OpenA2A CLI

The OpenA2A CLI is the unified entry point to the OpenA2A security toolchain. It is for developers and security teams who want one command to find credential leaks, shadow AI, unsigned configs, and ungoverned agents, then fix them. Run npx opena2a-cli review to assess a project, or opena2a protect to apply every auto-fixable finding. It delegates to HackMyAgent, Secretless, OASB, AIM, and the AI Trust registry through a single interface, across 24 commands and 5 input modes.

Installation

Try without installing

npx opena2a-cli init

npm

npm install -g opena2a-cli

Homebrew

brew install opena2a-org/tap/opena2a

Which OpenA2A CLI do I want

There are four published CLIs in the toolchain. opena2a is the unified front door. Each underlying tool can also be installed and run standalone if that fits better.

You want to...	Use	Standalone install
Run one command and get a full security review of your project	`opena2a review`	`(front door)`
Scan a specific MCP server, skill, npm package, or GitHub repo	`opena2a scan <target> or hackmyagent check <target>`	`npm install -g hackmyagent`
Wrap any subprocess with credentials injected at runtime	`opena2a secrets run --only KEY -- <cmd> or secretless-ai run --only KEY -- <cmd>`	`npm install -g secretless-ai`
Check the trust posture of an npm or PyPI package before installing	`opena2a trust <pkg> or ai-trust <pkg>`	`npm install -g ai-trust`
Give your agent a cryptographic identity and local audit log, no server	`opena2a identity create --name X`	`(bundled in opena2a-cli)`
Benchmark a security tool against 222 standard attack scenarios	`opena2a benchmark`	`(uses OASB internally)`

If you are not sure where to start, run opena2a review in your project root. It tells you what is wrong and which underlying tool to invoke for the fix.

Built-in help

The CLI ships several discovery modes for finding the right command without leaving the terminal.

# bash
opena2a ?                              # recommendations for THIS project
opena2a ~shadow ai                     # semantic search ("ai" finds AI-related commands)
opena2a "find leaked credentials"      # natural language to matched command
opena2a                                # interactive guided wizard (no args)

Core Commands

Built-in commands with direct implementations.

opena2a init

Assess project security posture with trust scoring

opena2a protect

Fix all auto-fixable findings: credentials, .gitignore, AI configs, config signing

opena2a guard

Config file integrity signing and verification (SHA-256)

opena2a runtime

Agent Runtime Protection wrapper with process/network/filesystem monitoring

opena2a verify

Binary integrity verification for OpenA2A packages

opena2a shield

Unified security orchestration: event log, policy, sessions, integrity, LLM analysis

opena2a detect

Shadow AI Discovery: find unmanaged AI agents and MCP servers, report governance gaps

opena2a mcp

MCP server identity: audit configs, Ed25519 signing, trust verification

opena2a trust

Look up trust profiles and security posture for agents and MCP servers

opena2a claim

Claim ownership of your agent trust profile (Ed25519 identity)

opena2a demo

Interactive AIM lifecycle and DVAA attack/defend walkthroughs

Adapter Commands

Commands that delegate to external tools through the CLI's adapter system.

opena2a scanHackMyAgent

209 static + 29 semantic + 164 adversarial checks, attack simulation, auto-fix

opena2a secretsSecretless

Credential management for AI coding tools

opena2a benchmarkOASB

222 standardized attack scenarios, compliance scoring

Command	Adapter	Description
`registry`	AI Trust	Trust data queries
`identity`	AIM	Agent identity management
`train`	DVAA	Vulnerable agent training
`crypto`	CryptoServe (external)	PQC readiness via adapter. See /integrations/cryptoserve.
`broker`	Secretless	Credential broker daemon

Global Flags

Flag	Description
`--ci`	CI mode. No interactive prompts, machine-readable output.
`--quiet`	Suppress non-essential output.
`--verbose`	Verbose output with details.
`--format <text\|json\|sarif>`	Output format. Default: text.
`--contribute`	Share anonymized scan results with the community.
`-v, --version`	Show CLI version.
`-h, --help`	Show help.

Guides

Improving Your Trust Score

Step-by-step workflow: check, claim, scan, fix, badge, and monitor.

Trust Badges

Add dynamic trust score badges to your README with GitHub Actions.

CI/CD Integration

GitHub Actions and GitLab CI examples for automated security checks.

Smart Input Modes

Semantic search, contextual hints, natural language, and guided wizard.

Command Categories

The 24 commands are organized into six functional categories that cover the full agent security lifecycle:

Category	Commands	Purpose
Detection	`detect, mcp, status`	Discover unmanaged AI agents, MCP servers, and aggregate security posture.
Identity	`claim, trust, self-register, verify`	Manage agent identities, trust profiles, and binary integrity verification.
Governance	`scan-soul, harden-soul, review`	Evaluate and improve behavioral governance (SOUL.md) against OASB v2 controls.
Scanning	`scan, benchmark, baselines, secrets`	Run security checks, attack simulations, behavioral profiling, and credential scans.
Protection	`init, protect, guard, shield, runtime`	Assess posture, fix findings, sign configs, orchestrate defenses, and monitor at runtime.
Trust	`config, demo`	Manage CLI preferences and run interactive security walkthroughs.

Quick Start

After installation, assess your project with the three-command workflow:

# 1. Assess project security posture and trust score
opena2a init

# 2. Auto-fix credential leaks, .gitignore gaps, and config signing
opena2a protect

# 3. Full multi-phase review with HTML report
opena2a review

For CI/CD pipelines, append --ci --format json to any command for machine-readable output and non-zero exit codes on failures. See the CI/CD Integration guide for full pipeline examples.

Post-incident review

Once opena2a identity integrate runs once, every event the OpenA2A toolchain captures auto-bridges into a single local audit log. No decorator in your agent code, no server. When something goes wrong, read back the unified log.

# bash
opena2a identity audit --limit 200
# 200 most recent events: credential injections, file accesses, config
# changes, scan findings, ARP runtime events. All in one timestamp-
# ordered JSON-lines view, sourced from Secretless, HackMyAgent,
# ConfigGuard, Shield, and ARP.

opena2a identity audit | jq 'select(.result == "denied")'
# just the denies

The audit log lives at ~/.opena2a/aim-core/audit.jsonl. Append-only, rotation at 50 MB, last 5 generations kept. Forward to Splunk or Sentinel via the standard tail-and-forward pattern.

Workspaces

This repo is a TypeScript turborepo. packages/cli is the binary, the rest are libraries it consumes.

# text
packages/
├── cli                  the opena2a binary
├── aim-core             local-first identity, audit log, policies
├── check-core           scanner orchestration
├── cli-ui               shared render primitives
├── credential-patterns
├── registry-client
├── ai-classifier
├── telemetry
├── contribute           skill scaffolding
└── shared               types + utilities

The CLI also depends on three sister packages published from their own repos: hackmyagent, secretless-ai, and ai-trust. opena2a scan delegates to hackmyagent, opena2a secrets delegates to secretless-ai, and opena2a trust queries via ai-trust.

Verify installation

$ opena2a --version
opena2a-cli v0.10.7

$ opena2a --help
Usage: opena2a <command> [options]

Commands:
  init, protect, guard, runtime, verify, shield,
  detect, mcp, trust, claim, demo, scan, secrets,
  benchmark, review, scan-soul, harden-soul, ...

Source: github.com/opena2a-org/opena2a | Published on npm as opena2a-cli