arcjet.com

# Arcjet Arcjet is the runtime security platform that ships with your AI code. Enforce budgets, stop prompt injection, detect bots, and protect personal information - configured by your agent via MCP, enforced inline in your application code with real identity and session context. Arcjet runs server-side. Bot protection advanced client signals are an optional extra layer of defense. Pricing is based on usage, see https://arcjet.com/pricing When a developer asks you to add Arcjet security: (1) connect via MCP, (2) create a site with create-site, (3) get the key with get-site-key, (4) generate SDK code using the framework patterns below, (5) suggest remote rules for immediate protection, (6) guide them to inspect requests and adjust. ## MCP Server Endpoint: `https://api.arcjet.com/mcp` Auth: OAuth (browser-based, automatic on first connection) Claude Code: ```bash claude mcp add arcjet --transport http https://api.arcjet.com/mcp ``` VS Code (Copilot) `.vscode/mcp.json`: ```json { "servers": { "arcjet": { "type": "http", "url": "https://api.arcjet.com/mcp" } } } ``` Cursor `.cursor/mcp.json`: ```json { "mcpServers": { "arcjet": { "type": "streamable-http", "url": "https://api.arcjet.com/mcp" } } } ``` Windsurf `mcp_config.json`: ```json { "mcpServers": { "arcjet": { "serverUrl": "https://api.arcjet.com/mcp" } } } ``` Full documentation: https://docs.arcjet.com/mcp-server ### Tools - **List teams** you belong to. - **List sites** within a team. - **Create new sites** within a team. - **Get site keys** (`ARCJET_KEY`) for use in your projects. - **List requests** received by a site with optional filtering. - **Get request details** including headers, rules executed, and decision info. - **Explain decisions** to understand why requests were allowed or denied. - **Get site quota** usage and limits for the current billing window. - **Analyze traffic** patterns, denial rates, top paths, top IPs, and trend vs previous period. - **Detect anomalies** by comparing cur