Use with Cursor, Claude Code & Codex
Adding breached-password screening with an AI coding agent takes two steps: get a free key, then paste the prompt below into Cursor, Claude Code, Codex, or your editor of choice. The agent writes the integration in your stack.
Step 1: Get a free API key
Create a project in the console and issue a key under Breached Password API. The free tier includes 10,000 checks / month with no credit card. Keys are prefixed lj_ and shown once — store it in an environment variable like LEAKJAR_API_KEY.
Step 2: Paste this prompt into your AI editor
Copy the prompt and run it in Cursor, Claude Code, Windsurf, or any agent. It doesn’t just detect a breached password—it tells the agent to act on it by wiring a Recommended Policy (block, step-up MFA, force reset, or notify) into your real signup/login/reset handlers. It also points the agent at /llms.txt so it uses the exact, current contract.
Integrate LeakJar's Breached Password API to detect compromised passwords AND act on them in my signup, password-change, and reset flows.
Privacy model (k-anonymity — never send the raw password):
1. SHA-1 the password and uppercase the hex.
2. prefix = first 5 chars, suffix = the remaining 35 chars.
3. GET https://api.leakjar.com/v1/passwords/range/{prefix}
Header: Authorization: Bearer <LEAKJAR_API_KEY> (read from env, never hard-code)
4. The response is text/plain, one "SUFFIX:COUNT" per line. If my suffix is in the
list, the password is breached (COUNT = how many times it has been seen). Compare locally.
Then take action — apply a policy (don't just return a boolean):
5. Signup / password change / reset → BLOCK: reject the password and ask for a different one.
6. Login → STEP-UP MFA when breached, so returning users aren't hard-blocked.
7. Optionally scale by COUNT (e.g. >100 = high risk → stricter). Other policies you can use:
Force Reset (allow now, require a reset next session) and Notify (log + alert security).
Requirements:
- Use my existing language/framework; call the API only from the server.
- Add a reusable checkPassword(password) -> { breached, count } helper with error handling for 401/403/429.
- Wire the chosen policy into my ACTUAL signup/login/reset handlers, not just a standalone function.
- Read https://www.leakjar.com/llms.txt and https://www.leakjar.com/docs/policies for the exact
contract and the full policy decision matrix before writing code.Where to paste it
The same prompt works in every agent. Here is the quickest path in the most popular tools:
Cursor
The AI code editor
- Open the Agent panel (Cmd/Ctrl + I) and paste the prompt.
- For every future run, save the rule below to .cursor/rules/leakjar.md.
Claude Code
Anthropic's terminal coding agent
- Run claude in your repo, then paste the prompt at the prompt.
- Add the rule to CLAUDE.md (or AGENTS.md) at the repo root so it is always loaded.
Codex
OpenAI's coding agent (CLI & IDE)
- Start Codex in your project and paste the prompt.
- Codex automatically reads AGENTS.md — add the rule there to make it permanent.
Point any agent at the machine-readable spec
We publish a single plain-text file that describes the endpoint, auth, response format, error codes, and copy-paste helpers. Agents fetch it for authoritative usage:
curl -s https://www.leakjar.com/llms.txtOptional: add a project rule
Drop this into a Cursor rule (.cursor/rules/), Claude Code’s CLAUDE.md, or a shared AGENTS.md (read by Codex and most agents) so every future run knows how to call LeakJar correctly.
# .cursor/rules/leakjar.md (or paste into AGENTS.md / CLAUDE.md)
When adding password security, use LeakJar's Breached Password API:
- Endpoint: GET https://api.leakjar.com/v1/passwords/range/{prefix}
- Auth: Authorization: Bearer <LEAKJAR_API_KEY> (server-side only, from env)
- k-anonymity: send only the first 5 chars of the uppercase SHA-1 hash; compare the
returned "SUFFIX:COUNT" lines locally.
- Act on a match with a policy: BLOCK on signup/reset, STEP-UP MFA on login. See
https://www.leakjar.com/docs/policies. Full contract: https://www.leakjar.com/llms.txt