Fix path resolution and storage locations for npm-installed package scenarios#26
Closed
Fix path resolution and storage locations for npm-installed package scenarios#26
Conversation
This commit makes the following changes as part of the overall effort to prepare this 'advanced-security/codeql-development-mcp-server' to be fully ready for initial public release: - Rename entry point to codeql-development-mcp-server.ts - Scope all codeql-pack.yml with advanced-security/ prefix - Add npm publishConfig for GitHub Packages - Add CODEQL_PATH env var with PATH-prepend strategy - New package-paths.ts module for npm-install-safe path resolution - Logger writes all output to stderr (stdout reserved for MCP protocol) - Fix process.cwd() usages in language-resources, language-server-eval, temp-dir, and session-data-manager - Fix relative cwd/test paths resolved against workspaceRootDir - Language server spawn() honors CODEQL_PATH via PATH prepend - Use path.delimiter for Windows portability - Relax engines to node >=22.0.0 - Fix VERSION constant from 1.0.0 to 2.23.9 - Update server/README.md env vars and file listing - Updates unit tests to cover source code changes - Adds 'docs/public.md' documentation of intended public features
- Fix codeql-path-tests CI job that timed out (~17min) on all three OSes
due to bash pipe PID tracking bug (`$!` captured subshell PID, not
server PID). Replace inline workflow steps with portable bash scripts
using background watchdog + `wait` pattern (no GNU `timeout`).
- Add startup-time validation (`validateCodeQLBinaryReachable`) that runs
`codeql version --format=terse` before tool registration. Server now
fails fast with actionable error when codeql is not on PATH and
CODEQL_PATH is not set.
- Add Test 3: verify server fails at startup when codeql is missing from
both PATH and CODEQL_PATH.
- Address 5 Copilot PR review comments:
- Implement caching in `resolveCodeQLBinary()` (short-circuit on repeat calls)
- Fix JSDoc in temp-dir.ts (`<repoRoot>` -> `<packageRoot>`)
- Gate Windows backslash test to `process.platform === 'win32'`
- Use `path.isAbsolute()` for cross-platform database path check
- Guard `additionalPacksPath` with `existsSync()` for npm-installed layouts
Scripts: server/scripts/test-codeql-path-{invalid,missing,valid}.sh
Tests: 375 passed (4 new)
This commit: - addresses the latest PR review comments for #24 - enforces consistent repo use of node v24.13.0 / node24
… test names, and user workspace resolution Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com>
…sion caching Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com>
Copilot
AI
changed the title
[WIP] Prepare agent configurations for public release readiness
Fix path resolution and storage locations for npm-installed package scenarios
Feb 8, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Addresses review comments from PR #24 regarding permission and path resolution issues when the server is npm-installed globally or in read-only locations.
Storage Location Fixes
<packageRoot>/.ql-mcp-trackingto<tmpBase>/.ql-mcp-trackingto avoid writing into npm install directoriesCODEQL_MCP_TMP_DIRenvironment variable for read-only package root scenariosUser Path Resolution
Changed relative path resolution for user-specified paths (test directories, databases, pack directories) from package root to
process.cwd():Affects:
codeql_test_*,codeql_query_run(database paths),codeql_pack_*(pack directories)Version Handling
Replaced hardcoded
version: '2.23.9'in language server with dynamic read from package.json, cached at module load.Test Fixes
it.skipIf(process.platform === 'win32')for sh-dependent testAll changes maintain backward compatibility via environment variable overrides.
✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.