Skip to content

Releases: nirholas/PAI

PAI v0.1.0

21 Apr 15:41
@overstepping overstepping
v0.1.0
ba3b366

Choose a tag to compare

View all tags
PAI v0.1.0 Latest
Latest

First public release of PAI — a bootable USB Linux distribution for private, offline AI. Flash the ISO to a USB stick, boot any recent amd64 or arm64 machine from it, and you have a self-contained Sway desktop with a local LLM stack that runs entirely on-device.

Downloads

Architecture ISO SHA-256
amd64 / x86_64 pai-amd64.iso (8.53 GB) sha256
arm64 / aarch64 pai-arm64.iso (9.75 GB) sha256

Verify integrity:

sha256sum -c pai-amd64.iso.sha256
sha256sum -c pai-arm64.iso.sha256

Added

Core system

  • Bootable live-USB ISO images for amd64 and arm64, built from Debian 12.
  • Sway (Wayland tiling compositor) as the desktop environment.
  • Waybar status bar with app launcher and status widgets (network, audio, battery, clock).
  • pai-settings — a wofi-driven settings menu for quick access to common toggles and tools.

AI stack

  • Ollama preinstalled with the llama3.2:1b model baked into the ISO so the system works end-to-end with zero network access on first boot.
  • Open WebUI as the default chat interface, with PAI branding applied.
  • First-boot model picker (pai-model-picker): detects RAM, suggests a size-matched Ollama model, checks connectivity, and offers a one-click download. Offline-safe — falls back to the baked-in llama3.2:1b if there's no internet.

Privacy & security

  • pai-shutdown — shutdown helper that wipes memory before powering off.
  • UFW firewall enabled by default with a default-deny inbound policy.
  • MAC address randomization for WiFi and Ethernet interfaces on every boot.
  • Optional Tor privacy mode — opt-in toggle that routes system traffic through Tor.

Encrypted persistence (opt-in)

  • pai-persistence: first-boot wizard creates a LUKS2 (argon2id) partition on the USB stick that survives reboots. Persists Ollama models, Open WebUI history, and WiFi credentials.
  • Waybar persistence indicator shows a badge when the encrypted persistence partition is active.

Crypto wallet toolkits

  • Offline Solana wallet toolkit bundled at /opt/pai-wallets/solana-wallet.html.
  • Offline Ethereum/EVM wallet toolkit bundled at /opt/pai-wallets/ethereum-wallet.html.
  • Offline BIP39 mnemonic seed phrase generator bundled at /opt/pai-wallets/bip39.html.
  • All three wallet toolkits appear in the PAI App Store under the Crypto category.

Installation & flashing

  • pai CLI — POSIX shell multi-command launcher with flash, try, verify, update, version, doctor, and help.
  • Windows PAI CLI (pai.ps1) with pai.cmd shim.
  • Windows PowerShell one-liner flasher: irm https://pai.direct/flash.ps1 | iex
  • try.sh / try.ps1 one-liner that launches PAI in a local VM in 30 seconds.
  • Browser-based install assistant at https://pai.direct/flash — guided stepper with WebUSB direct-write path.
  • Ventoy support: PAI boots from a Ventoy multi-boot USB without re-flashing.
  • Raspberry Pi Imager custom repository at https://pai.direct/imager.json.

Package managers

  • Homebrew: brew install nirholas/tap/pai
  • Scoop: scoop bucket add pai https://github.com/nirholas/scoop-pai && scoop install pai
  • Winget: winget install PAI.PAI
  • AUR: yay -S pai-cli

Security

  • Ollama pinned to v0.21.0 with SHA256 verification during ISO build.
  • Default-deny inbound firewall (UFW).
  • MAC address randomization enabled by default.

Known limitations

  • No signed shims for Secure Boot. Users on Secure Boot machines must disable Secure Boot or add a MOK manually.
  • Open WebUI authentication is disabled. Do not expose the Open WebUI port over a network.
  • PowerShell flashers are not Authenticode-signed yet. Signing via SignPath planned for v0.2.
  • ISO minisign signatures not published yet. SHA-256 checksums ship with this release; minisign detached signatures arrive in v0.2.

See CHANGELOG.md and MIGRATION.md for full details.

Assets 4
Loading