diff --git a/AUDIT.md b/AUDIT.md
new file mode 100644
index 0000000..9febe43
--- /dev/null
+++ b/AUDIT.md
@@ -0,0 +1,29 @@
+# Audit — modpot
+
+Generated 2026-06-12 UTC.
+
+```json
+{
+  "repo": "modpot",
+  "parse_errors": [],
+  "tests_passed": 13,
+  "tests_failed": 0,
+  "tests_errored": 0,
+  "has_tests": true,
+  "pytest_tail": ".............                                                            [100%]\n13 passed in 0.47s",
+  "package": "https",
+  "cli_version": "C:\\Python314\\python.exe: No module named https",
+  "clean": true
+}
+```
+
+## pytest
+```
+.............                                                            [100%]
+13 passed in 0.47s
+```
+
+## CLI
+```
+C:\Python314\python.exe: No module named https
+```
diff --git a/README.md b/README.md
index 5aa014e..d6bac77 100644
--- a/README.md
+++ b/README.md
@@ -9,14 +9,14 @@
 
 <img src="https://readme-typing-svg.demolab.com?font=Fira+Code&size=18&duration=3500&pause=1000&color=6B46C1&center=true&vCenter=true&width=720&lines=Spin+up+a+highinteraction+ModbusDNP3+ICS+honeypot+that+logs+;Self-hostable+%C2%B7+MCP-native+%C2%B7+CI-ready+%C2%B7+polyglot" width="720"/>
 
-[![PyPI](https://img.shields.io/pypi/v/cognis-modpot.svg?color=6b46c1)](https://pypi.org/project/cognis-modpot/) [![CI](https://github.com/cognis-digital/modpot/actions/workflows/ci.yml/badge.svg)](https://github.com/cognis-digital/modpot/actions) [![License: COCL 1.0](https://img.shields.io/badge/License-COCL%201.0-2b6cb0.svg)](LICENSE) [![Suite](https://img.shields.io/badge/Cognis-Neural%20Suite-6b46c1.svg)](https://github.com/cognis-digital)
+[![install](https://img.shields.io/badge/install-git%2B%20%C2%B7%20pipx%20%C2%B7%20uv-6b46c1.svg)](#install--every-way-every-platform) [![CI](https://github.com/cognis-digital/modpot/actions/workflows/ci.yml/badge.svg)](https://github.com/cognis-digital/modpot/actions) [![License: COCL 1.0](https://img.shields.io/badge/License-COCL%201.0-2b6cb0.svg)](LICENSE) [![Suite](https://img.shields.io/badge/Cognis-Neural%20Suite-6b46c1.svg)](https://github.com/cognis-digital)
 
 *IoT / OT / Embedded — firmware, buses, and device security.*
 
 </div>
 
 ```bash
-pip install cognis-modpot
+pip install "git+https://github.com/cognis-digital/modpot.git"
 modpot scan .            # → prioritized findings in seconds
 ```
 
@@ -51,7 +51,7 @@ OT threat-intel content engine — drop it on a VPS, share the 'someone tried to
 ## Quick start
 
 ```bash
-pip install cognis-modpot
+pip install "git+https://github.com/cognis-digital/modpot.git"
 modpot --version
 modpot scan .                       # scan current project
 modpot scan . --format json         # machine-readable
@@ -125,6 +125,16 @@ Pipes into your stack: **SARIF** for code-scanning, **JSON** for anything, an **
 <div align="right"><a href="#top">↑ back to top</a></div>
 
 <a name="install-anywhere"></a>
+<!-- cognis:domains:start -->
+## Domains
+
+**Primary domain:** Cyber & Security  ·  **JTF MERIDIAN division:** NULLBYTE · SPECTER
+
+**Topics:** `cognis` `security` `infosec` `cybersecurity` `blue-team`
+
+Part of the **Cognis Neural Suite** — 300+ source-available tools organized across 12 domains under the JTF MERIDIAN command structure. See the [suite on GitHub](https://github.com/cognis-digital) and [jtf-meridian](https://github.com/cognis-digital/jtf-meridian) for how the pieces fit together.
+<!-- cognis:domains:end -->
+
 ## Install — every way, every platform
 
 ```bash
@@ -144,6 +154,32 @@ curl -fsSL https://raw.githubusercontent.com/cognis-digital/modpot/main/install.
 <div align="right"><a href="#top">↑ back to top</a></div>
 
 <a name="related"></a>
+<a name="verification"></a>
+## Verification
+
+[![tests](https://img.shields.io/badge/tests-13%20passing-2ea44f.svg)](AUDIT.md)
+
+Every push is verified end-to-end. Latest audit (2026-06-12):
+
+```text
+tests        : 13 passed, 0 failed, 0 errored
+compile      : all modules parse
+cli          : C:\Python314\python.exe: No module named https
+package      : https
+```
+
+<details><summary>CLI surface (<code>--help</code>)</summary>
+
+```text
+C:\Python314\python.exe: No module named https
+```
+</details>
+
+Full machine-readable results: [`AUDIT.md`](AUDIT.md) · regenerate with `python -m https --help` + `pytest -q`.
+
+<div align="right"><a href="#top">↑ back to top</a></div>
+
+
 ## Related Cognis tools
 
 - [`fwxray`](https://github.com/cognis-digital/fwxray) — Diff two firmware images and surface exactly what changed: new binaries, flipped config flags, added certs, and shifted entropy regions.
diff --git a/modpot/cli.py b/modpot/cli.py
index d3ddc71..54fb5fa 100644
--- a/modpot/cli.py
+++ b/modpot/cli.py
@@ -216,6 +216,16 @@ def build_parser() -> argparse.ArgumentParser:
     s.add_argument("--host", default="127.0.0.1", help="bind host")
     s.add_argument("--port", type=int, default=5020, help="bind port (default 5020)")
     s.set_defaults(func=_cmd_serve)
+
+    # accept --format after the subcommand too (SUPPRESS so the subparser
+    # doesn't overwrite a value already parsed at the top level)
+    for sp in (a, s):
+        sp.add_argument(
+            "--format",
+            choices=["table", "json"],
+            default=argparse.SUPPRESS,
+            help="output format (default: table)",
+        )
     return p