{"id":52,"slug":"quantmrkt-pqc-mbom","name":"Quantum-Resistant AI MBOM","author":"quantmrkt","description":"PQC-signed AI Model Bill of Materials. Cryptographically enumerate every model component (weights, training data, fine-tuning, RLHF, quantization, evals) with quantum-safe ML-DSA signatures. SPDX-2.3 export/import. Diff utility for model version audits. 28 tests passing.","tags":"[\"MBOM\",\"SBOM\",\"Supply Chain\",\"SPDX\",\"Compliance\",\"ML-DSA\",\"Model Provenance\",\"Federal Procurement\"]","license":"Apache 2.0","framework":"Python/JSON","parameters":"N/A","downloads":0,"likes":0,"verified":1,"created_at":"2026-03-26 03:20:26","updated_at":"2026-03-26 16:38:49","source_url":"https://github.com/dyber-pqc/QuantaMrkt/tree/main/tools/pqc-mbom","source_platform":"github","hf_repo_id":"","ollama_name":"","category":"tool","latest_version":"1.0.0","version_count":1,"signature_count":3,"risk_level":"MEDIUM","risk_score":45,"versions":[{"id":52,"model_id":52,"version":"1.0.0","manifest_hash":"88727CAFF01DF439A3D2","file_count":21,"total_size":90519,"r2_manifest_key":null,"created_at":"2026-03-26 03:20:35"}],"files":[{"id":6902,"version_id":52,"filename":"LICENSE","sha3_256_hash":"abdcf10f6588f1abfa23a55fbef23267a620b3c67695e93577af0a1d7f881640","size":11325},{"id":6903,"version_id":52,"filename":"README.md","sha3_256_hash":"30c429e015b1958169565a2b49f70f519a00e0c321cfadd7d40a7bf958698bf9","size":13828},{"id":6904,"version_id":52,"filename":"examples/build_llama_mbom.py","sha3_256_hash":"c9b7a91efee6e01aad0059ce1baca389351c2291621b14b862219c489b264377","size":3909},{"id":6905,"version_id":52,"filename":"examples/detect_dataset_swap.py","sha3_256_hash":"74177b67b959342631170b69d497c9c451f3f81aeb148c81be8ccff6d7ec0dab","size":3370},{"id":6906,"version_id":52,"filename":"examples/mbom_to_spdx.py","sha3_256_hash":"b2e71c084f68bbb5860938d75ef694cfe1e17a18d8184950e5fd19830c531476","size":2852},{"id":6907,"version_id":52,"filename":"pyproject.toml","sha3_256_hash":"241325501df058f201a79d3494a80253ad6b96dcb823ef509555035f68063c58","size":989},{"id":6908,"version_id":52,"filename":"src/pqc_mbom/__init__.py","sha3_256_hash":"cdc994b286fc900ec7aa334a32768a9691b4dcb1c1ecca6dc6c74c9de00a9397","size":967},{"id":6909,"version_id":52,"filename":"src/pqc_mbom/component.py","sha3_256_hash":"4297549cb769b5739711338f5986f3d3b87182bfcac96b0c931ccb43a4bed9b4","size":5531},{"id":6910,"version_id":52,"filename":"src/pqc_mbom/diff.py","sha3_256_hash":"2d3da657a70e4b8c28125decbf24f3d79b6b0f4dbfc12e0bf824de57f9605fbc","size":1245},{"id":6911,"version_id":52,"filename":"src/pqc_mbom/errors.py","sha3_256_hash":"7a2b81cfa0a288c91455a9f026314f18e102bdb7603c506a44f53eb60a979cb8","size":744},{"id":6912,"version_id":52,"filename":"src/pqc_mbom/mbom.py","sha3_256_hash":"fb6022c923e4b9bcaaf1ad397832a08eab7b5547925e2cba9d992818eb1f6ff7","size":9491},{"id":6913,"version_id":52,"filename":"src/pqc_mbom/signer.py","sha3_256_hash":"7ced5dc0290002ef3d341d96a75cb63952e874fd92ee184aa68eeb25fce182e8","size":5323},{"id":6914,"version_id":52,"filename":"src/pqc_mbom/spdx.py","sha3_256_hash":"baafaeb424906494cdb72dbb57b70934113d8116747a312d2ba9eea05fc7729c","size":12188},{"id":6915,"version_id":52,"filename":"tests/__init__.py","sha3_256_hash":"a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a","size":0},{"id":6916,"version_id":52,"filename":"tests/conftest.py","sha3_256_hash":"5d394e4195dda6a3e3943b1238cb3df7bcc59fcc8febaba1b70ef3218b17921c","size":2511},{"id":6917,"version_id":52,"filename":"tests/test_component.py","sha3_256_hash":"305aaf36143b07dc7c0f3ad1e285cef27f0df1ab0a3c4477ff503332c635bbf1","size":2289},{"id":6918,"version_id":52,"filename":"tests/test_diff.py","sha3_256_hash":"32e11ea2304eee956ed8dbd9f19b5a58545399a3b56ecdbee35bd347fc89b602","size":2665},{"id":6919,"version_id":52,"filename":"tests/test_integration.py","sha3_256_hash":"006a8b015aafe0dd9938306170658d95ea142ccc7bde784668d9e38d86c6edb8","size":3390},{"id":6920,"version_id":52,"filename":"tests/test_mbom.py","sha3_256_hash":"90c4a368aeaddb0b5ddb347c9d6b601bb13fedccc7ca2d9b72be953a2f8da12a","size":3215},{"id":6921,"version_id":52,"filename":"tests/test_signer.py","sha3_256_hash":"054643b9078d19de234c096347ae38ecc0f290eb9943836ced7b3f4b448a8418","size":2805},{"id":6922,"version_id":52,"filename":"tests/test_spdx.py","sha3_256_hash":"9c2c6a18be59c7e01fb921085b41dfe8f8590047eb058f66b7a0101a4d770e39","size":1882}],"signatures":[{"id":100,"version_id":52,"signer_did":"did:web:quantamrkt.com:tools:signing","algorithm":"ML-DSA-87","signature_hex":"c511223344445566","attestation_type":"creator","signed_at":"2026-03-25T10:25:00Z"},{"id":101,"version_id":52,"signer_did":"did:web:quantamrkt.com:verification:primary","algorithm":"ML-DSA-87","signature_hex":"d622334455556677","attestation_type":"registry","signed_at":"2026-03-25T10:26:00Z"},{"id":396,"version_id":52,"signer_did":"did:web:quantamrkt.com:chain:authority","algorithm":"ML-DSA-87","signature_hex":"98baf20b4203d6df730946a8abde8d2a4d09408d24257ce40ee8209b99d989005efb1e86dfb636cbb1da642325b45a5a5fecb8d0e9c92084755f57358342538c272d1c185f1ecef5d4bb677fd3a51f3981a23c9d7fa4c6964eb1d356701576b9257d3b5ac3d1af34990cce0fef2cf928472d319516ce0f01ebf8bf230cc825274db8ceaabe4a911b11348dd96295473e649f7779f0d033a7c883278eb09dc6687ee2be9ff510b2a4c633b7f47cc0f6019ed49383fe2bf28bd21f10ccc6d60af8d54d9408f4977ce5b31078985f5045218761f6132b8d341ec4370c1cd7cb210c115bc8b56a0c5e3afa2680e79f003cf3ec9fb223616e4020a2dd0c27da90773341d245f58d55fd918029fccb9344d2b30a6b352a5e7b0b12422766571d3b4641a9b268cdeed6af9c23f902f08e76b399d190a22cd9968740e2b67de86e48f096d52af5df97de230b5b07ee2c49e5c5b04beeb38c583e68ec5f3657622d3b508f76a359f26afadad47f04eb680ad8f3316f91fa02c8ca9bf3b73e4c27f68d5ab1faf28c183a90371e6d134b119e7b30c1645332f46e3f1b1ab2b264e8b502dd21a9bd9d9c9250457de3f2e1673007d056e3a97665b66494ca6468f52a34ee83335520bb5448287c60f99d69b2a7a592ff806650f29beb4ebe53240d71acece07be671dde81e1decfe9b5b50f409634a53316ed0418e34bba7d8318db76514abb3c275df5430c803e0dc0cd644e1b0ea18ca1a5f8430e7bd256b5a927976af7815cbbbf0f383e72af346a6092358388432bbc91c06011b4ca0064bdfd1a52d123ef658fc69f1cc03d2ba659b6243de61505dbf4a83fef2d18ff23597e06d8479618147c50d28816cb2b3063213e28dfbdc39b8518ba9417feb7573121ef0e7c03f9acce7dedca384c12bf80f964b7a246c28b460a91b21e709d5055c526fbc54d810c8903ea85705864210fb90154c49f20f9ae38d77bfddc3cd1aac9c1cffec6b13f73a77b2e7525fa5ddca7755294af1997a0a01132f8598e848abdcd518abc68fcedbe2ff8ca08243c3175abc675646785dc502da740d4ee908e3db00c7883bce5bd4765696a40fd4c1562a74809ba0f556172b0c3fd4ccd1f0d0e00efc8fb74939c80db608c20eeddfa22a297b4a7c68b69ecc01051ae6490b4a2ccfe2fbadc330f7458e342ee2d13c5356758b1fcb2bef84904300cee29791db3e73e65fb17f1c23fe4cdeb897114e8d3fe135358ac6c1b2f159f9dc2d54a8d24aa26bde2e7997f0b886042df51199c4bf7c530f5880bf18e1e90b6bd45ffa0ae33b14fe94f6015f5f2ad2745dff3463d00d46f185dfa5d5ced8ff8e1a18fb704597e1a768f27fcb16b514d0dda6088c1ef4fb1193dfb1a5f32940538b0144234efc168a85559dafd42a75485da5be3504466fb05ab75b62a623da74e5c48180c95d058f70b933cd3fc87e6d9bb66724004f3d88d80ebde7e6362b6014290d740c90fd4c51edfc1fcec69ded59cce281504b547e3f0a79c71b07708a35cfa7c8854a7a66cadcceaa7afdaf84614a43dcfe28239c948cdf8ca06d5d1ea66a0aae631e8ba5c140a3a677c516dc693779ec5ae6edb7a7eab989c31ebc58cc0ef3e0232a3e46e8e3227edfe2a2d5408e33b68b4fa755ab6317eb247bfe115c3b4b0599e9f207c64e4570b79b3ddf951eef55a2d94de0bee6d660406406e48eb45ecd61f1609f070904836bda089ac41ba5a64e28aaf5f18cb8f9eda2bf64406f548bb306ea3067d0435c102447f03a3f0061440cd369e21aa9a18065f12358b5535debe91cd159c52b0bb9bdf7acdc0041972b066af5e51eadf7c3470f93d82f8a360205243a0149d6ff66ec288402383bce895e728291b5a2c8ce827a0906c9f7a8fd3a7b0e619ed983baa62be199ba87009ceca1dfeb584601a38ba146d01217ca04947b072706a03ebf70a536cfed62fd72591b6977c1b0b4f9cb9b545db94517a9020e4a372120adadad5a13b76ea5e88663980e329b30229024a400523e8ebe91b10b14f5f684c30a2d57126f873c57a900c29ba4a1e5229476195f46e3b3ed275f06ab767911adea0be0a55b6591350f5961570a13e8edf0d86c979fb7943eb4a12b686182a6e631d1885e38c6e69cd131445ab5279f318cbd504d6c11920d8038eb674be263298809e45b1964cf3ce1c457662f93dfce111d9e221315a2c42436cd4399086ee6331b3b501984a9ce8f15a5d6e5545729f5197a320b93c4e8c546643ba6d51db120f8876003ba0e0162be18ca42d006a6fcd1ce5910319d432833338856a367cfe32b3bf5b73bbaf1499b17c029af0904b1b66a15ad7a02de5968b497b4e9a50c78b69c8ee53b4738e4946ea247d8507f56c8b91c7f1d208dd0fe2482b0a16cbbc51a52ed85fde91f87f74512941349d1fa6825524f9b3d99dc23d0d6b9541b2f0db4278540353877c42a4a4a7ccecd7f03748f2ec21abf0a950812057242be58e90ac3fef84a7ce4632f926a9caa74c9e5df6aaecf4f8dbec7c955a980d6263acb727ec7b5ea267b0f2306ab00b5a64e743dff3c12b48d29562384827ee1e01a486b9d4d52d514e701eb021af3424260847315f3d59a93282a98db7d1ee31df618ba3393f19b6135bbf0a6c3a76f4a53755259f493bd0cb86610fabc9a0bd0bdc6c2a219bef7c111505791fac59e9759520c70dbd17e90e9ed5400bb35643c0cd43e8c50cc90fda4f95429efd471d0c9ede75faa4ce8cb45fc60131371b0e6f9ee63ea472c5e6bdd79a700bb2389af614c85c8c824b2b917727c96e67204a5380b92939f95415e143554221705baabec81ba98b05b1fd3f7138e99267241f27aab637d73d93a7be2130072c6e71fc837e5672bc7843d77c73885aabfdd19df80a16a6cffa37d2d1b1463a875b4ca6d9871e2792012870ccec23f11957e1c9cead762c7ae88a655be3f1dea0357f43e8262e677ec1aa2183228cf87739489330a65a4311625287cef88c2382f464ab740aa2a8c1fb0ca62f1f2c66442e68fd7dc317a5b969692f7ef26e1b3624e5488033f1c2f8fa6540069b17d97acadb54bd49e61a72403279512843dffed90880c5088ef1e07ee41a8d6efdfbba7b35d5dece30a2133f8e81f8f5b2adacfbd633d6d8ea24542acd8a7704336d5cf9bab7af3ab2220b1609242d9cdd5e04bfac0b6792ce4b242e2389c9e125217fc10ac416544a2bd435efa56babf8a134b407822c3e540f80a62545c7aeb218a460e3f6796b30a105a9efbd662b68c36ce74ed44541661cd1480ebf26e975c6753d405bfc97c97ccce7da91901a87983799477ab80b3a1fc4b3141a6d18eb6c9c41aab648edf22d113a83ce220b39cea68d976c6a84102eef94c062989dd04dd9a556a99fe787098ac2090482761f6f4b2f3212c3434f89bb7ca03fd0afe6144e259d503bab38ec8e269f93ccbb55635d3b11c4879666c1c8e70dba6399f7b2264bfa62c688aa4dfb97391cdeb2d7f3bf5907ec4b3dfbae92e0e3f10240157e8a710dcf08424a6c87190f957102b81987e1f5ecf540cd0a96d9e6eae61dd435fdf47cca12c9ed676f0f38353a03afd55ed1814e9af1f886b80dafc70665451dc5c3cd75fc9620f1f7714aaa028e0a81f6e8929cb0561d1d7ed3ec2191b108701658ea76a0213d5e4f19792814ed3d97faa353d369c6bc6b14f71f51d3a26af129250407627a0b754a0b1a6c70ab3edff5e89e444d008559ba2583452d1e4aa46825feffc7032a932464321c2017001535a7581cc72de1f82cb0a619ca4409cc7b17a2c3b1db692cebfae76a6926a24a82c2959976bc41bd730f2dc36ce4eba7034695c9763871517f37428c68322425bab4e1492e425243c62d56f2014e7d3333847e8b58731a6970d04d547d21b844d9444f8c68f1b7f46aa1d0f60b8064b2ff0ce7396689d46b845d6f6acb529b4f8b38929613f70f818cfbbe6c660e0578929344a3a27f14564c43aecbf8becf9315bbe13b1deb51cc24f8194e096f1c59cdc7222164292b80995e9f42de8b97ce7692b312f89b93c7b82236ac850d4a057d112d2c50e8cc5c4024762924fd584f123b51df4695f7488fb91e84cfca63fbc84454f94aadb7d461a9b7ddc86724cc436039185ba7207b5ea4592b31c62c9a08e21f61b85695fba2c085d92339ecb12e14aebab1fbfb1327f48fd86a8ecde7bbda6cf245503d19b34e2fe0cd25a505dbda7f82f474af25a4903e1c211fbf98395b4f91e979c21cc3420cb0ed7d2b82eebcc98aedf4fa8e279f8b88fea845936ce0868cdd84cb8ae4d6da24b33b16bfb530dc92e03e27c5e48623d538ce3e24ce6980ac5de99799be294e94da64099c0d90cd146920d38d41aee4796857b313426d659f3e3719387a98cf021146de67ae22cc31b219ae6e3f1c273c9cfedfb388008e139ef5a376c48cfb83222635c7121ac2aa53112849b899529998735a3ff23bdc70e4542761281c4395a9db09c01370059485e109087d66b38f22154e2847fe52345f25d6f1beda91fd5091d1a6bac54b68576843a47acb5430aacc2992c91e24fb1527e4d8e92a9bba1b65571d7f09461019a42fc818e950d82e0856c5b6bf14f5cbd2046d28b6b91bea6a64f300bcef9847fa412fb217d913f08a5204730a245e4c5549dd0bb5dcda4442e8cd18af63c059f4280feccefc9898eff6d341142c97f2931d1f5c5c790f546eec8f4b615a0a3c702327caee7383b0e74d0c2d228f2f530401db763b9457105673ee1233b19a0d708841efed78b71ee20f2f6c2f3ea6edbe53501e250ce62516ac1eec1cf162bafd099e78a014377c34f7dfa77ad836734cb3f3d4c3effcd12e5483d058729555ca44878ead2c75128c1e51284d3ea6b5622ca9d5d4964749c3fe29c9010061334980f3f85ade0796951e85c913ff12153879b1017b717b927028465da8f22efe207b63323d01cc61bfb00c48492457f13b11337a9e074ac0e920152356dec9ab3342f7b06b8f514dbbf25166e848bb5defe0014356116edc0bdbffcbb725756eb27ead2218242bc3200f92342ff47239325dab9bdf9fbde5b8ceb0237a3d9644bdf3f7bd57db922b7c66ba1e03b545a2b0097b8b2bc51693e4b871ed2a4f92dff4a292f1b761d0fc81c9878be55483ac581a5e57dc6bbd280107cb5b4274ce40c0d251be439edfdaf97bcd9f522a452972380e888f480189f9dbba0933071fc11593a8357f81e41a14c0a0e684a69fa2790728b73fc55c595c1d56cb5899e5dc57107449846380ffc4dbe09c53259c22a5e1e02ba4e66cebc7c0e5d834efb59d7b954b8b3d10716b8aeb76f7c0e27a675ae17f01de1001e10767bb3edc8a766c6315496dffbe96508bb74a9f736909c94f4edd78186285866c1c533b6d5db4842c79399b1efe0a903149fe5c815c9097aec546793c3bb72f00d4381d190fb2bd88aab93ab5ecbd02fa91fa0cb4e30a09744ddf130562ea221cde207ecdc4a8a89fc638f40dcbc8b08220f301b857f81877a6f9a97d63daf29227f6d020e41d34b36b1b6e741fe87f6c677752dd86421a7d28ece7926b5a95d96e728da9c0035f32bbbfe59a8a73693b67887729fd768f61cb6d1a433dd0137a6d50e4008b0bd1ad0fa8b5eacef8f6def0658b3d044b52dd7df75d6c790291ddea9a987fe506a40392ae491bd4ef9c2784b6620330b465a42d2990deb3462b8a26be940da9bf160025180daa5296ffb60ee7c29b0e478a121b36d3bfdfad0a4f25a89556edd9e61234380b385f545a1fb6f397a10e9c3fb0a36840e5be5d161bfc851770278a41d58ba847f0a3a052bd0f30ae2f58e68d5b5566e86811eb82eb4f4570c6b17fa1c6e478a8ca8a28dbd8584b7a00ace515d9ec6885cdbfc01fcfd81525f75ff58fd2615e3dabede37fcac9d77b3672daea5327920e7d4006ada4d0bfc688c61cdc6e911fda8045549e4f54e00c5fdc8fd3540b4b71faffd0f46e7c047192654ff21e64081569c898ea2fec1c78359011083b570ef8d92b1c8cbafb95fde9011a9a8d59fe118bb5140eac74503a9b6b63011d09c7fecf877584e41090ae909f5d495b18c7bf769e063e9a0cae19f1997a9db78f0c8d55255c9c8b41c3ef2c4a9f54046f4765126af5be218acfdf7a68cd40f2d88441a66199d3c508c2a803cdc00487f0866f2c72e8dc220d53d6a81724ada8525b9a1fad1629c185532831156adbe0e5435035e7714adac188a4c27dc6366aae88a239f24d2129043a6ade03ca0b1edf35d12a4e733a498742b552cd25591f7ecbf5bd6d5550cf9f30759a849aadeafdb6a3ccd305c6d4d81491e49ebf125918a285f0b50c9c8b1822017d7015d6b03ef2ca9228151e9669826d806b891bde9ffbfb971aea721a1e2e5841c08ce47bdb05c818e8d9bf5fc0a8d7a1c0a294e5c8599a1d8ff1620b3ea3578001329303f4c4f6f7d94abe10b1431698199c7d7d812436990a4a9bccedee01129ccfc263d626ab00000000000000000000000000000000000000000090d0f1b242e3237","attestation_type":"pqc_registry","signed_at":"2026-03-26 16:38:49"}],"hndl":{"id":52,"model_id":52,"risk_level":"MEDIUM","risk_score":45,"shelf_life_years":5,"sensitivity":"internal","recommendation":"Monitor quantum developments. Tool has moderate HNDL exposure.","assessed_at":"2026-03-26 03:20:50"}}