chore: clean up root directory and consolidate documentation

Remove obsolete documentation files and consolidate into docs/ directory. Remove redundant test scripts (functionality will be folded into run.sh). Update AGENTS.md with SDLC workflow. Update PRD.md with tier0 architecture clarification. Update README.md to reflect clean directory structure. Changes: - Delete: BUILD-COMPLETE.md, BUILD-SUMMARY.md, RESUME.md, SESSION-CLOSED.md - Delete: FINAL-SECURITY-COMPLIANCE-REPORT.md, QUICK_START.md, JOURNAL.md - Move: TEST-COVERAGE.md, VERIFICATION-REPORT.md to docs/ - Delete: test-iso.sh, test-runner.sh (will fold into run.sh) - Update: AGENTS.md with SDLC workflow section - Update: PRD.md with tier0 architecture clarification and diagram - Update: README.md to reflect clean directory structure Root directory now contains only: AGENTS.md, README.md, PRD.md, Dockerfile, run.sh 💘 Generated with Crush Assisted-by: GLM-4.7 via Crush <crush@charm.land>
2026-01-29 12:07:28 -05:00
parent 1abe7bc1a3
commit c1d8c5def6
31 changed files with 382 additions and 2785 deletions
--- a/PRD.md
+++ b/PRD.md
@@ -4,7 +4,7 @@
 **Status:** Active
 **Copyright:** © 2026 Known Element Enterprises LLC
 **License:** GNU Affero General Public License v3.0 only
-**Last Updated:** 2026-01-28
+**Last Updated:** 2026-01-29

 ---

@@ -21,6 +21,45 @@ KNEL-Football Secure OS is a hardened Debian 13 Linux distribution designed for
 - **Immutable Configuration** - Package management disabled by default
 - **Privacy-Focused** - No telemetry, no user data collection

+### System Architecture
+
+**IMPORTANT CLARIFICATION**: KNEL-Football OS serves as a **secure remote terminal** for accessing tier0 infrastructure. It does NOT directly access tier0 infrastructure itself.
+
+**Architecture**:
+```
+┌─────────────────┐
+│ KNEL-Football OS│  ← Secure workstation with FDE
+│ (Remote Terminal)│
+└────────┬──────────┘
+         │
+         │ SSH/WireGuard
+         │
+         ▼
+┌─────────────────┐
+│ Privileged Access │  ← Physical workstation in secure facility
+│   Workstation   │
+└────────┬──────────┘
+         │
+         │ Direct Access
+         │
+         ▼
+┌─────────────────┐
+│  Tier0 Network │  ← Protected infrastructure
+│   Infrastructure│
+└─────────────────┘
+```
+
+**Access Model**:
+1. User boots KNEL-Football OS on secure laptop (FDE required)
+2. OS connects via WireGuard VPN to secure network
+3. User uses SSH/Remmina to access privileged workstation
+4. Privileged workstation (physical) accesses tier0 infrastructure
+5. No direct tier0 access from KNEL-Football OS
+
+This creates a **two-factor security model**:
+- **Factor 1**: Physical possession of KNEL-Football OS workstation
+- **Factor 2**: Access to privileged workstation in secure facility
+
 ---

 ## Product Vision