Capabilities
Ten audit surfaces. One signed engine.
Every surface below runs on the same deterministic spine that turns your logs into one Ed25519-signed report your buyer verifies offline. Each one wires to a tier already in the catalog, and each claims only what the code runs: a control the logs never exercised is marked untested, never a silent pass.
Start where it costs nothing.
The scan is the funnel. Point it at the logs you already have, or lift those logs to a higher evidence grade first with the drop-in shim. Findings land in the Signed Readiness Report when a buyer asks.
01 · MCP Server Audit
Audit the tool surface itself
Point kolm at your MCP server logs and get the same signed posture for the tool surface: undeclared servers, discovery probes and unpinned versions, read from JSON-RPC tools/call and tools/list rows.
Free scan funnel · findings in the $750 report · connect MCP logs
05 · Evidence-Grade Logging Shim
Lift tier C to tier B in an afternoon
A zero-dependency logger for Node and Python that emits the canonical event shape with per-agent keys, declared grants and a SHA-256 hash chain. No network call leaves your runtime; tier B is earned, not asserted.
Free download · Node · Python · quickstart
04 · Coverage Declaration
Sign what the export covers
The vendor signs the window and systems an export covers; the statement binds into the envelope next to the evidence tier. A curated slice becomes a detectable misrepresentation, not a silent gap, and a window mismatch shows up in the signed caveats.
In the $750 report and above · the envelope
Scope is contractual. Permission posture, redaction and audit-trail integrity are assessed. Injection is tested and reported, not warranted.
What ships inside the $750 report.
The Signed Readiness Report is $750 one-time. These surfaces are sections of that one signed object, each derived from the same audit run, never re-asserted.
08 · Sub-Processor Inventory Report
Every model, provider, gateway and host your agents touched
A signed enumeration of every model, provider, gateway, host and MCP server the run observed, built into the envelope and signature-covered, rendered as a "Sub-processors observed" section. It is the artifact vendor-risk teams currently rebuild by hand from questionnaires.
Section of the $750 report · signature-covered
02 · Egress Allowlist Attestation
Declare your destinations once, verify them every run
Declare your approved sub-processor destinations; every re-attestation confirms observed egress stayed inside the declared set and flags any new host the day it appears. A window with no observed egress marks the control untested, never a silent pass.
Declaration ships in the $750 report · drift watched on Continuous ($299 / $999 per month) · ASR-3
Keep it current, and watch it from the other side.
Continuous is $299 / $999 per month. It keeps the evidence fresh on every deploy, gives the re-test its on-demand tick, and opens a buyer-side seat for the security team tracking your readiness.
09 · Fix Verification Re-Test
Sign the resolution, link both reports
After a blocking finding, a focused re-run over a fresh window returns resolved, still-open and regressed findings with the full delta linking both report ids. kolm ranks an untested control worse than a pass, so a fix that genuinely closed is shown closing.
On Continuous ($299 / $999 per month), or a follow-on $750 report with the delta
07 · Buyer Portfolio Dashboard
One pane for every AI vendor you review
The other side of the trust link: a security team tracks every vendor's readiness, evidence grade, freshness and delta in one pane, with the lapsed and stale banners the trust link already carries. Pure read surface, no new engine work.
Buyer-side seat under Continuous ($999 / mo shape) · open the portfolio
Continuous keeps it fresh
A report is a photograph; your app is a film
Re-attestation runs weekly or on every release and updates one live Trust link in place. The signature, scope and freshness date are part of the signed object, so a buyer who re-opens the link sees current evidence.
The most thorough deliverables.
Full Readiness is $15,000 and Continuous-Plus is $3,500 per month. The Deep Red-Team add-on is +$10,000 and finally gives the most expensive line item a live code path. Each one is grounded in the same signed envelope.
03 · Active Injection Battery
The probes, exercised for real
The same probe corpus, sent for real against a staging endpoint you name in a written consent record, through the kolm gateway, and merged into the signed red-team block as grade-A evidence. Worst outcome wins on merge: an exposed result is never erased.
This is the Deep Red-Team add-on (+$10,000) · ASR-4
06 · GRC and OSCAL Evidence Pack
One export the GRC team files without rework
OSCAL assessment-results JSON over the signed report, plus a POA&M remediation table with severities and re-test status, derived from the signed envelope. kolm cross-references control frameworks; it does not certify against them.
Full Readiness ($15,000) and Continuous-Plus ($3,500 / mo) · export formats
10 · Memory Integrity Ledger
Prove no stored memory was altered
A SHA-256 hash chain over every memory write the agent makes. A tampered chain raises a high-severity memory-integrity-broken finding mapped to ASR-7, and the signed result carries the ledger and the chain-intact verdict. It is the poisoning evidence ASR-7 otherwise has to mark untested.
Full Readiness ($15,000) add-on · Continuous keeps it fresh · ASR-7
Ten surfaces · one engine · every one wires to a tier already in the catalog and claims only what the run exercised. A control the logs never touched is reported untested, never counted clean.
Pick the surface your buyer asked for.
Start with the free scan, then turn on the surface the review in front of you needs. One signed object, one verification anyone can run.
Caveats: Scope is contractual. Permission posture, redaction and audit-trail integrity are assessed. Injection is tested and reported, not warranted.