DEV Community

Cover image for How I built zenflow — paste an idea, get an architecture blueprint, security guide, and scaffold as a ZIP of high standards to start with
Divya Bairavarasu
Divya Bairavarasu

Posted on

How I built zenflow — paste an idea, get an architecture blueprint, security guide, and scaffold as a ZIP of high standards to start with

#ai #sideprojects #nextjs #productivity

I have a folder on my desktop called _starts. It is a graveyard. Half-finished package.json files, three different ESLint configs I never actually agreed with, a SECURITY.md from one project I keep copying into the next.

Every single side project starts the same way for me:

  1. npx create-next-app
  2. Stare at the empty app/ directory.
  3. Open my last project. Copy the auth setup. Copy the rate limiter. Copy the coding_standards.md I wrote at 1am once and now treat as scripture.
  4. Realize the standards don't quite match this project's stack.
  5. Edit them. Forget what I was originally building.

I lost an entire weekend to step 4 last month. So I built the thing I wanted: paste a plain-English idea, get back a ZIP with the architecture blueprint, security guide, coding standards, and a starter scaffold — already shaped for that idea, not a generic template.

I called it zenflow. It's at https://zenflow.buzz.

What it actually does

You type something like "a habit tracker with streaks and a weekly email digest" and it gives you back:

  • architecture.md — the system design, with the trade-offs called out (not just "use Postgres", but why Postgres for this and what you'd swap if scale changed)
  • coding_standards.md — opinionated, but tailored to the stack it picked for your idea
  • security.md — OWASP-mapped, with the actual threats relevant to your app called out (a habit tracker doesn't need PCI guidance; a Stripe integration does)
  • A starter scaffold matching the blueprint

It runs on DeepSeek for the generation, Stripe for billing, Upstash Redis for kit storage with a 1-hour TTL (you download, then it's gone — no data hoarding), and ships on Vercel.

What I learned building it

The hard part wasn't the AI. It was the prompt scaffolding. Generating "a coding standards doc" gives you LinkedIn-influencer mush. Generating "a coding standards doc for a Next.js 16 app using Stripe webhooks where the dev cares about webhook idempotency" gives you something you'd actually keep. The product is mostly a pipeline that turns a one-liner into the second kind of prompt.

Security headers are a rabbit hole. I had X-XSS-Protection in my response headers because every "Next.js security checklist" blog post from 2021 says to set it. Then a Playwright test (that I generated with the tool, ironically) failed because modern guidance is to omit it — CSP is the replacement, the legacy header can introduce XS-Leaks. Deleted the test, kept the omission. Felt good.

Shipping the boring stuff matters most. The thing people remember about my tool is not the AI generation. It's that the ZIP contains a README.md with the env vars filled in and a .env.example that matches. The unsexy 5% is what makes it feel real.

Try it

It's live: https://zenflow.buzz. I'd love to hear what stack you throw at it that breaks the output — that's how I find the gaps.

If you build something with it, reply with a link. I'm collecting them.

Top comments (0)