opena2a-org/opena2a

GitHub: opena2a-org/opena2a

面向AI智能体全生命周期的开源安全平台,集成凭证管理、范围漂移检测、配置完整性、运行时监控和供应链验证。

Stars: 3 | Forks: 1

# OpenA2A **面向 AI 智能体的开源安全平台** 凭证检测、范围漂移分析、配置完整性、运行时监控和供应链验证——一个 CLI 搞定。 [![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](LICENSE) [![Node](https://img.shields.io/badge/node-%3E%3D18-brightgreen.svg)]() [官网](https://opena2a.org) | [文档](https://opena2a.org/docs) | [注册表](https://registry.opena2a.org) | [Discord](https://discord.gg/uRZa3KXgEn)
## 环境要求 - Node.js >= 18 - 可选:Docker(用于 `opena2a train`) - 可选:Python 3.9+(用于 `opena2a crypto`) ## 安装 ``` # 免安装尝试 npx opena2a-cli init # 全局安装 npm install -g opena2a-cli # Homebrew (macOS/Linux) brew tap opena2a-org/tap && brew install opena2a ``` 无需配置。支持 Node.js、Python、Go 和 MCP 服务器项目。 ## 功能介绍 在任意项目目录中运行 `opena2a shield init`。一条命令即可设置凭证保护、智能体身份、配置完整性、运行时监控和 AI 工具配置:

opena2a shield init demo

或者使用 `opena2a init` 进行快速评估:

opena2a init demo

``` OpenA2A Security Initialization v0.3.1 Project myapp v2.1.0 Type Node.js + MCP server Directory /home/user/myapp Security Posture ----------------------------------------------- Credential scan 3 findings .gitignore present .env protection NOT in .gitignore Lock file package-lock.json Security config none MCP config found ----------------------------------------------- Trust Score 30 / 100 [Grade: F] Next Steps ----------------------------------------------- [CRITICAL] Migrate 3 hardcoded credentials opena2a protect [HIGH] Add .env to .gitignore echo '.env' >> .gitignore [MEDIUM] Sign config files for integrity opena2a guard sign ----------------------------------------------- Scope Drift Detected ----------------------------------------------- DRIFT-001 Google Maps key may access Gemini AI src/config.js:5 Scope drift: keys provisioned for one service silently gain access to AI services, expanding attack surface. Run: opena2a protect ``` 然后修复发现的问题: ``` opena2a protect # Migrate credentials to env vars + vault opena2a guard sign # Sign config files for tamper detection opena2a guard hook install # Block commits when configs are tampered opena2a init # Re-assess -- watch your score improve ```

opena2a protect demo

## 智能输入模式 多种与 CLI 交互的方式——无需死记命令: ``` opena2a # Interactive guided wizard (no args) opena2a ~drift # Semantic search -- finds related commands opena2a ~api keys # Semantic search with domain expansion opena2a ? # Context-aware recommendations for your project opena2a "find leaked credentials" # Natural language command matching ``` 语义搜索使用标签、同义词和域名的加权索引——无需 API 调用。当静态匹配不足时,自然语言模式会回退到 Claude Haiku(需选择加入,每次查询约 $0.0002)。 ## 范围漂移检测 为一个服务配置的 API 密钥通常会静默地授予对其他服务的访问权限。Google Maps 密钥可以调用 Gemini。AWS S3 密钥可能访问 Bedrock。 OpenA2A 检测这些跨服务权限提升: | 发现 | 含义 | |---------|---------------| | **DRIFT-001** | Google API 密钥可以访问超出预期 Maps/Places 范围的 Gemini AI 模型 | | **DRIFT-002** | AWS 访问密钥可以调用超出预期 S3/EC2 范围的 Bedrock LLM 模型 | 当检测到漂移时,`opena2a protect` 会将密钥迁移到环境变量,并创建拒绝所有的代理策略,以便您可以明确控制允许每个密钥访问哪些服务。 ## 核心命令 ### [`opena2a init`](https://opena2a.org/docs/cli/commands/init) 评估项目的安全态势。检测项目类型,扫描凭证,检查规范性(`.gitignore`、`.env` 保护、锁定文件、安全配置),计算信任评分(0-100),并提供优先级排序的后续步骤。 ``` opena2a init # Assess current directory opena2a init --dir ./my-agent # Assess specific directory opena2a init --verbose # Show individual credential details opena2a init --format json # Machine-readable output for CI ``` ### [`opena2a protect`](https://opena2a.org/docs/cli/commands/protect) 检测硬编码凭证并将其迁移到环境变量。支持 Anthropic、OpenAI、Google、AWS、GitHub 和通用 API 密钥模式。支持 JS/TS、Python、Go、Ruby、Java 和 Rust 的语言感知替换。 ``` opena2a protect # Scan and migrate credentials opena2a protect --dry-run # Preview changes without modifying files opena2a protect --skip-liveness # Skip drift liveness verification (offline/CI) opena2a protect --skip-verify # Skip verification re-scan after migration opena2a protect --report out.html # Generate interactive HTML report opena2a protect --format json # JSON output for CI pipelines ``` DRIFT 发现(DRIFT-001, DRIFT-002)包含存活性验证——CLI 实际调用 API 以检查 Google Maps 密钥是否可以访问 Gemini,或 AWS 密钥是否可以访问 Bedrock。在 CI 或离线环境中使用 `--skip-liveness`。 迁移流程: 1. **检测** -- 基于正则表达式的模式匹配,遍历所有源文件 2. **存储** -- 将凭证值保存在 Secretless 保管库(或回退到具有 0600 权限的 `.env`) 3. **替换** -- 将硬编码值替换为适合该语言的环境变量引用 4. **验证** -- 重新扫描以确认所有凭证已从源代码中移除 ### [`opena2a guard`](https://opena2a.org/docs/cli/commands/guard) 配置文件完整性保护。签署配置文件,检测未经授权的修改,强制执行策略,并管理签名快照以便回滚。 **子命令:** ``` opena2a guard sign # Sign all detected config files (SHA-256) opena2a guard verify # Check for tampering or unsigned files opena2a guard status # Show signature summary (signed/unsigned/tampered counts) opena2a guard watch # Real-time file monitoring with tamper alerts opena2a guard diff # Show changes since last signing (file-level diffs) opena2a guard policy init # Initialize guard policy for this project opena2a guard policy show # Display current guard policy opena2a guard hook install # Install pre-commit hook (blocks commits when tampered) opena2a guard hook uninstall # Remove pre-commit hook opena2a guard hook status # Check if pre-commit hook is installed opena2a guard resign # Re-sign files after intentional changes (creates safety snapshot first) opena2a guard snapshot create # Create a timestamped signature snapshot opena2a guard snapshot list # List available snapshots opena2a guard snapshot restore # Restore signatures from a snapshot ``` **标志:** ``` --enforce # Quarantine mode: exit code 3 on tampering instead of 1 --skills # Include SKILL.md files in signing/verification (HTML comment signature block) --heartbeats # Include HEARTBEAT.md files (includes expires_at) --files # Sign/verify specific files only --dir # Target directory (defaults to current working directory) --ci # CI mode: machine-readable output, non-interactive ``` **行为:** - 签名存储在 `.opena2a/guard/signatures.json` - 退出代码:`0` = 干净,`1` = 被篡改,`3` = 隔离(`--enforce`) - 默认文件:`mcp.json`、`package.json`、`tsconfig.json`、`arp.yaml`、`go.mod`、`Dockerfile` 等 - 策略可要求特定文件、阻止未签名文件,并在检测到篡改时自动禁用心跳 - Pre-commit 钩子在每次提交前运行 `opena2a guard verify --ci` - 快照存储在 `.opena2a/guard/snapshots/`,最多 20 个,自动修剪 - `resign` 在重新签名前创建安全快照,以便回滚 - Shield 集成:`opena2a shield status` 包含 ConfigGuard 状态 **示例工作流:** ``` opena2a guard sign # Sign all config files opena2a guard policy init # Set up integrity policy opena2a guard hook install # Block commits on tampering # ... 稍后,在有意更改配置之后 ... opena2a guard diff # Review what changed opena2a guard resign # Re-sign (snapshot created automatically) opena2a guard snapshot list # View available snapshots opena2a guard snapshot restore # Roll back if needed ``` ### [`opena2a shield`](https://opena2a.org/docs/cli/commands/shield) 统一的安全编排。一条命令即可设置所有内容——凭证保护、智能体身份、配置完整性、策略生成、Shell 钩子、运行时监控和 AI 工具配置。 ``` opena2a shield init # Full 11-step security setup opena2a shield status # Unified view across all products opena2a shield log # Query tamper-evident event log opena2a shield selfcheck # Verify integrity opena2a shield report # Generate weekly security report opena2a shield session # Identify current AI assistant session ``` Shield 将 Secretless(凭证保护)、aim-core(智能体身份)、ConfigGuard(配置完整性)、ARP(运行时监控)和 Browser Guard(浏览器会话保护)编排到单一工作流中。未安装的可选产品会优雅降级。

opena2a shield status demo

### `opena2a review` 运行所有安全检查并打开统一的 HTML 仪表板。将凭证扫描、配置完整性验证和 HMA 扫描结果合并为单一综合评分。 ``` opena2a review # Scan and open HTML dashboard opena2a review --format json # JSON output for CI opena2a review --report out.html # Write to custom path opena2a review --no-open # Generate report without opening browser opena2a review --skip-hma # Skip HMA scan even if available ``` ### [`opena2a runtime`](https://opena2a.org/docs/cli/commands/runtime) 智能体运行时保护 (ARP) 包装器。监控进程、网络和文件系统活动。 ``` opena2a runtime init # Generate arp.yaml for your project opena2a runtime start # Start monitoring opena2a runtime status # Show monitor/interceptor status opena2a runtime tail # View recent security events ``` ### [`opena2a verify`](https://opena2a.org/docs/cli/commands/verify) 二进制完整性验证。将安装的包哈希值与 OpenA2A 信任注册表进行比较,以检测供应链篡改。 ``` opena2a verify # Check all OpenA2A packages opena2a verify --package hackmyagent # Check specific package ``` ### `opena2a self-register` 将 OpenA2A 工具及安全扫描结果注册到公开信任注册表。 ``` opena2a self-register --dry-run # Preview what would be registered opena2a self-register # Register all 13 tools ``` ### `opena2a baselines` 收集用于众包智能体配置文件的行为观察(选择加入)。监控包的运行时行为以构建基线配置文件。 ``` opena2a baselines --package hackmyagent # Observe for 60 seconds (default) opena2a baselines --package hackmyagent --duration 120 # Custom duration ``` ### `opena2a config` 管理用户偏好和功能开关。 ``` opena2a config show # Display current configuration opena2a config contribute on # Enable community data sharing opena2a config llm on # Enable LLM-powered command matching ``` ### `opena2a shield` 统一的安全编排。Shield 将所有 OpenA2A 产品整合到单一命令界面。运行 `shield init` 设置项目,然后使用 `shield status` 监控凭证、配置完整性、运行时保护和策略合规性方面的态势。 **子命令:** ``` opena2a shield init # Full environment scan, policy generation, shell hooks opena2a shield status # View security posture across all products opena2a shield log # Query the tamper-evident event log opena2a shield selfcheck # Run integrity checks across all subsystems opena2a shield policy # Show loaded policy summary opena2a shield evaluate # Evaluate an action against the active policy opena2a shield recover # Exit lockdown mode after incident resolution opena2a shield report # Generate a security posture report opena2a shield monitor # Continuous security monitoring daemon opena2a shield session # Show current AI coding assistant session identity opena2a shield baseline # View adaptive enforcement baselines for agents opena2a shield suggest # LLM-powered policy suggestions from observed behavior opena2a shield explain # LLM-powered anomaly explanations for events opena2a shield triage # LLM-powered incident classification and response ``` **关键标志:** ``` --analyze # Include LLM-powered analysis in reports --forensic # Deep forensic mode for log/report --since
标签:AI安全, Chat Copilot, DevSecOps, GNU通用公共许可证, Go, Homebrew安装, MCP Server, MITM代理, Node.js, Python, Ruby工具, StruQ, TLS, 上游代理, 人工智能代理, 凭证扫描, 多模态安全, 大模型安全, 开源安全工具, 文档安全, 无后门, 自动化攻击, 自动化攻击, 范围漂移分析, 请求拦截, 运行时监控, 逆向工具, 逆向工程平台, 配置完整性, 防御工具