# opena2a

> Open-source security tools for AI agents. Find vulnerabilities, fix root causes, prove compliance.

- **URL**: https://www.freshcrate.ai/projects/opena2a
- **Author**: opena2a-org
- **Category**: MCP Servers
- **Latest version**: `v0.10.7` (2026-06-03)
- **License**: Apache-2.0
- **Source**: https://github.com/opena2a-org/opena2a
- **Homepage**: https://opena2a.org
- **Language**: TypeScript
- **GitHub**: 14 stars, 5 forks
- **Registry**: github
- **Tags**: `agent-security`, `ai-agents`, `ai-security`, `claude-code`, `compliance`, `copilot`, `credential-protection`, `cursor`, `mcp`, `typescript`

## Description

Open-source security tools for AI agents. Find vulnerabilities, fix root causes, prove compliance.

## Recent releases

| Version | Date | Urgency | Changes |
| --- | --- | --- | --- |
| `v0.10.7` | 2026-06-03 | High | Resolves #188, #189, #190.  ### Fixes - **`opena2a login --ci` fails fast** (#189): exits non-zero immediately with an actionable message (pointing at `--api-key`) instead of blocking on `Waiting for authentication...`. A CI job with cached valid credentials still returns 0. - **opena2a-prefixed next-steps** (#190): `trust` / `publish` / `registry --help` and opena2a-cli's own setup hints now cite `opena2a` commands instead of bundled tool names. Delegated ai-trust stdout is rebranded line-buffe |
| `v0.10.4` | 2026-05-28 | High | ## What's Changed * ci(release): per-package tag triggers + wire @opena2a/ai-classifier by @thebenignhacker in https://github.com/opena2a-org/opena2a/pull/87 * feat(cli-ui): export observations + analyst-render for shared CLI use by @thebenignhacker in https://github.com/opena2a-org/opena2a/pull/88 * feat(cli): wire @opena2a/cli-ui renderObservationsBlock into opena2a review by @thebenignhacker in https://github.com/opena2a-org/opena2a/pull/89 * fix(cli): aggregate HMA findings into opena2a revi |
| `telemetry-v0.3.0` | 2026-05-24 | High | ## What's Changed * docs(readme): mirror AIM README structure by @thebenignhacker in https://github.com/opena2a-org/opena2a/pull/146 * fix(protect): anchored CLI self-exemption — replace substring marker check (closes #77) by @thebenignhacker in https://github.com/opena2a-org/opena2a/pull/147 * fix(cli): register secure alias + check --nanomind/--rescan flags (closes #135) by @thebenignhacker in https://github.com/opena2a-org/opena2a/pull/141 * feat(credential-patterns): 0.1.1 — block-comment ma |
| `cli-v0.10.3` | 2026-05-11 | High | ## What's Changed * chore(cli): bump to 0.10.3 — adopt @opena2a/telemetry 0.2.0 by @thebenignhacker in https://github.com/opena2a-org/opena2a/pull/145   **Full Changelog**: https://github.com/opena2a-org/opena2a/compare/telemetry-v0.2.0...cli-v0.10.3 |
| `cli-v0.10.2` | 2026-04-30 | High | ## Security  - **OAuth tokens move from plaintext `~/.opena2a/auth.json` to OS keychain.** macOS Keychain via `security`; Linux Secret Service via `secret-tool`. Service `opena2a-cli`, account `${serverUrl}:access` / `:refresh` — visible as discrete entries in macOS Passwords.app. Metadata file at `~/.opena2a/auth.json` (mode `0600`) retained with new `tokenStorage: 'keychain' \| 'file'` discriminator. Under keychain mode the file does NOT contain the token strings. - **Transparent migration on f |
| `cli-v0.9.1` | 2026-04-29 | High | ## What's Changed * fix(cli): wire --no-contribute end-to-end (closes #107) — 0.9.1 by @thebenignhacker in https://github.com/opena2a-org/opena2a/pull/108   **Full Changelog**: https://github.com/opena2a-org/opena2a/compare/cli-v0.9.0...cli-v0.9.1 |
| `check-core-v0.1.0` | 2026-04-23 | High | ## What's Changed * feat(check-core): extract @opena2a/check-core 0.1.0 (CA-034 M3) by @thebenignhacker in https://github.com/opena2a-org/opena2a/pull/97   **Full Changelog**: https://github.com/opena2a-org/opena2a/compare/cli-ui-v0.3.0...check-core-v0.1.0 |
| `ai-classifier-v0.1.1` | 2026-04-22 | High | ## What's Changed * ci(release): per-package tag triggers + wire @opena2a/ai-classifier by @thebenignhacker in https://github.com/opena2a-org/opena2a/pull/87   **Full Changelog**: https://github.com/opena2a-org/opena2a/compare/v0.8.24...ai-classifier-v0.1.1 |
| `v0.8.23` | 2026-04-14 | High | ### Bug Fixes - `--server cloud` now resolves to `https://aim.oa2a.org` (AIM Cloud Phase 7 backend). Previously pointed to `api.aim.opena2a.org`, which serves a different product (community). Bare `aim.opena2a.org` still routes to `api.aim.opena2a.org` for community users. - Updated `--server` help text and login error message to reference the new default.  ### Install - npm: `npm install -g opena2a-cli@0.8.23` - Homebrew: `brew upgrade opena2a` |
| `v0.8.22` | 2026-04-13 | Medium | ## What's new - **AnaLM flag**: `--analm` global option threaded through adapter system to HMA/ai-trust  ## Bug fixes - Fix `scan secure .` routing (no longer errors with "secure does not exist") - Fix `check` error showing `hackmyagent` instead of `opena2a` for unrecognized targets |

## Citation

- HTML: https://www.freshcrate.ai/projects/opena2a
- Markdown: https://www.freshcrate.ai/projects/opena2a.md
- Dependencies JSON: https://www.freshcrate.ai/api/projects/opena2a/deps

_Generated by freshcrate.ai. Indexes github releases for AI-agent ecosystem packages._