From harness-claude
Runs code at the edge before a request completes — redirect, rewrite, modify responses, or inject headers. Useful for auth, localization, A/B testing, rate limiting, and security headers.
How this skill is triggered — by the user, by Claude, or both
Slash command
/harness-claude:next-middleware-patternThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
> Run code at the edge before a request completes — redirect, rewrite, or modify responses
Run code at the edge before a request completes — redirect, rewrite, or modify responses
middleware.ts at the project root (or src/middleware.ts if using src/ layout).middleware function that accepts a NextRequest and returns a NextResponse or void.config object with a matcher array to scope middleware to specific paths — avoid running middleware on _next/static, _next/image, and static assets.NextResponse.redirect() for permanent redirects and NextResponse.rewrite() to proxy the request to a different URL without changing the browser URL.request.cookies.get('name') and set them on the response with response.cookies.set().NextResponse.next() with modified headers to pass custom headers to Server Components via headers().// middleware.ts
import { NextResponse } from 'next/server';
import type { NextRequest } from 'next/server';
export function middleware(request: NextRequest) {
const token = request.cookies.get('auth-token')?.value;
const isProtected = request.nextUrl.pathname.startsWith('/dashboard');
if (isProtected && !token) {
const loginUrl = new URL('/login', request.url);
loginUrl.searchParams.set('callbackUrl', request.nextUrl.pathname);
return NextResponse.redirect(loginUrl);
}
// Pass a custom header to Server Components
const response = NextResponse.next();
response.headers.set('x-pathname', request.nextUrl.pathname);
return response;
}
export const config = {
matcher: ['/((?!_next/static|_next/image|favicon.ico|.*\\.(?:svg|png|jpg|jpeg|gif|webp)$).*)'],
};
Next.js Middleware runs on the Vercel Edge Network (or a compatible edge runtime) before the request reaches the server. It uses the Edge Runtime — a lightweight V8 environment with Web APIs but without Node.js built-ins like fs, path, or crypto (use globalThis.crypto instead).
Matcher syntax: The matcher array supports path patterns, negative lookaheads, and regex. The example pattern is the recommended baseline: it excludes Next.js internals and static file extensions. Middleware that matches every request including static assets is a common performance mistake.
Reading server component headers: Middleware can inject headers into the request via request.headers.set() before calling NextResponse.next({ request }). These headers are accessible in Server Components via import { headers } from 'next/headers'. This pattern passes request-time context (user ID, locale, tenant) without touching cookies.
Edge vs Node.js runtime: Middleware always runs on the Edge Runtime. Route Handlers and Server Components can opt into the Edge Runtime with export const runtime = 'edge', but this is optional and has the same Node.js API limitations.
Auth libraries: NextAuth.js / Auth.js provides a auth() middleware helper that integrates with the middleware pattern. Using it avoids manually parsing JWTs in middleware.
https://nextjs.org/docs/app/building-your-application/routing/middleware
npx claudepluginhub intense-visions/harness-engineering --plugin harness-claudeImplements Next.js 15/16 middleware for Edge (middleware.ts) and Node.js (proxy.ts), handling authentication, RBAC, redirects, rewrites, i18n, security headers, rate limiting, matchers, and geo routing.
Edge middleware for EdgeOne Makers — request interception, redirects, rewrites, auth guards, A/B testing, and header injection at the edge (V8 runtime).
Protect routes, redirect unauthenticated users, and transform navigation using Nuxt's layered middleware system for both client and server.