feat(resources): improve CodeQL MaD extensions support#266
Draft
data-douser wants to merge 17 commits intomainfrom
Draft
feat(resources): improve CodeQL MaD extensions support#266data-douser wants to merge 17 commits intomainfrom
data-douser wants to merge 17 commits intomainfrom
Conversation
Implements changes required for resolution of issue #261 and first-class support for CodeQL Models-as-Data (MaD) extensions as part of agentic CodeQL development. Add per-language library-modeling resources, a common data-extensions overview, and a procedural MCP prompt for data extension development workflows. Resources: - Add library-modeling for cpp, csharp, java, javascript, python, ruby (from template PR #42) - Add data-extensions-overview.md covering MaD tuple and API Graph formats (codeql://learning/data-extensions) - Update Go library-modeling with barrierModel and barrierGuardModel (CodeQL 2.25.2+) - Register 6 new language resources in language-types.ts Prompt: - Add data_extension_development MCP prompt with 8-step procedural workflow (from template PR #48) Docs: - Update server-overview.md, server-prompts.md, server-queries.md with new URIs and references
Contributor
Dependency Review✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.OpenSSF Scorecard
Scanned Files
|
Contributor
There was a problem hiding this comment.
Pull request overview
Adds first-class Models-as-Data (MaD) / data extensions documentation and workflow support to the CodeQL Development MCP Server, enabling agentic development of library models via new learning resources, per-language guides, and a dedicated MCP prompt.
Changes:
- Added a new
codeql://learning/data-extensionsresource plus per-languagelibrary-modelingresources for multiple languages. - Introduced a new
data_extension_developmentworkflow prompt (template + registration + schema) for end-to-end MaD authoring/testing. - Updated server documentation and tests to account for newly registered resources/prompts and expanded Go library-modeling docs with
barrierModel/barrierGuardModel.
Show a summary per file
| File | Description |
|---|---|
| server/test/src/resources/language-resources.test.ts | Updates expectations for additional language resources registration. |
| server/test/src/prompts/workflow-prompts.test.ts | Updates prompt-name count expectation for the new workflow prompt. |
| server/src/types/language-types.ts | Registers new per-language library-modeling markdown resources via additionalResources. |
| server/src/tools/codeql-resources.ts | Registers new learning resource codeql://learning/data-extensions. |
| server/src/resources/server-queries.md | Table formatting adjustments in bundled queries documentation. |
| server/src/resources/server-prompts.md | Documents the newly added data_extension_development prompt. |
| server/src/resources/server-overview.md | Adds references to the new data extensions resource and library-modeling resources; updates prompt count/category list. |
| server/src/resources/languages/cpp_library_modeling.md | Adds C/C++ library-modeling (MaD) guidance resource. |
| server/src/resources/languages/csharp_library_modeling.md | Adds C# library-modeling (MaD) guidance resource. |
| server/src/resources/languages/java_library_modeling.md | Adds Java/Kotlin library-modeling (MaD) guidance resource. |
| server/src/resources/languages/javascript_library_modeling.md | Adds JavaScript/TypeScript library-modeling (API graph format) guidance resource. |
| server/src/resources/languages/python_library_modeling.md | Adds Python library-modeling (API graph format) guidance resource. |
| server/src/resources/languages/ruby_library_modeling.md | Adds Ruby library-modeling (API graph format) guidance resource. |
| server/src/resources/languages/go_library_modeling.md | Extends Go library-modeling docs with barrierModel / barrierGuardModel (2.25.2+). |
| server/src/resources/data-extensions-overview.md | Adds shared overview doc covering MaD formats, predicates, packs, and workflow. |
| server/src/prompts/workflow-prompts.ts | Registers data_extension_development prompt, schema, and handler. |
| server/src/prompts/data-extension-development.prompt.md | Adds the procedural workflow prompt template for data extension development. |
| server/src/lib/resources.ts | Adds getDataExtensionsOverview() for serving the new learning resource. |
| server/dist/codeql-development-mcp-server.js | Updates the built server bundle to include new resources/prompt wiring. |
Copilot's findings
- Files reviewed: 18/20 changed files
- Comments generated: 5
…eview feedback Agent-Logs-Url: https://github.com/advanced-security/codeql-development-mcp-server/sessions/4266e55f-3c7d-4ab3-9bd9-338cdb43bbee Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com>
Contributor
|
Just as a heads up, I was blocked by some firewall rules while working on your feedback. Expand below for details. Warning Firewall rules blocked me from connecting to one or more addresses (expand for details)I tried to connect to the following addresses, but was blocked by firewall rules:
If you need me to access, download, or install something from one of these locations, you can either:
|
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5.6.0 to 6.4.0. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@40f1582...4a36011) --- updated-dependencies: - dependency-name: actions/setup-go dependency-version: 6.4.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Nathan Randall <70299490+data-douser@users.noreply.github.com>
* Initial plan * Fix invalid JSON Schema for query_results_cache_retrieve (use z.object for lineRange/resultIndices) Agent-Logs-Url: https://github.com/advanced-security/codeql-development-mcp-server/sessions/950558d1-9e5d-4eec-bdd3-0668c904dd1f Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com> * Add server tool-schema-validation.test.ts Adds tests to generically avoid regressions due to invalid schema for any MCP tool. * Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> Signed-off-by: Nathan Randall <70299490+data-douser@users.noreply.github.com> * Address PR review feedback --------- Signed-off-by: Nathan Randall <70299490+data-douser@users.noreply.github.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com> Co-authored-by: Nathan Randall <data-douser@github.com> Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 6.3.0 to 6.4.0. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](actions/setup-node@53b8394...48b55a0) --- updated-dependencies: - dependency-name: actions/setup-node dependency-version: 6.4.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…elopment-mcp-server into dd/mad-ql/1
Implements changes required for resolution of issue #261 and first-class support for CodeQL Models-as-Data (MaD) extensions as part of agentic CodeQL development. Add per-language library-modeling resources, a common data-extensions overview, and a procedural MCP prompt for data extension development workflows. Resources: - Add library-modeling for cpp, csharp, java, javascript, python, ruby (from template PR #42) - Add data-extensions-overview.md covering MaD tuple and API Graph formats (codeql://learning/data-extensions) - Update Go library-modeling with barrierModel and barrierGuardModel (CodeQL 2.25.2+) - Register 6 new language resources in language-types.ts Prompt: - Add data_extension_development MCP prompt with 8-step procedural workflow (from template PR #48) Docs: - Update server-overview.md, server-prompts.md, server-queries.md with new URIs and references
…eview feedback Agent-Logs-Url: https://github.com/advanced-security/codeql-development-mcp-server/sessions/4266e55f-3c7d-4ab3-9bd9-338cdb43bbee Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com>
Comment on lines
+20
to
+21
| - **MaD tuple format** (9–10 column tuples): C/C++ (`codeql/cpp-all`), C# (`codeql/csharp-all`), Go (`codeql/go-all`), Java/Kotlin (`codeql/java-all`) | ||
| - **API Graph format** (3–5 column tuples): JavaScript/TypeScript (`codeql/javascript-all`), Python (`codeql/python-all`), Ruby (`codeql/ruby-all`) |
There was a problem hiding this comment.
The model-format quick reference omits Swift (which this PR registers under codeql://languages/swift/library-modeling) and doesn’t mention Rust’s distinct crate-path format. This can mislead users into picking the wrong YAML tuple shape; update the bullets to include Swift in the MaD tuple list and call out Rust as its own format (or explicitly defer to the per-language library-modeling resource).
Suggested change
| - **MaD tuple format** (9–10 column tuples): C/C++ (`codeql/cpp-all`), C# (`codeql/csharp-all`), Go (`codeql/go-all`), Java/Kotlin (`codeql/java-all`) | |
| - **API Graph format** (3–5 column tuples): JavaScript/TypeScript (`codeql/javascript-all`), Python (`codeql/python-all`), Ruby (`codeql/ruby-all`) | |
| - **MaD tuple format** (9–10 column tuples): C/C++ (`codeql/cpp-all`), C# (`codeql/csharp-all`), Go (`codeql/go-all`), Java/Kotlin (`codeql/java-all`), Swift (`codeql/swift-all`) | |
| - **API Graph format** (3–5 column tuples): JavaScript/TypeScript (`codeql/javascript-all`), Python (`codeql/python-all`), Ruby (`codeql/ruby-all`) | |
| - **Rust format**: Rust (`codeql/rust-all`) uses its own crate-path-based model format; follow `codeql://languages/rust/library-modeling` |
Comment on lines
+97
to
+101
| // Access registered tools via internal SDK handle — same code path as | ||
| // the live `tools/list` JSON-RPC handler. | ||
| const registered = (server as any)._registeredTools as | ||
| Record<string, { inputSchema?: unknown }>; | ||
|
|
There was a problem hiding this comment.
This test reaches into (server as any)._registeredTools, which is an SDK-internal/private field. That makes the test brittle to MCP SDK upgrades (a rename/encapsulation would break tests without any server-side behavior change). Prefer asserting via a public surface (e.g., the tools/list response path, similar to the VS Code integration test) or factoring the schema generation into a server-owned helper that can be unit-tested without private-field access.
Comment on lines
+154
to
+182
| describe('JSON Schema serialization (issue: GitHub Copilot Chat strict validation)', () => { | ||
| beforeEach(() => { | ||
| vi.spyOn(sessionDataManager, 'getConfig').mockReturnValue({ | ||
| storageLocation: testStorageDir, | ||
| autoTrackSessions: true, | ||
| retentionDays: 90, | ||
| includeCallParameters: true, | ||
| includeCallResults: true, | ||
| maxActiveSessionsPerQuery: 3, | ||
| scoringFrequency: 'per_call', | ||
| archiveCompletedSessions: true, | ||
| enableAnnotationTools: true, | ||
| enableRecommendations: true, | ||
| enableMonitoringTools: false, | ||
| }); | ||
| }); | ||
|
|
||
| /** | ||
| * Regression test for the bug where `lineRange` and `resultIndices` | ||
| * (defined via `z.tuple([...])`) serialized to a bare array as the | ||
| * JSON Schema value (e.g. `[{"type":"integer"}, {"type":"integer"}]`), | ||
| * which the GitHub Copilot Chat backend rejects with HTTP 400: | ||
| * "[...] is not of type 'object', 'boolean'." | ||
| * | ||
| * Every property's JSON Schema MUST itself be an object (or boolean), | ||
| * never an array. | ||
| */ | ||
| it('produces a strict-JSON-Schema-valid input schema for every cache tool', async () => { | ||
| // Use the real McpServer + SDK tool registration path so we exercise |
There was a problem hiding this comment.
The JSON-schema serialization checks here largely overlap with the new server/test/src/tools/tool-schema-validation.test.ts (which validates schema serialization across all tools) and the VS Code extension e2e schema test. Consider consolidating to a single canonical place (e.g., keep the cross-tool test + a small cache-tool spot check) to avoid having to update the same expectations in 2–3 suites whenever the SDK’s JSON schema output changes.
- Register data-extension-development.prompt.md in prompt-loader - Add index signature to PromptResult for MCP SDK compat - Fix startServer HTTP branch to return Promise<McpServer> - Add hints field to QueryFilesResult interface - Narrow unknown types in mermaid graph evaluator - Update EXPECTED_PROMPT_FILES in prompt-loader tests - Add test for object-based mermaid graph tuples
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #261.
Summary of Changes
Implements changes required for resolution of issue #261 and first-class support for CodeQL Models-as-Data (MaD) extensions as part of agentic CodeQL development.
Add per-language library-modeling resources, a common data-extensions overview, and a procedural MCP prompt for data extension development workflows.
Resources:
data-extensions-overview.mdcovering MaD tuple and API Graph formats (codeql://learning/data-extensions)barrierModelandbarrierGuardModel(CodeQL 2.25.2+)language-types.tsPrompt:
Docs:
server-overview.md,server-prompts.md,server-queries.mdwith new URIs and referencesOutline of Changes
TODO