v0.9.1

The Exclusion Zone
for Markdown Documentation.

High-performance, engine-agnostic, and security-hardened static analysis.

Get started View on GitHub

100%

Deterministic

Subprocesses

O(N)

RE2 Engine

CI/CD

Native Gates

// EXECUTION_LAYER

Pain Point

Documentation drift is silent. Teams usually see it after deployment.

zenzic check all · v0.9.1

✘ SECURITY BREACH DETECTED

✘ Finding: Secret detected (aws-access-key) — rotate immediately.

✘ Location: docs/deploy.md:4

✘ Credential: AKIA************MPLE

Action: Rotate this credential immediately and purge it from the repository history.

standalone • 3 files (2 docs, 1 assets) • 0.0s • 87 files/s

docs/assets/unused.png ⚠ [Z405] File not referenced in any documentation page.

docs/deploy.md:1 ⚠ [Z502] Page has only 6 words (minimum 50).

    1  ❱  # Deploy
    2  │
    3  │  ```bash

docs/index.md:1 ⚠ [Z502] Page has only 18 words (minimum 50).

    1  ❱  # Welcome
    2  │
    3  │  See the [intro page](./intro.md) for details.

docs/index.md:3:8 ✘ [Z104] './intro.md' not found in docs

    1  │  # Welcome
    2  │
    3  ❱  See the [intro page](./intro.md) for details.
       │          ^^^^^^^^^^^^^^^^^^^^^^^^
    4  │
    5  │  ![architecture](./assets/old-diagram.png)

docs/index.md:5 ✘ [Z104] './assets/old-diagram.png' not found in docs

    3  │  See the [intro page](./intro.md) for details.
    4  │
    5  ❱  ![architecture](./assets/old-diagram.png)
       │  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    6  │
    7  │  This project was migrated from **OldPlatform** in Q1 2026.

docs/index.md:7:33⚠[Z601][Z601] Obsolete or unauthorized brand term 'OldPlatform' detected. Use semantic versioning (e.g., 'vX.Y.Z') in active prose, or suppress if this is a historical ledger.

    5  │  ![architecture](./assets/old-diagram.png)
    6  │
    7  ❱  This project was migrated from **OldPlatform** in Q1 2026.
       │                                   ^^^^^^^^^^^

────────────────────────────────────────────────────────────────────────────────

Summary: ✘ 1 security breach ✘ 2 errors ⚠ 4 warnings 💡 0 info • 3 files with findings

FAILED: Hard errors detected. Exit code 1 is mandatory.

Refer to https://zenzic.dev/docs/reference/finding-codes for remediation · Try 'zenzic check --help' for options.

🔒 Suppression Audit: 0/30 (inline: 0, per-file: 0)

Z104File not found→Z201Credential leak (exit 2)→Z405Unused asset→Z502Short content→Z601Brand obsolescence→

// FAILURE_TOPOLOGY

Reporter & Credentials

Zenzic in Action CI gate blocks regressions before merge.

Every finding is pinned to file, line, and source. Structured output for human eyes and machine parsing alike.

Gutter reporter

Each error shows the exact offending source line with gutter context. No scrolling through logs to find what broke.

docs/guide.md

✘[FILE_NOT_FOUND]'intro.md' not reachable from nav

15│ before continuing.

16❱ See the getting started page for details.

17│ Then configure your environment.

credential scanner

Scans every line - including fenced <code>bash</code> and <code>yaml</code> blocks - for leaked credentials. Exit code <code>2</code> is reserved exclusively for security events.

SECURITY BREACH DETECTED

✘Finding:GitHub token detected

✘Location:docs/tutorial.md:42

✘Credential:ghp_************3456

Action:Rotate this credential immediately and purge it from the repository history.

Severity summary

Every run ends with a compact summary. You know immediately whether the check failed hard or only emitted warnings.

✘ 2 errors⚠ 1 warning• 1 file with findings

FAILED: One or more checks failed.

// DIAGNOSTIC_OUTPUT

The Zenzic Engineering Ledger

Three invariants enforced on every commit. No exceptions. No shortcuts.

These are not aspirations — they are gates. Every release of Zenzic ships only when all three pass.

Zero Assumptions at System Boundaries

Every public entry point validates its inputs at the boundary. Internal hot paths carry no defensive checks — the shape is guaranteed by the type system, enforced by mypy --strict on every merge.

docusaurus.config.ts · adapter run

# Docusaurus project
uvx zenzic check all .

# Outcome
# exit 0 -> no blocking findings
# exit 1 -> quality gate blocks merge

Subprocess-Free Analysis

Production-grade tools do not shell out during analysis. No subprocess.run(), no os.system() inside per-item loops. Zenzic validates your documentation stack without executing it.

mkdocs.yml · adapter run

# MkDocs project
uvx zenzic check all .

# Same gate semantics as Docusaurus
# deterministic findings, same exit codes

Deterministic Dependency Graph

Every dependency is pinned in a lockfile, audited by Dependabot, and scanned for SPDX licence compatibility. No transitive surprises at release time. uv lock and reuse lint run on every commit.

zensical.toml · adapter run

# Zensical project
uvx zenzic check all .

# Output is machine-readable and human-readable
# for CI and local review

Standalone Markdown Repositories

Runs on repositories without a framework-specific adapter by validating Markdown files and internal references directly.

standalone repository · adapter run

# Plain Markdown repository
uvx zenzic check all docs/

# Use in CI, pre-commit, or local checks
# without changing repository structure

// ADAPTER_SURFACE

Get Started

From zero to documentation integrity in one command.

No configuration required. No account needed. Works on any Markdown project.

zenzic · quickstart

✓zenzic · python 3.10+ · ready

# run the documentation quality gate

$uvx zenzic check all

# exit 0: no blocking findings

# exit 1: quality gate blocks merge

Read the full docs →Star on GitHub

Enterprise

Enterprise Governance & Scoring

Track suppression debt, enforce quality policies, and govern documentation health across teams and repositories.

// GOVERNANCE_GATE

Health Metrics

Quality Score Deterministic health check, per commit.

Track a deterministic score in CI to block regressions. A holistic, elegant view of your documentation health.

Metrics

Overall Health

+2%

CI Command

zenzic score --save

Internal Links Health

Anchor stability

100

External references

Orphan Detection

Unused Assets

Nav Isolation

100

// SUPPRESSION_POLICY

Governance

Suppression CAP — Live Preview

When active suppressions exceed the configured CAP, zenzic-action writes this summary directly to the GitHub Actions job panel. No log diving required.

CAP exceeded — exit 1

✘ Suppression CAP Exceeded+13

Active suppressions43

CAP limit30

Excess debt+13

📋 Remediation Playbook →

CAP within limit — exit 0

✔ Suppression CAP — Within Limit

Active suppressions18