docs: create PreFlightDiscussion-01.md for project review

- Document all questions, comments, and concerns before implementation
- Categorize by priority: High (blockers), Medium (challenges), Low (nice to have)
- Mark resolved items: Debian 13.3.0 availability and USB package inclusion
- Ready for stakeholder review and inline feedback

PreFlightDiscussion-01.md

@@ -0,0 +1,118 @@
+# Pre-Flight Discussion - Questions, Comments, and Concerns
+
+## Questions:
+
+### 1. Debian 13 Availability ✅ RESOLVED
+- **Original**: Debian 13 (Trixie) is currently in testing
+- **Status**: RESOLVED - Debian 13.3.0 is released and stable
+- **Action**: Updated spec to use debian-13.3.0-amd64-netinst.iso
+
+### 2. USB Automounting and Package Inclusion ✅ RESOLVED
+- **Original**: How will the system access USB mounting utilities without network access?
+- **Status**: RESOLVED - All packages must be pre-included in ISO
+- **Action**: Updated spec to clarify all utilities pre-installed
+
+### 3. Compliance Specificity
+- **Question**: Which specific CMMC levels, FedRAMP authorization levels, or STIG IDs should we target?
+- **Concern**: Without specific controls, we may implement security measures that don't meet actual requirements
+- **Options**: 
+  - CMMC Level 3, 4, or 5?
+  - FedRAMP Moderate or High?
+  - Specific DISA STIG for Debian 13?
+
+### 4. WireGuard Configuration Management
+- **Question**: Should we assume WireGuard config will be provided via USB, or include a default template?
+- **Concern**: Without a config, the system will have no network connectivity at all
+- **Options**: 
+  - Include sample/template configuration
+  - Include QR code import capability
+  - Assume user provides complete config via USB
+
+## Technical Concerns:
+
+### 5. Docker Build Context and Package Availability
+- **Concern**: The current Dockerfile may not have all required packages for Debian 13.3.0
+- **Issue**: Package names or availability may differ between Debian versions
+- **Need**: Verify all packages in Dockerfile exist in Debian 13.3.0
+
+### 6. Test Environment Privileges
+- **Concern**: Some tests (firewall, system services) require elevated privileges
+- **Issue**: Container environment may not support all required test scenarios
+- **Need**: Determine how to test privileged operations in containers
+
+### 7. ISO Size Management
+- **Concern**: Including all security tools, applications, and utilities may create a large ISO
+- **Issue**: Large ISO may be impractical for distribution or booting on older hardware
+- **Need**: Define acceptable ISO size limits and optimization strategies
+
+## Missing Details:
+
+### 8. Complete Package List
+- **Missing**: Exact package list for base system and applications
+- **Need**: Define all packages to include in the ISO (not just applications like Remmina, etc.)
+- **Examples**: Which kernel packages? Which security tools? Which system utilities?
+
+### 9. Live-build Configuration Details
+- **Missing**: Specific live-build configuration parameters
+- **Need**: Kernel parameters, boot options, system settings
+- **Examples**: Security kernel parameters, initrd options, bootloader security
+
+### 10. Error Handling and Recovery
+- **Missing**: Comprehensive error handling strategy
+- **Need**: How to handle build failures, configuration errors, system boot issues
+- **Examples**: Build failures, corrupted configs, boot problems
+
+### 11. Boot Security
+- **Missing**: Boot loader security requirements
+- **Need**: Secure boot configuration, bootloader password, boot parameters
+- **Examples**: GRUB security, kernel lockdown, initramfs security
+
+## Additional Considerations:
+
+### 12. User Experience and Documentation
+- **Concern**: Security-focused system may be difficult for users
+- **Need**: Clear documentation for secure workflows
+- **Question**: Should we include user guides in the ISO?
+
+### 13. System Updates and Maintenance
+- **Question**: How will the system receive security updates without general internet access?
+- **Options**: 
+  - Air-gapped update process
+  - USB-based update distribution
+  - No updates after initial deployment
+
+### 14. Hardware Compatibility
+- **Concern**: Minimal desktop may have hardware compatibility issues
+- **Need**: Define supported hardware scope
+- **Question**: Should we include additional drivers or keep it minimal?
+
+### 15. Testing Strategy for Air-Gapped Environment
+- **Challenge**: How to test an ISO designed for air-gapped use
+- **Need**: Testing methodology that doesn't require internet
+- **Question**: Should we simulate air-gapped environment during testing?
+
+---
+
+## Priority Assessment:
+
+**High Priority (Blockers):**
+- Q3: Compliance specificity
+- Q4: WireGuard configuration approach
+- M8: Complete package list
+- M9: Live-build configuration details
+
+**Medium Priority (Implementation Challenges):**
+- TC5: Docker package availability
+- TC6: Test environment privileges
+- TC7: ISO size management
+
+**Low Priority (Nice to Have):**
+- M10: Error handling strategy
+- M11: Boot security details
+- A12-A15: Additional considerations
+
+---
+
+**Status**: Awaiting your feedback on the above questions and concerns
+**Next Action**: Review your inline edits and address any additional points
+**Ready for Implementation**: NO - Need to resolve high priority items first