-
Notifications
You must be signed in to change notification settings - Fork 2
getting started setup
Once you have installed Siyarix, the next step is connecting it to your preferred AI provider and tweaking the workspace to fit your style.
We have designed the setup process to be as straightforward and secure as possible.
The absolute easiest way to configure Siyarix is to just let the platform do it for you!
When you launch Siyarix for the very first time, an interactive, 11-step wizard will run automatically. It asks you a few simple questions, detects your environment, and configures everything.
# Just run this command and follow the prompts!
siyarixWant to change your setup later? You can re-run the wizard from scratch at any time:
siyarix init --forceIf you are using a cloud-based AI provider (like OpenAI or Anthropic), Siyarix needs an API key to communicate with them. You have two main ways to provide these keys:
You can temporarily or permanently export them in your terminal session:
export OPENAI_API_KEY="sk-..." # OpenAI
export GEMINI_API_KEY="..." # Google Gemini
export ANTHROPIC_API_KEY="sk-ant-..." # Anthropic ClaudeFor a more permanent solution, simply create a file named .env in your project folder, or in your central Siyarix directory (~/.siyarix/.env).
OPENAI_API_KEY=sk-...
GEMINI_API_KEY=...
ANTHROPIC_API_KEY=sk-ant-...Siyarix loads this file automatically on startup. Check out .env.example in the repository root for a complete template!
We take security seriously. You shouldn't have API keys lying around in plain text. Siyarix includes an integrated Credential Vault that stores your API keys and secrets using robust AES-256-GCM encryption, directly integrated with your operating system's native keyring.
Here is how you use the vault from the CLI:
# Securely prompt for and store your OpenAI key (input is hidden!)
siyarix auth set-key openai
# List which providers you have configured
siyarix auth show
# Store a custom credential for a specific security tool
siyarix creds set <provider_or_tool> <key>
# Rotate your master encryption key for maximum security
siyarix creds rotate Why our Vault is Secure:
- Key Storage: Uses your OS system keyring (Keychain on macOS, Credential Manager on Windows) as the primary storage.
- Key Derivation: We use PBKDF2 with SHA-256 and 600,000 iterations (meeting OWASP recommendations).
-
capable Ready: Supports AWS KMS envelope encryption (
SIYARIX_KMS_PROVIDER=aws). - Memory Safe: Credentials are automatically cleared from memory the moment your session ends.
- Zero Hardcoding: Keys are never written to source code, plain config files, logs, or debug outputs.
Beyond API keys, Siyarix has a wide array of settings (like color themes, output formats, and default models). These are saved in a central file: ~/.siyarix/settings.toml.
You can manage these settings easily through the CLI:
siyarix config list # View every setting
siyarix config get model_provider # See what AI provider is currently active
siyarix config set model_provider gemini # Change the active AI provider
siyarix config edit # Open the settings file in your favorite text editor
siyarix config reset # Messed something up? Restore the factory defaults!Here are some of the most important settings you might want to tweak:
| Setting Name | Default Value | What It Does |
|---|---|---|
model_provider |
auto |
The active AI engine. Options: auto, openai, gemini, anthropic, ollama, etc. |
default_output_format |
table |
How results are displayed. Options: table, json, yaml, csv, html, markdown, raw, quiet. |
color_theme |
default |
Change the terminal vibe! Options: cyber_noir, matrix, bloodmoon, arctic, synthwave, neon, etc. |
stealth_mode |
false |
Enable strict OPSEC features (like TOR routing, request jitter, and proxy rotation). |
persona |
auto |
Set the AI's "mindset". Options: redteam, blueteam, dfir, appsec, osint, cloud, etc. |
default_parallel |
3 |
The maximum number of security tools Siyarix can run at the exact same time. |
max_waves |
25 |
How many "plan-execute-measure" cycles the autonomous agent can run before giving up. |
auto_save_session |
false |
Should we save your session logs on exit? (Defaults to false to leave zero footprint). |
Your workspace is configured and ready to go!
- Your First Run — Let's execute your very first automated security workflow.
- Configuration Deep-Dive — Want to see every possible setting? Check out the full reference.
Note
👋 Welcome to Siyarix! This is a personal passion project built by a single developer. It's currently under active development and growing fast. Expect rough edges, but lots of love! ❤️
Welcome to the Siyarix Documentation Map! This page serves as your master compass for navigating the extensive documentation we have built for the platform.
Whether you are a brand new user, a seasoned security operator, or a developer looking to contribute to the core engine, you can find exactly what you need here.
Not sure where to start? Pick the path that best describes you:
Just getting started? We highly recommend following these guides in order:
- Installation Guide — Get Siyarix running on your machine.
- Onboarding Wizard — Let our interactive wizard help you set up your API keys and environment.
- Setup & Configuration — A deeper dive into customizing your setup.
- Your First Run — A gentle walkthrough of your very first Siyarix command.
Ready to put Siyarix to work? Dive into our operational guides:
- Interactive Chat (REPL) — Learn how to use the powerful interactive terminal.
- Security Workflows — Best practices for recon, vulnerability assessment, and incident response.
- Cloud & IaC Scanning — How to secure your cloud environments and infrastructure code.
- Compliance Frameworks — Map your scans to SOC 2, HIPAA, ISO 27001, and more.
Looking under the hood or wanting to write some code? Start here:
- Contribution Guide — Our workflow, standards, and how you can help!
- Codebase Overview — A comprehensive map of our 82+ source modules.
- Testing Standards — How we ensure reliability with pytest and CI/CD.
- Module Architecture — Component design and responsibilities.
If you prefer to browse the raw structure, here is a complete layout of the docs/ folder:
docs/
├── 🚀 getting-started/ # Installation, onboarding, and configuration
│ ├── installation.md # Multi-platform install (pip, brew, winget, docker)
│ ├── onboarding.md # The interactive 11-step setup wizard
│ ├── setup.md # Managing API keys, credentials, and settings
│ ├── first-run.md # A walkthrough of your first session
│ ├── configuration.md # A deep-dive into advanced settings
│ └── troubleshooting.md # Common issues and how to fix them instantly
│
├── 📖 user/ # Daily operations and workflows
│ ├── cli-commands.md # Reference for 50+ CLI commands across 12 groups
│ ├── interactive-chat.md # Mastering the AI REPL and 54+ slash commands
│ ├── security-workflows.md # Recon, vulnerability assessment, incident response
│ ├── cloud-scanning.md # Multi-cloud security scanning (under development)
│ ├── compliance.md # Framework mapping (SOC 2, NIST, GDPR, PCI-DSS)
│ ├── threat-intelligence.md# Integrations with OTX, NVD, and MITRE ATT&CK
│ ├── playbooks.md # Building automated YAML-based IR playbooks
│ ├── workflow-files.md # DAG workflow reference (programmatic API)
│ ├── reporting.md # Multi-format report generation
│ ├── offline-registry.md # Running without AI (Offline/Registry execution mode)
│ └── ai-workflows.md # Advanced AI-driven autonomous operations
│
├── 💻 developer/ # Building, testing, and extending Siyarix
│ ├── codebase-overview.md # Full module structure mapping
│ ├── contribution-guide.md # How to submit PRs and our coding standards
│ ├── module-architecture.md# Component design and responsibilities
│ ├── testing.md # Writing tests (pytest), coverage, and CI/CD
│ └── building.md # Packaging, distribution, and Docker builds
│
├── 🏗️ architecture/ # System design and core internals
│ ├── overview.md # High-level data flow and layered orchestration
│ ├── ai-agent-pipeline.md # The AgentCore reasoning and execution pipeline
│ ├── provider-abstraction.md# How we unify 26 different AI providers
│ ├── execution-engine.md # Plan-based step orchestration
│ ├── memory-and-state.md # Knowledge graph, session persistence, and learning
│ ├── security-model.md # The Permission Gate, DLP, audit logging, and OPSEC
│ └── intent-routing.md # Semantic intent classification and routing
│
├── 🧠 ai/ # Deep dive into the AI provider & agent systems
│ ├── routing.md # Managing 26 providers, failovers, and circuit breakers
│ ├── persona-system.md # Overview of our 10 security personas
│ ├── agent-reasoning.md # The Observe-Reason-Act loop and tool call repair
│ ├── tool-execution.md # The tool registry, capability graph, and parsers
│ ├── ensemble.md # Parallel LLM voting strategies
│ ├── multi-wave.md # Iterative goal execution with context carry-over
│ ├── prompt-architecture.md# System prompt design and management
│ └── safety.md # Our rigorous 8-layer hallucination mitigation system
│
├── 🛡️ security/ # Safety, ethics, and threat models
│ ├── reporting.md # How to safely report vulnerabilities to us
│ ├── threat-model.md # System threat model and our mitigations
│ ├── operational-security.md# TOR routing, stealth modes, and OPSEC controls
│ ├── ethical-policy.md # Mandatory rules of engagement for all users
│ └── abuse-prevention.md # How we prevent misuse of the AI engine
│
└── ⚖️ legal/ # Licensing and governance
├── agpl-guide.md # A plain-English overview of the AGPL-3.0-or-later license
├── why-agpl.md # The philosophy behind our license choice
├── trademark-policy.md # Branding and trademark guidelines
├── responsible-ai.md # Our framework for ethical AI usage
├── disclaimer.md # Important legal disclaimers
└── plugin-exception.md # The license exception for building custom plugins
As you read through the documentation, you might encounter some specific terms. Here is a quick cheat sheet:
| Term | What It Means |
|---|---|
| Provider | The backend AI engine powering Siyarix (e.g., OpenAI, Anthropic, Ollama). |
| Tool | A traditional security executable installed on your system (e.g., nmap, nuclei). |
| Plan | A step-by-step sequence of tool commands intelligently generated by the AI. |
| Workflow | A hardcoded, predefined execution path (usually defined in YAML/JSON) that doesn't require AI generation. |
| Persona | A specialized behavioral profile given to the AI (e.g., instructing it to act specifically as a "Network Recon Specialist"). |
| Knowledge Graph | Siyarix's internal memory where it stores findings (like IP addresses, open ports) to contextually inform future steps. |
Need help finding something specific? Feel free to use the search bar at the top of the documentation site, or open a discussion on our GitHub!