feat: v0.6.0 - Real-time watch mode, IDE integrations, duplicate detection

## Added
- WebSocket endpoint for real-time file watching (/ws/watch)
- Web dashboard for browser-based monitoring
- IDE integrations: VS Code, Neovim, JetBrains plugins
- Duplicate function detection rule (generic/duplicate-function)
- Doctor command for installation health checks
- --changed-only flag for PR workflows
- --no-initial-scan flag for watch mode
- Release drafter for auto changelog

## Changed
- Cleaner watch mode terminal output
- Daemon shows dashboard URL on startup
- Categorized rules into sinks vs review hints

## Fixed
- All clippy warnings for Rust 2024 edition
- Normalized file paths in SARIF output

Author: bumahkib7

.github/release-drafter.yml

@@ -0,0 +1,53 @@
+name-template: 'v$RESOLVED_VERSION'
+tag-template: 'v$RESOLVED_VERSION'
+categories:
+  - title: '🚀 Features'
+    labels:
+      - 'feature'
+      - 'enhancement'
+      - 'feat'
+  - title: '🐛 Bug Fixes'
+    labels:
+      - 'fix'
+      - 'bugfix'
+      - 'bug'
+  - title: '🔒 Security'
+    labels:
+      - 'security'
+  - title: '📝 Documentation'
+    labels:
+      - 'documentation'
+      - 'docs'
+  - title: '🧰 Maintenance'
+    labels:
+      - 'chore'
+      - 'maintenance'
+      - 'refactor'
+  - title: '⬆️ Dependencies'
+    labels:
+      - 'dependencies'
+      - 'deps'
+change-template: '- $TITLE @$AUTHOR (#$NUMBER)'
+change-title-escapes: '\<*_&'
+version-resolver:
+  major:
+    labels:
+      - 'major'
+      - 'breaking'
+  minor:
+    labels:
+      - 'minor'
+      - 'feature'
+      - 'enhancement'
+  patch:
+    labels:
+      - 'patch'
+      - 'fix'
+      - 'bugfix'
+  default: patch
+template: |
+  ## What's Changed
+
+  $CHANGES
+
+  **Full Changelog**: https://github.com/$OWNER/$REPOSITORY/compare/$PREVIOUS_TAG...v$RESOLVED_VERSION

.github/workflows/release-drafter.yml

@@ -0,0 +1,58 @@
+name: Release Drafter
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    types: [opened, reopened, synchronize]
+
+permissions:
+  contents: read
+  pull-requests: write
+
+jobs:
+  update_release_draft:
+    permissions:
+      contents: write
+      pull-requests: write
+    runs-on: ubuntu-latest
+    steps:
+      - uses: release-drafter/release-drafter@v6
+        with:
+          config-name: release-drafter.yml
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  # Auto-label PRs based on conventional commit titles
+  label:
+    permissions:
+      contents: read
+      pull-requests: write
+    runs-on: ubuntu-latest
+    if: github.event_name == 'pull_request'
+    steps:
+      - uses: actions/github-script@v7
+        with:
+          script: |
+            const title = context.payload.pull_request.title.toLowerCase();
+            const labels = [];
+
+            if (title.startsWith('feat')) labels.push('feature');
+            else if (title.startsWith('fix')) labels.push('fix');
+            else if (title.startsWith('docs')) labels.push('documentation');
+            else if (title.startsWith('chore')) labels.push('chore');
+            else if (title.startsWith('refactor')) labels.push('refactor');
+            else if (title.startsWith('security') || title.includes('security')) labels.push('security');
+            else if (title.startsWith('deps') || title.includes('dependencies')) labels.push('dependencies');
+
+            if (title.includes('breaking') || title.includes('!:')) labels.push('breaking');
+
+            if (labels.length > 0) {
+              await github.rest.issues.addLabels({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                issue_number: context.payload.pull_request.number,
+                labels: labels
+              });
+            }

CHANGELOG.md

@@ -5,104 +5,81 @@ All notable changes to RMA (Rust Monorepo Analyzer) will be documented in this f
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
-## [0.3.0] - 2026-01-31
+## [Unreleased]
 
 ### Added
+- **IDE Integrations**: VS Code extension, Neovim plugin, JetBrains plugin, Web Dashboard
+- **Real-time Watch Mode**: WebSocket-based live updates with file system monitoring
+- **Duplicate Function Detection**: `generic/duplicate-function` rule
+- **Doctor Command**: `rma doctor` for installation health checks
+- **PR Workflow Support**: `--changed-only` flag to only scan changed files
+- **Release Drafter**: Auto-generate release notes from PRs
 
-- **8 New Security Rules**: Comprehensive vulnerability detection
-
-  **Rust-specific:**
-  - `rust/transmute-used` - Detects std::mem::transmute (type safety bypass)
-  - `rust/raw-pointer-deref` - Detects raw pointer dereferences
-  - `rust/command-injection` - Detects shell command execution patterns
-  - `rust/sql-injection` - Detects SQL built with format!/string concatenation
-  - `rust/unchecked-index` - Detects direct array indexing without bounds check
-  - `rust/path-traversal` - Detects file paths with string interpolation
+### Changed
+- Watch mode now has cleaner terminal output with proper raw mode handling
+- `--no-initial-scan` flag to skip initial directory scan in watch mode
+- Daemon shows dashboard URL on startup
 
-  **Generic (all languages):**
-  - `generic/hardcoded-secret` - Detects API keys, AWS keys, GitHub tokens, private keys
-  - `generic/insecure-crypto` - Detects MD5, SHA-1, DES, RC4, ECB mode usage
+## [0.6.0] - 2026-02-01
 
-- **Automatic Homebrew Updates**: New workflow auto-updates tap on release
-  - `.github/workflows/update-homebrew-tap.yml`
-  - Computes SHA256 hashes automatically
-  - Supports macOS + Linux (Intel + ARM)
+### Added
+- WebSocket endpoint for real-time file watching (`/ws/watch`)
+- Web dashboard for browser-based monitoring
+- Initial scan on watch mode startup
+- Interactive keyboard shortcuts in watch mode (q/c/r/s/e/p/?)
 
 ### Changed
+- Categorized rules into high-confidence sinks vs review hints
+- Reduced false positives in security rules
 
-- Total security rules: 19 (was 11)
-- Secret detection now redacts sensitive values in output
-- Detection code patterns are automatically skipped to reduce false positives
+### Fixed
+- Clippy warnings for Rust 2024 edition
+- Normalized file paths in SARIF and GitHub output
 
-## [0.2.0] - 2026-02-01
+## [0.5.0] - 2026-01-31
 
 ### Added
+- Rich diagnostics with code snippets and suggestions
+- GitHub Actions output format (`--format github`)
 
-- **Config Versioning**: Added `config_version = 1` to rma.toml for future compatibility
-  - Validates version on load, warns if missing, errors on unsupported versions
-  
-- **Stable Fingerprints**: New fingerprinting system for baseline comparisons
-  - Survives line number changes, whitespace changes, path format differences
-  - SHA-256 based with normalized inputs
-  
-- **Rulesets**: Named groups of rules for targeted scanning
-  - Built-in: `security`, `maintainability`
-  - Custom rulesets via `[rulesets]` in rma.toml
-  - CLI: `--ruleset security`
-
-- **Inline Suppression**: Suppress findings with comments
-  - `// rma-ignore-next-line <rule_id> reason="..."`
-  - `// rma-ignore <rule_id> reason="..."` (block-level)
-  - Python: `# rma-ignore-next-line <rule_id> reason="..."`
-  - Strict profile requires reason
-
-- **Print Effective Config**: `rma config print-effective [--format json]`
-  - Shows resolved configuration with precedence tracking
-  - Displays where each value comes from (default, config-file, cli-flag)
-
-- **Timer String Rule**: New `js/timer-string-eval` rule
-  - Only flags setTimeout/setInterval with string arguments
-  - Arrow functions, function references are NOT flagged
-  - Default severity: Warning (not Critical)
-
-- **GitHub Actions**: Composite action and reusable workflow
-  - `.github/actions/rma-scan/action.yml`
-  - `.github/workflows/rma-scan-reusable.yml`
-  - Automatic SARIF upload to GitHub Security tab
-
-- **New CLI Flags**:
-  - `--ruleset <name>` - Use specific ruleset
-  - `--include-suppressed` - Include suppressed findings
-  - `--baseline-mode` - Only report new findings
+### Fixed
+- Clippy warnings for Rust 2024 if-let chains
 
-### Changed
+## [0.4.0] - 2026-01-31
 
-- **Edition 2024**: Updated Rust edition from 2021 to 2024
-- **js/dynamic-code-execution**: Now only flags `eval()` and `Function()`, not timers
+### Added
+- SARIF output improvements
+- Better error messages
 
-### Fixed
+## [0.3.0] - 2026-01-31
 
-- Timer rule false positives for normal setTimeout/setInterval usage
-- Config precedence now correctly applies CLI > config file > defaults
+### Added
+- 8 new security rules for Rust, JS/TS, Python, Go, Java
+- Automatic Homebrew tap update workflow
+- Secret detection (API keys, AWS keys, GitHub tokens, private keys)
+- Insecure crypto detection (MD5, SHA-1, DES, RC4, ECB)
 
-## [0.1.1] - 2025-12-15
+## [0.2.0] - 2026-01-31
 
 ### Added
-- Initial GitHub release with pre-built binaries
-- Docker images on GHCR
-- Homebrew tap
+- Config versioning (`config_version = 1`)
+- Stable fingerprints for baseline comparisons
+- Rulesets (security, maintainability)
+- Inline suppression (`// rma-ignore-next-line`)
+- GitHub Actions integration
+- Timer string rule for JS
+
+### Changed
+- Updated to Rust edition 2024
 
-## [0.1.0] - 2025-12-01
+## [0.1.0] - 2026-01-31
 
 ### Added
 - Initial release
 - Multi-language support: Rust, JavaScript, TypeScript, Python, Go, Java
-- 10+ security and code quality rules
+- Security and code quality rules
 - SARIF output for GitHub Security tab
 - Watch mode for real-time analysis
 - HTTP API daemon
-- WASM plugin system
-- AI-powered analysis (optional)
 - Configuration via rma.toml
 - Profiles: fast, balanced, strict
-- Baseline tracking for legacy code