Zenzic — Documentation Quality Gate for CI/CD | Zenzic

Skip to main content<br>v0.9.0<br>The Exclusion Zone<br>for Markdown Documentation.<br>High-performance, engine-agnostic, and security-hardened static analysis.Get startedView on GitHub<br>100%<br>Deterministic

Subprocesses

O(N)<br>RE2 Engine

CI/CD<br>Native Gates

// EXECUTION_LAYER

Pain PointDocumentation drift is silent. Teams usually see it after deployment.

zenzic check all · v0.9.0<br>✘ SECURITY BREACH DETECTED<br>✘ Finding: Secret detected (aws-access-key) — rotate immediately.<br>✘ Location: docs/deploy.md:4<br>✘ Credential: AKIA************MPLE

Action: Rotate this credential immediately and purge it from the repository history.

standalone • 3 files (2 docs, 1 assets) • 0.0s • 87 files/s<br>docs/assets/unused.png ⚠ [Z405] File not referenced in any documentation page.<br>docs/deploy.md:1 ⚠ [Z502] Page has only 6 words (minimum 50).

1 ❱ # Deploy<br>2 │<br>3 │ ```bash<br>docs/index.md:1 ⚠ [Z502] Page has only 18 words (minimum 50).

1 ❱ # Welcome<br>2 │<br>3 │ See the [intro page](./intro.md) for details.<br>docs/index.md:3:8 ✘ [Z104] './intro.md' not found in docs

1 │ # Welcome<br>2 │<br>3 ❱ See the [intro page](./intro.md) for details.<br>│ ^^^^^^^^^^^^^^^^^^^^^^^^<br>4 │<br>5 │ <br>docs/index.md:5 ✘ [Z104] './assets/old-diagram.png' not found in docs

3 │ See the [intro page](./intro.md) for details.<br>4 │<br>5 ❱ <br>│ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^<br>6 │<br>7 │ This project was migrated from **OldPlatform** in Q1 2026.<br>docs/index.md:7:33⚠[Z601][Z601] Obsolete or unauthorized brand term 'OldPlatform' detected. Use semantic versioning (e.g., 'vX.Y.Z') in active prose, or suppress if this is a historical ledger.

5 │ <br>6 │<br>7 ❱ This project was migrated from **OldPlatform** in Q1 2026.<br>│ ^^^^^^^^^^^<br>────────────────────────────────────────────────────────────────────────────────<br>Summary: ✘ 2 errors ⚠ 4 warnings 💡 0 info • 3 files with findings<br>FAILED: Hard errors detected. Exit code 1 is mandatory.<br>Refer to https://zenzic.dev/docs/reference/finding-codes for remediation · Try 'zenzic check --help' for options.<br>🔒 Suppression Audit: 0/30 (inline: 0, per-file: 0)

Z104File not found→Z201Credential leak (exit 2)→Z405Unused asset→Z502Short content→Z601Brand obsolescence→

// FAILURE_TOPOLOGY

Reporter & CredentialsZenzic in Action CI gate blocks regressions before merge.<br>Every finding is pinned to file, line, and source. Structured output for human eyes and machine parsing alike.<br>Gutter reporter<br>Each error shows the exact offending source line with gutter context. No scrolling through logs to find what broke.<br>docs/guide.md<br>✘[FILE_NOT_FOUND]'intro.md' not reachable from nav<br>15│ before continuing.<br>16❱ See the getting started page for details.<br>17│ Then configure your environment.

credential scanner<br>Scans every line - including fenced bash and yaml blocks - for leaked credentials. Exit code 2 is reserved exclusively for security events.<br>SECURITY BREACH DETECTED<br>✘Finding:GitHub token detected<br>✘Location:docs/tutorial.md:42<br>✘Credential:ghp_************3456<br>Action:Rotate this credential immediately and purge it from the repository history.

Severity summary<br>Every run ends with a compact summary. You know immediately whether the check failed hard or only emitted warnings.<br>✘ 2 errors⚠ 1 warning• 1 file with findings<br>FAILED: One or more checks failed.

// DIAGNOSTIC_OUTPUT

The Zenzic Engineering LedgerThree invariants enforced on every commit. No exceptions. No shortcuts.<br>These are not aspirations — they are gates. Every release of Zenzic ships only when all three pass.<br>01Zero Assumptions at System Boundaries<br>Every public entry point validates its inputs at the boundary. Internal hot paths carry no defensive checks — the shape is guaranteed by the type system, enforced by mypy --strict on every merge.<br>docusaurus.config.ts · adapter run<br># Docusaurus project<br>uvx zenzic check all .

# Outcome<br># exit 0 -> no blocking findings<br># exit 1 -> quality gate blocks merge

02Subprocess-Free Analysis<br>Production-grade tools do not shell out during analysis. No subprocess.run(), no os.system() inside per-item loops. Zenzic validates your documentation stack without executing it.<br>mkdocs.yml · adapter run<br># MkDocs project<br>uvx zenzic check all .

# Same gate semantics as Docusaurus<br># deterministic findings, same exit codes

03Deterministic Dependency Graph<br>Every dependency is pinned in a lockfile, audited by Dependabot, and scanned for SPDX licence compatibility. No transitive surprises at release time. uv lock and reuse lint run on every commit.<br>zensical.toml · adapter run<br># Zensical project<br>uvx zenzic check all .

# Output is machine-readable and human-readable<br># for CI and local review

04Standalone Markdown Repositories<br>Runs on repositories without a framework-specific adapter by validating Markdown files and internal references directly.<br>standalone repository · adapter run<br># Plain Markdown repository<br>uvx zenzic check all...