kolm
Sign in Get kolm
FAQ · plain answers

The questions we get asked.

No marketing. Direct answers to the questions developers, security teams, and procurement ask before they sign. If you have a question that isn't here, mail dev@kolm.ai.

Product

What is kolm, in one sentence?

kolm is the build system for private AI. kolm compile takes a task description, your data, and a frontier model API key, and produces a single signed .kolm file that runs on-device or behind your VPC with no runtime egress.

How is this different from MLC.ai, ExecuTorch, llama.cpp, or CoreML?

Those are runtimes. kolm is the compile step above the runtime. The artifact kolm produces runs on top of any of them. Runtimes give you a way to execute open-weight models locally; kolm gives you the way to teach a small model your task, ground it in your data, gate it on a quality score, and seal it as one portable file. Comparison table.

What's a Specialist?

A Specialist is the artifact that comes out of kolm compile. It's a single signed zip with the base model, a personal LoRA, a recipe pack, a recall index, the verifier, the manifest, and the signature chain. /anatomy shows the structure.

What's the K-score?

The harmonic mean of size, accuracy, latency, cost, and coverage, normalized against the frontier baseline measured at compile time. One number on the cover. Five you can defend. Default ship gate is 0.70. /k-score.

Compile

What models does the compile use?

You bring the frontier teacher (Anthropic, OpenAI, Google, your own). kolm runs k-sample inference, deterministically verifies, and uses the winning labels to distill. The student base is open-weight: Qwen 2.5, Llama 3.1, Phi-3, Hermes-3, Mistral. You pick. The artifact ships with the student baked in.

What happens if the K-score is below the gate?

The artifact does not ship. The compile log tells you which sub-score failed (size, accuracy, latency, cost, or coverage), the failing eval cases, and the suggested remediation: more examples, a smaller base model for size pressure, more recipe coverage, or a tighter task scope. You re-run kolm compile and try again.

How long does a compile take?

Recipe-only artifacts (no LoRA, no recall): under 60 seconds. Full LoRA distill on a 100-example seed set with a 7B base: 8-25 minutes. Multi-million-token corpus with full multimodal recall: 30-90 minutes. The CLI streams progress.

How do I debug a failed compile?

kolm compile --explain prints the full eval trace, the failing examples with the model's outputs, and the verifier's reasoning. If a specific eval fails repeatedly, that's usually a task-spec ambiguity or a contradiction between examples. kolm compile --dry-run runs the verifier synthesis without spending teacher tokens.

Can I use my own base model?

On Pro and Enterprise, yes. --base ./my-model.gguf or --base hf://org/repo. The artifact will record the base hash in the manifest and sign it like any other component.

What if my frontier teacher deprecates?

The artifact is already compiled and signed. It runs unchanged for the life of the deployment. If you re-compile, you can pin a version of the teacher (--teacher-version) or switch teachers entirely; the new artifact will record the new lineage in the manifest.

Runtime

Where does a .kolm artifact run?

iOS, Android, macOS, Linux, Windows, Web (WASM), edge (Jetson, NUC, ruggedized boxes), or behind a VPC. The runtime is whatever you have: llama.cpp, MLC.ai, ExecuTorch, the kolm WASM runtime in browsers. The artifact is portable across all of them.

Does it actually run offline?

Yes. Once the artifact is on the device, no network calls are required. kolm run artifact.kolm "prompt" works on a plane, in a Faraday cage, or on a tactical edge box with no link.

How do I update an artifact?

Re-run kolm compile with new examples or a new corpus, push the new artifact to your distribution channel (MDM, App Store, internal mirror, signed sneakernet). The manifest carries a version field; clients can pin or auto-upgrade.

What's "kolm serve --mcp"?

The artifact joins the local MCP bus and is discoverable by Claude, Codex, Cursor, and Zed by name. Matching agent calls hit the cache instead of the frontier. Latency drops from cloud round-trip to local. /serve.

What if my user's device is too old?

The compile step targets a hardware tier (--target ios-2021, --target android-mid, --target server-cpu). Older targets pick smaller bases. The K-score reflects the target, so a passing artifact is shippable on the target it was compiled for. For very old devices, the runtime falls back to your remote cache via kolm serve on a server you control.

Privacy & data

Does the data I compile against ever leave my environment?

The compile pipeline runs in your tenant. The frontier teacher you bring is reachable through your egress proxy. kolm cloud does not persist your training data after the compile completes; logs default to redacted summaries. On Enterprise, the compile bridge runs inside your VPC and nothing leaves at all.

Do you train on my data?

No. Your compile inputs are not used to train any model we ship, and they are not used to improve the compiler. The compiler improves on the schema of which task descriptions yield high K-scores against which bases, which is metadata, not your content.

What does the cloud see during a compile?

Task description, examples, evals, base-model selection, target hardware, frontier-teacher API endpoint. During compile, the cloud sends prompts to your frontier teacher on your behalf. Outputs are verified locally to the compile pipeline and used to distill the LoRA. After compile, the inputs are purged on a default 24-hour window; on Enterprise, a 0-retention mode is available.

What does the device see at runtime?

Whatever the user gives the app, plus whatever the app reads from the local OS sandbox. The artifact reads its own bundled recall index plus any local data you grant it. No network calls are issued by the runtime. Security page has the full data-flow diagram.

Compliance

HIPAA Business Associate Agreement?

Available on Enterprise. The compile bridge runs inside your VPC, the frontier teacher routes through your egress proxy, and the artifact ships with HIPAA-aware redaction defaults. Healthcare overview.

SOC 2?

Type I evidence available now. Type II in flight, target Q4 2026. Quarterly evidence packets to Pro and Enterprise tenants.

EU AI Act?

Designed against the high-risk Annex III obligations from day one. Per-artifact technical documentation by construction (the manifest is the dossier). Conformity assessment in flight, target Q2 2027.

FedRAMP, CMMC, ITAR?

FedRAMP Moderate roadmap 2027. CMMC 2.0 Level 2 evidence on Enterprise. ITAR-aware: open-weight bases only on Enterprise so no proprietary frontier weights cross the diode. Defense & intel overview.

Is the privacy claim audited by anyone other than you?

A third-party security review is in flight; the report will be published on /security when complete. The receipt chain is independently verifiable today: the manifest, the layer hashes, and the signature chain are all reproducible offline. Your auditor can verify cryptographically that the artifact does what the manifest says without trusting us.

Where's your security contact / vulnerability disclosure?

dev@kolm.ai · PGP fingerprint and disclosure policy on /security. We commit to triage within 48 hours.

Commercial

Who pays the frontier model bill?

You do. kolm doesn't resell tokens. You bring your own API key (Anthropic, OpenAI, Google, your own). The compile pipeline runs against it. The artifact you walk away with is yours; the frontier bill amortizes to zero after compile.

Free tier limits?

Developer tier ($0): 3 compiles per month, recipe-only artifacts (no LoRA), 4B-class open bases. Enough to prove the architecture for your use case end-to-end. /pricing.

What does "Enterprise: custom" actually cost?

Enterprise starts at $36,000/year for an annual contract with BAA, on-prem compile bridge, dedicated support, and a quarterly compliance evidence packet. Volume discounts at 100+ artifacts/month. Mail dev@kolm.ai for a quote.

Annual billing?

Yes, ~17% off (two months free) on Pro. Toggle on /pricing.

What happens when I exhaust my compile quota?

Existing artifacts keep running. The next compile blocks with a clear upgrade path. No surprise overages: we don't auto-charge past your tier.

Refunds?

30-day no-questions refund on the first month of any paid tier. After that, prorated refund on cancellation.

Open source

What's open?

The artifact format spec (RS-1, MIT). The runtime SDK (MIT). The receipt chain spec (RS-1-receipts, MIT). The public registry. The verifier protocol.

What's closed?

The compiler itself. That's the proprietary surface, because the compile flywheel (which task descriptions yield high K-scores against which bases) is the moat.

Can I host my own registry?

Yes. kolm publish --registry https://registry.example.com. The signature chain still anchors to whatever public registry the artifact references; for fully air-gapped, anchor to your own root.

Where's the GitHub?

github.com/sneaky-hippo/kolmogorov-stack · the runtime SDK and the spec live there. Sample apps coming this month.