Study material
concept → source file → page

Coverage matrix

A map from each concept to the source file that evidences it and the page that explains it, numbered 1 to 10. Where the repo diverges or a name does not match a file, the marking is open. Protection is described as a sum of layers (the coefficient), never as a count of visitors.

✓ no código parcial / sutileza nome de sinal, não arquivo

1 · The POSIX contract and exit 2

ConceptSource filePageStatus
exit code as contract; the exit 2hooks/nemesis-pretool-check-unix.rs:190-1941
POSIX process model, stdio, spawnmain.rs:106-126; pretool reads stdin1

2 · Kernel, eBPF and LSM

ConceptSource filePageStatus
kernel vs userspace; bprm_check_security hookebpf/nemesis-block.bpf.c:68-1382
eBPF: verifier, maps (hash/ringbuf/array/LPM trie)nemesis-block.bpf.c:20-672
BPF-LSM as the decision pointnemesis-block.bpf.c:68,1732

3 · Kernel confinement and egress

ConceptSource filePageStatus
scope by the agent cgroupnemesis-block.bpf.c:83-943
Landlock without root (no_new_privs)ebpf-kernel/src/landlock.rs:24-383
egress allowlist, C2, fail-closedbpf.c:173-205; src/egress.rs:1-63
capabilitiesposture (no_new_privs, no root), not an explicit call3princípio aplicado, não feature isolada

4 · Rust as a defense language

ConceptSource filePageStatus
workspace and committed Cargo.lockCargo.toml:1-9; release.yml (--locked)4
Result/Option, errors without exceptionsmain.rs:149-1564
fail-closed (catch_unwind → exit 2)nemesis-pretool-check-unix.rs:1023-10414
linear regex/ReDoS; limits against DoScrate regex; decoder.rs:22-284

5 · AST, pipeline and semantic detection

ConceptSource filePageStatus
AST, tree-sitter, Visitor patternast_scanner.rs:58-79; visitors/mod.rs5
layered pipelinelib.rs:242-2885cabeçalho de scanner/mod.rs diz 6; execução tem mais chamadas
Shannon entropyentropy.rs:14-405
taint tracking (3 passes)taint_tracker.rs:251-3185

6 · Pretool, defender and daemon

ConceptSource filePageStatus
multi-IDE interception (tool translation)pretool:312-3476
compute_severity (pure function, deterministic)lib.rs:413-4376
daemon, fire-and-forget, quarantinepretool:1107-1141; quarantine.rs:1-116

7 · Prompt injection and IDE poisoning

ConceptSource filePageStatus
prompt injection, system prompt extractionprompt_injection.rs:1-297
IDE poisoning, authority injection, fake scanide_config_poisoning.rs:157-2067

8 · Malicious code and supply chain

ConceptSource filePageStatus
decode→exec (decoder runs and rescans)decoder.rs:200-217; visitors/decode_exec.rs8
multi-runtime reverse shelllib.rs:387 (sinal CONFIRMATÓRIO)8sinal reverse_shell, sem arquivo de visitor próprio
evasion: self-clean, time-gated, Unicode steg (Trojan Source)self_clean.rs; time_gated.rs; byte_scanner.rs:17-46; unicode_steg.rs8
manifests (postinstall/build.rs), typosquat, lockfilesmanifest_scanner.rs:1-12; manifest_abuse.rs8registry_redirect é nome de sinal
credential harvest + exfil chain (source+sink)credential_harvest.rs; exfil_chain.rs:192-2478

9 · Defense in depth and decision

ConceptSource filePageStatus
3 independent layers; eBPF as backstoppretool:1107-1141; lib.rs:216-2329
severity, corroboration (Tier A/B), reversible quarantinelib.rs:377-437; quarantine.rs:1-119

10 · Process and honesty

ConceptSource filePageStatus
threat model, declared limits (trusting-trust)self-audit.yml:10-17; AGENTS.md §2/§1010
DevSecOps: SLSA, self-audit, CODEOWNERSself-audit.yml:85-89; release.yml:8-16; CODEOWNERS:18-2110SLSA declarado no release.yml, não fixado linha a linha
nemesis-doctor (observability)nemesis-doctor/src/main.rs:10; checks/mod.rs:3-910G1/G2/G7 nomeados; demais por módulo
red-teaming (pentest as gate)run-pentest.sh; self-audit.yml:85-8910

Protection layers (the coefficient)

Protection is the sum of independent layers (pretool plus daemon plus eBPF), the coefficient. Not the count of visitors; the empirical proof is the pentest suite.
Protection = sum of layers. A visitor is a detection method, not a unit of coverage; the proof is the pentest.

Nemesis protection is the sum of layers, not the count of visitors (a visitor is a method, not a vector). Broken down per layer:

LayerWhat it blocks (examples)Source
Pretool + eBPF (command; kernel on Linux)destruction, permissions, filesystem, database, exfil, recon/exploit, persistence/privescdenylist-ebpf/commands.toml; .nemesis/denylist/
eBPF: exec + egress (Linux)-EPERM on exec of a blocked command and connection outside the egress allowlistnemesis-block.bpf.c:68-138, 173-205; egress.toml
Defender: embedded deny-list (content)37 categorias (reverse_shells, data_exfiltration_compound, persistence_mechanisms, supply_chain_registry, container_escape, prompt_injection_*, llm_template_injection, xss_unsanitized_html, nemesis_evasion, pii_detection, ...)denylist-defender.json (.categories); embutida via include_str! (denylist_loader.rs:33)
Defender: scanner + AST visitors (method)byte (BiDi/PUA/homoglyph/zero-width), entropy, regex, manifest, recursive decoder; and the semantic-intent visitorsscanner/; visitors/ (15 arquivos de visitor)

Empirical proof: the static pentest suite as a CI gate. Canonical rule of the framing: AGENTS.md §3A.

What diverges and what is not fixed

  • "18 visitors": the code has 15 visitor files. Names like reverse_shell and manifest_registry_redirect are emitted signals (in regex/decoder/manifest_scanner), not visitor files. And, either way, counting visitors does not measure coverage: a visitor is a method.
  • Pipeline order: the scanner/mod.rs comment says six layers; the real execution in lib.rs has more calls (byte with four sub-scans, plus ide and exfil). The matrix and page 5 follow the code.
  • Pentest count: the sources diverge (run-pentest.sh cites "184 tests / 26 modules"; self-audit.yml and AGENTS.md cite "194/194"). The script auto-detects; no number that could go stale is fixed here, and the divergence is pointed out. Detail on page 10.
  • SLSA: the attestation is in the release flow; this material describes it and points to the file, without pinning lines that could go stale.
  • nemesis-doctor: the code names G1 (compile), G2 (tests) and G7 (pentest) in the help; the other groups map to the checks/ modules.

Voltar ao índice.