opena2a demo

Interactive security walkthroughs. Demonstrates AIM value without requiring a live agent deployment.

Usage

opena2a demo <scenario> [options]

Scenarios

aim

An 8-step AIM lifecycle walkthrough that demonstrates trust scoring from 22 to 87:

  1. Create agent identity (Ed25519 keypair)
  2. Register capability policy
  3. Perform authorized actions (trust score increases)
  4. Attempt unauthorized action (trust score decreases)
  5. Recover trust through governance
  6. Add SOUL.md behavioral governance
  7. Run security scan
  8. Generate audit report

dvaa

A 5-step attack and defense walkthrough that demonstrates security hardening from score 18 to 91:

  1. Deploy a vulnerable AI agent
  2. Run initial security scan (score: 18)
  3. Launch 4 attacks (prompt injection, privilege escalation, data exfiltration, tool misuse)
  4. Apply security hardening
  5. Re-scan: all 4 attacks blocked, score rises to 91

Options

FlagDescription
--interactivePause between steps for manual inspection.
--keepKeep the temporary sandbox directory after the demo completes.
--dir <path>Use a specific directory instead of creating a temp sandbox.
--format <text|json>Output format. JSON mode suppresses step output and returns structured results.
--ciCI mode. Non-interactive output.
--verboseShow additional detail during execution.

Examples

# Run the AIM lifecycle demo
opena2a demo aim
# Run the DVAA attack/defend demo
opena2a demo dvaa
# Interactive mode (pause between steps)
opena2a demo aim --interactive
# Keep sandbox for inspection
opena2a demo aim --keep
# JSON output for CI
opena2a demo dvaa --ci --format json

How It Works

The demo command creates a temporary sandbox directory with a realistic project structure, then runs through the scenario steps using actual CLI commands. All artifacts (identities, policies, scan results) are created in the sandbox. The sandbox is cleaned up automatically unless --keep is specified.

This makes it possible to demonstrate the full AIM value proposition at conferences, in documentation, and during evaluations without needing a running agent or external service.

Available Scenarios

ScenarioStepsDemonstrates
aim8 stepsFull agent identity lifecycle: identity creation, policy registration, authorized/unauthorized actions, trust recovery, governance, scanning, and audit reporting. Trust score progression from 22 to 87.
dvaa5 stepsAttack and defense workflow: deploy a vulnerable agent, scan it (score 18), run 4 attacks (prompt injection, privilege escalation, data exfiltration, tool misuse), apply hardening, re-scan to verify all attacks are blocked (score 91).

Interactive Mode

The --interactive flag pauses execution between each step, displaying the step description and waiting for a keypress before continuing. This is useful for live demonstrations where you want to explain each step to an audience, or for learning purposes where you want to inspect the sandbox state between steps. Without --interactive, all steps run sequentially without pausing.

Error Handling

If an unknown scenario name is provided, the command lists the available scenarios and exits with code 1. If a step within a scenario fails (for example, a missing dependency), the demo reports which step failed and the error details. The sandbox directory is always cleaned up on failure unless --keep is specified. In CI mode, the command runs non-interactively regardless of the --interactive flag.

Related

initdetectscanDemo Commands Guide