Before & After · Quick Start · 46 Modes · Tiers · Pipeline · Security · New in v6.5 · Why AuraKit · FAQ
One command. Full-stack app. Production-ready.
AuraKit is a Claude Code skill that replaces 20+ manual instructions with a single /aura command. It auto-detects what you need, scans your project, generates code with security checks on every file, and commits — all in one shot.
npx @smorky85/aurakit # Install once (~30 seconds, auto-installs jq)
/aura build: login with JWT # That's it. AuraKit handles the rest.Tip
30-second install → npx @smorky85/aurakit or bash install.sh (v2.0), then type /aura in any project. jq, Python, and git are auto-detected and installed if missing.
| ❌ Without AuraKit | ✅ With AuraKit |
|---|---|
|
/aura build: login with JWT
# AuraKit automatically:
# → Scans your project stack (Scout/Haiku)
# → Plans file-by-file build order
# → Generates with SEC-01~15 rules
# → Validates types + security + tests
# → Commits: feat(auth): add login
# Done. One command. ~3 minutes. |
1 — Install (choose one)
# macOS (Homebrew)
brew install smorky85/tap/aurakit
# All platforms (npm)
npx @smorky85/aurakit
# One-liner (macOS / Linux)
curl -fsSL https://raw.githubusercontent.com/smorky850612/Aurakit/main/install.sh | bash
# Windows
npx @smorky85/aurakit
# From source
bash install.shNote
All install methods auto-activate L3~L5 security hooks. install.sh v2.0 auto-detects and installs: jq (winget/scoop/choco/brew/apt/dnf/yum/apk/pacman), checks Node.js, Python, and git. Configures settings.json via Python-first (jq fallback). Installs the AuraKit Nexus status bar.
2 — Use
# Recommended for daily use (hooks enforce security without per-action dialogs)
claude --dangerously-skip-permissions
/aura build: login with JWT # BUILD mode (English)
/aura 로그인 기능 만들어줘 # BUILD mode (Korean · auto-detect)
/aura fix: TypeError in auth.ts # FIX mode
/aura 코드 정리해줘 # CLEAN mode
/aura Vercel 배포 설정해줘 # DEPLOY mode
/aura 코드 리뷰해줘 # REVIEW mode
/aura! 버튼 색상 변경 # QUICK mode · ~60% fewer tokensWarning
What --dangerously-skip-permissions means: Claude won't ask for confirmation on each tool use. This is intentional — AuraKit's hooks (bash-guard.js, security-scan.sh) replace per-action dialogs with automated enforcement. Without install.sh, security relies only on L1/L2 (agent role isolation + tool blocklist).
Safer first-time alternative: Run claude without the flag. Claude will ask for permission on each Write/Edit/Bash call.
Important
Security rules in ~/.claude/rules/aurakit-security.md are always active — applied to every Claude Code session automatically, even without running /aura.
3 — Update (existing users)
# Recommended — always fetches the latest version from npm
npx @smorky85/aurakit@latest
# From source (if you cloned the repo)
git pull origin main && bash install.sh
# One-liner (macOS / Linux)
curl -fsSL https://raw.githubusercontent.com/smorky850612/Aurakit/main/install.sh | bashTip
Running the update command re-runs install.sh automatically — hooks, skills, and security rules are all refreshed in place. Your .aura/ project data (memory, instincts, snapshots) is never overwritten.
AuraKit enforces these 8 principles in every mode, every turn, every output. Any response that violates them is not AuraKit.
| # | Principle | Guarantee | Mechanism |
|---|---|---|---|
| 1 | ⚡ FAST | Faster than any skill | Session cache · ConfigHash · QUICK mode · Progressive Load |
| 2 | ✨ FLASHY | Most informative CLI output | StatusLine · Next Actions · Token Report · Pipeline display |
| 3 | 🔐 SECURE | Genuinely top-tier security | 6-layer gates · 10 hooks · SEC-01~15 · bash-guard · security-scan |
| 4 | 💰 THRIFTY | Max token savings even on Opus | Tiered Model · Fail-Only output · Progressive Load · Session cache |
| 5 | ♾️ IMMORTAL | Survives context loss | 65% compact guard · Snapshots · PostCompact restore · Session resume |
| 6 | 🧠 EVOLVING | Gets smarter with every use | Instinct learning · instinct:evolve · Pattern sharing |
| 7 | 🌐 UNIVERSAL | Any platform, any language | 8 languages · 46 modes · 23 agents · 5 platforms · Non-dev QUICK mode |
| 8 | 🏆 TOP-TIER | Best skill, no comparison | Sum of the above 7 |
"I can just prompt Claude myself" — Yes, but you'll repeat the same 20 instructions every session.
| Manual Prompting | CLAUDE.md File | AuraKit v6.5.0 | |
|---|---|---|---|
| Security enforcement | Hope for the best | Rules, no enforcement | 10 hooks enforce at write-time |
| Context survival | Lost on compact | Partial | Snapshot + PostCompact auto-restore |
| Token efficiency | Wasteful | Manual | ~55% ECO · ~75% MAX (estimated) |
| Code review | Manual | Manual | 4 agents in parallel |
| Multi-language | English only | English only | 8 languages · 56+ commands |
| Learns over time | Starts fresh | Starts fresh | Instinct engine auto-saves patterns |
| jq / tools | Manual setup | Manual setup | Auto-installed on first run |
| Install time | — | 30 min writing rules | ~30 seconds |
AuraKit detects your intent from natural language. Use a namespace prefix (build:, fix:) when the mode is ambiguous.
| Mode | Invoke | What It Does |
|---|---|---|
| BUILD | /aura build: ... or just describe it |
Discovery → micro-plan → generate → triple verify → commit |
| FIX | /aura fix: ... or paste the error |
Root-cause analysis → minimal change → verify |
| REVIEW | /aura review: |
4 parallel agents → VULN-NNN report, A–F grade |
| CLEAN | /aura clean: |
Dead code removal, 250-line splits, deduplication |
| DEPLOY | /aura deploy: |
Framework detect → env setup → deploy config → security recheck |
📋 40 Extended Modes — Quality · Planning · Platform · Utility · Autopus-ADK · Auto
Quality & Testing
| Mode | Trigger | What It Does |
|---|---|---|
| GAP | gap:, match rate |
Design ↔ implementation gap analysis (Match Rate %) |
| ITERATE | iterate:, auto-fix |
Auto-improve until Match Rate ≥ 90% (max 5 cycles) |
| TDD | tdd:, test-first |
🔴 RED → 🟢 GREEN → 🔵 REFACTOR · coverage ≥ 70–90% |
| QA | qa:, docker logs |
Zero-Script QA via real Docker log analysis |
| QA:E2E | qa:e2e:setup |
Playwright E2E — auth / CRUD / responsive / CI pipeline |
| DEBUG | debug:, 5-why |
4-phase systematic debugging with root-cause tracing |
Planning & Design
| Mode | Trigger | What It Does |
|---|---|---|
| PM | pm:, PRD, discovery |
OST + JTBD + Lean Canvas + PRD · 5 PM agents in parallel |
| PLAN | plan:, 계획 |
Structured plan → .aura/docs/plan-*.md |
| DESIGN | design:, DB 설계 |
DB + API + UI workers parallel → cross-consistency check |
| REPORT | report:, 완료 보고서 |
4-perspective value report (user/biz/tech/ops) |
| PIPELINE | pipeline:, 개발 순서 |
9-phase guide: Starter / Dynamic / Enterprise |
| BRAINSTORM | brainstorm:, HMW |
HMW + priority matrix → actionable ideas |
Advanced Operations
| Mode | Trigger | What It Does |
|---|---|---|
| ORCHESTRATE | orchestrate:, leader |
Leader / Swarm / Council / Watchdog multi-agent patterns |
| BATCH | batch:[A,B,C] |
Up to 5 features in parallel Git Worktrees |
| LOOP | batch:loop: until:pass |
Autonomous iteration loop until condition met |
| FINISH | finish:, squash |
Branch squash merge + Worktree cleanup |
| ARCHIVE | archive:, archive:list |
Archive features without deleting |
Platform Specialists
| Mode | Trigger | What It Does |
|---|---|---|
| MOBILE | mobile:, react native |
React Native / Expo specialized pipeline |
| DESKTOP | desktop:, electron |
Electron / Tauri specialized pipeline |
| BAAS | baas:, supabase |
Supabase / Firebase / bkend integration guide |
| PAYMENT | payment:, stripe, polar, toss |
Stripe · LemonSqueezy · Polar · TossPayments · StepPay — full subscription billing pipeline (default PRO tier) |
Intelligence & Configuration
| Mode | Trigger | What It Does |
|---|---|---|
| INSTINCT | instinct:show |
View / manage / evolve learned project patterns |
| LANG | lang:python, lang:go |
Force language-specific code reviewer (10 languages) |
| MCP | mcp:setup, mcp:list |
Install & configure 14 MCP server types |
| CONTENT | content:, 블로그 |
Blog, market research, IR deck, tech docs, email, social |
| STATUS | status, 현재 상태 |
Current work state from .aura/snapshots/ |
| STATUS:HEALTH | status:health |
Health Dashboard — Match Rate · security score · coverage · Tech Debt |
| CONFIG | config:set |
Manage .aura/config.json settings |
Utility
| Mode | Trigger | What It Does |
|---|---|---|
| STYLE | style:, learning |
Switch output persona: learning / expert / concise |
| SNIPPETS | snippets:, 스니펫 |
Save and reuse prompt templates |
QUICK (!) |
/aura! request |
Protocol-minimal, single file, ~60% token savings |
| BUILD_RESOLVER | (auto on V1 fail) | Language-specific build error resolver (7 languages) |
Autopus-ADK Modes (absorbed v6.5)
| Mode | Trigger | What It Does |
|---|---|---|
| SPEC | spec:new, spec: |
EARS-format spec → spec.md + acceptance.md (Given/When/Then) |
| LORE | lore:commit, lore: |
9-trailer decision commit (Constraint/Rejected/Confidence/…/Related) |
| ANNOTATE | annotate:, ax: |
@AX inline annotations (NOTE/WARN/ANCHOR/TODO · [AUTO] prefix · CYCLE tracking) |
| EXPERIMENT | experiment:, xloop: |
XLOOP autonomous experiment loop (measure→change→decide, circuit breaker N=10) |
| EXPLAIN | explain:, 어떻게 동작 |
Step-by-step code explanation (learning-first) |
| ROLLBACK | rollback:, undo |
Safe revert with git status confirmation before reset |
| MIGRATE | migrate:, upgrade |
Version migration pipeline — dependency upgrades + breaking change handling |
| ESCALATE | escalate: |
Promote current task to Opus sub-agent · auto-return to base tier after |
| Tier | Invoke | Scout | Builder | Reviewer | TestRunner | Savings (est.) |
|---|---|---|---|---|---|---|
| QUICK | /aura! request |
— | Sonnet | — | — | ~60% |
| ECO (default) | /aura request |
Haiku | Sonnet | Sonnet | Haiku | ~55% |
| PRO | /aura pro request |
Haiku | Sonnet+Amplifier v2 | Sonnet | Haiku | ~20% |
| MAX | /aura max request |
Sonnet | Opus | Opus | Sonnet | ~0% |
- QUICK — Color changes, text edits, single-file tweaks
- ECO — Feature development, most daily work (recommended)
- PRO — Auth, payments, complex business logic (Sonnet+Amplifier v2, Opus removed)
- MAX — Security audits, architecture design, production-critical features
Note
All token savings figures are estimates based on tier routing and context load reduction. Context load reduction (v5.1 82KB → v6 20KB) is measured. Independent benchmarks (like Aider's Polyglot 64%) do not exist for AuraKit.
flowchart TD
A(["/aura request"]) --> B["Mode Detection\n46 modes · auto from natural language"]
B --> C["Scout Agent · Haiku\nProject scan → .aura/project-profile.md\nConfigHash: skip if unchanged"]
C --> D["Micro-Plan\n200-token file-by-file build order\nInstinct patterns loaded"]
D --> E["Builder Agent\nECO: Sonnet · PRO: Sonnet+Amp v2 · MAX: Opus\nSEC-01~15 + Language Reviewer"]
E --> F["Security Hooks\nbash-guard.js · security-scan.sh\nL3 + L5 enforcement"]
F --> G{"Triple Verify\n(parallel)"}
G --> H["V1 · Build / Type Check"]
G --> I["V2 · Security + Review · Sonnet"]
G --> J["V3 · TestRunner · Haiku"]
H --> K["Snapshot Checkpoint\n.aura/snapshots/current.md\nInstinct auto-save"]
I --> K
J --> K
K --> |"More files"| E
K --> |"Complete"| L(["git commit\nNext Actions report\nToken savings report"])
Every generated file passes through up to 6 security gates.
| Layer | Name | What It Checks | Active Without install.sh? |
|---|---|---|---|
| L1 | Agent Roles | Per-agent read/write boundaries in system prompts | ✅ Always |
| L2 | Disallowed Tools | Write/Edit/Bash blocklist for read-only agents | ✅ Always |
| L3 | Bash Guard | rm -rf, DROP TABLE, eval, dangerous shell commands |
❌ Requires install.sh |
| L4 | Worktree Isolation | Agent subprocesses run in isolated Git Worktrees | ❌ Requires install.sh |
| L5 | Security Scan | API keys, hardcoded secrets, SQL injection, XSS, JWT in localStorage | ❌ Requires install.sh |
| L6 | Dependency Audit | npm audit --audit-level=high on BUILD and FIX |
✅ Auto in pipeline |
Warning
L3, L4, L5 are only active after running install.sh or npx @smorky85/aurakit. Without installation, only L1 (agent role boundaries) and L2 (tool blocklist) protect you. If you skip installation, omit --dangerously-skip-permissions so manual confirmation acts as your safety net.
Automatically blocked by SEC-01~15:
localStorage.setItem('token', ...) → httpOnly Cookie required (SEC-02)
Raw SQL string concatenation → parameterized queries (SEC-01)
eval() / exec() with user input → blocked (SEC-05)
Hardcoded API keys / passwords → blocked (SEC-03)
.env not in .gitignore → commit blocked (SEC-10)
Math.random() for security tokens → crypto.randomBytes() (SEC-08)
HTTP fallback in external calls → HTTPS only (SEC-09)
🔒 Full SEC-01~15 OWASP Reference
SEC-01 SQL injection prevention SEC-09 HTTPS-only external calls
SEC-02 Auth tokens (httpOnly Cookie) SEC-10 .gitignore enforcement
SEC-03 Secret management SEC-11 NoSQL/Command/XML/LDAP injection
SEC-04 Input validation (Zod/Pydantic/@Valid) SEC-12 Cryptography (AES-256+)
SEC-05 eval/exec blocking SEC-13 Dependency audit
SEC-06 Error info leakage prevention SEC-14 Security event logging
SEC-07 CORS whitelist enforcement SEC-15 SSRF prevention
SEC-08 Secure random (crypto module)
All 15 rules are enforced both inline (code generation) and at runtime (security-scan.sh hook on every Write/Edit).
🤖 Autopus-ADK Absorption — 16 Specialized Agents + 4 New Modes
v6.5 fully absorbs the Autopus-ADK framework ("A harness of the agents, by the agents, for the agents"):
16 New Specialized Agents:
planner · executor · tester · validator · reviewer · security-auditor · annotator · architect · debugger · deep-worker · devops · explorer · frontend-specialist · perf-engineer · spec-writer · ux-validator
4 New Modes:
| Mode | Command | What It Does |
|---|---|---|
| SPEC | /aura spec:new |
EARS-format spec with Given/When/Then acceptance criteria |
| LORE | /aura lore:commit |
9-trailer decision tracking commit for architectural decisions |
| ANNOTATE | /aura annotate: |
@AX inline code annotations (NOTE/WARN/ANCHOR/TODO) |
| EXPERIMENT | /aura experiment: |
XLOOP autonomous experiment loop with circuit breaker (N=10) |
Key Concepts Absorbed:
- RALF loop: RED→GREEN→REFACTOR→LOOP (max 3 retries)
- TRUST 5 review: Tested/Readable/Unified/Secured/Trackable
- Lead/Builder/Guardian agent team topology
- ICE scoring + SCAMPER + MoSCoW (brainstorming)
- Worktree isolation R1-R7 (3-check conflict detection)
- Behavioral assertion rule (NoError 단독 금지 — observable behavior required)
✅ Claude Code Compliance — Hook cleanup · SKILL.md -105 lines · Resource splits
v6.5 brings AuraKit into full compliance with Claude Code official guidelines:
| Change | Before | After |
|---|---|---|
| Hook events | 16 events (incl. TeammateIdle which CC doesn't emit) |
10 valid CC events only |
| SKILL.md size | 662 lines | 557 lines (-105 lines) |
build-resolvers.md |
1,352 lines (monolithic) | 41-line router + 7 language files |
payment-pipeline.md |
1,043 lines (monolithic) | 251-line router + 5 provider files |
| PRO tier model | Opus | Sonnet+Amplifier v2 (Opus removed from PRO) |
- TeammateIdle removed — not a real Claude Code event; agent memory now saved via
SubagentStophook - Progressive Load — resource files split by language/provider so only the needed file loads per task
💳 PAYMENT Mode — Stripe · LemonSqueezy · Polar · TossPayments · StepPay
v6.4 adds a dedicated payment pipeline for subscription billing — the most security-critical feature in any SaaS:
/aura payment: Stripe 구독 결제 붙여줘 # 한국어
/aura payment: add Stripe subscription billing # English
/aura payment: TossPayments 정기결제 연동 # 한국 서비스| Provider | Market | Tax Handling | Subscription | Recommended for |
|---|---|---|---|---|
| Stripe | Global | Manual (Stripe Tax) | ✅ Full | Global SaaS |
| LemonSqueezy | Global | ✅ Auto (MoR) | ✅ Full | Digital products |
| Polar | Global | ✅ Auto (MoR) | ✅ | Open source |
| TossPayments | 🇰🇷 Korea | ❌ | ✅ Regular billing | 국내 서비스 |
| StepPay | 🇰🇷 Korea | ❌ | ✅ | 한국 BNPL |
What it builds automatically:
- DB schema:
subscription_plans+subscriptions+webhook_events - Checkout → subscription create → billing portal flow
- Webhook handler with signature verification + idempotency (
INSERT ON CONFLICT) - Subscription middleware for route access control
.env.examplewith all required keys
⚠️ Default tier: PRO (Sonnet+Amplifier v2) — payment code is business-critical. Security audit (VULN-001~012) runs automatically.
🚀 install.sh v2.0 — Zero-friction setup
v6.3 completely rewrites the installer with intelligent dependency management:
| Feature | v6.2 | v6.3 |
|---|---|---|
| jq installation | Warn and exit if missing | Auto-install (winget/scoop/choco/brew/apt/dnf/yum/apk/pacman) |
| Settings update | jq required | Python-first (jq fallback — works without jq) |
| OS detection | None | uname -s → Darwin / Linux / Windows (MINGW/MSYS/CYGWIN) |
| Node.js check | None | Hard check — exits with install link if missing |
| Python check | None | Soft check — warns if missing (statusline gracefully degrades) |
| git check | None | Soft check — warns if missing |
| Language filter | All languages | --lang=ko,en,jp,zh,es,fr,de,it selective install |
| Status bar | Not installed | AuraKit Nexus auto-installed |
bash install.sh # Full install (all languages)
bash install.sh --lang=en,ko # English + Korean only📊 AuraKit Nexus Status Bar — Real-time token & session info
install.sh v2.0 installs the AuraKit Nexus status bar automatically:
💰 ECO | ctx: 23% | ↑12.4K ↓8.1K = 20.5K (7회) | 주간: 143K | /aura review
- Subscription users → daily/weekly remaining % (일↓88% 주↓92%)
- API users → actual cost display ($0.23)
- Auto-resizes: 3-line (≥80 cols) · 2-line · 1-line (<55 cols)
- Language auto-detect: 한국어/日本語/中文/English/...
🪝 10 Hook Events — Core lifecycle automation
AuraKit registers 10 valid Claude Code hook events covering the full agent lifecycle:
| Hook Event | Handler File | Function |
|---|---|---|
SessionStart |
pre-session.sh |
.env security · package manager detect · snapshot check |
UserPromptSubmit |
korean-command.js |
IME reverse-transliteration routing |
UserPromptSubmit |
auradkit-detect.js |
Autopus-ADK detect + routing |
PreToolUse |
security-scan.sh |
Secret pattern detection (L5) |
PreToolUse |
bash-guard.js |
Dangerous command blocking (L3) |
PostToolUse |
build-verify.sh |
Compile / type-check after every file |
PostToolUse |
bloat-check.sh |
250-line split warning |
PostToolUse |
instinct-auto-save.js |
Instinct pattern auto-save |
PostToolUse |
auto-format.js |
Prettier / gofmt / black / rustfmt |
PostToolUse |
governance-capture.js |
Architecture decision audit trail |
PostToolUseFailure |
post-tool-failure.js |
MCP recovery + failure tracking |
Stop |
session-stop.js |
Session metrics · Instinct hints · incomplete task alert |
PreCompact |
pre-compact-snapshot.sh |
Save context state before compaction |
PostCompact |
post-compact-restore.sh |
Restore context after compaction |
SubagentStart |
subagent-start.js |
Agent lifecycle — registration + spawn limit check |
SubagentStop |
subagent-stop.js |
Agent completion + memory save (replaces TeammateIdle) |
🎯 STATUS:HEALTH — Mode 36 — Project Health Dashboard
/aura status:healthGenerates a real-time project health report:
╔══════════════════════════════════════════════════╗
║ AuraKit Health Dashboard ║
╠══════════════════════════════════════════════════╣
║ Match Rate: █████████░ 87% (target: ≥90%) ║
║ Security: ██████████ 98% (SEC-01~15) ║
║ Test Coverage: ████████░░ 78% (target: ≥80%) ║
║ Tech Debt: ████░░░░░░ Low (12 items) ║
║ Doc Lifecycle: ██████░░░░ 61% (needs update) ║
╠══════════════════════════════════════════════════╣
║ Recommended: /aura iterate → /aura tdd ║
╚══════════════════════════════════════════════════╝
🧠 Sonnet Amplifier — Opus-level quality from Sonnet
AuraKit v6 makes Sonnet produce Opus-quality code by forcing structured reasoning before every file:
- I/O Contract — Define types, return values, error cases
- Existing Code Check — Verify import/naming/style compatibility
- Edge Case Discovery — Side effects? Concurrency? Input boundaries? External failures?
- SEC/Q Rule Selection — Pick applicable security & quality rules
- Then implement — Only after all 4 steps
This eliminates Sonnet's tendency to rush to code, producing measurably better output.
🧠 Instinct Learning Engine — AuraKit gets smarter with every session
AuraKit learns your project's patterns after each BUILD/FIX and applies them automatically on the next run.
/aura instinct:show # All learned patterns
/aura instinct:show auth # Filter by category
/aura instinct:prune # Remove low-score patterns
/aura instinct:evolve # Auto-improve + integrate anti-patterns
/aura instinct:export # Backup / share with team
/aura instinct:import team.json # Import from another project
/aura instinct:reset # ⚠️ Reset all patterns (irreversible)| Before install.sh | After install.sh |
|---|---|
| Patterns saved by Claude's judgment after BUILD/FIX | instinct-auto-save.js triggers on every Write/Edit — fully automated |
| Semi-automated | Fully automated |
🌐 Language-Specific Code Reviewers — 10 languages with framework awareness
AuraKit auto-detects your project language and applies a specialized reviewer in the V2 step.
| Language | Reviewer Focus |
|---|---|
| TypeScript | Strict null checks, React/Next.js/NestJS patterns, generic type safety |
| Python | Type hints, async patterns, FastAPI/Django/Flask idioms |
| Go | Goroutine safety, error wrapping, interface design |
| Java | Generics, Spring patterns, checked exception handling |
| Rust | Ownership, lifetimes, unsafe usage review |
| Kotlin | Coroutines, null safety, idiomatic style |
| C++ | Memory safety, RAII, smart pointer usage |
| Swift | ARC, optionals, Combine / async-await patterns |
| PHP | Type coercion risks, PDO usage, injection vectors |
| Perl | Modern::Perl, regex safety |
/aura lang:python review: # Force Python reviewer
/aura lang:go fix: goroutine leak🔌 14 MCP Server Configurations
/aura mcp:setup # Interactive setup wizard
/aura mcp:list # Show all 14 available configs
/aura mcp:check # Verify installed servers
/aura mcp:add playwright # Add a specific serverSupported: Playwright · GitHub · Slack · Linear · Notion · Supabase · PostgreSQL · MongoDB · Redis · Stripe · Vercel · AWS · Sanity · and more.
📍 Next Actions System — Auto-suggest after every task
After every mode completion, AuraKit shows what to do next and reports real token savings:
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
📍 Done: BUILD — JWT Login (8 files)
💰 Token Report:
Baseline (manual est.): ~18,200 tokens
Actual used: ~7,800 tokens
Saved: 57% (10,400 tokens)
├─ Discovery effect: -3,200 (삽질 방지)
├─ Tier model effect: -4,800 (haiku Scout + sonnet V2)
├─ Cache hit: -1,500 (session cache + ConfigHash)
└─ Instinct reuse: -900 (3 patterns applied)
📊 Pipeline: ████████░░░░ 4/7
PM ✓ → PLAN ✓ → DESIGN ✓ → BUILD ✓ → REVIEW → ITERATE → DEPLOY
🔜 Next: /aura review → /aura deploy
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
🌐 Cross-Platform (5 Platforms) — Claude Code, Codex, Cursor, Manus, Windsurf
| Platform | Support | Setup | Model Mapping |
|---|---|---|---|
| Claude Code | ✅ Full | Native — no extra setup | haiku / sonnet / opus |
| OpenAI Codex CLI | ✅ Full | SKILL.md auto-recognized | haiku→gpt-4o-mini, sonnet→gpt-4o, opus→o3 |
| Cursor | ✅ Supported | .cursorrules, Agent Mode |
Cursor model selector |
| Manus | ✅ Supported | System prompt + multi-agent | Manus routing |
| Windsurf | ✅ Supported | .windsurfrules, Cascade |
Windsurf selector |
| Aider | .aider.conf.yml |
BUILD/FIX only | |
| Gemini CLI | 🔬 Experimental | System prompt | Unverified |
npx @smorky85/aurakit # Claude Code (default)
npx @smorky85/aurakit --platform=codex # Codex CLI adapter
npx @smorky85/aurakit --platform=cursor # Cursor adapter
npx @smorky85/aurakit --platform=manus # Manus adapter🤖 Dynamic Agent Spawning — With circuit breaker
Agents can spawn child agents when tasks are too large. Hard limits prevent runaway:
| Limit | Value |
|---|---|
| Max depth | 3 (Agent → Child → Grandchild) |
| Max total per session | 12 |
| Max concurrent | 5 |
| Timeout per agent | 5 minutes |
| Circuit breaker | 3 consecutive failures → freeze + user alert |
| Token budget | 30% of remaining context per agent |
Agent results auto-saved to .aura/agent-memory/[agent].json via SubagentStop hook.
🔄 Loop Operator — Autonomous iteration until done
/aura batch:loop:[task] until:pass max:5 # Repeat until tests pass
/aura batch:loop:[task] until:90% max:3 # Repeat until gap ≥ 90%
/aura batch:loop:[task] until:no-error max:10 # Repeat until error-freeEach iteration runs in isolation. Loop stops when the condition is met or max is reached.
All savings figures are estimates. Context load reduction is measured (v5.1: 82KB → v6: 20KB = 75.6% reduction).
| Technique | How | Savings (est.) |
|---|---|---|
| SKILL.md slim | Detailed content delegated to resources, 75% context load reduction | Load savings |
| Tiered Model | Scout / TestRunner use Haiku by default | ~40% |
| Fail-Only Output | Agents return "Pass" or errors only — no verbose logging | ~30% |
| Progressive Load | Resource files loaded per-mode only, not all at once | ~10% |
| Session Cache (B-0) | Skip project re-scan if within 2 hours | ~10% |
| ConfigHash | Rescan only when package.json / lockfile changes |
~10% |
| Graceful Compact | Triggers at 65% context + checkpoint saves state | waste eliminated |
| QUICK Mode | /aura! — no protocol, single file |
~60% |
8 languages, 56+ commands. Type in your language without switching input methods.
| Language | Start | Build | Fix | Clean | Deploy | Review |
|---|---|---|---|---|---|---|
| 🇺🇸 English | /aura |
/aura build: |
/aura fix: |
/aura clean: |
/aura deploy: |
/aura review: |
| 🇰🇷 Korean | /아우라 |
/아우라빌드 |
/아우라수정 |
/아우라정리 |
/아우라배포 |
/아우라리뷰 |
| 🇯🇵 Japanese | /オーラ |
/オーラビルド |
/オーラ修正 |
/オーラ整理 |
/オーラデプロイ |
/オーラレビュー |
| 🇨🇳 Chinese | /奥拉 |
/奥拉构建 |
/奥拉修复 |
/奥拉清理 |
/奥拉部署 |
/奥拉审查 |
| 🇪🇸 Spanish | /aura-es |
/aura-construir |
/aura-arreglar |
/aura-limpiar |
/aura-desplegar |
/aura-revisar |
| 🇫🇷 French | /aura-fr |
/aura-construire |
/aura-corriger |
/aura-nettoyer |
/aura-deployer |
/aura-reviser |
| 🇩🇪 German | /aura-de |
/aura-bauen |
/aura-beheben |
/aura-aufraeumen |
/aura-deployen |
/aura-pruefen |
| 🇮🇹 Italian | /aura-it |
/aura-costruire |
/aura-correggere |
/aura-pulire |
/aura-distribuire |
/aura-rivedere |
v6.3: All 56+ multilingual commands are handled by the core
/auraskill via auto-detection. No separate skill folders needed — freeing ~83% of Claude Code's skill description budget.
IME support: Korean and Japanese IME reverse-transliteration is handled automatically by hooks/korean-command.js.
| Tool | SKILL.md | Hooks | Agents | Support |
|---|---|---|---|---|
| Claude Code (recommended) | ✅ | ✅ 16 handlers · 10 events | ✅ 23 agent types | Full |
| OpenAI Codex CLI | ✅ | ✅ sandbox pre/post | ✅ agents.md | Full |
| Cursor | ✅ | ✅ Agent Mode | Supported | |
| Manus | ✅ | ✅ event system | ✅ native multi-agent | Supported |
| Windsurf | ✅ | ✅ Cascade | Supported | |
| Aider | ✅ | ❌ | ❌ | Partial |
| Gemini CLI | ✅ | ❌ | ❌ | Experimental |
📁 Full Repository Structure
aurakit/ # v6.5.0
├── skills/
│ ├── aura/ # Main skill — single /aura entry point
│ │ ├── SKILL.md # Core instructions (~20KB, 46 modes)
│ │ └── resources/ # 60+ mode-specific pipeline guides
│ │ ├── build-pipeline.md
│ │ ├── fix-pipeline.md
│ │ ├── security-rules.md # SEC-01~15 full reference
│ │ ├── instinct-system.md
│ │ ├── language-reviewers.md # 10 language reviewers
│ │ ├── loop-pipeline.md
│ │ ├── mcp-configs.md # 14 MCP server configs
│ │ ├── cross-harness.md # 5-platform guide
│ │ ├── status-dashboard.md # Health Dashboard
│ │ ├── build-resolvers.md # Router → language-specific files
│ │ ├── build-resolvers-go.md · -rust.md · -python.md · -java.md · …
│ │ ├── payment-pipeline.md # Router → provider-specific files
│ │ ├── payment-stripe.md · -lemonsqueezy.md · -polar.md · -toss.md · …
│ │ ├── autopus-spec.md # EARS SPEC system (v6.5)
│ │ ├── autopus-lore.md # Decision tracking commits (v6.5)
│ │ ├── autopus-annotate.md # @AX annotation system (v6.5)
│ │ ├── autopus-pipeline.md # 5-phase pipeline v2 (v6.5)
│ │ └── ... # +40 more guides
│ ├── aura-compact/ # Snapshot + /compact shortcut
│ └── aura-guard/ # Token budget monitor
├── agents/ # 23 specialized agents
│ ├── scout.md # Read-only project scanner (Haiku)
│ ├── worker.md # Reviewer + TestRunner (Sonnet)
│ ├── gap-detector.md # Design↔implementation gap (Haiku)
│ ├── security.md # OWASP Top 10 audit (Sonnet)
│ ├── pm-discovery.md # OST opportunity mapping (Haiku)
│ ├── pm-strategy.md # JTBD + Lean Canvas (Haiku)
│ ├── pm-prd.md # PRD generation (Sonnet)
│ ├── planner.md # Task planning agent (v6.5)
│ ├── executor.md # Stack-specific implementation (v6.5)
│ ├── tester.md # Test generation + TDD (v6.5)
│ ├── validator.md # 8-check Gate 2 validation (v6.5)
│ ├── reviewer.md # TRUST 5 code review (v6.5)
│ ├── security-auditor.md # Deep security audit (v6.5)
│ ├── annotator.md # @AX annotation writer (v6.5)
│ ├── architect.md # Architecture design (v6.5)
│ ├── debugger.md # 5-WHY systematic debug (v6.5)
│ ├── deep-worker.md # Complex long-running tasks (v6.5)
│ ├── devops.md # CI/CD + infrastructure (v6.5)
│ ├── explorer.md # Codebase exploration (v6.5)
│ ├── frontend-specialist.md # UI/UX + accessibility (v6.5)
│ ├── perf-engineer.md # Performance optimization (v6.5)
│ ├── spec-writer.md # EARS spec generation (v6.5)
│ └── ux-validator.md # UX + usability validation (v6.5)
├── hooks/ # 16 handler files, 10 hook events
│ ├── lib/
│ │ ├── common.js # Shared: addContext, allow, block
│ │ ├── snapshot.js # Snapshot read/write helpers
│ │ └── python.js # Cross-platform Python executor
│ ├── security-scan.sh # Secret pattern detection (L5)
│ ├── bash-guard.js # Dangerous command blocking (L3)
│ ├── build-verify.sh # Compile / type-check after each file
│ ├── bloat-check.sh # 250-line split warning
│ ├── instinct-auto-save.js # Instinct pattern auto-save
│ ├── auto-format.js # Prettier / gofmt / black / rustfmt
│ ├── governance-capture.js # Architecture decision audit trail
│ ├── post-tool-failure.js # MCP recovery + failure tracking
│ ├── session-stop.js # Session metrics + Instinct hints
│ ├── subagent-start.js # Agent lifecycle — registration
│ ├── subagent-stop.js # Agent completion + memory save
│ ├── korean-command.js # IME reverse-transliteration
│ ├── auradkit-detect.js # Autopus-ADK detect + routing
│ ├── pre-compact-snapshot.sh # Save context before compact
│ └── post-compact-restore.sh # Restore context after compact
├── rules/
│ └── aurakit-security.md # Always-active security rules
├── templates/
│ ├── design-system-default.md # CSS variable token defaults
│ └── project-profile-template.md
├── statusline/ # AuraKit Nexus status bar
│ ├── statusline-command.sh
│ └── statusline-parser.py
├── tests/ # AuraScore test suite
│ ├── run-tests.sh
│ ├── test-build-basic.md
│ ├── test-scout-detect.md
│ ├── test-instinct-save.md
│ ├── test-quick-mode.md
│ └── test-safety-net.md
├── install.sh # Installer v2.0 (auto-jq, Python-first)
├── CHANGELOG.md # Version history
├── SECURITY.md # Vulnerability reporting policy
├── CONTRIBUTING.md
└── LICENSE # MIT
We welcome contributions! Add language reviewers, framework patterns, hooks, or security rules.
# Quick contribution workflow
fork → branch (feat/reviewer-csharp) → create files → bash tests/run-tests.sh → PRSee CONTRIBUTING.md for templates and quality requirements.
| Contribution | Path | Requirements |
|---|---|---|
| Language Reviewer | resources/language-reviewers.md |
10 rules + 5 checklist items + V1 command |
| Framework Pattern | resources/framework-patterns.md |
File structure + 10 rules |
| Hook | hooks/[name].js or .sh |
Error handling + install.sh registration |
| Security Rule | rules/aurakit-security.md SEC-16+ |
OWASP/CWE mapping + no duplicates |
| Mode | skills/aura/resources/[mode]-pipeline.md |
Full pipeline spec + SKILL.md entry |
Click to expand all questions
What frameworks does AuraKit support?
Any framework. Scout reads package.json, tsconfig, tailwind.config, prisma.schema, Dockerfile, go.mod, pyproject.toml, and more to adapt automatically. Next.js, React, Vue, Svelte, Express, FastAPI, Django, Spring — all work out of the box.
Does AuraKit work with existing projects?
Yes. AuraKit scans your existing codebase first (via Scout agent), then generates code that matches your existing conventions, styling, and architecture.
What happens if I already have hooks configured?
install.sh (v2.0) updates your settings.json using Python-first logic that preserves your existing configuration while adding AuraKit hooks.
Does AuraKit work on Windows?
Yes, no WSL required. Shell hooks (.sh) run via Git Bash; Node hooks (.js) run cross-platform. Git Bash is recommended for Claude Code itself.
How does compact defense work?
AuraKit sets CLAUDE_AUTOCOMPACT_PCT_OVERRIDE=65, triggering compaction at 65% token usage instead of the default 95%. A PreCompact hook saves your current work state. A PostCompact hook restores it. Zero context loss.
Is my code sent anywhere?
No. AuraKit is a local skill. Everything runs inside your Claude Code session. No external APIs, no telemetry, no data collection.
How is AuraKit different from just prompting Claude?
Manual prompting requires re-explaining your project, conventions, and requirements every session. AuraKit pre-loads all of that automatically via Scout, enforces security through hooks, uses specialized agents for each role, and learns your patterns over time — without extra effort after initial install.
The token savings numbers seem high. Are they real?
Context load reduction (v5.1 82KB → v6 20KB) is measured. Per-task savings (~55% ECO, ~75% MAX) are estimates based on tier routing and prompt engineering — no independent benchmark like Aider's Polyglot 64% exists for AuraKit.
Do I need all 10 hook events? Can I use only some?
Yes. Install registers all hooks, but each is independent. Remove any entry from settings.json to disable it. The security hooks (L3/L5) are most critical; the rest are quality-of-life.
npx @smorky85/aurakitThen open any project and type /aura.
AuraKit v6.5.0 — 46 modes · 10 hooks · 23 agents · 6-layer security · 5 platforms · ~55% token savings
If AuraKit saves you time, give it a star ⭐ — it helps others find it.
GitHub · npm · Issues · Contribute · Changelog · MIT License