Skip to content
kolm.ai
Book a demoStart free

01 / Start here

Hand your reviewer a report they can check themselves.

These docs cover the three things you do with kolm: get your agent’s activity in, hand your buyer a signed report, and let them verify it offline against your key, with no account and no kolm server in the trust path. Read in order, or jump to the part your review is stuck on.

Open the verifierAnatomy of a report
Verified offline, no accountOne canonicalization, everywhereApache-2.0 verifier

Step 01

Onramp your agent

Import the logs you already produce, or run a sidecar proxy for a live capture. No rewrite.

Go to onramp

Step 02

Verify the report

Your buyer checks the Ed25519 signature offline in the browser, the CLI, or a library.

Go to verify

Step 03

Read the schema

See the exact bytes a signature commits to, so any edit is self-evident.

Go to the schema

02 / Onramp

Get your agent’s activity in.

Two onramps, one outcome. Import the logs you already have, or run a sidecar proxy for a live capture. Either way there is no change to the agent, and you upload redacted logs: the scope is what you send, and the report states it.

Import logs

LiteLLM · Helicone · Portkey

Bring the observability exports you already produce. kolm normalizes tool calls, scopes, and traffic. No code change, and it is the fastest path to a first read.

fastest path to a first read

Sidecar proxy

MCP or proxy capture

Route the agent through a sidecar for a live, append-only capture of exactly what it does, with tamper-evident hashing. Use it when you want the record built as the agent runs.

live, append-only capture

Once the activity is in, the audit and signing run as compute. See how it works for the full lifecycle.

03 / Verify a report

Your buyer verifies it offline.

The same Ed25519 check runs three ways, with the identical canonicalization. No account, no upload, no kolm server in the trust path. The report carries the public key it was signed with, so the check needs nothing from us.

Browser

Nothing to install

Open the verifier and drop the report. The Ed25519 check runs in the page with WebCrypto, in front of the reviewer.

Open the verifier

CLI

In your pipeline

Verify in CI or a terminal with one command. It exits non-zero on a bad signature, so a forged or edited report gates the build.

apache-2.0

Library

In your app

Import the verifier and check reports inside your own tooling. It is the same function the browser widget calls.

node 20+ · WebCrypto

Verify in a few lines.

The verifier returns a structured result (it never throws) and tells you exactly which checks passed. Pass the issuer’s key to also assert the report came from the key you expected: a rogue key clears the signature check but fails the issuer check.

verifyReceipt(report, { pinnedPublicKeyPem }) returns { ok, reason?, key_fingerprint, checks[] }

import  { verifyReceipt } from '/kolm-verify.js'
 
const  report = await fetch(url).then(r => r.json())
const  res = await verifyReceipt(report, { pinnedPublicKeyPem })
 
if  (res.ok) signature valid, key matches
else  res.reason why it failed
Open the verifierDownload the sample

04 / The report schema

What the signature covers.

A report is one canonical object. These rules define the exact bytes the signature commits to, so two semantically equal reports are byte-equal and any edit is self-evident. The browser, the CLI, and the library all apply them the same way.

RuleDefinition
Field orderA fixed, documented order of the signed fields, not source order, not alphabetical-by-accident.
Present-onlyAbsent fields are omitted, not nulled. The byte string contains exactly the fields that exist.
No whitespaceCompact JSON (no spaces, no newlines) so two semantically equal reports are byte-equal.
Self-exclusionThe signature field is excluded from the bytes it signs.
AlgorithmEd25519 (RFC 8037) over the canonical bytes, with SHA-256 content hashes.
Key fingerprintSHA-256 of the SPKI DER public key, truncated to 128 bits. Documented, deterministic, pinnable.
schemakolm-audit-report-1
report_idasrr_sample
subjectwhat was assessed scoped
readiness_pctassessed controls only
findingscount by severity
public_keyed25519 · embedded PEM
key_fingerprint410302c93becdcc3...
signatureed25519:0XCoqRkb... covers the canonical bytes

One object, every fact in mono.

Top-level fields name what was assessed, the findings, and the signing key, all in a single canonical artifact. The cryptographic values (the key fingerprint, the signature) are facts, so they are set in mono. Field-by-field, the page at Anatomy of a report walks the whole schema.

Anatomy of a reportSee a sample report

Scope is contractual. Permission posture, redaction and audit-trail integrity are assessed. Injection is tested and reported, not warranted.

Verify the sample, then bring your own.

Open the verifier on a signed sample, then onramp your agent and hand your buyer a report they can check in their own browser.

Open the verifierAnatomy of a report