kolm
dashboard account
Local · offline

Airgapped mode

Run kolm on a machine that has never seen the public internet. Compile against a local model cache, run recipes against local artifacts, verify receipts against a local secret. No phone-home, no telemetry, no exfil paths.

Read the docs On-prem deployments

What stays local

Zero outbound network required
01 · compile

Pre-staged base models in ~/.kolm/models. The compiler reads from disk and writes adapters/eval reports back to disk. No HF Hub, no S3.

02 · run

kolm run <artifact.kolm> executes recipes in a local sandbox. The artifact is a self-contained zip with manifest, recipes, receipt chain.

03 · verify

kolm inspect <artifact> --receipts walks the HMAC chain against your local RECIPE_RECEIPT_SECRET. No registry lookup.

04 · store

Concepts, versions, audit log, RAG indices land in data/*.json or an optional local SQLite. Nothing reaches kolm.ai.

Enable airgapped mode

CLI · writes ~/.kolm/airgap.env
Flip the kill-switch:
kolm airgap enable
Inspect what is set:
kolm airgap status
Confirm the environment refuses outbound:
kolm airgap verify
Switch back to networked mode:
kolm airgap disable

kolm airgap enable writes ~/.kolm/airgap.env with the four offline switches below. Source that file from your shell rc, your systemd unit, or your container entrypoint to pin a process tree to local-only mode.

Environment switches

Set by enable · read by every kolm process
KOLM_AIRGAP=1
Master switch. The CLI refuses to hit kolm.ai for publish, leaderboard, registry, or telemetry when set. The compiler skips opportunistic remote checks.
TRANSFORMERS_OFFLINE=1
HuggingFace transformers will not call out to download missing weights. Any model not pre-cached fails loudly instead of silently fetching.
HF_DATASETS_OFFLINE=1
Datasets library will not contact the Hub. Eval sets must be present on disk.
HF_HUB_OFFLINE=1
huggingface_hub blocks every network operation. Combined with the two above, the HF stack runs read-only from local cache.

Offline receipt verification

Holder of the secret can audit · no network needed

Every .kolm ships with a receipt chain: HMAC-SHA256 over (prev_hash, recipe_id, action, timestamp, payload digest). Anyone holding the issuing secret can replay the chain on a disconnected machine.

Set the shared secret:
export RECIPE_RECEIPT_SECRET="<your tenant secret>"
Walk the chain on the artifact:
kolm inspect support-bot.kolm --receipts
Expected output (chain ok):
receipts: 6 / 6 verified
chain head: 9c4f...e0a1
last action: score
status: ok

The receipt secret is held by the tenant that compiled the artifact. Anyone you share the secret with can verify; without it the chain prints as opaque hashes. Treat the secret as you would a signing key.

Pre-stage everything

One-time bootstrap on a networked machine
  1. On a networked workstation, install kolm and run kolm pull <model> for every base model you intend to compile against. Weights land under ~/.kolm/models.
  2. Run a trial compile end-to-end so the recipe runner caches its sandbox dependencies. The node_modules tree stays inside the install directory.
  3. Tar the install dir + ~/.kolm and move the tarball to the offline machine via your sneakernet of choice.
  4. On the offline machine, untar, then run kolm airgap enable followed by kolm airgap verify.
  5. Compile and run as normal. Every operation reads/writes the local filesystem.

What is intentionally not possible

  • Publish to the public registry. The publish verb hard-fails when KOLM_AIRGAP=1 is set. Use kolm export to produce a portable artifact and move it manually.
  • Pull a model on demand. Missing weights produce a clear "not in local cache" error. Restage from your networked bootstrap host.
  • Telemetry. No anonymous metrics, no error reporting, no leaderboard heartbeats. The CLI runs silent.
  • Cross-tenant receipt verification. You can only verify chains for which you hold the secret. This is by design.

Pair with TEE for remote-but-local

If the model must live in the cloud yet remain payload-blind to the cloud provider, use BYOC to deploy inside a Trusted Execution Environment (AWS Nitro, GCP Confidential VM, Azure Confidential VM). Airgap mode covers the on-prem half; TEE covers the cloud half. Same artifact, same receipt chain.