179 Scripts, One Command, Zero Excuses: The Automation Layer That Deploys an Entire AI OS
The Problem Nobody Admits
Every AI startup has a deploy script. Usually it lives in a setup.sh that one engineer wrote at 2 AM, stitched together with curl | bash invocations and sleep 30 statements where health checks should be. It works on their machine. It works on no one else's.
AitherOS is not a single model behind a REST endpoint. It is 203 microservices across 12 architectural layers, 65 Docker containers, 23 compound services, GPU scheduling, a local LLM inference stack, a memory graph, an agent council, and a web dashboard. Deploying it by hand would take days. Deploying it reliably takes something more principled than a shell script.
That something is AitherZero.
What AitherZero Actually Is
AitherZero is the PowerShell 7+ automation runtime that handles everything AitherOS needs to exist on a machine — from installing prerequisites to starting services to running tests to tearing it all down. It is the third runtime in the AitherOS triad:
| Runtime | Language | Purpose |
|---|---|---|
| AitherOS | Python 3.10+ | 203 microservices, agent cognition, orchestration |
| AitherVeil | Next.js + React 18 | Web dashboard, user-facing UI |
| AitherZero | PowerShell 7+ | Deployment, lifecycle, infrastructure automation |
"Why PowerShell?" is the question everyone asks. The answer is pragmatic: PowerShell 7 runs on Windows, Linux, and macOS. It has native object pipelines (no jq gymnastics), structured error handling, a real module system, and remoting built in. When your automation needs to provision a Hyper-V VM on Windows, SSH into a Linux GPU node, and configure Docker on both — PowerShell does all three without switching languages.
The One-Liner
The entire AitherOS deployment starts here:
& ([scriptblock]::Create((iwr -useb https://raw.githubusercontent.com/Aitherium/AitherZero/main/bootstrap.ps1))) `
-Playbook genesis-bootstrap
That single line downloads the bootstrap script, which loads the AitherZero module, which resolves the genesis-bootstrap playbook, which orchestrates a sequence of numbered scripts that:
- Detect hardware — GPU model, VRAM, CPU cores, RAM, disk space
- Detect OS — Windows, Linux, macOS, plus specific versions
- Install prerequisites — Python 3.10+, Node.js, Docker, Ollama, Git
- Configure networking — Ports, firewall rules, DNS resolution
- Deploy services — Docker Compose up, health checks, retry loops
- Download models — LLM weights, embedding models, vision models
- Register system services — Persistence across reboots
- Run validation — Smoke tests, connectivity checks, status dashboard
From bare metal to working AI operating system. One command.
179 Scripts in 18 Categories
AitherZero organizes its automation into numbered categories. The numbering is not arbitrary — it reflects execution order and domain boundaries:
AitherZero/library/automation-scripts/
├── 00-bootstrap/ 12 scripts System prerequisites, Docker, K8s
├── 01-infrastructure/ 4 scripts Windows ADK, OpenTofu, validation
├── 08-aitheros/ 9 scripts Security mesh, CA, backup, watchdogs
├── 10-devtools/ 23 scripts Git, Node, Python, VS Code, web tools
├── 20-ai-tools/ 13 scripts Stable Diffusion, TextGen, model config
├── 20-build/ 9 scripts Docker images, registry push
├── 25-infrastructure/ 7 scripts Sysinternals, Defender, Hyper-V
├── 30-deploy/ 30 scripts Compose, K8s, GCP, one-click deploy
├── 31-remote/ 7 scripts Hyper-V hosts, remote nodes, mesh
├── 40-lifecycle/ 11 scripts Start/stop/restart, scale, health
├── 50-ai-setup/ 12 scripts vLLM, Hunyuan, Qwen, ComfyUI
├── 60-monitoring/ 3 scripts Observability, service status
├── 60-security/ 8 scripts Security mesh, secrets CRUD
├── 70-external/ 6 scripts ProtonBridge, external services
├── 70-git/ 8 scripts Branches, commits, PRs, roadmap
├── 70-maintenance/ 4 scripts Docker cleanup, GPU memory, disk
├── 80-testing/ 9 scripts Unit tests, integration, linting
└── 90-competition/ 1 script Nemotron training runner
Every script follows a strict contract:
- Idempotent — Run it once, run it ten times, same result. No side effects on re-execution.
- Standard exit codes —
0success,1general failure,2prerequisites unmet,3config error,10+domain-specific. - Cross-platform — Where applicable, scripts detect the OS and branch accordingly.
- Config-driven — No hardcoded paths, ports, or credentials. Everything reads from
config.psd1.
Here is what a typical script header looks like:
<#
.SYNOPSIS
Install and configure vLLM for local inference.
.DESCRIPTION
Detects CUDA version, installs vLLM via pip, configures model paths,
sets VRAM allocation, and validates with a test inference call.
.PARAMETER ModelName
The model to configure. Defaults to config value.
.NOTES
Category: 50-ai-setup
Exit Codes: 0=Success, 2=No GPU, 3=CUDA mismatch, 10=Download failed
#>
The Playbook Engine
Individual scripts handle discrete tasks. Playbooks compose them into workflows.
A playbook is a .psd1 file — PowerShell's data format, essentially a typed hashmap — that declares a sequence of steps with execution modes, failure handlers, and conditions:
@{
Name = 'genesis-bootstrap'
Description = 'Full AitherOS deployment from bare metal'
Version = '2.0'
Steps = @(
@{
Name = 'Prerequisites'
Scripts = @('0001', '0002', '0003', '0005')
Mode = 'Sequential'
OnFailure = 'Stop'
}
@{
Name = 'Dev Tools'
Scripts = @('1001', '1002', '1003', '1005', '1008')
Mode = 'Parallel'
OnFailure = 'Continue'
}
@{
Name = 'AI Stack'
Scripts = @('5001', '5003', '5005')
Mode = 'Sequential'
OnFailure = 'Stop'
Condition = { (Get-CimInstance Win32_VideoController).Name -match 'NVIDIA' }
}
@{
Name = 'Deploy Services'
Scripts = @('3001', '3005')
Mode = 'Sequential'
OnFailure = 'Stop'
}
@{
Name = 'Validation'
Scripts = @('8001', '8003')
Mode = 'Parallel'
OnFailure = 'Continue'
}
)
PostExecution = @{
Cleanup = $true
Report = $true
}
}
Notice the Condition block on the AI Stack step. No NVIDIA GPU? The step is skipped, not failed. The system adapts to what it finds.
AitherZero ships 35+ playbooks covering the full lifecycle:
| Playbook | Purpose |
|---|---|
genesis-bootstrap | Bare metal to running AitherOS |
deploy-aitheros | Service stack deployment only |
deploy-infrastructure | Terraform/OpenTofu provisioning |
deploy-prod | Production deployment pipeline |
aitheros-full-setup | 7-phase comprehensive setup |
aither-ecosystem | Start all 40+ AI services |
ci-pr-validation | CI/CD pipeline validation |
dev-environment-setup | Developer workstation setup |
deploy-hyperv-node | Hyper-V VM provisioning |
partner-deploy | Partner infrastructure rollout |
self-hosted-runner-setup | GitHub Actions runner as Windows service |
The Configuration Hierarchy
Hardcoded values are the root of all deployment evil. AitherZero's configuration system uses a four-level merge strategy where more specific values override more general ones:
Priority (highest to lowest):
1. Command-line parameters → -ModelName "qwen2.5"
2. Environment variables → $env:AITHERZERO_MODEL_NAME
3. config.local.psd1 → Machine-specific overrides (gitignored)
4. config.{os}.psd1 → OS-specific defaults
5. config.psd1 → Master defaults (checked into git)
The master config is a structured document, not a flat key-value store:
@{
AitherOS = @{
InstallPath = 'D:\AitherOS-Fresh\AitherOS'
DockerCompose = '.DEPLOYMENT/compose/docker-compose.aitheros.yml'
Python = @{
MinVersion = '3.10'
VenvPath = '.venv'
}
}
GPU = @{
Provider = 'nvidia'
MinVRAM = 8
CUDAVersion = '12.1'
}
Models = @{
Orchestrator = 'aither-orchestrator'
Reasoning = 'deepseek-r1:14b'
Embedding = 'nomic-embed-text'
}
Docker = @{
ComposeVersion = '2.24'
Registry = 'ghcr.io/aitherium'
}
}
A developer on a Mac with an M-series chip gets different GPU defaults than someone on a Linux box with a 4090. Neither needs to edit anything — the OS-specific config handles it, and the local override file handles everything else.
The Public API
AitherZero is not just a bag of scripts. It is a PowerShell module with a proper public API organized into 12 domains:
Import-Module ./AitherZero.psd1
# Execute a specific script by number
Invoke-AitherScript -Number '3001' -Verbose
# Run a full playbook
Invoke-AitherPlaybook -Name 'deploy-aitheros' -WhatIf
# Query merged configuration
$config = Get-AitherConfigs
$config.GPU.MinVRAM # → 8
# Check system status
Get-AitherStatus | Format-Table
# Retrieve a secret from AitherSecrets vault
$token = Get-AitherSecret -Name 'github-pat'
# Run tests with coverage
Invoke-AitherTests -Path './library/tests/' -Coverage
# Execute on a remote node
Invoke-AitherRemoteCommand -Host 'gpu-node-01' -Script { Get-Process python }
The -WhatIf flag on Invoke-AitherPlaybook is not decorative. It dry-runs the entire playbook, printing every script that would execute, every condition that would be evaluated, and every service that would be affected — without touching anything. For a system that manages 200+ microservices, this is not a nice-to-have. It is a deployment safety net.
AI Meets Infrastructure: The MCP Server
Here is where AitherZero gets interesting for the AI-native workflow.
AitherZero exposes a Model Context Protocol (MCP) server that allows AI assistants — Claude Code, Copilot, or AitherOS's own agents — to invoke automation directly:
{
"tools": [
{ "name": "run_script", "description": "Execute a numbered automation script" },
{ "name": "execute_playbook", "description": "Run an orchestration playbook" },
{ "name": "search_scripts", "description": "Find scripts by keyword or category" },
{ "name": "get_configuration", "description": "Query current merged config" },
{ "name": "run_tests", "description": "Execute Pester test suites" },
{ "name": "run_quality_check", "description": "Code quality validation" }
]
}
This means when an AitherOS agent decides that a service needs to be restarted, or that a new model should be downloaded, or that the security mesh needs a rotation — it does not shell out to a script blindly. It calls a structured MCP tool with typed parameters, gets structured results back, and feeds those results into its reasoning loop.
The agents do not just use the infrastructure. They operate it.
Logging and Observability
Every script execution, every playbook run, every configuration read is logged in two formats simultaneously:
Human-readable (console + file):
[2026-03-26 14:23:01] [INFO] [3001_Deploy-LocalCompose] Starting Docker Compose deployment
[2026-03-26 14:23:03] [INFO] [3001_Deploy-LocalCompose] Building 23 compound services...
[2026-03-26 14:23:47] [PASS] [3001_Deploy-LocalCompose] All 65 containers healthy
Machine-processable (structured JSONL):
{"timestamp":"2026-03-26T14:23:01Z","level":"INFO","script":"3001","phase":"deploy","containers":65,"status":"healthy","duration_ms":46200}
The structured logs feed into Strata (AitherOS's telemetry layer), completing the feedback loop: agents can query deployment history, identify failure patterns, and learn from past runs. AitherZero does not just automate — it teaches.
The Lifecycle: Beyond Deploy
Deployment is the beginning, not the end. AitherZero handles the full service lifecycle:
Start/Stop/Restart:
Invoke-AitherScript -Number '4001' # Start Genesis + dependencies
Invoke-AitherScript -Number '4002' # Graceful shutdown
Invoke-AitherScript -Number '4003' # Rolling restart (zero downtime)
Scaling:
Invoke-AitherScript -Number '4005' -Parameters @{ Service = 'AitherMind'; Replicas = 3 }
Health monitoring:
Invoke-AitherScript -Number '6001' # Full service status dashboard
Invoke-AitherScript -Number '6002' # Observability sync to Grafana
Maintenance:
Invoke-AitherScript -Number '7001' # Docker image/volume cleanup
Invoke-AitherScript -Number '7002' # GPU memory reclamation
Invoke-AitherScript -Number '7003' # Disk usage analysis
Security rotation:
Invoke-AitherScript -Number '6010' # Rotate all service secrets
Invoke-AitherScript -Number '6011' # Refresh CA certificates
Each of these can be invoked individually, composed into playbooks, scheduled via cron, or called by an AI agent through MCP. The same building blocks serve every use case.
Infrastructure as Code
For cloud and hybrid deployments, AitherZero includes Terraform/OpenTofu modules:
AitherZero/library/infrastructure/
├── modules/
│ ├── hyper-v-vm/ Reusable Hyper-V VM creation
│ ├── docker-host/ Docker-ready host provisioning
│ └── gpu-node/ NVIDIA GPU node configuration
├── environments/
│ ├── dev/ Development cluster
│ ├── staging/ Pre-production
│ └── prod/ Production deployment
└── templates/
└── cloud-init.yaml First-boot configuration
The IaC modules follow the same philosophy as the scripts: idempotent, config-driven, and composable. A deploy-infrastructure playbook can provision three Hyper-V VMs, install AitherOS on each, join them to the mesh network, and run validation — all from a single Invoke-AitherPlaybook call.
Quality Gates
AitherZero does not trust itself blindly. The testing infrastructure validates the automation itself:
- 100+ Pester tests covering module functions, script behavior, and playbook execution
- PSScriptAnalyzer enforcing PowerShell best practices (no unapproved verbs, no aliases in scripts, strict mode)
- Component validation (
0420_Validate-ComponentQuality) checking every script meets the contract - CI/CD playbook (
ci-pr-validation) running the full quality gate on every pull request
# Run the full test suite
Invoke-AitherTests -Verbose
# Run PSScriptAnalyzer
Invoke-AitherScript -Number '8004'
# Validate all components meet standards
Invoke-AitherScript -Number '8020'
A script that violates the contract — missing metadata, non-standard exit codes, hardcoded paths — fails validation before it ever reaches main.
Why This Matters
There is a reason most AI projects never leave the demo stage. The gap between "model works in a notebook" and "system runs reliably in production" is enormous, and it is filled with the unglamorous work of deployment automation, service lifecycle management, configuration hygiene, and operational tooling.
AitherZero is that unglamorous work, done properly.
It means a new developer can go from a fresh Windows install to a running AitherOS in under an hour. It means a partner deployment is a playbook, not a project. It means upgrading a model or rotating a secret is a single command, not a runbook with 47 manual steps.
And because it exposes itself to the agents through MCP, AitherZero is also the mechanism by which AitherOS operates itself — monitoring its own health, scaling its own services, and maintaining its own infrastructure. The automation layer is not separate from the AI. It is part of the AI.
179 scripts. 35 playbooks. One command. Zero excuses.
AitherZero is open source at github.com/Aitherium/AitherZero. Key entry points:
bootstrap.ps1— One-liner entry pointlibrary/automation-scripts/— All 179 numbered scriptslibrary/playbooks/— Orchestration playbookssrc/public/— Public API (12 domains)ARCHITECTURE.md— Full architecture documentation