Phase 1 (#33)

* chore: Exclude CLAUDE.md from Cargo.toml

* feat: add callgraph module and integrate into main analysis flow

* feat: enhance CLI with new severity filtering and analysis modes

* feat: update CHANGELOG with recent enhancements and fixes to severity filtering and output handling

* feat: implement state-model dataflow analysis for resource lifecycle and auth state

* feat: enhance diagnostic output formatting and add evidence structure

* feat: implement attack surface ranking for diagnostics with scoring and sorting

* feat: add comprehensive documentation for installation, usage, and rules reference

* feat: add multiple language support for command execution and evaluation endpoints

* feat: implement inline suppression for findings using `nyx:ignore` comments

* feat: add confidence levels to AST patterns and update output structure

* feat: implement low-noise prioritization system with category filtering, rollup grouping, and configurable budgets

* feat: bump version to 0.4.0 and update changelog with new features and improvements

* feat: add dead code allowances to various functions in mod.rs and real_world_tests.rs

src/cfg_analysis/mod.rs

@@ -33,7 +33,6 @@ pub struct CfgFinding {
     pub severity: Severity,
     pub confidence: Confidence,
     pub span: (usize, usize),
-    #[allow(dead_code)]
     pub message: String,
     pub evidence: Vec<NodeIndex>,
     pub score: Option<f64>,

src/cfg_analysis/tests.rs

@@ -681,6 +681,8 @@ fn taint_and_unguarded_sink_deduped() {
         source: entry,
         path: vec![entry, sink_node],
         source_kind: crate::labels::SourceKind::UserInput,
+        path_validated: false,
+        guard_kind: None,
     }];
 
     let findings = parse_and_run_all_with_taint(