opmsec 0.1.0 → 0.1.3

package/packages/cli/src/commands/install.tsx

@@ -67,6 +67,15 @@ function sevColor(sev: string): string {
 }
 
 export function InstallCommand({ packageName, version }: InstallCommandProps) {
+  if (packageName) {
+    return <SingleInstall packageName={packageName} version={version} />;
+  }
+  return <BulkInstall />;
+}
+
+// ─── Single package install with full security pipeline ───────────────────────
+
+function SingleInstall({ packageName, version }: { packageName: string; version?: string }) {
   const [steps, setSteps] = useState<Steps>({
     resolve: 'pending', cve: 'pending', onchain: 'pending',
     signature: 'pending', chainpatrol: 'pending', report: 'pending',
@@ -84,26 +93,19 @@ export function InstallCommand({ packageName, version }: InstallCommandProps) {
   }, []);
 
   async function run() {
-    const packages = getTargetPackages(packageName, version);
-    if (packages.length === 0) {
-      setError('No packages to install');
-      return;
-    }
-
-    const pkg = packages[0];
     const r: SecurityResult = {
-      name: pkg.name, version: pkg.version,
-      resolvedVersion: pkg.version, cves: [],
+      name: packageName, version: version || 'latest',
+      resolvedVersion: version || 'latest', cves: [],
       blocked: false, warning: false,
     };
 
     update('resolve', 'running');
-    r.resolvedVersion = await resolveVersion(pkg.name, pkg.version);
+    r.resolvedVersion = await resolveVersion(packageName, r.version);
     setResult({ ...r });
     update('resolve', 'done');
 
     update('cve', 'running');
-    r.cves = await queryOSV(pkg.name, r.resolvedVersion);
+    r.cves = await queryOSV(packageName, r.resolvedVersion);
     const cveCounts = categorizeCVEs(r.cves);
     if (cveCounts.critical > 0) {
       r.blocked = true;
@@ -116,16 +118,15 @@ export function InstallCommand({ packageName, version }: InstallCommandProps) {
 
     update('onchain', 'running');
     try {
-      const info = await getPackageInfo(pkg.name, r.resolvedVersion);
+      const info = await getPackageInfo(packageName, r.resolvedVersion);
       r.info = info;
-
       if (info.exists) {
         if (info.aggregateScore >= HIGH_RISK_THRESHOLD) {
           r.blocked = true;
           r.blockReason = (r.blockReason ? r.blockReason + '; ' : '') + `risk score ${info.aggregateScore}/100`;
         } else if (info.aggregateScore >= MEDIUM_RISK_THRESHOLD) {
           r.warning = true;
-          r.safestVersion = await getSafestVersion(pkg.name).catch(() => undefined);
+          r.safestVersion = await getSafestVersion(packageName).catch(() => undefined);
         }
       }
     } catch { /* not in registry */ }
@@ -148,7 +149,7 @@ export function InstallCommand({ packageName, version }: InstallCommandProps) {
 
     if (!r.info?.exists) {
       update('chainpatrol', 'running');
-      const cp = await checkPackageWithChainPatrol(pkg.name).catch(() => null);
+      const cp = await checkPackageWithChainPatrol(packageName).catch(() => null);
       r.chainPatrolStatus = cp?.status;
       if (cp?.status === 'BLOCKED') {
         r.blocked = true;
@@ -174,10 +175,8 @@ export function InstallCommand({ packageName, version }: InstallCommandProps) {
 
     update('install', 'running');
     try {
-      const installTarget = packageName
-        ? `${packageName}${version ? `@${version}` : ''}`
-        : '';
-      execSync(`npm install ${installTarget}`, { encoding: 'utf-8', stdio: 'pipe', cwd: process.cwd() });
+      const target = `${packageName}${version ? `@${version}` : ''}`;
+      execSync(`npm install ${target}`, { encoding: 'utf-8', stdio: 'pipe', cwd: process.cwd() });
     } catch { /* non-fatal */ }
     update('install', 'done');
     setDone(true);
@@ -326,6 +325,217 @@ export function InstallCommand({ packageName, version }: InstallCommandProps) {
   );
 }
 
+// ─── Bulk install: scan ALL deps from package.json ────────────────────────────
+
+interface BulkDepResult {
+  name: string;
+  version: string;
+  cves: OSVVulnerability[];
+  cvesCritical: number;
+  cvesHigh: number;
+  onChain: boolean;
+  score: number | null;
+  blocked: boolean;
+  blockReason?: string;
+  suggestedUpgrade?: string;
+}
+
+function BulkInstall() {
+  const [deps, setDeps] = useState<BulkDepResult[]>([]);
+  const [scanning, setScanning] = useState(true);
+  const [error, setError] = useState<string | null>(null);
+  const [installStatus, setInstallStatus] = useState<StepStatus>('pending');
+  const [total, setTotal] = useState(0);
+
+  useEffect(() => {
+    runBulk().catch((err) => setError(String(err)));
+  }, []);
+
+  async function runBulk() {
+    const pkgPath = path.resolve('package.json');
+    if (!fs.existsSync(pkgPath)) {
+      setError('No package.json found');
+      return;
+    }
+
+    const pkgJson = JSON.parse(fs.readFileSync(pkgPath, 'utf-8'));
+    const allDeps = { ...pkgJson.dependencies, ...pkgJson.devDependencies };
+    const entries = Object.entries(allDeps) as [string, string][];
+    setTotal(entries.length);
+
+    if (entries.length === 0) {
+      setScanning(false);
+      return;
+    }
+
+    const checked: BulkDepResult[] = [];
+
+    for (const [name, verRange] of entries) {
+      const rawVersion = String(verRange).replace(/^[\^~]/, '');
+      const entry: BulkDepResult = {
+        name, version: rawVersion,
+        cves: [], cvesCritical: 0, cvesHigh: 0,
+        onChain: false, score: null,
+        blocked: false,
+      };
+
+      const [osvResult, infoResult] = await Promise.allSettled([
+        queryOSV(name, rawVersion),
+        getPackageInfo(name, rawVersion),
+      ]);
+
+      if (osvResult.status === 'fulfilled' && osvResult.value.length > 0) {
+        entry.cves = osvResult.value;
+        const counts = categorizeCVEs(osvResult.value);
+        entry.cvesCritical = counts.critical;
+        entry.cvesHigh = counts.high;
+
+        if (counts.critical > 0) {
+          entry.blocked = true;
+          entry.blockReason = `${counts.critical} CRITICAL CVE(s)`;
+          entry.suggestedUpgrade = getBestUpgradeVersion(osvResult.value, rawVersion) || undefined;
+        }
+      }
+
+      if (infoResult.status === 'fulfilled' && infoResult.value.exists) {
+        entry.onChain = true;
+        entry.score = infoResult.value.aggregateScore;
+        if (entry.score >= HIGH_RISK_THRESHOLD) {
+          entry.blocked = true;
+          entry.blockReason = (entry.blockReason ? entry.blockReason + '; ' : '') + `risk ${entry.score}/100`;
+        }
+      }
+
+      checked.push(entry);
+      setDeps([...checked]);
+    }
+
+    setScanning(false);
+
+    const blockers = checked.filter((d) => d.blocked);
+    if (blockers.length > 0) {
+      setInstallStatus('error');
+      setError(`Blocked: ${blockers.length} package(s) have critical vulnerabilities`);
+      return;
+    }
+
+    setInstallStatus('running');
+    try {
+      execSync('npm install', { encoding: 'utf-8', stdio: 'pipe', cwd: process.cwd() });
+    } catch { /* non-fatal */ }
+    setInstallStatus('done');
+  }
+
+  const blockedDeps = deps.filter((d) => d.blocked);
+  const warnDeps = deps.filter((d) => !d.blocked && (d.cvesHigh > 0 || (d.score !== null && d.score >= MEDIUM_RISK_THRESHOLD)));
+  const safeDeps = deps.filter((d) => !d.blocked && d.cvesHigh === 0 && (d.score === null || d.score < MEDIUM_RISK_THRESHOLD));
+  const totalCves = deps.reduce((s, d) => s + d.cves.length, 0);
+
+  return (
+    <Box flexDirection="column">
+      <Header subtitle="install" />
+      <Text> </Text>
+
+      <StatusLine label={`Scanning ${total} dependencies`} status={scanning ? 'running' : 'done'}
+        detail={!scanning ? `${deps.length} checked` : `${deps.length}/${total}`} />
+
+      {deps.length > 0 && (
+        <Box flexDirection="column" marginTop={1}>
+          {blockedDeps.length > 0 && (
+            <Box flexDirection="column">
+              <Text color="red" bold> BLOCKED ({blockedDeps.length})</Text>
+              {blockedDeps.map((d) => (
+                <Box key={d.name} flexDirection="column" marginLeft={2}>
+                  <Box>
+                    <Text color="red">✖ </Text>
+                    <Text color="white" bold>{d.name}</Text>
+                    <Text color="gray">@{d.version}</Text>
+                    <Text color="red">  {d.blockReason}</Text>
+                  </Box>
+                  {d.cves.slice(0, 3).map((cve) => {
+                    const sev = getOSVSeverity(cve);
+                    return (
+                      <Box key={cve.id} marginLeft={4}>
+                        <Text color={sevColor(sev)} bold>{sev.padEnd(9)}</Text>
+                        <Text color="white">{cve.id} </Text>
+                        <Text color="gray">{cve.summary?.slice(0, 50)}</Text>
+                      </Box>
+                    );
+                  })}
+                  {d.cves.length > 3 && (
+                    <Text color="gray" dimColor>      ...and {d.cves.length - 3} more</Text>
+                  )}
+                  {d.suggestedUpgrade && (
+                    <Box marginLeft={4}>
+                      <Text color="green">↑ upgrade to {d.suggestedUpgrade}</Text>
+                    </Box>
+                  )}
+                </Box>
+              ))}
+            </Box>
+          )}
+
+          {warnDeps.length > 0 && (
+            <Box flexDirection="column" marginTop={blockedDeps.length > 0 ? 1 : 0}>
+              <Text color="yellow" bold> WARNING ({warnDeps.length})</Text>
+              {warnDeps.map((d) => (
+                <Box key={d.name} marginLeft={2}>
+                  <Text color="yellow">⚠ </Text>
+                  <Text>{d.name}</Text>
+                  <Text color="gray">@{d.version}</Text>
+                  {d.cvesHigh > 0 && <Text color="yellow">  {d.cvesHigh} high CVE(s)</Text>}
+                  {d.score !== null && <Text color="yellow">  risk {d.score}/100</Text>}
+                </Box>
+              ))}
+            </Box>
+          )}
+
+          {safeDeps.length > 0 && (
+            <Box flexDirection="column" marginTop={(blockedDeps.length + warnDeps.length) > 0 ? 1 : 0}>
+              <Text color="green" bold> SAFE ({safeDeps.length})</Text>
+              {safeDeps.map((d) => (
+                <Box key={d.name} marginLeft={2}>
+                  <Text color="green">✓ </Text>
+                  <Text>{d.name}</Text>
+                  <Text color="gray">@{d.version}</Text>
+                  {d.onChain && d.score !== null && (
+                    <Text color="green">  {d.score}/100</Text>
+                  )}
+                </Box>
+              ))}
+            </Box>
+          )}
+        </Box>
+      )}
+
+      {!scanning && (
+        <Box flexDirection="column" marginTop={1}>
+          <Text color="gray">────────────────────────────────────────</Text>
+
+          {blockedDeps.length === 0 && (
+            <StatusLine label="Install via npm" status={installStatus} />
+          )}
+
+          <Box marginTop={1}>
+            <Text color={blockedDeps.length > 0 ? 'red' : totalCves > 0 ? 'yellow' : 'green'} bold>
+              {deps.length} packages scanned: {blockedDeps.length} blocked, {warnDeps.length} warnings, {totalCves} CVEs
+            </Text>
+          </Box>
+
+          {blockedDeps.length > 0 && (
+            <Text color="red">Fix blocked packages before installing. Upgrade to safe versions above.</Text>
+          )}
+        </Box>
+      )}
+
+      {error && <Text color="red">{error}</Text>}
+      {installStatus === 'done' && <Text color="green" bold>Done.</Text>}
+    </Box>
+  );
+}
+
+// ─── Helpers ──────────────────────────────────────────────────────────────────
+
 function getBestUpgradeVersion(cves: OSVVulnerability[], currentVersion: string): string | null {
   let highest: string | null = null;
   for (const cve of cves) {
@@ -346,17 +556,3 @@ function compareSemver(a: string, b: string): number {
   }
   return 0;
 }
-
-function getTargetPackages(name?: string, ver?: string): Array<{ name: string; version: string }> {
-  if (name) return [{ name, version: ver || 'latest' }];
-
-  const pkgJsonPath = path.resolve('package.json');
-  if (!fs.existsSync(pkgJsonPath)) return [];
-
-  const pkgJson = JSON.parse(fs.readFileSync(pkgJsonPath, 'utf-8'));
-  const deps = { ...pkgJson.dependencies, ...pkgJson.devDependencies };
-  return Object.entries(deps).map(([n, v]) => ({
-    name: n,
-    version: String(v).replace(/^[\^~]/, ''),
-  }));
-}

package/packages/cli/src/commands/push.tsx

@@ -1,10 +1,11 @@
 import React, { useState, useEffect } from 'react';
 import { Box, Text } from 'ink';
-import { getEnvOrThrow, truncateAddress, classifyRisk } from '@opm/core';
+import { getEnvOrThrow, truncateAddress, classifyRisk, txUrl, contractUrl, addressUrl } from '@opm/core';
 import type { AgentEntry } from '@opm/core';
 import { Header } from '../components/Header';
 import { StatusLine, type Status } from '../components/StatusLine';
 import { RiskBadge } from '../components/RiskBadge';
+import { Hyperlink } from '../components/Hyperlink';
 import { computeChecksum, signChecksumAsync } from '../services/signature';
 import { resolveENSName } from '../services/ens';
 import { registerPackageOnChain } from '../services/contract';
@@ -71,7 +72,7 @@ export function PushCommand({ npmToken, otp }: PushCommandProps) {
     if (!name || !version) throw new Error('package.json missing name or version');
     setPkgLabel(`${name}@${version}`);
 
-    const privateKey = getEnvOrThrow('OPM_PRIVATE_KEY');
+    const privateKey = getEnvOrThrow('OPM_SIGNING_KEY', 'OPM_PRIVATE_KEY');
 
     updateStep('pack', 'running');
     const tarball = execSync('npm pack --json 2>/dev/null', { encoding: 'utf-8' });
@@ -242,26 +243,44 @@ export function PushCommand({ npmToken, otp }: PushCommandProps) {
         <Box flexDirection="column" marginTop={1}>
           <Text color="gray">────────────────────────────────────────</Text>
           <Text color="white" bold> Agent Results</Text>
-          {result.agents.map((agent) => (
-            <Box key={agent.agent_id} flexDirection="column" marginLeft={2} marginTop={1}>
-              <Box>
-                <Text color="white" bold>{agent.agent_id}</Text>
-                <Text color="gray"> ({agent.model}) </Text>
-                <Text color={riskColor(agent.result.risk_score)} bold>
-                  {agent.result.risk_score}/100
-                </Text>
-                <Text color="gray"> {agent.result.risk_level}</Text>
-              </Box>
-              <Box marginLeft={2}>
-                <Text color="gray" wrap="wrap">{agent.result.reasoning.slice(0, 200)}</Text>
-              </Box>
-              {agent.result.vulnerabilities.length > 0 && (
+          {result.agents.map((agent) => {
+            const intel = agent.model_intelligence || 0;
+            const coding = agent.model_coding || 0;
+            const weight = agent.model_weight || 0;
+            return (
+              <Box key={agent.agent_id} flexDirection="column" marginLeft={2} marginTop={1}>
+                <Box>
+                  <Text color="white" bold>{agent.agent_id}</Text>
+                  <Text color="gray"> ({agent.model}) </Text>
+                  <Text color={riskColor(agent.result.risk_score)} bold>
+                    {agent.result.risk_score}/100
+                  </Text>
+                  <Text color="gray"> {agent.result.risk_level}</Text>
+                </Box>
                 <Box marginLeft={2}>
-                  <Text color="yellow">{agent.result.vulnerabilities.length} vulnerabilities found</Text>
+                  <Text color="magenta">AI Index: {intel}</Text>
+                  <Text color="gray"> | </Text>
+                  <Text color="blue">Coding: {coding}</Text>
+                  <Text color="gray"> | </Text>
+                  <Text color="cyan">Weight: {weight}</Text>
                 </Box>
-              )}
-            </Box>
-          ))}
+                <Box marginLeft={2}>
+                  <Text color="gray" wrap="wrap">{agent.result.reasoning.slice(0, 200)}</Text>
+                </Box>
+                {agent.result.vulnerabilities.length > 0 && (
+                  <Box marginLeft={2}>
+                    <Text color="yellow">{agent.result.vulnerabilities.length} vulnerabilities found</Text>
+                  </Box>
+                )}
+                {agent.score_tx_hash && (
+                  <Box marginLeft={2}>
+                    <Text color="gray">⛓  </Text>
+                    <Hyperlink url={txUrl(agent.score_tx_hash)} label={`score tx ${agent.score_tx_hash.slice(0, 10)}…`} color="cyan" />
+                  </Box>
+                )}
+              </Box>
+            );
+          })}
         </Box>
       )}
 
@@ -269,7 +288,7 @@ export function PushCommand({ npmToken, otp }: PushCommandProps) {
         <Box flexDirection="column" marginTop={1}>
           <Text color="gray">────────────────────────────────────────</Text>
           <Box>
-            <Text color="white" bold> Aggregate Risk: </Text>
+            <Text color="white" bold> Aggregate Risk (intelligence-weighted): </Text>
             <RiskBadge level={classifyRisk(result.riskScore)} score={result.riskScore} />
           </Box>
         </Box>
@@ -294,6 +313,18 @@ export function PushCommand({ npmToken, otp }: PushCommandProps) {
             </Box>
           )}
           <StatusLine label="Register on-chain" status={steps.register} detail={result.txHash?.slice(0, 16)} />
+          {result.txHash && (
+            <Box flexDirection="column" marginLeft={4}>
+              <Box>
+                <Text color="gray">⛓  </Text>
+                <Hyperlink url={txUrl(result.txHash)} label={`tx ${result.txHash.slice(0, 10)}…`} color="green" />
+              </Box>
+              <Box>
+                <Text color="gray">📋 </Text>
+                <Hyperlink url={contractUrl()} label="OPM Registry Contract" color="cyan" />
+              </Box>
+            </Box>
+          )}
         </>
       )}
 
@@ -309,7 +340,7 @@ export function PushCommand({ npmToken, otp }: PushCommandProps) {
           </Box>
           {!result.reportURI.startsWith('local://') && (
             <Box marginLeft={2}>
-              <Text color="blue">{result.reportURI}</Text>
+              <Hyperlink url={result.reportURI} />
             </Box>
           )}
         </Box>

package/packages/cli/src/commands/register-agent.tsx

@@ -0,0 +1,227 @@
+import React, { useState, useEffect } from 'react';
+import { Box, Text } from 'ink';
+import { txUrl, contractUrl, addressUrl } from '@opm/core';
+import { Header } from '../components/Header';
+import { StatusLine, type Status } from '../components/StatusLine';
+import { Hyperlink } from '../components/Hyperlink';
+import { registerAgentOnChain } from '../services/contract';
+import { runBenchmarkSuite, type BenchmarkRunResult } from '@opm/scanner';
+
+type StepStatus = Status;
+
+interface Steps {
+  validate: StepStatus;
+  benchmark: StepStatus;
+  zkproof: StepStatus;
+  register: StepStatus;
+}
+
+interface RegisterResult {
+  agentName?: string;
+  model?: string;
+  benchmarkResult?: BenchmarkRunResult;
+  txHash?: string;
+  agentAddress?: string;
+  rejected?: boolean;
+  rejectReason?: string;
+}
+
+interface RegisterAgentCommandProps {
+  agentName: string;
+  model: string;
+  systemPrompt?: string;
+}
+
+export function RegisterAgentCommand({ agentName, model, systemPrompt }: RegisterAgentCommandProps) {
+  const [steps, setSteps] = useState<Steps>({
+    validate: 'pending',
+    benchmark: 'pending',
+    zkproof: 'pending',
+    register: 'pending',
+  });
+  const [result, setResult] = useState<RegisterResult>({});
+  const [error, setError] = useState<string | null>(null);
+  const [logs, setLogs] = useState<string[]>([]);
+
+  const updateStep = (key: keyof Steps, status: StepStatus) =>
+    setSteps((prev) => ({ ...prev, [key]: status }));
+
+  useEffect(() => {
+    runRegistration().catch((err) => setError(String(err)));
+  }, []);
+
+  async function runRegistration() {
+    setResult({ agentName, model });
+
+    updateStep('validate', 'running');
+
+    if (!agentName || agentName.length < 2) {
+      throw new Error('Agent name must be at least 2 characters');
+    }
+    if (!model) {
+      throw new Error('Model identifier is required (e.g. anthropic/claude-sonnet-4-20250514)');
+    }
+
+    if (!process.env.AGENT_PRIVATE_KEY) {
+      throw new Error('AGENT_PRIVATE_KEY required — this wallet becomes the agent identity');
+    }
+    if (!process.env.OPENROUTER_API_KEY && !process.env.OPENAI_API_KEY) {
+      throw new Error('OPENROUTER_API_KEY or OPENAI_API_KEY required to run benchmarks');
+    }
+
+    updateStep('validate', 'done');
+
+    updateStep('benchmark', 'running');
+    const benchResult = await runBenchmarkSuite(
+      { name: agentName, model, systemPrompt },
+      (msg) => setLogs((prev) => [...prev.slice(-12), msg]),
+    );
+    setResult((r) => ({ ...r, benchmarkResult: benchResult }));
+
+    if (!benchResult.zkProof.passed || benchResult.accuracyPct < 100) {
+      updateStep('benchmark', 'error');
+      updateStep('zkproof', 'error');
+      updateStep('register', 'blocked');
+      setResult((r) => ({
+        ...r,
+        rejected: true,
+        rejectReason: `Agent achieved ${benchResult.accuracyPct}% accuracy (100% required). ` +
+          `Failed ${benchResult.failed}/${benchResult.total} benchmark cases.`,
+      }));
+      return;
+    }
+    updateStep('benchmark', 'done');
+
+    updateStep('zkproof', 'running');
+    if (!benchResult.verified) {
+      updateStep('zkproof', 'error');
+      updateStep('register', 'blocked');
+      setResult((r) => ({
+        ...r,
+        rejected: true,
+        rejectReason: 'ZK proof verification failed — integrity check did not pass',
+      }));
+      return;
+    }
+    setLogs((prev) => [...prev, `ZK proof hash: ${benchResult.zkProof.accuracyProof.slice(0, 24)}…`]);
+    updateStep('zkproof', 'done');
+
+    updateStep('register', 'running');
+    try {
+      const proofStr = benchResult.zkProof.accuracyProof;
+      const promptStr = systemPrompt || 'default-opm-security-prompt';
+      const txHash = await registerAgentOnChain(agentName, model, promptStr, proofStr);
+      setResult((r) => ({ ...r, txHash }));
+      setLogs((prev) => [...prev, `Agent registered on-chain ✓`]);
+    } catch (err: any) {
+      const msg = err?.shortMessage || err?.message || 'failed';
+      setLogs((prev) => [...prev, `Registration: ${msg}`]);
+      if (msg.includes('already')) {
+        setResult((r) => ({ ...r, rejected: true, rejectReason: 'Agent wallet is already registered' }));
+        updateStep('register', 'error');
+        return;
+      }
+    }
+    updateStep('register', 'done');
+  }
+
+  const riskColor = (pct: number) => (pct >= 100 ? 'green' : pct >= 70 ? 'yellow' : 'red');
+
+  return (
+    <Box flexDirection="column">
+      <Header subtitle="register-agent" />
+      <Text color="white" bold> Registering agent: {agentName}</Text>
+      <Text color="gray"> Model: {model}</Text>
+      <Text> </Text>
+
+      <StatusLine label="Validate configuration" status={steps.validate} />
+      <StatusLine label="Run benchmark suite (10 cases)" status={steps.benchmark} />
+
+      {logs.length > 0 && (
+        <Box flexDirection="column" marginLeft={4}>
+          {logs.map((log, i) => (
+            <Text key={i} color="gray">{log}</Text>
+          ))}
+        </Box>
+      )}
+
+      {result.benchmarkResult && (
+        <Box flexDirection="column" marginTop={1}>
+          <Text color="gray">────────────────────────────────────────</Text>
+          <Text color="white" bold> Benchmark Results</Text>
+          <Box flexDirection="column" marginLeft={2} marginTop={1}>
+            {result.benchmarkResult.results.map((r) => (
+              <Box key={r.caseId}>
+                <Text color={r.verdict === 'PASS' ? 'green' : 'red'}>
+                  {r.verdict === 'PASS' ? '✓' : '✗'}{' '}
+                </Text>
+                <Text color="white">{r.category}</Text>
+                <Text color="gray"> — expected {r.expectedLevel}, got {r.actualLevel}</Text>
+                <Text color="gray"> (score: {r.actualScore})</Text>
+              </Box>
+            ))}
+          </Box>
+          <Box marginLeft={2} marginTop={1}>
+            <Text color={riskColor(result.benchmarkResult.accuracyPct)} bold>
+              Accuracy: {result.benchmarkResult.passed}/{result.benchmarkResult.total}{' '}
+              ({result.benchmarkResult.accuracyPct}%)
+            </Text>
+          </Box>
+        </Box>
+      )}
+
+      <Text> </Text>
+      <StatusLine label="ZK proof verification" status={steps.zkproof} />
+      {result.benchmarkResult?.zkProof && steps.zkproof === 'done' && (
+        <Box flexDirection="column" marginLeft={4}>
+          <Text color="gray">Commitment: {result.benchmarkResult.zkProof.commitment.expectedHash.slice(0, 24)}…</Text>
+          <Text color="gray">Proof:      {result.benchmarkResult.zkProof.accuracyProof.slice(0, 24)}…</Text>
+          <Text color="green">✓ Zero-knowledge proof verified — accuracy proven without revealing test data</Text>
+        </Box>
+      )}
+
+      <StatusLine label="Register agent on-chain" status={steps.register} />
+      {result.txHash && (
+        <Box flexDirection="column" marginLeft={4}>
+          <Box>
+            <Text color="gray">⛓  </Text>
+            <Hyperlink url={txUrl(result.txHash)} label={`tx ${result.txHash.slice(0, 10)}…`} color="green" />
+          </Box>
+          <Box>
+            <Text color="gray">📋 </Text>
+            <Hyperlink url={contractUrl()} label="OPM Registry Contract" color="cyan" />
+          </Box>
+        </Box>
+      )}
+
+      {result.rejected && (
+        <Box flexDirection="column" marginTop={1}>
+          <Text color="gray">────────────────────────────────────────</Text>
+          <Text color="red" bold>✗ REGISTRATION REJECTED</Text>
+          <Box marginLeft={2}>
+            <Text color="red" wrap="wrap">{result.rejectReason}</Text>
+          </Box>
+          {result.benchmarkResult && result.benchmarkResult.failureReasons.length > 0 && (
+            <Box flexDirection="column" marginLeft={2} marginTop={1}>
+              <Text color="yellow" bold>Failure details:</Text>
+              {result.benchmarkResult.failureReasons.map((reason, i) => (
+                <Text key={i} color="yellow" wrap="wrap">  • {reason}</Text>
+              ))}
+            </Box>
+          )}
+        </Box>
+      )}
+
+      {!result.rejected && steps.register === 'done' && (
+        <Box flexDirection="column" marginTop={1}>
+          <Text color="gray">────────────────────────────────────────</Text>
+          <Text color="green" bold>✓ Agent "{agentName}" registered successfully</Text>
+          <Text color="gray">  Your agent is now authorized to submit security scores on-chain.</Text>
+          <Text color="gray">  It will participate in the next package scan alongside existing agents.</Text>
+        </Box>
+      )}
+
+      {error && <Text color="red">Error: {error}</Text>}
+    </Box>
+  );
+}