chore: Release v0.14.0

## Added
- Typestate Analysis Framework (file, lock, crypto, database, iterator)
- Interactive TUI for browsing findings
- Smart progress display with ETA
- Powerful filtering (--severity, --rules, --category, --search)
- Output limiting (--limit, --group-by)

## Fixed
- Database typestate false positives on API client code
- Array.prototype.find() false positives
- Compiler warnings eliminated

Co-Authored-By: Claude Opus 4.5 <[email protected]>

Author: bumahkib7

CHANGELOG.md

@@ -7,6 +7,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.14.0] - 2026-02-02
+
 ### Added
 - **Typestate Analysis Framework**: Track object state transitions through their lifecycle
   - `generic/file-typestate`: Detect use-after-close, unclosed files, double-open
@@ -18,6 +20,16 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   - Safe pattern recognition: `with`, `defer`, try-with-resources, RAII
   - FlowContext integration with `compute_typestate()` and `typestate_violations()` methods
   - `builtin_typestate_rules()` convenience function for all typestate rules
+- **Interactive TUI**: Browse findings with keyboard navigation (`j/k`, `Enter` for details, `s` filter severity)
+- **Smart Progress Display**: Real-time progress bar with ETA, file counts, and severity breakdown
+- **Powerful Filtering**: `--severity`, `--rules`, `--exclude-rules`, `--files`, `--category`, `--search`
+- **Output Limiting**: `--limit N` and `--group-by` (file/rule/severity) for large codebases
+
+### Fixed
+- **Database Typestate False Positives**: Rule now requires database imports in file before flagging
+- **API Client Detection**: `cartApi.update()`, `userService.create()` no longer flagged as DB queries
+- **Array.find() False Positives**: Removed generic `.find(` from DB patterns, use specific ORM patterns
+- Compiler warnings eliminated across all crates
 
 ## [0.13.0] - 2026-02-02
 

Cargo.lock

@@ -13,7 +13,7 @@ members = [
 ]
 
 [workspace.package]
-version = "0.13.0"
+version = "0.14.0"
 edition = "2024"
 authors = ["Rust Monorepo Analyzer Team"]
 license = "MIT OR Apache-2.0"

Cargo.toml

@@ -6,8 +6,8 @@ edition.workspace = true
 license.workspace = true
 
 [dependencies]
-rma-common = { version = "0.13.0", path = "../common" }
-rma-parser = { version = "0.13.0", path = "../parser" }
+rma-common = { version = "0.14.0", path = "../common" }
+rma-parser = { version = "0.14.0", path = "../parser" }
 anyhow.workspace = true
 thiserror.workspace = true
 tracing.workspace = true

crates/ai/Cargo.toml

@@ -18,8 +18,8 @@ oxc = [
 ]
 
 [dependencies]
-rma-common = { version = "0.13.0", path = "../common" }
-rma-parser = { version = "0.13.0", path = "../parser" }
+rma-common = { version = "0.14.0", path = "../common" }
+rma-parser = { version = "0.14.0", path = "../parser" }
 anyhow.workspace = true
 thiserror.workspace = true
 tracing.workspace = true

crates/analyzer/Cargo.toml

@@ -3315,51 +3315,113 @@ impl DatabaseTypestateRule {
         let db_indicators = match language {
             Language::JavaScript | Language::TypeScript => &[
                 // Database drivers
-                "mysql", "mysql2", "pg", "postgres", "mongodb", "mongoose",
-                "sequelize", "prisma", "typeorm", "knex", "drizzle",
-                "better-sqlite3", "sql.js", "sqlite3",
+                "mysql",
+                "mysql2",
+                "pg",
+                "postgres",
+                "mongodb",
+                "mongoose",
+                "sequelize",
+                "prisma",
+                "typeorm",
+                "knex",
+                "drizzle",
+                "better-sqlite3",
+                "sql.js",
+                "sqlite3",
                 // Database-specific imports
-                "PrismaClient", "MongoClient", "createConnection", "createPool",
+                "PrismaClient",
+                "MongoClient",
+                "createConnection",
+                "createPool",
                 // ORM indicators
-                "@prisma/client", "@nestjs/typeorm", "mikro-orm",
+                "@prisma/client",
+                "@nestjs/typeorm",
+                "mikro-orm",
             ][..],
             Language::Python => &[
-                "psycopg2", "pymysql", "mysql.connector", "sqlite3", "sqlalchemy",
-                "asyncpg", "databases", "tortoise", "peewee", "mongoengine",
-                "pymongo", "motor", "django.db", "flask_sqlalchemy",
+                "psycopg2",
+                "pymysql",
+                "mysql.connector",
+                "sqlite3",
+                "sqlalchemy",
+                "asyncpg",
+                "databases",
+                "tortoise",
+                "peewee",
+                "mongoengine",
+                "pymongo",
+                "motor",
+                "django.db",
+                "flask_sqlalchemy",
             ][..],
             Language::Go => &[
-                "database/sql", "gorm", "sqlx", "pgx", "mongo-driver",
-                "go-redis", "ent", "sql.Open", "gorm.Open",
+                "database/sql",
+                "gorm",
+                "sqlx",
+                "pgx",
+                "mongo-driver",
+                "go-redis",
+                "ent",
+                "sql.Open",
+                "gorm.Open",
             ][..],
             Language::Java => &[
-                "java.sql", "javax.sql", "jdbc", "hibernate", "jpa",
-                "spring.data", "mybatis", "mongodb", "EntityManager",
+                "java.sql",
+                "javax.sql",
+                "jdbc",
+                "hibernate",
+                "jpa",
+                "spring.data",
+                "mybatis",
+                "mongodb",
+                "EntityManager",
             ][..],
             Language::Rust => &[
-                "sqlx", "diesel", "sea-orm", "mongodb", "tokio-postgres",
-                "rusqlite", "postgres", "mysql_async",
+                "sqlx",
+                "diesel",
+                "sea-orm",
+                "mongodb",
+                "tokio-postgres",
+                "rusqlite",
+                "postgres",
+                "mysql_async",
             ][..],
             _ => &[][..],
         };
 
-        db_indicators.iter().any(|indicator| content.contains(indicator))
+        db_indicators
+            .iter()
+            .any(|indicator| content.contains(indicator))
     }
 
     /// Check if line looks like an API client call (not a database call)
     fn is_api_client_call(line: &str) -> bool {
         // Patterns that indicate HTTP API clients, not database operations
         let api_patterns = [
             // Common API client naming patterns (case-insensitive check)
-            "api.", "Api.", "API.",
-            "service.", "Service.",
-            "client.", "Client.",  // Only when followed by HTTP-like methods
-            "http.", "Http.", "HTTP.",
-            "axios.", "fetch(", "request.",
+            "api.",
+            "Api.",
+            "API.",
+            "service.",
+            "Service.",
+            "client.",
+            "Client.", // Only when followed by HTTP-like methods
+            "http.",
+            "Http.",
+            "HTTP.",
+            "axios.",
+            "fetch(",
+            "request.",
             // React Query / TanStack patterns
-            "useMutation", "useQuery",
+            "useMutation",
+            "useQuery",
             // Common API method patterns
-            ".get(", ".post(", ".put(", ".patch(", ".delete(",
+            ".get(",
+            ".post(",
+            ".put(",
+            ".patch(",
+            ".delete(",
         ];
 
         // Check for API client naming convention: variableApi.method() or variableService.method()
@@ -3378,12 +3440,12 @@ impl DatabaseTypestateRule {
         }
 
         // Check for await with API patterns
-        if trimmed.contains("await") && (
-            trimmed.contains("Api.") ||
-            trimmed.contains("Service.") ||
-            trimmed.contains("api.") ||
-            trimmed.contains("service.")
-        ) {
+        if trimmed.contains("await")
+            && (trimmed.contains("Api.")
+                || trimmed.contains("Service.")
+                || trimmed.contains("api.")
+                || trimmed.contains("service."))
+        {
             return true;
         }
 

crates/analyzer/src/security/typestate_rules.rs

@@ -20,13 +20,13 @@ default = ["oxc"]
 oxc = ["rma-analyzer/oxc"]
 
 [dependencies]
-rma-common = { version = "0.13.0", path = "../common" }
-rma-parser = { version = "0.13.0", path = "../parser" }
-rma-analyzer = { version = "0.13.0", path = "../analyzer", default-features = false }
-rma-indexer = { version = "0.13.0", path = "../indexer" }
-rma-ai = { version = "0.13.0", path = "../ai" }
-rma-daemon = { version = "0.13.0", path = "../daemon" }
-rma-plugins = { version = "0.13.0", path = "../plugins" }
+rma-common = { version = "0.14.0", path = "../common" }
+rma-parser = { version = "0.14.0", path = "../parser" }
+rma-analyzer = { version = "0.14.0", path = "../analyzer", default-features = false }
+rma-indexer = { version = "0.14.0", path = "../indexer" }
+rma-ai = { version = "0.14.0", path = "../ai" }
+rma-daemon = { version = "0.14.0", path = "../daemon" }
+rma-plugins = { version = "0.14.0", path = "../plugins" }
 anyhow.workspace = true
 clap = { workspace = true, features = ["derive", "env", "string"] }
 clap_complete = "4.5"

crates/cli/Cargo.toml

@@ -138,7 +138,7 @@ pub struct FilterProfile {
 }
 
 /// Comprehensive finding filter
-#[derive(Debug, Clone)]
+#[derive(Debug, Clone, Default)]
 pub struct FindingFilter {
     /// Minimum severity threshold
     pub min_severity: Option<Severity>,
@@ -171,27 +171,6 @@ pub struct FindingFilter {
     stats: FilterStats,
 }
 
-impl Default for FindingFilter {
-    fn default() -> Self {
-        Self {
-            min_severity: None,
-            rules: HashSet::new(),
-            rules_patterns: Vec::new(),
-            exclude_rules: HashSet::new(),
-            exclude_rules_patterns: Vec::new(),
-            file_patterns: Vec::new(),
-            exclude_patterns: Vec::new(),
-            category: None,
-            fixable_only: false,
-            high_confidence_only: false,
-            search_text: None,
-            search_regex: None,
-            track_stats: false,
-            stats: FilterStats::default(),
-        }
-    }
-}
-
 impl FindingFilter {
     /// Create a new empty filter (matches everything)
     pub fn new() -> Self {

crates/cli/src/filter.rs

@@ -496,7 +496,7 @@ impl MultiPhaseProgress {
         if let Some(phase) = self.phases.get_mut(index) {
             if let Some(ref bar) = phase.bar {
                 bar.enable_steady_tick(Duration::from_millis(80));
-                bar.set_message(format!("{}", phase.name));
+                bar.set_message(phase.name.clone());
             }
             self.current_phase = index;
         }

crates/cli/src/progress.rs

@@ -6,10 +6,10 @@ edition.workspace = true
 license.workspace = true
 
 [dependencies]
-rma-common = { version = "0.13.0", path = "../common" }
-rma-parser = { version = "0.13.0", path = "../parser" }
-rma-analyzer = { version = "0.13.0", path = "../analyzer" }
-rma-indexer = { version = "0.13.0", path = "../indexer" }
+rma-common = { version = "0.14.0", path = "../common" }
+rma-parser = { version = "0.14.0", path = "../parser" }
+rma-analyzer = { version = "0.14.0", path = "../analyzer" }
+rma-indexer = { version = "0.14.0", path = "../indexer" }
 anyhow.workspace = true
 thiserror.workspace = true
 tracing.workspace = true