Add support for rust language (#195)

* Initial plan

* Add Rust language support: query packs, TypeScript, scripts, docs, CI

Create Rust CodeQL query pack structure with PrintAST, PrintCFG,
CallGraphFrom, CallGraphTo, and CallGraphFromTo tool queries.
Update all TypeScript source, shell scripts, documentation,
skills, and CI/CD configurations to include Rust.

Agent-Logs-Url: https://github.com/advanced-security/codeql-development-mcp-server/sessions/1817d842-51f6-4414-8df3-5b40c48bc036

Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com>

* Fix tests and add query documentation files for Rust

- Update workflow-prompts tests to expect 10 languages (was 9)
- Replace 'rust' with 'kotlin' as invalid language in tests since
  'rust' is now a valid supported language
- Add .md documentation files for all 5 Rust tool queries

Agent-Logs-Url: https://github.com/advanced-security/codeql-development-mcp-server/sessions/1817d842-51f6-4414-8df3-5b40c48bc036

Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com>

* Update remaining scripts, workflows, and skills for Rust support

Update server-overview.md, setup-packs.sh, upgrade-packs.sh,
update-release-version.sh, release-codeql.yml, and skill files
to include 'rust' in language lists. Also update help text in
install-packs.sh, extract-test-databases.sh, and
run-query-unit-tests.sh.

Agent-Logs-Url: https://github.com/advanced-security/codeql-development-mcp-server/sessions/1817d842-51f6-4414-8df3-5b40c48bc036

Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com>

* Plan for addressing review feedback

Agent-Logs-Url: https://github.com/advanced-security/codeql-development-mcp-server/sessions/936d5519-c2a3-418b-9d95-555823d3ea7e

Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com>

* Address review feedback: pin codeql/rust-all, fix queries, populate .expected files, add rust_ast.md resource

- Pin codeql/rust-all to 0.2.10 (not '*') matching other language conventions
- Fix Rust CallGraph queries: use getName().getText() for string comparison
  (Rust's getName() returns Name object, not string like Swift's)
- Populate all 5 .expected files with actual query test results
- Generate codeql-pack.lock.yml for both src and test packs
- Create server/src/resources/languages/rust_ast.md AST reference resource
- Register Rust AST resource in language-types.ts
- Add 'rust' to VSIX bundle-server.js LANGUAGES array
- Change 'kotlin' to 'cobol' as invalid language in tests
- Update language-resources tests for 9 AST resources (was 8)

Agent-Logs-Url: https://github.com/advanced-security/codeql-development-mcp-server/sessions/936d5519-c2a3-418b-9d95-555823d3ea7e

Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com>

* Add client integration tests for codeql_query_run with Rust language

- rust_tools_print_ast: Tests PrintAST query with graphtext format
  interpretation, including expected graphtext output for AST visualization
- rust_call_graph_from_example1: Tests CallGraphFrom query with SARIF format
  interpretation and external predicates for source function selection

Agent-Logs-Url: https://github.com/advanced-security/codeql-development-mcp-server/sessions/ee9dfe2b-a152-4a44-88b9-6e9c2b7bc831

Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com>

* Fix mcp-prompt-e2e extension integration test

* Fix reviewer comments: correct message pattern spacing in query docs, use extensible predicate wording in integration test READMEs, apply codeql query format to all .ql/.qll files, add *.ql and *.qll to .prettierignore

Agent-Logs-Url: https://github.com/advanced-security/codeql-development-mcp-server/sessions/b3ea9842-0497-431d-86d2-800c5fd46faa

Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com>

* Sync server/dist/** after rebase

* Fix MatchExpr and ForExpr accessor names in rust_ast.md resource

Agent-Logs-Url: https://github.com/advanced-security/codeql-development-mcp-server/sessions/d79c8230-94c3-42ee-8ee7-ec65be88d8e9

Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com>

* Fix CallGraph queries to use resolved target entities instead of name-based matching

Agent-Logs-Url: https://github.com/advanced-security/codeql-development-mcp-server/sessions/8ce53ee0-dea8-4a8f-b300-436d11463003

Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com>

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com>
Co-authored-by: Nathan Randall <data-douser@github.com>

Author: Copilot

.github/skills/create-codeql-query-development-workshop/SKILL.md

@@ -398,6 +398,7 @@ Include appropriate CodeQL libraries in `codeql-pack.yml`:
 - **JavaScript/TypeScript**: `codeql/javascript-all`
 - **Python**: `codeql/python-all`
 - **Ruby**: `codeql/ruby-all`
+- **Rust**: `codeql/rust-all`
 
 ### Java-Specific API Notes
 

.github/skills/upgrade-codeql-cli-and-packs/SKILL.md

@@ -113,7 +113,7 @@ Use the `codeql_pack_ls` MCP tool to see what pack versions are installed:
 For each `codeql/*-all` pack, verify it was built for a compatible CLI version by checking the `cliVersion` field in its `qlpack.yml`:
 
 ```bash
-for lang in actions cpp csharp go java javascript python ruby swift; do
+for lang in actions cpp csharp go java javascript python ruby rust swift; do
   version=$(ls ~/.codeql/packages/codeql/${lang}-all/ | head -1)
   echo "$lang-all@$version: $(cat ~/.codeql/packages/codeql/${lang}-all/$version/qlpack.yml | grep cliVersion)"
 done

.github/skills/upgrade-codeql-cli-and-packs/verify-pack-compatibility.sh

@@ -51,7 +51,7 @@ find_extractor_dir() {
 }
 
 ## Languages to check
-LANGUAGES=("actions" "cpp" "csharp" "go" "java" "javascript" "python" "ruby" "swift")
+LANGUAGES=("actions" "cpp" "csharp" "go" "java" "javascript" "python" "ruby" "rust" "swift")
 
 ## Track overall status
 ALL_COMPATIBLE=true

.github/skills/validate-ql-mcp-server-tools-queries/SKILL.md

@@ -33,6 +33,7 @@ The tools queries are available for all CodeQL-supported languages:
 | javascript | `server/ql/javascript/tools/` | `.js`               |
 | python     | `server/ql/python/tools/`     | `.py`               |
 | ruby       | `server/ql/ruby/tools/`       | `.rb`               |
+| rust       | `server/ql/rust/tools/`       | `.rs`               |
 | swift      | `server/ql/swift/tools/`      | `.swift`            |
 
 ## Tools Queries Overview

.github/workflows/query-unit-tests.yml

@@ -42,7 +42,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        language: ['actions', 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby']
+        language: ['actions', 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby', 'rust']
 
     steps:
       - name: Query Unit Tests - ${{ matrix.language }} - Checkout repository

.github/workflows/release-codeql.yml

@@ -82,7 +82,7 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
           RELEASE_NAME="${{ steps.version.outputs.release_name }}"
-          LANGUAGES="actions cpp csharp go java javascript python ruby swift"
+          LANGUAGES="actions cpp csharp go java javascript python ruby rust swift"
 
           # Prerelease versions (containing a hyphen) require --allow-prerelease
           PRERELEASE_FLAG=""
@@ -110,7 +110,7 @@ jobs:
       - name: CodeQL - Bundle CodeQL tool query packs
         run: |
           mkdir -p dist-packs
-          LANGUAGES="actions cpp csharp go java javascript python ruby swift"
+          LANGUAGES="actions cpp csharp go java javascript python ruby rust swift"
           echo "Bundling CodeQL tool query packs..."
           for lang in ${LANGUAGES}; do
             PACK_DIR="server/ql/${lang}/tools/src"
@@ -148,6 +148,6 @@ jobs:
           echo "### Published CodeQL Packs" >> $GITHUB_STEP_SUMMARY
           echo "| Pack | Version |" >> $GITHUB_STEP_SUMMARY
           echo "| ---- | ------- |" >> $GITHUB_STEP_SUMMARY
-          for lang in actions cpp csharp go java javascript python ruby swift; do
+          for lang in actions cpp csharp go java javascript python ruby rust swift; do
             echo "| \`advanced-security/ql-mcp-${lang}-tools-src\` | ${RELEASE_NAME} |" >> $GITHUB_STEP_SUMMARY
           done

.github/workflows/release.yml

@@ -279,6 +279,6 @@ jobs:
           echo "### Published CodeQL Packs" >> $GITHUB_STEP_SUMMARY
           echo "| Pack | Version |" >> $GITHUB_STEP_SUMMARY
           echo "| ---- | ------- |" >> $GITHUB_STEP_SUMMARY
-          for lang in actions cpp csharp go java javascript python ruby swift; do
+          for lang in actions cpp csharp go java javascript python ruby rust swift; do
             echo "| \`advanced-security/ql-mcp-${lang}-tools-src\` | ${RELEASE_NAME} |" >> $GITHUB_STEP_SUMMARY
           done

.prettierignore

@@ -3,6 +3,8 @@
 *.actual
 *.expected
 *.log
+*.ql
+*.qll
 *.qlref
 *.testproj/
 options
@@ -17,6 +19,8 @@ extensions/vscode/test/fixtures/
 node_modules
 query-results*
 server/dist/
+server/ql/*/tools/src/*.md
+server/ql/*/tools/src/**/*.md
 server/ql/*/tools/test/*
 workshops/
 

client/integration-tests/primitives/tools/codeql_query_run/rust_call_graph_from_example1/README.md

@@ -0,0 +1,63 @@
+# Integration Test: codeql_query_run/rust_call_graph_from_example1
+
+## Purpose
+
+Tests the `codeql_query_run` tool with the CallGraphFrom query for Rust language, demonstrating external predicates for source function selection and SARIF format interpretation for call graph visualization.
+
+## Test Scenario
+
+This test validates that the `codeql_query_run` tool can:
+
+1. Accept `queryName` ("CallGraphFrom") and `queryLanguage` ("rust") parameters
+2. Accept `sourceFunction` parameter to specify which function's outbound calls to analyze
+3. Resolve the query path using `codeql resolve queries` to find the CallGraphFrom.ql query
+4. Automatically provide external predicates for the sourceFunction
+5. Execute the resolved query against a Rust test database with external predicate data
+6. Interpret the .bqrs results using native `codeql bqrs interpret --format=sarif-latest`
+7. Generate SARIF format output containing call graph results
+8. Return enhanced results confirming the interpretation succeeded
+
+## Required Inputs
+
+The test requires the following inputs in `before/monitoring-state.json`:
+
+- `queryName`: "CallGraphFrom" - Name of the query to resolve and execute
+- `queryLanguage`: "rust" - Programming language for query resolution
+- `database`: "server/ql/rust/tools/test/CallGraphFrom/CallGraphFrom.testproj" - Path to CodeQL test database
+- `sourceFunction`: "source_func" - Source function name to analyze (used as external predicate)
+- `output`: "query-results.bqrs" - Output file for binary query results
+- `format`: "sarif-latest" - SARIF format for interpreting @kind problem query results
+- `interpretedOutput`: "query-results.sarif" - Output file for SARIF format results
+- `timeout`: 300000 - Timeout in milliseconds (5 minutes)
+
+The test database is created by running `codeql test extract server/ql/rust/tools/test/CallGraphFrom`.
+
+## Expected Outputs
+
+The test expects the following behavior:
+
+- `monitoring-state.json`: Test execution state showing success
+- The tool generates `query-results.bqrs` (binary query results, not committed to repo)
+- The tool interprets results using `codeql bqrs interpret --format=sarif-latest`
+- The SARIF output contains call graph entries showing calls from `source_func` to `unrelated1` and `unrelated2`
+- The monitoring state confirms successful execution and interpretation
+
+## Expected Behavior
+
+The tool should:
+
+1. Resolve "CallGraphFrom" to the absolute path of `server/ql/rust/tools/src/CallGraphFrom/CallGraphFrom.ql`
+2. Automatically add external predicate: `sourceFunction=source_func`
+3. Execute the query against the provided database with the external predicate data
+4. Generate query results in BQRS format
+5. Call `codeql bqrs interpret` with format=sarif-latest
+6. Generate SARIF output showing calls from the source function
+7. Return enhanced output confirming the interpretation succeeded
+
+## External Predicates Integration
+
+This test demonstrates the integration between the MCP server's sourceFunction parameter and CodeQL's extensible predicates system. The CallGraphFrom query uses `extensible predicate sourceFunction(string name)` to receive the function name via data extensions, making it work with any Rust code database.
+
+## Format Parameter
+
+This test uses the `format` parameter which leverages native CodeQL tooling (`codeql bqrs interpret`) to produce SARIF output based on query metadata.

client/integration-tests/primitives/tools/codeql_query_run/rust_call_graph_from_example1/after/monitoring-state.json

@@ -0,0 +1,15 @@
+{
+  "toolName": "codeql_query_run",
+  "parameters": {
+    "queryName": "CallGraphFrom",
+    "queryLanguage": "rust",
+    "database": "server/ql/rust/tools/test/CallGraphFrom/CallGraphFrom.testproj",
+    "sourceFunction": "source_func",
+    "output": "query-results.bqrs",
+    "format": "sarif-latest",
+    "interpretedOutput": "query-results.sarif",
+    "timeout": 300000
+  },
+  "success": true,
+  "description": "Successfully executed CallGraphFrom (@kind problem) query using query name resolution with external predicates and SARIF format interpretation for Rust language"
+}