Add .md docs for all .ql tools queries (#78) (#79)

* Add .md docs for all tools queries (#78)

Add query documentation (.md) for every `server/ql/*/tools/src/*/*.ql`
query across all 9 supported languages: PrintAST, PrintCFG, CallGraphFrom,
and CallGraphTo.

- Add `query-documentation.test.ts` to enforce that every tools query has
  a matching .md file
- Update `server_ql_languages_tools.instructions.md` to require query docs,
  clarify `@kind graph` vs detection-query guidance, and scope
  COMPLIANT/NON_COMPLIANT annotations to detection queries only
- Remove COMPLIANT/NON_COMPLIANT annotations from existing PrintCFG docs
  (structural queries, not detection queries)

* Apply suggestions from code review

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Signed-off-by: Nathan Randall <70299490+data-douser@users.noreply.github.com>

* [UPDATE PRIMITIVE] Consistent `CallGraphFrom`/`CallGraphTo` naming in all language docs (#80)

* Initial plan

* Use CallGraphFrom and CallGraphTo naming consistently in all docs (no spaces)

Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com>

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com>

* Update server/ql/cpp/tools/src/CallGraphFrom/CallGraphFrom.md

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Signed-off-by: Nathan Randall <70299490+data-douser@users.noreply.github.com>

---------

Signed-off-by: Nathan Randall <70299490+data-douser@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com>

Author: 3 people

.github/instructions/server_ql_languages_tools.instructions.md

@@ -22,10 +22,13 @@ Each language directory follows a standardized structure that enables automatic
 - ALWAYS place query implementation files in `tools/src/<query-name>/` subdirectories.
 - ALWAYS place corresponding test files in `tools/test/<query-name>/` subdirectories.
 - ALWAYS include proper CodeQL query metadata using `@name`, `@description`, `@id`, `@kind`, and `@tags` annotations.
+- ALWAYS create a `.md` query documentation file alongside every `.ql` query in `tools/src/<query-name>/` (e.g., `PrintAST.md` next to `PrintAST.ql`). This is enforced by the `query-documentation.test.ts` unit test.
+- ALWAYS use the existing `server/ql/*/tools/src/PrintCFG/PrintCFG.md` files as the canonical style reference for `@kind graph` query documentation. These docs describe the structural output (nodes/edges) rather than flagging problems, so code examples should illustrate what structure the query visualizes — not whether code is compliant or non-compliant.
 - ALWAYS create `.qlref` files that reference the correct query path relative to the tools directory.
 - ALWAYS create `.expected` files with the expected output for each test case.
-- ALWAYS implement test code source files that test both the query's ability to ignore `COMPLIANT` code patterns AND to detect `NON_COMPLIANT` code patterns.
-- ALWAYS comment test cases as either `COMPLIANT` (i.e. query should not match) or `NON-COMPLIANT` (i.e. query should match).
+- ALWAYS implement test code source files that test both the query's ability to ignore `COMPLIANT` code patterns AND to detect `NON_COMPLIANT` code patterns for detection-style queries (`@kind problem` / `@kind path-problem`).
+- ALWAYS comment test cases as either `COMPLIANT` (i.e. query should not match) or `NON-COMPLIANT` (i.e. query should match) for detection-style queries.
+- ALWAYS omit `COMPLIANT` and `NON_COMPLIANT` annotations from `@kind graph` query documentation and test code, because these queries produce structural output (ASTs, CFGs, call graphs) rather than detecting problems.
 - ALWAYS use the `server/scripts/install-packs.sh` script to install dependencies for CodeQL packs defined under the `server/ql/*/language/tools/` directories.
 - ALWAYS use explicit version numbers in `codeql-pack.yml` files; never use wildcards (`*`).
 - ALWAYS set `ql-mcp-*` pack versions to match the CodeQL CLI version from `.codeql-version` (without the `v` prefix).
@@ -51,4 +54,5 @@ Each language directory follows a standardized structure that enables automatic
 - NEVER create `.qlref` files with incorrect paths or missing target queries.
 - NEVER mix different query purposes within a single query file.
 - NEVER omit required CodeQL query metadata annotations.
+- NEVER omit query documentation (`.md`) for any query published in a `tools/src/` pack directory.
 - NEVER create test cases that don't actually exercise the query logic being tested.

server/ql/actions/tools/src/PrintAST/PrintAST.md

@@ -0,0 +1,53 @@
+# Print AST for GitHub Actions
+
+Outputs a representation of the Abstract Syntax Tree (AST) for GitHub Actions workflows and composite actions.
+
+## Overview
+
+The Abstract Syntax Tree is a hierarchical representation of source code structure. Each node represents a syntactic construct (job, step, expression, etc.) and edges represent parent-child containment relationships.
+
+This query produces the full AST for specified GitHub Actions YAML files, which is useful for understanding workflow structure, inspecting how the CodeQL extractor parses action definitions, and debugging query logic that operates on AST nodes.
+
+## Use Cases
+
+This query is primarily used for:
+
+- Inspecting how CodeQL represents workflow structure
+- Debugging queries that match on AST node types
+- Understanding parent-child relationships between jobs, steps, and expressions
+- Verifying extractor behavior for composite actions and reusable workflows
+- IDE integration for syntax tree visualization
+
+## Example
+
+The following GitHub Actions workflow demonstrates AST structure through jobs and steps:
+
+```yaml
+name: Example Workflow
+on: [push]
+jobs:
+  build: # Job node in AST
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2 # Step node in AST
+      - name: Build
+        run: make build # Run step with expression
+```
+
+In the resulting AST:
+
+- The workflow root contains job definitions as children
+- Each job contains step nodes
+- `uses` and `run` steps produce distinct AST node types
+
+## Output Format
+
+The query produces a graph via the `PrintAstConfiguration` library:
+
+- `nodes`: Each AST node with its type, label, and properties
+- `edges`: Parent-child relationships forming the syntax tree
+
+## References
+
+- [GitHub Actions Workflow Syntax](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions)
+- [CodeQL Abstract Syntax Trees](https://codeql.github.com/docs/writing-codeql-queries/abstract-syntax-tree/)

server/ql/actions/tools/src/PrintCFG/PrintCFG.md

@@ -26,11 +26,11 @@ The following GitHub Actions workflow demonstrates control flow through jobs and
 name: Example Workflow
 on: [push]
 jobs:
-  test: # COMPLIANT - Job creates CFG node
+  test: # Job creates CFG node
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2 # COMPLIANT - Step creates CFG node
-      - name: Run tests # COMPLIANT - Steps execute sequentially
+      - uses: actions/checkout@v2 # Step creates CFG node
+      - name: Run tests # Steps execute sequentially
         run: echo "Testing"
 ```
 

server/ql/cpp/tools/src/CallGraphFrom/CallGraphFrom.md

@@ -0,0 +1,44 @@
+# CallGraphFrom for C++
+
+Displays calls made from a specified function, showing the call graph outbound from the source function.
+
+## Overview
+
+This query identifies all function calls made within the body of a named function, producing an outbound call graph. Given a source function name, it reports each call site and the callee, which is useful for understanding function dependencies and call chains.
+
+The query accepts function names via an external predicate (`sourceFunction`) and supports both simple and qualified name matching.
+
+## Use Cases
+
+This query is primarily used for:
+
+- Mapping outbound dependencies of a specific function
+- Understanding what a function calls and in what order
+- Analyzing call chains for refactoring or security review
+- IDE integration for call hierarchy navigation
+
+## Example
+
+The following C++ code demonstrates outbound calls from `sourceFunc`:
+
+```cpp
+void helper1() {}
+void helper2() { helper1(); }
+
+void sourceFunc() {  // Source function for analysis
+    helper1();
+    helper2();
+}
+```
+
+Running with `sourceFunction = "sourceFunc"` produces results showing each call site with the message pattern `Call from 'sourceFunc' to 'helper1'`.
+## Output Format
+
+The query is a `@kind problem` query producing rows of:
+
+- `select call, "Call from 'source' to 'callee'"`
+
+## References
+
+- [C++ Functions](https://en.cppreference.com/w/cpp/language/functions)
+- [CodeQL Call Graph Analysis](https://codeql.github.com/docs/writing-codeql-queries/about-data-flow-analysis/)

server/ql/cpp/tools/src/CallGraphTo/CallGraphTo.md

@@ -0,0 +1,42 @@
+# CallGraphTo for C++
+
+Displays calls made to a specified function, showing the call graph inbound to the target function.
+
+## Overview
+
+This query identifies all call sites that invoke a named function, producing an inbound call graph. Given a target function name, it reports each caller and call location, which is useful for understanding how a function is used across the codebase.
+
+The query accepts function names via an external predicate (`targetFunction`) and supports both simple and qualified name matching.
+
+## Use Cases
+
+This query is primarily used for:
+
+- Finding all callers of a specific function
+- Impact analysis before modifying a function signature
+- Understanding usage patterns and entry points
+- IDE integration for call hierarchy navigation
+
+## Example
+
+The following C++ code demonstrates inbound calls to `targetFunc`:
+
+```cpp
+void targetFunc() {}              // Target function for analysis
+
+void caller1() { targetFunc(); }
+void caller2() { targetFunc(); }
+```
+
+Running with `targetFunction = "targetFunc"` produces results showing each call site with the message pattern `Call to 'targetFunc' from 'caller1'`.
+
+## Output Format
+
+The query is a `@kind problem` query producing rows of:
+
+- `select call, "Call to 'target' from 'caller'"`
+
+## References
+
+- [C++ Functions](https://en.cppreference.com/w/cpp/language/functions)
+- [CodeQL Call Graph Analysis](https://codeql.github.com/docs/writing-codeql-queries/about-data-flow-analysis/)

server/ql/cpp/tools/src/PrintAST/PrintAST.md

@@ -0,0 +1,58 @@
+# Print AST for C++
+
+Outputs a representation of the Abstract Syntax Tree (AST) for specified source files.
+
+## Overview
+
+The Abstract Syntax Tree is a hierarchical representation of source code structure. Each node represents a syntactic construct (declaration, statement, expression, etc.) and edges represent parent-child containment relationships.
+
+This query produces the full AST for specified C++ source files, which is useful for understanding code structure, inspecting how the CodeQL extractor parses declarations and expressions, and debugging query logic that operates on AST nodes.
+
+## Use Cases
+
+This query is primarily used for:
+
+- Inspecting how CodeQL represents C++ declarations and expressions
+- Debugging queries that match on AST node types
+- Understanding parent-child relationships between classes, functions, and statements
+- Verifying extractor behavior for templates, macros, and overloaded operators
+- IDE integration for syntax tree visualization
+
+## Example
+
+The following C++ code demonstrates AST structure through declarations and statements:
+
+```cpp
+#include <iostream>
+
+class Example {
+public:
+    void greet(const std::string& name) {  // Function declaration in AST
+        std::cout << "Hello, " << name << "!" << std::endl;
+    }
+};
+
+int main() {  // Top-level declaration
+    Example e;
+    e.greet("World");
+    return 0;
+}
+```
+
+In the resulting AST:
+
+- The class declaration contains member function declarations as children
+- Each function body contains a statement list
+- Call expressions reference their target and arguments as child nodes
+
+## Output Format
+
+The query produces a graph via the `PrintAstConfiguration` library:
+
+- `nodes`: Each AST node with its type, label, and properties
+- `edges`: Parent-child relationships forming the syntax tree
+
+## References
+
+- [C++ Language Reference](https://en.cppreference.com/w/cpp/language)
+- [CodeQL Abstract Syntax Trees](https://codeql.github.com/docs/writing-codeql-queries/abstract-syntax-tree/)

server/ql/cpp/tools/src/PrintCFG/PrintCFG.md

@@ -25,13 +25,13 @@ The following C++ code demonstrates control flow through conditional statements
 ```cpp
 void example(int x) {
     int result = 0;
-    if (x > 0) {                     // COMPLIANT - Branching creates CFG edges
+    if (x > 0) {  // Branching creates CFG edges
         result = 1;
     } else {
         result = -1;
     }
 
-    for (int i = 0; i < 3; i++) {    // COMPLIANT - Loop creates cyclic CFG
+    for (int i = 0; i < 3; i++) {  // Loop creates cyclic CFG
         result = result + i;
     }
 }

server/ql/csharp/tools/src/CallGraphFrom/CallGraphFrom.md

@@ -0,0 +1,45 @@
+# CallGraphFrom for `csharp` Source Files
+
+Displays calls made from a specified method, showing the call graph outbound from the source method.
+
+## Overview
+
+This query identifies all method calls made within the body of a named method, producing an outbound call graph. Given a source method name, it reports each call site and the callee, which is useful for understanding method dependencies and call chains.
+
+The query accepts method names via an external predicate (`sourceFunction`).
+
+## Use Cases
+
+This query is primarily used for:
+
+- Mapping outbound dependencies of a specific method
+- Understanding what a method calls and in what order
+- Analyzing call chains for refactoring or security review
+- IDE integration for call hierarchy navigation
+
+## Example
+
+The following C# code demonstrates outbound calls from `SourceMethod`:
+
+```csharp
+void Helper1() {}
+void Helper2() { Helper1(); }
+
+void SourceMethod() {  // Source method for analysis
+    Helper1();
+    Helper2();
+}
+```
+
+Running with `sourceFunction = "SourceMethod"` produces results showing each call site with the message pattern `Call from 'SourceMethod' to 'Helper1'`.
+
+## Output Format
+
+The query is a `@kind problem` query producing rows of:
+
+- `select call, "Call from 'source' to 'callee'"`
+
+## References
+
+- [C# Methods](https://learn.microsoft.com/en-us/dotnet/csharp/methods)
+- [CodeQL Call Graph Analysis](https://codeql.github.com/docs/writing-codeql-queries/about-data-flow-analysis/)

server/ql/csharp/tools/src/CallGraphTo/CallGraphTo.md

@@ -0,0 +1,42 @@
+# CallGraphTo for `csharp` Source Files
+
+Displays calls made to a specified method, showing the call graph inbound to the target method.
+
+## Overview
+
+This query identifies all call sites that invoke a named method, producing an inbound call graph. Given a target method name, it reports each caller and call location, which is useful for understanding how a method is used across the codebase.
+
+The query accepts method names via an external predicate (`targetFunction`).
+
+## Use Cases
+
+This query is primarily used for:
+
+- Finding all callers of a specific method
+- Impact analysis before modifying a method signature
+- Understanding usage patterns and entry points
+- IDE integration for call hierarchy navigation
+
+## Example
+
+The following C# code demonstrates inbound calls to `TargetMethod`:
+
+```csharp
+void TargetMethod() {}            // Target method for analysis
+
+void Caller1() { TargetMethod(); }
+void Caller2() { TargetMethod(); }
+```
+
+Running with `targetFunction = "TargetMethod"` produces results showing each call site with the message pattern `Call to 'TargetMethod' from 'Caller1'`.
+
+## Output Format
+
+The query is a `@kind problem` query producing rows of:
+
+- `select call, "Call to 'target' from 'caller'"`
+
+## References
+
+- [C# Methods](https://learn.microsoft.com/en-us/dotnet/csharp/methods)
+- [CodeQL Call Graph Analysis](https://codeql.github.com/docs/writing-codeql-queries/about-data-flow-analysis/)

server/ql/csharp/tools/src/PrintAST/PrintAST.md

@@ -0,0 +1,56 @@
+# Print AST for `csharp` Source Files
+
+Outputs a representation of the Abstract Syntax Tree (AST) for specified source files.
+
+## Overview
+
+The Abstract Syntax Tree is a hierarchical representation of source code structure. Each node represents a syntactic construct (declaration, statement, expression, etc.) and edges represent parent-child containment relationships.
+
+This query produces the full AST for specified C# source files, which is useful for understanding code structure, inspecting how the CodeQL extractor parses classes and methods, and debugging query logic that operates on AST nodes.
+
+## Use Cases
+
+This query is primarily used for:
+
+- Inspecting how CodeQL represents C# classes, methods, and expressions
+- Debugging queries that match on AST node types
+- Understanding parent-child relationships between namespaces, types, and members
+- Verifying extractor behavior for generics, LINQ, and async/await patterns
+- IDE integration for syntax tree visualization
+
+## Example
+
+The following C# code demonstrates AST structure through class and method declarations:
+
+```csharp
+using System;
+
+public class Example {
+    public void Greet(string name) {  // Method declaration in AST
+        Console.WriteLine($"Hello, {name}!");
+    }
+
+    public static void Main(string[] args) {  // Entry point declaration
+        var e = new Example();
+        e.Greet("World");
+    }
+}
+```
+
+In the resulting AST:
+
+- The class declaration contains method declarations as children
+- Each method body contains a block with statement nodes
+- Call expressions reference their target and arguments as child nodes
+
+## Output Format
+
+The query produces a graph via the `PrintAstConfiguration` library:
+
+- `nodes`: Each AST node with its type, label, and properties
+- `edges`: Parent-child relationships forming the syntax tree
+
+## References
+
+- [C# Language Reference](https://learn.microsoft.com/en-us/dotnet/csharp/)
+- [CodeQL Abstract Syntax Trees](https://codeql.github.com/docs/writing-codeql-queries/abstract-syntax-tree/)