opena2a claim

Claim ownership of your agent's trust profile to verify your identity and improve its trust score.

Usage

Description

AI agents and MCP servers are automatically discovered from public package indexes (npm, PyPI, GitHub). Their trust profiles start at the discovered level with a baseline score. Claiming a profile proves you are the publisher and upgrades the trust level to claimed.

The claim process verifies your identity through your npm or GitHub credentials, generates an Ed25519 (a modern digital signature algorithm) keypair for signing, and links your publisher identity to the trust profile. When run without arguments, the command reads package.json orpyproject.toml in the current directory.

What Happens During a Claim

1. Verifies you are a published maintainer of the package (npm whoami, GitHub API)
2. Generates an Ed25519 keypair stored in ~/.opena2a/keys/
3. Signs a claim attestation linking your identity to the package
4. Upgrades the trust level from discovered to claimed

Flags

Examples

Example Output

  Claiming @my-org/my-agent (npm)

  Verification
    npm whoami          @my-org-admin
    Package maintainer  confirmed

  Keypair
    Generated Ed25519 keypair
    Public key stored   ~/.opena2a/keys/my-org__my-agent.pub
    Private key stored  ~/.opena2a/keys/my-org__my-agent.key

  Trust Profile Updated
    Previous level      discovered
    New level           claimed
    Trust score         34 -> 51  (+17)

  Next Steps
    Run security scans to improve your score:
      hackmyagent scan . --publish
    Add a trust badge to your README:
      opena2a trust @my-org/my-agent --badge

After Claiming

Once you have claimed your profile, the following actions will further improve your trust score:

• Run hackmyagent scan . --publish to publish security scan results
• Fix findings reported by the scan and re-run to show improvement
• Add a trust badge to your README (see Trust Badges guide)
• Run opena2a trust periodically to check your current score

Related