Arcjet MCP server

Arcjet is the runtime security platform that ships with your code. Enforce budgets, stop prompt injection, detect bots, and protect personal information with Arcjet’s AI security building blocks.

The Arcjet MCP server is one of two transports that connects Arcjet skills to the Arcjet API — the other being the Arcjet CLI. The MCP server is the right choice for AI coding tools without shell access (ChatGPT, Claude Desktop) and editors with built-in MCP support (VS Code Copilot, Windsurf, Cursor); the CLI is the right choice when you are working in a terminal session.

Both transports expose the same management-plane surface — teams, sites, keys, requests, decisions, traffic analysis, anomaly detection, IP investigation, security briefings, and remote rule management. See Available tools for the full reference.

The MCP server is available at:

https://api.arcjet.com/mcp

It implements the latest MCP Authorization and Streamable HTTP specifications with OAuth-based authentication.

Supported clients

Any client that supports the latest MCP specification with Streamable HTTP transport and OAuth authorization is supported. This includes:

• ChatGPT
• Claude Code
• Claude Desktop
• Cursor
• VS Code with Copilot
• Windsurf
• Many others that implement the MCP specification.

Setup

ChatGPT

1. In ChatGPT, go to Settings.
2. Navigate to Connectors and select Add connection.
3. Enter https://api.arcjet.com/mcp as the server URL.
4. Select OAuth for authentication.
5. Click Create.

ChatGPT handles the OAuth flow automatically.

Claude Code

claude mcp add arcjet --transport http https://api.arcjet.com/mcp

Claude Code will open a browser for OAuth authentication on first connection. Once authenticated, you can use the /mcp command to verify the connection.

Claude Desktop

Remote MCP connections are available on Claude Desktop for users on Pro, Max, Team, and Enterprise plans.

1. Open Settings in the sidebar.
2. Navigate to Connectors and select Add custom connector.
3. Configure the connector:
   • Name: Arcjet
   • URL: https://api.arcjet.com/mcp

Cursor

Add to .cursor/mcp.json in your project:

{

  "mcpServers": {

    "arcjet": {

      "type": "streamable-http",

      "url": "https://api.arcjet.com/mcp"

    }

  }

}

After adding the server, Cursor will show a Needs login prompt. Click it to authorize Cursor to access your Arcjet account.

VS Code with Copilot

Add to your .vscode/mcp.json in your project or user settings:

{

  "servers": {

    "arcjet": {

      "type": "http",

    }

  }

}

Or add it via the command palette:

1. Open the Command Palette (Ctrl+Shift+P on Windows/Linux or Cmd+Shift+P on macOS).
2. Run MCP: Add Server.
3. Select HTTP.
4. Enter the URL: https://api.arcjet.com/mcp
5. Enter the name: Arcjet
6. Select Workspace or User depending on your preference.

VS Code will prompt you to authenticate via OAuth on first use.

Windsurf

Add to your mcp_config.json file:

{

    "arcjet": {

      "serverUrl": "https://api.arcjet.com/mcp"

    }

  }

}

For more details, see the Windsurf MCP documentation.

Available tools

Once connected, the following tools are available to your AI assistant:

• list-teams — Lists teams the authenticated user belongs to.
• list-sites — Lists sites within a specified team.
• create-site — Creates a new site within a specified team.
• get-site-key — Returns the SDK key (ARCJET_KEY) for a specific site.
• list-requests — Lists recent requests for a site. Supports filtering by conclusion (ALLOW, DENY, ERROR) and pagination.
• get-request-details — Returns full details for a specific request including headers, rules executed, and decision information.
• explain-decision — Explains why Arcjet allowed or denied a specific request. Returns a natural language summary, per-rule breakdown, and suggested next steps.
• get-site-quota — Returns quota usage and limits for a site in the current billing window.
• analyze-traffic — Analyzes request traffic over a time period. Returns total requests, denials, denial rate, top paths, top IPs, top denial reasons, and trend vs the previous period.
• get-anomalies — Detects unusual security patterns by comparing current traffic to the previous period. Identifies traffic spikes, geographic shifts, new threat activities, new bot signatures, risk escalation, and suspicious IP patterns.
• investigate-ip — Investigates an IP address in the context of a site. Returns geo location, threat intelligence (network type, threat activities, entity classification, risk level), and the IP’s recent request activity (conclusion breakdown, denial reasons, targeted paths, daily timeline).
• get-dry-run-impact — Analyzes what would happen if dry-run rules were promoted to live. Shows how many currently-allowed requests would have been blocked by each rule type, which IPs would be most affected, and a false-positive estimate.
• get-security-briefing — Returns a comprehensive security briefing: active rules summary, traffic analysis, threat intelligence, anomaly detection, dry-run promotion readiness, quota status, and prioritized actionable recommendations. Designed for daily consumption.
• list-rules — Lists all remote rules configured for a site with their ID, type, mode, and configuration summary.
• create-rule — Creates a new remote rule for a site. Supports rate limit, bot, shield, and filter rule types.
• update-rule — Replaces an existing remote rule configuration. All fields must be provided (full replacement).
• delete-rule — Deletes a remote rule, immediately stopping it from being evaluated.
• promote-rule — Promotes a remote rule from DRY_RUN to LIVE mode after verification.

Remote rules

Remote rules are managed through the MCP server or the Arcjet dashboard — no code changes or redeployment needed. They apply globally to all requests for a site. Only rate_limit, bot, shield, and filter rule types are supported as remote rules. Rules that need parsed request body content (email,sensitive_info, prompt_injection) require the SDK.

See the remote rules documentation for the full reference, including how remote rules are evaluated alongside SDK rules and when to use each.

The most common use case for remote rules is responding to an active attack. For example, if you notice suspicious traffic from a specific country, VPN, or IP address, you can create a filter rule to block it immediately without deploying new code:

1. Use list-requests to investigate the suspicious traffic and identify patterns (e.g. a specific country, IP range, or VPN usage).
2. Use create-rule to add a filter rule in DRY_RUN mode to verify it matches the right traffic. For example, block a specific country:ip.src.country == "XX" (ISO 3166-1 alpha-2 country code e.g. US, CN,RU), block VPN traffic: ip.src.vpn, or block an IP range:ip.src in { 1.2.3.0/24 }.
3. Use list-requests again to confirm the rule is matching the expected traffic without blocking legitimate users.
4. Use promote-rule to switch the rule from DRY_RUN to LIVE, immediately blocking the attack traffic.
5. Once the attack subsides, use delete-rule to remove the block.

Security monitoring

Use the analysis tools to maintain ongoing security awareness:

• Daily briefing: Call get-security-briefing periodically to get a comprehensive overview of your site’s security posture — traffic trends, threat landscape, anomalies, dry-run readiness, quota status, and prioritized recommendations — all in a single call.
• Traffic analysis: Use analyze-traffic to understand request patterns, denial rates, top paths, and top IPs. This provides the same data as the Arcjet dashboard analytics.
• Anomaly detection: Use get-anomalies to detect unusual patterns by comparing current traffic to the previous period — traffic spikes, geographic shifts, new threat activities, or suspicious IP behavior.
• IP investigation: When you identify a suspicious IP (from analyze-trafficor list-requests), use investigate-ip to get full context: geo location, threat intelligence, and the IP’s complete request activity on your site.
• Dry-run validation: Before promoting a rule from DRY_RUN to LIVE, useget-dry-run-impact to see exactly how many currently-allowed requests would be blocked, which IPs are most affected, and a false-positive risk estimate.

Usage examples

Investigate and block suspicious traffic

“I’m seeing a spike in denied requests on my site. Can you investigate what’s happening and help me block the source?”

The assistant will call analyze-traffic to identify the spike, thenlist-requests filtered to DENY to surface the top offending IPs. It usesinvestigate-ip to pull threat intelligence for each IP, then suggests a filter rule. Using create-rule, it creates the rule in DRY_RUNmode so you can verify the match before calling promote-rule to go live.

Get a daily security briefing

“Give me a security briefing for my production site.”

The assistant calls list-teams and list-sites to locate your production site, then calls get-security-briefing. It returns a summary covering active rules, traffic trends vs. the previous period, anomaly detection, threat intelligence highlights, dry-run promotion readiness, quota status, and prioritized recommendations you can act on immediately.

Set up bot protection without redeploying

“Add bot protection to my marketing site — start in dry-run mode so I can check it’s not blocking real users.”

The assistant calls list-teams and list-sites to find the site, thencreate-rule to add a bot rule with mode: DRY_RUN configured to block automated traffic. After traffic flows through, you can ask the assistant to callget-dry-run-impact to see how many requests would have been blocked and estimate false-positive risk, then promote-rule to switch the rule to LIVEwhen you’re satisfied.

Authentication

The MCP server uses OAuth for authentication. When you first connect from any supported client, you will be redirected to sign in with your Arcjet account. Once authenticated, your AI assistant can securely access your account resources.

Security

• Verify the endpoint — always confirm you are connecting tohttps://api.arcjet.com/mcp.
• Review tool calls — enable confirmation prompts in your AI client so you can review actions before they execute.
• Trusted clients only — only connect from AI clients you trust. Connecting grants the AI tool the same access as your Arcjet account.

See also

• Agent get started — canonical entry point for setting up Arcjet in an agentic workflow.
• Arcjet CLI — sibling support transport for terminal-based workflows.
• Arcjet Plugin — bundled experience for Claude Code and Cursor users that wires up MCP, skills, and coding rules together.

Privacy and support

• Privacy policy: arcjet.com/privacy
• Support: [email protected] or join our Discord. See our support page for more details.

Discussion