Privilege preserved · chain of custody · offline

Legal reference architecture.

For law firms, in-house counsel, and legal-tech vendors. Privileged documents never touch a third-party model. The compile bridge and the runtime both live inside the firm. Every output produces a signed receipt admissible as a chain-of-custody record.

01Trust boundary

+========================================================================+ | FIRM ENVIRONMENT (matter rooms · DMS · firm-managed KMS) | | | | +-----------------+ +----------------------+ +-------------+ | | | DMS / matter | ---> | kolm compile bridge | ---> | .kolm | | | | (iManage, NetD) | | (LoRA + verifiers) | | artifact | | | +-----------------+ +----------------------+ +-------------+ | | ^ | | | | | | privilege guard | | | | v v | | +-----------------+ +----------------------+ +-------------+ | | | Ethical wall | <--- | Conflict + matter | | Run on | | | | enforcement | | scope checker | | partner | | | +-----------------+ +----------------------+ +-------------+ | | ^ | | +==========|===================================================|===========+ | receipt + chain-of-custody (no document bytes) | v v +========================================================================+ | KOLM.AI · receipts + compliance pkg + format spec only | +========================================================================+ Legend: ---> data flow <--- audit echo ==== trust boundary

Crosses the boundary

Receipt + chain-of-custody.

Artifact SHA, K-score, run timestamps, matter scope tag. No document bytes, no client text, no metadata that identifies a matter.

Stays inside

Every privileged byte.

DMS → bridge → artifact → on-prem runtime. The firm's IT controls the keys; we never see the work product.

Ethical wall

Matter scope on every run.

The artifact carries its matter scope tag. Run-time guard refuses outputs that would cross a wall the firm maintains.

02What this protects

Concern	How kolm addresses it
Attorney-client privilege	Privileged bytes never leave the firm's environment. Receipts are payload-free; subpoena-ing kolm.ai gets you hashes, not content.
Work-product doctrine	Mental impressions encoded in the model live in the artifact, which lives in the firm. Distribution is the firm's choice.
Conflict checks	Artifact carries matter scope. Cross-matter runs flagged; the firm's existing conflict system stays authoritative.
Outside-counsel guidelines	Client OCGs that ban third-party AI on their files are satisfied by definition; the third party (us) never receives bytes.
Chain of custody (e-discovery)	Receipt chain proves which model produced which output when, and that the model was the named artifact at the named K-score.
State-bar AI disclosure rules	Lawyer can recite: which artifact, what K-score, what verifiers, on what device, signed by which key. All on the receipt.

03Day-zero deploy at a firm

Risk committee approval (paper trail only)Hand the committee: /security, this page, /spec/kolm-format-v1, /subprocessors. No vendor call required.
Bridge on a firm-managed VMSingle Docker compose file. Runs inside the firm's network. Bridge cannot reach the public internet except for receipt heartbeats (HTTPS, payload-free).
DMS connectorRead-only OAuth into iManage / NetDocs / SharePoint. Seeds are matter-scoped from the start.
First task: clause extractor (60 min)50 anonymised NDAs from the closed matter store → clause-extractor.kolm at K≥0.95. Recipe in /cookbook.
Ethical wall testRun the artifact against a different matter scope. Verifier refuses, receipt records the refusal, the firm's wall is preserved by the model, not by a checklist.

04What a litigator can say in a deposition

"The output was produced by artifact kolm/clause-extractor@sha256:a91d4f0c at K-score 0.95 in matter scope MATTER-1428, signed by the firm's KMS key kms://arn:..., on 2026-05-12T14:02:11Z. Run record kolm.ai/r/a91d4f0c can be re-verified by opposing counsel offline."

Compare to a hosted-model output: "We sent the brief to OpenAI. They tell us they don't retain. Trust us." The chain-of-custody comparison is most of the sale.