nemesis8

NEMESIS8

Container Orchestration

AI Agents,
Contained.

nemesis8 is a Rust orchestrator for AI CLI container workloads. Multi-provider support for Codex and Gemini. 69 MCP tools. Persistent sessions. HTTP gateway. Pokeball sealed environments. One binary, total control.

Get Started View Source
Rust Docker Multi-Provider MCP
Capabilities

Eight Arms, Infinite Reach.

Multi-Provider

Seamless switching between OpenAI Codex and Google Gemini CLI. Same config, same tools, different brains.

One-Shot & Interactive

run for clean exec output, interactive for full TUI sessions. Both with stdin forwarding.

Persistent Sessions

Sessions survive container restarts. List with sessions, resume by UUID or last 5 chars.

69 MCP Tools

File ops, web crawling, search, TTS, vision, orchestration. Auto-installed and configured at container startup.

HTTP Gateway

Axum-powered API server. Completion endpoints, session management, file watching, and concurrent run throttling.

Pokeball System

Capture, seal, and run isolated project environments. Network-isolated containers with broker-mediated AI access.

Sandboxed by Default

Everything runs in Docker. Opt-in danger mode when you need full auto. Pokeball workers drop all capabilities.

Zero-Config Start

nemisis8 init scaffolds config. nemisis8 doctor checks prerequisites. Auto-builds image on first run.

Getting Started

Up and Running in 60 Seconds.

1 Install

# From source
cargo install --path .

# Or download a release binary
# github.com/DeepBlueDynamics/nemisis8/releases

2 Build & Run

# Build the Docker image (auto on first run)
nemisis8 build

# One-shot prompt
nemisis8 run "list markdown files and summarize"

# Interactive session
nemisis8 interactive

# With Gemini instead of Codex
nemisis8 --provider gemini run "hello"

3 Configure

# Initialize config in your project
nemisis8 init

# .codex-container.toml
provider = "codex" # or "gemini"
workspace_mount_mode = "named"
mcp_tools = ["serpapi-search.py", "gnosis-crawl.py"]

[env]
MY_API_URL = "https://api.example.com"
env_imports = ["SERVICE_URL", "API_KEY"]

[[mounts]]
host = "C:/Users/you/data"
container = "/workspace/data"

4 Sessions & Resume

# List past sessions
nemisis8 sessions

# Resume by last 5 chars of UUID
nemisis8 resume 8d44d

# Drop into a container shell
nemisis8 shell
2
Rust Binaries
host CLI + container entry
69
MCP Tools
auto-installed on startup
2
AI Providers
Codex + Gemini
6
Gateway Endpoints
REST API for automation
Internals

Two Binaries, One System.

H

nemisis8 Host CLI

cli.rs
config.rs
docker.rs
gateway.rs
session.rs
scheduler.rs
C

nemisis8-entry Container Binary

MCP server installation
Provider config generation
API key resolution chain
CLI launch dispatch
Data Flow
host | nemisis8 run "prompt"
| bollard → Docker API
container | nemisis8-entry --prompt
| install MCP → write config
| resolve API key
provider | codex exec / gemini -p
| stdout → host terminal
Volumes: workspace → /workspace, codex-home → /opt/codex-home (auth, sessions, config persist across runs)
HTTP API

The Gateway.

nemisis8 serve --port 4000
Endpoint Method Description
/health GET Liveness check
/status GET Concurrency info
/completion POST Run a prompt
/sessions GET List sessions
/sessions/:id GET Session details
/sessions/:id/prompt POST Continue session

Concurrency: 2 simultaneous runs, 8-second spawn throttle.

Sealed Environments

The Pokeball System.

Capture a project, seal it into a hardened Docker image, and run AI prompts in a network-isolated container with broker-mediated access.

Capture
nemisis8 pokeball capture ./my-project

Scans the project, detects language/runtime/dependencies, and generates a pokeball.yaml spec.

Seal
nemisis8 pokeball seal ./my-project

Capture + build in one step. Produces a sealed Docker image with all deps pre-installed and the pokeball worker binary.

Run
nemisis8 pokeball run myapp --prompt "fix the tests"

Starts a worker container (network=none, read-only root, all caps dropped) with a broker that mediates AI model calls.

Security Constraints
network=none
read-only rootfs
cap_drop=ALL
4GB mem / 256 PIDs
Philosophy

The Manifesto.

The Container Is the Contract

The container is the promise: a consistent place where models, tools, and workflows behave the same way every time. You should be able to step in and act immediately, without negotiating setup or hunting for hidden config. That consistency is not a convenience feature. It is the foundation of trust.

Tools Are First-Class

We treat tools as part of the model's voice. File ops, crawling, scheduling, search, and external APIs are part of the language of action. Every tool has to be understandable, and every workflow has to be observable.

Stock Agents Are Alive

The stock agents are not inert presets. They are meant to feel alive when invoked: present, responsive, and aware of the workspace state. If they feel lifeless, that is a failure of craft, not a limitation of the model.

State Is Real

Sessions, histories, and artifacts persist because memory is a capability. Work should be resumable. Runs should be traceable. A container that forgets is a container that wastes time. A container that remembers is a platform.

The Work Speaks

We prefer concrete outcomes: a file written, a bug fixed, a report generated, a system clarified. The interface is a means to an end. The goal is always the work.