diff --git a/README.md b/README.md
index 4f1e922..ac46b78 100644
--- a/README.md
+++ b/README.md
@@ -3,29 +3,29 @@
 ## ⚠️ READ THESE FILES FIRST
 
 ### 🚀 Quick Start
-1. **AGENTS.md** - Current status + critical requirements (START HERE)
-2. **docs/PRD.md** - Product Requirements Document
-3. **README.md** - This file (project overview)
+1. **[AGENTS.md](AGENTS.md)** - Current status + critical requirements (START HERE)
+2. **[docs/PRD.md](docs/PRD.md)** - Product Requirements Document
+3. **[README.md](README.md)** - This file (project overview)
 
 ### 📋 Documentation Files
 | File | Purpose |
 |------|---------|
-| **STATUS.md** | 📊 Project status report (manager quick-glance) |
-| **JOURNAL.md** | 📝 AI memory, ADRs, lessons learned (append-only) |
-| **AGENTS.md** | ⚡ START HERE - Current status + requirements |
-| **docs/PRD.md** | Complete product requirements |
-| **docs/SDLC.md** | Software Development Lifecycle |
-| **docs/TEST-COVERAGE.md** | Test suite details and coverage |
-| **docs/VERIFICATION-REPORT.md** | Security compliance verification |
+| **[STATUS.md](STATUS.md)** | 📊 Project status report (manager quick-glance) |
+| **[JOURNAL.md](JOURNAL.md)** | 📝 AI memory, ADRs, lessons learned (append-only) |
+| **[AGENTS.md](AGENTS.md)** | ⚡ START HERE - Current status + requirements |
+| **[docs/PRD.md](docs/PRD.md)** | Complete product requirements |
+| **[docs/SDLC.md](docs/SDLC.md)** | Software Development Lifecycle |
+| **[docs/TEST-COVERAGE.md](docs/TEST-COVERAGE.md)** | Test suite details and coverage |
+| **[docs/VERIFICATION-REPORT.md](docs/VERIFICATION-REPORT.md)** | Security compliance verification |
 
 ### 🔧 Project Files
 | File | Purpose |
 |------|---------|
-| `run.sh` | Main entry point (build/test/lint/clean/iso) |
-| `Dockerfile` | Build environment |
-| `config/` | Live-build configuration |
-| `tests/` | BATS test suite |
-| `docs/` | Detailed documentation |
+| [`run.sh`](run.sh) | Main entry point (build/test/lint/clean/iso) |
+| [`Dockerfile`](Dockerfile) | Build environment |
+| [`config/`](config/) | Live-build configuration |
+| [`tests/`](tests/) | BATS test suite |
+| [`docs/`](docs/) | Detailed documentation |
 
 ---
 
@@ -41,17 +41,17 @@
 ### PRD → Code → Tests Alignment
 | PRD Requirement | Code | Tests |
 |-----------------|------|-------|
-| FR-001: Full Disk Encryption | encryption-setup.sh, encryption-validation.sh | ✅ 10 test files |
-| FR-002: Debian Base | preseed.cfg, package-lists | ✅ config tests |
-| FR-003: Desktop Environment | desktop-environment.sh | ✅ 5 test files |
-| FR-004: Network/Firewall | firewall-setup.sh | ✅ 7 test files |
-| FR-005: Hardware Control | security-hardening.sh | ✅ 5 test files |
-| FR-006: SSH Client | security-hardening.sh | ✅ 5 test files |
-| FR-007: System Hardening | security-hardening.sh | ✅ 9 test files |
-| FR-008: USB Automount | usb-automount.sh | ✅ 5 test files |
-| FR-009: Immutability | disable-package-management.sh | ✅ 6 test files |
-| FR-010: ISO Build | build-iso.sh, Dockerfile | ✅ 8 test files |
-| FR-011: Host FDE | run.sh check | ✅ system tests |
+| [FR-001: Full Disk Encryption](src/encryption-setup.sh) | [encryption-setup.sh](src/encryption-setup.sh), [encryption-validation.sh](src/encryption-validation.sh) | ✅ 10 test files |
+| [FR-002: Debian Base](config/includes.installer/preseed.cfg) | [preseed.cfg](config/includes.installer/preseed.cfg), [package-lists](config/package-lists/) | ✅ config tests |
+| [FR-003: Desktop Environment](config/hooks/live/desktop-environment.sh) | [desktop-environment.sh](config/hooks/live/desktop-environment.sh) | ✅ 5 test files |
+| [FR-004: Network/Firewall](src/firewall-setup.sh) | [firewall-setup.sh](src/firewall-setup.sh) | ✅ 7 test files |
+| [FR-005: Hardware Control](src/security-hardening.sh) | [security-hardening.sh](src/security-hardening.sh) | ✅ 5 test files |
+| [FR-006: SSH Client](src/security-hardening.sh) | [security-hardening.sh](src/security-hardening.sh) | ✅ 5 test files |
+| [FR-007: System Hardening](src/security-hardening.sh) | [security-hardening.sh](src/security-hardening.sh) | ✅ 9 test files |
+| [FR-008: USB Automount](config/hooks/live/usb-automount.sh) | [usb-automount.sh](config/hooks/live/usb-automount.sh) | ✅ 5 test files |
+| [FR-009: Immutability](config/hooks/installed/disable-package-management.sh) | [disable-package-management.sh](config/hooks/installed/disable-package-management.sh) | ✅ 6 test files |
+| [FR-010: ISO Build](src/build-iso.sh) | [build-iso.sh](src/build-iso.sh), [Dockerfile](Dockerfile) | ✅ 8 test files |
+| [FR-011: Host FDE](run.sh) | [run.sh](run.sh) check | ✅ system tests |
 
 ### Mandatory Requirements Implemented
 - ✅ **FR-001: Full Disk Encryption** - LUKS2, AES-256-XTS, 512-bit key
@@ -117,7 +117,7 @@ Build KNEL-Football secure ISO with Docker-only workflow following AGENTS.md req
 ### Features
 - **Mandatory Full Disk Encryption** - LUKS2 with AES-256-XTS
 - **Mandatory Strong Passwords** - 14+ chars, complexity requirements
-- Debian Testing base
+- Debian 13 (trixie) stable base
 - IceWM + LightDM desktop
 - WiFi/Bluetooth permanently disabled
 - SSH client-only (no server, no inbound access)
@@ -341,8 +341,8 @@ License: GNU Affero General Public License v3.0 only
 ---
 
 **For detailed information, see:**
-- AGENTS.md (START HERE)
-- docs/PRD.md (Requirements)
-- docs/SDLC.md (Development Workflow)
-- docs/TEST-COVERAGE.md (Tests)
-- docs/VERIFICATION-REPORT.md (Compliance)
+- [AGENTS.md](AGENTS.md) (START HERE)
+- [docs/PRD.md](docs/PRD.md) (Requirements)
+- [docs/SDLC.md](docs/SDLC.md) (Development Workflow)
+- [docs/TEST-COVERAGE.md](docs/TEST-COVERAGE.md) (Tests)
+- [docs/VERIFICATION-REPORT.md](docs/VERIFICATION-REPORT.md) (Compliance)