docs: add Joern competitive deep-dive with feature candidates

[carlos-alm]

Summary

• Add comprehensive competitive deep-dive comparing codegraph vs Joern across 9 dimensions (parsing, graph model, queries, performance, install, AI/MCP, security, developer productivity, ecosystem)
• Reorganize generated/competitive/ folder — move COMPETITIVE_ANALYSIS.md into it alongside the new joern.md
• Fix broken links to the moved COMPETITIVE_ANALYSIS.md across docs
• Append a Joern-Inspired Feature Candidates section with 11 actionable features graded using the same tier system as BACKLOG.md (zero-dep, foundation-aligned, problem-fit, breaking)

Feature candidates added (Tier 1)

• Non-breaking: call-chain slicing (J1), type-informed resolution (J2), error-tolerant parsing (J3), regex filtering (J10), Kotlin (J4), Swift (J5), script execution (J11)
• Breaking: expanded node types (J6), expanded edge types (J7), intraprocedural CFG (J8), stored queryable AST (J9)
• Not adopted: 9 features with FOUNDATION.md reasoning (full CPG, taint analysis, binary analysis, plugin system, etc.)
• Cross-references: BACKLOG IDs 14 (dataflow) and 7 (OWASP/CWE)

Test plan

• Verify all internal links resolve (BACKLOG.md, COMPETITIVE_ANALYSIS.md, FOUNDATION.md)
• Confirm no source code changes — docs only
• Review feature candidate grading against BACKLOG.md scoring guide

[greptile-apps]

Greptile Summary

Added comprehensive Joern competitive analysis and reorganized competitive documentation into generated/competitive/ folder, with all internal links updated across the repository.

• New deep-dive analysis: generated/competitive/joern.md provides detailed comparison across 9 dimensions (parsing, graph model, queries, performance, install, AI/MCP, security, developer productivity, ecosystem)
• Feature candidates section: 11 actionable features (J1-J11) graded using BACKLOG.md tier system—7 non-breaking (call-chain slicing, type-informed resolution, error-tolerant parsing, Kotlin/Swift support, regex filtering, script execution) and 4 breaking (expanded node/edge types, intraprocedural CFG, stored queryable AST)
• Foundation alignment: Each feature candidate correctly assessed against FOUNDATION.md principles with accurate zero-dep, foundation-aligned, problem-fit, and breaking classifications
• Cross-references: Proper links to BACKLOG IDs 14 (dataflow) and 7 (OWASP/CWE) with correct reasoning for features not adopted
• Folder reorganization: Moved COMPETITIVE_ANALYSIS.md into generated/competitive/ alongside new joern.md
• Link fixes: Updated all references in FOUNDATION.md, README.md, and BACKLOG.md to point to the new location

All internal links verified to resolve correctly. No source code changes—documentation only.

Confidence Score: 5/5

• This PR is completely safe to merge—documentation-only changes with no code modifications
• All changes are documentation additions and folder reorganization with link updates. Feature candidate grading is consistent with BACKLOG.md scoring guide, internal links resolve correctly, and BACKLOG ID cross-references (14, 7) are accurate. No breaking changes to code, API, or functionality.
• No files require special attention

Important Files Changed

Filename	Overview
FOUNDATION.md	Updated link to COMPETITIVE_ANALYSIS.md to reflect reorganized folder structure
README.md	Updated link to COMPETITIVE_ANALYSIS.md to reflect reorganized folder structure
docs/roadmap/BACKLOG.md	Updated link to COMPETITIVE_ANALYSIS.md to reflect reorganized folder structure
generated/competitive/COMPETITIVE_ANALYSIS.md	Moved file from generated/ to generated/competitive/ with no content changes
generated/competitive/joern.md	Comprehensive competitive deep-dive comparing codegraph vs Joern with 11 actionable feature candidates graded using BACKLOG.md tier system

_{Last reviewed commit: 3b4da90}

[greptile-apps]

_{5 files reviewed, no comments}

_{Edit Code Review Agent Settings | Greptile}

[claude]

Claude finished @carlos-alm's task —— View job

---

PR Review: Joern Competitive Deep-Dive

Conducting comprehensive review of this documentation PR following the 4-phase process:

Todo List:

• Phase 1: Root cause analysis - understand problem being solved
• Phase 2: Configuration change detection (HIGH SCRUTINY)
• Phase 3: Test integrity validation
• Phase 4: Documentation quality and accuracy review
• Verify feature candidate grading against BACKLOG.md standards
• Check internal link integrity and organizational structure
• Final assessment and recommendation

Root Cause Analysis

Problem Being Solved: This PR addresses a clear documentation gap by providing comprehensive competitive analysis against Joern, codegraph's strongest competitor (ranked #1 with 4.5 vs codegraph's 4.0). Creates actionable feature roadmap with 11 Joern-inspired candidates.

Why This Approach: Documentation-only approach is appropriate. Provides structured comparison across 9 dimensions to clarify competitive positioning and identify valuable features to adopt while maintaining foundation alignment.

Risk Assessment: LOW - Pure documentation with no code changes, proper folder organization, and internal link updates.

Critical Concerns (if any)

None. This is a documentation-only PR with no code modifications.

Documentation Quality Assessment

Excellent Content Quality:

• Comprehensive scope: 9-dimension analysis (parsing, graph model, queries, performance, install, AI/MCP, security, productivity, ecosystem) with specific metrics and data
• Balanced assessment: Acknowledges where Joern excels (security analysis, query expressiveness) while clearly articulating codegraph's advantages (speed, AI integration)
• Foundation-aligned reasoning: Systematic evaluation against FOUNDATION.md principles with explicit scoring (Codegraph 6, Joern 0, Tie 2)

Feature Candidate Grading Verification ✅:

• All 11 feature candidates correctly use BACKLOG.md tier system
• Zero-dep assessments are accurate (all features use existing tree-sitter/SQLite infrastructure)
• Foundation-aligned evaluations are consistent with FOUNDATION.md principles
• Problem-fit scores (2-4 range) appropriately reflect agent/developer productivity impact
• Breaking change classifications are accurate

Cross-Reference Verification ✅:

• BACKLOG ID 14 (Dataflow analysis) correctly referenced for J8 prerequisite
• BACKLOG ID 7 (OWASP/CWE pattern detection) correctly referenced for J9 foundation
• All internal links resolve correctly after folder reorganization

Organizational Structure ✅:

• Proper reorganization of competitive docs into generated/competitive/ folder
• All link updates correctly applied across FOUNDATION.md, README.md, BACKLOG.md
• Maintains consistency with existing documentation patterns

Technical Accuracy ✅:

• Performance claims are specific and measurable (10-10,000x speed improvements)
• Language support comparisons are accurate (11 vs 16 languages)
• Memory usage estimates are realistic (<100MB vs 4-100GB)
• Feature gap analysis honestly acknowledges where codegraph cannot compete

Final Recommendation

• Rating: ⭐⭐⭐⭐⭐ (5/5)
• Action: APPROVE
• Reasoning: Exceptional documentation quality that provides strategic value. Comprehensive competitive analysis with actionable feature roadmap, accurate cross-references, and proper foundation alignment. No code risks, perfect execution of documentation reorganization.

This PR demonstrates how competitive analysis should be done - data-driven, honest about tradeoffs, and directly actionable for product strategy.

---