opmsec 0.1.3 → 0.1.5

package/docs/concepts/zk-agent-verification.mdx

@@ -1,82 +1,44 @@
 ---
 title: 'ZK Agent Verification'
-description: 'Permissionless agent registration requires passing a benchmark suite and proving 100% accuracy via zero-knowledge proofs.'
+description: 'Permissionless agent registration with zero-knowledge proof of 100% benchmark accuracy.'
 ---
 
 # ZK Agent Verification
 
-OPM supports **permissionless agent registration** on the on-chain registry. To prevent malicious or spamming agents from participating, agents must pass a benchmark suite and prove **100% accuracy** via a zero-knowledge proof—without revealing the test data or individual results.
+Anyone can register a security agent on OPM. To prevent spam and bad actors, agents must pass a 10-case benchmark suite with **100% accuracy** and prove it via a zero-knowledge proof — without revealing the test data.
 
 ## Benchmark Suite
 
-The benchmark consists of **10 labeled test cases** covering:
+10 labeled test cases covering:
 
-| Category | Description |
-|----------|-------------|
-| Clean packages | Legitimate, low-risk packages |
-| Typosquats | Name-similar malicious packages |
-| Env exfiltration | Environment variable exfiltration attempts |
-| Obfuscated code | Heavily obfuscated or minified payloads |
-| Postinstall attacks | Malicious `postinstall` scripts |
-| Known CVEs | Packages with known vulnerabilities |
-| Dependency confusion | Scoped vs unscoped name conflicts |
+| Category | Cases | Expected |
+|----------|-------|----------|
+| Clean packages | 3 | SAFE |
+| Typosquat | 1 | FLAGGED |
+| Malicious (postinstall, SSH exfil) | 2 | FLAGGED |
+| Known CVE | 1 | FLAGGED |
+| Obfuscated payload | 1 | FLAGGED |
+| Env var exfiltration | 1 | FLAGGED |
+| Dependency confusion | 1 | FLAGGED |
 
-Each test case has an **expected output**: a risk level (LOW, MEDIUM, HIGH, CRITICAL) and score range. Expected outputs are committed via a hash before the agent runs.
+## How It Works
 
-## Verification Flow
+1. **Commit** — Expected outputs hashed with a random salt → `commitmentHash`
+2. **Run** — Agent processes all 10 cases in a single LLM call
+3. **Compare** — Actual outputs checked against expected
+4. **Prove** — ZK proof binds `commitmentHash`, `resultHash`, and `passed` flag without revealing test data or individual results
+5. **Register** — If 100% accurate, call `OPMRegistry.registerAgent()` with the proof hash
 
-1. **Commitment**: Expected outputs hashed with a salt → `commitmentHash`
-2. **Execution**: Candidate agent runs against all 10 cases
-3. **Comparison**: Actual outputs compared to expected; `passed = 1` iff all match
-4. **Proof**: ZK proof binds `commitmentHash`, `passed`, and `result_hash` without revealing test data or individual results
-5. **Registration**: Only agents with `passed = 1` (100% accuracy) are registered on-chain
+The proof proves accuracy without leaking the labeled dataset, so future agents can't game the benchmark.
 
 ## Circom Circuit
 
-The `accuracy_verifier.circom` circuit implements the verification logic:
+`AccuracyVerifier(10)` in `packages/contracts/circuits/accuracy_verifier.circom`:
 
-- **Private inputs**: `expected[N]`, `actual[N]`, `salt`
-- **Public input**: `commitmentHash` (Poseidon hash of `salt` and `expected[0..N-1]`)
-- **Public outputs**: `passed` (1 if all match, 0 otherwise), `proofHash`
+- **Private inputs**: `expected[10]`, `actual[10]`, `salt`
+- **Public input**: `commitmentHash` (Poseidon hash of salt + expected values)
+- **Public outputs**: `passed` (1 if all match), `proofHash`
 
-The circuit:
-
-1. Verifies the commitment: `hash(salt, expected[0..N-1]) === commitmentHash`
-2. Checks equality for each test case: `expected[i] === actual[i]`
-3. Computes `passed` as the product of all match bits (1 iff all match)
-4. Outputs `proofHash = hash(commitmentHash, passed, salt)` binding the result to the commitment
-
-<CodeGroup>
-
-```bash Compile
-circom accuracy_verifier.circom --r1cs --wasm --sym -o build/
-```
-
-```bash Trusted setup
-snarkjs groth16 setup build/accuracy_verifier.r1cs pot12_final.ptau build/accuracy_verifier_0000.zkey
-snarkjs zkey contribute build/accuracy_verifier_0000.zkey build/accuracy_verifier_final.zkey --name="opm-ceremony"
-snarkjs zkey export verificationkey build/accuracy_verifier_final.zkey build/verification_key.json
-```
-
-```bash Prove
-snarkjs groth16 prove build/accuracy_verifier_final.zkey build/accuracy_verifier_js/accuracy_verifier.wasm input.json build/proof.json build/public.json
-```
-
-```bash Verify
-snarkjs groth16 verify build/verification_key.json build/public.json build/proof.json
-```
-
-</CodeGroup>
-
-## On-Chain Registration
-
-Agents call `OPMRegistry.registerAgent(name, model, systemPromptHash, proofHash)` with a valid proof hash. The contract:
-
-- Requires `proofHash != bytes32(0)`
-- Rejects agents already authorized or registered
-- Stores `RegisteredAgent` with `proofHash` for auditability
-- Auto-authorizes the agent for `submitScore` and `setReportURI`
-
-<Warning>
-The Circom circuit is available for on-chain verification. A Solidity verifier can be exported via `snarkjs zkey export solidityverifier` for full trustless verification in future contract upgrades.
-</Warning>
+<Note>
+Currently, `keccak256(proof)` is stored on-chain. Full on-chain ZK verification via a Solidity verifier contract can be added in a future upgrade.
+</Note>

package/docs/contract/events.mdx

@@ -1,115 +1,54 @@
 ---
 title: 'Contract Events'
-description: 'All OPMRegistry events with parameters.'
+description: 'OPMRegistry events reference.'
 ---
 
 # Contract Events
 
-## PackageRegistration
-
 ### PackageRegistered
 
 ```solidity
-event PackageRegistered(string name, string version, address author, string ensName);
+event PackageRegistered(string name, string version, address author, string ensName)
 ```
 
-Emitted when a package version is registered via <code>registerPackage</code>.
-
-| Parameter | Type | Description |
-|-----------|------|-------------|
-| name | string | Package name |
-| version | string | Semantic version |
-| author | address | Author wallet address |
-| ensName | string | Author ENS name |
-
----
-
-## Score Submission
+Emitted on `registerPackage()`.
 
 ### ScoreSubmitted
 
 ```solidity
-event ScoreSubmitted(string name, string version, address agent, uint8 riskScore, string reasoning);
+event ScoreSubmitted(string name, string version, address agent, uint8 riskScore, string reasoning)
 ```
 
-Emitted when an agent submits a risk score via <code>submitScore</code>.
-
-| Parameter | Type | Description |
-|-----------|------|-------------|
-| name | string | Package name |
-| version | string | Semantic version |
-| agent | address | Agent wallet address |
-| riskScore | uint8 | Risk score 0–100 |
-| reasoning | string | Agent reasoning |
+Emitted on `submitScore()`.
 
 ### ReportURISet
 
 ```solidity
-event ReportURISet(string name, string version, string uri);
+event ReportURISet(string name, string version, string uri)
 ```
 
-Emitted when an agent sets the report URI via <code>setReportURI</code>.
-
-| Parameter | Type | Description |
-|-----------|------|-------------|
-| name | string | Package name |
-| version | string | Semantic version |
-| uri | string | Fileverse/IPFS report URI |
-
----
-
-## Author
+Emitted on `setReportURI()`.
 
 ### AuthorRegistered
 
 ```solidity
-event AuthorRegistered(address addr, string ensName);
+event AuthorRegistered(address addr, string ensName)
 ```
 
-Emitted when an author is first registered (on first <code>registerPackage</code> call).
-
-| Parameter | Type | Description |
-|-----------|------|-------------|
-| addr | address | Author wallet address |
-| ensName | string | Author ENS name |
-
----
-
-## Agent Management
+Emitted on first `registerPackage()` call by an author.
 
 ### AgentAuthorized
 
 ```solidity
-event AgentAuthorized(address agent, bool status);
+event AgentAuthorized(address agent, bool status)
 ```
 
-Emitted when an agent is authorized or deauthorized via <code>setAgent</code> or <code>revokeAgent</code>, or when a new agent registers via <code>registerAgent</code>.
-
-| Parameter | Type | Description |
-|-----------|------|-------------|
-| agent | address | Agent wallet address |
-| status | bool | true = authorized, false = deauthorized |
+Emitted on `setAgent()`, `revokeAgent()`, or `registerAgent()`.
 
 ### AgentRegistered
 
 ```solidity
-event AgentRegistered(
-    address indexed agent,
-    string name,
-    string model,
-    bytes32 systemPromptHash,
-    bytes32 proofHash,
-    uint256 timestamp
-);
+event AgentRegistered(address indexed agent, string name, string model, bytes32 systemPromptHash, bytes32 proofHash, uint256 timestamp)
 ```
 
-Emitted when a new agent registers via <code>registerAgent</code> (permissionless ZK-verified registration).
-
-| Parameter | Type | Description |
-|-----------|------|-------------|
-| agent | address | Agent wallet address (indexed) |
-| name | string | Agent identifier |
-| model | string | LLM model |
-| systemPromptHash | bytes32 | Keccak256 of system prompt |
-| proofHash | bytes32 | Keccak256 of ZK proof |
-| timestamp | uint256 | Block timestamp |
+Emitted on permissionless `registerAgent()`.

package/docs/contract/functions.mdx

@@ -1,122 +1,59 @@
 ---
 title: 'Contract Functions'
-description: 'All OPMRegistry functions with parameters and behavior.'
+description: 'OPMRegistry function reference.'
 ---
 
 # Contract Functions
 
-## Admin (Owner Only)
+## Write Functions
 
-### setAgent
+### registerPackage
 
 ```solidity
-function setAgent(address agent, bool status) external onlyOwner
+function registerPackage(string name, string version, bytes32 checksum, bytes sig, string ensName) external
 ```
 
-Authorize or deauthorize an agent. Only the contract owner can call this.
+Register a package version. Sender becomes the author. Reverts if version already registered.
 
-| Parameter | Type | Description |
-|-----------|------|-------------|
-| agent | address | Agent wallet address |
-| status | bool | true = authorized, false = deauthorized |
-
-### revokeAgent
+### submitScore
 
 ```solidity
-function revokeAgent(address agent) external onlyOwner
+function submitScore(string name, string version, uint8 riskScore, string reasoning) external onlyAgent
 ```
 
-Deactivate a registered agent. Sets <code>active</code> to false and removes from <code>authorizedAgents</code>.
-
----
-
-## Package Registration (Public)
+Submit risk score (0-100) with reasoning. Each agent may score a version once.
 
-### registerPackage
+### setReportURI
 
 ```solidity
-function registerPackage(
-    string calldata name,
-    string calldata version,
-    bytes32 checksum,
-    bytes calldata sig,
-    string calldata ensName
-) external
+function setReportURI(string name, string version, string uri) external onlyAgent
 ```
 
-Register a package version. Callable by anyone; the sender becomes the author.
-
-| Parameter | Type | Description |
-|-----------|------|-------------|
-| name | string | Package name |
-| version | string | Semantic version |
-| checksum | bytes32 | SHA-256 of tarball |
-| sig | bytes | ECDSA signature of checksum |
-| ensName | string | Author ENS name (e.g. vitalik.eth) |
-
-Reverts if the version is already registered.
+Attach a Fileverse/IPFS report URI to a package version.
 
----
-
-## Agent-Only (Authorized Agents)
-
-### submitScore
+### registerAgent
 
 ```solidity
-function submitScore(
-    string calldata name,
-    string calldata version,
-    uint8 riskScore,
-    string calldata reasoning
-) external onlyAgent
+function registerAgent(string name, string model, bytes32 systemPromptHash, bytes32 proofHash) external
 ```
 
-Submit a risk score (0–100) for a package version. Each agent may score a version only once.
-
-| Parameter | Type | Description |
-|-----------|------|-------------|
-| name | string | Package name |
-| version | string | Semantic version |
-| riskScore | uint8 | Risk score 0–100 |
-| reasoning | string | Agent reasoning |
+Permissionless agent registration. Requires non-zero `proofHash`. Reverts if sender already authorized or registered.
 
-### setReportURI
+### setAgent
 
 ```solidity
-function setReportURI(
-    string calldata name,
-    string calldata version,
-    string calldata uri
-) external onlyAgent
+function setAgent(address agent, bool status) external onlyOwner
 ```
 
-Set the Fileverse/IPFS report URI for a package version.
+Owner-only: authorize or deauthorize an agent.
 
----
-
-## Permissionless Agent Registration
-
-### registerAgent
+### revokeAgent
 
 ```solidity
-function registerAgent(
-    string calldata name,
-    string calldata model,
-    bytes32 systemPromptHash,
-    bytes32 proofHash
-) external
+function revokeAgent(address agent) external onlyOwner
 ```
 
-Register a new agent with ZK-verified benchmark proof. Callable by anyone; the sender becomes the agent.
-
-| Parameter | Type | Description |
-|-----------|------|-------------|
-| name | string | Agent identifier |
-| model | string | LLM model (e.g. anthropic/claude-sonnet-4) |
-| systemPromptHash | bytes32 | Keccak256 of system prompt |
-| proofHash | bytes32 | Keccak256 of ZK proof |
-
-Reverts if the sender is already authorized or registered, or if <code>proofHash</code> is zero.
+Owner-only: deactivate a registered agent.
 
 ---
 
@@ -125,91 +62,68 @@ Reverts if the sender is already authorized or registered, or if <code>proofHash
 ### getPackageInfo
 
 ```solidity
-function getPackageInfo(string calldata name, string calldata version)
-    external view returns (
-        address author,
-        bytes32 checksum,
-        bytes memory sig,
-        string memory ensName,
-        string memory reportURI,
-        uint8 aggregateScore,
-        bool exists
-    )
+function getPackageInfo(string name, string version)
+    external view returns (address author, bytes32 checksum, bytes sig, string ensName, string reportURI, uint8 aggregateScore, bool exists)
 ```
 
-Returns full package info for a version. <code>aggregateScore</code> is the mean of all agent scores.
+Full metadata + aggregate score for a version.
 
 ### getScores
 
 ```solidity
-function getScores(string calldata name, string calldata version)
-    external view returns (AgentScore[] memory)
+function getScores(string name, string version) external view returns (AgentScore[] memory)
 ```
 
-Returns all agent scores for a package version. Each <code>AgentScore</code> has <code>agent</code>, <code>riskScore</code>, <code>reasoning</code>.
+All agent scores for a version. Each has `agent`, `riskScore`, `reasoning`.
 
 ### getAggregateScore
 
 ```solidity
-function getAggregateScore(string calldata name, string calldata version)
-    external view returns (uint8)
+function getAggregateScore(string name, string version) external view returns (uint8)
 ```
 
-Returns the mean risk score (0 if no scores).
+Mean risk score across all agents (0 if no scores).
 
 ### getSafestVersion
 
 ```solidity
-function getSafestVersion(string calldata name, uint8 lookback)
-    external view returns (string memory)
+function getSafestVersion(string name, uint8 lookback) external view returns (string memory)
 ```
 
-Returns the lowest-risk version among the last <code>lookback</code> versions. Default lookback is 3.
+Lowest-risk version in the last `lookback` versions.
 
 ### getVersions
 
 ```solidity
-function getVersions(string calldata name)
-    external view returns (string[] memory)
-```
-
-Returns all registered versions for a package.
-
-### getAuthorByAddress
-
-```solidity
-function getAuthorByAddress(address addr)
-    external view returns (AuthorProfile memory)
+function getVersions(string name) external view returns (string[] memory)
 ```
 
-Returns author profile by wallet address. <code>AuthorProfile</code> includes <code>addr</code>, <code>ensName</code>, <code>reputationTotal</code>, <code>reputationCount</code>, <code>packagesPublished</code>.
+All registered versions of a package.
 
-### getAuthorByENS
+### getAuthorByAddress / getAuthorByENS
 
 ```solidity
-function getAuthorByENS(string calldata ensName)
-    external view returns (AuthorProfile memory)
+function getAuthorByAddress(address addr) external view returns (AuthorProfile memory)
+function getAuthorByENS(string ensName) external view returns (AuthorProfile memory)
 ```
 
-Returns author profile by ENS name. Reverts if ENS not found.
+Author profile: `addr`, `ensName`, `reputationTotal`, `reputationCount`, `packagesPublished`.
 
 ### getAuthorReputation
 
 ```solidity
-function getAuthorReputation(address addr)
-    external view returns (uint256)
+function getAuthorReputation(address addr) external view returns (uint256)
 ```
 
-Returns average reputation (mean of all scores received) for an author. 0 if no scores.
+Average reputation (mean of all scores received). 0 if no scores.
 
 ### getRegisteredAgent
 
 ```solidity
-function getRegisteredAgent(address agent)
-    external view returns (RegisteredAgent memory)
+function getRegisteredAgent(address agent) external view returns (RegisteredAgent memory)
 ```
 
-Returns registered agent info: <code>agentAddress</code>, <code>name</code>, <code>model</code>, <code>systemPromptHash</code>, <code>proofHash</code>, <code>registeredAt</code>, <code>active</code>.
+Agent details: `name`, `model`, `systemPromptHash`, `proofHash`, `registeredAt`, `active`.
 
 ### getAgentCount
 
@@ -217,4 +131,4 @@ Returns registered agent info: <code>agentAddress</code>, <code>name</code>, <co
 function getAgentCount() external view returns (uint256)
 ```
 
-Returns the number of registered agents.
+Total registered agents.

package/docs/contract/overview.mdx

@@ -1,58 +1,39 @@
 ---
 title: 'Contract Overview'
-description: 'OPMRegistry smart contract deployed on Base Sepolia.'
+description: 'OPMRegistry smart contract on Base Sepolia.'
 ---
 
 # Contract Overview
 
-The **OPMRegistry** is the core on-chain component of OPM. It stores package metadata, agent scores, author profiles, and registered agents on Base Sepolia.
+**OPMRegistry.sol** stores packages, agent scores, author profiles, and registered agents on Base Sepolia.
 
 ## Deployment
 
 | Property | Value |
 |----------|-------|
-| Contract | OPMRegistry.sol |
 | Network | Base Sepolia (chain ID 84532) |
-| Address | <code>0x16684391fc9bf48246B08Afe16d1a57BFa181d48</code> |
+| Address | [`0x16684391fc9bf48246B08Afe16d1a57BFa181d48`](https://sepolia.basescan.org/address/0x16684391fc9bf48246B08Afe16d1a57BFa181d48) |
 | Solidity | 0.8.20 |
 
-<Note>
-View the contract on [BaseScan](https://sepolia.basescan.org/address/0x16684391fc9bf48246B08Afe16d1a57BFa181d48).
-</Note>
+## Access Control
 
-## Design
+- **Owner** — Can authorize/deauthorize agents via `setAgent()` and `revokeAgent()`
+- **Authorized agents** — Can call `submitScore()` and `setReportURI()`
+- **Public** — Can call `registerPackage()` and `registerAgent()` (with valid ZK proof)
 
-### Owner Pattern
+## Permissionless Agent Registration
 
-The contract uses an owner pattern for initial agent authorization. The deployer is the owner and can:
+Anyone can register an agent without owner approval:
 
-- Authorize or deauthorize agents via <code>setAgent(address, bool)</code>
-- Revoke permissionless agents via <code>revokeAgent(address)</code>
+1. Run 10 benchmark cases with 100% accuracy
+2. Generate a ZK proof
+3. Call `registerAgent(name, model, systemPromptHash, proofHash)`
 
-### Permissionless Agent Registration
-
-New agents can register without owner approval by passing the benchmark verification:
-
-1. Run 10 labeled benchmark cases
-2. Achieve 100% accuracy
-3. Generate a ZK proof of accuracy
-4. Call <code>registerAgent(name, model, systemPromptHash, proofHash)</code>
-
-On success, the agent is automatically authorized to submit scores.
-
-### Data Stored
-
-| Data | Description |
-|------|-------------|
-| **Packages** | Name → versions mapping |
-| **Version data** | Per (name, version): author, checksum, signature, report URI, agent scores |
-| **Authors** | Address → profile (ENS name, reputation, packages published) |
-| **Agents** | Authorized agents (owner-set or ZK-verified) |
-| **Registered agents** | Permissionless agents with name, model, proof hash |
+On success, the agent is auto-authorized to submit scores.
 
 ## Risk Thresholds
 
-| Constant | Value | Purpose |
-|----------|-------|---------|
-| <code>HIGH_RISK_THRESHOLD</code> | 70 | Blocks install; high-risk packages |
-| <code>MEDIUM_RISK_THRESHOLD</code> | 40 | Warning threshold |
+| Constant | Value |
+|----------|-------|
+| `HIGH_RISK_THRESHOLD` | 70 |
+| `MEDIUM_RISK_THRESHOLD` | 40 |

package/docs/introduction.mdx

@@ -1,43 +1,40 @@
 ---
 title: 'Introduction'
-description: 'OPM is a drop-in npm replacement that adds cryptographic signing, multi-agent AI security auditing, on-chain risk scoring, and ZK-verified permissionless agent registration to the JavaScript supply chain.'
+description: 'OPM is a drop-in npm replacement that adds cryptographic signing, multi-agent AI security scanning, on-chain risk scoring, and ZK-verified agent registration to the JavaScript supply chain.'
 ---
 
 # Introduction
 
-**OPM (On-chain Package Manager)** is a security-hardened CLI wrapper around npm that introduces cryptographic package attestation, multi-agent AI threat analysis, on-chain audit registries, and decentralized report storage to the JavaScript dependency supply chain. It functions as a drop-in npm replacement while interposing a verification pipeline between the developer and the npm registry.
+**OPM (On-chain Package Manager)** is a drop-in npm replacement that scans every package with 3 AI agents, scores risk on-chain, and blocks malicious installs — all from the terminal.
 
 ## The Problem
 
-The npm ecosystem faces persistent supply chain threats:
+npm has no built-in defense against supply chain attacks. Developers install typosquatted packages, ship unpatched CVEs, and run malicious postinstall scripts — often without knowing until it's too late. Traditional tools catch known vulnerabilities *after* disclosure, but miss novel threats, obfuscated payloads, and social engineering attacks.
 
-- **Supply chain injection**: Malicious postinstall scripts, obfuscated payloads, environment variable exfiltration, and runtime code generation
-- **Typosquatting**: Package names designed to mimic popular packages (e.g., `lodash` vs `lodahs`)
-- **Malicious packages**: Deliberately harmful code in dependencies, often introduced via maintainer takeover
-- **Dependency confusion**: Scoped vs unscoped name conflicts and internal package shadowing
-- **Known vulnerabilities**: Unpatched CVEs and GHSA advisories in transitive dependencies
+## How OPM Fixes It
 
-Traditional package managers lack cryptographic provenance, real-time threat intelligence, and decentralized trust signals. OPM addresses these gaps.
-
-## The Solution
-
-OPM combines four layers of defense:
-
-1. **Cryptographic attestation**: SHA-256 checksums and ECDSA signatures (secp256k1) derived from Ethereum wallets, with on-chain registration
-2. **Multi-agent AI auditing**: Three heterogeneous LLMs (Claude, Gemini, DeepSeek) analyze packages in parallel and submit intelligence-weighted risk scores on-chain
-3. **On-chain registry**: Risk scores, author profiles, and report URIs stored on **Base Sepolia** (chain ID 84532) in the `OPMRegistry` smart contract
-4. **ZK-verified agent registration**: Permissionless agents must pass a benchmark suite and prove 100% accuracy via zero-knowledge proofs before participating
+| Layer | What it does |
+|-------|-------------|
+| **Cryptographic signing** | SHA-256 checksum + ECDSA signature from your Ethereum wallet, verified at install time |
+| **Multi-agent AI scanning** | 3 LLMs (Claude, Gemini, DeepSeek) analyze packages in parallel — catches what static analysis misses |
+| **On-chain registry** | Risk scores, author profiles, and audit reports stored on Base Sepolia — immutable and queryable |
+| **ZK agent verification** | Anyone can register a security agent, but must prove 100% benchmark accuracy via zero-knowledge proofs |
+| **ENS identity** | Author reputation tied to ENS names — decentralized trust, not centralized accounts |
 
 ## Key Integrations
 
 | Integration | Purpose |
 |-------------|---------|
-| **Base Sepolia** | EVM chain for OPMRegistry deployment and score submission |
-| **ENS** | Author identity resolution (forward/reverse) and profile metadata |
-| **Fileverse** | IPFS-backed encrypted storage for AI scan reports (dDocs protocol) |
-| **OSV** | Real-time CVE/GHSA advisory data with CVSS v3 scoring |
-| **ChainPatrol** | Blocklist fallback for packages absent from the registry |
+| **Base Sepolia** | On-chain registry for scores, packages, and agents |
+| **ENS** | Author identity and package metadata records |
+| **Fileverse** | IPFS-backed encrypted audit report storage |
+| **OSV** | Real-time CVE/GHSA data |
+| **ChainPatrol** | Blocklist fallback for unregistered packages |
+
+## Architecture
 
-## Architecture Overview
+<Frame>
+  <img src="/system-design.png" alt="OPM System Design" />
+</Frame>
 
-OPM implements a domain-specific instantiation of the [ERC-8004 (Trustless Agents)](https://eips.ethereum.org/EIPS/eip-8004) pattern: agents hold on-chain identities, submit structured reputation signals (risk scores + reasoning), and attach off-chain validation evidence as Fileverse report URIs. Consumers invoking `opm install` query the registry, verify signatures, cross-reference OSV, and enforce configurable risk thresholds before permitting installation.
+OPM implements the [ERC-8004 (Trustless Agents)](https://eips.ethereum.org/EIPS/eip-8004) pattern — agents hold on-chain identities, submit risk scores, and attach Fileverse reports as validation evidence.