[Darkroom4364]

Hello World! collaborator here. We're currently working on rule tuning, confidence scores, per-rule enable/disable, severity overrides, and threshold tuning for things like secret detection. Basically letting teams dial in what matters to them without just turning rules off.

One thing I think is underrated about the approach: rules run on tree-sitter ASTs, not regex, so they actually understand the structure of your code. We also have cross-file taint tracking (following data from source -> sink across function calls), which catches stuff that pattern matchers just can't. And it's still so incredibly fast.