ποΈ Module Architecture¶
Curious how Siyarix ticks under the hood? This document breaks down the internal architecture, detailing how modules interact and the design patterns I used while building this personal passion project.
𧩠Module Organization¶
Siyarix is organized into directories and standalone modules. Here's a map:
| Module | Responsibility |
|---|---|
core/ |
π§ The orchestrator kernel: AgentCore, SwarmRouter, and CommandPipeline. |
chat/ |
π¬ The interactive REPL UI, session management, and LLM engine. |
providers/ |
βοΈ AI provider abstraction layer and API management. |
parsers/ |
π Tool output parsers. |
plugins/ |
π Dynamic plugin loader. |
output/ |
π¨ The rendering engine. |
report/ |
π Security report generation. |
stealth.py |
π₯· Basic stealth configurations for tools. |
dlp.py |
π‘οΈ Data masking helper. |
permission_gate.py |
π§ Command access control. |
credential_store.py |
π Local encrypted credential vault. |
workflow.py |
π Workflow execution logic. |
βοΈ Execution Engine¶
The Execution Engine operates in three modes, dispatched by the Task Planner:
| Mode | Planner | Permission Level | Autonomy |
|---|---|---|---|
REGISTRY |
Template-based | Full gate | None |
AUTONOMOUS |
LLM-driven | Minimal | Full |
HYBRID (Default) |
Combined | Full gate | User confirmation |
π Execution Flow¶
- The Planner generates an
ExecutionPlan. - Each step passes through the PermissionGate.
- Steps execute using
asyncio.gather(). - Output is parsed via the ParserRegistry.
- Transient errors are handled by the ProviderStateManager.
Tip
Worker Pool Throttling: Siyarix uses asyncio.Semaphore to limit concurrency and prevent resource exhaustion.
πΊοΈ Task Planners¶
Siyarix uses a dual-planner architecture: - Registry Planner: A deterministic, template-based planner using keyword matching. - Autonomous Planner: The LLM-driven planner that translates natural language into execution steps.
π§ Permission Gate (permission_gate.py)¶
To help prevent accidents, Siyarix runs a review before execution:
1. Syntax Gate: Checks structural limits.
2. Danger Analysis: Scans against potentially dangerous commands.
It returns ALLOW, DENY, or asks the user for REVIEW.
βοΈ Provider Manager (providers/manager.py)¶
The ProviderManager handles integrations with various AI providers (OpenAI, Anthropic, Gemini, Ollama, etc.). It includes failover logic so you can keep working if your primary provider goes down.
π Credential Store (credential_store.py)¶
To keep your API keys safer, the CredentialStore encrypts them locally using AES-256-GCM and the OS system keyring, avoiding plaintext configuration files.
π‘οΈ DLP Engine (dlp.py)¶
The DLP engine is a lightweight tool to help prevent accidentally leaking secrets (like AWS keys or local passwords) to cloud providers by masking them before sending prompts.
π§ Knowledge Graph (knowledge_graph.py)¶
An in-memory directed graph of discovered nodes (Hosts, ports, vulnerabilities) that helps provide context for the report engine.
π Swarm Architecture (core/swarm.py)¶
A simple multi-agent setup where tasks are broken down between specialized sub-agents (Recon, Exploit, Report).
π Learning System (learning_system.py)¶
A privacy-preserving feature that tries to remember past successful executions and command structures to improve future runs locally, without relying on external ML frameworks.