-
Notifications
You must be signed in to change notification settings - Fork 2
architecture security model
Note
👋 Hey there! Siyarix is a personal passion project built by a single developer that is growing and under active development. Some of the architectural components and features described on this page might currently be Planned, Work in Progress, or basic implementations. Stay tuned as it evolves! 🚀
Siyarix implements a robust, defense-in-depth security model designed to protect your data, enforce operational security (OPSEC), and ensure safe execution at all times. Our architecture spans multiple critical layers—from input validation and permission gating to stealth operations and tamper-evident auditing. Each layer is independently configurable, allowing you to combine them for graduated, context-aware safety policies.
Note
The security model is built on the principle of least privilege and zero-trust execution. Every action is verified, sanitized, and audited before it touches your system or the outside world.
Here's how a request flows through the Siyarix security pipeline:
┌─────────────────────────────────────────────────────────────┐
│ User Input │
│ │ │
│ ┌─────────────────────────────────────────────────────┐ │
│ │ 🔍 Layer 1: Input Validation │ │
│ │ • Length limits • Null bytes │ │
│ │ • Shell injection • Target format │ │
│ │ • Tool presence • Timeout checks │ │
│ └───────────────────────┬─────────────────────────────┘ │
│ │ │
│ ┌─────────────────────────────────────────────────────┐ │
│ │ 🚦 Layer 2: Permission Gate │ │
│ │ • Plan validation (allow/review/block) │ │
│ │ • 38+ danger signatures │ │
│ │ • Target scope checking │ │
│ └───────────────────────┬─────────────────────────────┘ │
│ │ │
│ ┌─────────────────────────────────────────────────────┐ │
│ │ 🕵️ Layer 3: DLP Engine │ │
│ │ • Data leak prevention & pattern matching │ │
│ │ • 24+ detection signatures │ │
│ │ • Automatic redaction │ │
│ └───────────────────────┬─────────────────────────────┘ │
│ │ │
│ ┌─────────────────────────────────────────────────────┐ │
│ │ 🎭 Layer 4: OPSEC Manager │ │
│ │ • Operational security enforcement │ │
│ │ • IP, UA rotation & DNS over HTTPS (DoH) │ │
│ │ • Timing jitter │ │
│ └───────────────────────┬─────────────────────────────┘ │
│ │ │
│ ┌─────────────────────────────────────────────────────┐ │
│ │ 🥷 Layer 5: Stealth Engine │ │
│ │ • Stealth level tiers (0-4) │ │
│ │ • Evasion techniques │ │
│ │ • Safe command enforcement │ │
│ └───────────────────────┬─────────────────────────────┘ │
│ │ │
│ ┌─────────────────────────────────────────────────────┐ │
│ │ 🔧 Layer 6: Tool Call Repair │ │
│ │ • Malformed LLM tool call correction │ │
│ │ • Parameter normalization & schema recreation │ │
│ └───────────────────────┬─────────────────────────────┘ │
│ │ │
│ ┌─────────────────────────────────────────────────────┐ │
│ │ 📦 Layer 7: Execution (Sandboxed) │ │
│ │ • Tool-level sandboxing & command isolation │ │
│ │ • Timeout & resource limits │ │
│ └───────────────────────┬─────────────────────────────┘ │
│ │ │
│ ┌─────────────────────────────────────────────────────┐ │
│ │ 🔐 Layer 8: Audit & Credential Management │ │
│ │ • Tamper-evident SHA-256 audit chain │ │
│ │ • Encrypted CredentialStore │ │
│ └─────────────────────────────────────────────────────┘ │
│ │ │
│ ⚡ Execution │
└─────────────────────────────────────────────────────────────┘
Before any plan is even considered for execution, the Validator class (siyarix/validators.py) steps in to ensure everything is structurally sound and safe.
| Check | Purpose |
|---|---|
| Length limits | Rejects overly long commands (>5000 chars) to prevent buffer overflows or denial of service. |
| Null bytes | Blocks commands containing \0 or %00 often used in bypass attacks. |
| Shell injection | Detects and stops dangerous characters like ;, ` |
| Target format | Validates the syntax of IP ranges, domains, and URLs. |
| Tool presence | Ensures the requested tool actually exists in the ToolRegistry. |
| Timeout limits | Prevents endless loops by rejecting steps with no timeout or excessively long ones. |
| Argument safety | Verifies all required arguments are present and blocks unrecognized parameters. |
Tip
Automatic Recovery
If validation fails, Siyarix doesn't just give up. It attempts to apply a recovery action—like retrying (RETRY), fixing parameters (RETRY_MODIFIED), switching tools (RETRY_ALTERNATIVE), or escalating to the user (ESCALATE).
The Permission Gate (siyarix/permission_gate.py) is your automated security guard. It evaluates every planned step against strict safety policies to determine if it should proceed.
| Level | Behavior | Ideal Use Case |
|---|---|---|
🟢 ALLOW
|
Proceeds without interrupting you. | Safe, read-only operations (e.g., fetching a file). |
🟡 REVIEW
|
Requires your explicit confirmation. | Destructive, modifying, or highly sensitive actions. |
🔴 BLOCK
|
Permanently denied and logged. | Extremely dangerous or out-of-scope actions. |
The gate comes pre-loaded with 38+ danger signatures to catch risky behavior:
-
Destructive:
rm -rf, disk wipes,dd,format -
Privilege Escalation:
sudo,su,chmod 777 - Exfiltration: Unauthorized external data transfers, DNS tunneling
- Persistence: Modifications to cron jobs or startup scripts
- Obfuscation: Encoded payloads, reverse shells
Your secrets are safe with Siyarix. The DLP engine (siyarix/dlp.py) actively scans data before it gets sent to LLMs or third-party APIs.
With 24+ built-in signatures, the DLP engine catches things like:
-
API Keys & Tokens:
sk-...,Bearer ..., AWS keys -
Passwords & SSH Keys:
password=...,-----BEGIN RSA PRIVATE KEY----- - PII: Emails, SSNs, credit cards
- Internal Infrastructure: RFC1918 internal IP addresses
Warning
By default, the DLP engine is set to REDACT, meaning it will automatically mask sensitive strings (e.g., swapping an API key with [REDACTED]).
Configuration Example:
[dlp]
enabled = true
mode = "redact" # Options: redact | warn | block | escalate
sensitivity = "high" # Options: low | medium | high
custom_patterns = [
"CUSTOM-TOKEN-\\w{16}",
]When conducting operations, leaving a footprint can be risky. The OPSECManager (siyarix/opsec.py) protects your operational security dynamically.
- Source IP rotation: Cycles through configured proxies.
- DNS over HTTPS (DoH): Hides DNS queries from local network monitoring.
- User-Agent rotation: Spoofs different browsers/tools to blend in.
- Timing jitter: Adds randomized delays to make automated tasks look like human behavior.
| Level | Proxy Required? | DoH Enabled? | Jitter Delay | UA Rotation |
|---|---|---|---|---|
| OFF | No | No | 0s | No |
| LOW | No | Yes | 0.5–2s | Per session |
| MEDIUM | Optional | Yes | 1–5s | Per request |
| HIGH | Yes | Yes | 2–10s | Per request |
For scenarios requiring absolute minimal detection, the StealthEngine (siyarix/stealth.py) takes over. It manages evasion tactics based on your configured stealth tier.
| Tier | Name | Behavior |
|---|---|---|
0 |
None | Standard execution. No evasion. |
1 |
Light | Rate limiting, polite scanning. |
2 |
Medium | Decoy traffic, delays, User-Agent rotation. |
3 |
High | Proxy chaining, traffic obfuscation. |
4 |
Paranoid | Tor routing, MAC rotation, DNS tunneling, C2 mimicry. |
Important
Safe Commands Limit
The Stealth Engine restricts which commands can be run at higher tiers. If an operation is deemed too "noisy" for your active tier, Siyarix will block it or warn you.
LLMs are brilliant, but sometimes they output malformed JSON or use the wrong data types. The ToolCallRepair system (siyarix/tool_call_repair.py) acts as a smart middleware to fix these issues on the fly.
- Missing parameters? It injects safe defaults.
- Wrong types? It automatically coerces them (e.g., converting a list to a comma-separated string).
- Hallucinated tool names? It uses fuzzy matching to find the closest valid tool.
This ensures the Execution layer only ever receives syntactically perfect commands.
When a tool is finally cleared to run, it executes in a tightly controlled environment.
- Command Isolation: Tools run in a subprocess isolated from the core application.
- Resource Limits: Memory and output sizes are capped to prevent crashes.
- Temporary Workspaces: Operations run in a sandboxed temporary directory.
- Network Scope Enforcement: Network requests are checked against your approved scope—any attempts to reach out-of-scope targets are dropped.
Transparency and safe credential handling are fundamental.
The AuditLogger (siyarix/audit.py) builds a cryptographic chain of every action taken.
# Conceptual Audit Entry
entry = {
"timestamp": "2026-06-25T12:00:00Z",
"action": "execute_tool",
"status": "completed",
"hash": "sha256_of_previous_entry_hash + content",
"previous_hash": "a1b2c3d4..."
}Note
Because each entry hashes the previous one, the audit log is tamper-evident. Modifying a past entry will break the entire cryptographic chain, instantly alerting you to foul play.
Passwords and tokens are managed securely via siyarix/credential_store.py:
- Encryption: Uses Fernet symmetric encryption.
- Master Key: Derived from your master password via PBKDF2.
- Usage: API keys are injected directly into environment variables at runtime, never written to plaintext logs.
Manage your security posture directly from the CLI (siyarix/security_commands.py):
siyarix security audit-log # View the audit trail
siyarix security verify-chain # Verify audit chain integrity
siyarix security credential-store # Manage the encrypted store
siyarix security permissions # Tweak permission policies
siyarix security scope # Manage operational boundaries
siyarix security session-list # View active sessionsWe've anticipated major attack vectors and built specific countermeasures:
| Threat | Mitigation Layer | Severity |
|---|---|---|
| Prompt Injection | Layer 1: Validators (shell inject/length checks) | High |
| Destructive AI Commands | Layer 2: Permission Gate (38+ signatures) | High |
| Data Leaks to AI | Layer 3: DLP Engine (pattern redaction) | Critical |
| Operator OPSEC Leak | Layer 4: OPSEC Manager (proxies, DoH, UA rotation) | Medium |
| Defensive Detection | Layer 5: Stealth Engine (evasion tiers) | Medium |
| Malformed AI Output | Layer 6: Tool Call Repair | Medium |
| Log Tampering | Layer 8: SHA-256 Cryptographic Chain | Critical |
| Credential Theft | Layer 8: Encrypted CredentialStore | High |
| Scope Creep | Layer 2 & 7: Target Scope Enforcement | High |
You can quickly toggle the overall safety posture using the SIYARIX_SAFE_MODE environment variable:
| Mode | Permission Gate | DLP Engine | OPSEC Level | Stealth Tier |
|---|---|---|---|---|
strict (Default) |
ALLOW / REVIEW / BLOCK | REDACT | MEDIUM | 1 |
permissive |
ALLOW / REVIEW | WARN | OFF | 0 |
Note
👋 Welcome to Siyarix! This is a personal passion project built by a single developer. It's currently under active development and growing fast. Expect rough edges, but lots of love! ❤️
Welcome to the Siyarix Documentation Map! This page serves as your master compass for navigating the extensive documentation we have built for the platform.
Whether you are a brand new user, a seasoned security operator, or a developer looking to contribute to the core engine, you can find exactly what you need here.
Not sure where to start? Pick the path that best describes you:
Just getting started? We highly recommend following these guides in order:
- Installation Guide — Get Siyarix running on your machine.
- Onboarding Wizard — Let our interactive wizard help you set up your API keys and environment.
- Setup & Configuration — A deeper dive into customizing your setup.
- Your First Run — A gentle walkthrough of your very first Siyarix command.
Ready to put Siyarix to work? Dive into our operational guides:
- Interactive Chat (REPL) — Learn how to use the powerful interactive terminal.
- Security Workflows — Best practices for recon, vulnerability assessment, and incident response.
- Cloud & IaC Scanning — How to secure your cloud environments and infrastructure code.
- Compliance Frameworks — Map your scans to SOC 2, HIPAA, ISO 27001, and more.
Looking under the hood or wanting to write some code? Start here:
- Contribution Guide — Our workflow, standards, and how you can help!
- Codebase Overview — A comprehensive map of our 82+ source modules.
- Testing Standards — How we ensure reliability with pytest and CI/CD.
- Module Architecture — Component design and responsibilities.
If you prefer to browse the raw structure, here is a complete layout of the docs/ folder:
docs/
├── 🚀 getting-started/ # Installation, onboarding, and configuration
│ ├── installation.md # Multi-platform install (pip, brew, winget, docker)
│ ├── onboarding.md # The interactive 11-step setup wizard
│ ├── setup.md # Managing API keys, credentials, and settings
│ ├── first-run.md # A walkthrough of your first session
│ ├── configuration.md # A deep-dive into advanced settings
│ └── troubleshooting.md # Common issues and how to fix them instantly
│
├── 📖 user/ # Daily operations and workflows
│ ├── cli-commands.md # Reference for 50+ CLI commands across 12 groups
│ ├── interactive-chat.md # Mastering the AI REPL and 54+ slash commands
│ ├── security-workflows.md # Recon, vulnerability assessment, incident response
│ ├── cloud-scanning.md # Multi-cloud security scanning (under development)
│ ├── compliance.md # Framework mapping (SOC 2, NIST, GDPR, PCI-DSS)
│ ├── threat-intelligence.md# Integrations with OTX, NVD, and MITRE ATT&CK
│ ├── playbooks.md # Building automated YAML-based IR playbooks
│ ├── workflow-files.md # DAG workflow reference (programmatic API)
│ ├── reporting.md # Multi-format report generation
│ ├── offline-registry.md # Running without AI (Offline/Registry execution mode)
│ └── ai-workflows.md # Advanced AI-driven autonomous operations
│
├── 💻 developer/ # Building, testing, and extending Siyarix
│ ├── codebase-overview.md # Full module structure mapping
│ ├── contribution-guide.md # How to submit PRs and our coding standards
│ ├── module-architecture.md# Component design and responsibilities
│ ├── testing.md # Writing tests (pytest), coverage, and CI/CD
│ └── building.md # Packaging, distribution, and Docker builds
│
├── 🏗️ architecture/ # System design and core internals
│ ├── overview.md # High-level data flow and layered orchestration
│ ├── ai-agent-pipeline.md # The AgentCore reasoning and execution pipeline
│ ├── provider-abstraction.md# How we unify 26 different AI providers
│ ├── execution-engine.md # Plan-based step orchestration
│ ├── memory-and-state.md # Knowledge graph, session persistence, and learning
│ ├── security-model.md # The Permission Gate, DLP, audit logging, and OPSEC
│ └── intent-routing.md # Semantic intent classification and routing
│
├── 🧠 ai/ # Deep dive into the AI provider & agent systems
│ ├── routing.md # Managing 26 providers, failovers, and circuit breakers
│ ├── persona-system.md # Overview of our 10 security personas
│ ├── agent-reasoning.md # The Observe-Reason-Act loop and tool call repair
│ ├── tool-execution.md # The tool registry, capability graph, and parsers
│ ├── ensemble.md # Parallel LLM voting strategies
│ ├── multi-wave.md # Iterative goal execution with context carry-over
│ ├── prompt-architecture.md# System prompt design and management
│ └── safety.md # Our rigorous 8-layer hallucination mitigation system
│
├── 🛡️ security/ # Safety, ethics, and threat models
│ ├── reporting.md # How to safely report vulnerabilities to us
│ ├── threat-model.md # System threat model and our mitigations
│ ├── operational-security.md# TOR routing, stealth modes, and OPSEC controls
│ ├── ethical-policy.md # Mandatory rules of engagement for all users
│ └── abuse-prevention.md # How we prevent misuse of the AI engine
│
└── ⚖️ legal/ # Licensing and governance
├── agpl-guide.md # A plain-English overview of the AGPL-3.0-or-later license
├── why-agpl.md # The philosophy behind our license choice
├── trademark-policy.md # Branding and trademark guidelines
├── responsible-ai.md # Our framework for ethical AI usage
├── disclaimer.md # Important legal disclaimers
└── plugin-exception.md # The license exception for building custom plugins
As you read through the documentation, you might encounter some specific terms. Here is a quick cheat sheet:
| Term | What It Means |
|---|---|
| Provider | The backend AI engine powering Siyarix (e.g., OpenAI, Anthropic, Ollama). |
| Tool | A traditional security executable installed on your system (e.g., nmap, nuclei). |
| Plan | A step-by-step sequence of tool commands intelligently generated by the AI. |
| Workflow | A hardcoded, predefined execution path (usually defined in YAML/JSON) that doesn't require AI generation. |
| Persona | A specialized behavioral profile given to the AI (e.g., instructing it to act specifically as a "Network Recon Specialist"). |
| Knowledge Graph | Siyarix's internal memory where it stores findings (like IP addresses, open ports) to contextually inform future steps. |
Need help finding something specific? Feel free to use the search bar at the top of the documentation site, or open a discussion on our GitHub!