Limitations
TraceMap keeps the claim narrow.
The useful part of TraceMap is not that it claims certainty. It is that it names the evidence, the rule, the coverage, and the places where the analysis cannot prove a conclusion.
Non-claims
What TraceMap does not prove.
- No runtime traffic or production usage is inferred.
- No deployment state, release approval, or operational safety is inferred.
- No failed or partial scan is reported as clean.
- No absence-of-impact claim is made under reduced coverage.
- No raw source snippets are stored by default.
- No LLM calls, embeddings, vector databases, or prompt-based classification are used in the scanner or reducer.
Partial analysis is still useful.
When semantic loading fails, TraceMap can still scan syntax, config, project, package, and SQL evidence. Those rows route review, but reports must label the reduced coverage.