Log in Sign up
Getting Started

Installation

Deploying AuraGuardian requires adding a single PHP file to your server and calling AuraProtector::protect() as early as possible.

Prerequisites

  • PHP 8.0+ (8.1 / 8.2 / 8.3 supported)
  • openssl and json extensions enabled
  • Write permissions to the system temp directory (encrypted engine cache: aura_engine.enc)
  • Outbound HTTPS access to the platform API (for /api/verify)

Step 1: Download agent.php

Download the latest agent.php from your dashboard deployment page (Console → Deployment). Keep it in the same directory as your entry file (or update the require_once path).

Clean code: The agent is a clean, readable PHP file that acts as a thin API client. All security logic is fetched encrypted from the cloud and executed in memory — never stored as plaintext on disk.

Step 2A: Standard integration (recommended)

Use this for Laravel, WordPress, Symfony, Magento, and most PHP apps. Put it at the very top of your entry point (example: public/index.php, index.php, or wp-config.php).

Important: Place the agent before any HTML output/echo/whitespace. Output buffering features (Obsidian Layer) require early initialization. 
<?php
require_once __DIR__ . '/agent.php';

// Replace with your key from Console → Keys
AuraProtector::protect('');

// ... your app bootstrap ...
?>

Single page protection (optional)

If you only want to protect high-value endpoints (checkout, login, admin routes), you can pass only_paths. 

<?php
require_once __DIR__ . '/agent.php';

AuraProtector::protect('', [
    // Exact match
    'only_paths' => ['/checkout'],
    // Wildcards supported by the agent
    // 'only_paths' => ['/product/*'],
]);
?>

Step 2B: Global install (Apache .htaccess auto_prepend_file)

For legacy hosting or custom PHP where you can't easily edit the entrypoint. This runs the agent before every PHP file.

Create a loader file

<?php
require_once __DIR__ . '/agent.php';
AuraProtector::protect('');
?>

Update .htaccess

# Run agent before every PHP script
php_value auto_prepend_file "/full/path/to/your/site/aura_loader.php"

Auto-prepend bundle (no-code)

In Console → Deployment, download the PHP auto_prepend bundle. It includes agent.php plus a ready up_prepend.php loader. You only need to point auto_prepend_file to it.

Step 3: Verification

The platform includes a simulation flag you can append to your URL. If installed correctly, the agent should route you to the Security Challenge instead of your normal page. 

# In the browser
https://yourdomain.com/?sim_vpn=1

Common issues

  • "Headers already sent": ensure the agent runs before any output.
  • No blocking happens: confirm your license is active and not expired beyond the grace window.
  • Domain limit reached: the API may respond with payload: null and a message — upgrade plan or reduce active domains.
  • Cache directory not writable: the agent caches encrypted engine code in the system temp directory. Ensure sys_get_temp_dir() returns a writable path.