Release Notes

Public GA ISO download / reseal window (covenant + P2P hub): Sunday, April 26, 2026 · 6:00 PM Eastern — /download. (Perez-lineage ninth-hour anchor Fri Apr 17, 2026 — separate milestone.)

✝ What’s New in v7.77

• AKJV Bible — Complete Authorized King Jesus Version: 94 books (66 canonical + 28 deuterocanonical), 39,482 verses, 7 searchable TSV files. Accessible via alfred-bible CLI.
• 27-Track Worship Album — “Jesus Christ The Light Our Universe” by Elyon Neshama. 13 songs × 2 versions (A & B) + “All Honor To Your Name.” Playable via alfred-music CLI with lyrics viewer.
• 42 build hooks — Kingdom GA pipeline on the build host (v7.77 GA shipped 17). Adds quantum, mesh, productivity, GPU, max sovereign, eternal storage, Kingdom locale (0297), AKJV + family Bible (0290/0291), chess, AI stack, containers, sovereign tools, Omahon, and the full IDE/voice/search/installer path — all auditable on GoForge.
• GPU Compute — NVIDIA CUDA, AMD ROCm, and Intel oneAPI detection and configuration out of the box.
• Eternal Storage — ZFS, Btrfs, and LUKS2 encrypted storage with automated integrity checking.
• Sovereign Identity — Handshake DNS resolver, I2P routing, WireGuard mesh networking built in.
• Container Runtime — Podman, Buildah, and Skopeo for rootless container workflows.
• AI Development Stack — Python ML libraries, Ollama local LLM runner, Jupyter notebooks.
• Terminal Power Tools — tmux, zoxide, fzf, ripgrep, bat, eza, delta, starship prompt.

Inherited from v4.0

• Omahon Seal — 6-module runtime integrity framework (Boot Seal, Watchman, Vault, Shell Guard, Secure Erase, Sovereign Attestation)
• 38 Security Modules — 32 hardening + 6 Omahon Seal
• Kernel 7.0.1 — Custom-compiled from Torvalds mainline (debs in build/config/packages.chroot/). First distro on kernel 7.
• Alfred Browser, IDE, Voice, Search, Store, Welcome App, Calamares — All present.

Platform

• Kernel: Linux 7.0.1 (custom-compiled mainline; pre-built debs queued in build/config/packages.chroot/)
• Base: Debian Trixie (13) — chroot still carries the 6.12 series until the kernel-hook reseal swaps default boot
• Boot: BIOS + UEFI hybrid ISO
• Desktop: XFCE 4.18 + LightDM
• Size: ~3.27 GiB binary on the Apr 26/27 published artifact (sealed with ≈ 2 of 42 Alfred hooks); Kingdom target ~7.77 GiB — the next reseal builds from the full 42-hook tree. See /download (measured when ISO is on disk) and build/scripts/check-iso-777gib.sh.
• License: AGPL-3.0

Versioning Decree

Version 7.77 is eternal. All future updates follow the 7.77.*.*.* scheme — by God’s decree. The number of God’s perfection and completion on every byte.

Download v7.77 GA

🔏 The Omahon Seal (6 New Modules)

• Boot Seal — HMAC-SHA256 verification of 14 critical boot files (kernel, initrd, GRUB, fstab, shadow, sudoers, SSH config). One byte tampered = immediate alert.
• The Watchman — Real-time inotify monitoring of /etc, /boot, and /etc/ssh. A sentinel that never sleeps.
• The Vault — 16MB encrypted tmpfs at /run/omahon-vault. RAM-only. Root-only. Vanishes on power loss. No forensic recovery.
• Shell Guard — Active secret redaction in terminal sessions. API keys, tokens, passwords masked in real-time.
• Secure Erase — alfred-shred: 3-pass cryptographic wipe. Random, zero, random, unlink.
• Sovereign Attestation — SHA-256 chain-of-trust from build to boot. alfred-attestation proves system integrity.

Release Integrity

• GPG Signed — ISO signed with GoSiteMe Release Signing key (RSA-4096, Key ID: 32BCEDE8C8DD8B00)
• Public key: GPG-KEY.asc
• Fingerprint: 41E1 6607 5B0F 9520 5839 E41B 32BC EDE8 C8DD 8B00
• Verify: gpg --import GPG-KEY.asc && gpg --verify YOUR.iso.asc YOUR.iso (use the matching basename for the ISO you downloaded)

Build System

• 17 build hooks — up from 16 in RC8 (Omahon Seal hook 0175 added)
• 38 security modules — 32 hardening + 6 Omahon Seal runtime integrity modules
• IDE hook updated — code-server 4.114.1 (was 4.114.0)
• Branding updated — all references to 2.0/RC → 4.0 GA throughout

Platform

• Kernel: Linux 7.0.1 (custom-compiled mainline)
• Base: Debian Trixie (13)
• Boot: BIOS + UEFI hybrid ISO
• Desktop: XFCE 4.18 + LightDM
• Size: 2.3 GB ISO
• License: AGPL-3.0

CLI Tools (8 Omahon + 6 Security)

• Omahon: omahon-seal, omahon-watchman, omahon-vault-wipe, omahon-reveal, alfred-shred, alfred-attestation
• Security: alfred-security-status, alfred-scan, alfred-usb-storage, alfred-aide-init, alfred-network-status, alfred-encrypt-status
• System: alfred-info, alfred-update, fastfetch

Download v7.77 GA

Security Hardening (32 Modules — 3 New Hooks)

• Hook 0160 — Alfred Security (21 modules): sysctl CIS L2 hardening (45+ rules), kernel lockdown mode, AppArmor enforced with custom Alfred IDE & Meilisearch profiles, unattended-upgrades, fail2ban (SSH 3-try/24h ban), auditd (30+ immutable rules), DNS-over-TLS (Quad9 + Cloudflare), USB security logging & toggle, dangerous module blacklisting (firewire, dccp, sctp, cramfs), PAM password hardening (10-char/3-class/lockout), AIDE file integrity monitoring, ClamAV antivirus (weekly scan), rootkit detection (rkhunter + chkrootkit), hidepid=2, secure mount options (/tmp noexec), login banners, core dump prevention, cron/at root-only, compiler access restriction, NTS time synchronization (chrony), alfred-security-status CLI tool
• Hook 0165 — Alfred Network Hardening (7 modules): MAC address randomization (WiFi + Ethernet), nftables default-deny firewall, TCP wrappers, port scan defense, wireless hardening (WPS disabled), SSH strong ciphers only (chacha20-poly1305, ed25519, sntrup761x25519), alfred-network-status CLI tool
• Hook 0170 — Full Disk Encryption (4 modules): LUKS2 with cryptsetup + initramfs integration, strong encryption defaults, Calamares FDE checkbox enabled, alfred-encrypt-status CLI tool

Build System

• 16 build hooks — up from 13 in RC7 (3 new security hooks)
• 19 new security packages: apparmor suite, auditd, aide, clamav, rkhunter, chkrootkit, libpam-pwquality, chrony, nftables, unattended-upgrades, cryptsetup
• DNS fix hook (0011): resolves chroot DNS failures by forcibly writing /etc/resolv.conf
• fastfetch replaces neofetch (removed from Trixie repos)
• Resilient hooks: IDE (0300) and Voice (0400) now use set +e so optional failures don't kill the build

Applications

• Alfred IDE — VS Code-compatible IDE (powered by code-server 4.114.0)
• Alfred Voice — Kokoro TTS + PyTorch + espeak-ng + OpenWakeWord
• Alfred Search — Meilisearch instant search
• Alfred Store — Flatpak + GNOME Software
• Alfred Browser — Tauri + WebKitGTK (zero telemetry)
• Alfred Welcome — first-boot wizard
• Alfred Update — system update manager
• Calamares — graphical installer with FDE support

Platform

• Kernel: Linux 7.0.1 (custom-compiled mainline)
• Base: Debian Trixie (13)
• Boot: BIOS + UEFI hybrid ISO
• Desktop: XFCE 4.18 + LightDM
• Size: 2.4 GB ISO
• Distribution: WebTorrent P2P (browser-native) + .torrent file
• CLI Tools: alfred-security-status, alfred-scan, alfred-usb-storage, alfred-aide-init, alfred-network-status, alfred-encrypt-status, alfred-info, alfred-update, fastfetch

Download GA (Latest)

Kernel

• Linux 7.0.0-rc7-alfred — custom-compiled from Linus Torvalds' mainline tree (released April 5, 2026)
• 3 kernel-7-exclusive CPU mitigations: ITS (Indirect Target Selection), TSA (Transient Scheduler Attacks), VMSCAPE (VM-exit Speculative Code Attack Prevention)
• 24 total compiled-in CPU mitigations (Spectre v1/v2/BHI, Meltdown, MDS, TAA, MMIO, RFDS, SRBDS, L1TF, SSB, and more)

Security (12 default gaps patched)

• 16 boot security parameters: init_on_alloc, init_on_free, slab_nomerge, page_alloc.shuffle, pti=on, lockdown=integrity, debugfs=off, io_uring_disabled, tsx=off, vsyscall=none, and more
• nftables drop-by-default firewall with UFW front-end
• AppArmor mandatory access control enforced at boot
• fail2ban intrusion prevention active by default
• auditd security audit logging enabled
• unattended-upgrades for automatic security patches
• Auto-generated IDE passwords — no more hardcoded defaults
• Dangerous kernel modules blacklisted: firewire, thunderbolt DMA, cramfs, freevxfs, hfs, jffs2, udf
• Kernel sysctl hardening: ASLR=2, symlink/hardlink protection, SYN cookies, ICMP redirects disabled, source routing blocked

Applications (13 build hooks)

• Alfred IDE — VS Code-compatible IDE (powered by code-server 4.114.0)
• Alfred Voice — Kokoro TTS engine with PyTorch 2.11.0, espeak-ng, OpenWakeWord
• Alfred Search — Meilisearch instant search engine
• Alfred Store — Flatpak + GNOME Software for app distribution
• Alfred Browser — Tauri + WebKitGTK (zero telemetry)
• Alfred Welcome — first-boot welcome and setup wizard
• Alfred Update — system update manager
• Calamares — graphical installer for disk installation

Platform

• Base: Debian Trixie (13)
• Boot: BIOS + UEFI hybrid ISO (ISOLINUX + GRUB EFI)
• Desktop: LightDM display manager
• Hardware: LVM2, btrfs, ZRAM swap, TLP power management, CUPS printing, thermald
• Size: 2.5 GB ISO
• Distribution: WebTorrent P2P (sovereign distribution)

Highlights

• Kernel 6.12.74 — Debian Trixie LTS security kernel
• 12 build hooks (full application stack)
• Universal hardware support — GPU drivers (NVIDIA, AMD, Intel), WiFi/Bluetooth firmware, input devices, power management, auto-detect 3-tier driver loading
• Install-or-try dialog on live boot — user chooses live session or Calamares installer immediately
• XFCE desktop trust fix — desktop files launch without "untrusted application" warnings
• Kyber-1024 branding — post-quantum visual identity applied
• Calamares installer now visible and launchable from desktop with Alfred v4.0 branding and slideshow
• First build with WebTorrent P2P distribution
• First build with Alfred Store (Flatpak + GNOME Software)

Highlights

• Kernel 6.12.74
• 10 build hooks — full v4.0 application stack
• Alfred Welcome — 7-page first-boot setup wizard
• Alfred Store — Flatpak app center with GNOME Software
• Voice 2.0 — "Hey Alfred" wake word detection via OpenWakeWord (always-on systemd service)
• alfred-update — system update manager with GUI and CLI
• alfred-info — system information CLI tool
• Version check API — checks for OS updates at boot
• Calamares — v4.0 branding applied to graphical installer

Highlights

• Trixie rebase — OS moved from Debian Bookworm (12) to Debian Trixie (13)
• Kernel 6.12.74 — Trixie's LTS kernel with EEVDF scheduler and Rust-in-kernel support
• UEFI + BIOS hybrid boot — single ISO boots on both modern and legacy systems
• Alfred Voice v2 — Kokoro TTS + PyTorch, spaCy NLP, OpenWakeWord, espeak-ng fallback
• Alfred Search — Meilisearch instant local search engine
• Voice hook fixed for Trixie (Python venv + --only-binary spacy workaround)

Highlights

• Kernel 6.1.0-44 — Debian Bookworm LTS (WebKit, OpenSSL, ImageMagick, GStreamer security updates)
• First verified bootable ISO (2.5 GB)
• Critical boot fix: dual kernel-naming hooks (chroot hook #9999 + binary hook #9999) — creates generic vmlinuz/initrd that the bootloader expects
• 9 build hooks: Alfred Browser, Alfred IDE (VS Code-compatible IDE), Alfred Voice (Kokoro TTS), Alfred Search (Meilisearch), Calamares installer, branding, boot fix (chroot + binary)
• Samsung S26 Ultra mobile installer created (Termux + proot-distro, no root)