opmsec 0.1.4 → 0.1.5

package/packages/cli/src/commands/install.tsx

@@ -12,6 +12,8 @@ import { checkPackageWithChainPatrol } from '../services/chainpatrol';
 import { queryOSV, getOSVSeverity, getFixedVersion, type OSVVulnerability } from '../services/osv';
 import { resolveVersion, findSafeVersion, isENSVersion, type ResolvedVersion } from '../services/version';
 import { resolveAddress } from '../services/ens';
+import { readOPMRecords, readPackageENSRecords } from '../services/ens-records';
+import type { OPMENSRecords } from '@opm/core';
 import { execSync } from 'child_process';
 import * as fs from 'fs';
 import * as path from 'path';
@@ -92,6 +94,7 @@ function SingleInstall({ packageName, version }: { packageName: string; version?
   });
   const [result, setResult] = useState<SecurityResult | null>(null);
   const [ensDetail, setEnsDetail] = useState<string | undefined>(undefined);
+  const [ensRecords, setEnsRecords] = useState<OPMENSRecords>({});
   const [error, setError] = useState<string | null>(null);
   const [done, setDone] = useState(false);
 
@@ -120,6 +123,22 @@ function SingleInstall({ packageName, version }: { packageName: string; version?
         r.ensName = resolved.ensName;
         setResult({ ...r });
         setEnsDetail(`${resolved.ensName} → v${resolved.version} (${resolved.reason})`);
+
+        if (resolved.ensName) {
+          const [opmRecs, pkgRecs] = await Promise.allSettled([
+            readOPMRecords(resolved.ensName),
+            readPackageENSRecords(resolved.ensName, packageName),
+          ]);
+          const merged: OPMENSRecords = {};
+          if (pkgRecs.status === 'fulfilled') Object.assign(merged, pkgRecs.value);
+          if (opmRecs.status === 'fulfilled') {
+            for (const [k, v] of Object.entries(opmRecs.value)) {
+              if (v && !(merged as any)[k]) (merged as any)[k] = v;
+            }
+          }
+          setEnsRecords(merged);
+        }
+
         update('ens', 'done');
       } catch (err: any) {
         setEnsDetail(err?.message || 'ENS resolution failed');
@@ -279,13 +298,25 @@ function SingleInstall({ packageName, version }: { packageName: string; version?
             {result.resolved.authorAddress && (
               <Text color="gray"> ({truncateAddress(result.resolved.authorAddress)})</Text>
             )}
-            <Text color="green"> ✓ on-chain</Text>
+            <Text color="green"> on-chain</Text>
           </Box>
           <Box>
             <Text color="gray">Version: </Text>
             <Text color="cyan">{result.resolvedVersion}</Text>
             <Text color="gray"> (safest on-chain version)</Text>
           </Box>
+          {ensRecords.fileverse && (
+            <Box>
+              <Text color="gray">Report:  </Text>
+              <Text color="green">{ensRecords.fileverse.length > 50 ? ensRecords.fileverse.slice(0, 50) + '...' : ensRecords.fileverse}</Text>
+            </Box>
+          )}
+          {ensRecords.riskScore && (
+            <Box>
+              <Text color="gray">Risk:    </Text>
+              <Text color="cyan">{ensRecords.riskScore}/100 (from ENS)</Text>
+            </Box>
+          )}
         </Box>
       )}
 
@@ -423,6 +454,12 @@ function SingleInstall({ packageName, version }: { packageName: string; version?
               <Text color="green">{result.ensName}</Text>
             </Box>
           )}
+          {ensRecords.fileverse && (
+            <Box marginLeft={2}>
+              <Text color="gray">Fileverse:</Text>
+              <Text color="green"> {ensRecords.fileverse.length > 45 ? ensRecords.fileverse.slice(0, 45) + '...' : ensRecords.fileverse}</Text>
+            </Box>
+          )}
           {result.warning && !result.blocked && !result.autoBumped && (
             <Box marginLeft={2}>
               <Text color="yellow">⚠ Vulnerabilities detected — review before using in production</Text>
@@ -634,16 +671,25 @@ function BulkInstall() {
       return;
     }
 
-    // Build npm install command with correct versions
+    // Update package.json with resolved versions before installing
     const bumpedDeps = checked.filter((d) => d.autoBumped || d.ensResolved);
+    if (bumpedDeps.length > 0) {
+      const freshPkg = JSON.parse(fs.readFileSync(pkgPath, 'utf-8'));
+      for (const dep of bumpedDeps) {
+        const resolved = `^${dep.version}`;
+        if (freshPkg.dependencies && dep.name in freshPkg.dependencies) {
+          freshPkg.dependencies[dep.name] = resolved;
+        }
+        if (freshPkg.devDependencies && dep.name in freshPkg.devDependencies) {
+          freshPkg.devDependencies[dep.name] = resolved;
+        }
+      }
+      fs.writeFileSync(pkgPath, JSON.stringify(freshPkg, null, 2) + '\n');
+    }
+
     setInstallStatus('running');
     try {
-      if (bumpedDeps.length > 0) {
-        const args = checked.map((d) => `${d.name}@${d.version}`).join(' ');
-        execSync(`npm install ${args}`, { encoding: 'utf-8', stdio: 'pipe', cwd: process.cwd() });
-      } else {
-        execSync('npm install', { encoding: 'utf-8', stdio: 'pipe', cwd: process.cwd() });
-      }
+      execSync('npm install', { encoding: 'utf-8', stdio: 'pipe', cwd: process.cwd() });
     } catch { /* non-fatal */ }
     setInstallStatus('done');
   }

package/packages/cli/src/commands/push.tsx

@@ -9,6 +9,7 @@ import { Hyperlink } from '../components/Hyperlink';
 import { computeChecksum, signChecksumAsync } from '../services/signature';
 import { resolveENSName } from '../services/ens';
 import { registerPackageOnChain } from '../services/contract';
+import { writeENSRecords, buildOPMRecords, readOPMRecords, createPackageSubname, setENSContenthash, parseFileverseLink, readFileverseContentHash } from '../services/ens-records';
 import { enqueueScan } from '@opm/scanner';
 import * as fs from 'fs';
 import * as path from 'path';
@@ -23,6 +24,7 @@ interface Steps {
   scan: StepStatus;
   publish: StepStatus;
   register: StepStatus;
+  ensRecords: StepStatus;
 }
 
 interface PushResult {
@@ -39,6 +41,11 @@ interface PushResult {
   agents?: AgentEntry[];
   blocked?: boolean;
   blockReason?: string;
+  ensRecordsTx?: string;
+  ensRecordsChain?: string;
+  ensRecordsCount?: number;
+  ensSubname?: string;
+  ipfsContenthash?: string;
 }
 
 interface PushCommandProps {
@@ -50,10 +57,12 @@ export function PushCommand({ npmToken, otp }: PushCommandProps) {
   const [steps, setSteps] = useState<Steps>({
     pack: 'pending', sign: 'pending', ens: 'pending',
     scan: 'pending', publish: 'pending', register: 'pending',
+    ensRecords: 'pending',
   });
   const [result, setResult] = useState<PushResult>({});
   const [error, setError] = useState<string | null>(null);
   const [scanLogs, setScanLogs] = useState<string[]>([]);
+  const [ensRecordLogs, setEnsRecordLogs] = useState<string[]>([]);
   const [pkgLabel, setPkgLabel] = useState('');
 
   const updateStep = (key: keyof Steps, status: StepStatus) =>
@@ -93,6 +102,9 @@ export function PushCommand({ npmToken, otp }: PushCommandProps) {
 
     updateStep('scan', 'running');
     let scanPassed = false;
+    let finalReportURI: string | undefined;
+    let finalRiskScore: number | undefined;
+    let finalIpfsHash: string | undefined;
     try {
       const scanResult = await enqueueScan(name, version, (msg) =>
         setScanLogs((prev) => [...prev.slice(-8), msg]),
@@ -101,6 +113,9 @@ export function PushCommand({ npmToken, otp }: PushCommandProps) {
 
       const riskScore = scanResult.report.aggregate_risk_score;
       const riskLevel = classifyRisk(riskScore);
+      finalReportURI = scanResult.reportURI;
+      finalRiskScore = riskScore;
+      finalIpfsHash = scanResult.ipfsHash;
 
       setResult((r) => ({
         ...r,
@@ -206,6 +221,74 @@ export function PushCommand({ npmToken, otp }: PushCommandProps) {
     }
     updateStep('register', 'done');
 
+    // ── Write package metadata to ENS text records ──
+    if (ensName) {
+      updateStep('ensRecords', 'running');
+      const ensLog = (msg: string) => setEnsRecordLogs((prev) => [...prev, msg]);
+      try {
+        ensLog(`Reading existing records from ${ensName}...`);
+        const existingRecords = await readOPMRecords(ensName);
+        const records = buildOPMRecords({
+          packageName: name,
+          version,
+          checksum,
+          signature,
+          reportURI: finalReportURI,
+          riskScore: finalRiskScore,
+          existingPackages: existingRecords.packages,
+        });
+
+        const writeResult = await writeENSRecords(
+          ensName,
+          privateKey,
+          records,
+          ensLog,
+        );
+
+        if (writeResult) {
+          setResult((r) => ({
+            ...r,
+            ensRecordsTx: writeResult.txHash,
+            ensRecordsChain: writeResult.chain,
+            ensRecordsCount: writeResult.recordCount,
+          }));
+        } else {
+          ensLog(`Hint: signer needs ETH on Ethereum (Sepolia or Mainnet) for gas, and must be the manager of ${ensName}`);
+        }
+
+        let ipfsCid = finalIpfsHash;
+        if (!ipfsCid && finalReportURI) {
+          const fvLink = parseFileverseLink(finalReportURI);
+          if (fvLink) {
+            ensLog(`Reading IPFS hash from Fileverse contract ${fvLink.portalAddress.slice(0, 10)}... file #${fvLink.fileId}`);
+            ipfsCid = (await readFileverseContentHash(fvLink.portalAddress, fvLink.fileId, ensLog)) ?? undefined;
+          }
+        }
+        if (ipfsCid) {
+          const chResult = await setENSContenthash(ensName, privateKey, ipfsCid, ensLog);
+          if (chResult) {
+            setResult((r) => ({ ...r, ipfsContenthash: ipfsCid }));
+          }
+        }
+
+        const subResult = await createPackageSubname(
+          ensName,
+          name,
+          privateKey,
+          records,
+          ensLog,
+        );
+        if (subResult) {
+          setResult((r) => ({ ...r, ensSubname: subResult.subname }));
+        }
+      } catch (err: any) {
+        ensLog(`Error: ${err?.message || 'unknown'}`);
+      }
+      updateStep('ensRecords', 'done');
+    } else {
+      updateStep('ensRecords', 'skip');
+    }
+
     if (fs.existsSync(tarballFile)) fs.unlinkSync(tarballFile);
   }
 
@@ -325,6 +408,35 @@ export function PushCommand({ npmToken, otp }: PushCommandProps) {
               </Box>
             </Box>
           )}
+          <StatusLine label="Write ENS records" status={steps.ensRecords}
+            detail={steps.ensRecords === 'skip' ? 'no ENS name' : steps.ensRecords === 'done' && result.ensRecordsCount ? `${result.ensRecordsCount} records` : undefined} />
+          {steps.ensRecords === 'done' && result.ensRecordsTx && (
+            <Box flexDirection="column" marginLeft={4}>
+              <Box>
+                <Text color="gray">Chain: </Text>
+                <Text color="cyan">{result.ensRecordsChain}</Text>
+                <Text color="gray"> | </Text>
+                <Hyperlink url={`https://${result.ensRecordsChain === 'sepolia' ? 'sepolia.' : ''}etherscan.io/tx/${result.ensRecordsTx}`} label={`tx ${result.ensRecordsTx.slice(0, 10)}...`} color="green" />
+              </Box>
+              <Box>
+                <Text color="gray">Records: </Text>
+                <Text color="white">url, opm.version, opm.checksum, opm.fileverse, opm.risk_score{result.ipfsContenthash ? ', contenthash' : ''}</Text>
+              </Box>
+              {result.ensSubname && (
+                <Box>
+                  <Text color="gray">Subname: </Text>
+                  <Text color="cyan" bold>{result.ensSubname}</Text>
+                </Box>
+              )}
+            </Box>
+          )}
+          {ensRecordLogs.length > 0 && (
+            <Box flexDirection="column" marginLeft={4}>
+              {ensRecordLogs.map((log, i) => (
+                <Text key={i} color={log.startsWith('Hint:') || log.startsWith('Error:') ? 'yellow' : 'gray'}>{log}</Text>
+              ))}
+            </Box>
+          )}
         </>
       )}
 

package/packages/cli/src/commands/register-agent.tsx

@@ -1,11 +1,12 @@
 import React, { useState, useEffect } from 'react';
 import { Box, Text } from 'ink';
+import { ethers } from 'ethers';
 import { txUrl, contractUrl, addressUrl } from '@opm/core';
 import { Header } from '../components/Header';
 import { StatusLine, type Status } from '../components/StatusLine';
 import { Hyperlink } from '../components/Hyperlink';
 import { registerAgentOnChain } from '../services/contract';
-import { runBenchmarkSuite, type BenchmarkRunResult } from '@opm/scanner';
+import { runBatchBenchmarkSuite, type BatchBenchmarkRunResult } from '@opm/scanner';
 
 type StepStatus = Status;
 
@@ -19,9 +20,12 @@ interface Steps {
 interface RegisterResult {
   agentName?: string;
   model?: string;
-  benchmarkResult?: BenchmarkRunResult;
-  txHash?: string;
   agentAddress?: string;
+  benchmarkResult?: BatchBenchmarkRunResult;
+  txHash?: string;
+  onChainProofHash?: string;
+  onChainPromptHash?: string;
+  alreadyRegistered?: boolean;
   rejected?: boolean;
   rejectReason?: string;
 }
@@ -69,10 +73,16 @@ export function RegisterAgentCommand({ agentName, model, systemPrompt }: Registe
       throw new Error('OPENROUTER_API_KEY or OPENAI_API_KEY required to run benchmarks');
     }
 
+    // Derive agent wallet address from private key
+    const agentWallet = new ethers.Wallet(process.env.AGENT_PRIVATE_KEY);
+    setResult((r) => ({ ...r, agentAddress: agentWallet.address }));
+
     updateStep('validate', 'done');
 
+    // Single-call batch benchmark: sends all 10 cases at once,
+    // gets back 10 flagged/safe answers, compares to ground truth.
     updateStep('benchmark', 'running');
-    const benchResult = await runBenchmarkSuite(
+    const benchResult = await runBatchBenchmarkSuite(
       { name: agentName, model, systemPrompt },
       (msg) => setLogs((prev) => [...prev.slice(-12), msg]),
     );
@@ -82,11 +92,15 @@ export function RegisterAgentCommand({ agentName, model, systemPrompt }: Registe
       updateStep('benchmark', 'error');
       updateStep('zkproof', 'error');
       updateStep('register', 'blocked');
+      const failedCases = benchResult.results
+        .filter((r) => !r.passed)
+        .map((r) => `${r.caseId} (${r.category}): answered ${r.actualFlagged ? 'FLAGGED' : 'SAFE'}, expected ${r.expectedFlagged ? 'FLAGGED' : 'SAFE'}`);
       setResult((r) => ({
         ...r,
         rejected: true,
         rejectReason: `Agent achieved ${benchResult.accuracyPct}% accuracy (100% required). ` +
-          `Failed ${benchResult.failed}/${benchResult.total} benchmark cases.`,
+          `Failed ${benchResult.failed}/${benchResult.total} cases.\n` +
+          failedCases.join('\n'),
       }));
       return;
     }
@@ -103,13 +117,19 @@ export function RegisterAgentCommand({ agentName, model, systemPrompt }: Registe
       }));
       return;
     }
+
+    // Compute the on-chain hashes (same as registerAgentOnChain does)
+    const proofStr = benchResult.zkProof.accuracyProof;
+    const promptStr = systemPrompt || 'default-opm-security-prompt';
+    const onChainProofHash = ethers.keccak256(ethers.toUtf8Bytes(proofStr));
+    const onChainPromptHash = ethers.keccak256(ethers.toUtf8Bytes(promptStr));
+
+    setResult((r) => ({ ...r, onChainProofHash, onChainPromptHash }));
     setLogs((prev) => [...prev, `ZK proof hash: ${benchResult.zkProof.accuracyProof.slice(0, 24)}…`]);
     updateStep('zkproof', 'done');
 
     updateStep('register', 'running');
     try {
-      const proofStr = benchResult.zkProof.accuracyProof;
-      const promptStr = systemPrompt || 'default-opm-security-prompt';
       const txHash = await registerAgentOnChain(agentName, model, promptStr, proofStr);
       setResult((r) => ({ ...r, txHash }));
       setLogs((prev) => [...prev, `Agent registered on-chain ✓`]);
@@ -117,25 +137,29 @@ export function RegisterAgentCommand({ agentName, model, systemPrompt }: Registe
       const msg = err?.shortMessage || err?.message || 'failed';
       setLogs((prev) => [...prev, `Registration: ${msg}`]);
       if (msg.includes('already')) {
-        setResult((r) => ({ ...r, rejected: true, rejectReason: 'Agent wallet is already registered' }));
-        updateStep('register', 'error');
+        setResult((r) => ({ ...r, alreadyRegistered: true }));
+        updateStep('register', 'done');
         return;
       }
     }
     updateStep('register', 'done');
   }
 
-  const riskColor = (pct: number) => (pct >= 100 ? 'green' : pct >= 70 ? 'yellow' : 'red');
-
   return (
     <Box flexDirection="column">
       <Header subtitle="register-agent" />
       <Text color="white" bold> Registering agent: {agentName}</Text>
       <Text color="gray"> Model: {model}</Text>
+      {result.agentAddress && (
+        <Box>
+          <Text color="gray"> Wallet: </Text>
+          <Hyperlink url={addressUrl(result.agentAddress)} label={result.agentAddress} color="cyan" />
+        </Box>
+      )}
       <Text> </Text>
 
       <StatusLine label="Validate configuration" status={steps.validate} />
-      <StatusLine label="Run benchmark suite (10 cases)" status={steps.benchmark} />
+      <StatusLine label="Batch benchmark (10 cases, single call)" status={steps.benchmark} />
 
       {logs.length > 0 && (
         <Box flexDirection="column" marginLeft={4}>
@@ -148,21 +172,23 @@ export function RegisterAgentCommand({ agentName, model, systemPrompt }: Registe
       {result.benchmarkResult && (
         <Box flexDirection="column" marginTop={1}>
           <Text color="gray">────────────────────────────────────────</Text>
-          <Text color="white" bold> Benchmark Results</Text>
+          <Text color="white" bold> Benchmark Results (flagged/safe)</Text>
           <Box flexDirection="column" marginLeft={2} marginTop={1}>
-            {result.benchmarkResult.results.map((r) => (
+            {result.benchmarkResult.results.map((r, i) => (
               <Box key={r.caseId}>
-                <Text color={r.verdict === 'PASS' ? 'green' : 'red'}>
-                  {r.verdict === 'PASS' ? '✓' : '✗'}{' '}
+                <Text color={r.passed ? 'green' : 'red'}>
+                  {r.passed ? '✓' : '✗'}{' '}
                 </Text>
-                <Text color="white">{r.category}</Text>
-                <Text color="gray"> — expected {r.expectedLevel}, got {r.actualLevel}</Text>
-                <Text color="gray"> (score: {r.actualScore})</Text>
+                <Text color="white">Case {i + 1} ({r.category})</Text>
+                <Text color="gray"> — {r.actualFlagged ? 'FLAGGED' : 'SAFE'}</Text>
+                {!r.passed && (
+                  <Text color="red"> (expected {r.expectedFlagged ? 'FLAGGED' : 'SAFE'})</Text>
+                )}
               </Box>
             ))}
           </Box>
           <Box marginLeft={2} marginTop={1}>
-            <Text color={riskColor(result.benchmarkResult.accuracyPct)} bold>
+            <Text color={result.benchmarkResult.accuracyPct >= 100 ? 'green' : 'red'} bold>
               Accuracy: {result.benchmarkResult.passed}/{result.benchmarkResult.total}{' '}
               ({result.benchmarkResult.accuracyPct}%)
             </Text>
@@ -174,8 +200,14 @@ export function RegisterAgentCommand({ agentName, model, systemPrompt }: Registe
       <StatusLine label="ZK proof verification" status={steps.zkproof} />
       {result.benchmarkResult?.zkProof && steps.zkproof === 'done' && (
         <Box flexDirection="column" marginLeft={4}>
-          <Text color="gray">Commitment: {result.benchmarkResult.zkProof.commitment.expectedHash.slice(0, 24)}…</Text>
-          <Text color="gray">Proof:      {result.benchmarkResult.zkProof.accuracyProof.slice(0, 24)}…</Text>
+          <Text color="gray">Commitment:       {result.benchmarkResult.zkProof.commitment.expectedHash.slice(0, 24)}…</Text>
+          <Text color="gray">Proof:            {result.benchmarkResult.zkProof.accuracyProof.slice(0, 24)}…</Text>
+          {result.onChainProofHash && (
+            <Text color="gray">On-chain proof:   {result.onChainProofHash.slice(0, 24)}…</Text>
+          )}
+          {result.onChainPromptHash && (
+            <Text color="gray">Prompt hash:      {result.onChainPromptHash.slice(0, 24)}…</Text>
+          )}
           <Text color="green">✓ Zero-knowledge proof verified — accuracy proven without revealing test data</Text>
         </Box>
       )}
@@ -187,6 +219,9 @@ export function RegisterAgentCommand({ agentName, model, systemPrompt }: Registe
             <Text color="gray">⛓  </Text>
             <Hyperlink url={txUrl(result.txHash)} label={`tx ${result.txHash.slice(0, 10)}…`} color="green" />
           </Box>
+          {result.onChainProofHash && (
+            <Text color="gray">    ZK proof stored: {result.onChainProofHash.slice(0, 18)}…</Text>
+          )}
           <Box>
             <Text color="gray">📋 </Text>
             <Hyperlink url={contractUrl()} label="OPM Registry Contract" color="cyan" />
@@ -194,6 +229,20 @@ export function RegisterAgentCommand({ agentName, model, systemPrompt }: Registe
         </Box>
       )}
 
+      {result.alreadyRegistered && !result.rejected && (
+        <Box flexDirection="column" marginLeft={4}>
+          <Text color="yellow">⚠ Agent wallet is already registered on-chain</Text>
+          {result.agentAddress && (
+            <Box>
+              <Text color="gray">  Agent: </Text>
+              <Hyperlink url={addressUrl(result.agentAddress)} label={result.agentAddress.slice(0, 10) + '…'} color="cyan" />
+            </Box>
+          )}
+          <Text color="gray">  Benchmark passed ✓ — ZK proof valid ✓</Text>
+          <Text color="gray">  Use a different AGENT_PRIVATE_KEY to register a new agent.</Text>
+        </Box>
+      )}
+
       {result.rejected && (
         <Box flexDirection="column" marginTop={1}>
           <Text color="gray">────────────────────────────────────────</Text>
@@ -201,18 +250,10 @@ export function RegisterAgentCommand({ agentName, model, systemPrompt }: Registe
           <Box marginLeft={2}>
             <Text color="red" wrap="wrap">{result.rejectReason}</Text>
           </Box>
-          {result.benchmarkResult && result.benchmarkResult.failureReasons.length > 0 && (
-            <Box flexDirection="column" marginLeft={2} marginTop={1}>
-              <Text color="yellow" bold>Failure details:</Text>
-              {result.benchmarkResult.failureReasons.map((reason, i) => (
-                <Text key={i} color="yellow" wrap="wrap">  • {reason}</Text>
-              ))}
-            </Box>
-          )}
         </Box>
       )}
 
-      {!result.rejected && steps.register === 'done' && (
+      {!result.rejected && !result.alreadyRegistered && steps.register === 'done' && (
         <Box flexDirection="column" marginTop={1}>
           <Text color="gray">────────────────────────────────────────</Text>
           <Text color="green" bold>✓ Agent "{agentName}" registered successfully</Text>

package/packages/cli/src/index.tsx

@@ -105,14 +105,14 @@ function Help() {
       <Header />
       <Box flexDirection="column" marginLeft={2}>
         <Text color="cyan" bold>Security commands:</Text>
-        <Text>  opm push [--token t] [--otp c]  Sign, scan, publish, register</Text>
+        <Text>  opm push [--token t] [--otp c]  Sign, scan, publish, register + ENS records</Text>
         <Text>  opm install [pkg[@ver]] Install with on-chain security verification</Text>
         <Text>  opm install pkg@ens.eth Install safest version by ENS author</Text>
         <Text>  opm check               Scan all deps: typosquats, CVEs, AI analysis</Text>
         <Text>  opm fix                 Auto-fix typosquats and vulnerable versions</Text>
         <Text>  opm audit               Scan all deps against on-chain security data</Text>
-        <Text>  opm info {'<pkg>'}            Show on-chain security info for a package</Text>
-        <Text>  opm view {'<name.eth>'}      Show author profile, packages, and risk scores</Text>
+        <Text>  opm info {'<pkg>'}            Show on-chain + ENS record data for a package</Text>
+        <Text>  opm view {'<name.eth>'}      Author profile, OPM records, packages</Text>
         <Text>  opm whois {'<name>'}          Look up an ENS identity on OPM</Text>
         <Text> </Text>
         <Text color="cyan" bold>Agent commands:</Text>
@@ -135,7 +135,7 @@ function Help() {
         <Text>  opm pack                 Create a tarball</Text>
         <Text> </Text>
         <Text color="gray">Aliases:  i/add → install, rm → uninstall, ls → list</Text>
-        <Text color="gray">          view name.eth → author profile, view pkg → info</Text>
+        <Text color="gray">          view name.eth → author profile + OPM ENS records</Text>
         <Text color="gray">          pkg@name.eth → ENS-resolved safest version by author</Text>
         <Text> </Text>
         <Text color="cyan" bold>Environment (install/audit/info/view need no config):</Text>