Merge branch 'main' into dd/bug-fixes/1

Author: data-douser

.github/skills/create-codeql-query-development-workshop/SKILL.md

@@ -398,6 +398,7 @@ Include appropriate CodeQL libraries in `codeql-pack.yml`:
 - **JavaScript/TypeScript**: `codeql/javascript-all`
 - **Python**: `codeql/python-all`
 - **Ruby**: `codeql/ruby-all`
+- **Rust**: `codeql/rust-all`
 
 ### Java-Specific API Notes
 

.github/skills/upgrade-codeql-cli-and-packs/SKILL.md

@@ -113,7 +113,7 @@ Use the `codeql_pack_ls` MCP tool to see what pack versions are installed:
 For each `codeql/*-all` pack, verify it was built for a compatible CLI version by checking the `cliVersion` field in its `qlpack.yml`:
 
 ```bash
-for lang in actions cpp csharp go java javascript python ruby swift; do
+for lang in actions cpp csharp go java javascript python ruby rust swift; do
   version=$(ls ~/.codeql/packages/codeql/${lang}-all/ | head -1)
   echo "$lang-all@$version: $(cat ~/.codeql/packages/codeql/${lang}-all/$version/qlpack.yml | grep cliVersion)"
 done

.github/skills/upgrade-codeql-cli-and-packs/verify-pack-compatibility.sh

@@ -51,7 +51,7 @@ find_extractor_dir() {
 }
 
 ## Languages to check
-LANGUAGES=("actions" "cpp" "csharp" "go" "java" "javascript" "python" "ruby" "swift")
+LANGUAGES=("actions" "cpp" "csharp" "go" "java" "javascript" "python" "ruby" "rust" "swift")
 
 ## Track overall status
 ALL_COMPATIBLE=true

.github/skills/validate-ql-mcp-server-tools-queries/SKILL.md

@@ -33,6 +33,7 @@ The tools queries are available for all CodeQL-supported languages:
 | javascript | `server/ql/javascript/tools/` | `.js`               |
 | python     | `server/ql/python/tools/`     | `.py`               |
 | ruby       | `server/ql/ruby/tools/`       | `.rb`               |
+| rust       | `server/ql/rust/tools/`       | `.rs`               |
 | swift      | `server/ql/swift/tools/`      | `.swift`            |
 
 ## Tools Queries Overview

.github/workflows/query-unit-tests.yml

@@ -42,7 +42,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        language: ['actions', 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby']
+        language: ['actions', 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby', 'rust']
 
     steps:
       - name: Query Unit Tests - ${{ matrix.language }} - Checkout repository

.github/workflows/release-codeql.yml

@@ -82,7 +82,7 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
           RELEASE_NAME="${{ steps.version.outputs.release_name }}"
-          LANGUAGES="actions cpp csharp go java javascript python ruby swift"
+          LANGUAGES="actions cpp csharp go java javascript python ruby rust swift"
 
           # Prerelease versions (containing a hyphen) require --allow-prerelease
           PRERELEASE_FLAG=""
@@ -110,7 +110,7 @@ jobs:
       - name: CodeQL - Bundle CodeQL tool query packs
         run: |
           mkdir -p dist-packs
-          LANGUAGES="actions cpp csharp go java javascript python ruby swift"
+          LANGUAGES="actions cpp csharp go java javascript python ruby rust swift"
           echo "Bundling CodeQL tool query packs..."
           for lang in ${LANGUAGES}; do
             PACK_DIR="server/ql/${lang}/tools/src"
@@ -148,6 +148,6 @@ jobs:
           echo "### Published CodeQL Packs" >> $GITHUB_STEP_SUMMARY
           echo "| Pack | Version |" >> $GITHUB_STEP_SUMMARY
           echo "| ---- | ------- |" >> $GITHUB_STEP_SUMMARY
-          for lang in actions cpp csharp go java javascript python ruby swift; do
+          for lang in actions cpp csharp go java javascript python ruby rust swift; do
             echo "| \`advanced-security/ql-mcp-${lang}-tools-src\` | ${RELEASE_NAME} |" >> $GITHUB_STEP_SUMMARY
           done

.github/workflows/release.yml

@@ -279,6 +279,6 @@ jobs:
           echo "### Published CodeQL Packs" >> $GITHUB_STEP_SUMMARY
           echo "| Pack | Version |" >> $GITHUB_STEP_SUMMARY
           echo "| ---- | ------- |" >> $GITHUB_STEP_SUMMARY
-          for lang in actions cpp csharp go java javascript python ruby swift; do
+          for lang in actions cpp csharp go java javascript python ruby rust swift; do
             echo "| \`advanced-security/ql-mcp-${lang}-tools-src\` | ${RELEASE_NAME} |" >> $GITHUB_STEP_SUMMARY
           done

.prettierignore

@@ -3,6 +3,8 @@
 *.actual
 *.expected
 *.log
+*.ql
+*.qll
 *.qlref
 *.testproj/
 options
@@ -17,6 +19,8 @@ extensions/vscode/test/fixtures/
 node_modules
 query-results*
 server/dist/
+server/ql/*/tools/src/*.md
+server/ql/*/tools/src/**/*.md
 server/ql/*/tools/test/*
 workshops/
 

client/integration-tests/primitives/tools/codeql_query_run/rust_call_graph_from_example1/README.md

@@ -0,0 +1,63 @@
+# Integration Test: codeql_query_run/rust_call_graph_from_example1
+
+## Purpose
+
+Tests the `codeql_query_run` tool with the CallGraphFrom query for Rust language, demonstrating external predicates for source function selection and SARIF format interpretation for call graph visualization.
+
+## Test Scenario
+
+This test validates that the `codeql_query_run` tool can:
+
+1. Accept `queryName` ("CallGraphFrom") and `queryLanguage` ("rust") parameters
+2. Accept `sourceFunction` parameter to specify which function's outbound calls to analyze
+3. Resolve the query path using `codeql resolve queries` to find the CallGraphFrom.ql query
+4. Automatically provide external predicates for the sourceFunction
+5. Execute the resolved query against a Rust test database with external predicate data
+6. Interpret the .bqrs results using native `codeql bqrs interpret --format=sarif-latest`
+7. Generate SARIF format output containing call graph results
+8. Return enhanced results confirming the interpretation succeeded
+
+## Required Inputs
+
+The test requires the following inputs in `before/monitoring-state.json`:
+
+- `queryName`: "CallGraphFrom" - Name of the query to resolve and execute
+- `queryLanguage`: "rust" - Programming language for query resolution
+- `database`: "server/ql/rust/tools/test/CallGraphFrom/CallGraphFrom.testproj" - Path to CodeQL test database
+- `sourceFunction`: "source_func" - Source function name to analyze (used as external predicate)
+- `output`: "query-results.bqrs" - Output file for binary query results
+- `format`: "sarif-latest" - SARIF format for interpreting @kind problem query results
+- `interpretedOutput`: "query-results.sarif" - Output file for SARIF format results
+- `timeout`: 300000 - Timeout in milliseconds (5 minutes)
+
+The test database is created by running `codeql test extract server/ql/rust/tools/test/CallGraphFrom`.
+
+## Expected Outputs
+
+The test expects the following behavior:
+
+- `monitoring-state.json`: Test execution state showing success
+- The tool generates `query-results.bqrs` (binary query results, not committed to repo)
+- The tool interprets results using `codeql bqrs interpret --format=sarif-latest`
+- The SARIF output contains call graph entries showing calls from `source_func` to `unrelated1` and `unrelated2`
+- The monitoring state confirms successful execution and interpretation
+
+## Expected Behavior
+
+The tool should:
+
+1. Resolve "CallGraphFrom" to the absolute path of `server/ql/rust/tools/src/CallGraphFrom/CallGraphFrom.ql`
+2. Automatically add external predicate: `sourceFunction=source_func`
+3. Execute the query against the provided database with the external predicate data
+4. Generate query results in BQRS format
+5. Call `codeql bqrs interpret` with format=sarif-latest
+6. Generate SARIF output showing calls from the source function
+7. Return enhanced output confirming the interpretation succeeded
+
+## External Predicates Integration
+
+This test demonstrates the integration between the MCP server's sourceFunction parameter and CodeQL's extensible predicates system. The CallGraphFrom query uses `extensible predicate sourceFunction(string name)` to receive the function name via data extensions, making it work with any Rust code database.
+
+## Format Parameter
+
+This test uses the `format` parameter which leverages native CodeQL tooling (`codeql bqrs interpret`) to produce SARIF output based on query metadata.

client/integration-tests/primitives/tools/codeql_query_run/rust_call_graph_from_example1/after/monitoring-state.json

@@ -0,0 +1,15 @@
+{
+  "toolName": "codeql_query_run",
+  "parameters": {
+    "queryName": "CallGraphFrom",
+    "queryLanguage": "rust",
+    "database": "server/ql/rust/tools/test/CallGraphFrom/CallGraphFrom.testproj",
+    "sourceFunction": "source_func",
+    "output": "query-results.bqrs",
+    "format": "sarif-latest",
+    "interpretedOutput": "query-results.sarif",
+    "timeout": 300000
+  },
+  "success": true,
+  "description": "Successfully executed CallGraphFrom (@kind problem) query using query name resolution with external predicates and SARIF format interpretation for Rust language"
+}