Skip to content

seclab-taskflow-integration: Multi-repo CodeQL analysis, annotation store, and query result caching #163

Closed
4 of 4 issues completed
Closed
seclab-taskflow-integration: Multi-repo CodeQL analysis, annotation store, and query result caching#163
4 of 4 issues completed
Labels
enhancementNew feature or request
@data-douser

Description

@data-douser
data-douser
opened on Mar 25, 2026

Overview

This parent issue tracks the multi-phase integration effort to make the CodeQL Development MCP Server the default CodeQL MCP backend for GitHubSecurityLab/seclab-taskflow-agent and GitHubSecurityLab/seclab-taskflows, while also adding significant new capabilities for multi-repository variant analysis (MRVA) workflows.

Key Features

  • CallGraphFromTo query for all 8 CallGraph-supporting languages (transitive call reachability)
  • SqliteStore (sql.js asm.js) replacing lowdb as the unified persistence backend
  • Annotation tools (general-purpose notes/bookmarks on any entity)
  • Audit tools (repo-keyed finding management for MRVA triage workflows)
  • Query result caching with subset retrieval (line range, grep, SARIF filters)
  • In-memory caches for database path resolution, query metadata, and query path dedup
  • CodeQL version tracking (actual vs target, warn on mismatch)
  • Code refactoring for maintainability (extracted database-resolver, query-resolver, result-processor, codeql-version modules)
  • Extended integration test playground with auto-download of real CodeQL databases

Implementation Branch

dd/seclab-taskflow-integration/1 — 9 commits, ~150 files changed

Sub-Issues (Review Order)

# Issue Independent? Depends On
1 #164 — CallGraphFromTo queries for all languages ✅ Yes
2 #165 — SqliteStore + annotation/audit/cache tools ⚠️ Single unit
3 #166 — Client + extension integration tests ⚠️ Coupled #165
4 #167 — Extended integration test playground ✅ Yes #165 (runtime)

Suggested Review Order

  1. Add CallGraphFromTo query for all supported languages #164 first — pure QL query changes, easy to review independently
  2. SqliteStore backend + annotation, audit, and query result cache tools #165 next — core server feature (largest, most impactful)
  3. Integration tests for annotation, audit, cache, and CallGraphFromTo tools #166 after SqliteStore backend + annotation, audit, and query result cache tools #165 — tests for the tools added in SqliteStore backend + annotation, audit, and query result cache tools #165
  4. Extended integration test playground with real CodeQL databases #167 last — playground/testing infrastructure

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions