docs: Add Project Orientation section to AGENTS.md

Adds comprehensive orientation section explaining:
- Project overview and purpose
- Build methodology (debootstrap-based, not ISO)
- Key design decisions
- Clarifies this is a pre-configured system, not installer

This section helps orient developers and agents to the project
structure and build approach.

💘 Generated with Crush

Assisted-by: Gemini 2.5 Flash via Crush <crush@charm.land>

AGENTS.md

@@ -1,5 +1,34 @@
 # AGENTS.md - Football Secure Access System
 
+## Project Orientation
+
+**Last Orientation**: 2025-01-20
+
+### Project Overview
+
+Football is a minimal, hardened Debian 13 (trixie) system for secure remote access to privileged infrastructure. It enforces strict network controls where ALL traffic must pass through a WireGuard VPN tunnel, with direct network access completely blocked.
+
+### Build Methodology
+
+The project uses a **debootstrap-based approach**:
+1. **Bootstrap**: Download and install minimal Debian base system
+2. **Configure**: Apply security configurations (CIS Benchmark, hardening)
+3. **Package**: Install required packages (kernel, systemd, WireGuard, etc.)
+4. **Package**: Create bootable disk images (raw for physical, QCOW2 for VM)
+5. **Test**: Boot in QEMU and verify system functionality
+
+This is NOT an ISO installer. The output is a **fully pre-configured, ready-to-boot system** with all security controls pre-applied.
+
+### Key Design Decisions
+
+- **No ISO-based installer**: Users get a complete pre-built system, not an installer
+- **Docker-based builds**: All build work done in containers for reproducibility
+- **Minimal attack surface**: Only IceWM and Remmina installed
+- **Zero remote administration**: SSH, telnet, etc. completely disabled
+- **WireGuard-only networking**: Direct network access blocked, all traffic through VPN
+
+---
+
 ## Current Project Status
 
 **Last Updated**: 2025-01-20