From 80% False Positives to 95% Accurate: How We Fixed Architecture Linting

The Starting Point Two months ago, we built Architect Linter to solve a real problem: teams' codebases fall apart as they grow . v5 used simple pattern matching for security analysis: Any function with "execute" in name → sink All parameters → potential sources Result: False positives everywhere // Real code from a production NestJS app // v5 would flag as CRITICAL VULNERABILITY const executeWithErrorHandling = async ( callback ) => { try { return await callback (); } catch ( e ) { logger . error ( e ); return null ; } }; const userInput = req . query . name ; const result = executeWithErrorHandling ( async () => { // Do something safe with userInput return db . prepare ( " SELECT * FROM users WHERE name = ? " ). run ( userInput ); }); // v5: 🚨 CRITICAL: "executeWithErrorHandling is a sink" // 🚨 CRITICAL: "executeWithErrorHandling receives user input" // Reality: ✅ Code is 100% safe (parameterized query) Developers ignored all findings. Security analysis became useless. The Rewrite: CF