frameworks supported by the Arcjet SDKs:
JavaScript / TypeScript: Next.js, Express, Node.js, Fastify, NestJS, SvelteKit, Remix, React Router, Astro, Nuxt, Hono, Bun, Deno
Python: FastAPI, Flask
Using the plugin with MCP
Section titled “Using the plugin with MCP”The plugin connects to the Arcjet MCP server to give your agent access to your Arcjet account. When connected via OAuth, agents can:
- Inspect requests and explain allow/deny decisions
- Analyze traffic patterns and detect anomalies
- Investigate suspicious IPs with geolocation and threat intelligence
- Create and promote remote rules without code changes
- Generate security briefings
Source code
Section titled “Source code”The plugin is open source: github.com/arcjet/arcjet-plugin