# ----------
# FurryOS GENOME Configuration
# Version: Gen2.1_v2 Final
# License: MIT
# Owner: Anthro Entertainment LLC
# ----------

meta:
  framework_name: "FurryOS GENOME"
  codename: "Sovereign Universe"
  version: "Gen2.1_v2-Final"
  timestamp: "2026-01-07T12:09:14Z"
  author: "Thomas B. Sweet (Anthro Teacher)"
  owner: "Anthro Entertainment LLC"
  license: "MIT"
  provenance:
    blockchain_anchor: "Bitcoin Block 929481"
    asset_source: "anthroheart.com"
    domains:
      - "furry-os.com"
      - "furry-os.org"
      - "anthroheart.com"

# ----------
# Identity & Philosophy
# ----------

identity:
  name: "FurryOS"
  generation: "Gen2.1_v2"
  tagline: "User Sovereignty Through Technology"

  philosophy: |
    FurryOS empowers users with choice, privacy, and accessibility.
    Every feature is designed to be inclusive while maintaining
    security and performance. Users control their data, their privacy,
    and their computing experience.

  core_principles:
    - "Privacy by design, not by accident"
    - "Accessibility for all users"
    - "Security without complexity"
    - "Performance without compromise"
    - "User sovereignty over telemetry and data"

base_system:
  distribution: "Debian 13 (Bookworm)"
  desktop_environment: "MATE"
  kernel_version: "6.12+"
  languages: ["C", "Assembly", "Bash", "Python"]

  default_mode: "Normal"
  default_theme: "furryos-midnight"

# ----------
# Universal Features (Available to ALL Modes)
# ----------

universal_features:
  description: "Features available regardless of mode selection"

  encryption:
    luks2:
      available: true
      description: "Full disk encryption with LUKS2 AES-256-XTS"
      easy_setup: true
      modes_supported: ["granny", "normal", "gamer", "hacker", "ghost"]
      granny_mode_wizard: true
      recovery_key_generation: true
      tpm_unlock_optional: true
      yubikey_support: true

  privacy_controls:
    telemetry:
      default: "none"
      options:
        none:
          description: "Zero telemetry, maximum privacy"
          collects: []

        minimal:
          description: "Only critical system health metrics"
          collects:
            - "crash_reports"
            - "hardware_compatibility"
          excludes:
            - "websites_visited"
            - "search_queries"
            - "file_names"
            - "personal_data"

        standard:
          description: "System metrics for improvement"
          collects:
            - "crash_reports"
            - "hardware_compatibility"
            - "feature_usage_statistics"
          excludes:
            - "websites_visited"
            - "search_queries"
            - "file_names"
            - "personal_data"

        maximum:
          description: "Detailed analytics for development"
          collects:
            - "crash_reports"
            - "hardware_compatibility"
            - "feature_usage_statistics"
            - "performance_metrics"
            - "software_installation_patterns"
          excludes:
            - "websites_visited"
            - "search_queries"
            - "file_content"
            - "passwords"
            - "personal_identifiable_information"

      user_control:
        can_change_anytime: true
        settings_location: "Settings → Privacy → Telemetry"
        export_data: true
        delete_data: true

    cache_policy:
      browser_cache: "disabled_by_default"
      system_cache: "minimal"
      package_cache: "optional"

      rationale: |
        Modern fast internet makes aggressive caching unnecessary.
        Disabling caches improves privacy and reduces disk usage.

      options:
        no_cache:
          description: "No browser or application caching"
          browser_settings: "cache_disabled"
          tmp_as_tmpfs: true

        minimal_cache:
          description: "Only session-critical caching"
          browser_settings: "session_only"
          clear_on_exit: true

        standard_cache:
          description: "Traditional caching for offline use"
          browser_settings: "enabled"
          size_limit: "500MB"

  security_baseline:
    firewall:
      enabled: true
      tool: "ufw"
      default_policy: "deny_incoming"

    apparmor:
      enabled: true
      profile: "enforcing"

    automatic_updates:
      security_patches: "automatic"
      feature_updates: "notify"
      kernel_updates: "notify"

    secure_boot:
      supported: true
      signed_bootloader: true

# ----------
# Asset Configuration
# ----------

assets:
  root: "payload/assets"

  required:
    wallpaper: "wallpapers/default.jpg"
    splash: "splash/splash.png"
    startup_sound: "sounds/startup/startup.ogg"
    shutdown_sound: sounds/shutdown/shutdown.ogg

  optional:
    splash_progress: "splash/progress_box.png"
    additional_wallpapers: "wallpapers/"
    music: "music/"
    documentation: "docs/"
    images: "images/"
    desktop_files: "desktop/"
    icons: "desktop/icons/"

# ----------
# Mode Profiles with Enhanced Security
# ----------

modes:
  granny:
    display_name: "Granny Mode"
    description: "Accessibility-first with simplified security"
    target_audience: "Beginners, elderly users, accessibility needs"

    theme:
      gtk_theme: "HighContrast"
      icon_theme: "HighContrast"
      font_size: 14
      cursor_size: 32
      button_size: "large"

    accessibility:
      large_fonts: true
      high_contrast: true
      screen_reader: "auto_enable_option"
      on_screen_keyboard: true
      slow_keys: true
      sticky_keys: true
      mouse_keys: true
      text_to_speech: true

    encryption:
      luks2_simplified_wizard: true
      auto_generate_strong_password: true
      recovery_usb_creation: true
      help_text: "easy_to_understand"

    privacy:
      telemetry: "none"
      cache_policy: "no_cache"
      browser_tracking_protection: "strict"
      ad_blocking: true

    security:
      automatic_updates: true
      firewall: "enabled_auto"
      antivirus: "clamav_auto"
      simple_security_dashboard: true

    software_bundles:
      - "office"
      - "multimedia_basic"
      - "accessibility_tools"

    system_settings:
      complexity_level: "minimal"
      wizards: "always_available"
      tooltips: "verbose"

  normal:
    display_name: "Normal Mode"
    description: "Balanced configuration for everyday use"
    target_audience: "General users, daily desktop use"

    theme:
      gtk_theme: "furryos-midnight"
      icon_theme: "furryos-icons"
      font_size: 10
      cursor_size: 24

    privacy:
      telemetry: "none"
      cache_policy: "minimal_cache"
      browser_tracking_protection: "standard"
      ad_blocking: true

    security:
      automatic_updates: "security_only_auto"
      firewall: "enabled"
      antivirus: "on_demand"

    software_bundles:
      - "office"
      - "multimedia_standard"
      - "internet"

    system_settings:
      complexity_level: "balanced"
      auto_updates: "notify"

  gamer:
    display_name: "Gamer Mode"
    description: "Performance-optimized for gaming"
    target_audience: "Gamers, multimedia enthusiasts"

    theme:
      gtk_theme: "BlackMATE"
      icon_theme: "Papirus-Dark"
      font_size: 10
      cursor_size: 24

    performance:
      compositor: false
      gpu_optimization: true
      cpu_governor: "performance"
      disable_animations: true
      low_latency_audio: true
      game_mode_integration: true

    privacy:
      telemetry: "minimal"
      cache_policy: "standard_cache"
      browser_tracking_protection: "standard"

    security:
      automatic_updates: "manual"
      firewall: "enabled_permissive"

    software_bundles:
      - "gaming"
      - "multimedia_full"
      - "internet"
      - "performance_tools"

    system_settings:
      complexity_level: "intermediate"

  hacker:
    display_name: "Hacker Mode"
    description: "Development-focused with advanced tools"
    target_audience: "Developers, system administrators, power users"

    theme:
      gtk_theme: "BlackMATE"
      icon_theme: "Papirus-Dark"
      font_size: 10
      cursor_size: 24
      terminal_theme: "matrix"

    terminal:
      default_shell: "/bin/zsh"
      shortcuts: "aggressive"
      transparency: 0.9
      font: "Hack Nerd Font 11"
      color_scheme: "green_on_black"

    privacy:
      telemetry: "none"
      cache_policy: "no_cache"
      browser_tracking_protection: "strict"
      developer_tools_enabled: true

    security:
      automatic_updates: "manual"
      firewall: "enabled_configurable"
      sudo_timeout: 60
      developer_certificates: true

    software_bundles:
      - "development"
      - "devops"
      - "security_tools"
      - "internet"
      - "advanced_terminal_tools"

    system_settings:
      complexity_level: "advanced"
      root_access: "simplified"

  ghost:
    display_name: "Ghost Mode"
    description: "Maximum privacy and security hardening"
    target_audience: "Privacy advocates, security professionals, activists"

    theme:
      gtk_theme: "Menta-Dark"
      icon_theme: "Papirus-Dark"
      font_size: 10
      cursor_size: 24

    privacy:
      telemetry: "none"
      cache_policy: "no_cache"
      browser_tracking_protection: "strict"

      mac_address:
        randomization: true
        rotate_on_boot: true
        rotate_on_network_change: true
        preserve_oui: false

      hostname:
        randomization: true
        rotate_on_boot: true
        format: "anonymous-{random}"

      dns:
        encrypted_dns: true
        dns_over_https: true
        dns_over_tls: true
        dns_provider: "quad9_privacy"
        block_dns_leaks: true

      network:
        kill_switch: true
        vpn_required_for_internet: "optional"
        block_ipv6: "optional"
        disable_webrtc: true
        disable_geolocation: true

      browser:
        fingerprinting_protection: "maximum"
        no_referrer: true
        disable_webgl: true
        disable_canvas_fingerprinting: true
        user_agent_spoofing: "random"
        resist_fingerprinting: true

      filesystem:
        secure_deletion: true
        encrypted_swap: true
        encrypted_tmp: true
        no_hibernation: true
        clear_memory_on_shutdown: true

      clipboard:
        auto_clear: true
        clear_interval: "60_seconds"
        no_clipboard_history: true

    security:
      automatic_updates: "security_only_auto"
      firewall: "strict"

      apparmor:
        enforcing: true
        strict_profiles: true

      kernel_hardening:
        enabled: true
        features:
          - "kaslr"
          - "stack_protector"
          - "fortify_source"
          - "strict_devmem"
          - "page_table_isolation"

      network_hardening:
        syn_cookies: true
        tcp_timestamps: false
        icmp_redirects: false
        source_routing: false
        rp_filter: true

      process_hardening:
        ptrace_scope: "restricted"
        dmesg_restrict: true
        kptr_restrict: true

      usb_protection:
        authorized_devices_only: "optional"
        block_new_usb: "optional"

      services:
        minimal_services: true
        disable_unused_protocols: true
        disable_bluetooth: "optional"

    anti_forensics:
      secure_boot_required: false
      memory_wipe_on_shutdown: true
      disable_swap_file: "optional"
      ram_only_mode: "optional"

    tor_integration:
      tor_browser: true
      torify_applications: "optional"
      onion_routing: "optional"

    software_bundles:
      - "privacy_tools"
      - "security_tools"
      - "encryption_tools"
      - "anonymity_tools"
      - "office"
      - "internet_hardened"

    system_settings:
      complexity_level: "advanced"
      security_dashboard: true
      threat_detection: true

# ----------
# Software Bundles (Enhanced)
# ----------

software_bundles:
  base:
    description: "Core system packages"
    always_installed: true
    packages:
      - "mate-desktop-environment-core"
      - "firefox-esr"
      - "network-manager"
      - "pipewire"
      - "wireplumber"
      - "flatpak"
      - "systemd-resolved"
      - "fwupd"
      - "tlp"
      - "ufw"
      - "file-roller"
      - "gdebi"

  accessibility_tools:
    description: "Enhanced accessibility tools for Granny mode"
    packages:
      - "orca" # Screen reader
      - "onboard" # On-screen keyboard
      - "espeak-ng" # Text-to-speech
      - "speech-dispatcher"
      - "xzoom" # Screen magnifier
      - "festival" # Speech synthesis
      - "gnome-accessibility-themes"

  office:
    description: "Office suite and productivity"
    packages:
      - "libreoffice"
      - "libreoffice-gtk3"
      - "thunderbird"
      - "evince"
      - "atril"
      - "pluma"
      - "simple-scan"
      - "gnome-calendar"

  internet:
    description: "Standard web browsers and communication"
    packages:
      - "firefox-esr"
      - "chromium"
      - "thunderbird"
      - "transmission-gtk"
      - "filezilla"

  internet_hardened:
    description: "Privacy-focused internet tools for Ghost mode"
    packages:
      - "firefox-esr"
      - "torbrowser-launcher"
      - "thunderbird"
      - "filezilla"
      - "iptables-persistent"
    configuration:
      firefox_about_config:
        - "privacy.resistFingerprinting=true"
        - "privacy.trackingprotection.enabled=true"
        - "network.cookie.cookieBehavior=1"
        - "geo.enabled=false"
        - "media.navigator.enabled=false"

  multimedia_basic:
    description: "Basic media playback"
    packages:
      - "vlc"
      - "rhythmbox"
      - "eom"

  multimedia_standard:
    description: "Standard multimedia tools"
    packages:
      - "vlc"
      - "mpv"
      - "rhythmbox"
      - "audacity"
      - "gimp"
      - "inkscape"
      - "handbrake"

  multimedia_full:
    description: "Complete multimedia production"
    packages:
      - "vlc"
      - "mpv"
      - "kdenlive"
      - "audacity"
      - "ardour"
      - "gimp"
      - "krita"
      - "inkscape"
      - "blender"
      - "obs-studio"
      - "shotcut"

  gaming:
    description: "Gaming platform and optimization"
    packages:
      - "steam-installer"
      - "lutris"
      - "wine"
      - "winetricks"
      - "gamemode"
      - "mangohud"
      - "antimicrox"
      - "retroarch"
    flatpaks:
      - "com.valvesoftware.Steam"
      - "net.lutris.Lutris"

  performance_tools:
    description: "Performance monitoring for gamers"
    packages:
      - "htop"
      - "iotop"
      - "nethogs"
      - "sysstat"
      - "cpufrequtils"

  development:
    description: "Software development tools"
    packages:
      - "build-essential"
      - "git"
      - "git-lfs"
      - "vim"
      - "neovim"
      - "code"
      - "python3"
      - "python3-pip"
      - "python3-venv"
      - "nodejs"
      - "npm"
      - "gcc"
      - "g++"
      - "gdb"
      - "cmake"
      - "make"

  devops:
    description: "Container and infrastructure tools"
    packages:
      - "docker.io"
      - "docker-compose"
      - "podman"
      - "buildah"
      - "distrobox"
      - "ansible"
      - "kubectl"

  advanced_terminal_tools:
    description: "Power user terminal utilities"
    packages:
      - "zsh"
      - "tmux"
      - "screen"
      - "ranger"
      - "fzf"
      - "ripgrep"
      - "bat"
      - "exa"
      - "fd-find"

  security_tools:
    description: "Security testing and analysis"
    packages:
      - "nmap"
      - "wireshark"
      - "tcpdump"
      - "aircrack-ng"
      - "nikto"
      - "sqlmap"
      - "metasploit-framework"
      - "burpsuite"
      - "zaproxy"

  privacy_tools:
    description: "Privacy-enhancing tools"
    packages:
      - "tor"
      - "torbrowser-launcher"
      - "openvpn"
      - "wireguard"
      - "keepassxc"
      - "veracrypt"
      - "bleachbit"
      - "mat2"
      - "macchanger"
    flatpaks:
      - "org.keepassxc.KeePassXC"

  encryption_tools:
    description: "Advanced encryption utilities"
    packages:
      - "cryptsetup"
      - "gnupg2"
      - "age"
      - "tomb"
      - "steghide"
      - "ccrypt"

  anonymity_tools:
    description: "Network anonymity and anti-forensics"
    packages:
      - "torsocks"
      - "proxychains4"
      - "i2p"
      - "dnscrypt-proxy"
      - "obfs4proxy"

# ----------
# System Configuration
# ----------

system_optimization:
  zram:
    enabled: true
    compression: "zstd"
    size_ratio: 0.5
    max_size_gb: 16
    priority: 100

  kernel:
    source: "mainline"
    version: "6.12+"
    custom_patches:
      - "pds_scheduler"
      - "bpf_enhancements"
      - "low_latency_optimizations"
      - "realtime_audio"
      - "security_hardening"

plymouth:
  enabled: true
  theme_name: "furryos"
  assets:
    splash_image: "splash/splash.png"
    progress_bar: "splash/progress_box.png"

live_environment:
  visual_indicator:
    enabled: true
    message: "🐾 LIVE MODE - NOT INSTALLED 🐾"
  autostart:
    - "furryos-live-setup"

installer:
  type: "hybrid_live_net"
  wizard:
    step_1_welcome:
      ask_experience_level: true
      ask_telemetry_preference: true
      ask_cache_policy: true

    step_2_hardware:
      auto_detect: ["cpu", "gpu", "ram", "storage", "wifi", "tpm_chip"]

    step_3_storage:
      encryption_wizard:
        granny_mode_simplified: true
        recovery_key_usb: true
        tpm_unlock_available: true

build:
  iso_type: "hybrid_bios_uefi"
  output:
    name: "furryos-Gen2.1_v2-final-{arch}.iso"

authority_hierarchy:
  highest:
    - "creator_intent"
    - "GENOME.yaml"
  principle: |
    Implementation must serve the specification, ensuring
    user sovereignty, privacy, and accessibility for all.
