docs(faq): clarify AST-pattern format expresses vulnerable and safe patterns

misonijnik · misonijnik · commit 8fe287043984 · 2026-05-07T16:00:16.000+03:00
diff --git a/src/lib/faq.ts b/src/lib/faq.ts
@@ -7,7 +7,7 @@ export type FaqItem = {
 export const faqItems: readonly FaqItem[] = [
   {
     question: "What is OpenTaint?",
-    answer: "OpenTaint is an open source taint analysis engine for the AI era. It runs inter-procedural dataflow analysis to track untrusted data across function boundaries, persistence layers, aliases, and async code. For Java and Kotlin, the analysis works on bytecode. Rules are written in an AST-pattern format that's readable yet expressive enough for the engine to find real vulnerabilities without flagging safe code. It catches what AST-pattern matchers miss, turns LLM agent findings into reusable rules, and scales beyond what either can do alone.",
+    answer: "OpenTaint is an open source taint analysis engine for the AI era. It runs inter-procedural dataflow analysis to track untrusted data across function boundaries, persistence layers, aliases, and async code. For Java and Kotlin, the analysis works on bytecode. Rules are written in a readable AST-pattern format expressive enough to describe both vulnerable and safe patterns, letting the engine analyze deeply and precisely. It catches what AST-pattern matchers miss, turns LLM agent findings into reusable rules, and scales beyond what either can do alone.",
   },
   {
     question: "What vulnerabilities does OpenTaint detect?",

Original file line number	Diff line number	Diff line change
`@@ -7,7 +7,7 @@ export type FaqItem = {`
`7`	`7`	`export const faqItems: readonly FaqItem[] = [`
`8`	`8`	`{`
`9`	`9`	`question: "What is OpenTaint?",`
`10`		- answer: "OpenTaint is an open source taint analysis engine for the AI era. It runs inter-procedural dataflow analysis to track untrusted data across function boundaries, persistence layers, aliases, and async code. For Java and Kotlin, the analysis works on bytecode. Rules are written in an AST-pattern format that's readable yet expressive enough for the engine to find real vulnerabilities without flagging safe code. It catches what AST-pattern matchers miss, turns LLM agent findings into reusable rules, and scales beyond what either can do alone.",
	`10`	+ answer: "OpenTaint is an open source taint analysis engine for the AI era. It runs inter-procedural dataflow analysis to track untrusted data across function boundaries, persistence layers, aliases, and async code. For Java and Kotlin, the analysis works on bytecode. Rules are written in a readable AST-pattern format expressive enough to describe both vulnerable and safe patterns, letting the engine analyze deeply and precisely. It catches what AST-pattern matchers miss, turns LLM agent findings into reusable rules, and scales beyond what either can do alone.",
`11`	`11`	`},`
`12`	`12`	`{`
`13`	`13`	`question: "What vulnerabilities does OpenTaint detect?",`