Execution-aware security intelligence for Laravel and NestJS.
ArchMind reads your actual execution graph — routes, middleware chains, service calls, transactions — and surfaces it directly in your editor as inline hints and security findings.
async login(@Body() dto: LoginDto) { 🌐 public ⓪ LoginRequest AuthService::login
No config. No server to start. Open a project, see your routes.
| Editor | Delivery | How |
|---|---|---|
| VS Code | CodeLens above handlers + Route Explorer sidebar | Bundled extension |
| Zed | End-of-line inlay hints + hover security analysis | LSP via archmind-lsp |
| Neovim / Helix / other | Same as Zed — any editor with LSP support | archmind-lsp --stdio |
| Chip | Meaning |
|---|---|
🔒 JwtAuthGuard |
Authentication gate |
🌐 public |
Route explicitly marked public (no auth required) |
⚠ no-auth |
No auth guard detected — potential gap |
✅ RolesGuard:admin |
Authorization check with role |
⓪ CreateOrderDto |
Request validation class |
UserService::create |
Injected service calls |
⟲ txn |
DB transaction boundary |
⛔ missing_authorization |
Security finding |
| Finding | Severity | Description |
|---|---|---|
missing_authorization |
HIGH | Authenticated route with no role/ownership check |
exposed_read_endpoint |
HIGH | Public GET endpoint with business logic |
broken_access_control |
CRITICAL | Mutation route with no auth at all |
no_rate_limiting |
HIGH | Auth endpoint without throttle guard |
Install from the Marketplace → search ArchMind.
The extension bundles everything it needs. Activates automatically when it detects:
artisanin workspace root → Laravelnest-cli.jsonin workspace root → NestJS
Route Explorer sidebar — Activity Bar icon opens a tree view grouping routes by risk level. Click any route to jump to its controller method.
Commands:
| Command | Description |
|---|---|
ArchMind: Analyze Workspace |
Force re-analyze (also triggers on file save) |
ArchMind: Show Execution Graph |
CodeLens click — opens graph panel |
1. Install the language server:
npm install -g @kidkender/archmind-lsp2. Install the Zed extension from this repo (packages/zed/) or the Zed extension registry.
3. Enable inlay hints in ~/.config/zed/settings.json:
{
"inlay_hints": {
"enabled": true,
"show_background": true
}
}The Zed extension auto-discovers archmind-lsp from PATH. Hover over any annotated line to see the full security analysis.
Point your LSP client at archmind-lsp --stdio. Supports:
textDocument/inlayHinttextDocument/hover
| Framework | Detection |
|---|---|
| Laravel | Routes, middleware chains, FormRequests, Eloquent, DB::transaction |
| NestJS | @UseGuards, @Body DTOs, ValidationPipe, DataSource.transaction, @Public() |
VS Code extension (Electron ABI)
↓ spawns
dist/analyzer.cjs (system Node ABI)
↓ imports
@kidkender/archmind-laravel-parser
@kidkender/archmind-nestjs-parser
Zed / Neovim / Helix
↓ LSP stdio
@kidkender/archmind-lsp
↓ imports
@kidkender/archmind-laravel-parser
@kidkender/archmind-nestjs-parser
tree-sitter is a native addon. The VS Code extension spawns the analyzer as a child process to avoid Electron ABI mismatch — no setup needed. The LSP server runs under system Node directly.
| Package | Description |
|---|---|
@kidkender/archmind-lsp |
Language server (inlay hints + hover) for Zed and other LSP editors |
@kidkender/archmind-mcp |
MCP server for AI assistants (Claude, Cursor, …) |
@kidkender/archmind-laravel-parser |
Laravel PHP → execution graph |
@kidkender/archmind-nestjs-parser |
NestJS TypeScript → execution graph |
MIT — © kidkender