Add Arcjet Guard Protection
Arcjet Guard provides rate limiting, prompt injection detection, sensitive information blocking, and custom rules for code paths that don't have an HTTP request — AI agent tool calls, MCP tool handlers, background job processors, queue workers, and similar.
Step 0: Set Up the Arcjet CLI
The Arcjet CLI is the primary tool for authenticating, managing sites, configuring remote rules, and monitoring traffic. Install it if not already available:
bash
# Via npx (no install required)
npx @arcjet/cli --help
# Or install globally via npm
npm install -g @arcjet/cli
# Or via Homebrew
brew install arcjet
Authenticate
Opens the browser for authentication. Check status with
.
Site & Key Setup
bash
# List your teams
arcjet teams list
# List sites for a team
arcjet sites list --team-id <team-id>
# Create a new site
arcjet sites create --team-id <team-id> --name "My Guard App" --confirm
# Get the SDK key for a site
arcjet sites get-key --site-id <site-id>
Add the key to your environment file (
,
, etc.) as
.
Step 1: Detect the Language and Install
Check the project for language indicators:
- → JavaScript/TypeScript →
npm install @arcjet/guard
- / → Python → (requires >= 0.7.0; Guard is included)
- , , , or other languages → Guard is not available. Tell the user that Arcjet Guard currently only supports JavaScript/TypeScript and Python. Do not create a hand-rolled imitation or hallucinate a package that doesn't exist. Suggest they reach out to Arcjet with their use case.
Step 2: Read the Language Reference
You must read the reference file for the detected language before writing any code. The references contain the exact imports, constructor signatures, rule configuration syntax, and guard() call patterns for that language.
- JavaScript/TypeScript: references/javascript.md
- Python: references/python.md
Do not guess at the API. The reference files are the source of truth for all code patterns.
Step 3: Create the Guard Client (Once, at Module Scope)
The client holds a persistent connection. Create it once at module scope and reuse it — never inside a function or per-call. Name the variable
.
Check if
is set in the environment file (
,
, etc.). If not, obtain the key in this priority order:
- CLI (preferred): Run
arcjet sites get-key --site-id <site-id>
- MCP: If the Arcjet MCP server is connected, use it to list sites and retrieve the key
- Manual (last resort): Add a placeholder and tell the user to get a key from https://app.arcjet.com
Step 4: Configure Rules at Module Scope
Rules are configured once as reusable factories, then called with per-invocation input. This two-phase pattern matters — the rule config carries a stable ID used for server-side aggregation, while the per-call input varies.
When configuring rate limit rules, set
to a descriptive name (e.g.
,
) for semantic clarity and fewer collisions.
Choosing Rules by Use Case
| Use case | Recommended rules |
|---|
| AI agent tool calls | + |
| MCP tool handlers | or + |
| Background AI task processor | + |
| Queue worker with user input | + + |
| Scanning tool results for injection | (scan the returned content) |
Step 5: Call guard() Inline Before Each Operation
Call
directly where each operation happens — inline in each tool handler, task processor, or function that needs protection. Do not wrap guard in a shared helper function.
- label: descriptive string for the dashboard (e.g. , )
- rules: array of bound rule invocations
- metadata (optional): key-value pairs for analytics/auditing (e.g. )
Rate limit rules take an explicit key string — use a user ID, session ID, API key, or any stable identifier.
You MUST modify the existing source files — adding the dependency to package.json/requirements.txt alone is not enough. The guard() calls must be integrated into the actual code.
Step 6: Handle Decisions
- → block the operation. Use per-rule result accessors (see reference) for specific error messages like retry-after times.
- → safe to proceed
See the language reference for the exact decision-checking pattern and per-rule result accessors.
Common Mistakes to Avoid
- Wrapping guard in a shared helper function — calling through a or wrapper hides which rules apply to each operation. Call inline where each operation happens.
- Creating the client per call — the client holds a persistent connection. Create it once at module scope.
- Configuring rules inside a function — rule configs carry stable IDs. Creating them per call breaks dashboard tracking and rate limit state.
- Forgetting the parameter on rate limit rules — without a key, Guard can't track per-user limits.
- Forgetting on rate limit rules — without a named bucket, different rules may collide.
- Using the HTTP SDK when there's no request — use / for non-HTTP code, not , , or .
- Not checking — always check before proceeding.
- Generic DENY messages — use per-rule result accessors to give users specific feedback like retry-after times.
Step 7: Verify Guard Decisions with the CLI (Coming Soon)
Note: The
CLI subcommand is not yet released. Once available, use this feedback loop to verify guard decisions are firing correctly.
After adding guard code, use the CLI to verify decisions are firing correctly. This creates a feedback loop: run the app, trigger a guard, inspect the decision, adjust if needed.
1. Start Watching
In a separate terminal, start streaming guard decisions:
bash
arcjet guards watch --site-id <site-id>
This polls for new guard decisions and prints them as they arrive. Use
to filter to denials only, or
for faster polling.
2. Trigger the Guard
Run the application and exercise the code paths that call
. Each call should produce a decision visible in the watch output.
3. Inspect Decisions
If a decision doesn't match expectations, inspect it:
bash
# List recent guard decisions
arcjet guards list --site-id <site-id>
# Get per-rule breakdown for a specific decision
arcjet guards details --site-id <site-id> --decision-id <decision-id>
The details view shows each rule execution, its mode (live/dry-run), conclusion, reason, and whether it was skipped — use this to diagnose why a guard allowed or denied unexpectedly.
4. Adjust and Repeat
If rules aren't firing as expected:
- Check the matches what appears in the decision
- Verify the is correct for rate limit rules (wrong key = wrong bucket)
- Confirm the name is unique per rule
- Check rule ordering — rules execute in array order and a DENY from an earlier rule short-circuits later ones
Then re-run and watch again until decisions match expectations.
CLI Quick Reference
| Task | Command |
|---|
| Install/run CLI | or |
| Authenticate | |
| Check auth status | |
| List teams | |
| List sites | arcjet sites list --team-id <id>
|
| Create site | arcjet sites create --team-id <id> --name "Name" --confirm
|
| Get SDK key | arcjet sites get-key --site-id <id>
|
| Watch guard decisions | arcjet guards watch --site-id <id>
|
| List guard decisions | arcjet guards list --site-id <id>
|
| Guard decision details | arcjet guards details --site-id <id> --decision-id <id>
|
Global Flags
All commands support:
- — output format (default: text on TTY, json otherwise)
- — comma-separated fields to include in JSON output
- — disable ANSI colors (also honors env var)
- — max execution time (e.g. , ; 0 disables)
Exit Codes
| Code | Meaning |
|---|
| 0 | Success |
| 1 | General error (unknown command, API failure, network error) |
| 2 | Authentication error (not logged in, token expired) |
| 3 | Input validation error (invalid ID, value out of range) |
| 4 | Confirmation required (mutation needs ) |