Two-node evidence workflow for a declared cryptography inventory. Stage 1 structurally lints a pasted CycloneDX 1.6 CBOM and classifies each declared algorithm asset as quantum-vulnerable or CNSA-2.0 target-aligned. Stage 2 takes a declared inventory of systems — informed by Stage 1's classified components — and computes the applicable CNSA-2.0 migration deadline, days remaining, and FIPS 140-2 Historical-list exposure for each row.
asserted. Nothing is discovered, nothing is fetched, zero-egress by contract. This workflow attests the structural checks and the date arithmetic over your declared inputs. It does not scan your systems, does not audit your cryptography, and is not legal or regulatory advice. If the declared inputs are wrong, the receipt faithfully proves the wrong conclusion. Read the PQC Migration Evidence Guide before handing a receipt to a counterparty or regulator.lint_cbom_structure{
"jsonrpc": "2.0",
"method": "tools/call",
"params": {
"name": "lint_cbom_structure",
"arguments": {
"cbom": {
"bomFormat": "CycloneDX",
"specVersion": "1.6",
"components": [
{
"type": "cryptographic-asset",
"name": "RSA-2048",
"cryptoProperties": {
"assetType": "algorithm",
"algorithmProperties": {
"primitive": "signature",
"parameterSetIdentifier": "2048",
"certificationLevel": ["none"],
"cryptoFunctions": ["sign", "verify"]
}
}
}
]
}
}
},
"id": 1
}
compute_pqc_deadline_ladder{
"jsonrpc": "2.0",
"method": "tools/call",
"params": {
"name": "compute_pqc_deadline_ladder",
"arguments": {
"reference_date": "2026-07-19",
"inventory": [
{
"row_id": "RSA-2048 (Stage 1 finding)",
"system_class": "nss",
"asset_type": "signature",
"deployment_date": "2024-01-01",
"fips_140_2_certified": false
}
]
}
},
"id": 2
}