Arcis – open-source security middleware for Node, Python, and Go

Gagan, a Master's student at Northeastern University, released Arcis, an open-source security middleware for Node, Python, and Go that blocks 34 attack vectors inside web applications. The middleware, built over eleven weeks, provides a unified API across three SDKs with zero runtime dependencies in Node and Python, and includes CLI tools for SAST, dynamic testing, and supply-chain scanning. Arcis runs inside the application to enforce per-route rules and framework-aware checks that traditional WAFs cannot perform.

Open-source security middleware for Node, Python, and Go. Same API across three SDKs. Zero runtime deps in Node and Python, stdlib-only core in Go. MIT licensed. Built by one person over eleven weeks. This post is the introduction. What it is Arcis is a security layer that runs inside your web application, alongside your handler. Drop it into your Express, Fastify, FastAPI, Django, Gin, Echo, or one of fourteen other framework adapters, and it blocks more than 30 attack vectors at the request boundary before they reach your code. Node npm install @arcis/node Python pip install arcis Go go get github.com/GagancM/arcis In your server: js import { arcis } from '@arcis/node'; app.use arcis { block: true } ; That's it. XSS, SQL injection, NoSQL operators, path traversal, command injection, SSTI, XXE, SSRF including DNS rebinding , prototype pollution, CSRF, mass assignment, prompt injection, agent toolcall injection — all blocked by default. What it actually does 34 attack vectors detected and blocked. Full list in the docs ../../documentation/attack-vectors.html . Three SDKs at full parity. The Python SDK isn't a port — it's a peer. Same tests, same input vectors, same output behavior. Zero runtime deps in Node and Python. Go core is stdlib-only with optional Gin/Echo adapters. 3,500+ tests across the three SDKs. Cross-SDK conformance harness enforces identical behavior on every commit. Three CLI tools in one Rust binary. arcis audit for SAST, arcis scan for dynamic endpoint testing, arcis sca for supply-chain. Sub-second on most repos. Self-hosted control plane Fastify + SQLite for telemetry, plus a dashboard. No cloud required. @arcis/mcp on npm. First MCP server in this category. Exposes Arcis as four tools any agent can call. The inside-the-app argument Most web apps in 2026 sit behind a WAF — Cloudflare, AWS WAF, NGINX with ModSecurity. WAFs work, but they sit at the network edge and see only raw HTTP bytes. By the time the request reaches your handler, the bytes have been parsed into JSON, normalized, type-coerced. The WAF and your handler see the same request differently. Modern bypasses live in that seam. Arcis runs inside your application. It has access to the parsed request, the framework's route context, the user's session. That makes it possible to enforce per-route rules, per-field validation, framework-aware checks — things a WAF cannot do because it doesn't know which JSON field is your privileged isAdmin flag. This is the argument behind Aikido Zen and Arcjet too. Same category, different shapes. What it does NOT do Honest limits, before you ask: Not a WAF replacement. A WAF still drops obvious garbage at the edge. Run both. Arcis is the second layer. Not RASP. We don't hook into the language runtime or instrument pg.query . The protection sits at the request boundary, not at every function call. Not authentication. Arcis protects auth flows CSRF tokens, secure cookies, signup brute-force but doesn't implement auth itself. Not a parameterized-query substitute. SQL sanitization is defense in depth. Parameterized queries are still the real fix. Detection is signature-based. NFKC normalization + multi-decode + mutation tester closes a lot of bypass classes, but it's not parser-based. If an attacker writes a payload that doesn't match any pattern, the request goes through. Built by one person I'm Gagan, a Master's student at Northeastern University. I started Arcis in late March 2026 and have been building nights and weekends alongside my degree. Eleven weeks in: - 3 SDKs across Node, Python, Go - 17 framework adapters - 3,500+ tests, all cross-SDK enforced - 34 attack vectors - 3 CLI tools in a single Rust binary - @arcis/mcp MCP server first publish 2026-05-24 - 7 runnable example repos under github.com/getarcis/ - The self-hosted dashboard - This website Twelve releases v1.0 through v1.6.3 . Two pilot deployments. Zero paying customers yet — the open-source core is free forever, the hosted Cloud version is in development for design partners. I graduate August 2026 and will be full-time on Arcis from then. If accepted by YC, relocating to SF for the batch. Try it npm install @arcis/node or pip install arcis or go get github.com/GagancM/arcis Getting started ../../documentation/getting-started.html Attack vectors covered ../../documentation/attack-vectors.html Comparison vs Arcjet ../../documentation/comparisons/vs-arcjet.html · vs Aikido Zen ../../documentation/comparisons/vs-aikido.html · vs Snyk ../../documentation/comparisons/vs-snyk.html Source on GitHub https://github.com/Gagancm/arcis If you're building something AI-heavy, the agent toolcall defense piece ./defending-agent-tool-calls.html is the most interesting starting point. @arcis/mcp is on npm, and getarcis/arcis-example-mcp is a runnable demo that fires seven prompt-injection payloads at the MCP server on every CI run and fails the build if any get through. Happy to answer questions about the runtime layer argument, the cross-SDK parity work, the agent-security wedge, or anything else under the hood.