Fix: use 'extensible predicates' wording and codeql-pack.yml comments per review feedback

Copilot · data-douser · data-douser · commit 395f768ac027 · 2026-03-27T12:33:39.000-06:00
Agent-Logs-Url: https://github.com/advanced-security/codeql-development-mcp-server/sessions/e21331aa-0d89-452b-8800-25ac99ac45ef Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com>
diff --git a/server/dist/codeql-development-mcp-server.js.map b/server/dist/codeql-development-mcp-server.js.map
diff --git a/server/ql/cpp/tools/src/CallGraphFromTo/CallGraphFromTo.md b/server/ql/cpp/tools/src/CallGraphFromTo/CallGraphFromTo.md
@@ -6,7 +6,7 @@ Displays calls on reachable paths from a source function to a target function, s
 
 This query identifies all function calls that lie on any transitive call path from a specified source function to a specified target function. Given both a source and target function name, it reports each call site along the connecting paths, which is useful for understanding indirect call chains, security-relevant data flow paths, and function reachability.
 
-The query uses transitive closure (`calls*`) to determine reachability, then reports only the direct call sites that contribute to paths between the source and target. It accepts function names via external predicates (`sourceFunction` and `targetFunction`) and supports both simple and qualified name matching.
+The query uses transitive closure (`calls*`) to determine reachability, then reports only the direct call sites that contribute to paths between the source and target. It accepts function names via extensible predicates (`sourceFunction` and `targetFunction`) populated via CodeQL data extensions or model packs (see `ExternalPredicates.qll`) and supports both simple and qualified name matching.
 
 ## Use Cases
 
diff --git a/server/ql/csharp/tools/src/CallGraphFromTo/CallGraphFromTo.md b/server/ql/csharp/tools/src/CallGraphFromTo/CallGraphFromTo.md
@@ -6,7 +6,7 @@ Displays calls on reachable paths from a source method to a target method, showi
 
 This query identifies all method calls that lie on any transitive call path from a specified source method to a specified target method. Given both a source and target method name, it reports each call site along the connecting paths, which is useful for understanding indirect call chains, security-relevant data flow paths, and method reachability.
 
-The query uses transitive closure (`calls*`) to determine reachability, then reports only the direct call sites that contribute to paths between the source and target. It accepts method names via external predicates (`sourceFunction` and `targetFunction`).
+The query uses transitive closure (`calls*`) to determine reachability, then reports only the direct call sites that contribute to paths between the source and target. It accepts method names via extensible predicates (`sourceFunction` and `targetFunction`) populated via CodeQL data extensions / model packs (see `ExternalPredicates.qll`).
 
 ## Use Cases
 
diff --git a/server/ql/go/tools/src/CallGraphFromTo/CallGraphFromTo.md b/server/ql/go/tools/src/CallGraphFromTo/CallGraphFromTo.md
@@ -6,7 +6,7 @@ Displays calls on reachable paths from a source function to a target function, s
 
 This query identifies all function calls that lie on any transitive call path from a specified source function to a specified target function. Given both a source and target function name, it reports each call site along the connecting paths, which is useful for understanding indirect call chains, security-relevant data flow paths, and function reachability.
 
-The query uses transitive closure (`calls*`) to determine reachability, then reports only the direct call sites that contribute to paths between the source and target. It accepts function names via external predicates (`sourceFunction` and `targetFunction`).
+The query uses transitive closure (`calls*`) to determine reachability, then reports only the direct call sites that contribute to paths between the source and target. It accepts function names via extensible predicates (`sourceFunction` and `targetFunction`) populated via CodeQL data extensions / model packs (see `ExternalPredicates.qll`).
 
 ## Use Cases
 
diff --git a/server/ql/java/tools/src/CallGraphFromTo/CallGraphFromTo.md b/server/ql/java/tools/src/CallGraphFromTo/CallGraphFromTo.md
@@ -6,7 +6,7 @@ Displays calls on reachable paths from a source method to a target method, showi
 
 This query identifies all method calls that lie on any transitive call path from a specified source method to a specified target method. Given both a source and target method name, it reports each call site along the connecting paths, which is useful for understanding indirect call chains, security-relevant data flow paths, and method reachability.
 
-The query uses transitive closure (`calls*`) to determine reachability, then reports only the direct call sites that contribute to paths between the source and target. It accepts method names via external predicates (`sourceFunction` and `targetFunction`).
+The query uses transitive closure (`calls*`) to determine reachability, then reports only the direct call sites that contribute to paths between the source and target. It accepts method names via extensible predicates (`sourceFunction` and `targetFunction`) populated via CodeQL data extensions / model packs (see `ExternalPredicates.qll`).
 
 ## Use Cases
 
diff --git a/server/ql/javascript/tools/src/CallGraphFromTo/CallGraphFromTo.md b/server/ql/javascript/tools/src/CallGraphFromTo/CallGraphFromTo.md
@@ -6,7 +6,7 @@ Displays calls on reachable paths from a source function to a target function, s
 
 This query identifies all function calls that lie on any transitive call path from a specified source function to a specified target function. Given both a source and target function name, it reports each call site along the connecting paths, which is useful for understanding indirect call chains, security-relevant data flow paths, and function reachability.
 
-The query uses transitive closure (`calls*`) to determine reachability, then reports only the direct call sites that contribute to paths between the source and target. It accepts function names via external predicates (`sourceFunction` and `targetFunction`).
+The query uses transitive closure (`calls*`) to determine reachability, then reports only the direct call sites that contribute to paths between the source and target. It accepts function names via extensible predicates (`sourceFunction` and `targetFunction`) populated via CodeQL data extensions / model packs (see `ExternalPredicates.qll`).
 
 ## Use Cases
 
diff --git a/server/ql/python/tools/src/CallGraphFromTo/CallGraphFromTo.md b/server/ql/python/tools/src/CallGraphFromTo/CallGraphFromTo.md
@@ -6,7 +6,7 @@ Displays calls on reachable paths from a source function to a target function, s
 
 This query identifies all function calls that lie on any transitive call path from a specified source function to a specified target function. Given both a source and target function name, it reports each call site along the connecting paths, which is useful for understanding indirect call chains, security-relevant data flow paths, and function reachability.
 
-The query uses transitive closure (`calls*`) to determine reachability, then reports only the direct call sites that contribute to paths between the source and target. It accepts function names via external predicates (`sourceFunction` and `targetFunction`).
+The query uses transitive closure (`calls*`) to determine reachability, then reports only the direct call sites that contribute to paths between the source and target. It accepts function names via extensible predicates (`sourceFunction` and `targetFunction`) populated via CodeQL data extensions / model packs (see `ExternalPredicates.qll`).
 
 ## Use Cases
 
diff --git a/server/ql/ruby/tools/src/CallGraphFromTo/CallGraphFromTo.md b/server/ql/ruby/tools/src/CallGraphFromTo/CallGraphFromTo.md
@@ -6,7 +6,7 @@ Displays calls on reachable paths from a source method to a target method, showi
 
 This query identifies all method calls that lie on any transitive call path from a specified source method to a specified target method. Given both a source and target method name, it reports each call site along the connecting paths, which is useful for understanding indirect call chains, security-relevant data flow paths, and method reachability.
 
-The query uses transitive closure (`calls*`) to determine reachability, then reports only the direct call sites that contribute to paths between the source and target. It accepts method names via external predicates (`sourceFunction` and `targetFunction`).
+The query uses transitive closure (`calls*`) to determine reachability, then reports only the direct call sites that contribute to paths between the source and target. It accepts method names via extensible predicates (`sourceFunction` and `targetFunction`) populated via CodeQL data extensions / model packs (see `ExternalPredicates.qll`).
 
 ## Use Cases
 
diff --git a/server/ql/swift/tools/src/CallGraphFromTo/CallGraphFromTo.md b/server/ql/swift/tools/src/CallGraphFromTo/CallGraphFromTo.md
@@ -6,7 +6,7 @@ Displays calls on reachable paths from a source function to a target function, s
 
 This query identifies all function calls that lie on any transitive call path from a specified source function to a specified target function. Given both a source and target function name, it reports each call site along the connecting paths, which is useful for understanding indirect call chains, security-relevant data flow paths, and function reachability.
 
-The query uses transitive closure (`calls*`) to determine reachability, then reports only the direct call sites that contribute to paths between the source and target. It accepts function names via external predicates (`sourceFunction` and `targetFunction`).
+The query uses transitive closure (`calls*`) to determine reachability, then reports only the direct call sites that contribute to paths between the source and target. It accepts function names via extensible predicates (`sourceFunction` and `targetFunction`) populated via CodeQL data extensions / model packs (see `ExternalPredicates.qll`).
 
 ## Use Cases
 
diff --git a/server/src/lib/cli-tool-registry.ts b/server/src/lib/cli-tool-registry.ts
@@ -297,7 +297,7 @@ export function registerCLITool(server: McpServer, definition: CLIToolDefinition
             
             // Handle extensible predicates for tool queries via data extensions.
             // Instead of CSV files + --external flags, we create a temporary
-            // extension pack with a qlpack.yml and data extension YAML that
+            // extension pack with a codeql-pack.yml and data extension YAML that
             // injects values into the src pack's extensible predicates.
             const extensiblePredicates: Record<string, string[]> = {};
             
@@ -336,7 +336,7 @@ export function registerCLITool(server: McpServer, definition: CLIToolDefinition
                   const extPackDir = createProjectTempDir('codeql-ext-pack-');
                   tempDirsToCleanup.push(extPackDir);
                   
-                  // Create qlpack.yml for the temporary extension pack
+                  // Create codeql-pack.yml for the temporary extension pack
                   const qlpackContent = [
                     'library: true',
                     'name: advanced-security/ql-mcp-runtime-extensions',
