Improve prompt error handling and relative path support (#153)

* Initial plan

* Add path resolution and error handling for prompt file path parameters

- Add resolvePromptFilePath() utility that resolves relative paths against
  workspace root and returns user-friendly warnings for invalid paths
- Update all 9 prompt handlers with file path parameters to resolve paths
  and embed warnings in the response instead of throwing protocol errors
- Add integration test in mcp-test-suite.js for explain_codeql_query with
  invalid path
- Add file-based integration test fixtures in primitives/prompts/
- Add 10 unit tests for resolvePromptFilePath and handler path resolution

Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com>

* Address code review: add advisory comment on existsSync, improve test assertions

Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com>

* plan: add extension integration test for prompt error handling

Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com>

* Add extension integration test for MCP prompt error handling with invalid paths

Add mcp-prompt-e2e.integration.test.ts to the VS Code extension test suite
that spawns the real MCP server inside the Extension Development Host and
verifies that prompts return user-friendly warnings (not protocol errors)
when given invalid file paths:
- explain_codeql_query with nonexistent relative path returns "does not exist"
- explain_codeql_query with valid absolute path returns no warning
- document_codeql_query with nonexistent path returns "does not exist"
- Server lists prompts including explain_codeql_query

Register the new test in esbuild.config.js so it is bundled for CI.

Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com>

* Initial plan

* fix: return inline errors for invalid prompt inputs

The MCP SDK validates prompt arguments before calling handlers. When
validation fails (e.g. unsupported language like "rust"), the SDK throws
McpError(-32602) with a raw JSON dump — poor UX for VS Code slash commands.

Server-side changes (server/src/prompts/workflow-prompts.ts):
- Add toPermissiveShape() to widen z.enum() to z.string() in registered
  schemas so the SDK never rejects user input at the protocol layer
- Add createSafePromptHandler() to wrap all 11 prompt handlers with:
  (1) strict Zod validation that returns user-friendly inline errors
  (2) exception recovery that catches handler crashes gracefully
- Add formatValidationError() to convert ZodError into actionable markdown
  with field names, received values, and valid options listed

Integration tests (extensions/vscode/test/suite/mcp-prompt-e2e.integration.test.ts):
- Expand from 4 to 15 e2e tests covering all prompts with file-path params
- Add test for invalid language returning inline error (not protocol error)
- Add test for path traversal detection
- Add tests for all-optional prompts with empty args

Unit tests (server/test/src/prompts/workflow-prompts.test.ts):
- Add 17 new tests for toPermissiveShape, formatValidationError,
  createSafePromptHandler, and handler-level invalid argument handling
- Update schema-to-registration consistency tests for permissive shapes

* fix: promote key prompt parameters from optional to required

Make databasePath, language, queryPath, and sarifPath required where
the prompt depends on them. VS Code now correctly marks these fields
as required in the slash-command input dialog.

* Addres PR review feedback

* Sync server/dist/codeql-development-mcp-server.js.map

* [UPDATE PRIMITIVE] Fix path traversal check, add prompt fixture runner, fix comment mismatch (#155)

* Apply suggestions from code review

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Signed-off-by: Nathan Randall <70299490+data-douser@users.noreply.github.com>

* Enforce tidy and rebuild server dist

* address PR review comments for prompt path handling

- Treat path traversal as hard failure: return blocked=true with empty
  resolvedPath instead of leaking the outside-root absolute path
- Handle file:// URIs in resolvePromptFilePath via fileURLToPath so all
  callers (queryPath, workspaceUri, etc.) get consistent URI handling
- Replace synchronous existsSync with async fs/promises.access to avoid
  blocking the event loop on the prompt hot path
- Fix integration test success condition to fail when no tests executed
- Make VS Code e2e invalid-language test deterministic (assert inline
  validation instead of accepting both throw and inline error)
- Fix misleading test name "should return the original path" to match
  actual behavior (resolves relative to workspace root)

* [WIP] Improve prompt error handling and relative path support (#157)

* Initial plan

* Fix prompt test runner: propagate failures and check sessions[].expectedContentPatterns

Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com>
Agent-Logs-Url: https://github.com/advanced-security/codeql-development-mcp-server/sessions/2840e119-cc2c-4f60-91ce-ba685ce25b5c

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com>

* More fixes for PR review feedback

Improves end-to-end extension integration tests such that the
'CODEQL_MCP_WORKSPACE' env var is passed to StdioClientTransport,
which ensures that the server's relative-path resolution uses a
deterministic diretory instead of depending upon the Extension
Host's working directory.

* [UPDATE PRIMITIVE] Fix markdown injection and platform-dependent path tests in prompt handlers (#162)

* Initial plan

* Fix markdown injection and platform-dependent path tests in prompt handlers

- Add sanitizeForInlineCode() helper to escape backticks and newlines in user-supplied values embedded in markdown code spans
- Apply sanitizer to resolvePromptFilePath 'does not exist' warning (filePath and absolutePath)
- Apply sanitizer to formatValidationError issue.received display
- Fix POSIX path separator assumptions in tests: use basename only ('mydb', 'database')
- Rename createSafePromptHandler tests to clarify they validate the handler wrapper, not MCP SDK validation

Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com>
Agent-Logs-Url: https://github.com/advanced-security/codeql-development-mcp-server/sessions/2660567b-5822-4505-91c2-37fe3ef00f4e

* Replace sanitizeForInlineCode with CommonMark-compliant markdownInlineCode

- markdownInlineCode() uses a fence length = maxRun+1 per CommonMark spec,
  preserving the original string (no information loss from backtick→apostrophe)
- Normalises CR/CRLF to LF before wrapping (inline spans can't span lines)
- Export markdownInlineCode for testability
- Add 6 unit tests for markdownInlineCode (plain text, single/double backtick,
  CRLF normalisation, backtick-only values)
- Add regression test for formatValidationError with backtick in received value
- Add regression test for resolvePromptFilePath warning with backtick in path

Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com>
Agent-Logs-Url: https://github.com/advanced-security/codeql-development-mcp-server/sessions/ec7c534b-93ac-40e5-bcb6-023bc7496940

* Fix markdownInlineCode to replace newlines with spaces for single-line output

Replace \r\n, \r, and \n with a space (not just normalize CRLF to LF) so
the returned inline code span never contains a literal newline character.
Update docstring and test to reflect space-replacement behavior.

Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com>
Agent-Logs-Url: https://github.com/advanced-security/codeql-development-mcp-server/sessions/87cfd54e-9d66-4871-a581-601aff3c6c8d

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com>

* Add 'actions/cache@v5' for VS Code integration test download

Adds a common cache for actions workflows that download the
latest instance of VS Code for integration testing purposes.

* Address latest feedback for PR #153

* Add retries to download-vscode.js script

* fix: resilient VS Code download for integration tests

- Add retry logic (3 attempts) with backoff to download-vscode.js
- Handle unhandled promise rejections from @vscode/test-electron stream errors
- Clean partial downloads between retries to avoid checksum mismatches
- Default to 'stable' version to match .vscode-test.mjs configuration
- Chain download:vscode before vscode-test in test:integration script
- Cache VS Code downloads in build-and-test-extension.yml and copilot-setup-steps.yml
- Increase download timeout from 15s (default) to 120s

Fixes intermittent CI failures from ECONNRESET and empty-file checksum errors
when downloading VS Code for Extension Host integration tests.

* Address PR #153 review comments

- resolvePromptFilePath: only enforce workspace-root boundary for
  relative path inputs; absolute paths pass through since users
  legitimately reference databases/queries outside the workspace
- download-vscode.js: use fileURLToPath() instead of URL.pathname
  for cross-platform compatibility
- integration-test-runner.js: track execution counts separately
  from pass/fail; runWorkflowIntegrationTests and
  runPromptIntegrationTests return { executed, passed } objects
- Add test for absolute paths outside workspace being allowed

* Apply suggestions from code review

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Signed-off-by: Nathan Randall <70299490+data-douser@users.noreply.github.com>

* fix: address PR #153 review comments for path resolution

- Remove absolute path from 'does not exist' warning to avoid leaking
  local machine paths into prompt context sent to LLMs
- Add blockedPathError() helper and check blocked flag at all 12
  resolvePromptFilePath call sites so traversal attempts short-circuit
  with a clear inline error instead of silently proceeding
- Add tests for both behaviors

---------

Signed-off-by: Nathan Randall <70299490+data-douser@users.noreply.github.com>
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

Author: 3 people

.github/workflows/build-and-test-extension.yml

@@ -63,6 +63,16 @@ jobs:
           add-to-path: 'true'
           install-language-runtimes: 'false'
 
+      - name: Cache VS Code for integration tests
+        uses: actions/cache@v5
+        with:
+          key: vscode-test-${{ runner.os }}-stable
+          path: extensions/vscode/.vscode-test
+
+      - name: Download VS Code for integration tests
+        working-directory: extensions/vscode
+        run: npm run download:vscode
+
       - name: Run Extension Host integration tests
         working-directory: extensions/vscode
         run: xvfb-run -a npm run test:integration

.github/workflows/copilot-setup-steps.yml

@@ -77,6 +77,12 @@ jobs:
           npm run bundle
           npm run bundle:server
 
+      - name: Copilot Setup - Cache VS Code for integration tests
+        uses: actions/cache@v5
+        with:
+          key: vscode-test-${{ runner.os }}-stable
+          path: extensions/vscode/.vscode-test
+
       - name: Copilot Setup - Download VS Code for integration tests
         working-directory: extensions/vscode
         run: npm run download:vscode

client/integration-tests/primitives/prompts/explain_codeql_query/invalid_query_path/README.md

@@ -0,0 +1,22 @@
+# Integration Test: explain_codeql_query / invalid_query_path
+
+## Purpose
+
+Verify that the `explain_codeql_query` prompt returns a helpful error message
+when the user provides a `queryPath` that does not exist on disk.
+
+## Expected Behavior
+
+- The prompt handler resolves the relative path against the workspace root.
+- When the resolved path does not exist, the prompt returns a warning in the
+  response messages rather than throwing a raw MCP protocol error.
+- The warning message should mention the file was not found so the user can
+  correct the path.
+
+## Parameters
+
+| Parameter      | Value                          | Notes              |
+| -------------- | ------------------------------ | ------------------ |
+| `databasePath` | `nonexistent/path/to/database` | Does **not** exist |
+| `queryPath`    | `nonexistent/path/to/query.ql` | Does **not** exist |
+| `language`     | `javascript`                   | Valid language     |

client/integration-tests/primitives/prompts/explain_codeql_query/invalid_query_path/after/monitoring-state.json

@@ -0,0 +1,9 @@
+{
+  "sessions": [
+    {
+      "expectedContentPatterns": [
+        "does not exist"
+      ]
+    }
+  ]
+}

client/integration-tests/primitives/prompts/explain_codeql_query/invalid_query_path/before/monitoring-state.json

@@ -0,0 +1,8 @@
+{
+  "sessions": [],
+  "parameters": {
+    "databasePath": "nonexistent/path/to/database",
+    "queryPath": "nonexistent/path/to/query.ql",
+    "language": "javascript"
+  }
+}

client/integration-tests/primitives/tools/codeql_bqrs_interpret/sarif_format/after/results.sarif

@@ -1 +1 @@
-{"$schema":"https://json.schemastore.org/sarif-2.1.0.json","version":"2.1.0","runs":[{"tool":{"driver":{"name":"CodeQL","organization":"GitHub","semanticVersion":"2.24.3","rules":[{"id":"test/query","name":"test/query","shortDescription":{"text":"ExampleQuery1"},"fullDescription":{"text":"Example query for integration testing of the codeql_test_extract MCP server tool."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Query Help for JavaScript ExampleQuery1\n\nTODO\n","markdown":"# Query Help for JavaScript ExampleQuery1\n\nTODO\n"},"properties":{"tags":["mcp-integration-tests"],"description":"Example query for integration testing of the codeql_test_extract MCP server tool.","id":"test/query","kind":"problem","name":"ExampleQuery1","precision":"medium","problem.severity":"warning"}}]},"extensions":[{"name":"mcp-client-integration-tests-static-javascript-src","semanticVersion":"0.0.1+fe0e7d2a7059ebb6c6075ff8eaea04f382747656","locations":[{"uri":"file:///home/runner/work/codeql-development-mcp-server/codeql-development-mcp-server/client/integration-tests/static/javascript/src/","description":{"text":"The QL pack root directory."},"properties":{"tags":["CodeQL/LocalPackRoot"]}},{"uri":"file:///home/runner/work/codeql-development-mcp-server/codeql-development-mcp-server/client/integration-tests/static/javascript/src/codeql-pack.yml","description":{"text":"The QL pack definition file."},"properties":{"tags":["CodeQL/LocalPackDefinitionFile"]}}]},{"name":"codeql/javascript-all","semanticVersion":"2.6.11+ce9c8e6e9fd41ef0967b13849bb6ae2183caf9ad","locations":[{"uri":"file:///home/runner/.codeql/packages/codeql/javascript-all/2.6.11/","description":{"text":"The QL pack root directory."},"properties":{"tags":["CodeQL/LocalPackRoot"]}},{"uri":"file:///home/runner/.codeql/packages/codeql/javascript-all/2.6.11/qlpack.yml","description":{"text":"The QL pack definition file."},"properties":{"tags":["CodeQL/LocalPackDefinitionFile"]}}]},{"name":"codeql/threat-models","semanticVersion":"1.0.31+ce9c8e6e9fd41ef0967b13849bb6ae2183caf9ad","locations":[{"uri":"file:///home/runner/.codeql/packages/codeql/threat-models/1.0.31/","description":{"text":"The QL pack root directory."},"properties":{"tags":["CodeQL/LocalPackRoot"]}},{"uri":"file:///home/runner/.codeql/packages/codeql/threat-models/1.0.31/qlpack.yml","description":{"text":"The QL pack definition file."},"properties":{"tags":["CodeQL/LocalPackDefinitionFile"]}}]}]},"artifacts":[{"location":{"uri":"file:///home/runner/work/codeql-development-mcp-server/codeql-development-mcp-server/client/integration-tests/static/javascript/test/ExampleQuery1/ExampleQuery1.js","index":0}}],"results":[{"ruleId":"test/query","ruleIndex":0,"rule":{"id":"test/query","index":0},"message":{"text":"Example test code file found for codeql_test_extract example query."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"file:///home/runner/work/codeql-development-mcp-server/codeql-development-mcp-server/client/integration-tests/static/javascript/test/ExampleQuery1/ExampleQuery1.js","index":0}}}]}],"columnKind":"utf16CodeUnits","properties":{"semmle.formatSpecifier":"sarif-latest"}}]}
+{"$schema":"https://json.schemastore.org/sarif-2.1.0.json","version":"2.1.0","runs":[{"tool":{"driver":{"name":"CodeQL","organization":"GitHub","semanticVersion":"2.25.0","rules":[{"id":"test/query","name":"test/query","shortDescription":{"text":"ExampleQuery1"},"fullDescription":{"text":"Example query for integration testing of the codeql_test_extract MCP server tool."},"defaultConfiguration":{"enabled":true,"level":"warning"},"help":{"text":"# Query Help for JavaScript ExampleQuery1\n\nTODO\n","markdown":"# Query Help for JavaScript ExampleQuery1\n\nTODO\n"},"properties":{"tags":["mcp-integration-tests"],"description":"Example query for integration testing of the codeql_test_extract MCP server tool.","id":"test/query","kind":"problem","name":"ExampleQuery1","precision":"medium","problem.severity":"warning"}}]},"extensions":[{"name":"mcp-client-integration-tests-static-javascript-src","semanticVersion":"0.0.1+fe0e7d2a7059ebb6c6075ff8eaea04f382747656","locations":[{"uri":"file:///home/runner/work/codeql-development-mcp-server/codeql-development-mcp-server/client/integration-tests/static/javascript/src/","description":{"text":"The QL pack root directory."},"properties":{"tags":["CodeQL/LocalPackRoot"]}},{"uri":"file:///home/runner/work/codeql-development-mcp-server/codeql-development-mcp-server/client/integration-tests/static/javascript/src/codeql-pack.yml","description":{"text":"The QL pack definition file."},"properties":{"tags":["CodeQL/LocalPackDefinitionFile"]}}]},{"name":"codeql/javascript-all","semanticVersion":"2.6.11+ce9c8e6e9fd41ef0967b13849bb6ae2183caf9ad","locations":[{"uri":"file:///home/runner/.codeql/packages/codeql/javascript-all/2.6.11/","description":{"text":"The QL pack root directory."},"properties":{"tags":["CodeQL/LocalPackRoot"]}},{"uri":"file:///home/runner/.codeql/packages/codeql/javascript-all/2.6.11/qlpack.yml","description":{"text":"The QL pack definition file."},"properties":{"tags":["CodeQL/LocalPackDefinitionFile"]}}]},{"name":"codeql/threat-models","semanticVersion":"1.0.31+ce9c8e6e9fd41ef0967b13849bb6ae2183caf9ad","locations":[{"uri":"file:///home/runner/.codeql/packages/codeql/threat-models/1.0.31/","description":{"text":"The QL pack root directory."},"properties":{"tags":["CodeQL/LocalPackRoot"]}},{"uri":"file:///home/runner/.codeql/packages/codeql/threat-models/1.0.31/qlpack.yml","description":{"text":"The QL pack definition file."},"properties":{"tags":["CodeQL/LocalPackDefinitionFile"]}}]}]},"artifacts":[{"location":{"uri":"file:///home/runner/work/codeql-development-mcp-server/codeql-development-mcp-server/client/integration-tests/static/javascript/test/ExampleQuery1/ExampleQuery1.js","index":0}}],"results":[{"ruleId":"test/query","ruleIndex":0,"rule":{"id":"test/query","index":0},"message":{"text":"Example test code file found for codeql_test_extract example query."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"file:///home/runner/work/codeql-development-mcp-server/codeql-development-mcp-server/client/integration-tests/static/javascript/test/ExampleQuery1/ExampleQuery1.js","index":0}}}]}],"columnKind":"utf16CodeUnits","properties":{"semmle.formatSpecifier":"sarif-latest"}}]}

client/src/lib/integration-test-runner.js

@@ -226,10 +226,45 @@ export class IntegrationTestRunner {
 
       this.logger.log(`Completed ${totalIntegrationTests} tool-specific integration tests`);
 
+      // Track execution counts and pass/fail separately.
+      // *Count* tracks whether the suite discovered & ran tests.
+      // *Succeeded* tracks whether those tests passed.
+      const toolTestsExecuted = totalIntegrationTests;
+      const toolTestsPassed = totalIntegrationTests > 0;
+
       // Also run workflow integration tests
-      await this.runWorkflowIntegrationTests(baseDir);
+      const { executed: workflowTestsExecuted, passed: workflowTestsPassed } =
+        await this.runWorkflowIntegrationTests(baseDir);
+      if (!workflowTestsPassed) {
+        this.logger.logTest(
+          "Workflow integration tests",
+          false,
+          new Error("Workflow integration tests did not complete successfully")
+        );
+      }
+
+      // Also run prompt integration tests
+      const { executed: promptTestsExecuted, passed: promptTestsPassed } =
+        await this.runPromptIntegrationTests(baseDir);
+      if (!promptTestsPassed) {
+        this.logger.logTest(
+          "Prompt integration tests",
+          false,
+          new Error("Prompt integration tests did not complete successfully")
+        );
+      }
+
+      const totalTestsExecuted = toolTestsExecuted + workflowTestsExecuted + promptTestsExecuted;
+
+      if (totalTestsExecuted === 0) {
+        this.logger.log(
+          "No integration tests were executed across tool, workflow, or prompt suites.",
+          "ERROR"
+        );
+        return false;
+      }
 
-      return totalIntegrationTests > 0;
+      return toolTestsPassed && workflowTestsPassed && promptTestsPassed;
     } catch (error) {
       this.logger.log(`Error running integration tests: ${error.message}`, "ERROR");
       return false;
@@ -1095,6 +1130,161 @@ export class IntegrationTestRunner {
     return params;
   }
 
+  /**
+   * Run prompt-level integration tests.
+   * Discovers test fixtures under `integration-tests/primitives/prompts/`
+   * and calls `client.getPrompt()` for each, validating the response.
+   */
+  async runPromptIntegrationTests(baseDir) {
+    try {
+      this.logger.log("Discovering and running prompt integration tests...");
+
+      const promptTestsDir = path.join(baseDir, "..", "integration-tests", "primitives", "prompts");
+
+      if (!fs.existsSync(promptTestsDir)) {
+        this.logger.log("No prompt integration tests directory found", "INFO");
+        return {
+          executed: 0,
+          passed: true
+        };
+      }
+
+      // Get list of available prompts from the server
+      const response = await this.client.listPrompts();
+      const prompts = response.prompts || [];
+      const promptNames = prompts.map((p) => p.name);
+
+      this.logger.log(`Found ${promptNames.length} prompts available on server`);
+
+      // Discover prompt test directories (each subdirectory = one prompt name)
+      const promptDirs = fs
+        .readdirSync(promptTestsDir, { withFileTypes: true })
+        .filter((dirent) => dirent.isDirectory())
+        .map((dirent) => dirent.name);
+
+      this.logger.log(
+        `Found ${promptDirs.length} prompt test directories: ${promptDirs.join(", ")}`
+      );
+
+      let totalPromptTests = 0;
+      let allPromptTestsPassed = true;
+      for (const promptName of promptDirs) {
+        if (!promptNames.includes(promptName)) {
+          this.logger.log(`Skipping ${promptName} - prompt not found on server`, "WARN");
+          continue;
+        }
+
+        const promptDir = path.join(promptTestsDir, promptName);
+        const testCases = fs
+          .readdirSync(promptDir, { withFileTypes: true })
+          .filter((dirent) => dirent.isDirectory())
+          .map((dirent) => dirent.name);
+
+        this.logger.log(`Running ${testCases.length} test case(s) for prompt ${promptName}`);
+
+        for (const testCase of testCases) {
+          const passed = await this.runSinglePromptIntegrationTest(promptName, testCase, promptDir);
+          totalPromptTests++;
+          if (!passed) {
+            allPromptTestsPassed = false;
+          }
+        }
+      }
+
+      this.logger.log(`Total prompt integration tests executed: ${totalPromptTests}`);
+      return {
+        executed: totalPromptTests,
+        passed: totalPromptTests > 0 ? allPromptTestsPassed : true
+      };
+    } catch (error) {
+      this.logger.log(`Error running prompt integration tests: ${error.message}`, "ERROR");
+      return { executed: 0, passed: false };
+    }
+  }
+
+  /**
+   * Run a single prompt integration test.
+   *
+   * Reads parameters from `before/monitoring-state.json`, calls `getPrompt()`,
+   * and validates that the response contains messages (no protocol-level error).
+   */
+  async runSinglePromptIntegrationTest(promptName, testCase, promptDir) {
+    const testName = `prompt:${promptName}/${testCase}`;
+    this.logger.log(`\nRunning prompt integration test: ${testName}`);
+
+    try {
+      const testCaseDir = path.join(promptDir, testCase);
+      const beforeDir = path.join(testCaseDir, "before");
+      const afterDir = path.join(testCaseDir, "after");
+
+      // Validate test structure
+      if (!fs.existsSync(beforeDir)) {
+        this.logger.logTest(testName, false, "Missing before directory");
+        return false;
+      }
+
+      if (!fs.existsSync(afterDir)) {
+        this.logger.logTest(testName, false, "Missing after directory");
+        return false;
+      }
+
+      // Load parameters from before/monitoring-state.json
+      const monitoringStatePath = path.join(beforeDir, "monitoring-state.json");
+      if (!fs.existsSync(monitoringStatePath)) {
+        this.logger.logTest(testName, false, "Missing before/monitoring-state.json");
+        return false;
+      }
+
+      const monitoringState = JSON.parse(fs.readFileSync(monitoringStatePath, "utf8"));
+      const params = monitoringState.parameters || {};
+      resolvePathPlaceholders(params, this.logger);
+
+      // Call the prompt
+      this.logger.log(`Calling prompt ${promptName} with params: ${JSON.stringify(params)}`);
+
+      const result = await this.client.getPrompt({
+        name: promptName,
+        arguments: params
+      });
+
+      // Validate that the response contains messages (no raw protocol error)
+      const hasMessages = result.messages && result.messages.length > 0;
+      if (!hasMessages) {
+        this.logger.logTest(testName, false, "Expected messages in prompt response");
+        return false;
+      }
+
+      // If the after/monitoring-state.json has expected content checks, validate
+      const afterMonitoringPath = path.join(afterDir, "monitoring-state.json");
+      if (fs.existsSync(afterMonitoringPath)) {
+        const afterState = JSON.parse(fs.readFileSync(afterMonitoringPath, "utf8"));
+
+        // Support both top-level expectedContentPatterns and sessions[].expectedContentPatterns
+        const sessions = afterState.sessions || [];
+        const topLevelPatterns = afterState.expectedContentPatterns || [];
+        const sessionPatterns =
+          sessions.length > 0 ? sessions[0].expectedContentPatterns || [] : [];
+        const expectedPatterns = topLevelPatterns.length > 0 ? topLevelPatterns : sessionPatterns;
+
+        if (expectedPatterns.length > 0) {
+          const text = result.messages[0]?.content?.text || "";
+          for (const pattern of expectedPatterns) {
+            if (!text.includes(pattern)) {
+              this.logger.logTest(testName, false, `Expected response to contain "${pattern}"`);
+              return false;
+            }
+          }
+        }
+      }
+
+      this.logger.logTest(testName, true, `Prompt returned ${result.messages.length} message(s)`);
+      return true;
+    } catch (error) {
+      this.logger.logTest(testName, false, `Error: ${error.message}`);
+      return false;
+    }
+  }
+
   /**
    * Run workflow-level integration tests
    * These tests validate complete workflows rather than individual tools
@@ -1107,7 +1297,7 @@ export class IntegrationTestRunner {
 
       if (!fs.existsSync(workflowTestsDir)) {
         this.logger.log("No workflow integration tests directory found", "INFO");
-        return true;
+        return { executed: 0, passed: true };
       }
 
       // Discover workflow test directories
@@ -1118,7 +1308,7 @@ export class IntegrationTestRunner {
 
       if (workflowDirs.length === 0) {
         this.logger.log("No workflow test directories found", "INFO");
-        return true;
+        return { executed: 0, passed: true };
       }
 
       this.logger.log(`Found ${workflowDirs.length} workflow test(s): ${workflowDirs.join(", ")}`);
@@ -1131,10 +1321,10 @@ export class IntegrationTestRunner {
       }
 
       this.logger.log(`Total workflow integration tests executed: ${totalWorkflowTests}`);
-      return true;
+      return { executed: totalWorkflowTests, passed: true };
     } catch (error) {
       this.logger.log(`Error running workflow integration tests: ${error.message}`, "ERROR");
-      return false;
+      return { executed: 0, passed: false };
     }
   }
 

client/src/lib/mcp-test-suite.js

@@ -22,6 +22,7 @@ export class MCPTestSuite {
     await this.testReadResource();
     await this.testListPrompts();
     await this.testGetPrompt();
+    await this.testGetPromptWithInvalidPath();
   }
 
   /**
@@ -132,6 +133,59 @@ export class MCPTestSuite {
     }
   }
 
+  /**
+   * Test that prompts handle invalid file paths gracefully.
+   *
+   * The explain_codeql_query prompt requires a `queryPath` parameter.
+   * When given a nonexistent path it should return a user-friendly error
+   * message inside the prompt response rather than throwing a raw MCP
+   * protocol error.
+   */
+  async testGetPromptWithInvalidPath() {
+    try {
+      this.logger.log("Testing prompt error handling with invalid file path...");
+
+      const result = await this.client.getPrompt({
+        name: "explain_codeql_query",
+        arguments: {
+          databasePath: "nonexistent/path/to/database",
+          queryPath: "nonexistent/path/to/query.ql",
+          language: "javascript"
+        }
+      });
+
+      // The prompt should return messages (not throw) even for an invalid path
+      const hasMessages = result.messages && result.messages.length > 0;
+      if (!hasMessages) {
+        this.logger.logTest(
+          "Get Prompt with Invalid Path (explain_codeql_query)",
+          false,
+          "Expected messages in response"
+        );
+        return false;
+      }
+
+      // The response should contain a human-readable error about the invalid path
+      const text = result.messages[0]?.content?.text || "";
+      const mentionsPathError =
+        text.includes("does not exist") ||
+        text.includes("not found") ||
+        text.includes("could not be found") ||
+        text.includes("File not found") ||
+        text.includes("⚠");
+
+      this.logger.log(`Prompt response mentions path error: ${mentionsPathError}`);
+      this.logger.logTest("Get Prompt with Invalid Path (explain_codeql_query)", mentionsPathError);
+
+      return mentionsPathError;
+    } catch (error) {
+      // If the server throws instead of returning a message this test fails,
+      // which is the exact behaviour we want to fix.
+      this.logger.logTest("Get Prompt with Invalid Path (explain_codeql_query)", false, error);
+      return false;
+    }
+  }
+
   /**
    * Test listing prompts
    */