kolm / tutorials / PHI redactor

Compile your first PHI redactor in 12 minutes.

By the end of this walkthrough you will have a signed 9.4 KB .kolm artifact on your disk. It redacts Protected Health Information from free-text clinical notes. It runs offline. It ships with a HIPAA-shaped receipt your hospital's CISO can verify with the open-source verifier.

Runtime 12 minOutput phi-redactor.kolmK-score 0.982Size 9.4 KB

Step 1 . 90 seconds

Install kolm and grab an API key.

One npm install. The CLI works on macOS, Linux, and Windows.

# Install the CLI
$ npm install -g kolm

# Sign up + key (browser opens)
$ kolm login

# Verify the install
$ kolm version
  k o l m
  ─────── the private AI compiler
kolm cli v0.1.0
spec rs-1

CheckpointIf you see the brand mark and `spec rs-1`, you're good.

Step 2 . 60 seconds

Describe the task.

Write a one-line description of what the model should do. You don't write training code; you describe the work.

$ kolm compile "redact PHI from clinical notes; keep clinical content; emit JSON spans"

Compile plan generated.
  base: qwen2.5-7b-instruct
  recipe: lora + dpo + constrained-decoder
  target K-score: 0.92
  estimated cost: $1.40
  estimated time: 9 min
Continue? [Y/n] Y

CheckpointThe plan picks the base model and the recipe for you. You can override either, but for the first compile let it pick.

Step 3 . 8–10 minutes

Compile.

The CLI streams progress. Synthetic data generation, LoRA fine-tune, K-score gate, sign, package. Step out for coffee.

[1/6] synthesizing (Magpie + Evol-Instruct) ........ 1,840 pairs 42s
[2/6] dedup + filter (MinHash) ................... 1,612 pairs 8s
[3/6] LoRA + DPO ................................ 3 epochs 6m 12s
[4/6] constrained-decoder fit (JSON schema) ...... 38s
[5/6] K-score gate ............................... K = 0.982 > 0.92 target
[6/6] sign + package ............................. 2s

  artifact: ./phi-redactor.kolm  (9.4 KB)
  receipt:  ./phi-redactor.receipt.json  (3.1 KB)
  CID:      cidv1:sha256:1bcf2323...

CheckpointTotal compile cost on our account: $1.38. Yours will be similar. The K-score gate blocks if the artifact misses the target.

Step 4 . 30 seconds

Run it locally.

The artifact runs on your machine. No network call, no cloud roundtrip. Same answer every time.

$ kolm run phi-redactor.kolm "Mrs. Jane Doe (DOB 1962-03-04) presented with chest pain."

{
  "redacted": "Mrs. [NAME] (DOB [DATE]) presented with chest pain.",
  "spans": [
    {"type": "NAME", "start": 4, "end": 12},
    {"type": "DATE", "start": 19, "end": 29}
  ],
  "latency_ms": 0.6,
  "receipt_cid": "cidv1:sha256:1bcf2323..."
}

Step 5 . 60 seconds

Verify the receipt.

Anyone can re-verify the artifact. No kolm account needed - the verifier is open source and 262 lines of TypeScript.

$ kolm verify phi-redactor.kolm

  ✓ manifest CID matches canonical hash
  ✓ all 11 entries hashed and verified
  ✓ receipt HMAC valid
  ✓ K-score 0.982 (above declared gate 0.92)
  artifact is valid.

CheckpointThis is the verb your CISO will run. If you share the .kolm with them, they don't need a kolm account to verify it.

Step 6 . optional

Ship it.

You now own the file. Drop it on a hospital workstation, embed it in your EHR plugin, sign it into a compliance binder.

$ kolm verify phi-redactor.kolm --binder hipaa.pdf

# produces a one-page PDF that lists:
#  - CID + receipt hash + K-score
#  - compile config + base model + recipe
#  - evaluation pack + scores
# auditors sign the PDF, not the JSON.

Run it now →Open the receipt →