{"id":50947355,"url":"https://github.com/arcjet/arcjet-plugin","last_synced_at":"2026-06-17T21:32:25.026Z","repository":{"id":354689243,"uuid":"1205236306","full_name":"arcjet/arcjet-plugin","owner":"arcjet","description":"This plugin makes your AI coding agent an Arcjet security expert.","archived":false,"fork":false,"pushed_at":"2026-05-21T19:57:47.000Z","size":94,"stargazers_count":1,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-05-22T05:03:52.607Z","etag":null,"topics":["ai-skills","claude-code","claude-code-plugin","claude-plugin","claude-skills","cursor-plugin","cursor-rules","open-plugins","security"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/arcjet.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-04-08T19:13:02.000Z","updated_at":"2026-05-21T19:58:22.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/arcjet/arcjet-plugin","commit_stats":null,"previous_names":["arcjet/arcjet-plugin"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/arcjet/arcjet-plugin","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/arcjet%2Farcjet-plugin","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/arcjet%2Farcjet-plugin/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/arcjet%2Farcjet-plugin/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/arcjet%2Farcjet-plugin/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/arcjet","download_url":"https://codeload.github.com/arcjet/arcjet-plugin/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/arcjet%2Farcjet-plugin/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34466928,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-17T02:00:05.408Z","response_time":127,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai-skills","claude-code","claude-code-plugin","claude-plugin","claude-skills","cursor-plugin","cursor-rules","open-plugins","security"],"created_at":"2026-06-17T21:32:24.327Z","updated_at":"2026-06-17T21:32:25.018Z","avatar_url":"https://github.com/arcjet.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Arcjet Plugin for AI Coding Agents\n\n[Arcjet](https://arcjet.com) is the runtime security platform that ships with your code. Enforce budgets, stop prompt injection, detect bots, and protect personal information with Arcjet's AI security building blocks.\n\nThe [Arcjet plugin](https://github.com/arcjet/arcjet-plugin) turns any supported AI coding agent into a security expert. It pre-loads agents with knowledge of the Arcjet security platform and automatically injects the right guidance based on what you're working on — framework-specific SDK patterns, protection rules, and best practices.\n\n- **MCP integration** — connects to the [Arcjet MCP Server](https://docs.arcjet.com/mcp-server) for traffic analysis, request inspection, IP investigation, and remote rule management\n- **CLI integration** — invokes the [Arcjet CLI](https://docs.arcjet.com/cli) for authentication, site/key setup, live request streaming, and remote rule management\n- **Security-aware coding rules** — framework-specific guidance activates automatically when you work in route handlers, API endpoints, and AI/LLM code\n- **Skills** — task-oriented workflow sourced from [arcjet/skills](https://github.com/arcjet/skills) for adding protection to any code path (HTTP routes and non-HTTP code)\n- **Security analyst agent** — investigates threats, analyzes traffic, and manages rules via MCP\n\n## Installation\n\n```bash\nnpx plugins add arcjet/arcjet-plugin\n```\n\nThat's it. The plugin activates automatically — security guidance appears when you're working in route handlers, API endpoints, and AI/LLM code.\n\nYou can also point your agent at the [agent get started documentation](https://docs.arcjet.com/agent-get-started).\n\n### Arcjet CLI\n\nThe plugin invokes the Arcjet CLI for authentication, site management, and live request streaming. Install it via any of:\n\n1. `npx -y @arcjet/cli@latest \u003ccommand\u003e` — no install required, works on macOS, Linux, and Windows\n2. `brew install arcjet` — Homebrew tap\n3. `curl -sSfL https://arcjet.com/cli/install.sh | bash` — install script\n4. [GitHub Releases archive](https://github.com/arcjet/arcjet-cli/releases) — for internal redistribution and air-gapped environments\n\n## How It Works\n\nAfter installing, guidance activates automatically. The plugin detects what you're working on and injects Arcjet expertise. Just use your AI agent as you normally would.\n\n### Skills\n\nThe plugin's skills are sourced from [arcjet/skills](https://github.com/arcjet/skills), the canonical agent skills surface for Arcjet.\n\n| Skill     | Purpose                                                                                                                                                                               |\n| --------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |\n| `/arcjet` | Add Arcjet security protection to any code path — HTTP route handlers, API endpoints, AI agent tool calls, MCP servers, background jobs, and queue workers. The unified Arcjet skill. |\n\n#### Deprecated aliases\n\nThe previous skill names are kept as deprecation aliases. Invoking them tells the user the new name and then proceeds with the canonical workflow — existing prompts, prompts in saved transcripts, and project-local references continue to work.\n\n| Deprecated alias                 | Replacement |\n| -------------------------------- | ----------- |\n| `/arcjet:add-request-protection` | `/arcjet`   |\n| `/arcjet:add-guard-protection`   | `/arcjet`   |\n| `/arcjet:protect-route`          | `/arcjet`   |\n| `/arcjet:add-ai-protection`      | `/arcjet`   |\n\n### Rules (auto-activated)\n\nRules provide passive guidance that activates when you work in matching files:\n\n| Rule         | Activates on                                         | Guidance                                                                        |\n| ------------ | ---------------------------------------------------- | ------------------------------------------------------------------------------- |\n| SDK patterns | `**/lib/arcjet*`, `**/arcjet*`                       | Single instance, `protect()` in handlers, `withRule()`, decision handling       |\n| Next.js      | `app/**/route.ts`, `app/**/page.tsx`, `pages/api/**` | Correct imports, route handlers vs pages vs server components, no middleware    |\n| Express/Node | `**/server.ts`, `**/routes/**`                       | Correct adapter packages, no `app.use()` middleware, proxy config               |\n| Python       | `**/*.py`, `pyproject.toml`                          | Snake_case API, enum values, async vs sync clients                              |\n| AI apps      | `**/chat/**`, `**/api/chat*`, `**/api/completion*`   | Layered protection, token budgets, PII blocking, prompt injection               |\n| CLI          | `**/lib/arcjet*`, `**/arcjet*`, `**/.env*`           | When to use the CLI vs MCP, `npx -y @arcjet/cli@latest` invocation, agent flags |\n\n### MCP Tools\n\nWhen connected, your agent can use the [Arcjet MCP server](https://docs.arcjet.com/mcp-server) to:\n\n- Inspect requests and explain allow/deny decisions\n- Analyze traffic patterns and detect anomalies\n- Investigate suspicious IPs (geolocation, threat intelligence)\n- Create, test, and promote remote rules without code changes\n- Generate security briefings\n\nThe MCP server connects automatically via OAuth when the plugin is installed. You can also connect it manually from `https://api.arcjet.com/mcp`\n\n### CLI\n\nThe plugin uses the [Arcjet CLI](https://docs.arcjet.com/cli) for capabilities that benefit from a real terminal session:\n\n- **Authentication and site/key setup** — `arcjet auth login`, `arcjet teams list`, `arcjet sites list/create/get-key`. The CLI is the primary way to bootstrap a new project's `ARCJET_KEY`.\n- **Live request streaming** — `arcjet watch --site-id \u003cid\u003e` is invoked by the security analyst agent during active incident response, when polling `list-requests` over MCP would be too coarse.\n- **Remote rule management** — `arcjet rules create/list/promote/update/delete` for managing rules without code changes or redeployment.\n\nNo install is required. Commands are invoked as `npx -y @arcjet/cli@latest \u003ccommand\u003e`, which works on macOS, Linux, and Windows. If a local `arcjet` binary is on `PATH` (Homebrew, install script, GitHub Releases archive), the plugin uses it directly. CLI authentication uses the same browser-based device flow as `gh auth login` or `vercel login`.\n\nRead-side analysis and rule inspection over a structured tool interface remain available on the MCP server.\n\n### Security Analyst Agent\n\nThe security analyst agent uses MCP tools for monitoring and incident response:\n\n- Traffic analysis and threat detection\n- Remote rule management (DRY_RUN -\u003e verify -\u003e LIVE)\n- IP investigation and blocking recommendations\n- Structured security reports with prioritized action items\n\n## Frameworks Supported\n\nArcjet provides SDKs for:\n\n**JavaScript/TypeScript:** Next.js, Express, Node.js, Fastify, NestJS, SvelteKit, Remix, React Router, Astro, Nuxt, Hono, Bun, Deno\n\n**Python:** FastAPI, Flask\n\n## Prerequisites\n\n- [Arcjet account](https://app.arcjet.com)\n- An AI coding tool\n\n## Links\n\n- [Documentation](https://docs.arcjet.com)\n- [AI agent guide](https://docs.arcjet.com/agent-get-started)\n- [Bot list](https://arcjet.com/bot-list)\n- [Pricing](https://arcjet.com/pricing)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Farcjet%2Farcjet-plugin","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Farcjet%2Farcjet-plugin","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Farcjet%2Farcjet-plugin/lists"}