Activity
Where your energy went, across every repo.
scanned 2w ago
534 commits in the last 13 weeks
Commits per week
Daily heatmap · last 13 weeks
2w ago
chore: bump @nanomind/daemon ^0.2.0 -> ^0.3.0 + simplify real-daemon CI (#13)aicomply
release: @nanomind/daemon 0.2.0 -> 0.3.0 (#30)nanomind
security(killswitch): kill-switch hard-block sentinel via P0-1 MessageChannel (P1-2) (#22)ai-browserguard
security(content-bridge): replace nonce-on-postMessage with MessageChannel transfer (P0-1) (#21)ai-browserguard
chore(release): hackmyagent 0.23.5 (#213)hackmyagent
chore(platform): version platform manifests at 1.0.0 + add CHANGELOG (#267)agent-identity-management
fix(backend): stop leaking raw DB errors and doubled prefix on agent creation (#264)agent-identity-management
ci(release): widen SDK verify-publish poll to ~2 minutes for registry propagation (#265)agent-identity-management
docs: add "See it work" A/B demo GIF, link to DVAA RAGBot-AIMagent-identity-management
chore: opt this docs-only spec repo out of the 8-phase pre-push reviewdid-method-opena2a
docs: wire attack-to-defense funnel + add real RAGBot-AIM A/B demo GIFdamn-vulnerable-ai-agent
docs: add Trust model axis section + spec 6.7 cross-referencedid-method-opena2a
Merge remote-tracking branch 'origin/main' into feat/huggingface-and-dashboard-redesigngithub-analytics-tracker
fix(backend): force https on embedded SDK/agent URLs + emit userEmail for the Python SDK (#263)agent-identity-management
fix(docs,test): correct docker tag, expose 7014-7016, reconcile 17-agent countdamn-vulnerable-ai-agent
fix(scan-soul): clamp score on HIGH findings (#206) (#212)hackmyagent
fix(credential-context): downgrade gitignored .env to MEDIUM when never tracked (#208) (#211)hackmyagent
feat(daemon): auto-download model artifacts on first start + eager readiness (#29)nanomind
test(ci): real-daemon integration gate for v2.0 dual-layer (#12)aicomply
Phase A audit wedge: P0-2/3a/3b/4 + P0-UX-1 (3 layers) + P1-1/3/4 (#20)ai-browserguard
+13 more
2w ago
chore: update analytics data [skip ci]github-analytics-tracker
2w ago
chore: update analytics data [skip ci]github-analytics-tracker
2w ago
chore: update analytics data [skip ci]github-analytics-tracker
3w ago
docs(v1.0): flip STATUS.md beta -> stable + remove pre-1.0 framing (#256)agent-identity-management
chore(release): align docker-publish.yml tag trigger with convention (#255)agent-identity-management
chore(release): wire Maven Central deploy for Java SDK (#254)agent-identity-management
chore(release): align Python tag prefix to convention + wire TypeScript upload (#253)agent-identity-management
chore(release): wire PyPI Trusted Publishing for aim-sdk (#251)agent-identity-management
v1.0.0 prep: close v0.x README gaps + harden for stable cut (#8)aicomply
Initial draft of the did:opena2a DID method specificationdid-method-opena2a
ci(parity): bump SHA to pick up check-registered-ai-pypi 3-way (opena2a-parity#11) (#177)opena2a
ci(parity): bump SHA to pick up check-registered-ai-pypi 3-way (opena2a-parity#11) (#56)ai-trust
ci(parity): bump SHA to pick up check-registered-ai-pypi 3-way (opena2a-parity#11) (#210)hackmyagent
feat(check-registered-ai-pypi): expand 2-way -> 3-way (add opena2a) (#11)opena2a-parity
1.0.0aicomply
Initial commitdid-method-opena2a
chore: harden .gitignore with sensitive-file patterns + Go build artifactsatp-conformance
chore: update analytics data [skip ci]github-analytics-tracker
docs(hardening): flip empty-state gate ☐ → ☑ (PR #247 + #248 closed it) (#250)agent-identity-management
fix(ci): unblock e2e empty-state job — migrate fallback + working-directory (#248)agent-identity-management
test(e2e): empty-state Playwright suite + CI integration for v1.0 gate (#247)agent-identity-management
docs: canonicalize self-references to opena2a-standards (post org move) (#2)atp-conformance
opena2a 0.10.3 -> 0.10.4 (#7)homebrew-tap
+1 more
3w ago
docs(cli): append cli-ui 0.5.1 + Node 24 to 0.10.4 CHANGELOG (#173)opena2a
docs: canonicalize atx-conformance URLs to opena2a-standards (#1)atp-conformance
docs: resolve Decision 3 as 3-C; cross-link atx-conformance + add COSIGNERS.md (#1)aip-conformance
docs: add Sibling repositories cross-link + COSIGNERS.md; switch self-refs to opena2a-standards (#2)atx-conformance
chore: per-package tag convention for v1.0.0 cut (#249)agent-identity-management
chore: bump @opena2a/cli-ui pin to 0.5.1 + Node 24 actions (#205)hackmyagent
chore: bump @opena2a/cli-ui pin to 0.5.1 + Node 24 actions (#55)ai-trust
chore: opena2a-cli pin to @opena2a/cli-ui 0.5.1 + Node 24 actions (#172)opena2a
ci: opt release.yml into Node 24 for v4-line actions (#50)damn-vulnerable-ai-agent
ci(parity): bump SHA to pick up check-registered-ai-pypi fixture (opena2a-parity#10) (#171)opena2a
ci(parity): bump SHA to pick up check-registered-ai-pypi fixture (opena2a-parity#10) (#54)ai-trust
ci(parity): bump SHA to pick up check-registered-ai-pypi fixture (opena2a-parity#10) (#204)hackmyagent
chore(deps): bump packages/cli hackmyagent pin to 0.23.4 (#169)opena2a
feat(fixtures): add check-registered-ai-pypi two-way PyPI parity fixture (#10)opena2a-parity
docs: canonicalize atp + aip sibling-repo URLs (post org move); flip aip row to v0.2 shippedatx-conformance
feat(v0.2): ship AIP §5.1 challenge-response fixture suite (4 fixtures + Go/Python verifiers)aip-conformance
chore(hackmyagent): bump to 0.23.4 (pip-prefix Registry fix) (#6)homebrew-tap
docs(hardening): rescope third-party security review to post-1.0 (#246)agent-identity-management
Merge pull request #49 from opena2a-org/fix/dvaa-0.9.1-papercutsdamn-vulnerable-ai-agent
fix(cli-ui): telemetry --help + toggle-hint direction (0.5.1) (#170)opena2a
+18 more
3w ago
feat(#177): surface drift score as a labeled card on the agent detail page (#240)agent-identity-management
security: fix RevokeAllAttestationsByAgent Fiber-v3 route binding (#237) (#239)agent-identity-management
docs: agnostic language in DEMO_BUILD.mddamn-vulnerable-ai-agent
chore: update analytics data [skip ci]github-analytics-tracker
3w ago
fix(scanner): suppress NEMO-009 + AST-CRED-* false positives on test files, training corpora, and integrity manifests (nanomind#26) (#192)hackmyagent
security: close defect #41 status-code oracle + RecordMCPConnection route binding (#162) (#238)agent-identity-management
feat: interactive research-agent demo (dvaa chat) + SSRF guard (#45)damn-vulnerable-ai-agent
fix(check): honor --no-scan for pip:/pypi: targets (closes #195) (#197)hackmyagent
Update AIM enforcement details in DEMO_BUILD.mddamn-vulnerable-ai-agent
ci(parity): bump SHA to pick up scan-soul-hardened fixture (opena2a-parity#9) (#168)opena2a
ci(parity): bump SHA to pick up scan-soul-hardened fixture (opena2a-parity#9) (#53)ai-trust
ci(parity): bump SHA to pick up scan-soul-hardened fixture (opena2a-parity#9) (#196)hackmyagent
feat(fixtures): add scan-soul-hardened two-way governance fixture (#9)opena2a-parity
fix(check): strip pip:/npm: ecosystem prefix + thread through (closes #50) (#52)ai-trust
ci(parity): bump SHA to pick up secure-empty-dir fixture (opena2a-parity#8) (#167)opena2a
ci(parity): bump SHA to pick up secure-empty-dir fixture (opena2a-parity#8) (#51)ai-trust
ci(parity): bump SHA to pick up secure-empty-dir fixture (opena2a-parity#8) (#194)hackmyagent
fix(#160): close verification GET dual-mount IDOR (signature-authed SDK route, org-scoped JWT route) (#236)agent-identity-management
feat(fixtures): add secure-empty-dir two-way baseline-score fixture (#8)opena2a-parity
hackmyagent 0.23.2homebrew-tap
ai-trust 0.7.3homebrew-tap
ci(parity): bump SHA to pick up check-not-found fixture (opena2a-parity#7) (#166)opena2a
ci(parity): bump SHA to pick up check-not-found fixture (opena2a-parity#7) (#49)ai-trust
ci(parity): bump SHA to pick up check-not-found fixture (opena2a-parity#7) (#193)hackmyagent
+6 more
3w ago
feat: add cloud-mode AIM reporter for live dashboard view (#44)damn-vulnerable-ai-agent
ci: remove paths filter so the gate fires on every PR (#19)ai-browserguard
ci: add lint + test scripts so the CI workflow stops failing (#11)agent-runtime-protection
docs: add STATUS.md (beta) and status badge (#18)ai-browserguard
docs: add STATUS.md (beta) and status badge (#10)agent-runtime-protection
docs: add STATUS.md (reference-only) and status badge (#43)damn-vulnerable-ai-agent
docs: add STATUS.md (experimental) and status badge (#6)github-analytics-tracker
docs: add STATUS.md (beta) and status badge (#7)aicomply
docs: add STATUS.md (beta) and status badge (#27)nanomind
docs: add STATUS.md (beta) and status badge (#232)agent-identity-management
docs: add STATUS.md (stable) and status badge (#3)trust-badge-action
docs: add STATUS.md (stable) and status badge (#5)homebrew-tap
docs: add STATUS.md (stable) and status badge (#164)opena2a
docs: add STATUS.md (stable) and status badge (#47)ai-trust
docs: add STATUS.md (stable) and status badge (#190)hackmyagent
ci(parity): point uses: at opena2a-standards/opena2a-parity (org move) (#165)opena2a
ci(parity): point uses: at opena2a-standards/opena2a-parity (org move) (#48)ai-trust
ci(parity): point uses: at opena2a-standards/opena2a-parity (org move) (#191)hackmyagent
ci: fix security.yml YAML parse error (block scalar for eslint run)agent-runtime-protection
ci: clean up leftover tsc artifacts and fix non-deterministic disttrust-badge-action
+57 more
3w ago
docs(spec): correct Appendix A.1 hybrid PQC signing row (#4)agent-identity-protocol
docs(spec): note Python conformance verifier in Appendix A.1 local-verify row (#3)agent-identity-protocol
docs(readme): cross-link to atx-conformance suite (#2)atx-spec
docs(readme): correct hybrid signing status; registry-side issuer is already hybridatx-conformance
docs(spec): unify DID method to did:opena2a; cross-link AIM identity to AIP; draft sibling issueatx-spec
docs(spec): unify DID method to did:opena2a; 9-factor reference; AIM coverage scopingagent-identity-protocol
Initial: ATX v1.0 conformance fixtures and reference verifiersatx-conformance
Initial import: ATX architecture docs from [private]atx-spec
Initial commitatx-spec
chore: update analytics data [skip ci]github-analytics-tracker
3w ago
security: close audit-log query IDOR — orgID required on GetByUser, GetByResource, GetByAgent (HIGH) (#195)agent-identity-management
security: close 4 AgentHandler cross-tenant IDORs (HIGH cluster — Phase 4.5 expansion) (#197)agent-identity-management
security: close 3 CapabilityRequestHandlers cross-tenant IDORs (A3d-ix, HIGH cluster) (#196)agent-identity-management
docs: replace weather:fetch with db:read in quick-start snippets (#204)agent-identity-management
security: close SDKTokenHandler.RevokeToken existence oracle (cross-user) (#199)agent-identity-management
docs(readme): lead with SDK integration, consolidate CLI as ops tools (#201)agent-identity-management
chore: update analytics data [skip ci]github-analytics-tracker
docs(sdk): rewrite Python + Java READMEs for technical tone, parity with AIM README (#202)agent-identity-management
4w ago
chore: remove failing sync-to-cloud and sync-to-frontend workflows (#203)agent-identity-management
security: close 4 SecurityPolicyHandler cross-tenant IDORs (HIGH cluster) (#193)agent-identity-management
security: close A2AHandler.LogTask phantom-task body-AgentID IDOR (P2) (#192)agent-identity-management
security: close MCP body-supplied mcpServerId IDORs (defects #19 + #19b) (#191)agent-identity-management
security: close AlertService.AcknowledgeAlert + ResolveAlert system-wide IDORs (HIGH) (#190)agent-identity-management
security: tenant-scope 4 MCP-server-scoped TagHandler routes (A3d-ii) (#180)agent-identity-management
security: tenant-scope 4 namespace-path-id SecretsHandler routes (A3d-iii) (#181)agent-identity-management
security: tenant-scope 4+1 VerificationEventHandler routes (A3d-iv) (#182)agent-identity-management
security: tenant-scope 4 AdminHandler approval routes (A3d-v) (#184)agent-identity-management
security: tenant-scope 8 MCPAttestationHandler routes (A3d-vi) (#185)agent-identity-management
security: tenant-scope 11 A2AHandler agent-scoped routes (A3d-vii.a) (#186)agent-identity-management
security: close 2 P1 A2AHandler cross-tenant IDORs (A3d-vii.b) (#187)agent-identity-management
security: close AttestMCP body-AgentID cross-tenant IDOR (P0) (#188)agent-identity-management
security(lint): add class-#3 service-param scan to tenantscope-lint (#189)agent-identity-management
fix(review-html): explicit column widths for HMA Issues by Check table (#137) (#160)opena2a
fix(scan-soul): disclose partial scope; promote profile-mismatch to HIGH (#136) (#159)opena2a
feat(credential-patterns): add canonical AWS secret-key example to allowlist (#127 item 4) (#158)opena2a
fix(trust): retire stale "Registry launches soon" copy; suppress 0 downloads (#123) (#157)opena2a
fix(scoring): read MCP server count from structured items, not regex (#125) (#156)opena2a
fix(protect): surface .key/.pem/.p12/.pfx files instead of silent no-op (#126) (#155)opena2a
+15 more
4w ago
security: close defect #48 — RegisterCapability cross-tenant IDOR (#145)agent-identity-management
security: convert inline 403-on-cross-org checks to LoadOwned (A3b-i, 7 read-only handlers) (#148)agent-identity-management
security: close defect #40 — MCPServerRepository.GetByURL cross-tenant leak (#147)agent-identity-management
chore(lint): remove redundant #48 allowlist entry + panic-proof cross-org test (#146)agent-identity-management
security(lint): broaden tenantscope-lint paramKeys (A3c) (#144)agent-identity-management
docs(observability): clarify scan_verdict provenance (producer-emitted, HMA integration on roadmap) (#142)agent-identity-management
fix(auth): route re-registration capability adds through the approval workflow (#139)agent-identity-management
fix(api): initialize list-returning slices via make([]T, 0) so empty results serialize as [] not null (#138)agent-identity-management
docs(scan_verdict): clarify producer-emitted framing, flag HMA integration as roadmapotel-semconv-agent-identity
security: random bootstrap admin UUIDs + password (B2 / defect #2; CWE-330, CWE-798) (#141)agent-identity-management
docs(observability): replace 5 em dashes with colons or periods (#140)agent-identity-management
security: remove ${VAR:-fallback} for secret-shaped env vars + hash-only dev-secret blocklist (#127)agent-identity-management
Add minimal LangChain agent as reference implementation for the Observability Summit talk.otel-semconv-agent-identity
docs(mirror): em-dash sweep to stay in sync with OBSERVABILITY.mdotel-semconv-agent-identity
security: tenant-scoping helper + AST lint + 5 confidently-closed defects (P0 foundation for #18-25) (#136)agent-identity-management
Mark repo as exempt from the 8-phase pre-push review (docs + proposal-spec, no build/test surface).otel-semconv-agent-identity
Add LangChain to OTel bridge example emitting the 9 agent.* and fga.* attributes.otel-semconv-agent-identity
Initial commit: agentic authorization SemConv proposal for OTel SIG GenAI.otel-semconv-agent-identity
chore: update analytics data [skip ci]github-analytics-tracker
1mo ago
Merge pull request #3 from opena2a-org/docs/atx-spec-and-exampleagent-trust-protocol
Merge pull request #2 from opena2a-org/docs/atx-namingagent-trust-protocol
docs: add ATX section to ATP-SPEC and v1.1-draft example fileagent-trust-protocol
docs: introduce ATX as named credential format, add W3C VC interop, switch em dashes to colonsagent-trust-protocol
Merge pull request #6 from opena2a-org/fix/jschoemaker-issue-4a2a-idf-conformance
chore: update analytics data [skip ci]github-analytics-tracker
1mo ago
docs: publish hardening status and pre-1.0 production-readiness notice (#126)agent-identity-management
Merge pull request #3 from opena2a-org/feat/verifier-sha512-and-schema-doca2a-idf-conformance
aim-did-rfc9421: dual-method JWK + multibase, Envoys v1.5.1 pin, RFC 8032 §7.1 vectora2a-idf-conformance
chore: update analytics data [skip ci]github-analytics-tracker
1mo ago
chore: update analytics data [skip ci]github-analytics-tracker
1mo ago
chore: update analytics data [skip ci]github-analytics-tracker
1mo ago
chore: update analytics data [skip ci]github-analytics-tracker
1mo ago
docs: link AIM Cloud get-started landing page from READMEs (#125)agent-identity-management
fix(cli): clean up scan workspace on every exit path (#181)hackmyagent
Add SHA-512 content-digest support, composition-fixture schema doc, contributing rewritea2a-idf-conformance
fix(release-workflow): drop doubled path prefix in gh release create dist glob (#24)nanomind
fix(release-workflow): drop doubled packages/nanomind-analyst path prefix in version-match guard (#23)nanomind
fix(nanomind-analyst): 3 P1s + 3 P2s caught by release-test on the 0.1.1 wheel (#22)nanomind
chore: update analytics data [skip ci]github-analytics-tracker
1mo ago
fix(nanomind-analyst): declare accelerate as runtime dep + add clean-env boot smoke gate (#21)nanomind
Ship bilateral-receipt and delegation-chain-3link composition fixtures (#1)a2a-idf-conformance
chore: update analytics data [skip ci]github-analytics-tracker
1mo ago
Wire OIDC Trusted Publishing for @opena2a/a2a-idf (#1)a2a-idf-sdk
chore(bumps): secretless-ai 0.17.1 + ai-trust 0.7.1 + opena2a 0.10.3 (#4)homebrew-tap
fix(cli): resolve hackmyagent across all npm install layouts (#41)damn-vulnerable-ai-agent
fix(cli): reject unknown --flags as dir args on init/status (#74)secretless
chore(release): bump version to 0.8.3 (#40)damn-vulnerable-ai-agent
chore(release): bump version to 0.7.1 (#43)ai-trust
chore(release): bump version to 0.17.1 (#73)secretless
fix(parity): pin first checkout to opena2a-parity in workflow_call context (#6)opena2a-parity
fix(parity): remove workflow-level concurrency block (#5)opena2a-parity
First shipped fixture: aim-did-rfc9421/signature-alonea2a-idf-conformance
chore: update analytics data [skip ci]github-analytics-tracker
Initial MVP: @opena2a/a2a-idf TypeScript SDKa2a-idf-sdk
1mo ago
fix(init): UX audit wave 1 (closes #117 #118 #119 #116, audit-bug B) (#129)opena2a
chore(cli): pin hackmyagent to exact 0.22.3 — remove caret range (#148)opena2a
feat(nanomind): shell out `nanomind setup` to nanomind-analyst installer (#180)hackmyagent
feat(credential-patterns): 0.1.1 — block-comment markers, bare 'fake', localhost+demo allowlist (#134)opena2a
fix(cli): register `secure` alias + `check --nanomind`/`--rescan` flags (closes #135) (#141)opena2a
fix(protect): anchored CLI self-exemption — replace substring marker check (#147)opena2a
feat(nanomind-analyst): PyPI installer for the Analyst daemon (#20)nanomind
hackmyagent 0.23.0homebrew-tap
feat(nanomind): route security analyst through NanoMind-Guard daemon (#179)hackmyagent
feat(nanomind): bump security-analyst to v3.0.0 with revision-pinned HF download (#177)hackmyagent
docs(readme): mirror AIM README structure (#42)ai-trust
docs(readme): mirror AIM README structure (#72)secretless
v0.2.1: tighten AIIS-ATTR-EXFIL-URL-01, add excluded_domains support (#3)aiis-signatures
docs(readme): mirror AIM README structure (#146)opena2a
docs(readme): mirror AIM README structure (#176)hackmyagent
chore: bump to 0.22.3 — telemetry fix from #174 (#175)hackmyagent
chore(cli): bump to 0.10.3 — adopt @opena2a/telemetry 0.2.0 (#145)opena2a
release: nanomind-security-analyst v3.0.0nanomind
fix(telemetry): treat exit 1 as success (attack demo ran ≠ failure) (#39)damn-vulnerable-ai-agent
fix(telemetry): treat exit 1 as success (verdict-below-threshold ≠ failure) (#41)ai-trust
+8 more
1mo ago
docs: add tests badge + SLSA provenance verification (#40)ai-trust
docs: add from-source install path + SLSA provenance verification (#70)secretless
docs: refresh test-count badge 1757 → 2072 (#173)hackmyagent
v0.2.0: introduce exposure signature category (#2)aiis-signatures
chore: update analytics data [skip ci]github-analytics-tracker
1mo ago
chore: update analytics data [skip ci]github-analytics-tracker
1mo ago
chore: update analytics data [skip ci]github-analytics-tracker
1mo ago
chore: update analytics data [skip ci]github-analytics-tracker
1mo ago
chore: update analytics data [skip ci]github-analytics-tracker
1mo ago
chore: update analytics data [skip ci]github-analytics-tracker
1mo ago
chore: update analytics data [skip ci]github-analytics-tracker
1mo ago
chore: update analytics data [skip ci]github-analytics-tracker