Remote access
Tunnels
Give your self-hosted .kolm a public URL without opening a port. The model and data stay on your hardware; kolm.ai brokers requests over an authenticated stream the agent pulls from.
Mint a tunnel
7-day idle expiry · last-write-wins agent replacementStart the local agent
Run this on the machine that holds the .kolmYour tunnel:
Run the agent locally:
Then call your AI from anywhere:
Active tunnels
LoadingHow it works
01 · mint
You get a token and a public URL https://kolm.ai/r/<token>. Nothing serves yet.
02 · agent
kolm tunnel start opens an authenticated stream from your machine to the broker. Outbound only.
03 · serve
Requests arrive on the public URL, get queued for your agent, run against your local .kolm, and the response flows back.
04 · close
Close the tunnel here or stop the agent. Idle tunnels expire after 7 days.
Trust model: kolm.ai sees the bytes in transit because TLS terminates on our edge. For payload-blind operation, deploy in a Trusted Execution Environment via BYOC.