Arcjet Plugin
Arcjet is the runtime security platform that ships with your code. Enforce budgets, stop prompt injection, detect bots, and protect personal information with Arcjet’s AI security building blocks.
The Arcjet plugin is a bundled experience for Claude Code and Cursor users who prefer a single-command install that wires up MCP, skills, and security-aware coding rules together.
The plugin pre-loads agents with knowledge of the Arcjet security platform and automatically injects the right guidance based on what you’re working on — framework-specific SDK patterns, protection rules, and best practices.
Installation
Section titled “Installation”Install the plugin with a single command:
npx plugins add arcjet/arcjet-pluginThe same command works in both Claude Code and Cursor. The plugin activates automatically after installation. There are no additional setup steps or commands to learn.
Prerequisites
Section titled “Prerequisites”- Claude Code or Cursor
- Node.js 18+
- An Arcjet account (free)
What the plugin provides
Section titled “What the plugin provides”The plugin includes four main components that work together to enhance your AI coding agent:
| Component | Description |
|---|---|
| MCP integration | Connects to the Arcjet MCP server for traffic analysis, request inspection, IP investigation, and remote rule management |
| Security-aware coding rules | Framework-specific guidance that auto-activates when you’re working in relevant files |
| Skills | Task-oriented workflows for implementing protection |
| Security analyst agent | Monitors threats, analyzes traffic patterns, and manages rules |
How it works
Section titled “How it works”After installing, the plugin detects what you’re working on from your tool calls, file paths, and project configuration, then injects the right expertise at the right time. You use your AI agent as you normally would and the plugin handles the rest.
Auto-activated rules
Section titled “Auto-activated rules”Guidance triggers automatically in specific contexts:
| Context | File patterns | What it provides |
|---|---|---|
| SDK patterns | **/lib/arcjet* | Single instance setup, protect() usage, decision handling |
| Next.js | app/**/route.ts, pages/api/** | Import validation, handler vs. component distinctions |
| Express / Node | **/server.ts | Adapter packages, configuration patterns |
| Python | **/*.py | Snake case API conventions, async/sync client handling |
| AI apps | **/chat/**, **/api/chat* | Layered protection, token budgets, PII blocking |
Skills
Section titled “Skills”Invoke skills directly within your AI coding agent:
| Skill | Purpose |
|---|---|
/arcjet:add-request-protection | Add protection to HTTP route handlers and API endpoints — rate limiting, bot detection, email validation, and shield. |
/arcjet:add-guard-protection | Protect non-HTTP code paths (AI tool calls, MCP handlers, queue workers, background jobs) via @arcjet/guard / arcjet.guard. |
The previous skill names — /arcjet:protect-route and /arcjet:add-ai-protection — remain as deprecated aliases that emit a diagnostic on use. Migrate to the canonical names above.
The plugin’s skills track the canonical arcjet/skills package, which is the source of truth. You can install the same skills outside the plugin with npx skills add arcjet/skills.
Supported frameworks
Section titled “Supported frameworks”The Arcjet Plugin supports all the languages and frameworks supported by the Arcjet SDKs:
JavaScript / TypeScript: Next.js, Express, Node.js, Fastify, NestJS, SvelteKit, Remix, React Router, Astro, Nuxt, Hono, Bun, Deno
Python: FastAPI, Flask
Using the plugin with MCP
Section titled “Using the plugin with MCP”The plugin connects to the Arcjet MCP server to give your agent access to your Arcjet account. When connected via OAuth, agents can:
- Inspect requests and explain allow/deny decisions
- Analyze traffic patterns and detect anomalies
- Investigate suspicious IPs with geolocation and threat intelligence
- Create and promote remote rules without code changes
- Generate security briefings
Using the plugin with the CLI
Section titled “Using the plugin with the CLI”The plugin invokes the Arcjet CLI to stream live request activity into your agent’s context — for example when you ask the agent to watch traffic on a site or investigate recent requests. The CLI exposes the same management- plane surface as the MCP server (teams, sites, rules, requests, analysis) directly from the terminal.
See also
Section titled “See also”- Agent get started — canonical entry point for setting up Arcjet in an agentic workflow.
- Arcjet CLI — terminal-based management-plane access.
- MCP server — full MCP tool reference.
Source code
Section titled “Source code”The plugin is open source: github.com/arcjet/arcjet-plugin