From harness-claude
Implements Next.js middleware to run edge code before requests complete for route protection, redirects, rewrites, header injection, and rate limiting.
npx claudepluginhub intense-visions/harness-engineering --plugin harness-claudeThis skill uses the workspace's default tool permissions.
> Run code at the edge before a request completes — redirect, rewrite, or modify responses
Implements Next.js 15/16 middleware for Edge (middleware.ts) and Node.js (proxy.ts), handling authentication, RBAC, redirects, rewrites, i18n, security headers, rate limiting, matchers, and geo routing.
Implements Nuxt middleware patterns to protect routes, redirect unauthenticated users, run navigation logic, and intercept server requests for auth and logging.
Guides Vercel Routing Middleware for intercepting requests before cache, handling rewrites, redirects, and personalization. Supports any framework on Edge, Node.js, Bun runtimes.
Share bugs, ideas, or general feedback.
Run code at the edge before a request completes — redirect, rewrite, or modify responses
middleware.ts at the project root (or src/middleware.ts if using src/ layout).middleware function that accepts a NextRequest and returns a NextResponse or void.config object with a matcher array to scope middleware to specific paths — avoid running middleware on _next/static, _next/image, and static assets.NextResponse.redirect() for permanent redirects and NextResponse.rewrite() to proxy the request to a different URL without changing the browser URL.request.cookies.get('name') and set them on the response with response.cookies.set().NextResponse.next() with modified headers to pass custom headers to Server Components via headers().// middleware.ts
import { NextResponse } from 'next/server';
import type { NextRequest } from 'next/server';
export function middleware(request: NextRequest) {
const token = request.cookies.get('auth-token')?.value;
const isProtected = request.nextUrl.pathname.startsWith('/dashboard');
if (isProtected && !token) {
const loginUrl = new URL('/login', request.url);
loginUrl.searchParams.set('callbackUrl', request.nextUrl.pathname);
return NextResponse.redirect(loginUrl);
}
// Pass a custom header to Server Components
const response = NextResponse.next();
response.headers.set('x-pathname', request.nextUrl.pathname);
return response;
}
export const config = {
matcher: ['/((?!_next/static|_next/image|favicon.ico|.*\\.(?:svg|png|jpg|jpeg|gif|webp)$).*)'],
};
Next.js Middleware runs on the Vercel Edge Network (or a compatible edge runtime) before the request reaches the server. It uses the Edge Runtime — a lightweight V8 environment with Web APIs but without Node.js built-ins like fs, path, or crypto (use globalThis.crypto instead).
Matcher syntax: The matcher array supports path patterns, negative lookaheads, and regex. The example pattern is the recommended baseline: it excludes Next.js internals and static file extensions. Middleware that matches every request including static assets is a common performance mistake.
Reading server component headers: Middleware can inject headers into the request via request.headers.set() before calling NextResponse.next({ request }). These headers are accessible in Server Components via import { headers } from 'next/headers'. This pattern passes request-time context (user ID, locale, tenant) without touching cookies.
Edge vs Node.js runtime: Middleware always runs on the Edge Runtime. Route Handlers and Server Components can opt into the Edge Runtime with export const runtime = 'edge', but this is optional and has the same Node.js API limitations.
Auth libraries: NextAuth.js / Auth.js provides a auth() middleware helper that integrates with the middleware pattern. Using it avoids manually parsing JWTs in middleware.
https://nextjs.org/docs/app/building-your-application/routing/middleware