opena2a self-register
Register OpenA2A tools with metadata and security scan results in the public registry.
Usage
opena2a self-register [options]Description
Registers up to 13 OpenA2A tools in the public registry with their metadata, version information, and capabilities. When HackMyAgent is available, each tool is scanned before registration and the security findings are published alongside the metadata. Use --skip-scan to register without scanning, or --only to register a subset of tools.
Use --dry-run to preview what would be registered without making any network requests to the registry.
Flags
| Flag | Description |
|---|---|
--registry-url <url> | Override the default registry endpoint. |
--skip-scan | Register without running HMA security scans. |
--only <tools> | Comma-separated list of tools to register (e.g., "aim,secretless,hma"). |
--dry-run | Preview registrations without submitting to the registry. |
--format <text|json> | Output format. |
--ci | CI mode with deterministic output. |
--verbose | Show detailed registration progress per tool. |
Examples
opena2a self-registeropena2a self-register --only aim,secretless,hackmyagentopena2a self-register --dry-run --verboseopena2a self-register --skip-scan --registry-url https://registry.example.comWhen to Use It
The self-register command is primarily used by the OpenA2A project maintainers to publish tool metadata and security scan results to the public registry. This data powers the verify command and the Trust Registry lookup. Typical use cases include:
- Publishing updated tool metadata after a new release
- Refreshing security scan results in the registry
- Registering new tools that join the OpenA2A ecosystem
- Validating registry submissions with
--dry-runbefore publishing
Registration Flow
For each tool being registered, the command follows this sequence:
- Resolve the tool package and read its
package.jsonfor name, version, and description. - Compute the SHA-256 hash of the installed package contents.
- If HackMyAgent is available (and
--skip-scanis not set), run a security scan and collect findings. - Submit the metadata, hash, and scan results to the registry API.
- The registry returns a scan token that can be used for subsequent verification.
Expected Output
$ opena2a self-register --only hackmyagent,secretless-ai Tool Registration ================== Registry: https://api.oa2a.org hackmyagent@0.10.5 Hash: a3f8c1...d92e4b Scan: 147 checks, 0 critical, 2 warnings Status: Registered Token: reg_abc123... secretless-ai@0.11.4 Hash: b7d2e9...f14a8c Scan: 147 checks, 0 critical, 0 warnings Status: Registered Token: reg_def456... Result: 2/2 tools registered successfully
Error Handling
If the registry is unreachable, the command reports a connectivity error for each tool and exits with code 1. Tools that are not installed locally are skipped with a warning. When using --only with an unrecognized tool name, the command lists the 13 registerable tools and exits. The --dry-run flag is recommended before actual registration to confirm what will be submitted.