kolm  /  registry  /  submit noindex

Submit a .kolm to the registry.

Compiled a .kolm worth publishing? Send it in. We verify the CID + the signature + replay the K-score on our hardware, then list it. Most submissions go live within 2 business days.

Submission form

Plaintext mailto submission - same pattern as /baa. Your mail client opens with a pre-filled body; you review it before sending. We never see anything until you hit Send.

lowercase, dashes, ideally task-base-size shape

must be >= 0.85 - see pre-flight checklist below

a signed URL is fine. A gist with the .kolm attached works. The file is fetched once during review then dropped.

or just email registry@kolm.ai

Pre-flight checklist

Run these six checks before you submit. The faster they all pass, the faster the listing goes live.

01

kolm verify passes locally

Run kolm verify path/to/artifact.kolm and confirm it prints OK on all six steps (manifest, CID, HMAC chain, K-score, provenance, signature). If verify fails on your side, it fails on ours.

kolm verify build/phi-redactor.kolm
[1/6] OK manifest parsed (RS-1 v0.2)
[2/6] OK CID recomputed: cidv1:sha256:7a2c1f8b..
[3/6] OK HMAC chain intact (4 receipts)
[4/6] OK K-score 0.94 passes gate (>= 0.85)
[5/6] OK provenance present (base, builder, ts)
[6/6] OK signature valid (kolm issuer key)
02

K-score >= 0.85 on your eval set

Public registry minimum is 0.85. Below that we still accept it but list it under "Experimental." See K-score methodology for what each weight means and why this threshold matters.

03

eval set frozen + checksum'd

The manifest must point to a frozen eval set with a sha256. We re-run your eval on listing. If the checksum drifts between submission and listing, the score is rejected.

04

compliance pack present if regulated

If the task touches PHI / PII / financial / legal / regulated decisions, attach the appropriate compliance pack (HIPAA, SR 11-7, NIST AI RMF, EU AI Act). See /compliance-packs for templates. Without a pack we list it as general-purpose only.

05

refusal path declared in manifest

Every artifact must declare what it refuses to do and why. manifest.refusal.when + manifest.refusal.reason. If your artifact has no refusal path, list it - empty arrays accepted, but they signal "this model will try to answer anything."

06

issuer key matches your org

The signature on the manifest must trace to a kolm-issued key under your org. If you signed with a personal key, register it first: kolm key register --org <your-org>. Anonymous submissions are accepted but listed as "unverified author."

What happens next

1. We confirm the email arrived. 2. We pull the artifact from your URL and re-run kolm verify on our build hardware. 3. We replay the eval set against the artifact. 4. If both pass, the listing goes live with your org name + your K-score. 5. If review reveals a problem, we email you - we never publish without your confirmation.

Questions? Email registry@kolm.ai directly.