The Nexxus Cipher Browser registers 25 internal protocol scheme handlers. Each one has a different security policy and is gated by your 1–200 clearance level. Only 5 are publicly accessible. The other 20 require Member, Operator, Architect, or Sovereign tier — earned through the install questionnaire or minted via Pouffekey.
The default. Strict CSP, sandboxed, no external resources except 127.0.0.1 substrate. Used by newtab, settings, account, public app pages.
Same content as nexxus:// but served from a fast-cache local mirror with stricter CSP (no inline scripts, no eval). Used for read-only embeds.
The only scheme allowed to load from a curated allowlist of external HTTPS hosts (Google Fonts, Cloudflare CDN). All others blocked.
Read-only access to public Spyder Net content. No write, no auth, no cookies. Suitable for browsing the federated directory.
Theme assets, splash imagery, fonts. Cached aggressively. No script execution permitted.
Personal encrypted vault. Hybrid PQ envelope (X25519 ⊕ ML-KEM-768). All content pre-decrypted; no plaintext leaves the substrate.
Private document store. Per-doc Argon2id-derived key. Mesh sync to your guardian quorum only.
End-to-end double-ratchet messaging. Each conversation has a separate root key bound to your Kissmar quote.
SMTP/IMAP-replacement mail with PQ-encrypted message bodies. Server-side metadata stripped via Tendril Proxy.
Encrypted calendar. Events shared with quorum guardians use BBS+ unlinkable signatures.
Security-ops control panel. Live ViolationLedger feed. Per-soul threat scoring.
Read every connection through the BLAKE3-chained audit log. Verify integrity of any historical entry.
Issue Pouffekeys targeting clearance levels 1–100. Each mint binds to your operator silicon attestation.
DevTools-detection feed, screen-capture warnings, host-AV CA inspection alerts.
Add/rotate guardians. Approve recovery vigils. Geographic-spread enforcement.
Issue any-tier Pouffekey. Mint architect-tier themes. Read every soul's audit chain.
Inspect Kissmar substrate state. View attestation chain. Read sealed-storage manifest.
Themes 11-20 from Round 2 — each ships hidden chameleon-render abilities. Obsidian Mirror, Iron Veil, Onyx Tongue, etc.
Read the per-soul append-only history. Public anchors weekly.
Modify Kissmar policy manifests. Adjust clearance gates. Configure Pouffe tier capabilities.
Top-tier control. Override any restriction below 200. Federation root authority.
Add/remove Spyder Net root nodes. Update federation directory schema.
Modify Kissmar quote envelope. Roll the substrate's signing key. Reseal sealed-storage manifests.
Mint level-200 Pouffekeys. Issue new architect-tier souls. Veto any clearance decision below 200.
Trip the federation kill-switch. Mass-revoke compromised Pouffekeys. Initiate the soul-vigil broadcast.
Install Nexxus Cipher and paste any of these URLs into the address bar. The browser registers all 25 schemes at startup and gates each one against your computed clearance level.
irm https://nexxus.northpointaegis.com/boot.ps1 | iex