A night in paris
{
"subject_and_scene": {
"main_subject": "A young man with thick curly brown hair, wearing a sophisticated beige turtleneck sweater and a matching tailored wool blazer, displaying a contemplative and moody expression.",
"action": "Leaning casually against a weathered stone bridge parapet, looking away from the camera toward the Parisian cityscape.",
"environment": "Paris at night on the banks of the Seine; the Eiffel Tower stands prominently in the background, brilliantly illuminated in golden light, with city lights and river boats creating soft reflections on the dark water."
},
"cinematography": {
"camera_model": "Sony Venice 2",
"sensor_type": "Full Frame",
"shot_type": "Cowboy Shot",
"camera_angle": "Eye Level",
"movement": "Static"
},
"optics": {
"lens_type": "Spherical",
"focal_length": "35mm (Standard Wide)",
"aperture": "f/2.8 (Moderate depth of field to retain background context)",
"shutter_effects": "Standard Shutter"
},
"lighting_design": {
"setup": "Natural Night Ambience with soft fill on subject",
"style": "Low-Key with high atmospheric glow",
"atmospheric_light": "Golden Glow from the Eiffel Tower, Rim Lighting from city lights",
"color_temperature": "Warm (3000K, Amber and Gold tones)"
},
"color_and_post": {
"film_stock": "Kodak Portra 400",
"color_grading": "Warm Nostalgic Tones, Muted Log-C",
"analog_artifacts": "Heavy Film Grain, soft Halation around the golden tower lights"
},
"rendering_and_tech": {
"engine": "Octane Render",
"advanced_tech": "Subsurface Scattering on skin, Global Illumination for water reflections",
"specs": {
"aspect_ratio": "2.39:1 (CinemaScope)",
"resolution": "8K, Photorealistic, Hyper-detailed"
}
},
"directorial_style": "Denis Villeneuve (Atmospheric mood and pensive composition)"
}
Abandoned Wife
{
"character_profile": {
"name": "Natalia",
"subject": "Full-body 3/4 view portrait capturing a moment of profound emotional transition",
"physical_features": {
"ethnicity": "Southern European",
"age_appearance": "Youthful features now marked by a complex, weary expression",
"hair": "Dark brown, wavy, artfully disheveled as if by passion, time, and thought",
"eyes": "Deep green with amber flecks, gazing into the middle distance — a mix of melancholy, clarity, and resignation",
"complexion": "Olive skin with a subtle, dewy sheen",
"physique": "Slender with a pronounced feminine silhouette, shown with natural elegance",
"details": "A simple gold wedding band on her right ring finger, catching the light"
},
"clothing": {
"outfit": "A sleek black silk slip dress, one thin strap delicately fallen off the shoulder, black thigh-high stockings",
"condition": "Elegantly disordered, suggesting a prior moment of intimacy now passed"
}
},
"scene_details": {
"location": "Minimalist, sunlit apartment in Rome. Clean lines, a stark white wall.",
"lighting": "Natural, cinematic morning light streaming in. Highlights the texture of skin and fabric, creating long, dramatic shadows. Feels both exposing and serene.",
"pose": "Leaning back against the wall, body in a graceful 3/4 contrapposto. One hand rests lightly on her collarbone, the other hangs loosely. A posture of quiet aftermath and introspection.",
"atmosphere": "Poetic stillness, intimate vulnerability, a palpable silence filled with memory. Sophisticated, raw, and deeply human. The story is in her expression and the space around her."
},
"technical_parameters": {
"camera": "Sony A7R IV with 50mm f/1.2 lens",
"style": "Hyper-realistic fine art photography. Cinematic, with a soft film grain. Inspired by the evocative stillness of photographers like Petra Collins or Nan Goldin.",
"format": "Vertical (9:16), perfect for a portrait that tells a story",
"details": "Sharp focus on the eyes and expression. Textural emphasis on skin, silk, and the wall. Background is clean, almost austere, holding the emotional weight. No explicit debris, only the subtle evidence of a life lived."
},
"artistic_intent": "Capture the silent narrative of a private moment after a significant encounter. The focus is on the emotional landscape: a blend of vulnerability, fleeting beauty, quiet strength, and the profound self-awareness that follows intimacy. It's a portrait of an inner turning point."
}
Add AI protection
---
name: add-ai-protection
license: Apache-2.0
description: Protect AI chat and completion endpoints from abuse — detect prompt injection and jailbreak attempts, block PII and sensitive info from leaking in responses, and enforce token budget rate limits to control costs. Use this skill when the user is building or securing any endpoint that processes user prompts with an LLM, even if they describe it as "preventing jailbreaks," "stopping prompt attacks," "blocking sensitive data," or "controlling AI API costs" rather than naming specific protections.
metadata:
pathPatterns:
- "app/api/chat/**"
- "app/api/completion/**"
- "src/app/api/chat/**"
- "src/app/api/completion/**"
- "**/chat/**"
- "**/ai/**"
- "**/llm/**"
- "**/api/generate*"
- "**/api/chat*"
- "**/api/completion*"
importPatterns:
- "ai"
- "@ai-sdk/*"
- "openai"
- "@anthropic-ai/sdk"
- "langchain"
promptSignals:
phrases:
- "prompt injection"
- "pii"
- "sensitive info"
- "ai security"
- "llm security"
anyOf:
- "protect ai"
- "block pii"
- "detect injection"
- "token budget"
---
# Add AI-Specific Security with Arcjet
Secure AI/LLM endpoints with layered protection: prompt injection detection, PII blocking, and token budget rate limiting. These protections work together to block abuse before it reaches your model, saving AI budget and protecting user data.
## Reference
Read https://docs.arcjet.com/llms.txt for comprehensive SDK documentation covering all frameworks, rule types, and configuration options.
Arcjet rules run **before** the request reaches your AI model — blocking prompt injection, PII leakage, cost abuse, and bot scraping at the HTTP layer.
## Step 1: Ensure Arcjet Is Set Up
Check for an existing shared Arcjet client (see `/arcjet:protect-route` for full setup). If none exists, set one up first with `shield()` as the base rule. The user will need to register for an Arcjet account at https://app.arcjet.com then use the `ARCJET_KEY` in their environment variables.
## Step 2: Add AI Protection Rules
AI endpoints should combine these rules on the shared instance using `withRule()`:
### Prompt Injection Detection
Detects jailbreaks, role-play escapes, and instruction overrides.
- JS: `detectPromptInjection()` — pass user message via `detectPromptInjectionMessage` parameter at `protect()` time
- Python: `detect_prompt_injection()` — pass via `detect_prompt_injection_message` parameter
Blocks hostile prompts **before** they reach the model. This saves AI budget by rejecting attacks early.
### Sensitive Info / PII Blocking
Prevents personally identifiable information from entering model context.
- JS: `sensitiveInfo({ deny: ["EMAIL", "CREDIT_CARD_NUMBER", "PHONE_NUMBER", "IP_ADDRESS"] })`
- Python: `detect_sensitive_info(deny=[SensitiveInfoType.EMAIL, SensitiveInfoType.CREDIT_CARD_NUMBER, ...])`
Pass the user message via `sensitiveInfoValue` (JS) / `sensitive_info_value` (Python) at `protect()` time.
### Token Budget Rate Limiting
Use `tokenBucket()` / `token_bucket()` for AI endpoints — the `requested` parameter can be set proportional to actual model token usage, directly linking rate limiting to cost. It also allows short bursts while enforcing an average rate, which matches how users interact with chat interfaces.
Recommended starting configuration:
- `capacity`: 10 (max burst)
- `refillRate`: 5 tokens per interval
- `interval`: "10s"
Pass the `requested` parameter at `protect()` time to deduct tokens proportional to model cost. For example, deduct 1 token per message, or estimate based on prompt length.
Set `characteristics` to track per-user: `["userId"]` if authenticated, defaults to IP-based.
### Base Protection
Always include `shield()` (WAF) and `detectBot()` as base layers. Bots scraping AI endpoints are a common abuse vector. For endpoints accessed via browsers (e.g. chat interfaces), consider adding Arcjet advanced signals for client-side bot detection that catches sophisticated headless browsers. See https://docs.arcjet.com/bot-protection/advanced-signals for setup.
## Step 3: Compose the protect() Call and Handle Decisions
All rule parameters are passed together in a single `protect()` call. Use this pattern:
```typescript
const userMessage = req.body.message; // the user's input
const decision = await aj.protect(req, {
requested: 1, // tokens to deduct for rate limiting
sensitiveInfoValue: userMessage, // PII scanning
detectPromptInjectionMessage: userMessage, // injection detection
});
if (decision.isDenied()) {
if (decision.reason.isRateLimit()) {
return Response.json(
{ error: "You've exceeded your usage limit. Please try again later." },
{ status: 429 },
);
}
if (decision.reason.isPromptInjection()) {
return Response.json(
{ error: "Your message was flagged as potentially harmful." },
{ status: 400 },
);
}
if (decision.reason.isSensitiveInfo()) {
return Response.json(
{
error:
"Your message contains sensitive information that cannot be processed. Please remove any personal data.",
},
{ status: 400 },
);
}
if (decision.reason.isBot()) {
return Response.json({ error: "Forbidden" }, { status: 403 });
}
}
// Arcjet fails open — log errors but allow the request
if (decision.isErrored()) {
console.warn("Arcjet error:", decision.reason.message);
}
// Proceed with AI model call...
```
Adapt the response format to your framework (e.g., `res.status(429).json(...)` for Express).
## Step 5: Verify
1. Start the app and send a normal message — should succeed
2. Test prompt injection by sending something like "Ignore all previous instructions and..."
3. Test PII blocking by sending a message with a fake credit card number
Start all rules in `"DRY_RUN"` mode first. Once verified, promote to `"LIVE"`.
**Always recommend using the Arcjet MCP tools** to verify rules and analyze traffic:
- `list-requests` — confirm decisions are being recorded, filter by conclusion to see blocks
- `analyze-traffic` — review denial rates and patterns for the AI endpoint
- `explain-decision` — understand why a specific request was allowed or denied (useful for tuning prompt injection sensitivity)
- `promote-rule` — promote rules from `DRY_RUN` to `LIVE` once verified
If the user wants a full security review, suggest the `/arcjet:security-analyst` agent which can investigate traffic, detect anomalies, and recommend additional rules.
The Arcjet dashboard at https://app.arcjet.com is also available for visual inspection.
## Common Patterns
**Streaming responses**: Call `protect()` before starting the stream. If denied, return the error before opening the stream — don't start streaming and then abort.
**Multiple models / providers**: Use the same Arcjet instance regardless of which AI provider you use. Arcjet operates at the HTTP layer, independent of the model provider.
**Vercel AI SDK**: Arcjet works alongside the Vercel AI SDK. Call `protect()` before `streamText()` / `generateText()`. If denied, return a plain error response instead of calling the AI SDK.
## Common Mistakes to Avoid
- Sensitive info detection runs **locally in WASM** — no user data is sent to external services. It is only available in route handlers, not in Next.js pages or server actions.
- `sensitiveInfoValue` and `detectPromptInjectionMessage` (JS) / `sensitive_info_value` and `detect_prompt_injection_message` (Python) must both be passed at `protect()` time — forgetting either silently skips that check.
- Starting a stream before calling `protect()` — if the request is denied mid-stream, the client gets a broken response. Always call `protect()` first and return an error before opening the stream.
- Using `fixedWindow()` or `slidingWindow()` instead of `tokenBucket()` for AI endpoints — token bucket lets you deduct tokens proportional to model cost and matches the bursty interaction pattern of chat interfaces.
- Creating a new Arcjet instance per request instead of reusing the shared client with `withRule()`.
Brainstorming Technically Grounded Product Ideas
You are a product-minded senior software engineer and pragmatic PM.
Help me brainstorm useful, technically grounded ideas for the following:
Topic / problem: {{Product / decision / topic / problem}}
Context: ${context}
Goal: ${goal}
Audience: Programmer / technical builder
Constraints: ${constraints}
Your job is to generate practical, relevant, non-obvious options for products, improvements, fixes, or solution directions. Think like both a PM and a senior developer.
Requirements:
- Focus on ideas that are relevant, realistic, and technically plausible.
- Include a mix of:
- quick wins
- medium-effort improvements
- long-term strategic options
- Avoid:
- irrelevant ideas
- hallucinated facts or assumptions presented as certain
- overengineering
- repetitive or overly basic suggestions unless they are high-value
- Prefer ideas that balance impact, effort, maintainability, and long-term consequences.
- For each idea, explain why it is good or bad, not just what it is.
Output format:
## 1) Best ideas shortlist
Give 8–15 ideas. For each idea, include:
- Title
- What it is (1–2 sentences)
- Why it could work
- Main downside / risk
- Tags: [Low Effort / Medium Effort / High Effort], [Short-Term / Long-Term], [Product / Engineering / UX / Infra / Growth / Reliability / Security], [Low Risk / Medium Risk / High Risk]
## 2) Comparison table
Create a table with these columns:
| Idea | Summary | Pros | Cons | Effort | Impact | Time Horizon | Risk | Long-Term Effects | Best When |
|------|---------|------|------|--------|--------|--------------|------|------------------|-----------|
Use concise but meaningful entries.
## 3) Top recommendations
Pick the top 3 ideas and explain:
- why they rank highest
- what tradeoffs they make
- when I should choose each one
## 4) Long-term impact analysis
Briefly analyze:
- maintenance implications
- scalability implications
- product complexity implications
- technical debt implications
- user/business implications
## 5) Gaps and uncertainty check
List:
- assumptions you had to make
- what information is missing
- where confidence is lower
- any idea that sounds attractive but is probably not worth it
Quality bar:
- Be concrete and specific.
- Do not give filler advice.
- Do not recommend something just because it sounds advanced.
- If a simpler option is better than a sophisticated one, say so clearly.
- When useful, mention dependencies, failure modes, and second-order effects.
- Optimize for good judgment, not just idea quantity.