One command. Full stack. Zero compromise. — All-in-one Claude Code skill with 33 modes, 6-layer security, 23 hooks, and 75% token savings. Works on Codex, Cursor, Manus, Windsurf.

AuraKit — One command. Full stack. Zero compromise.

46 Modes · 10 Hooks · 23 Agents · 6-Layer Security · 8 Languages · ~55% Token Savings

Before & After · Quick Start · 46 Modes · Tiers · Pipeline · Security · New in v6.5 · Why AuraKit · FAQ

What is AuraKit?

One command. Full-stack app. Production-ready.

AuraKit is a Claude Code skill that replaces 20+ manual instructions with a single /aura command. It auto-detects what you need, scans your project, generates code with security checks on every file, and commits — all in one shot.

npx @smorky85/aurakit        # Install once (~30 seconds, auto-installs jq)
/aura build: login with JWT  # That's it. AuraKit handles the rest.

[!TIP] 30-second install → npx @smorky85/aurakit or bash install.sh (v2.0), then type /aura in any project. jq, Python, and git are auto-detected and installed if missing.

🔄 Before & After

❌ Without AuraKit ✅ With AuraKit

You: "Build a login API"
Claude: *generates code*
You: "Wait, add input validation"
Claude: *regenerates*
You: "You forgot error handling"
Claude: *patches*
You: "Check for SQL injection"
Claude: *patches again*
You: "Now write tests"
Claude: *generates tests*
You: "The types are wrong..."
(30 min later, still going)

/aura build: login with JWT

# AuraKit automatically:
# → Scans your project stack (Scout/Haiku)
# → Plans file-by-file build order
# → Generates with SEC-01~15 rules
# → Validates types + security + tests
# → Commits: feat(auth): add login
# Done. One command. ~3 minutes.

⚡ Quick Start

1 — Install (choose one)

# macOS (Homebrew)
brew install smorky85/tap/aurakit

# All platforms (npm)
npx @smorky85/aurakit

# One-liner (macOS / Linux)
curl -fsSL https://raw.githubusercontent.com/smorky850612/Aurakit/main/install.sh | bash

# Windows
npx @smorky85/aurakit

# From source
bash install.sh

[!NOTE] All install methods auto-activate L3~L5 security hooks. install.sh v2.0 auto-detects and installs: jq (winget/scoop/choco/brew/apt/dnf/yum/apk/pacman), checks Node.js, Python, and git. Configures settings.json via Python-first (jq fallback). Installs the AuraKit Nexus status bar.

2 — Use

# Recommended for daily use (hooks enforce security without per-action dialogs)
claude --dangerously-skip-permissions

/aura build: login with JWT        # BUILD mode (English)
/aura 로그인 기능 만들어줘         # BUILD mode (Korean · auto-detect)
/aura fix: TypeError in auth.ts    # FIX mode
/aura 코드 정리해줘                # CLEAN mode
/aura Vercel 배포 설정해줘         # DEPLOY mode
/aura 코드 리뷰해줘               # REVIEW mode
/aura! 버튼 색상 변경              # QUICK mode · ~60% fewer tokens

[!WARNING] What --dangerously-skip-permissions means: Claude won’t ask for confirmation on each tool use. This is intentional — AuraKit’s hooks (bash-guard.js, security-scan.sh) replace per-action dialogs with automated enforcement. Without install.sh, security relies only on L1/L2 (agent role isolation + tool blocklist).

Safer first-time alternative: Run claude without the flag. Claude will ask for permission on each Write/Edit/Bash call.

[!IMPORTANT] Security rules in ~/.claude/rules/aurakit-security.md are always active — applied to every Claude Code session automatically, even without running /aura.

3 — Update (existing users)

# Recommended — always fetches the latest version from npm
npx @smorky85/aurakit@latest

# From source (if you cloned the repo)
git pull origin main && bash install.sh

# One-liner (macOS / Linux)
curl -fsSL https://raw.githubusercontent.com/smorky850612/Aurakit/main/install.sh | bash

[!TIP] Running the update command re-runs install.sh automatically — hooks, skills, and security rules are all refreshed in place. Your .aura/ project data (memory, instincts, snapshots) is never overwritten.

🧬 DNA — 8 Core Principles

AuraKit enforces these 8 principles in every mode, every turn, every output. Any response that violates them is not AuraKit.

#	Principle	Guarantee	Mechanism
1	⚡ FAST	Faster than any skill	Session cache · ConfigHash · QUICK mode · Progressive Load
2	✨ FLASHY	Most informative CLI output	StatusLine · Next Actions · Token Report · Pipeline display
3	🔐 SECURE	Genuinely top-tier security	6-layer gates · 10 hooks · SEC-01~15 · bash-guard · security-scan
4	💰 THRIFTY	Max token savings even on Opus	Tiered Model · Fail-Only output · Progressive Load · Session cache
5	♾️ IMMORTAL	Survives context loss	65% compact guard · Snapshots · PostCompact restore · Session resume
6	🧠 EVOLVING	Gets smarter with every use	Instinct learning · instinct:evolve · Pattern sharing
7	🌐 UNIVERSAL	Any platform, any language	8 languages · 46 modes · 23 agents · 5 platforms · Non-dev QUICK mode
8	🏆 TOP-TIER	Best skill, no comparison	Sum of the above 7

🏆 Why AuraKit?

“I can just prompt Claude myself” — Yes, but you’ll repeat the same 20 instructions every session.

	Manual Prompting	CLAUDE.md File	AuraKit v6.5.0
Security enforcement	Hope for the best	Rules, no enforcement	10 hooks enforce at write-time
Context survival	Lost on compact	Partial	Snapshot + PostCompact auto-restore
Token efficiency	Wasteful	Manual	~55% ECO · ~75% MAX (estimated)
Code review	Manual	Manual	4 agents in parallel
Multi-language	English only	English only	8 languages · 56+ commands
Learns over time	Starts fresh	Starts fresh	Instinct engine auto-saves patterns
jq / tools	Manual setup	Manual setup	Auto-installed on first run
Install time	—	30 min writing rules	~30 seconds

🎯 46 Modes

AuraKit detects your intent from natural language. Use a namespace prefix (build:, fix:) when the mode is ambiguous.

5 Core Modes — covers 90% of daily use

Mode	Invoke	What It Does
BUILD	`/aura build: ...` or just describe it	Discovery → micro-plan → generate → triple verify → commit
FIX	`/aura fix: ...` or paste the error	Root-cause analysis → minimal change → verify
REVIEW	`/aura review:`	4 parallel agents → VULN-NNN report, A–F grade
CLEAN	`/aura clean:`	Dead code removal, 250-line splits, deduplication
DEPLOY	`/aura deploy:`	Framework detect → env setup → deploy config → security recheck

📋 40 Extended Modes — Quality · Planning · Platform · Utility · Autopus-ADK · Auto

Quality & Testing

Mode	Trigger	What It Does
GAP	`gap:`, match rate	Design ↔ implementation gap analysis (Match Rate %)
ITERATE	`iterate:`, auto-fix	Auto-improve until Match Rate ≥ 90% (max 5 cycles)
TDD	`tdd:`, test-first	🔴 RED → 🟢 GREEN → 🔵 REFACTOR · coverage ≥ 70–90%
QA	`qa:`, docker logs	Zero-Script QA via real Docker log analysis
QA:E2E	`qa:e2e:setup`	Playwright E2E — auth / CRUD / responsive / CI pipeline
DEBUG	`debug:`, 5-why	4-phase systematic debugging with root-cause tracing

Planning & Design

Mode	Trigger	What It Does
PM	`pm:`, PRD, discovery	OST + JTBD + Lean Canvas + PRD · 5 PM agents in parallel
PLAN	`plan:`, 계획	Structured plan → `.aura/docs/plan-*.md`
DESIGN	`design:`, DB 설계	DB + API + UI workers parallel → cross-consistency check
REPORT	`report:`, 완료 보고서	4-perspective value report (user/biz/tech/ops)
PIPELINE	`pipeline:`, 개발 순서	9-phase guide: Starter / Dynamic / Enterprise
BRAINSTORM	`brainstorm:`, HMW	HMW + priority matrix → actionable ideas

Advanced Operations

Mode	Trigger	What It Does
ORCHESTRATE	`orchestrate:`, leader	Leader / Swarm / Council / Watchdog multi-agent patterns
BATCH	`batch:[A,B,C]`	Up to 5 features in parallel Git Worktrees
LOOP	`batch:loop:` `until:pass`	Autonomous iteration loop until condition met
FINISH	`finish:`, squash	Branch squash merge + Worktree cleanup
ARCHIVE	`archive:`, archive:list	Archive features without deleting

Platform Specialists

Mode	Trigger	What It Does
MOBILE	`mobile:`, react native	React Native / Expo specialized pipeline
DESKTOP	`desktop:`, electron	Electron / Tauri specialized pipeline
BAAS	`baas:`, supabase	Supabase / Firebase / bkend integration guide
PAYMENT	`payment:`, stripe, polar, toss	Stripe · LemonSqueezy · Polar · TossPayments · StepPay — full subscription billing pipeline (default PRO tier)

Intelligence & Configuration

Mode	Trigger	What It Does
INSTINCT	`instinct:show`	View / manage / evolve learned project patterns
LANG	`lang:python`, `lang:go`	Force language-specific code reviewer (10 languages)
MCP	`mcp:setup`, `mcp:list`	Install & configure 14 MCP server types
CONTENT	`content:`, 블로그	Blog, market research, IR deck, tech docs, email, social
STATUS	`status`, 현재 상태	Current work state from `.aura/snapshots/`
STATUS:HEALTH	`status:health`	Health Dashboard — Match Rate · security score · coverage · Tech Debt
CONFIG	`config:set`	Manage `.aura/config.json` settings

Utility

Mode	Trigger	What It Does
STYLE	`style:`, learning	Switch output persona: learning / expert / concise
SNIPPETS	`snippets:`, 스니펫	Save and reuse prompt templates
QUICK (`!`)	`/aura! request`	Protocol-minimal, single file, ~60% token savings
BUILD_RESOLVER	(auto on V1 fail)	Language-specific build error resolver (7 languages)

Autopus-ADK Modes (absorbed v6.5)

Mode	Trigger	What It Does
SPEC	`spec:new`, `spec:`	EARS-format spec → `spec.md` + `acceptance.md` (Given/When/Then)
LORE	`lore:commit`, `lore:`	9-trailer decision commit (Constraint/Rejected/Confidence/…/Related)
ANNOTATE	`annotate:`, `ax:`	@AX inline annotations (NOTE/WARN/ANCHOR/TODO · `[AUTO]` prefix · CYCLE tracking)
EXPERIMENT	`experiment:`, `xloop:`	XLOOP autonomous experiment loop (measure→change→decide, circuit breaker N=10)
EXPLAIN	`explain:`, 어떻게 동작	Step-by-step code explanation (learning-first)
ROLLBACK	`rollback:`, undo	Safe revert with git status confirmation before reset
MIGRATE	`migrate:`, upgrade	Version migration pipeline — dependency upgrades + breaking change handling
ESCALATE	`escalate:`	Promote current task to Opus sub-agent · auto-return to base tier after

📊 Quality Tiers

Tier	Invoke	Scout	Builder	Reviewer	TestRunner	Savings (est.)
QUICK	`/aura! request`	—	Sonnet	—	—	~60%
ECO (default)	`/aura request`	Haiku	Sonnet	Sonnet	Haiku	~55%
PRO	`/aura pro request`	Haiku	Sonnet+Amplifier v2	Sonnet	Haiku	~20%
MAX	`/aura max request`	Sonnet	Opus	Opus	Sonnet	~0%

QUICK — Color changes, text edits, single-file tweaks
ECO — Feature development, most daily work (recommended)
PRO — Auth, payments, complex business logic (Sonnet+Amplifier v2, Opus removed)
MAX — Security audits, architecture design, production-critical features

[!NOTE] All token savings figures are estimates based on tier routing and context load reduction. Context load reduction (v5.1 82KB → v6 20KB) is measured. Independent benchmarks (like Aider’s Polyglot 64%) do not exist for AuraKit.

⚙️ How It Works

flowchart TD
    A(["/aura request"]) --> B["Mode Detection\n46 modes · auto from natural language"]
    B --> C["Scout Agent · Haiku\nProject scan → .aura/project-profile.md\nConfigHash: skip if unchanged"]
    C --> D["Micro-Plan\n200-token file-by-file build order\nInstinct patterns loaded"]
    D --> E["Builder Agent\nECO: Sonnet  ·  PRO: Sonnet+Amp v2  ·  MAX: Opus\nSEC-01~15 + Language Reviewer"]
    E --> F["Security Hooks\nbash-guard.js · security-scan.sh\nL3 + L5 enforcement"]
    F --> G{"Triple Verify\n(parallel)"}
    G --> H["V1 · Build / Type Check"]
    G --> I["V2 · Security + Review · Sonnet"]
    G --> J["V3 · TestRunner · Haiku"]
    H --> K["Snapshot Checkpoint\n.aura/snapshots/current.md\nInstinct auto-save"]
    I --> K
    J --> K
    K --> |"More files"| E
    K --> |"Complete"| L(["git commit\nNext Actions report\nToken savings report"])

🔐 6-Layer Security

Every generated file passes through up to 6 security gates.

Layer	Name	What It Checks	Active Without install.sh?
L1	Agent Roles	Per-agent read/write boundaries in system prompts	✅ Always
L2	Disallowed Tools	Write/Edit/Bash blocklist for read-only agents	✅ Always
L3	Bash Guard	`rm -rf`, `DROP TABLE`, `eval`, dangerous shell commands	❌ Requires install.sh
L4	Worktree Isolation	Agent subprocesses run in isolated Git Worktrees	❌ Requires install.sh
L5	Security Scan	API keys, hardcoded secrets, SQL injection, XSS, JWT in localStorage	❌ Requires install.sh
L6	Dependency Audit	`npm audit --audit-level=high` on BUILD and FIX	✅ Auto in pipeline

[!WARNING] L3, L4, L5 are only active after running install.sh or npx @smorky85/aurakit. Without installation, only L1 (agent role boundaries) and L2 (tool blocklist) protect you. If you skip installation, omit --dangerously-skip-permissions so manual confirmation acts as your safety net.

Automatically blocked by SEC-01~15:

localStorage.setItem('token', ...)    → httpOnly Cookie required  (SEC-02)
Raw SQL string concatenation          → parameterized queries      (SEC-01)
eval() / exec() with user input       → blocked                    (SEC-05)
Hardcoded API keys / passwords        → blocked                    (SEC-03)
.env not in .gitignore                → commit blocked             (SEC-10)
Math.random() for security tokens     → crypto.randomBytes()       (SEC-08)
HTTP fallback in external calls       → HTTPS only                 (SEC-09)

🔒 Full SEC-01~15 OWASP Reference

SEC-01  SQL injection prevention      SEC-09  HTTPS-only external calls
SEC-02  Auth tokens (httpOnly Cookie) SEC-10  .gitignore enforcement
SEC-03  Secret management             SEC-11  NoSQL/Command/XML/LDAP injection
SEC-04  Input validation (Zod/Pydantic/@Valid) SEC-12  Cryptography (AES-256+)
SEC-05  eval/exec blocking            SEC-13  Dependency audit
SEC-06  Error info leakage prevention SEC-14  Security event logging
SEC-07  CORS whitelist enforcement    SEC-15  SSRF prevention
SEC-08  Secure random (crypto module)

All 15 rules are enforced both inline (code generation) and at runtime (security-scan.sh hook on every Write/Edit).

✨ New in v6.5

🤖 Autopus-ADK Absorption — 16 Specialized Agents + 4 New Modes

v6.5 fully absorbs the Autopus-ADK framework (“A harness of the agents, by the agents, for the agents”):

16 New Specialized Agents: planner · executor · tester · validator · reviewer · security-auditor · annotator · architect · debugger · deep-worker · devops · explorer · frontend-specialist · perf-engineer · spec-writer · ux-validator

4 New Modes:

Mode	Command	What It Does
SPEC	`/aura spec:new`	EARS-format spec with Given/When/Then acceptance criteria
LORE	`/aura lore:commit`	9-trailer decision tracking commit for architectural decisions
ANNOTATE	`/aura annotate:`	@AX inline code annotations (NOTE/WARN/ANCHOR/TODO)
EXPERIMENT	`/aura experiment:`	XLOOP autonomous experiment loop with circuit breaker (N=10)

Key Concepts Absorbed:

RALF loop: RED→GREEN→REFACTOR→LOOP (max 3 retries)
TRUST 5 review: Tested/Readable/Unified/Secured/Trackable
Lead/Builder/Guardian agent team topology
ICE scoring + SCAMPER + MoSCoW (brainstorming)
Worktree isolation R1-R7 (3-check conflict detection)
Behavioral assertion rule (NoError 단독 금지 — observable behavior required)

✅ Claude Code Compliance — Hook cleanup · SKILL.md -105 lines · Resource splits

v6.5 brings AuraKit into full compliance with Claude Code official guidelines:

Change	Before	After
Hook events	16 events (incl. `TeammateIdle` which CC doesn’t emit)	10 valid CC events only
SKILL.md size	662 lines	557 lines (-105 lines)
`build-resolvers.md`	1,352 lines (monolithic)	41-line router + 7 language files
`payment-pipeline.md`	1,043 lines (monolithic)	251-line router + 5 provider files
PRO tier model	Opus	Sonnet+Amplifier v2 (Opus removed from PRO)

TeammateIdle removed — not a real Claude Code event; agent memory now saved via SubagentStop hook
Progressive Load — resource files split by language/provider so only the needed file loads per task

✨ New in v6.4

💳 PAYMENT Mode — Stripe · LemonSqueezy · Polar · TossPayments · StepPay

v6.4 adds a dedicated payment pipeline for subscription billing — the most security-critical feature in any SaaS:

/aura payment: Stripe 구독 결제 붙여줘       # 한국어
/aura payment: add Stripe subscription billing  # English
/aura payment: TossPayments 정기결제 연동      # 한국 서비스

Provider	Market	Tax Handling	Subscription	Recommended for
Stripe	Global	Manual (Stripe Tax)	✅ Full	Global SaaS
LemonSqueezy	Global	✅ Auto (MoR)	✅ Full	Digital products
Polar	Global	✅ Auto (MoR)	✅	Open source
TossPayments	🇰🇷 Korea	❌	✅ Regular billing	국내 서비스
StepPay	🇰🇷 Korea	❌	✅	한국 BNPL

What it builds automatically:

DB schema: subscription_plans + subscriptions + webhook_events
Checkout → subscription create → billing portal flow
Webhook handler with signature verification + idempotency (INSERT ON CONFLICT)
Subscription middleware for route access control
.env.example with all required keys

⚠️ Default tier: PRO (Sonnet+Amplifier v2) — payment code is business-critical. Security audit (VULN-001~012) runs automatically.

🚀 install.sh v2.0 — Zero-friction setup

v6.3 completely rewrites the installer with intelligent dependency management:

Feature	v6.2	v6.3
jq installation	Warn and exit if missing	Auto-install (winget/scoop/choco/brew/apt/dnf/yum/apk/pacman)
Settings update	jq required	Python-first (jq fallback — works without jq)
OS detection	None	`uname -s` → Darwin / Linux / Windows (MINGW/MSYS/CYGWIN)
Node.js check	None	Hard check — exits with install link if missing
Python check	None	Soft check — warns if missing (statusline gracefully degrades)
git check	None	Soft check — warns if missing
Language filter	All languages	`--lang=ko,en,jp,zh,es,fr,de,it` selective install
Status bar	Not installed	AuraKit Nexus auto-installed

bash install.sh                    # Full install (all languages)
bash install.sh --lang=en,ko       # English + Korean only

📊 AuraKit Nexus Status Bar — Real-time token & session info

install.sh v2.0 installs the AuraKit Nexus status bar automatically:

💰 ECO | ctx: 23% | ↑12.4K ↓8.1K = 20.5K (7회) | 주간: 143K | /aura review

Subscription users → daily/weekly remaining % (일↓88% 주↓92%)
API users → actual cost display ($0.23)
Auto-resizes: 3-line (≥80 cols) · 2-line · 1-line (<55 cols)
Language auto-detect: 한국어/日本語/中文/English/…

🪝 10 Hook Events — Core lifecycle automation

AuraKit registers 10 valid Claude Code hook events covering the full agent lifecycle:

Hook Event	Handler File	Function
`SessionStart`	`pre-session.sh`	`.env` security · package manager detect · snapshot check
`UserPromptSubmit`	`korean-command.js`	IME reverse-transliteration routing
`UserPromptSubmit`	`auradkit-detect.js`	Autopus-ADK detect + routing
`PreToolUse`	`security-scan.sh`	Secret pattern detection (L5)
`PreToolUse`	`bash-guard.js`	Dangerous command blocking (L3)
`PostToolUse`	`build-verify.sh`	Compile / type-check after every file
`PostToolUse`	`bloat-check.sh`	250-line split warning
`PostToolUse`	`instinct-auto-save.js`	Instinct pattern auto-save
`PostToolUse`	`auto-format.js`	Prettier / gofmt / black / rustfmt
`PostToolUse`	`governance-capture.js`	Architecture decision audit trail
`PostToolUseFailure`	`post-tool-failure.js`	MCP recovery + failure tracking
`Stop`	`session-stop.js`	Session metrics · Instinct hints · incomplete task alert
`PreCompact`	`pre-compact-snapshot.sh`	Save context state before compaction
`PostCompact`	`post-compact-restore.sh`	Restore context after compaction
`SubagentStart`	`subagent-start.js`	Agent lifecycle — registration + spawn limit check
`SubagentStop`	`subagent-stop.js`	Agent completion + memory save (replaces TeammateIdle)

🎯 STATUS:HEALTH — Mode 36 — Project Health Dashboard

/aura status:health

Generates a real-time project health report:

╔══════════════════════════════════════════════════╗
║           AuraKit Health Dashboard               ║
╠══════════════════════════════════════════════════╣
║  Match Rate:    █████████░  87%  (target: ≥90%)  ║
║  Security:      ██████████  98%  (SEC-01~15)      ║
║  Test Coverage: ████████░░  78%  (target: ≥80%)  ║
║  Tech Debt:     ████░░░░░░  Low  (12 items)       ║
║  Doc Lifecycle: ██████░░░░  61%  (needs update)   ║
╠══════════════════════════════════════════════════╣
║  Recommended: /aura iterate  →  /aura tdd        ║
╚══════════════════════════════════════════════════╝

✨ More v6 Features

🧠 Sonnet Amplifier — Opus-level quality from Sonnet

AuraKit v6 makes Sonnet produce Opus-quality code by forcing structured reasoning before every file:

I/O Contract — Define types, return values, error cases
Existing Code Check — Verify import/naming/style compatibility
Edge Case Discovery — Side effects? Concurrency? Input boundaries? External failures?
SEC/Q Rule Selection — Pick applicable security & quality rules
Then implement — Only after all 4 steps

This eliminates Sonnet’s tendency to rush to code, producing measurably better output.

🧠 Instinct Learning Engine — AuraKit gets smarter with every session

AuraKit learns your project’s patterns after each BUILD/FIX and applies them automatically on the next run.

/aura instinct:show              # All learned patterns
/aura instinct:show auth         # Filter by category
/aura instinct:prune             # Remove low-score patterns
/aura instinct:evolve            # Auto-improve + integrate anti-patterns
/aura instinct:export            # Backup / share with team
/aura instinct:import team.json  # Import from another project
/aura instinct:reset             # ⚠️ Reset all patterns (irreversible)

Before install.sh	After install.sh
Patterns saved by Claude’s judgment after BUILD/FIX	`instinct-auto-save.js` triggers on every Write/Edit — fully automated
Semi-automated	Fully automated

🌐 Language-Specific Code Reviewers — 10 languages with framework awareness

AuraKit auto-detects your project language and applies a specialized reviewer in the V2 step.

Language	Reviewer Focus
TypeScript	Strict null checks, React/Next.js/NestJS patterns, generic type safety
Python	Type hints, async patterns, FastAPI/Django/Flask idioms
Go	Goroutine safety, error wrapping, interface design
Java	Generics, Spring patterns, checked exception handling
Rust	Ownership, lifetimes, unsafe usage review
Kotlin	Coroutines, null safety, idiomatic style
C++	Memory safety, RAII, smart pointer usage
Swift	ARC, optionals, Combine / async-await patterns
PHP	Type coercion risks, PDO usage, injection vectors
Perl	Modern::Perl, regex safety

/aura lang:python review:        # Force Python reviewer
/aura lang:go fix: goroutine leak

🔌 14 MCP Server Configurations

/aura mcp:setup           # Interactive setup wizard
/aura mcp:list            # Show all 14 available configs
/aura mcp:check           # Verify installed servers
/aura mcp:add playwright  # Add a specific server

Supported: Playwright · GitHub · Slack · Linear · Notion · Supabase · PostgreSQL · MongoDB · Redis · Stripe · Vercel · AWS · Sanity · and more.

📍 Next Actions System — Auto-suggest after every task

After every mode completion, AuraKit shows what to do next and reports real token savings:

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
📍 Done: BUILD — JWT Login (8 files)
💰 Token Report:
   Baseline (manual est.): ~18,200 tokens
   Actual used:             ~7,800 tokens
   Saved: 57%  (10,400 tokens)
   ├─ Discovery effect:     -3,200 (삽질 방지)
   ├─ Tier model effect:    -4,800 (haiku Scout + sonnet V2)
   ├─ Cache hit:            -1,500 (session cache + ConfigHash)
   └─ Instinct reuse:         -900 (3 patterns applied)
📊 Pipeline: ████████░░░░ 4/7
   PM ✓ → PLAN ✓ → DESIGN ✓ → BUILD ✓ → REVIEW → ITERATE → DEPLOY
🔜 Next: /aura review → /aura deploy
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

🌐 Cross-Platform (5 Platforms) — Claude Code, Codex, Cursor, Manus, Windsurf

Platform	Support	Setup	Model Mapping
Claude Code	✅ Full	Native — no extra setup	haiku / sonnet / opus
OpenAI Codex CLI	✅ Full	SKILL.md auto-recognized	haiku→gpt-4o-mini, sonnet→gpt-4o, opus→o3
Cursor	✅ Supported	`.cursorrules`, Agent Mode	Cursor model selector
Manus	✅ Supported	System prompt + multi-agent	Manus routing
Windsurf	✅ Supported	`.windsurfrules`, Cascade	Windsurf selector
Aider	⚠️ Partial	`.aider.conf.yml`	BUILD/FIX only
Gemini CLI	🔬 Experimental	System prompt	Unverified

npx @smorky85/aurakit                    # Claude Code (default)
npx @smorky85/aurakit --platform=codex   # Codex CLI adapter
npx @smorky85/aurakit --platform=cursor  # Cursor adapter
npx @smorky85/aurakit --platform=manus   # Manus adapter

🤖 Dynamic Agent Spawning — With circuit breaker

Agents can spawn child agents when tasks are too large. Hard limits prevent runaway:

Limit	Value
Max depth	3 (Agent → Child → Grandchild)
Max total per session	12
Max concurrent	5
Timeout per agent	5 minutes
Circuit breaker	3 consecutive failures → freeze + user alert
Token budget	30% of remaining context per agent

Agent results auto-saved to .aura/agent-memory/[agent].json via SubagentStop hook.

🔄 Loop Operator — Autonomous iteration until done

/aura batch:loop:[task] until:pass    max:5    # Repeat until tests pass
/aura batch:loop:[task] until:90%     max:3    # Repeat until gap ≥ 90%
/aura batch:loop:[task] until:no-error max:10  # Repeat until error-free

Each iteration runs in isolation. Loop stops when the condition is met or max is reached.

💰 Token Optimization

All savings figures are estimates. Context load reduction is measured (v5.1: 82KB → v6: 20KB = 75.6% reduction).

Technique	How	Savings (est.)
SKILL.md slim	Detailed content delegated to resources, 75% context load reduction	Load savings
Tiered Model	Scout / TestRunner use Haiku by default	~40%
Fail-Only Output	Agents return “Pass” or errors only — no verbose logging	~30%
Progressive Load	Resource files loaded per-mode only, not all at once	~10%
Session Cache (B-0)	Skip project re-scan if within 2 hours	~10%
ConfigHash	Rescan only when `package.json` / lockfile changes	~10%
Graceful Compact	Triggers at 65% context + checkpoint saves state	waste eliminated
QUICK Mode	`/aura!` — no protocol, single file	~60%

🌍 Multilingual Commands

8 languages, 56+ commands. Type in your language without switching input methods.

Language	Start	Build	Fix	Clean	Deploy	Review
🇺🇸 English	`/aura`	`/aura build:`	`/aura fix:`	`/aura clean:`	`/aura deploy:`	`/aura review:`
🇰🇷 Korean	`/아우라`	`/아우라빌드`	`/아우라수정`	`/아우라정리`	`/아우라배포`	`/아우라리뷰`
🇯🇵 Japanese	`/オーラ`	`/オーラビルド`	`/オーラ修正`	`/オーラ整理`	`/オーラデプロイ`	`/オーラレビュー`
🇨🇳 Chinese	`/奥拉`	`/奥拉构建`	`/奥拉修复`	`/奥拉清理`	`/奥拉部署`	`/奥拉审查`
🇪🇸 Spanish	`/aura-es`	`/aura-construir`	`/aura-arreglar`	`/aura-limpiar`	`/aura-desplegar`	`/aura-revisar`
🇫🇷 French	`/aura-fr`	`/aura-construire`	`/aura-corriger`	`/aura-nettoyer`	`/aura-deployer`	`/aura-reviser`
🇩🇪 German	`/aura-de`	`/aura-bauen`	`/aura-beheben`	`/aura-aufraeumen`	`/aura-deployen`	`/aura-pruefen`
🇮🇹 Italian	`/aura-it`	`/aura-costruire`	`/aura-correggere`	`/aura-pulire`	`/aura-distribuire`	`/aura-rivedere`

v6.3: All 56+ multilingual commands are handled by the core /aura skill via auto-detection. No separate skill folders needed — freeing ~83% of Claude Code’s skill description budget.

IME support: Korean and Japanese IME reverse-transliteration is handled automatically by hooks/korean-command.js.

🔧 Compatibility

Tool	SKILL.md	Hooks	Agents	Support
Claude Code (recommended)	✅	✅ 16 handlers · 10 events	✅ 23 agent types	Full
OpenAI Codex CLI	✅	✅ sandbox pre/post	✅ agents.md	Full
Cursor	✅	⚠️ VS Code Tasks	✅ Agent Mode	Supported
Manus	✅	✅ event system	✅ native multi-agent	Supported
Windsurf	✅	⚠️ VS Code Tasks	✅ Cascade	Supported
Aider	✅	❌	❌	Partial
Gemini CLI	✅	❌	❌	Experimental

📁 Full Repository Structure

aurakit/                             # v6.5.0
├── skills/
│   ├── aura/                        # Main skill — single /aura entry point
│   │   ├── SKILL.md                 # Core instructions (~20KB, 46 modes)
│   │   └── resources/               # 60+ mode-specific pipeline guides
│   │       ├── build-pipeline.md
│   │       ├── fix-pipeline.md
│   │       ├── security-rules.md    # SEC-01~15 full reference
│   │       ├── instinct-system.md
│   │       ├── language-reviewers.md  # 10 language reviewers
│   │       ├── loop-pipeline.md
│   │       ├── mcp-configs.md       # 14 MCP server configs
│   │       ├── cross-harness.md     # 5-platform guide
│   │       ├── status-dashboard.md  # Health Dashboard
│   │       ├── build-resolvers.md   # Router → language-specific files
│   │       ├── build-resolvers-go.md · -rust.md · -python.md · -java.md · …
│   │       ├── payment-pipeline.md  # Router → provider-specific files
│   │       ├── payment-stripe.md · -lemonsqueezy.md · -polar.md · -toss.md · …
│   │       ├── autopus-spec.md      # EARS SPEC system (v6.5)
│   │       ├── autopus-lore.md      # Decision tracking commits (v6.5)
│   │       ├── autopus-annotate.md  # @AX annotation system (v6.5)
│   │       ├── autopus-pipeline.md  # 5-phase pipeline v2 (v6.5)
│   │       └── ...                  # +40 more guides
│   ├── aura-compact/                # Snapshot + /compact shortcut
│   └── aura-guard/                  # Token budget monitor
├── agents/                          # 23 specialized agents
│   ├── scout.md                     # Read-only project scanner (Haiku)
│   ├── worker.md                    # Reviewer + TestRunner (Sonnet)
│   ├── gap-detector.md              # Design↔implementation gap (Haiku)
│   ├── security.md                  # OWASP Top 10 audit (Sonnet)
│   ├── pm-discovery.md              # OST opportunity mapping (Haiku)
│   ├── pm-strategy.md               # JTBD + Lean Canvas (Haiku)
│   ├── pm-prd.md                    # PRD generation (Sonnet)
│   ├── planner.md                   # Task planning agent (v6.5)
│   ├── executor.md                  # Stack-specific implementation (v6.5)
│   ├── tester.md                    # Test generation + TDD (v6.5)
│   ├── validator.md                 # 8-check Gate 2 validation (v6.5)
│   ├── reviewer.md                  # TRUST 5 code review (v6.5)
│   ├── security-auditor.md          # Deep security audit (v6.5)
│   ├── annotator.md                 # @AX annotation writer (v6.5)
│   ├── architect.md                 # Architecture design (v6.5)
│   ├── debugger.md                  # 5-WHY systematic debug (v6.5)
│   ├── deep-worker.md               # Complex long-running tasks (v6.5)
│   ├── devops.md                    # CI/CD + infrastructure (v6.5)
│   ├── explorer.md                  # Codebase exploration (v6.5)
│   ├── frontend-specialist.md       # UI/UX + accessibility (v6.5)
│   ├── perf-engineer.md             # Performance optimization (v6.5)
│   ├── spec-writer.md               # EARS spec generation (v6.5)
│   └── ux-validator.md              # UX + usability validation (v6.5)
├── hooks/                           # 16 handler files, 10 hook events
│   ├── lib/
│   │   ├── common.js                # Shared: addContext, allow, block
│   │   ├── snapshot.js              # Snapshot read/write helpers
│   │   └── python.js                # Cross-platform Python executor
│   ├── security-scan.sh             # Secret pattern detection (L5)
│   ├── bash-guard.js                # Dangerous command blocking (L3)
│   ├── build-verify.sh              # Compile / type-check after each file
│   ├── bloat-check.sh               # 250-line split warning
│   ├── instinct-auto-save.js        # Instinct pattern auto-save
│   ├── auto-format.js               # Prettier / gofmt / black / rustfmt
│   ├── governance-capture.js        # Architecture decision audit trail
│   ├── post-tool-failure.js         # MCP recovery + failure tracking
│   ├── session-stop.js              # Session metrics + Instinct hints
│   ├── subagent-start.js            # Agent lifecycle — registration
│   ├── subagent-stop.js             # Agent completion + memory save
│   ├── korean-command.js            # IME reverse-transliteration
│   ├── auradkit-detect.js           # Autopus-ADK detect + routing
│   ├── pre-compact-snapshot.sh      # Save context before compact
│   └── post-compact-restore.sh      # Restore context after compact
├── rules/
│   └── aurakit-security.md          # Always-active security rules
├── templates/
│   ├── design-system-default.md     # CSS variable token defaults
│   └── project-profile-template.md
├── statusline/                      # AuraKit Nexus status bar
│   ├── statusline-command.sh
│   └── statusline-parser.py
├── tests/                           # AuraScore test suite
│   ├── run-tests.sh
│   ├── test-build-basic.md
│   ├── test-scout-detect.md
│   ├── test-instinct-save.md
│   ├── test-quick-mode.md
│   └── test-safety-net.md
├── install.sh                       # Installer v2.0 (auto-jq, Python-first)
├── CHANGELOG.md                     # Version history
├── SECURITY.md                      # Vulnerability reporting policy
├── CONTRIBUTING.md
└── LICENSE                          # MIT

🤝 Contributing

We welcome contributions! Add language reviewers, framework patterns, hooks, or security rules.

# Quick contribution workflow
fork → branch (feat/reviewer-csharp) → create files → bash tests/run-tests.sh → PR

See CONTRIBUTING.md for templates and quality requirements.

Contribution	Path	Requirements
Language Reviewer	`resources/language-reviewers.md`	10 rules + 5 checklist items + V1 command
Framework Pattern	`resources/framework-patterns.md`	File structure + 10 rules
Hook	`hooks/[name].js` or `.sh`	Error handling + install.sh registration
Security Rule	`rules/aurakit-security.md` SEC-16+	OWASP/CWE mapping + no duplicates
Mode	`skills/aura/resources/[mode]-pipeline.md`	Full pipeline spec + SKILL.md entry

❓ FAQ

Click to expand all questions

What frameworks does AuraKit support?

Any framework. Scout reads package.json, tsconfig, tailwind.config, prisma.schema, Dockerfile, go.mod, pyproject.toml, and more to adapt automatically. Next.js, React, Vue, Svelte, Express, FastAPI, Django, Spring — all work out of the box.

Does AuraKit work with existing projects?

Yes. AuraKit scans your existing codebase first (via Scout agent), then generates code that matches your existing conventions, styling, and architecture.

What happens if I already have hooks configured?

install.sh (v2.0) updates your settings.json using Python-first logic that preserves your existing configuration while adding AuraKit hooks.

Does AuraKit work on Windows?

Yes, no WSL required. Shell hooks (.sh) run via Git Bash; Node hooks (.js) run cross-platform. Git Bash is recommended for Claude Code itself.

How does compact defense work?

AuraKit sets CLAUDE_AUTOCOMPACT_PCT_OVERRIDE=65, triggering compaction at 65% token usage instead of the default 95%. A PreCompact hook saves your current work state. A PostCompact hook restores it. Zero context loss.

Is my code sent anywhere?

No. AuraKit is a local skill. Everything runs inside your Claude Code session. No external APIs, no telemetry, no data collection.

How is AuraKit different from just prompting Claude?

Manual prompting requires re-explaining your project, conventions, and requirements every session. AuraKit pre-loads all of that automatically via Scout, enforces security through hooks, uses specialized agents for each role, and learns your patterns over time — without extra effort after initial install.

The token savings numbers seem high. Are they real?

Context load reduction (v5.1 82KB → v6 20KB) is measured. Per-task savings (~55% ECO, ~75% MAX) are estimates based on tier routing and prompt engineering — no independent benchmark like Aider’s Polyglot 64% exists for AuraKit.

Do I need all 10 hook events? Can I use only some?

Yes. Install registers all hooks, but each is independent. Remove any entry from settings.json to disable it. The security hooks (L3/L5) are most critical; the rest are quality-of-life.

Try it now — it takes ~30 seconds:

npx @smorky85/aurakit

Then open any project and type /aura.

AuraKit v6.5.0 — 46 modes · 10 hooks · 23 agents · 6-layer security · 5 platforms · ~55% token savings

If AuraKit saves you time, give it a star ⭐ — it helps others find it.

GitHub · npm · Issues · Contribute · Changelog · MIT License