Skip to content

Updated versions & CHANGELOG.md for v2.25.1-next.1 release#197

Merged
data-douser merged 2 commits intomainfrom
dd/changelog/v2.25.1-next.1
Mar 30, 2026
Merged

Updated versions & CHANGELOG.md for v2.25.1-next.1 release#197
data-douser merged 2 commits intomainfrom
dd/changelog/v2.25.1-next.1

Conversation

@data-douser
Copy link
Copy Markdown
Collaborator

@data-douser data-douser commented Mar 30, 2026
edited by Copilot AI
Loading

Release notes to use for the planned v2.25.1-next.1 release:

## [v2.25.1-next.1] — 2026-03-30

### Highlights

- **Rust language support** — Added first-class Rust support with all standard tool queries (PrintAST, PrintCFG, CallGraphFrom, CallGraphTo, CallGraphFromTo) plus a new `rust_ast.md` language resource, bringing the total supported languages to 10. (<a href="https://github.com/advanced-security/codeql-development-mcp-server/pull/195">#195</a>)
- **SqliteStore backend + 14 new opt-in tools** — Replaced `lowdb` with `sql.js` (SQLite compiled to asm.js) as the unified storage backend. Introduced annotation (6 tools), audit (4 tools), and query result cache (4 tools) suites, gated by `ENABLE_ANNOTATION_TOOLS`. (<a href="https://github.com/advanced-security/codeql-development-mcp-server/pull/169">#169</a>)
- **VS Code workspace folder change fix** — The ql-mcp server now correctly restarts with a fresh environment when workspace folders are added or removed, fixing a bug where the server was left in a broken state. (<a href="https://github.com/advanced-security/codeql-development-mcp-server/pull/196">#196</a>)

### Added

#### MCP Server Tools

| Tool | Description |
| ---- | ----------- |
| `annotation_create` | Create general-purpose notes and bookmarks on any entity. (<a href="https://github.com/advanced-security/codeql-development-mcp-server/pull/169">#169</a>) |
| `annotation_get` | Retrieve a specific annotation by ID. (<a href="https://github.com/advanced-security/codeql-development-mcp-server/pull/169">#169</a>) |
| `annotation_list` | List all annotations, optionally filtered. (<a href="https://github.com/advanced-security/codeql-development-mcp-server/pull/169">#169</a>) |
| `annotation_update` | Update an existing annotation. (<a href="https://github.com/advanced-security/codeql-development-mcp-server/pull/169">#169</a>) |
| `annotation_delete` | Delete an annotation by ID. (<a href="https://github.com/advanced-security/codeql-development-mcp-server/pull/169">#169</a>) |
| `annotation_search` | Full-text search across annotations. (<a href="https://github.com/advanced-security/codeql-development-mcp-server/pull/169">#169</a>) |
| `audit_store_findings` | Store repo-keyed findings for MRVA triage workflows. (<a href="https://github.com/advanced-security/codeql-development-mcp-server/pull/169">#169</a>) |
| `audit_list_findings` | List audit findings for a repository. (<a href="https://github.com/advanced-security/codeql-development-mcp-server/pull/169">#169</a>) |
| `audit_add_notes` | Add notes to audit findings. (<a href="https://github.com/advanced-security/codeql-development-mcp-server/pull/169">#169</a>) |
| `audit_clear_repo` | Clear all findings for a repository. (<a href="https://github.com/advanced-security/codeql-development-mcp-server/pull/169">#169</a>) |
| `query_results_cache_lookup` | Look up cached query results with subset retrieval. (<a href="https://github.com/advanced-security/codeql-development-mcp-server/pull/169">#169</a>) |
| `query_results_cache_retrieve` | Retrieve cached query results with line range, grep, and SARIF filters. (<a href="https://github.com/advanced-security/codeql-development-mcp-server/pull/169">#169</a>) |
| `query_results_cache_clear` | Clear the query result cache. (<a href="https://github.com/advanced-security/codeql-development-mcp-server/pull/169">#169</a>) |
| `query_results_cache_compare` | Compare query results across databases. (<a href="https://github.com/advanced-security/codeql-development-mcp-server/pull/169">#169</a>) |

#### CodeQL Query Packs

| Pack | Description |
| ---- | ----------- |
| Rust tool queries | `PrintAST`, `PrintCFG`, `CallGraphFrom`, `CallGraphTo`, `CallGraphFromTo` for Rust, using entity-based function resolution via `getResolvedTarget()`. (<a href="https://github.com/advanced-security/codeql-development-mcp-server/pull/195">#195</a>) |

#### MCP Server Resources

| URI | Description |
| --- | ----------- |
| `codeql://languages/rust/ast` | Comprehensive Rust AST class reference for CodeQL query development, with verified accessor predicates. (<a href="https://github.com/advanced-security/codeql-development-mcp-server/pull/195">#195</a>) |

#### Infrastructure &amp; CI/CD

- Added Rust to all CI/CD workflows: `query-unit-tests.yml`, `release.yml`, `release-codeql.yml`. (<a href="https://github.com/advanced-security/codeql-development-mcp-server/pull/195">#195</a>)
- Added client integration tests for Rust PrintAST and CallGraphFrom. (<a href="https://github.com/advanced-security/codeql-development-mcp-server/pull/195">#195</a>)
- Added client integration tests for all 14 new annotation/audit/cache tools and an MRVA triage workflow end-to-end test. (<a href="https://github.com/advanced-security/codeql-development-mcp-server/pull/169">#169</a>)
- Added `.prettierignore` entries for `*.ql`, `*.qll`, and query documentation `.md` files to prevent prettier from overriding CodeQL formatting. (<a href="https://github.com/advanced-security/codeql-development-mcp-server/pull/195">#195</a>)

### Changed

#### MCP Server Tools

| Tool | Change |
| ---- | ------ |
| `codeql_query_run` | Results are now auto-cached in the SqliteStore after SARIF interpretation. (<a href="https://github.com/advanced-security/codeql-development-mcp-server/pull/169">#169</a>) |
| `extractQueryMetadata` | LRU in-memory cache with mtime-based invalidation for improved performance. (<a href="https://github.com/advanced-security/codeql-development-mcp-server/pull/169">#169</a>) |
| `resolveDatabasePath` | Module-level Map cache to avoid redundant filesystem scans. (<a href="https://github.com/advanced-security/codeql-development-mcp-server/pull/169">#169</a>) |

#### VS Code Extension

- `McpProvider.requestRestart()` now atomically invalidates the environment cache and bumps a `+rN` revision suffix, ensuring VS Code reliably detects version changes and restarts the server. (<a href="https://github.com/advanced-security/codeql-development-mcp-server/pull/196">#196</a>)
- Extension version is cached once at construction time instead of reading `package.json` synchronously on every definition query. (<a href="https://github.com/advanced-security/codeql-development-mcp-server/pull/196">#196</a>)

#### Infrastructure &amp; CI/CD

- Extracted `database-resolver.ts`, `query-resolver.ts`, `result-processor.ts`, and `codeql-version.ts` from monolithic files, reducing `cli-tool-registry.ts` by ~375 lines. (<a href="https://github.com/advanced-security/codeql-development-mcp-server/pull/169">#169</a>)
- CodeQL CLI actual-vs-target version mismatch detection at startup with logged warnings. (<a href="https://github.com/advanced-security/codeql-development-mcp-server/pull/169">#169</a>)

### Fixed

- **VS Code workspace folder changes left server in broken state**`fireDidChange()` was called with an identical version string after folder add/remove, causing VS Code to stop but not restart the server. `requestRestart()` now invalidates the environment cache and uses a monotonically increasing `+rN` revision suffix. (<a href="https://github.com/advanced-security/codeql-development-mcp-server/pull/196">#196</a>)
- **`requestRestart()` did not invalidate environment cache** — Callers had to manually invalidate the env cache before calling `requestRestart()`, which was undocumented. Now handled internally. (<a href="https://github.com/advanced-security/codeql-development-mcp-server/pull/196">#196</a>)

### Dependencies

- Replaced `lowdb` with `sql.js` (asm.js build, zero native dependencies). (<a href="https://github.com/advanced-security/codeql-development-mcp-server/pull/169">#169</a>)
- Added `codeql/rust-all: 0.2.10` as a CodeQL pack dependency for Rust tool queries. (<a href="https://github.com/advanced-security/codeql-development-mcp-server/pull/195">#195</a>)

### New Contributors

- <a href="https://github.com/apps/copilot-swe-agent">@Copilot</a> made their first contribution in <a href="https://github.com/advanced-security/codeql-development-mcp-server/pull/195">#195</a>

**Full Changelog**: <a href="https://github.com/advanced-security/codeql-development-mcp-server/compare/v2.25.1...v2.25.1-next.1">`v2.25.1...v2.25.1-next.1`</a>

@data-douser data-douser self-assigned this Mar 30, 2026
@data-douser data-douser requested review from a team and enyil as code owners March 30, 2026 20:33
@data-douser data-douser added the documentation Improvements or additions to documentation label Mar 30, 2026
Copilot AI review requested due to automatic review settings March 30, 2026 20:33
@data-douser data-douser added the enhancement New feature or request label Mar 30, 2026
github-license-compliance[bot]
github-license-compliance bot found potential problems Mar 30, 2026
View reviewed changes
Comment thread package-lock.json Fixed
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Mar 30, 2026
edited
Loading

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 3 package(s) with unknown licenses.
See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 700a39c.
Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

package-lock.json

PackageVersionLicenseIssue Type
client2.25.1-next.1NullUnknown License
extensions/vscode2.25.1-next.1NullUnknown License
server2.25.1-next.1NullUnknown License

OpenSSF Scorecard

PackageVersionScoreDetails
npm/client 2.25.1-next.1 UnknownUnknown
npm/extensions/vscode 2.25.1-next.1 UnknownUnknown
npm/server 2.25.1-next.1 UnknownUnknown

Scanned Files

  • package-lock.json

Copilot AI reviewed Mar 30, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Prepares the repository for the 2.25.1-next.1 pre-release by updating version strings across the monorepo packages and CodeQL tool packs, and by drafting corresponding notes under [Unreleased] in CHANGELOG.md.

Changes:

  • Bump package and extension versions to 2.25.1-next.1 (root, server, client, VS Code extension, lockfile).
  • Bump all language tool-pack versions (server/ql/**/tools/{src,test}/codeql-pack.yml) to 2.25.1-next.1.
  • Add [Unreleased] changelog entries summarizing recent features/fixes intended for the upcoming pre-release.

Reviewed changes

Copilot reviewed 26 out of 29 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
server/src/codeql-development-mcp-server.ts Bumps the server’s runtime VERSION constant to 2.25.1-next.1.
server/ql/swift/tools/test/codeql-pack.yml Bumps Swift tool-pack test pack version to 2.25.1-next.1.
server/ql/swift/tools/src/codeql-pack.yml Bumps Swift tool-pack source pack version to 2.25.1-next.1.
server/ql/rust/tools/test/codeql-pack.yml Bumps Rust tool-pack test pack version to 2.25.1-next.1.
server/ql/rust/tools/src/codeql-pack.yml Bumps Rust tool-pack source pack version to 2.25.1-next.1.
server/ql/ruby/tools/test/codeql-pack.yml Bumps Ruby tool-pack test pack version to 2.25.1-next.1.
server/ql/ruby/tools/src/codeql-pack.yml Bumps Ruby tool-pack source pack version to 2.25.1-next.1.
server/ql/python/tools/test/codeql-pack.yml Bumps Python tool-pack test pack version to 2.25.1-next.1.
server/ql/python/tools/src/codeql-pack.yml Bumps Python tool-pack source pack version to 2.25.1-next.1.
server/ql/javascript/tools/test/codeql-pack.yml Bumps JavaScript tool-pack test pack version to 2.25.1-next.1.
server/ql/javascript/tools/src/codeql-pack.yml Bumps JavaScript tool-pack source pack version to 2.25.1-next.1.
server/ql/java/tools/test/codeql-pack.yml Bumps Java tool-pack test pack version to 2.25.1-next.1.
server/ql/java/tools/src/codeql-pack.yml Bumps Java tool-pack source pack version to 2.25.1-next.1.
server/ql/go/tools/test/codeql-pack.yml Bumps Go tool-pack test pack version to 2.25.1-next.1.
server/ql/go/tools/src/codeql-pack.yml Bumps Go tool-pack source pack version to 2.25.1-next.1.
server/ql/csharp/tools/test/codeql-pack.yml Bumps C# tool-pack test pack version to 2.25.1-next.1.
server/ql/csharp/tools/src/codeql-pack.yml Bumps C# tool-pack source pack version to 2.25.1-next.1.
server/ql/cpp/tools/test/codeql-pack.yml Bumps C/C++ tool-pack test pack version to 2.25.1-next.1.
server/ql/cpp/tools/src/codeql-pack.yml Bumps C/C++ tool-pack source pack version to 2.25.1-next.1.
server/ql/actions/tools/test/codeql-pack.yml Bumps Actions tool-pack test pack version to 2.25.1-next.1.
server/ql/actions/tools/src/codeql-pack.yml Bumps Actions tool-pack source pack version to 2.25.1-next.1.
server/package.json Bumps server workspace package version to 2.25.1-next.1.
server/dist/codeql-development-mcp-server.js Updates the bundled/dist server version constant to 2.25.1-next.1.
package.json Bumps root workspace version to 2.25.1-next.1.
package-lock.json Updates lockfile workspace versions to 2.25.1-next.1.
extensions/vscode/package.json Bumps VS Code extension version to 2.25.1-next.1.
client/package.json Bumps client workspace version to 2.25.1-next.1.
CHANGELOG.md Adds [Unreleased] notes describing the set of changes expected for the upcoming pre-release.
Comments suppressed due to low confidence (2)

CHANGELOG.md:39

  • The Unreleased “MCP Server Resources” table uses | Name | Description |, but elsewhere in the changelog resources are consistently listed as | URI | Description | (e.g., CHANGELOG.md:191-199). Since the entry value is a URI (codeql://languages/rust/ast), renaming the header to URI would better match established convention.
| Name                          | Description                                                                                                                                                                       |
| ----------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `codeql://languages/rust/ast` | Rust AST reference resource with verified accessor predicates for CodeQL query development. ([#195](https://github.com/advanced-security/codeql-development-mcp-server/pull/195)) |

CHANGELOG.md:45

  • The Unreleased “CodeQL Query Packs” table uses | Name | Description |, but other pack tables in this changelog use Pack as the first column header (e.g., CHANGELOG.md:139-141). Consider changing the header from Name to Pack for consistency.
| Name            | Description                                                                                                                                                                                 |
| --------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Rust tools pack | Added `PrintAST`, `PrintCFG`, `CallGraphFrom`, `CallGraphTo`, and `CallGraphFromTo` support for Rust. ([#195](https://github.com/advanced-security/codeql-development-mcp-server/pull/195)) |

Comment thread CHANGELOG.md Outdated
@data-douser data-douser merged commit 86fe331 into main Mar 30, 2026
29 checks passed
@data-douser data-douser deleted the dd/changelog/v2.25.1-next.1 branch March 30, 2026 22:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@enyil enyil Awaiting requested review from enyil enyil is a code owner

+2 more reviewers

Copilot code review Copilot Copilot left review comments

@github-license-compliance github-license-compliance[bot] github-license-compliance[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@data-douser data-douser

Labels

documentation Improvements or additions to documentation enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@data-douser