diff --git a/cli/generate.go b/cli/generate.go
index 0325467a8e..29f7f49957 100644
--- a/cli/generate.go
+++ b/cli/generate.go
@@ -22,8 +22,18 @@ const kataPolicyAnnotationKey = "io.katacontainers.config.agent.policy"
 func newGenerateCmd() *cobra.Command {
 	cmd := &cobra.Command{
 		Use:   "generate [flags] paths...",
-		Short: "generate",
-		RunE:  runGenerate,
+		Short: "generate policies and inject into Kubernetes resources",
+		Long: `
+		Generate policies and inject into the given Kubernetes resources.
+
+		This will download the referenced container images to calculate the dm-verity
+		hashes of the image layers. In addition, the Rego policy will be used as base
+		and updated with the given settings file. For each container workload, the policy
+		is added as annotaiton in the Kubernetes YAML.
+
+		The hashes of the policies are added to the manifest.
+		`,
+		RunE: runGenerate,
 	}
 
 	cmd.Flags().StringP("policy", "p", policyDir, "path to policy (.rego) file")
diff --git a/cli/set.go b/cli/set.go
index 156c7e4858..648e18f7bb 100644
--- a/cli/set.go
+++ b/cli/set.go
@@ -21,9 +21,20 @@ import (
 func newSetCmd() *cobra.Command {
 	cmd := &cobra.Command{
 		Use:   "set [flags] paths...",
-		Short: "Set a manifest",
-		Long:  `Set a manifest.`,
-		RunE:  runSet,
+		Short: "Set the given manifest at the coordinator",
+		Long: `
+		Set the given manifest at the coordinator.
+
+		This will connect to the given Coordinator using aTLS. During the connection
+		initialization, the remote attestation of the Coordinator CVM happens and
+		the connection will only be successful if the Coordinator conforms with the
+		reference values embedded into the CLI.
+
+		After the connection is established, the manifest is set. The Coordinator
+		will re-generate the mesh root certificate and accept new workloads to
+		issuer certificates.
+		`,
+		RunE: runSet,
 	}
 
 	cmd.Flags().StringP("manifest", "m", manifestFilename, "path to manifest (.json) file")
diff --git a/cli/verify.go b/cli/verify.go
index 7d0dfa555b..e5bfd3ec78 100644
--- a/cli/verify.go
+++ b/cli/verify.go
@@ -22,8 +22,18 @@ func newVerifyCmd() *cobra.Command {
 	cmd := &cobra.Command{
 		Use:   "verify",
 		Short: "Verify a nunki deployment",
-		Long:  `Verify a manifest.`,
-		RunE:  runVerify,
+		Long: `
+		Verify a nunki deployment.
+
+		This will connect to the given Coordinator using aTLS. During the connection
+		initialization, the remote attestation of the Coordinator CVM happens and
+		the connection will only be successful if the Coordinator conforms with the
+		reference values embedded into the CLI.
+
+		After the connection is established, the CLI will request the manifest histroy,
+		all policies, and the certificates of the Coordinator certifcate authority.
+	`,
+		RunE: runVerify,
 	}
 
 	cmd.Flags().StringP("output", "o", verifyDir, "directory to write files to")