-
Notifications
You must be signed in to change notification settings - Fork 2
developer contribution guide
Thank you for your interest in contributing to Siyarix! 🎉 I started this as a personal passion project, but it is now officially public and growing fast. I warmly welcome contributors of all skill levels! Whether it's fixing a typo in the documentation or adding a new AI provider, your contributions are what make this project better for everyone.
👋 Heads Up: To better support our growing community, Siyarix will soon be moving from my personal account to its very own dedicated GitHub organization (
siyarix/siyarix). Don't worry, all links will seamlessly redirect!
Please read and follow these guidelines to help keep things organized.
Note
I welcome all kinds of contributions! If you're planning a major change, please open an issue first so we can discuss the design before you spend time coding.
Before diving in, make sure you have the following ready:
- Python 3.11+
- Git
- Familiarity with
asyncio, Python type hints, andpytest - A GitHub account
Getting Siyarix running locally is pretty straightforward:
# 1. Clone your fork
git clone https://github.com/YOUR-USERNAME/siyarix.git
cd siyarix
# 2. Create and activate a virtual environment
python -m venv .venv
source .venv/bin/activate # Linux/macOS
# .\.venv\Scripts\Activate.ps1 # Windows
# 3. Install in editable mode with development dependencies
pip install -e ".[all,cli,siem,dev]"Ensure everything is configured correctly before writing code:
pytest -q # Run the test suite
ruff check . # Check for linting errors
mypy src/siyarix/ # Verify static type checking- Find or create an issue: Let's chat about significant changes before you start work.
-
Branch out: Create a fresh branch for your work:
git checkout -b feat/my-awesome-feature. - Write code: Make your changes, keeping the existing code conventions in mind.
-
Run Quality Checks:
pytest # Ensure tests pass ruff check src/ tests/ # Ensure code is lint-free mypy src/siyarix/ # Ensure type strictness
-
Commit: Use conventional commit messages and ensure your commit is DCO signed (
git commit -s). -
Push & PR: Push your branch and open a Pull Request targeting the
mainbranch.
- We follow PEP 8, enforced by Ruff (line length: 100).
-
Type hints are highly encouraged, especially on public functions and methods (
disallow_untyped_defs). - Include
from __future__ import annotationsat the top of every module. - Use Dataclasses for structured data.
- Prefer
asynciofor any I/O-bound operations.
| Element | Convention | Example |
|---|---|---|
| Classes | PascalCase | ExecutionEngine |
| Functions | snake_case | get_health() |
| Variables | snake_case | scan_target |
| Constants | UPPER_CASE | DEFAULTS |
| Private | Leading underscore | _get_engine() |
Organize your imports in blocks, separated by blank lines:
- Standard library (e.g.,
os,sys,asyncio) - Third-party (e.g.,
typer,rich,pydantic) - Internal Siyarix modules (e.g.,
siyarix.config,.audit_log)
- Try to raise specific
SiyarixExceptionsubclasses for domain errors. - Avoid bare
except:blocks when possible. - Map exceptions to exit codes via
exit_code_for()where appropriate.
I try to follow Conventional Commits:
<type>(<scope>): <description>
[optional body]
[optional footer]
Common Types: feat, fix, docs, test, refactor, perf, style, ci, chore, security.
Important
DCO Sign-off Required!
Please include a Signed-off-by trailer certifying the Developer Certificate of Origin.
You can do this by adding the -s flag to your commit command:
git commit -s -m "feat(core): add new feature"
Check that your branch meets the requirements:
- All tests pass (
pytest -q). - Linter is happy (
ruff check). - Types are strict (
mypy src/siyarix/). - Added basic tests for new functionality.
- Updated documentation if behavior changed.
- I'll try to review PRs as soon as possible, but keep in mind this is a personal project.
- CI pipelines should pass.
- Feel free to ask questions if you get stuck!
- Create a provider profile in
src/siyarix/providers/profiles/. - Register it inside the
ProviderManager. - Add the corresponding API key environment variable to the setup documentation.
- Write some basic tests in
tests/. - Update the provider lists in the docs.
- Create your parser in
src/siyarix/parsers/, implementing theBaseParserprotocol. - Register it in
ParserRegistry. - Provide a test fixture with sample tool output.
- Add a test in
tests/.
Siyarix supports loading plugins from ~/.siyarix/plugins/. When contributing core plugins:
- Follow existing patterns found in
src/siyarix/. - Update
pyproject.tomlwith any external dependencies under the appropriateextras. - Include tests.
Caution
Please don't report security vulnerabilities via public GitHub issues! Follow the Security Policy for responsible disclosure.
- Standard PRs are welcome for hardening!
- You are responsible for all code you submit, regardless of how it was written.
- If your PR was heavily AI-generated, it's helpful to mention it in the description.
- It still needs to pass tests and linting.
By contributing, you agree your contributions will be licensed under the AGPL-3.0-or-later.
- Every source file should include this header:
# SPDX-License-Identifier: AGPL-3.0-or-later
Note
If you are contributing on behalf of a company, please ensure you have authorization to contribute under the AGPL-3.0-or-later license.
Third-party plugins placed in ~/.siyarix/plugins/ are exempt from AGPL requirements. See our Plugin Exception.
Note
👋 Welcome to Siyarix! This is a personal passion project built by a single developer. It's currently under active development and growing fast. Expect rough edges, but lots of love! ❤️
Welcome to the Siyarix Documentation Map! This page serves as your master compass for navigating the extensive documentation we have built for the platform.
Whether you are a brand new user, a seasoned security operator, or a developer looking to contribute to the core engine, you can find exactly what you need here.
Not sure where to start? Pick the path that best describes you:
Just getting started? We highly recommend following these guides in order:
- Installation Guide — Get Siyarix running on your machine.
- Onboarding Wizard — Let our interactive wizard help you set up your API keys and environment.
- Setup & Configuration — A deeper dive into customizing your setup.
- Your First Run — A gentle walkthrough of your very first Siyarix command.
Ready to put Siyarix to work? Dive into our operational guides:
- Interactive Chat (REPL) — Learn how to use the powerful interactive terminal.
- Security Workflows — Best practices for recon, vulnerability assessment, and incident response.
- Cloud & IaC Scanning — How to secure your cloud environments and infrastructure code.
- Compliance Frameworks — Map your scans to SOC 2, HIPAA, ISO 27001, and more.
Looking under the hood or wanting to write some code? Start here:
- Contribution Guide — Our workflow, standards, and how you can help!
- Codebase Overview — A comprehensive map of our 82+ source modules.
- Testing Standards — How we ensure reliability with pytest and CI/CD.
- Module Architecture — Component design and responsibilities.
If you prefer to browse the raw structure, here is a complete layout of the docs/ folder:
docs/
├── 🚀 getting-started/ # Installation, onboarding, and configuration
│ ├── installation.md # Multi-platform install (pip, brew, winget, docker)
│ ├── onboarding.md # The interactive 11-step setup wizard
│ ├── setup.md # Managing API keys, credentials, and settings
│ ├── first-run.md # A walkthrough of your first session
│ ├── configuration.md # A deep-dive into advanced settings
│ └── troubleshooting.md # Common issues and how to fix them instantly
│
├── 📖 user/ # Daily operations and workflows
│ ├── cli-commands.md # Reference for 50+ CLI commands across 12 groups
│ ├── interactive-chat.md # Mastering the AI REPL and 54+ slash commands
│ ├── security-workflows.md # Recon, vulnerability assessment, incident response
│ ├── cloud-scanning.md # Multi-cloud security scanning (under development)
│ ├── compliance.md # Framework mapping (SOC 2, NIST, GDPR, PCI-DSS)
│ ├── threat-intelligence.md# Integrations with OTX, NVD, and MITRE ATT&CK
│ ├── playbooks.md # Building automated YAML-based IR playbooks
│ ├── workflow-files.md # DAG workflow reference (programmatic API)
│ ├── reporting.md # Multi-format report generation
│ ├── offline-registry.md # Running without AI (Offline/Registry execution mode)
│ └── ai-workflows.md # Advanced AI-driven autonomous operations
│
├── 💻 developer/ # Building, testing, and extending Siyarix
│ ├── codebase-overview.md # Full module structure mapping
│ ├── contribution-guide.md # How to submit PRs and our coding standards
│ ├── module-architecture.md# Component design and responsibilities
│ ├── testing.md # Writing tests (pytest), coverage, and CI/CD
│ └── building.md # Packaging, distribution, and Docker builds
│
├── 🏗️ architecture/ # System design and core internals
│ ├── overview.md # High-level data flow and layered orchestration
│ ├── ai-agent-pipeline.md # The AgentCore reasoning and execution pipeline
│ ├── provider-abstraction.md# How we unify 26 different AI providers
│ ├── execution-engine.md # Plan-based step orchestration
│ ├── memory-and-state.md # Knowledge graph, session persistence, and learning
│ ├── security-model.md # The Permission Gate, DLP, audit logging, and OPSEC
│ └── intent-routing.md # Semantic intent classification and routing
│
├── 🧠 ai/ # Deep dive into the AI provider & agent systems
│ ├── routing.md # Managing 26 providers, failovers, and circuit breakers
│ ├── persona-system.md # Overview of our 10 security personas
│ ├── agent-reasoning.md # The Observe-Reason-Act loop and tool call repair
│ ├── tool-execution.md # The tool registry, capability graph, and parsers
│ ├── ensemble.md # Parallel LLM voting strategies
│ ├── multi-wave.md # Iterative goal execution with context carry-over
│ ├── prompt-architecture.md# System prompt design and management
│ └── safety.md # Our rigorous 8-layer hallucination mitigation system
│
├── 🛡️ security/ # Safety, ethics, and threat models
│ ├── reporting.md # How to safely report vulnerabilities to us
│ ├── threat-model.md # System threat model and our mitigations
│ ├── operational-security.md# TOR routing, stealth modes, and OPSEC controls
│ ├── ethical-policy.md # Mandatory rules of engagement for all users
│ └── abuse-prevention.md # How we prevent misuse of the AI engine
│
└── ⚖️ legal/ # Licensing and governance
├── agpl-guide.md # A plain-English overview of the AGPL-3.0-or-later license
├── why-agpl.md # The philosophy behind our license choice
├── trademark-policy.md # Branding and trademark guidelines
├── responsible-ai.md # Our framework for ethical AI usage
├── disclaimer.md # Important legal disclaimers
└── plugin-exception.md # The license exception for building custom plugins
As you read through the documentation, you might encounter some specific terms. Here is a quick cheat sheet:
| Term | What It Means |
|---|---|
| Provider | The backend AI engine powering Siyarix (e.g., OpenAI, Anthropic, Ollama). |
| Tool | A traditional security executable installed on your system (e.g., nmap, nuclei). |
| Plan | A step-by-step sequence of tool commands intelligently generated by the AI. |
| Workflow | A hardcoded, predefined execution path (usually defined in YAML/JSON) that doesn't require AI generation. |
| Persona | A specialized behavioral profile given to the AI (e.g., instructing it to act specifically as a "Network Recon Specialist"). |
| Knowledge Graph | Siyarix's internal memory where it stores findings (like IP addresses, open ports) to contextually inform future steps. |
Need help finding something specific? Feel free to use the search bar at the top of the documentation site, or open a discussion on our GitHub!