CVD ledger — consume + publish
Schema 108 (2026-05-25) ships two halves of the same coin: we consume Anthropic’s public CVD ledger to give operators early-warning on packages with sealed vulnerabilities, and we let software-vendor tenants publish their own ledger in the same format — useful evidence for CRA Annex I §11-12.
Pad A — Consume Anthropic’s ledger (early warning)
Anthropic’s coordinated-vulnerability-disclosure program publishes SHA-3-512 hash commitments of sealed reports before the disclosure window closes. The actual vulnerability details only become public later, but the project name + bug class + commitment hash are visible from day one. monsys consumes that feed daily and matches it against your inventory.
| Component | What |
|---|---|
CVDLedgerWorker | Polls red.anthropic.com/2026/cvd/ledger/payload.json every 24 h |
cvd_ledger_entries | Local cache of every ledger entry seen |
cvd_predisclosure_findings | Per-(tenant, agent, entry) match against inventory_packages + inventory_dependencies |
/recommendations category cvd.predisclosure | Surfaces matched findings — severity = medium for pre-disclosure, high once disclosed, info once fixed |
Privacy: the worker does a one-shot GET; no per-tenant query string, no agent metadata leaves the hub. Anthropic learns nothing about your inventory.
Operator playbook for a CVD pre-disclosure hit:
- Note the project name + bug class.
- Pin your current working version of that package (e.g.
npm pin,pip-compile --upgrade-package,apt-mark hold). - Subscribe to the project’s upstream release feed.
- Plan a patch window around the
disclosure_eta. When details land, you can move within hours, not days. - Acknowledge the finding once you’ve taken protective action.
Pad B — Publish your own tenant ledger
If your tenant is a software vendor subject to CRA Annex I §11-12 (“the manufacturer shall handle vulnerabilities effectively”), you can publish a ledger of your own discovered vulnerabilities in the same pattern Anthropic uses:
- Commit phase (
POST /api/v1/vuln-ledger):- Body:
{ project, bug_class, payload, disclose_at } - We compute SHA-512 of the canonical-serialised payload, encrypt
it with
CLOUD_ENCRYPTION_KEY, store both, and anchor the hash in our existing transparency log (mig 092) so it’s part of the monotonic hash-chain.
- Body:
- Public view (
GET /v/{public_slug}/ledger): no auth, no tenant_id leak. Pre-disclosure entries show only project + bug class + hash + committed_at. Afterdisclose_atand once youPATCHstatus todisclosed/fixed, the public_summary + advisory_id + fix_commit_url become visible. - Tamper-evidence: each
transparency_entry_idreferences the public hash-chain. An auditor can verify “your commitment was in the chain at position N before time T”.
Endpoints:
| Method | Path | Auth | What |
|---|---|---|---|
| GET | /api/v1/vuln-ledger | cookie | Operator-side list (all states) |
| POST | /api/v1/vuln-ledger | cookie | Commit a sealed entry |
| PATCH | /api/v1/vuln-ledger/:id | cookie | Update status / public summary / advisory_id / fix_commit_url |
| GET | /v/:slug/ledger | none | Public ledger view (rate-limited 60/min) |
Tenant slug: auto-seeded to lower(first 12 chars of tenant_id)
on mig 108 apply. Override via UI later.
Compliance: new control CRA-AnnexI-11-vuln-handling
auto-evaluated by counting tenant_vuln_ledger entries committed in
the last 90 days.
Why two halves of one coin
The pattern is the same in both directions:
Discovery → Cryptographic commitment NOW ↓ Sealed details ↓ Disclosure window ↓ Public revealWhen Anthropic discovers, you consume. When your tenant discovers, you publish in the same format. The transparency-log anchor makes both halves verifiable by any third party with a script.
What this does NOT replace
- Public CVE assignment: you still file a CVE with MITRE / the package’s CNA. We don’t issue CVE IDs.
- Coordinated disclosure with the maintainer: human work, outside the platform.
- Pen-test or vuln discovery itself: we record vulns you find; finding them is your team’s job (or a research firm’s).
Verify your ledger from the command line
# Pull the public payloadcurl -s https://api.monsys.ai/v/<slug>/ledger | jq
# Cross-verify a hash against the transparency logcurl -s https://api.monsys.ai/api/v1/transparency/log/<entry_id> | jq
# Anthropic's source (for context)curl -s https://red.anthropic.com/2026/cvd/ledger/payload.json | jq