You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
feat(skills): migrate to canonical names with deprecated aliases (#6)
* feat(skills): migrate to canonical names with deprecated aliases
Rename plugin skills to match the canonical names in arcjet/skills:
- New skills/add-request-protection/ — canonical HTTP route protection
skill, replacing protect-route and the HTTP slice of add-ai-protection.
Includes integrated CLI workflows for auth, site/key setup, decision
verification (arcjet watch), and remote rule management.
- skills/add-guard-protection/ synced with the canonical version,
including refreshed references/javascript.md and references/python.md.
- skills/protect-route/ and skills/add-ai-protection/ are now deprecation
alias stubs (frontmatter metadata.internal: true). Invoking either tells
the user the canonical replacement and then proceeds with the canonical
skill, so existing prompts and saved transcripts continue to work.
Also updates README to list canonical skills, link arcjet/skills as the
source of truth, document the CLI install order (npx, brew, install
script, GitHub Releases), and drop the obsolete claim that arcjet skills
install writes ARCJET.md into the project. rules/arcjet-cli.mdc updated
similarly.
Prepares the plugin for the Arcjet CLI 1.0.0 release.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* docs(rules): drop arcjet skills CLI bullet, point at npx skills add directly
Skill installation is not a use case for the CLI — point users at
`npx skills add arcjet/skills` directly when they need skills outside
the plugin context.
---------
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Copy file name to clipboardExpand all lines: README.md
+31-11Lines changed: 31 additions & 11 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -5,9 +5,9 @@
5
5
The [Arcjet plugin](https://github.com/arcjet/arcjet-plugin) turns any supported AI coding agent into a security expert. It pre-loads agents with knowledge of the Arcjet security platform and automatically injects the right guidance based on what you're working on — framework-specific SDK patterns, protection rules, and best practices.
6
6
7
7
-**MCP integration** — connects to the [Arcjet MCP Server](https://docs.arcjet.com/mcp-server) for traffic analysis, request inspection, IP investigation, and remote rule management
8
-
-**CLI integration** — invokes the [Arcjet CLI](https://docs.arcjet.com/cli) for capabilities the MCP server does not expose (live request streaming, project-local skill installation)
8
+
-**CLI integration** — invokes the [Arcjet CLI](https://docs.arcjet.com/cli) for authentication, site/key setup, live request streaming, and remote rule management
9
9
-**Security-aware coding rules** — framework-specific guidance activates automatically when you work in route handlers, API endpoints, and AI/LLM code
10
-
-**Skills** — task-oriented workflows for adding protection to routes and securing AI endpoints
10
+
-**Skills** — task-oriented workflows sourced from [arcjet/skills](https://github.com/arcjet/skills)for adding protection to HTTP routes and non-HTTP code paths
11
11
-**Security analyst agent** — investigates threats, analyzes traffic, and manages rules via MCP
12
12
13
13
## Installation
@@ -20,17 +20,36 @@ That's it. The plugin activates automatically — security guidance appears when
20
20
21
21
You can also point your agent at the [agent get started documentation](https://docs.arcjet.com/agent-get-started).
22
22
23
+
### Arcjet CLI
24
+
25
+
The plugin invokes the Arcjet CLI for authentication, site management, and live request streaming. Install it via any of:
26
+
27
+
1.`npx -y @arcjet/cli@latest <command>` — no install required, works on macOS, Linux, and Windows
4.[GitHub Releases archive](https://github.com/arcjet/arcjet-cli/releases) — for internal redistribution and air-gapped environments
31
+
23
32
## How It Works
24
33
25
34
After installing, guidance activates automatically. The plugin detects what you're working on and injects Arcjet expertise. Just use your AI agent as you normally would.
|`/arcjet:add-request-protection`| Add Arcjet protection to any HTTP route or endpoint — detects framework, sets up client, applies rules. Includes AI/LLM endpoint guidance (chat, completion). |
43
+
|`/arcjet:add-guard-protection`| Add Arcjet Guard to non-HTTP code paths — AI agent tool calls, MCP tool handlers, background jobs/workers |
44
+
45
+
#### Deprecated aliases
46
+
47
+
The previous skill names are kept as deprecation aliases. Invoking them tells the user the new name and then proceeds with the canonical workflow — existing prompts, prompts in saved transcripts, and project-local references continue to work.
|`/arcjet:add-ai-protection`|`/arcjet:add-request-protection` (HTTP endpoints) or `/arcjet:add-guard-protection` (non-HTTP code) |
34
53
35
54
### Rules (auto-activated)
36
55
@@ -59,14 +78,15 @@ The MCP server connects automatically via OAuth when the plugin is installed. Yo
59
78
60
79
### CLI
61
80
62
-
The plugin uses the [Arcjet CLI](https://docs.arcjet.com/cli) for two specific capabilities the MCP server does not expose:
81
+
The plugin uses the [Arcjet CLI](https://docs.arcjet.com/cli) for capabilities that benefit from a real terminal session:
63
82
83
+
-**Authentication and site/key setup** — `arcjet auth login`, `arcjet teams list`, `arcjet sites list/create/get-key`. The CLI is the primary way to bootstrap a new project's `ARCJET_KEY`.
64
84
-**Live request streaming** — `arcjet watch --site-id <id>` is invoked by the security analyst agent during active incident response, when polling `list-requests` over MCP would be too coarse.
65
-
-**Project-local skill installation** — `arcjet skills install` is run after each skill workflow to write an `ARCJET.md` skills file into the project, giving future agent turns zero-round-trip discovery.
85
+
-**Remote rule management** — `arcjet rules create/list/promote/update/delete` for managing rules without code changes or redeployment.
66
86
67
-
No install is required. Commands are invoked as `npx -y @arcjet/cli@latest <command>`, which works on macOS, Linux, and Windows. If a local `arcjet` binary is on `PATH` (Homebrew, npm global, release archive), the plugin uses it directly. CLI authentication uses the same browser-based device flow as `gh auth login` or `vercel login`.
87
+
No install is required. Commands are invoked as `npx -y @arcjet/cli@latest <command>`, which works on macOS, Linux, and Windows. If a local `arcjet` binary is on `PATH` (Homebrew, install script, GitHub Releases archive), the plugin uses it directly. CLI authentication uses the same browser-based device flow as `gh auth login` or `vercel login`.
68
88
69
-
Setup commands, read-side analysis, and rule CRUD remain on the MCP server.
89
+
Read-side analysis and rule inspection over a structured tool interface remain available on the MCP server.
0 commit comments