I shipped some important new features for A2M today. The latest roadmap update is all about bridging the gap between local AI development, security, and marketplace visibility.
1. Local AI-powered security scanning
The biggest change is a first-pass DevSecOps audit built directly into the a2m-submit CLI workflow. Before a project is submitted, the CLI can detect locally running LLM clients or agents and use them to run a trust and safety review.
- Detects exposed secrets
- Flags uncommitted
.envfiles - Checks package vulnerabilities with auditscan
- Produces a security trust score with remediation guidance
2. Web submissions are now live
For builders who want a no-code or low-friction path, the web submission flow is now officially available. That means AI tools, agents, and MCP servers can be published directly through the website without needing the CLI.
3. Repository claiming and verification
To improve ecosystem trust, creators can now claim and verify repository ownership. A unique a2m-challenge.json file is generated for GitHub repos so ownership can be validated quickly and securely.
Why this matters
These updates make A2M more useful for builders who want to ship publicly without sacrificing trust, safety, or visibility. It’s a practical step toward a marketplace where local development and public distribution can work together cleanly.
Check it out
If you’re building something new, you can explore the platform at a2m.one.