Our Journey
From an initial idea of a personal project to a fully-fledged AI-native cybersecurity orchestrator \u2014 a rapid sprint of over 1,200 commits that shaped Siyarix into what it is today.
The Personal Project Origin
Siyarix began as a private command-line experiment by the PathMaker. The initial focus was exploring whether natural language instructions could be parsed into deterministic command sequences, laying the groundwork for the core intent routing model.
Core Repository Migration & First Commit
The project was formalised and migrated from local workspaces into a dedicated private GitHub repository. On May 15, the first commit (abec71d) was recorded, establishing Siyarix as a package and setting up the CLI onboarding scaffolding.
Modular Architecture & Parser Ecosystem
An explosive burst of 430+ commits laid the architectural foundation. We designed the modular parser system, created indexable CLI templates, and registered the first core threat intelligence parsers including Amass, Subfinder, and Shodan. This phase established the structural patterns that would guide all future development.
Multi-Turn AgentLoop & LLM Integration
We introduced the multi-turn AgentLoop module for direct LLM tool calling, added the OpenRouter adapter for expanded provider access, and began migration to the google.genai SDK. The intent routing engine was implemented, allowing natural language instructions to be translated into precise, deterministic tool execution sequences.
Provider Ecosystem & Security Hardening
Security became a first-class concern. We replaced default XML libraries with defusedxml to block XXE attack vectors, expanded provider support to 25+ AI models, and implemented the first iteration of the credential store with AES-256-GCM encryption. Cross-platform compatibility began taking shape.
Local LLM Orchestration & Model Management
Over 280 commits focused on local, offline autonomy. We added native llama.cpp and Ollama installation hooks, handled dynamic GGUF cache extractions, implemented model tier recommendations, and built the infrastructure for completely offline security operations independent of cloud connectivity.
725 Cybersecurity Tools & Discovery Engine
We compiled a comprehensive database of 725 cybersecurity tools spanning 51 categories with version detection patterns, risk levels, and metadata enrichment. The /tools command was enhanced with a 5-column table view and category filtering, transforming how users discover and interact with their security toolchain.
24-Provider Architecture & SDK Migration
We expanded to support 24 AI providers with a unified ProviderManager singleton, automatic failover, and circuit breaker resilience patterns. The SDK was migrated to google.genai and OpenAI v2, with Gemini adopting native REST API for superior reliability. A credential vault with hardware-based device fingerprinting was introduced for enterprise-grade secret management.
Natural Language Engine & Smart Planning
The NLP engine was upgraded with Okapi BM25 intent scoring, TF-IDF vectorization, entity extraction with negation handling, and a deep ontology system. A router-specialist planner architecture was introduced, splitting execution into two specialised planners with DAG dependency injection for complex multi-step workflows.
Comprehensive Documentation & Knowledge Base
Thousands of lines of documentation were written across architecture guides, AI subsystem internals, developer handbooks, security policies, and user manuals. The MkDocs site was revamped with Material theme, and all project documentation was synchronised for the v3.0.0 release, making the project accessible to newcomers and experts alike.
Permission Gates, DLP & Audit Trail
We implemented a two-stage permission gate with a SHA-256 chained audit log, a Data Loss Prevention engine with target masking, stealth mode proxy support, and SIEM webhook dispatch. Critical vulnerabilities including SQL injection and XSS in HTML reports were identified and patched, ensuring enterprise-grade operational security.
Continuous Learning & Adaptive Skill System
The continuous learning system was implemented with Jaccard-based similarity matching for skill reuse, universal skill compilation with parameter abstraction, and schema migration through v4. A thread-safe knowledge graph was introduced alongside confidence-based skill maintenance, enabling Siyarix to grow smarter with every execution.
SQLite Migration & Cross-Platform Stability
Settings and execution states were migrated from flat files to a persistent SQLite database. The offline queue was switched to thread-local connections for safe concurrent access, and destructive command detection was introduced. Cross-platform fixes were applied across Windows, macOS, and Linux, ensuring consistent behaviour everywhere.
Brand Overhaul & Community Infrastructure
The project underwent a comprehensive rebranding with version normalisation to v1.0.0 across all distribution channels. The README was rewritten with dynamic badges and a warmer tone, governance documents were consolidated, and installation scripts were streamlined across Linux, macOS, Windows, Android (Termux), and HarmonyOS platforms.
Siyarix Goes Public!
The Siyarix GitHub repository was officially transitioned from private to public! Siyarix launches its first stable v1.0.0 release, featuring over 1,200 commits of development history, 24 provider integrations, 110+ tool parsers, 4 execution modes, and enterprise-grade security controls. The doors are now open to the global security community.
Sustainable Open Source & Community Growth
Siyarix is now an actively growing public platform. The journey continues as we refine AI context engines, expand our modular security plugin ecosystem with forensics, compliance and cloud SAST modules, and warmly welcome global contributions. This is just the beginning of what we can build together as a community.
Be Part of What’s Next
The journey doesn’t stop here. Join the community and help shape the future of AI-native cybersecurity orchestration.