One CLI for AI Agent Security

Credential detection with scope drift analysis, config integrity signing, runtime monitoring, and supply chain verification. Works with Node.js, Python, Go, and MCP server projects.

# Try without installing
$ npx opena2a-cli init
# Install globally
$ npm install -g opena2a-cli
# Homebrew (macOS/Linux)
$ brew tap opena2a-org/tap && brew install opena2a
View on GitHub

Full documentation

Instant Security Assessment

Run opena2a init in any project to get a security score, credential findings, scope drift alerts, and prioritized actions. Then run opena2a protect to fix everything.

Terminal
$ opena2a init
OpenA2A Security Report v0.8.21
Project acme-agent v2.1.0
Type Node.js + MCP server
Security Posture
-----------------------------------------------
Credential scan 4 findings
.gitignore present
.env protection NOT in .gitignore
Lock file package-lock.json
MCP config found
LLM server Ollama on :11434 (no auth)
-----------------------------------------------
Security Score 15 / 100 -> 80 by running opena2a protect
Scope Drift Detected
-----------------------------------------------
DRIFT-001 Google Maps key may access Gemini AI
DRIFT-002 AWS key may access Bedrock AI

All Commands

33 commands across 9 categories. Direct commands, adapter-backed tools, and orchestration.

Quick Start

One command to go from zero to fully registered with identity, MCP discovery, and trust scoring.

opena2a setup

One-command agent onboarding

Authenticates, auto-detects project name (package.json, pyproject.toml, or directory), creates identity on AIM Cloud, discovers and attaches MCP servers, shows trust score.

Shadow AI Detection

Discover AI agents, MCP servers, and AI configurations across your machine and project.

opena2a detect

Discover AI agents on this machine

Finds running AI agents, MCP servers, and LLM processes. Use --auto-scan to scan unknown servers and contribute results.

opena2a mcp audit

MCP server identity management

Subcommands: audit, sign, verify. Inspects MCP server configs for credential exposure and integrity.

Authentication

Browser-based OAuth login. No API keys to manage. One command to authenticate with AIM Cloud or self-hosted servers.

opena2a login

Authenticate with AIM server via browser

OAuth Device Authorization flow (RFC 8628). Opens browser, shows a code, completes when you approve. Tokens stored securely at ~/.opena2a/auth.json.

opena2a whoami

Show current authentication status

Displays server URL, token validity, and expiration. Supports --json for programmatic checks.

opena2a logout

Remove stored authentication credentials

Deletes the local auth token. Does not revoke the server session.

Identity

Cryptographic identity, lifecycle management, and audit trail. Works locally or against AIM Cloud.

opena2a identity create

Create a cryptographic agent identity

Generates Ed25519 keypair. With --server cloud, registers on AIM server using your login session (no API key needed).

opena2a identity trust

Calculate agent trust score

8-factor trust algorithm: verification status, uptime, action success rate, security alerts, compliance, age, drift, feedback.

opena2a identity suspend / reactivate

Lifecycle management for server agents

Suspend stops all agent operations instantly. Reactivate restores a suspended or revoked agent. Trust score adjusts automatically.

opena2a identity revoke

Permanently revoke an agent (30-day retention)

Revokes the agent and drops trust to 0. Data retained for 30 days -- reactivate within that window to restore. Requires --ci flag for safety.

opena2a identity sign / verify

Cryptographic signing and verification

Sign configs, governance files, or arbitrary data with Ed25519. Verify signatures against registered identities.

opena2a identity audit / activity

View agent audit trail and activity events

Append-only log of every action. JSON-lines locally, PostgreSQL with full query API on the server. Supports --limit and --json.

opena2a watch

Live tail of agent activity events

Polls AIM server every 3 seconds and displays events in real-time. Deduplicates by event ID. Supports --json for NDJSON output. Ctrl+C to stop.

Agent Management

Tags, MCP connections, capabilities, and policies. Manage your agents via CLI or the AIM Cloud dashboard.

opena2a identity tag

Organize agents with tags

Subcommands: list, add, remove. Tag agents for environment (production, staging) or purpose (data-pipeline, customer-facing).

opena2a identity mcp

Manage MCP server connections

Subcommands: list, add, remove, attach. Use attach to auto-discover all MCP servers on your machine and register them as org entities.

opena2a identity integrate

Wire security tools to identity

Connects HMA, Secretless, ConfigGuard, ARP, and Shield to your agent identity for unified audit trail and trust scoring.

opena2a identity policy

Capability enforcement policies

Load YAML policies locally or view server policies with --server cloud. Default-deny or default-allow with per-capability rules.

Governance

Define behavioral boundaries with SOUL.md. Benchmark against the Open Agent Security Benchmark.

opena2a harden-soul

Generate or improve SOUL.md governance file

Creates governance files from ABGS templates. Tier-aware: BASIC, STANDARD, AGENTIC. Supports --dry-run preview.

opena2a scan-soul

Scan governance file for behavioral safety

Evaluates SOUL.md against ABGS framework. Supports agent profiles: conversational, code-assistant, tool-agent, autonomous, orchestrator.

opena2a benchmark

Run OASB security benchmark

222 standardized attack scenarios at three levels (L1, L2, L3). Uses HackMyAgent programmatic API.

opena2a baselines

Collect behavioral observations (opt-in)

Crowdsourced agent profiling. Observes package behavior for a configurable duration and reports findings to the community.

Security Scanning

204 security checks. Credential detection. Scope drift analysis. Full HTML security dashboard.

opena2a scan

Run 204 security checks via HackMyAgent

Adapter-backed scanning with attack simulation, auto-fix suggestions, and compliance reporting.

opena2a check

Quick security check (alias for scan secure)

Shorthand that delegates to HackMyAgent's secure scan profile for fast assessments.

opena2a review

Unified HTML security dashboard

Runs all checks (init + protect + guard + HMA scan), generates an interactive HTML dashboard with score breakdown.

Protection

Migrate credentials, sign configs, enable runtime monitoring, deploy Shield orchestration.

opena2a init

Assess project security posture (read-only)

Detects project type, scans for credentials, checks hygiene, calculates trust score (0-100), and provides prioritized next steps.

opena2a protect

Detect and migrate hardcoded credentials

Finds API keys across all source files. Language-aware replacements for JS, Python, Go, Ruby, Java, and Rust.

opena2a guard

Config file integrity signing and verification

Signs config files with SHA-256 hashes. Subcommands: sign, verify, status, watch, diff, policy, hook, resign, snapshot.

opena2a shield

Unified security orchestration

Full 11-step setup via shield init. Also: status, log, selfcheck, policy, evaluate, recover, report, session, baseline.

opena2a runtime

Agent runtime protection (ARP)

Monitors process, network, and filesystem activity. Protocol-aware for MCP and A2A. Subcommands: start, status, tail, init.

Trust Verification

Query community trust scores for AI packages. Contribute anonymized scan results to help the community.

opena2a trust

Look up trust profile for an agent or MCP server

Queries the ATP registry by npm, PyPI, or GitHub source. Auto-detects from package.json.

opena2a registry

Query community trust data for packages

Adapter-backed lookup via ai-trust. Returns security metadata, trust scores, and known vulnerabilities.

opena2a --registry

Attach registry lookup to any scan command

Flag available on scan, check, and init. Cross-references local findings with registry intelligence.

opena2a --contribute

Share anonymized scan results with the community

Opt-in flag that uploads anonymized security metrics to OpenA2A for community benchmarking.

Scope Drift Analysis

Scope Drift Detection

API keys provisioned for one service often silently grant access to others. A Google Maps key can call Gemini. An AWS S3 key may reach Bedrock. OpenA2A detects these cross-service privilege escalations.

DRIFT-001Google Cloud

Google API Key Gemini Drift

A key provisioned for Google Maps silently grants access to Gemini AI models. Attackers can run LLM workloads billed to your account.

Unintended access: Gemini API access
DRIFT-002AWS

AWS Access Key Bedrock Drift

An AWS key intended for S3 or EC2 may also grant access to Bedrock LLM models due to over-provisioned IAM policies.

Unintended access: Bedrock API access

Detected Credential Patterns

Regex-based detection with language-aware replacements for JS, Python, Go, Ruby, Java, and Rust.

IDPatternPrefixSeverity
CRED-001Anthropic API Keysk-ant-api*Critical
CRED-002OpenAI API Keysk-*, sk-proj-*Critical
CRED-003GitHub Tokenghp_*, ghs_*High
DRIFT-001Google API KeyAIza*High
DRIFT-002AWS Access KeyAKIA*High
CRED-004Generic API Keyapi_key=, secret_key=Medium

Built-in Discovery

No need to memorize commands or read documentation. The CLI has four interactive modes that let you explore, search, and describe what you need.

Interactive Mode
# No arguments -- launches guided mode
$ opena2a
What would you like to do?
> Scan project for security issues
Protect credentials
Create agent identity
Set up governance
Run full security review
# ? -- shows all available commands
$ opena2a ?
Available commands:
init, protect, guard, scan, check, review, detect,
identity, shield, runtime, trust, registry, benchmark,
scan-soul, harden-soul, baselines, mcp, secrets, broker
# ~search -- fuzzy search across commands
$ opena2a ~drift
Matched: init, protect
Scope drift detection scans for API keys that silently
grant access to unintended services (Google Maps to Gemini, etc.)
# Natural language -- routes to the right command
$ opena2a "scan this project for secrets"
Running: opena2a protect --dry-run
opena2a

Guided menu with context-aware suggestions

opena2a ?

List all available commands at a glance

opena2a ~search

Fuzzy search with semantic expansion

opena2a "..."

Natural language routes to the right command

CI/CD Integration

All commands support --format json and --ci for pipeline integration.

.github/workflows/security.yml
- name: Security assessment
  run: npx opena2a-cli init --ci --format json > report.json

- name: Credential check
  run: |
    npx opena2a-cli protect --dry-run --ci --format json > creds.json
    jq -e '.totalFound == 0' creds.json

- name: Config integrity
  run: npx opena2a-cli guard verify --ci

Underlying Tools

Commands delegate to specialized tools via adapters (import, spawn, Docker, Python). Each installs on first use -- no manual setup required.

scan
HackMyAgent
204 security checks
secrets / broker
Secretless AI
Credential management and brokering
benchmark
OASB
222 standardized attack scenarios
runtime
ARP
Runtime monitoring
train
DVAA
Training environment
crypto
CryptoServe
PQC readiness
identity
AIM
Agent identity
trust / registry
ai-trust
Package trust verification
guard
ConfigGuard
Config integrity
scan-soul
SoulScanner
Governance analysis (ABGS)

Get Started in 30 Seconds

No signup, no configuration, no dependencies. One command to assess your project.

$ npx opena2a shield init # setup everything
$ npx opena2a review # full dashboard
$ npx opena2a protect # fix credentials
Star on GitHub