opena2a-cli 0.5.4 → 0.5.6

package/README.md

@@ -6,6 +6,12 @@
 
 Credential detection, scope drift analysis, config integrity, runtime monitoring, behavioral governance scanning, and supply chain verification -- one CLI.
 
+**Get a full security review in one command:**
+
+```bash
+npx opena2a-cli review
+```
+
 [![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://github.com/opena2a-org/opena2a/blob/main/LICENSE)
 [![Node](https://img.shields.io/badge/node-%3E%3D18-brightgreen.svg)]()
 [![npm](https://img.shields.io/npm/v/opena2a-cli.svg)](https://www.npmjs.com/package/opena2a-cli)
@@ -36,7 +42,7 @@ No configuration required. Works with Node.js, Python, Go, and MCP server projec
 Run `opena2a init` in any project directory to get an instant security assessment:
 
 ```
-  OpenA2A Security Report  v0.5.3
+  OpenA2A Security Report  v0.5.5
 
   Project      myapp v2.1.0
   Type         Node.js + MCP server
@@ -98,6 +104,17 @@ When drift is detected, `opena2a protect` migrates the key to environment variab
 
 ## Core Commands
 
+### `opena2a review`
+
+Run all security checks and generate a unified HTML dashboard. This is the recommended starting point -- it combines credential scanning, config integrity, Shield posture, advisory checks, and optional HMA deep scan into a single interactive report.
+
+```bash
+opena2a review                     # Scan + open HTML report in browser
+opena2a review --no-open           # Generate report without opening
+opena2a review --report out.html   # Save to custom path
+opena2a review --format json       # JSON output for CI
+```
+
 ### `opena2a init`
 
 Assess your project's security posture. Detects project type, scans for credentials, checks hygiene (`.gitignore`, `.env` protection, lock file, security config), calculates a trust score (0-100), and provides prioritized next steps.
@@ -170,17 +187,6 @@ opena2a self-register --dry-run   # Preview what would be registered
 opena2a self-register             # Register all 13 tools
 ```
 
-### `opena2a review`
-
-Run all security checks and generate a unified HTML dashboard. Combines credential scanning, config integrity, Shield posture, advisory checks, and optional HMA deep scan into a single interactive report.
-
-```bash
-opena2a review                     # Scan + open HTML report in browser
-opena2a review --no-open           # Generate report without opening
-opena2a review --report out.html   # Save to custom path
-opena2a review --format json       # JSON output for CI
-```
-
 ### `opena2a config`
 
 Manage user preferences and feature toggles.
@@ -435,7 +441,7 @@ The CLI orchestrates these specialized tools through a unified interface:
 | Command | Tool | Description |
 |---------|------|-------------|
 | `opena2a scan` | [HackMyAgent](https://github.com/opena2a-org/hackmyagent) | 150+ security checks, attack simulation, auto-fix |
-| `opena2a scan-soul` | [HackMyAgent](https://github.com/opena2a-org/hackmyagent) | Behavioral governance scan against AGS (SOUL.md) |
+| `opena2a scan-soul` | [HackMyAgent](https://github.com/opena2a-org/hackmyagent) | Behavioral governance scan against ABGS (SOUL.md) |
 | `opena2a harden-soul` | [HackMyAgent](https://github.com/opena2a-org/hackmyagent) | Generate or improve SOUL.md governance file |
 | `opena2a secrets` | [Secretless AI](https://github.com/opena2a-org/secretless-ai) | Credential management for AI coding tools |
 | `opena2a benchmark` | [OASB](https://github.com/opena2a-org/oasb) | 222 attack scenarios, compliance scoring |
@@ -448,13 +454,26 @@ The CLI orchestrates these specialized tools through a unified interface:
 
 Adapters install tools on first use. Each tool works standalone or through the CLI.
 
+### Identity Subcommands
+
+The `identity` command manages Ed25519 agent identities via `@opena2a/aim-core`:
+
+```bash
+opena2a identity list              # Show local agent identity (ID, public key, creation date)
+opena2a identity create --name bot # Create a new named identity
+opena2a identity trust             # Calculate and display trust score with factor breakdown
+opena2a identity audit --limit 10  # Show recent audit events
+```
+
+Trust scores range from 0-100 and reflect how many security practices are active: identity (Ed25519 key), capability policies, audit logging, secrets management, config signing, skill verification, network controls, and heartbeat monitoring. The score shows a path forward, not a judgment.
+
 ## Behavioral Governance
 
-The [Agent Governance Specification (AGS)](https://github.com/opena2a-org/agent-governance-spec) defines a tiered behavioral safety framework for AI agents across 8 domains and 68 controls (OASB v2). OpenA2A CLI integrates AGS scanning through HackMyAgent.
+The [Agent Behavioral Governance Specification (ABGS)](https://github.com/opena2a-org/agent-governance-spec) defines a tiered behavioral safety framework for AI agents across 8 domains and 68 controls (OASB v2). OpenA2A CLI integrates ABGS scanning through HackMyAgent.
 
 ### `opena2a scan-soul`
 
-Scan your governance file (SOUL.md or equivalent) against AGS controls for your agent's capability tier. Auto-detects tier from file content.
+Scan your governance file (SOUL.md or equivalent) against ABGS controls for your agent's capability tier. Auto-detects tier from file content.
 
 ```bash
 opena2a scan-soul                          # Scan SOUL.md in current directory
@@ -495,7 +514,7 @@ opena2a harden-soul --dry-run      # Preview what would be added, no writes
 opena2a harden-soul --json         # Machine-readable output
 ```
 
-The 8 AGS behavioral domains (OASB v2, domains 7–14):
+The 8 ABGS behavioral domains (OASB v2, domains 7-14):
 
 | Domain | What it governs |
 |--------|----------------|

package/dist/adapters/registry.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"registry.d.ts","sourceRoot":"","sources":["../../src/adapters/registry.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAE/D,eAAO,MAAM,gBAAgB,EAAE,MAAM,CAAC,MAAM,EAAE,aAAa,CA8C1D,CAAC;AAEF,wBAAgB,UAAU,CAAC,IAAI,EAAE,MAAM,GAAG,aAAa,GAAG,SAAS,CAElE;AAED,wBAAgB,YAAY,IAAI,aAAa,EAAE,CAE9C;AAED,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,aAAa,GAAG,aAAa,EAAE,CAE1E"}
+{"version":3,"file":"registry.d.ts","sourceRoot":"","sources":["../../src/adapters/registry.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAE/D,eAAO,MAAM,gBAAgB,EAAE,MAAM,CAAC,MAAM,EAAE,aAAa,CA+C1D,CAAC;AAEF,wBAAgB,UAAU,CAAC,IAAI,EAAE,MAAM,GAAG,aAAa,GAAG,SAAS,CAElE;AAED,wBAAgB,YAAY,IAAI,aAAa,EAAE,CAE9C;AAED,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,aAAa,GAAG,aAAa,EAAE,CAE1E"}

package/dist/adapters/registry.js

@@ -9,6 +9,7 @@ exports.ADAPTER_REGISTRY = {
         name: 'scan',
         method: 'import',
         packageName: 'hackmyagent',
+        subcommand: 'secure',
         description: 'Scan AI agent for security vulnerabilities (HackMyAgent)',
     },
     secrets: {

package/dist/adapters/registry.js.map

@@ -1 +1 @@
-{"version":3,"file":"registry.js","sourceRoot":"","sources":["../../src/adapters/registry.ts"],"names":[],"mappings":";;;AAkDA,gCAEC;AAED,oCAEC;AAED,kDAEC;AA1DY,QAAA,gBAAgB,GAAkC;IAC7D,IAAI,EAAE;QACJ,IAAI,EAAE,MAAM;QACZ,MAAM,EAAE,QAAQ;QAChB,WAAW,EAAE,aAAa;QAC1B,WAAW,EAAE,0DAA0D;KACxE;IACD,OAAO,EAAE;QACP,IAAI,EAAE,SAAS;QACf,MAAM,EAAE,QAAQ;QAChB,WAAW,EAAE,eAAe;QAC5B,WAAW,EAAE,qDAAqD;KACnE;IACD,0EAA0E;IAC1E,iGAAiG;IACjG,wFAAwF;IACxF,QAAQ,EAAE;QACR,IAAI,EAAE,UAAU;QAChB,MAAM,EAAE,OAAO;QACf,OAAO,EAAE,UAAU;QACnB,WAAW,EAAE,UAAU;QACvB,UAAU,EAAE,OAAO;QACnB,WAAW,EAAE,wDAAwD;KACtE;IACD,KAAK,EAAE;QACL,IAAI,EAAE,OAAO;QACb,MAAM,EAAE,QAAQ;QAChB,KAAK,EAAE,cAAc;QACrB,WAAW,EAAE,gDAAgD;KAC9D;IACD,MAAM,EAAE;QACN,IAAI,EAAE,QAAQ;QACd,MAAM,EAAE,QAAQ;QAChB,YAAY,EAAE,aAAa;QAC3B,WAAW,EAAE,yDAAyD;KACvE;IACD,4EAA4E;IAC5E,oFAAoF;IACpF,MAAM,EAAE;QACN,IAAI,EAAE,QAAQ;QACd,MAAM,EAAE,QAAQ;QAChB,WAAW,EAAE,eAAe;QAC5B,UAAU,EAAE,QAAQ;QACpB,WAAW,EAAE,yCAAyC;KACvD;IACD,iFAAiF;CAClF,CAAC;AAEF,SAAgB,UAAU,CAAC,IAAY;IACrC,OAAO,wBAAgB,CAAC,IAAI,CAAC,CAAC;AAChC,CAAC;AAED,SAAgB,YAAY;IAC1B,OAAO,MAAM,CAAC,MAAM,CAAC,wBAAgB,CAAC,CAAC;AACzC,CAAC;AAED,SAAgB,mBAAmB,CAAC,MAAqB;IACvD,OAAO,MAAM,CAAC,MAAM,CAAC,wBAAgB,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC;AAC1E,CAAC"}
+{"version":3,"file":"registry.js","sourceRoot":"","sources":["../../src/adapters/registry.ts"],"names":[],"mappings":";;;AAmDA,gCAEC;AAED,oCAEC;AAED,kDAEC;AA3DY,QAAA,gBAAgB,GAAkC;IAC7D,IAAI,EAAE;QACJ,IAAI,EAAE,MAAM;QACZ,MAAM,EAAE,QAAQ;QAChB,WAAW,EAAE,aAAa;QAC1B,UAAU,EAAE,QAAQ;QACpB,WAAW,EAAE,0DAA0D;KACxE;IACD,OAAO,EAAE;QACP,IAAI,EAAE,SAAS;QACf,MAAM,EAAE,QAAQ;QAChB,WAAW,EAAE,eAAe;QAC5B,WAAW,EAAE,qDAAqD;KACnE;IACD,0EAA0E;IAC1E,iGAAiG;IACjG,wFAAwF;IACxF,QAAQ,EAAE;QACR,IAAI,EAAE,UAAU;QAChB,MAAM,EAAE,OAAO;QACf,OAAO,EAAE,UAAU;QACnB,WAAW,EAAE,UAAU;QACvB,UAAU,EAAE,OAAO;QACnB,WAAW,EAAE,wDAAwD;KACtE;IACD,KAAK,EAAE;QACL,IAAI,EAAE,OAAO;QACb,MAAM,EAAE,QAAQ;QAChB,KAAK,EAAE,cAAc;QACrB,WAAW,EAAE,gDAAgD;KAC9D;IACD,MAAM,EAAE;QACN,IAAI,EAAE,QAAQ;QACd,MAAM,EAAE,QAAQ;QAChB,YAAY,EAAE,aAAa;QAC3B,WAAW,EAAE,yDAAyD;KACvE;IACD,4EAA4E;IAC5E,oFAAoF;IACpF,MAAM,EAAE;QACN,IAAI,EAAE,QAAQ;QACd,MAAM,EAAE,QAAQ;QAChB,WAAW,EAAE,eAAe;QAC5B,UAAU,EAAE,QAAQ;QACpB,WAAW,EAAE,yCAAyC;KACvD;IACD,iFAAiF;CAClF,CAAC;AAEF,SAAgB,UAAU,CAAC,IAAY;IACrC,OAAO,wBAAgB,CAAC,IAAI,CAAC,CAAC;AAChC,CAAC;AAED,SAAgB,YAAY;IAC1B,OAAO,MAAM,CAAC,MAAM,CAAC,wBAAgB,CAAC,CAAC;AACzC,CAAC;AAED,SAAgB,mBAAmB,CAAC,MAAqB;IACvD,OAAO,MAAM,CAAC,MAAM,CAAC,wBAAgB,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC;AAC1E,CAAC"}

package/dist/commands/benchmark.js

@@ -145,7 +145,7 @@ async function benchmark(options) {
                         process.stdout.write(`    - ${cat.name} (${cat.compliance}%)\n`);
                     }
                 }
-                process.stdout.write(`\n  Run \`opena2a scan secure\` for detailed findings.\n`);
+                process.stdout.write(`\n  Run \`opena2a scan --deep\` for detailed findings.\n`);
                 process.stdout.write(`  Run \`opena2a benchmark --verbose\` for per-category breakdown.\n`);
             }
             process.stdout.write('\n');

package/dist/commands/demo.d.ts

@@ -0,0 +1,21 @@
+/**
+ * opena2a demo -- Interactive demonstration of AIM capabilities.
+ *
+ * Runs a self-contained, narrated walkthrough showing the full AIM lifecycle
+ * in a temporary sandbox. No Docker or external services required.
+ *
+ * Scenarios:
+ *   aim  (default) -- Identity, policy, signing, credential migration
+ *   dvaa           -- Attack/defend loop against a vulnerable agent config
+ */
+export interface DemoOptions {
+    scenario?: string;
+    interactive?: boolean;
+    keep?: boolean;
+    dir?: string;
+    ci?: boolean;
+    format?: string;
+    verbose?: boolean;
+}
+export declare function demo(opts: DemoOptions): Promise<number>;
+//# sourceMappingURL=demo.d.ts.map

package/dist/commands/demo.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"demo.d.ts","sourceRoot":"","sources":["../../src/commands/demo.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAYH,MAAM,WAAW,WAAW;IAC1B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,EAAE,CAAC,EAAE,OAAO,CAAC;IACb,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AA8wBD,wBAAsB,IAAI,CAAC,IAAI,EAAE,WAAW,GAAG,OAAO,CAAC,MAAM,CAAC,CAqC7D"}