Ecosystem

Tools and projects built on the OpenA2A platform.

How the Ecosystem Fits Together

OpenA2A tools share data through the @opena2a/shared package, which defines common types, constants, and utilities used across the CLI, HMA, Secretless, and ai-trust. When you run opena2a scan-soul, the CLI delegates to HMA for security scanning, uses aim-core for identity verification, and checks Secretless configuration for credential exposure -- all coordinated through shared interfaces.

Contributing to the Ecosystem

All OpenA2A tools are open source under Apache-2.0. To contribute:

  1. 1. Fork the relevant repository from github.com/opena2a-org
  2. 2. Create a feature branch and implement your changes
  3. 3. Submit a pull request -- automated CI runs security scans and tests
  4. 4. A maintainer reviews the PR using the Claude Code PR review workflow
HackMyAgentv0.12.3

Security scanner, red-team toolkit, OASB benchmarking, and runtime protection (ARP) -- all in one package. 238 security checks, 164 attack payloads, auto-fix with rollback.

npx hackmyagent securenpx hackmyagent attack --localnpx hackmyagent fix-all
Secretless AICredential Protection

Keeps secrets out of AI context windows. PreToolUse hooks block credential access across Claude Code, Cursor, Copilot, and Windsurf.

npx secretless-ai init
Browser GuardChrome Extension

Chrome MV3 extension for detecting and controlling browser-based AI agents. 4-layer detection, delegation engine, kill switch, and session timeline.

DVAASecurity Training

Damn Vulnerable AI Agent. 10 intentionally vulnerable agents, 8 attack classes, and CTF challenges for learning and red-teaming.

docker pull opena2a/dvaa
Plugin SDKhackmyagent/plugins

Build security plugins for AI agents. Three built-in plugins (CredVault, SignCrypt, SkillGuard) plus an authoring guide for creating your own.

npm i hackmyagent
@opena2a/aim-coreLightweight

Agent identity in a single npm package. Ed25519 keypair generation, capability-based access policy, trust scoring, and local audit log. No server or database required.

npm i @opena2a/aim-core
AIM ServerSelf-hosted

Optional centralized server for fleet visibility. Dashboard, cross-agent analytics, and governance policies. Deploy with Docker or run standalone.

docker compose up
ai-trustTrust Scoring

Standalone trust scoring engine for AI agents. Computes trust badges based on security posture, identity verification, and behavioral analysis. Used by the OpenA2A CLI and integrates with AIM for centralized trust management.

npx ai-trust scorenpx ai-trust badge

Shared Infrastructure

All ecosystem tools share common infrastructure through npm packages maintained in the OpenA2A organization.

@opena2a/shared

Common types, constants, and utilities. Defines the interfaces that tools use to exchange data (agent identities, trust scores, scan results).

opena2a-cli

Umbrella CLI that bundles hackmyagent, secretless-ai, and ai-trust as dependencies. Install once with npm i -g opena2a-cli to access all ecosystem tools.