v0.1.0 — Initial Release

SecAI OS v0.1.0

First tagged release of SecAI OS — a bootable local-first AI OS with defense-in-depth security.

Highlights

• 30 milestones complete (M0–M30): from encrypted vault and quarantine pipeline to gguf-guard deep integrity scanning
• 10 services: Registry, Tool Firewall, Web UI, Airlock, Inference (llama.cpp), Diffusion, Quarantine, Search Mediator, SearXNG, Tor
• Multi-GPU: NVIDIA (CUDA), AMD (ROCm), Intel (XPU), Apple Silicon (Metal), CPU fallback — auto-detected at first boot
• 7-stage quarantine pipeline: source policy, format gate, integrity check, provenance, static scan + gguf-guard, behavioral smoke test, diffusion deep scan
• 20+ defense layers: Secure Boot, TPM2, seccomp-bpf, Landlock, nftables, encrypted vault, canary/tripwire, 3-level emergency wipe, and more
• Tor-routed search: SearXNG with PII stripping, differential privacy, injection detection
• 620+ tests: 26 Go tests, 595+ Python tests, shellcheck

What's Included

• BlueBuild recipe for building the OS image
• All service source code (Go + Python)
• Comprehensive documentation (architecture, API, install guides, examples)
• OpenAPI spec and JSON Schema for policy/config files
• llms.txt for AI agent discoverability

Install

sudo rpm-ostree rebase ostree-unverified-registry:ghcr.io/sec_ai/secai_os:latest
sudo systemctl reboot
sudo rpm-ostree rebase ostree-image-signed:docker://ghcr.io/sec_ai/secai_os:latest
sudo systemctl reboot

See the README for full install guides.