Instant insight into any codebase. Auto-generate rich architecture docs with Mermaid diagrams, API endpoints, database schemas, external integrations, tech stack detection, and code health analysis. Built for AI-generated codebases.
The README your AI agent should have written. Generate a complete
ARCHITECTURE.mdfor any JS/TS codebase. No AI. No signup. No config.
npx zinsight
That's the whole setup. ~5 seconds later, your repo has an ARCHITECTURE.md that explains itself.
You (or your AI agent) shipped a working app over weeks of prompts. It works. But six months later you can't remember:
zinsight answers those questions in one command, by statically analysing the code — no LLM, no API keys, no source code uploaded anywhere.
A single ARCHITECTURE.md with sections like:
For a NestJS backend with 19,693 lines of code:
Zinboard Api is a backend API service built with Express, NestJS that enables users to conduct 1:1 meetings, collect and manage feedback, track goals, manage teams, manage team members, leverage AI-powered insights, and track decisions.
The codebase follows a modular, controller-service, guard-protected, schema-driven architecture — each feature is a self-contained module with clear separation between HTTP handling (controllers), business logic (services), and data access (schemas).
## Walking Through One Request
The most-trafficked path is GET /oneonones/:id. Picked from the
oneonones.controller.ts (19 endpoints in that file) — typical read-by-id
path through the system.
1. Client sends GET /oneonones/:id
2. Middleware runs: SessionAuthMiddleware, RequestIdMiddleware, main.ts
3. Guards check access: AuthenticatedGuard → RolesGuard → OrgGuard
4. Controller get() is invoked — src/oneonones/oneonones.controller.ts
5. Service get() runs business logic — src/oneonones/oneonones.service.ts
6. Reads/writes MONGODB — scoped query against `oneonones` collection
7. Response returned to client (JSON)
## Where to Look
| If you want to change... | Look in |
|------------------------------------|-----------------------------------------------------------|
| Authentication / Login | src/auth/auth.service.ts, src/auth/auth.sessionMiddleware |
| Authorization / Roles | src/auth/guard/roles.guard.ts |
| Database schemas | src/schemas/ |
| AI / LLM integration | src/ai/ai.service.ts, src/ai/prompt.ts |
| Email / Notifications | src/integrations/slack/notification.service.ts |
| Webhooks | src/integrations/zoom/zoom.controller.ts |
# Run on the current directory
npx zinsight
# Or specify a directory
npx zinsight ./my-project
# Custom output path
npx zinsight --output docs/ARCHITECTURE.md
That's it. No install. No login. No keys.
| zinsight | Hand-written docs | LLM-based tools (CodeRabbit, etc.) | IDE features | |
|---|---|---|---|---|
| Setup time | 5 seconds | hours/days | sign-up, API keys, config | already in editor |
| Cost | free | engineer time | $20-200/mo | varies |
| Sends source code anywhere | ❌ no | n/a | ✅ yes | varies |
| Deterministic output | ✅ same input = same output | n/a | ❌ model drift | varies |
| Stays current with code | ✅ regenerate any time | ❌ rots immediately | ✅ on each PR | n/a |
| Works offline / air-gapped | ✅ yes | n/a | ❌ no | varies |
| Generates Mermaid diagrams | ✅ yes | maybe | sometimes | rarely |
| Output format | Single ARCHITECTURE.md | varies | comments, dashboards | inline |
The "no AI, no signup" part is intentional — zinsight is built for environments where LLM tools are blocked (banking, healthcare, defense), and for the case where you just want to understand a codebase without paying anyone.
Inheriting a vibe-coded repo · You (or your AI agent) built a working app. Now you need to explain it to a new contributor — or future you.
Open-source contributors · A new contributor lands in your project. ARCHITECTURE.md orients them in 5 minutes instead of 5 hours.
Pre-merge review · Drop the GitHub Action in. Every PR gets an updated ARCHITECTURE.md automatically.
Security / compliance review · Map every external service, every state surface, every env var, every auth surface — with file paths.
Air-gapped / regulated environments · No data ever leaves your machine. Pure local static analysis.
Usage: zinsight [options] [directory]
Arguments:
directory Project root directory (default: current)
Options:
-V, --version Output the version number
-o, --output <path> Output file path (default: ARCHITECTURE.md)
-r, --root <path> Project root directory (alias for [directory])
-h, --help Show help
Drop this in any repo to keep ARCHITECTURE.md automatically up to date on every push to main:
# .github/workflows/architecture.yml
name: Architecture Docs
on:
push:
branches: [main]
jobs:
zinsight:
runs-on: ubuntu-latest
permissions:
contents: write # required if commit: true
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # full history → richer Hotspots section
- uses: actions/setup-node@v4
with:
node-version: 20
- uses: zinboard/zinsight-action@v1
with:
output: ARCHITECTURE.md
commit: true
See GITHUB_ACTION.md for full setup, advanced options, and PR-comment mode.
zinsight currently understands JavaScript and TypeScript codebases (.js, .jsx, .ts, .tsx). It detects:
Python, Go, and Rust support is on the roadmap.
Does it send my code anywhere? No. zinsight is a CLI tool that runs entirely on your machine. No network calls, no telemetry, no signup, no API keys. The only thing it touches outside your repo is git (to read commit history for the Hotspots section).
Why does Socket flag "Network access" and "Shell access" on this package? Those flags surface capability (the code can call shell / network), not malicious behaviour, and they come from transitive dependencies — not zinsight itself. Specifically:
glob (a runtime dep for finding source files), which uses cross-spawn under the hood to invoke git when expanding patterns on some platforms.zinsight's own source is auditable — no child_process, no http/https, no fetch. If the Socket flags concern you, fork the repo and run with npm ci --omit=dev plus node --frozen-intrinsics dist/cli/index.js <path> to confirm. We're tracking dep replacements that would eliminate these flags entirely (see CHANGELOG.md).
Why no AI? Three reasons: (1) determinism — same input always produces the same output; (2) speed — runs in seconds not minutes; (3) it works in environments where LLM tools are blocked or impossible (regulated industries, air-gapped networks, on-call from a plane).
Can I add an AI section?
Not built in by default — see "Why no AI" above. We may add an opt-in --story flag in a future release that uses your own API key (BYOL) to generate a narrative paragraph. Roadmap, not committed.
Does it work on monorepos?
Yes. zinsight detects nested package.json files in static/, apps/, packages/, frontend/, client/, web/, ui/ (one level deep). Run it at the monorepo root.
My repo isn't JavaScript / TypeScript — does this work? Not yet. JS/TS only at the moment. Python, Go, and Rust are on the roadmap.
Will it overwrite my hand-written ARCHITECTURE.md?
By default, yes — it writes to ARCHITECTURE.md. Use --output docs/zinsight.md (or any other path) to keep them separate.
How does the Hotspots section know about git history?
It runs git log --since=180.days.ago --name-only. If you're in a fresh clone with shallow history (CI default), set fetch-depth: 0 on the checkout step to get the full picture.
Why does it skip some routes my framework supports? zinsight uses AST patterns to detect routes. If your framework uses an unusual registration style (custom decorators, dynamic mounting), some routes may be missed. Open an issue with a small reproduction and we'll add detection.
The Conventions section says we follow X. We don't follow X consistently. Conventions are detected based on majority pattern + listed exceptions. If 70% of files follow a pattern and 30% don't, the rule is reported with a note about the exceptions. Use this as a "should we standardize?" prompt rather than a strict rule.
Can I ignore certain folders?
zinsight respects .gitignore automatically. To ignore additional paths beyond gitignore, the recommended workaround is to run zinsight against a more specific subdirectory (e.g., npx zinsight src/).
Where can I see example outputs?
We're putting together an examples/ directory with generated docs for popular open-source projects. Coming soon. In the meantime, run it on your own repo — that's the best demo.
PRs welcome. Best ways to help:
Local dev:
git clone https://github.com/zinboard/zinsight.git
cd zinsight
npm install
npm run build
node dist/cli/index.js --root /path/to/some/repo
MIT — see LICENSE.
Built by Dhanush Shetty at Zinwave Innovations. If zinsight saves you time, a star on GitHub helps others find it.
FAQs
Instant insight into any codebase. Auto-generate rich architecture docs with Mermaid diagrams, API endpoints, database schemas, external integrations, tech stack detection, and code health analysis. Built for AI-generated codebases.
We found that zinsight demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
Laravel Lang packages were compromised with an RCE backdoor across hundreds of versions, exposing cloud, CI/CD, and developer secrets.
Security News
Socket found a malicious postinstall hook across 700+ GitHub repos, including PHP packages on Packagist and Node.js project repositories.
Security News
Vibe coding at scale is reshaping how packages are created, contributed, and selected across the software supply chain