advanced-security · data-douser · Feb 8, 2026 · Feb 8, 2026 · Feb 8, 2026 · Feb 8, 2026
@@ -1,5 +1,5 @@
 {
-  "image": "mcr.microsoft.com/devcontainers/typescript-node:22",
+  "image": "mcr.microsoft.com/devcontainers/typescript-node:24",
   "customizations": {
     "vscode": {
       "extensions": [

@@ -19,7 +19,7 @@ body:
 
         1. **Repository Context**: Begin by reading these critical reference files:
            - **Repository Structure**: `README.md` - Overview of MCP server architecture and capabilities
-           - **Server Implementation**: `server/src/ql-mcp-server.ts` - Main server implementation
+           - **Server Implementation**: `server/src/codeql-development-mcp-server.ts` - Main server implementation
            - **Existing Tools**: `server/src/tools/codeql-tools.ts` - Current tool implementations
            - **Existing Resources**: `server/src/tools/codeql-resources.ts` - Current resource implementations
 

@@ -19,7 +19,7 @@ body:
 
         1. **Repository Context**: Begin by reading these critical reference files:
            - **Repository Structure**: `README.md` - Overview of MCP server architecture
-           - **Server Implementation**: `server/src/ql-mcp-server.ts` - Main server implementation
+           - **Server Implementation**: `server/src/codeql-development-mcp-server.ts` - Main server implementation
            - **Current Tools**: `server/src/tools/codeql-tools.ts` - Tool implementations to update
            - **Current Resources**: `server/src/tools/codeql-resources.ts` - Resource implementations to update
 

@@ -1,8 +1,8 @@
 ---
 name: mcp-enabled-ql-query-developer
 description: An agent enabled with QL MCP Server tools for developing CodeQL queries using test-driven development (TDD).
-model: Claude Opus 4.5 (copilot)
-tools: ['agent', 'codeql-dev-mcp-server/*', 'edit', 'read', 'search', 'todo', 'web', 'vscode']
+model: Claude Opus 4.6 (1M context) (copilot)
+tools: ['agent', 'ql-mcp/*', 'edit', 'read', 'search', 'todo', 'web', 'vscode']
 handoffs:
   - agent: ql-mcp-tool-developer
     label: Fix MCP Tool Issue
@@ -18,7 +18,7 @@ handoffs:
 
 My `mcp-enabled-ql-query-developer` agent:
 
-- Uses the QL MCP Server tools (`codeql-dev-mcp-server/*`) to develop, test, and validate CodeQL queries, libraries, and tests.
+- Uses the QL MCP Server tools (`ql-mcp/*`) to develop, test, and validate CodeQL queries, libraries, and tests.
 - Follows test-driven development (TDD) practices: write tests first, then implement queries to pass those tests.
 - Leverages the `codeql` CLI for all CodeQL operations.
 - ALWAYS uses verbose help (`codeql <subcommand> -h -vv`) when learning about `codeql` CLI commands.

@@ -1,7 +1,7 @@
 ---
 name: mcp-enabled-ql-workshop-developer
 description: An agent that creates CodeQL query development workshops from production queries using the QL MCP Server tools. Use this agent to generate guided learning materials that teach developers how to build CodeQL queries incrementally.
-model: Claude Opus 4.5 (copilot)
+model: Claude Opus 4.6 (1M context) (copilot)
 handoffs:
   - agent: ql-mcp-tool-tester
     label: Validate Solution Stage
@@ -35,7 +35,7 @@ My `mcp-enabled-ql-workshop-developer` agent:
 
 ## Core Capabilities
 
-- Uses the QL MCP Server tools (`codeql-dev-mcp-server/*`) to create comprehensive CodeQL query development workshops.
+- Uses the QL MCP Server tools (`ql-mcp/*`) to create comprehensive CodeQL query development workshops.
 - Follows the [`create-codeql-query-development-workshop`](../skills/create-codeql-query-development-workshop/SKILL.md) skill to generate workshops from production-grade queries.
 - Validates AST/CFG tools queries using the [`validate-ql-mcp-server-tools-queries`](../skills/validate-ql-mcp-server-tools-queries/SKILL.md) skill to ensure non-empty output.
 - Leverages the `codeql` CLI for all CodeQL operations.

@@ -2,7 +2,7 @@
 name: ql-agent-skills-developer
 description: Develops and improves Agent Skills for the CodeQL Development MCP Server.
 argument-hint: 'Provide the name(s) of the Agent Skill(s) to be created or improved under the .github/skills/ directory, along with specific requirements where available.'
-model: Claude Opus 4.5 (copilot)
+model: Claude Opus 4.6 (1M context) (copilot)
 handoffs:
   - label: Validate a newly created workshop
     agent: ql-mcp-tool-tester

@@ -2,7 +2,7 @@
 name: ql-mcp-tool-developer
 description: An agent for developing new tools and/or improving existing tools for the QL MCP Server.
 argument-hint: 'Provide the name(s) of the CodeQL Development MCP Server tool(s) to be created or improved, along with specific requirements where available.'
-model: Claude Opus 4.5 (copilot)
+model: Claude Opus 4.6 (1M context) (copilot)
 handoffs:
   - label: Test the CodeQL MCP Server tools via workshop
     agent: ql-mcp-tool-tester
@@ -38,7 +38,7 @@ My `ql-mcp-tool-developer` agent:
   - Runs unit tests: `npm test --workspace=server`.
   - Runs integration tests: `client/scripts/run-integration-tests.sh`.
   - Manually validates tools using: `client/src/ql-mcp-client.js`.
-  - Verifies server startup/shutdown: `server/dist/ql-mcp-server.js`.
+  - Verifies server startup/shutdown: `server/dist/codeql-development-mcp-server.js`.
 - Maintains server documentation:
   - Keeps `server/QL-MCP-SERVER.md` synchronized with tool changes.
   - Updates the mermaid architecture diagram for structural changes.

@@ -2,7 +2,7 @@
 name: ql-mcp-tool-tester
 description: An agent for testing and validating tools for the latest QL Development MCP Server.
 argument-hint: 'Provide the name(s) of the CodeQL Development MCP Server tool(s) to be tested and validated, along with specific testing requirements, where available.'
-model: Claude Opus 4.5 (copilot)
+model: Claude Opus 4.6 (1M context) (copilot)
 ---
 
 # `ql-mcp-tool-tester` Agent

@@ -2,8 +2,7 @@
 name: ql-mcp-server-fix-build-and-test
 description: A prompt for fixing build issues for the QL MCP Server and ensuring extensive testing of the server functionality.
 agent: ql-mcp-tool-developer
-model: Claude Opus 4.5 (copilot)
-tools: [agent, edit, execute, memory, read, search, todo, 'codeql-dev-mcp-server/*']
+model: Claude Opus 4.6 (copilot)
 ---
 
 # `ql-mcp-server-fix-build-and-test` Prompt

@@ -37,24 +37,27 @@ This skill includes automation scripts to accelerate implementation:
 
 ## Quick Reference: Files to Modify
 
-| Category          | File Path                                                      | Change                                  |
-| ----------------- | -------------------------------------------------------------- | --------------------------------------- |
-| **TypeScript**    | `server/src/prompts/workflow-prompts.ts`                       | Add to `SUPPORTED_LANGUAGES`            |
-|                   | `server/src/lib/query-file-finder.ts`                          | Add to `LANGUAGE_EXTENSIONS`            |
-|                   | `server/src/lib/cli-tool-registry.ts`                          | Update error message strings            |
-| **Query Packs**   | `server/ql/{language}/tools/src/`                              | Create 4 tool queries                   |
-|                   | `server/ql/{language}/tools/test/`                             | Create test cases                       |
-| **Scripts**       | `server/scripts/install-packs.sh`                              | Add to `VALID_LANGUAGES` + install call |
-|                   | `server/scripts/extract-test-databases.sh`                     | Add to `VALID_LANGUAGES`                |
-|                   | `server/scripts/run-query-unit-tests.sh`                       | Add to `VALID_LANGUAGES`                |
-| **Documentation** | `server/ql/README.md`                                          | Add language to list                    |
-|                   | `server/src/prompts/tools-query-workflow.prompt.md`            | Add to supported languages              |
-|                   | `server/src/prompts/explain-codeql-query.prompt.md`            | Add to language list                    |
-|                   | `server/src/prompts/document-codeql-query.prompt.md`           | Add to language list                    |
-| **Skills**        | `.github/skills/create-codeql-query-tdd-generic/SKILL.md`      | Add to supported languages              |
-|                   | `.github/skills/validate-ql-mcp-server-tools-queries/SKILL.md` | Add to language table                   |
-| **CI/CD**         | `.github/workflows/query-unit-tests.yml`                       | Add to matrix (standard)                |
-|                   | `.github/workflows/query-unit-tests-{lang}.yml`                | Create if special OS needed             |
+| Category          | File Path                                                      | Change                                          |
+| ----------------- | -------------------------------------------------------------- | ----------------------------------------------- |
+| **TypeScript**    | `server/src/prompts/workflow-prompts.ts`                       | Add to `SUPPORTED_LANGUAGES`                    |
+|                   | `server/src/lib/query-file-finder.ts`                          | Add to `LANGUAGE_EXTENSIONS`                    |
+|                   | `server/src/lib/cli-tool-registry.ts`                          | Update error message strings                    |
+| **Query Packs**   | `server/ql/{language}/tools/src/`                              | Create 4 tool queries                           |
+|                   | `server/ql/{language}/tools/test/`                             | Create test cases                               |
+| **npm Package**   | `server/package.json`                                          | Add `ql/{language}/tools/src/` to `files` array |
+| **Scripts**       | `server/scripts/install-packs.sh`                              | Add to `VALID_LANGUAGES` + install call         |
+|                   | `server/scripts/extract-test-databases.sh`                     | Add to `VALID_LANGUAGES`                        |
+|                   | `server/scripts/run-query-unit-tests.sh`                       | Add to `VALID_LANGUAGES`                        |
+| **Documentation** | `server/ql/README.md`                                          | Add language to list                            |
+|                   | `server/src/prompts/tools-query-workflow.prompt.md`            | Add to supported languages                      |
+|                   | `server/src/prompts/explain-codeql-query.prompt.md`            | Add to language list                            |
+|                   | `server/src/prompts/document-codeql-query.prompt.md`           | Add to language list                            |
+|                   | `docs/public.md`                                               | Add to Supported Languages table                |
+| **Skills**        | `.github/skills/create-codeql-query-tdd-generic/SKILL.md`      | Add to supported languages                      |
+|                   | `.github/skills/validate-ql-mcp-server-tools-queries/SKILL.md` | Add to language table                           |
+| **CI/CD**         | `.github/workflows/query-unit-tests.yml`                       | Add to matrix (standard)                        |
+|                   | `.github/workflows/query-unit-tests-{lang}.yml`                | Create if special OS needed                     |
+|                   | `.github/workflows/release.yml`                                | Add to `LANGUAGES` list in pack publish step    |
 
 ## Phase 1: Create Query Pack Structure
 
@@ -97,7 +100,7 @@ server/ql/{language}/tools/
 Create `server/ql/{language}/tools/src/codeql-pack.yml`:
 
 ```yaml
-name: ql-mcp-{language}-tools-src
+name: advanced-security/ql-mcp-{language}-tools-src
 version: 0.0.1
 library: false
 dependencies:
@@ -109,11 +112,11 @@ dependencies:
 Create `server/ql/{language}/tools/test/codeql-pack.yml`:
 
 ```yaml
-name: ql-mcp-{language}-tools-test
+name: advanced-security/ql-mcp-{language}-tools-test
 version: 0.0.1
 dependencies:
   codeql/{language}-queries: '*'
-  ql-mcp-{language}-tools-src: '*'
+  advanced-security/ql-mcp-{language}-tools-src: ${workspace}
 extractor: { language }
 ```
 
@@ -545,12 +548,16 @@ Before submitting the PR:
 - [ ] Pack lock files generated (`codeql-pack.lock.yml`)
 - [ ] TypeScript source updated and builds successfully
 - [ ] All scripts updated with new language
+- [ ] `server/package.json` `files` array includes `ql/{language}/tools/src/`
+- [ ] `.github/workflows/release.yml` `LANGUAGES` list includes new language
+- [ ] `docs/public.md` Supported Languages table updated
 - [ ] Documentation updated (4+ files)
 - [ ] Skills updated (2+ files)
 - [ ] CI workflow configured (matrix or dedicated)
-- [ ] Server bundle rebuilt (`server/dist/ql-mcp-server.js`)
+- [ ] Server bundle rebuilt (`server/dist/codeql-development-mcp-server.js`)
 - [ ] All existing tests still pass
 - [ ] New language tests pass
+- [ ] `npm pack --dry-run` (from `server/`) includes the new language's `.ql`, `.md`, and `codeql-pack.yml` files
 
 ## Success Criteria
 

@@ -129,15 +129,15 @@ Then re-verify the `cliVersion` is compatible.
 
 All `codeql-pack.yml` files under `server/ql/*/tools/`:
 
-| Pack Type | Location                                      | Fields to Update                     |
-| --------- | --------------------------------------------- | ------------------------------------ |
-| Source    | `server/ql/{lang}/tools/src/codeql-pack.yml`  | `version`, `codeql/{lang}-all`       |
-| Test      | `server/ql/{lang}/tools/test/codeql-pack.yml` | `version`, `ql-mcp-{lang}-tools-src` |
+| Pack Type | Location                                      | Fields to Update                                       |
+| --------- | --------------------------------------------- | ------------------------------------------------------ |
+| Source    | `server/ql/{lang}/tools/src/codeql-pack.yml`  | `version`, `codeql/{lang}-all`                         |
+| Test      | `server/ql/{lang}/tools/test/codeql-pack.yml` | `version`, `advanced-security/ql-mcp-{lang}-tools-src` |
 
 #### 3.2 Source Pack Template
 
 ```yaml
-name: ql-mcp-{language}-tools-src
+name: advanced-security/ql-mcp-{language}-tools-src
 version: X.XX.Y # CLI version without 'v' prefix
 library: false
 dependencies:
@@ -147,10 +147,10 @@ dependencies:
 #### 3.3 Test Pack Template
 
 ```yaml
-name: ql-mcp-{language}-tools-test
+name: advanced-security/ql-mcp-{language}-tools-test
 version: X.XX.Y # CLI version without 'v' prefix
 dependencies:
-  ql-mcp-{language}-tools-src: X.XX.Y # Same as version field
+  advanced-security/ql-mcp-{language}-tools-src: ${workspace}
 extractor: { language }
 ```
 
@@ -194,17 +194,17 @@ Some library version upgrades cause non-deterministic output ordering changes. I
 
 ## Quick Reference: Languages and Pack Names
 
-| Language   | Source Pack                 | Library Dependency    |
-| ---------- | --------------------------- | --------------------- |
-| actions    | ql-mcp-actions-tools-src    | codeql/actions-all    |
-| cpp        | ql-mcp-cpp-tools-src        | codeql/cpp-all        |
-| csharp     | ql-mcp-csharp-tools-src     | codeql/csharp-all     |
-| go         | ql-mcp-go-tools-src         | codeql/go-all         |
-| java       | ql-mcp-java-tools-src       | codeql/java-all       |
-| javascript | ql-mcp-javascript-tools-src | codeql/javascript-all |
-| python     | ql-mcp-python-tools-src     | codeql/python-all     |
-| ruby       | ql-mcp-ruby-tools-src       | codeql/ruby-all       |
-| swift      | ql-mcp-swift-tools-src      | codeql/swift-all      |
+| Language   | Source Pack                                   | Library Dependency    |
+| ---------- | --------------------------------------------- | --------------------- |
+| actions    | advanced-security/ql-mcp-actions-tools-src    | codeql/actions-all    |
+| cpp        | advanced-security/ql-mcp-cpp-tools-src        | codeql/cpp-all        |
+| csharp     | advanced-security/ql-mcp-csharp-tools-src     | codeql/csharp-all     |
+| go         | advanced-security/ql-mcp-go-tools-src         | codeql/go-all         |
+| java       | advanced-security/ql-mcp-java-tools-src       | codeql/java-all       |
+| javascript | advanced-security/ql-mcp-javascript-tools-src | codeql/javascript-all |
+| python     | advanced-security/ql-mcp-python-tools-src     | codeql/python-all     |
+| ruby       | advanced-security/ql-mcp-ruby-tools-src       | codeql/ruby-all       |
+| swift      | advanced-security/ql-mcp-swift-tools-src      | codeql/swift-all      |
 
 ## Lessons Learned
 
@@ -232,6 +232,45 @@ dependencies:
 
 Library upgrades can cause non-deterministic ordering changes in query output. These are cosmetic differences - update `.expected` files when the logic is unchanged but output order differs.
 
+### npm Package `files` Field Limitations
+
+npm's `files` field does **not** support intermediate wildcard patterns like `ql/*/tools/src/`. Each language directory must be listed explicitly:
+
+```json
+"files": [
+  "dist/",
+  "ql/actions/tools/src/",
+  "ql/cpp/tools/src/",
+  "ql/csharp/tools/src/",
+  ...
+]
+```
+
+When adding a new language, add its `ql/{language}/tools/src/` entry to `server/package.json` `files`.
+
+### Exclude `.qlx` Files from npm
+
+`server/.npmignore` must contain `*.qlx` to prevent compiled CodeQL query bytecode (which is OS/architecture-specific) from being included in the npm package.
+
+### Server Logger Writes to stderr Only
+
+All `logger.info/warn/error/debug` methods write to `stderr` via `console.error`. This is **required** because in stdio transport mode, stdout is reserved exclusively for the MCP JSON-RPC protocol. Any non-protocol bytes on stdout corrupt the message stream.
+
+### CODEQL_PATH Environment Variable
+
+The server resolves the CodeQL CLI binary at startup via `resolveCodeQLBinary()` in `cli-executor.ts`. The `CODEQL_PATH` env var takes an **absolute path** to the `codeql` binary, bypassing PATH lookup. This is critical for users who have multiple CodeQL CLI versions installed.
+
+### Publishing: `codeql pack publish`
+
+- Use `--threads=-1` (leave 1 core unused) for parallel compilation
+- `GITHUB_TOKEN` env var is recognized automatically — no need for `--github-auth-stdin`
+- Precompilation is enabled by default (only `--no-precompile` opt-out exists)
+- The `codeql pack install` subcommand does **not** have a `--threads` flag
+
+### LICENSE File Name
+
+The actual license file is `LICENSE` (no `.md` extension). Workflow steps and documentation must reference `LICENSE`, not `LICENSE.md`.
+
 ## Helper Script
 
 See [verify-pack-compatibility.sh](verify-pack-compatibility.sh) for automated compatibility checking.