The journey
This is the entry point. The study of Nemesis Defender is organized into ten deepening concept groups, plus an overview that closes by tying everything together. Below, the path and why it is in this order.
In 30 seconds
Nemesis exists because of one thesis: probabilistic instruction does not contain; deterministic enforcement does. An AI agent can ignore a polite request in the prompt, but cannot ignore a process that exits with exit 2 before the action happens. The journey starts at that contract, descends to the kernel, passes through Rust and code reading, shows the malware the engine hunts, the decision architecture and the process, and closes with the overview.
The trail (in the recommended order)
- The contract: 1 · The POSIX contract and exit 2. Where it all starts: why exit code 2 is the enforcement.
- The kernel: 2 · Kernel, eBPF and LSM and 3 · Confinement and egress. The decision in the kernel and how to contain without collateral damage.
- The language: 4 · Rust as a defense language. Why the defender cannot be a source of bugs or DoS.
- Code reading: 5 · AST, pipeline and semantic detection. How Nemesis understands intent.
- The mechanics: 6 · Pretool, defender and daemon. Intercept, decide and contain.
- What it hunts: 7 · Prompt injection and IDE poisoning and 8 · Malicious code and supply chain.
- The decision: 9 · Defense in depth and decision. Contain without erasing what is legitimate.
- The process: 10 · Process and honesty. Threat model, DevSecOps, doctor, red-team.
- The close: Overview. The whole system converging in a single picture.
Shortcut
If you want the full tile map by domain, the index has all ten groups plus the support pages. To see concepts mapped to source files, go straight to the coverage matrix.
Why this order
The groups gather concepts that call each other, that are cause and effect, or that are the same subject from different angles. Exit 2 comes first because it is the contract everything else honors. The kernel comes before Rust because it defines where the decision happens. Code reading comes before malware because it is how it is recognized. Decision and process close, because that is where engineering becomes discipline. The overview, at the end, only makes sense after the pieces are seen.
Material built by forensic analysis of the codebase.