# Football Project Agents

This document describes the AI agents and their roles in the Football project.

## Project Overview

The Football project is a secure Debian 13 (Trixie) ISO build system using Docker-based workflow with Test-Driven Development methodology.

## Agent Roles

### Crush - Lead Developer & System Architect
**Primary Responsibilities:**
- System architecture and design
- Implementation of core build components
- Security hardening configurations
- Test-driven development implementation
- Docker containerization
- Compliance framework implementation

**Key Capabilities:**
- Bash scripting and system configuration
- Security hardening (STIG, CMMC, FedRAMP)
- Docker and container orchestration
- Test automation with BATS
- Linux kernel module management
- Network security and firewall configuration

## Development Workflow

### Test-Driven Development
- Tests are written before implementation
- 100% code coverage is mandatory
- BATS framework for testing
- Shellcheck for code linting
- Strict mode for all scripts (`set -euo pipefail`)

### Build Process
- Docker-based build environment
- Live-build for ISO generation
- Dynamic firewall configuration
- Security hardening hooks
- Compliance validation

### Compliance Requirements
- CMMC (Cybersecurity Maturity Model Certification)
- FedRAMP (Federal Risk and Authorization Management Program)
- STIG (Security Technical Implementation Guide)
- CIS Benchmarks (Center for Internet Security)

## Project Structure

The project follows a strict directory structure:
- `config/` - Live-build configurations
- `src/` - Build scripts and utilities
- `tests/` - Test suite (unit, integration, security)
- `docs/` - Documentation and specifications
- `output/` - Generated ISO files

## Communication Guidelines

- All code changes follow conventional commit messages
- Atomic commits with single logical changes
- Frequent commits and pushes
- Documentation updated before implementation
- Security considerations prioritized in all decisions

## Security Focus

This project maintains strict security requirements:
- Network access restricted to WireGuard only
- WiFi and Bluetooth permanently disabled
- Kernel module blacklisting
- Dynamic firewall configuration
- Privacy-focused desktop environment
- Compliance with government security standards