chore: release v0.18.0 — 16 new languages, clippy clean, version bump

Add deep analysis (semantics, callgraph, taint, callbacks, test detection)
for PHP, C#, Kotlin, Scala, Swift, Bash, Elixir, Solidity, OCaml. Bundle
858 semgrep rules for 16 new languages. Add CodeQL Models-as-Data knowledge
for Ruby and Swift. Fix all clippy warnings and format with cargo fmt.

Co-Authored-By: Claude Opus 4.6 <[email protected]>

Author: bumahkib7

.gitmodules

@@ -0,0 +1,6 @@
+[submodule "external/codeql"]
+	path = external/codeql
+	url = https://github.com/github/codeql.git
+[submodule "external/pysa-models"]
+	path = external/pysa-models
+	url = https://github.com/facebook/pyre-check.git

CHANGELOG.md

@@ -7,6 +7,17 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.18.0] - 2026-02-06
+
+### Added
+- Deep analysis (semantics, callgraph, taint tracking, callbacks, test detection) for PHP, C#, Kotlin, Scala, Swift, Bash, Elixir, Solidity, OCaml
+- 858 semgrep rules for 16 new languages
+- CodeQL Models-as-Data knowledge for Ruby and Swift
+- CLI `--languages` flag support for all 20 languages
+
+### Fixed
+- CLI `parse_language()` silently dropping unknown language names
+
 ## [0.17.0] - 2026-02-03
 
 ### Added

Cargo.lock

@@ -11,10 +11,11 @@ members = [
     "crates/plugins",
     "crates/lsp",
     "crates/ai",
+    "crates/knowledge-gen",
 ]
 
 [workspace.package]
-version = "0.17.0"
+version = "0.18.0"
 edition = "2024"
 authors = ["Rust Monorepo Analyzer Team"]
 license = "MIT OR Apache-2.0"

Cargo.toml

@@ -6,8 +6,8 @@ edition.workspace = true
 license.workspace = true
 
 [dependencies]
-rma-common = { version = "0.17.0", path = "../common" }
-rma-parser = { version = "0.17.0", path = "../parser" }
+rma-common = { version = "0.18.0", path = "../common" }
+rma-parser = { version = "0.18.0", path = "../parser" }
 anyhow.workspace = true
 thiserror.workspace = true
 tracing.workspace = true

crates/ai/Cargo.toml

@@ -149,6 +149,7 @@ impl AiFinding {
             fix: None,
             confidence,
             category,
+            source: rma_common::FindingSource::Ai,
             fingerprint: None,
             properties: None,
             occurrence_count: None,

crates/ai/src/lib.rs

@@ -18,9 +18,9 @@ oxc = [
 ]
 
 [dependencies]
-rma-common = { version = "0.17.0", path = "../common" }
-rma-parser = { version = "0.17.0", path = "../parser" }
-rma-rules = { version = "0.17.0", path = "../rules" }
+rma-common = { version = "0.18.0", path = "../common" }
+rma-parser = { version = "0.18.0", path = "../parser" }
+rma-rules = { version = "0.18.0", path = "../rules" }
 anyhow.workspace = true
 thiserror.workspace = true
 tracing.workspace = true

crates/analyzer/Cargo.toml

@@ -428,6 +428,7 @@ mod tests {
                 fix: None,
                 confidence: rma_common::Confidence::default(),
                 category: rma_common::FindingCategory::default(),
+                source: Default::default(),
                 fingerprint: None,
                 properties: None,
                 occurrence_count: None,

crates/analyzer/src/cache.rs

@@ -654,6 +654,22 @@ fn is_http_handler_name(name: &str, language: Language) -> bool {
                 || lower == "destroy"
         }
         Language::Php => lower.ends_with("action") || lower.ends_with("controller"),
+        Language::CSharp => {
+            lower.ends_with("action") || lower.ends_with("controller") || lower.starts_with("on")
+        }
+        Language::Kotlin => lower.ends_with("handler") || lower.starts_with("handle"),
+        Language::Scala => lower.ends_with("action") || lower.ends_with("handler"),
+        Language::Swift => lower.ends_with("handler") || lower.starts_with("handle"),
+        Language::Elixir => {
+            lower == "index"
+                || lower == "show"
+                || lower == "create"
+                || lower == "update"
+                || lower == "delete"
+                || lower == "new"
+                || lower == "edit"
+        }
+        Language::Solidity | Language::Bash => false,
         _ => lower.ends_with("handler") || (lower.contains("handle") && lower.contains("request")),
     }
 }