Migrate API domain to api.oa2a.org

README.md

@@ -448,7 +448,7 @@ The `--publish` flag pushes scan results to the [OpenA2A Registry](https://regis
 hackmyagent secure ./my-agent --publish
 ```
 
-When signing keys are configured (via `opena2a claim`), results are published at full weight. Without signing keys, results are accepted as community contributions at 0.5x weight. The CLI shows guidance on how to claim your agent for full-weight publishing.
+Results are published to the backend API at `https://api.oa2a.org`. When signing keys are configured (via `opena2a claim`), results are published at full weight. Without signing keys, results are accepted as community contributions at 0.5x weight. The CLI shows guidance on how to claim your agent for full-weight publishing.
 
 Use `--registry-url` to publish to a custom registry endpoint (e.g., a private organizational registry).
 

__tests__/telemetry/contribute.test.ts

@@ -408,14 +408,14 @@ describe('submitContribution', () => {
       osType: 'macos',
     };
 
-    const result = await submitContribution(payload, 'https://registry.opena2a.org');
+    const result = await submitContribution(payload, 'https://api.oa2a.org');
 
     expect(result.success).toBe(true);
     expect(result.scanId).toBe('scan-123');
 
     // Verify the correct endpoint was called
     const fetchCall = (fetch as any).mock.calls[0];
-    expect(fetchCall[0]).toBe('https://registry.opena2a.org/api/v1/telemetry/scan');
+    expect(fetchCall[0]).toBe('https://api.oa2a.org/api/v1/telemetry/scan');
     expect(fetchCall[1].method).toBe('POST');
   });
 
@@ -483,6 +483,6 @@ describe('submitContribution', () => {
     await submitContribution(payload);
 
     const fetchCall = (fetch as any).mock.calls[0];
-    expect(fetchCall[0]).toBe('https://registry.opena2a.org/api/v1/telemetry/scan');
+    expect(fetchCall[0]).toBe('https://api.oa2a.org/api/v1/telemetry/scan');
   });
 });

src/arp/telemetry/gtin.ts

@@ -254,14 +254,14 @@ export function isAnomalousEvent(event: ARPEvent): boolean {
 /**
  * Submit a single GTIN event to the OpenA2A Registry.
  *
- * POST to https://registry.opena2a.org/api/v1/telemetry/runtime
+ * POST to https://api.oa2a.org/api/v1/telemetry/runtime
  * Timeout: 10 seconds. Non-blocking: failures are logged as warnings, never crash.
  */
 export async function submitGTINEvent(
   payload: GTINPayload,
   registryUrl?: string,
 ): Promise<GTINSubmitResult> {
-  const baseUrl = registryUrl || 'https://registry.opena2a.org';
+  const baseUrl = registryUrl || 'https://api.oa2a.org';
   const url = `${baseUrl}/api/v1/telemetry/runtime`;
 
   try {

src/arp/types.ts

@@ -74,7 +74,7 @@ export interface GTINConfig {
   enabled: boolean;
   /** Sensor token override (auto-generated if not provided) */
   sensorToken?: string;
-  /** Registry URL override (default: https://registry.opena2a.org) */
+  /** Registry URL override (default: https://api.oa2a.org) */
   registryUrl?: string;
 }
 

src/cli.ts

@@ -1798,7 +1798,7 @@ Examples:
   .option('--registry-report', 'Post results to OpenA2A Registry')
   .option('--no-registry', 'Skip auto-publishing results to OpenA2A Registry')
   .option('--version-id <id>', 'Registry version ID to report against')
-  .option('--registry-url <url>', 'Registry URL (default: REGISTRY_URL env)', process.env.REGISTRY_URL || 'https://registry.opena2a.org')
+  .option('--registry-url <url>', 'Registry URL (default: REGISTRY_URL env)', process.env.REGISTRY_URL || 'https://api.oa2a.org')
   .option('--registry-key <key>', 'Registry API key (default: REGISTRY_API_KEY env)')
   .option('--contribute', 'Share anonymized scan findings with OpenA2A Registry (overrides config)')
   .option('--no-contribute', 'Do not share findings for this scan (overrides config)')
@@ -2003,7 +2003,7 @@ Examples:
         if (options.publish && options.registry !== false) {
           try {
             const { publishScanResults } = await import('./registry/publish');
-            const registryUrl = options.registryUrl || process.env.REGISTRY_URL || 'https://registry.opena2a.org';
+            const registryUrl = options.registryUrl || process.env.REGISTRY_URL || 'https://api.oa2a.org';
             const packageName = resolvePackageName(targetDir);
             if (packageName) {
               const publishData = {
@@ -2171,7 +2171,7 @@ Examples:
       if (options.versionId || options.registryReport) {
         try {
           const core = await import('./index');
-          const registryUrl = options.registryUrl || process.env.REGISTRY_URL || 'https://registry.opena2a.org';
+          const registryUrl = options.registryUrl || process.env.REGISTRY_URL || 'https://api.oa2a.org';
 
           if (options.versionId) {
             // Authenticated path: existing behavior (version-id + API key)
@@ -2217,7 +2217,7 @@ Examples:
       } else if (options.publish) {
         try {
           const { publishScanResults, formatPublishOutput } = await import('./registry/publish');
-          const registryUrl = options.registryUrl || process.env.REGISTRY_URL || 'https://registry.opena2a.org';
+          const registryUrl = options.registryUrl || process.env.REGISTRY_URL || 'https://api.oa2a.org';
           const packageName = resolvePackageName(targetDir);
 
           if (!packageName) {
@@ -2725,7 +2725,7 @@ Examples:
   .option('--registry-report', 'Post results to OpenA2A Registry')
   .option('--no-registry', 'Skip auto-publishing results to OpenA2A Registry')
   .option('--version-id <id>', 'Registry version ID to report against')
-  .option('--registry-url <url>', 'Registry URL (default: REGISTRY_URL env)', process.env.REGISTRY_URL || 'https://registry.opena2a.org')
+  .option('--registry-url <url>', 'Registry URL (default: REGISTRY_URL env)', process.env.REGISTRY_URL || 'https://api.oa2a.org')
   .option('--registry-key <key>', 'Registry API key (default: REGISTRY_API_KEY env)')
   .action(async (targetUrl: string | undefined, options: {
     intensity?: string;
@@ -2918,7 +2918,7 @@ Examples:
       if (shouldReport) {
         try {
           const core = await import('./index');
-          const registryUrl = options.registryUrl || process.env.REGISTRY_URL || 'https://registry.opena2a.org';
+          const registryUrl = options.registryUrl || process.env.REGISTRY_URL || 'https://api.oa2a.org';
 
           if (options.versionId) {
             // Authenticated path: existing behavior (version-id + API key)
@@ -2963,7 +2963,7 @@ Examples:
       } else if (options.publish && targetType !== 'local') {
         try {
           const { publishScanResults, formatPublishOutput } = await import('./registry/publish');
-          const regUrl = options.registryUrl || process.env.REGISTRY_URL || 'https://registry.opena2a.org';
+          const regUrl = options.registryUrl || process.env.REGISTRY_URL || 'https://api.oa2a.org';
           const packageName = target.url || targetUrl || 'unknown';
 
           if (format === 'text') {
@@ -4309,7 +4309,7 @@ Examples:
   .option('--fail-below <score>', 'Exit 1 if score below threshold (0-100)')
   .option('--deep', 'Enable LLM semantic analysis for ambiguous controls (requires claude CLI or ANTHROPIC_API_KEY)')
   .option('--publish', 'Push scan results to the OpenA2A Registry')
-  .option('--registry-url <url>', 'Registry URL (default: REGISTRY_URL env)', process.env.REGISTRY_URL || 'https://registry.opena2a.org')
+  .option('--registry-url <url>', 'Registry URL (default: REGISTRY_URL env)', process.env.REGISTRY_URL || 'https://api.oa2a.org')
   .option('--contribute', 'Share anonymized scan findings with OpenA2A Registry (overrides config)')
   .option('--no-contribute', 'Do not share findings for this scan (overrides config)')
   .action(async (directory: string, options: { json?: boolean; verbose?: boolean; tier?: string; profile?: string; failBelow?: string; deep?: boolean; publish?: boolean; registryUrl?: string; contribute?: boolean }) => {
@@ -4337,7 +4337,7 @@ Examples:
         if (options.publish) {
           try {
             const { publishScanResults } = await import('./registry/publish');
-            const registryUrl = options.registryUrl || process.env.REGISTRY_URL || 'https://registry.opena2a.org';
+            const registryUrl = options.registryUrl || process.env.REGISTRY_URL || 'https://api.oa2a.org';
             const packageName = resolvePackageName(targetDir);
             if (packageName) {
               const publishData = {
@@ -4460,7 +4460,7 @@ Examples:
       if (options.publish) {
         try {
           const { publishScanResults, formatPublishOutput } = await import('./registry/publish');
-          const registryUrl = options.registryUrl || process.env.REGISTRY_URL || 'https://registry.opena2a.org';
+          const registryUrl = options.registryUrl || process.env.REGISTRY_URL || 'https://api.oa2a.org';
           const packageName = resolvePackageName(targetDir);
 
           if (!packageName) {

src/registry/publish.test.ts

@@ -448,7 +448,7 @@ describe('publishScanResults', () => {
       hardeningFindings: makeHardeningFindings(),
     };
 
-    const result = await publishScanResults(data, 'https://registry.opena2a.org');
+    const result = await publishScanResults(data, 'https://api.oa2a.org');
 
     expect(result.success).toBe(true);
     expect(result.isCommunity).toBe(true);
@@ -478,7 +478,7 @@ describe('publishScanResults', () => {
       soulResult: makeSoulResult(),
     };
 
-    const result = await publishScanResults(data, 'https://registry.opena2a.org');
+    const result = await publishScanResults(data, 'https://api.oa2a.org');
 
     expect(result.success).toBe(true);
     expect(result.isCommunity).toBe(false);
@@ -518,7 +518,7 @@ describe('publishScanResults', () => {
       hardeningFindings: makeHardeningFindings(),
     };
 
-    const result = await publishScanResults(data, 'https://registry.opena2a.org');
+    const result = await publishScanResults(data, 'https://api.oa2a.org');
 
     expect(result.success).toBe(false);
     expect(result.error).toContain('500');
@@ -534,7 +534,7 @@ describe('publishScanResults', () => {
       hardeningFindings: [],
     };
 
-    const result = await publishScanResults(data, 'https://registry.opena2a.org');
+    const result = await publishScanResults(data, 'https://api.oa2a.org');
 
     expect(result.success).toBe(false);
     expect(result.error).toContain('ECONNREFUSED');
@@ -561,9 +561,9 @@ describe('formatPublishOutput', () => {
       hardeningFindings: makeHardeningFindings(),
     };
 
-    const output = formatPublishOutput(result, data, 'https://registry.opena2a.org');
+    const output = formatPublishOutput(result, data, 'https://api.oa2a.org');
 
-    expect(output).toContain('Published to registry.opena2a.org');
+    expect(output).toContain('Published to api.oa2a.org');
     expect(output).toContain('@anthropic/mcp-server-fetch');
     expect(output).toContain('scan-abc');
     expect(output).toContain('Trust impact');
@@ -586,9 +586,9 @@ describe('formatPublishOutput', () => {
       soulResult: makeSoulResult(),
     };
 
-    const output = formatPublishOutput(result, data, 'https://registry.opena2a.org');
+    const output = formatPublishOutput(result, data, 'https://api.oa2a.org');
 
-    expect(output).toContain('Published to registry.opena2a.org');
+    expect(output).toContain('Published to api.oa2a.org');
     expect(output).toContain('community scan (0.5x weight)');
     expect(output).toContain('opena2a claim');
   });
@@ -608,7 +608,7 @@ describe('formatPublishOutput', () => {
       directory: '/tmp/test',
     };
 
-    const output = formatPublishOutput(result, data, 'https://registry.opena2a.org');
+    const output = formatPublishOutput(result, data, 'https://api.oa2a.org');
 
     expect(output).toContain('Failed to publish');
     expect(output).toContain('Connection refused');
@@ -633,7 +633,7 @@ describe('formatPublishOutput', () => {
       oasbResult: makeOasbResult(),
     };
 
-    const output = formatPublishOutput(result, data, 'https://registry.opena2a.org');
+    const output = formatPublishOutput(result, data, 'https://api.oa2a.org');
 
     expect(output).toContain('hardening');
     expect(output).toContain('OASB');

src/telemetry/contribute.ts

@@ -163,14 +163,14 @@ export function buildContributionPayloadFromDir(
 /**
  * Submit an anonymized contribution payload to the OpenA2A Registry.
  *
- * POST to https://registry.opena2a.org/api/v1/telemetry/scan
+ * POST to https://api.oa2a.org/api/v1/telemetry/scan
  * Timeout: 10 seconds. Non-blocking: failures are logged as warnings, never crash the scan.
  */
 export async function submitContribution(
   payload: ContributionPayload,
   registryUrl?: string,
 ): Promise<ContributionResult> {
-  const baseUrl = registryUrl || 'https://registry.opena2a.org';
+  const baseUrl = registryUrl || 'https://api.oa2a.org';
   const url = `${baseUrl}/api/v1/telemetry/scan`;
 
   try {