Arcjet MCP server

Arcjet is the runtime security platform that ships with your code. Enforce budgets, stop prompt injection, detect bots, and protect personal information with Arcjet’s AI security building blocks.

The Arcjet MCP server gives AI coding assistants the skills of a security engineer. By connecting to the Arcjet MCP server, your AI coding tools can:

List teams you belong to.
List sites within a team.
Create new sites within a team.
Get site keys (ARCJET_KEY) for use in your projects.
List requests received by a site with optional filtering.
Explain decisions to understand why requests were allowed or denied.
Get request details including headers, rules executed, and decision info.
Get site quota usage and limits for the current billing window.
Analyze traffic patterns, denial rates, top paths, and top IPs.
Detect anomalies by comparing current traffic to the previous period.
Investigate IPs with geo, threat intelligence, and request activity.
Get dry-run impact analysis before promoting rules to live.
Get a security briefing combining traffic, threats, anomalies, and recommendations.
List remote rules configured for a site.
Create remote rules with DRY_RUN or LIVE mode — configure rules with no code changes needed.
Update remote rules by replacing the full rule configuration.
Delete remote rules to immediately stop evaluation.
Promote remote rules from DRY_RUN to LIVE after verification.

The MCP server is available at:

https://api.arcjet.com/mcp

It implements the latest MCP Authorization and Streamable HTTP specifications with OAuth-based authentication.

Supported clients

Any client that supports the latest MCP specification with Streamable HTTP transport and OAuth authorization is supported. This includes:

ChatGPT
Claude Code
Claude Desktop
Cursor
VS Code with Copilot
Windsurf
Many others that implement the MCP specification.

Setup

ChatGPT

In ChatGPT, go to Settings.
Navigate to Connectors and select Add connection.
Enter https://api.arcjet.com/mcp as the server URL.
Select OAuth for authentication.
Click Create.

ChatGPT handles the OAuth flow automatically.

Claude Code

claude mcp add arcjet --transport http https://api.arcjet.com/mcp

Claude Code will open a browser for OAuth authentication on first connection. Once authenticated, you can use the /mcp command to verify the connection.

Claude Desktop

Open Settings in the sidebar.
Navigate to Connectors and select Add custom connector.
Configure the connector:
- Name: Arcjet
- URL: https://api.arcjet.com/mcp

Cursor

Add to .cursor/mcp.json in your project:

{
  "mcpServers": {
    "arcjet": {
      "type": "streamable-http",
      "url": "https://api.arcjet.com/mcp"
    }
  }
}

After adding the server, Cursor will show a Needs login prompt. Click it to authorize Cursor to access your Arcjet account.

VS Code with Copilot

Add to your .vscode/mcp.json in your project or user settings:

{
  "servers": {
    "arcjet": {
      "type": "http",
      "url": "https://api.arcjet.com/mcp"
    }
  }
}

Or add it via the command palette:

Open the Command Palette (Ctrl+Shift+P on Windows/Linux or Cmd+Shift+P on macOS).
Run MCP: Add Server.
Select HTTP.
Enter the URL: https://api.arcjet.com/mcp
Enter the name: Arcjet
Select Workspace or User depending on your preference.

VS Code will prompt you to authenticate via OAuth on first use.

Windsurf

Add to your mcp_config.json file:

{
  "mcpServers": {
    "arcjet": {
      "serverUrl": "https://api.arcjet.com/mcp"
    }
  }
}

For more details, see the Windsurf MCP documentation.

Available tools

Once connected, the following tools are available to your AI assistant:

list-teams — Lists teams the authenticated user belongs to.
list-sites — Lists sites within a specified team.
create-site — Creates a new site within a specified team.
get-site-key — Returns the SDK key (ARCJET_KEY) for a specific site.
list-requests — Lists recent requests for a site. Supports filtering by conclusion (ALLOW, DENY, ERROR) and pagination.
get-request-details — Returns full details for a specific request including headers, rules executed, and decision information.
explain-decision — Explains why Arcjet allowed or denied a specific request. Returns a natural language summary, per-rule breakdown, and suggested next steps.
get-site-quota — Returns quota usage and limits for a site in the current billing window.
analyze-traffic — Analyzes request traffic over a time period. Returns total requests, denials, denial rate, top paths, top IPs, top denial reasons, and trend vs the previous period.
get-anomalies — Detects unusual security patterns by comparing current traffic to the previous period. Identifies traffic spikes, geographic shifts, new threat activities, new bot signatures, risk escalation, and suspicious IP patterns.
investigate-ip — Investigates an IP address in the context of a site. Returns geo location, threat intelligence (network type, threat activities, entity classification, risk level), and the IP’s recent request activity (conclusion breakdown, denial reasons, targeted paths, daily timeline).
get-dry-run-impact — Analyzes what would happen if dry-run rules were promoted to live. Shows how many currently-allowed requests would have been blocked by each rule type, which IPs would be most affected, and a false-positive estimate.
get-security-briefing — Returns a comprehensive security briefing: active rules summary, traffic analysis, threat intelligence, anomaly detection, dry-run promotion readiness, quota status, and prioritized actionable recommendations. Designed for daily consumption.
list-rules — Lists all remote rules configured for a site with their ID, type, mode, and configuration summary.
create-rule — Creates a new remote rule for a site. Supports rate limit, bot, shield, and filter rule types.
update-rule — Replaces an existing remote rule configuration. All fields must be provided (full replacement).
delete-rule — Deletes a remote rule, immediately stopping it from being evaluated.
promote-rule — Promotes a remote rule from DRY_RUN to LIVE mode after verification.

Remote rules

Remote rules are managed through the MCP server or the Arcjet dashboard — no code changes or redeployment needed. They apply globally to all requests for a site. Only rate_limit, bot, shield, and filter rule types are supported as remote rules. Rules that need parsed request body content (email, sensitive_info, prompt_injection) require the SDK.

The most common use case for remote rules is responding to an active attack. For example, if you notice suspicious traffic from a specific country, VPN, or IP address, you can create a filter rule to block it immediately without deploying new code:

Use list-requests to investigate the suspicious traffic and identify patterns (e.g. a specific country, IP range, or VPN usage).
Use create-rule to add a filter rule in DRY_RUN mode to verify it matches the right traffic. For example, block a specific country: ip.src.country == "XX" (ISO 3166-1 alpha-2 country code e.g. US, CN, RU), block VPN traffic: ip.src.vpn, or block an IP range: ip.src in { 1.2.3.0/24 }.
Use list-requests again to confirm the rule is matching the expected traffic without blocking legitimate users.
Use promote-rule to switch the rule from DRY_RUN to LIVE, immediately blocking the attack traffic.
Once the attack subsides, use delete-rule to remove the block.

Security monitoring

Use the analysis tools to maintain ongoing security awareness:

Daily briefing: Call get-security-briefing periodically to get a comprehensive overview of your site’s security posture — traffic trends, threat landscape, anomalies, dry-run readiness, quota status, and prioritized recommendations — all in a single call.
Traffic analysis: Use analyze-traffic to understand request patterns, denial rates, top paths, and top IPs. This provides the same data as the Arcjet dashboard analytics.
Anomaly detection: Use get-anomalies to detect unusual patterns by comparing current traffic to the previous period — traffic spikes, geographic shifts, new threat activities, or suspicious IP behavior.
IP investigation: When you identify a suspicious IP (from analyze-traffic or list-requests), use investigate-ip to get full context: geo location, threat intelligence, and the IP’s complete request activity on your site.
Dry-run validation: Before promoting a rule from DRY_RUN to LIVE, use get-dry-run-impact to see exactly how many currently-allowed requests would be blocked, which IPs are most affected, and a false-positive risk estimate.

Usage examples

Investigate and block suspicious traffic

“I’m seeing a spike in denied requests on my site. Can you investigate what’s happening and help me block the source?”

The assistant will call analyze-traffic to identify the spike, then list-requests filtered to DENY to surface the top offending IPs. It uses investigate-ip to pull threat intelligence for each IP, then suggests a filter rule. Using create-rule, it creates the rule in DRY_RUN mode so you can verify the match before calling promote-rule to go live.

Get a daily security briefing

“Give me a security briefing for my production site.”

The assistant calls list-teams and list-sites to locate your production site, then calls get-security-briefing. It returns a summary covering active rules, traffic trends vs. the previous period, anomaly detection, threat intelligence highlights, dry-run promotion readiness, quota status, and prioritized recommendations you can act on immediately.

Set up bot protection without redeploying

“Add bot protection to my marketing site — start in dry-run mode so I can check it’s not blocking real users.”

The assistant calls list-teams and list-sites to find the site, then create-rule to add a bot rule with mode: DRY_RUN configured to block automated traffic. After traffic flows through, you can ask the assistant to call get-dry-run-impact to see how many requests would have been blocked and estimate false-positive risk, then promote-rule to switch the rule to LIVE when you’re satisfied.

Authentication

The MCP server uses OAuth for authentication. When you first connect from any supported client, you will be redirected to sign in with your Arcjet account. Once authenticated, your AI assistant can securely access your account resources.

Security

Verify the endpoint — always confirm you are connecting to https://api.arcjet.com/mcp.
Review tool calls — enable confirmation prompts in your AI client so you can review actions before they execute.
Trusted clients only — only connect from AI clients you trust. Connecting grants the AI tool the same access as your Arcjet account.

Privacy and support

Privacy policy: arcjet.com/privacy
Support: support@arcjet.com or join our Discord. See our support page for more details.