Languages
Python · Swift · Kotlin · TS
SDKs · native runtime, four platforms
One artifact. Four loaders. Same receipt.
A .kolm is a signed zip plus a tiny manifest. The SDKs do nothing magical: unpack, verify signature and CID, dispatch to the local runtime your platform already has. The contract is the artifact, not the wrapper.
Runtimes
GGUF · MLX · CoreML · ONNX · ExecuTorch
Verify
HMAC-SHA256 + CID round-trip
License
MIT, no telemetry
Embed it
Pick a language. Three lines.
Python ·
kolmpip install kolmPython
Backend autopick: GGUF (llama-cpp-python) → ONNX (onnxruntime) → remote (KOLM_RUNTIME_URL) → transformers + peft. Set verify="strict" to fail closed on signature mismatch.
from kolm import load
model = load("phi-redactor.kolm", verify="on")
out = model.predict("Patient John Doe, MRN 8847-21.")
print(out.text) # "Patient [NAME], MRN [MRN]."
print(out.receipt.cid) # cidv1:sha256:1bcf2323...
min py 3.10 · extras [gguf, onnx, transformers]
Swift ·
KolmSwiftPM depSwift
Backend pick by extension: CoreML (.mlpackage) → MLX (.mlx) → GGUF (.gguf). The signed zip unpacks once into Library/Caches/kolm/<cid>/ and reuses on subsequent loads.
import Kolm
let model = try await Kolm.load(named: "phi-redactor")
let out = try await model.predict("Patient John Doe...")
print(out.text)
min iOS 17 / macOS 14 · unzip ditto on macOS, ZIPFoundation on iOS
Kotlin ·
ai.kolm:kolmimplementation()Kotlin / Android
Bring your own runtime AAR (llama.cpp via jllama, ExecuTorch, or onnxruntime-android). The SDK prints crisp errors when the runtime is missing instead of failing silently at first inference.
import ai.kolm.Kolm
val model = Kolm.load(context, "phi-redactor.kolm")
val out = model.predict("Patient John Doe...")
Log.d("kolm", out.text)
min Android 8 (API 26) · verify javax.crypto.Mac HmacSHA256
React Native ·
react-native-kolmyarn add react-native-kolmReact Native
Thin TS wrapper around the Swift / Kotlin backends. HTTPS sources cache via react-native-fs under CachesDirectoryPath. One API surface, two native paths.
import Kolm from 'react-native-kolm';
await Kolm.setConfig({ verify: 'on' });
const model = await Kolm.load(require('./phi-redactor.kolm'));
const out = await model.predict('Patient John Doe...');
console.log(out.text);
min RN 0.74 · deps react-native-fs (optional for HTTPS sources)
What every SDK guarantees
The contract isn’t the wrapper, it’s the artifact.
load()
Verify before run
HMAC-SHA256 on the receipt body + CID round-trip on canonical hashes. verify="strict" raises on mismatch. "on" warns. "off" for trusted local artifacts.
predict()
Receipt per call
Every output carries CID + credential_id + input_hash + output_hash + runtime_version + issued_at. Forward the credential to downstream systems; they can verify provenance without our infrastructure.
dispose()
Bounded lifetime
Backends release memory on dispose. The cached unpack stays on disk for fast re-load; clear with Kolm.clearCache() when shipping a new artifact CID.
Backend matrix
Which runtime each platform reaches for, in order.
| SDK | First | Second | Third | Fallback |
|---|---|---|---|---|
| Python | GGUF (llama.cpp) | ONNX Runtime | remote (KOLM_RUNTIME_URL) | transformers + peft |
| Swift | CoreML (.mlpackage) | MLX | GGUF | error with required dep |
| Kotlin | llama.cpp (jllama) | ExecuTorch | ONNX Runtime Mobile | error with required AAR |
| React Native | Swift backend (iOS) | Kotlin backend (Android) | WASM (web fallback) | error with required peer dep |
The signed artifact is the API.
The SDKs are deliberately thin. Verify, dispatch, return a typed result. If we shipped a magical wrapper, the artifact would lose its meaning. The receipt would lose its meaning. So we ship the smallest possible loader and let the file do the talking.