kolm compiles your task into a single signed offline artifact: model, adapter, recipes, recall index, evals, manifest, signature. Crosses the diode on a flash drive. Runs unchanged on a tactical edge box, an analyst workstation, or behind an enclave boundary. kolm serve --mcp exposes it to the agents your operators already use. The frontier teacher you bring stays on the unclassified side. The artifact lives where the data lives.
ITAR. CUI. CMMC. Export-controlled model weights. Cross-domain transfer. Tactical edge with no link. The constraints are not a future risk, they are the operating environment. Frontier APIs do not get you past the diode.
permitted from classified networks. kolm artifacts cross via signed sneakernet, verified on arrival.
guaranteed at the forward node. kolm runs offline, latency under 80 ms, no cloud dependency.
requires attestation. HMAC-chained manifest covers base model hash, adapter delta, recipe pack, recall index, evals.
The compile bridge runs on your unclassified network. The frontier teacher answers from there. The training corpus on the high side never leaves. The transfer artifact is a single signed file, content-addressed, verifiable end-to-end.
Llama, Qwen, Gemma, Phi, Mistral. No proprietary frontier weights cross the diode. The frontier model is the teacher, not the artifact.
Artifact is one file. Manifest hash, base model hash, adapter hash, recipe hash, recall hash, eval hash, all signed in chain. Tamper anywhere, the chain breaks.
Single binary, no service to monitor, no ports to open. Runs on a Jetson, an Intel NUC, or a ruggedized laptop. Detached operation by default.
A 2.1 GB artifact, base model plus 84 MB adapter, on a workstation inside an enclave. Indexes the analyst's own document set locally, drafts in the institution's voice, defers anything the verifier rejects. No external link, no cloud, no telemetry.
Compile happens on the low side from an unclassified gold set. The artifact is signed, K-scored, written to media, walked across the diode, verified, deployed. The signature chain on the high side proves nothing was modified in transit.
Scrubbed example pairs and held-out evals on the low side. Frontier teacher reachable through your egress proxy.
Verifier from examples, k-sample teacher, LoRA distill on open-weight base, recipe extract, recall index, sign.
Artifact written to write-once media. Hash chain printed for cross-domain ATO. Verified on arrival, signature matches, deploy.
Workstation runs offline. Receipts log to local audit. Evidence packets exportable on demand for inspection.
Honest table. Same one we publish on /security for everyone else.
Designed against NIST SP 800-171. Evidence packet shipped on Enterprise.
Compile pipeline runs in a partition on AWS GovCloud or Azure Government. Per-tenant isolation enforced.
No proprietary frontier weights ship in the artifact. Open-weight base path keeps export classification clear.
Every layer content-addressed. Manifest hash chain printed for cross-domain ATO. Tamper detection by construction.
Mail us with a one-line description of the task and the deployment environment. We'll come back with a 30-minute call, a reference artifact, and a path to a signed pilot.