advanced-security · data-douser · Feb 24, 2026 · Feb 24, 2026 · Feb 24, 2026
diff --git a/.github/instructions/server_ql_languages_tools.instructions.md b/.github/instructions/server_ql_languages_tools.instructions.md
@@ -27,7 +27,7 @@ Each language directory follows a standardized structure that enables automatic
 - ALWAYS create `.qlref` files that reference the correct query path relative to the tools directory.
 - ALWAYS create `.expected` files with the expected output for each test case.
 - ALWAYS implement test code source files that test both the query's ability to ignore `COMPLIANT` code patterns AND to detect `NON_COMPLIANT` code patterns for detection-style queries (`@kind problem` / `@kind path-problem`).
-- ALWAYS comment test cases as either `COMPLIANT` (i.e. query should not match) or `NON-COMPLIANT` (i.e. query should match) for detection-style queries.
+- ALWAYS comment test cases as either `COMPLIANT` (i.e. query should not match) or `NON_COMPLIANT` (i.e. query should match) for detection-style queries.
 - ALWAYS omit `COMPLIANT` and `NON_COMPLIANT` annotations from `@kind graph` query documentation and test code, because these queries produce structural output (ASTs, CFGs, call graphs) rather than detecting problems.
 - ALWAYS use the `server/scripts/install-packs.sh` script to install dependencies for CodeQL packs defined under the `server/ql/*/language/tools/` directories.
 - ALWAYS use explicit version numbers in `codeql-pack.yml` files; never use wildcards (`*`).

diff --git a/server/ql/cpp/tools/src/CallGraphFrom/CallGraphFrom.md b/server/ql/cpp/tools/src/CallGraphFrom/CallGraphFrom.md
@@ -15,7 +15,6 @@ This query is primarily used for:
 - Mapping outbound dependencies of a specific function
 - Understanding what a function calls and in what order
 - Analyzing call chains for refactoring or security review
-- IDE integration for call hierarchy navigation
 
 ## Example
 
@@ -31,13 +30,13 @@ void sourceFunc() {  // Source function for analysis
 }
 ```
 
-Running with `sourceFunction = "sourceFunc"` produces results showing each call site with the message pattern `Call from 'sourceFunc' to 'helper1'`.
+Running with `sourceFunction = "sourceFunc"` produces results showing each call site with the message pattern ``Call from `sourceFunc` to `helper1``.
 
 ## Output Format
 
 The query is a `@kind problem` query producing rows of:
 
-- `select call, "Call from 'source' to 'callee'"`
+- ``select call, "Call from `source` to `callee`"``
 
 ## References
 

diff --git a/server/ql/cpp/tools/src/CallGraphTo/CallGraphTo.md b/server/ql/cpp/tools/src/CallGraphTo/CallGraphTo.md
@@ -15,7 +15,6 @@ This query is primarily used for:
 - Finding all callers of a specific function
 - Impact analysis before modifying a function signature
 - Understanding usage patterns and entry points
-- IDE integration for call hierarchy navigation
 
 ## Example
 
@@ -28,13 +27,13 @@ void caller1() { targetFunc(); }
 void caller2() { targetFunc(); }
 ```
 
-Running with `targetFunction = "targetFunc"` produces results showing each call site with the message pattern `Call to 'targetFunc' from 'caller1'`.
+Running with `targetFunction = "targetFunc"` produces results showing each call site with the message pattern ``Call to `targetFunc` from `caller1``.
 
 ## Output Format
 
 The query is a `@kind problem` query producing rows of:
 
-- `select call, "Call to 'target' from 'caller'"`
+- ``select call, "Call to `target` from `caller`"``
 
 ## References
 

diff --git a/server/ql/csharp/tools/src/CallGraphFrom/CallGraphFrom.md b/server/ql/csharp/tools/src/CallGraphFrom/CallGraphFrom.md
@@ -15,7 +15,6 @@ This query is primarily used for:
 - Mapping outbound dependencies of a specific method
 - Understanding what a method calls and in what order
 - Analyzing call chains for refactoring or security review
-- IDE integration for call hierarchy navigation
 
 ## Example
 
@@ -31,13 +30,13 @@ void SourceMethod() {  // Source method for analysis
 }
 ```
 
-Running with `sourceFunction = "SourceMethod"` produces results showing each call site with the message pattern `Call from 'SourceMethod' to 'Helper1'`.
+Running with `sourceFunction = "SourceMethod"` produces results showing each call site with the message pattern ``Call from `SourceMethod` to `Helper1``.
 
 ## Output Format
 
 The query is a `@kind problem` query producing rows of:
 
-- `select call, "Call from 'source' to 'callee'"`
+- ``select call, "Call from `source` to `callee`"``
 
 ## References
 

diff --git a/server/ql/csharp/tools/src/CallGraphTo/CallGraphTo.md b/server/ql/csharp/tools/src/CallGraphTo/CallGraphTo.md
@@ -15,7 +15,6 @@ This query is primarily used for:
 - Finding all callers of a specific method
 - Impact analysis before modifying a method signature
 - Understanding usage patterns and entry points
-- IDE integration for call hierarchy navigation
 
 ## Example
 
@@ -28,13 +27,13 @@ void Caller1() { TargetMethod(); }
 void Caller2() { TargetMethod(); }
 ```
 
-Running with `targetFunction = "TargetMethod"` produces results showing each call site with the message pattern `Call to 'TargetMethod' from 'Caller1'`.
+Running with `targetFunction = "TargetMethod"` produces results showing each call site with the message pattern ``Call to `TargetMethod` from `Caller1``.
 
 ## Output Format
 
 The query is a `@kind problem` query producing rows of:
 
-- `select call, "Call to 'target' from 'caller'"`
+- ``select call, "Call to `target` from `caller`"``
 
 ## References
 

diff --git a/server/ql/go/tools/src/CallGraphFrom/CallGraphFrom.md b/server/ql/go/tools/src/CallGraphFrom/CallGraphFrom.md
@@ -15,7 +15,6 @@ This query is primarily used for:
 - Mapping outbound dependencies of a specific function
 - Understanding what a function calls and in what order
 - Analyzing call chains for refactoring or security review
-- IDE integration for call hierarchy navigation
 
 ## Example
 
@@ -31,13 +30,13 @@ func sourceFunc() {  // Source function for analysis
 }
 ```
 
-Running with `sourceFunction = "sourceFunc"` produces results showing each call site with the message pattern `Call from 'sourceFunc' to 'helper1'`.
+Running with `sourceFunction = "sourceFunc"` produces results showing each call site with the message pattern ``Call from `sourceFunc` to `helper1``.
 
 ## Output Format
 
 The query is a `@kind problem` query producing rows of:
 
-- `select call, "Call from 'source' to 'callee'"`
+- ``select call, "Call from `source` to `callee`"``
 
 ## References
 

diff --git a/server/ql/go/tools/src/CallGraphTo/CallGraphTo.md b/server/ql/go/tools/src/CallGraphTo/CallGraphTo.md
@@ -15,7 +15,6 @@ This query is primarily used for:
 - Finding all callers of a specific function
 - Impact analysis before modifying a function signature
 - Understanding usage patterns and entry points
-- IDE integration for call hierarchy navigation
 
 ## Example
 
@@ -28,13 +27,13 @@ func caller1() { targetFunc() }
 func caller2() { targetFunc() }
 ```
 
-Running with `targetFunction = "targetFunc"` produces results showing each call site with the message pattern `Call to 'targetFunc' from 'caller1'`.
+Running with `targetFunction = "targetFunc"` produces results showing each call site with the message pattern ``Call to `targetFunc` from `caller1``.
 
 ## Output Format
 
 The query is a `@kind problem` query producing rows of:
 
-- `select call, "Call to 'target' from 'caller'"`
+- ``select call, "Call to `target` from `caller`"``
 
 ## References
 

diff --git a/server/ql/java/tools/src/CallGraphFrom/CallGraphFrom.md b/server/ql/java/tools/src/CallGraphFrom/CallGraphFrom.md
@@ -15,7 +15,6 @@ This query is primarily used for:
 - Mapping outbound dependencies of a specific method
 - Understanding what a method calls and in what order
 - Analyzing call chains for refactoring or security review
-- IDE integration for call hierarchy navigation
 
 ## Example
 
@@ -31,13 +30,13 @@ void sourceMethod() {  // Source method for analysis
 }
 ```
 
-Running with `sourceFunction = "sourceMethod"` produces results showing each call site with the message pattern `Call from 'sourceMethod' to 'helper1'`.
+Running with `sourceFunction = "sourceMethod"` produces results showing each call site with the message pattern ``Call from `sourceMethod` to `helper1``.
 
 ## Output Format
 
 The query is a `@kind problem` query producing rows of:
 
-- `select call, "Call from 'source' to 'callee'"`
+- ``select call, "Call from `source` to `callee`"``
 
 ## References
 

diff --git a/server/ql/java/tools/src/CallGraphTo/CallGraphTo.md b/server/ql/java/tools/src/CallGraphTo/CallGraphTo.md
@@ -15,7 +15,6 @@ This query is primarily used for:
 - Finding all callers of a specific method
 - Impact analysis before modifying a method signature
 - Understanding usage patterns and entry points
-- IDE integration for call hierarchy navigation
 
 ## Example
 
@@ -28,13 +27,13 @@ void caller1() { targetMethod(); }
 void caller2() { targetMethod(); }
 ```
 
-Running with `targetFunction = "targetMethod"` produces results showing each call site with the message pattern `Call to 'targetMethod' from 'caller1'`.
+Running with `targetFunction = "targetMethod"` produces results showing each call site with the message pattern ``Call to `targetMethod` from `caller1``.
 
 ## Output Format
 
 The query is a `@kind problem` query producing rows of:
 
-- `select call, "Call to 'target' from 'caller'"`
+- ``select call, "Call to `target` from `caller`"``
 
 ## References
 

diff --git a/server/ql/javascript/tools/src/CallGraphFrom/CallGraphFrom.md b/server/ql/javascript/tools/src/CallGraphFrom/CallGraphFrom.md
@@ -15,7 +15,6 @@ This query is primarily used for:
 - Mapping outbound dependencies of a specific function
 - Understanding what a function calls and in what order
 - Analyzing call chains for refactoring or security review
-- IDE integration for call hierarchy navigation
 
 ## Example
 
@@ -34,13 +33,13 @@ function sourceFunc() {
 }
 ```
 
-Running with `sourceFunction = "sourceFunc"` produces results showing each call site with the message pattern `Call from 'sourceFunc' to 'helper1'`.
+Running with `sourceFunction = "sourceFunc"` produces results showing each call site with the message pattern ``Call from `sourceFunc` to `helper1``.
 
 ## Output Format
 
 The query is a `@kind problem` query producing rows of:
 
-- `select call, "Call from 'source' to 'callee'"`
+- ``select call, "Call from `source` to `callee`"``
 
 ## References
 

diff --git a/server/ql/javascript/tools/src/CallGraphTo/CallGraphTo.md b/server/ql/javascript/tools/src/CallGraphTo/CallGraphTo.md
@@ -15,7 +15,6 @@ This query is primarily used for:
 - Finding all callers of a specific function
 - Impact analysis before modifying a function signature
 - Understanding usage patterns and entry points
-- IDE integration for call hierarchy navigation
 
 ## Example
 
@@ -32,13 +31,13 @@ function caller2() {
 }
 ```
 
-Running with `targetFunction = "targetFunc"` produces results showing each call site with the message pattern `Call to 'targetFunc' from 'caller1'`.
+Running with `targetFunction = "targetFunc"` produces results showing each call site with the message pattern ``Call to `targetFunc` from `caller1``.
 
 ## Output Format
 
 The query is a `@kind problem` query producing rows of:
 
-- `select call, "Call to 'target' from 'caller'"`
+- ``select call, "Call to `target` from `caller`"``
 
 ## References
 

diff --git a/server/ql/python/tools/src/CallGraphFrom/CallGraphFrom.md b/server/ql/python/tools/src/CallGraphFrom/CallGraphFrom.md
@@ -15,7 +15,6 @@ This query is primarily used for:
 - Mapping outbound dependencies of a specific function
 - Understanding what a function calls and in what order
 - Analyzing call chains for refactoring or security review
-- IDE integration for call hierarchy navigation
 
 ## Example
 
@@ -33,13 +32,13 @@ def source_func():               # Source function for analysis
     helper2()
 ```
 
-Running with `sourceFunction = "source_func"` produces results showing each call site with the message pattern `Call from 'source_func' to 'helper1'`.
+Running with `sourceFunction = "source_func"` produces results showing each call site with the message pattern ``Call from `source_func` to `helper1``.
 
 ## Output Format
 
 The query is a `@kind problem` query producing rows of:
 
-- `select call, "Call from 'source' to 'callee'"`
+- ``select call, "Call from `source` to `callee`"``
 
 ## References
 

diff --git a/server/ql/python/tools/src/CallGraphTo/CallGraphTo.md b/server/ql/python/tools/src/CallGraphTo/CallGraphTo.md
@@ -15,7 +15,6 @@ This query is primarily used for:
 - Finding all callers of a specific function
 - Impact analysis before modifying a function signature
 - Understanding usage patterns and entry points
-- IDE integration for call hierarchy navigation
 
 ## Example
 
@@ -32,13 +31,13 @@ def caller2():
     target_func()
 ```
 
-Running with `targetFunction = "target_func"` produces results showing each call site with the message pattern `Call to 'target_func' from 'caller1'`.
+Running with `targetFunction = "target_func"` produces results showing each call site with the message pattern ``Call to `target_func` from `caller1``.
 
 ## Output Format
 
 The query is a `@kind problem` query producing rows of:
 
-- `select call, "Call to 'target' from 'caller'"`
+- ``select call, "Call to `target` from `caller`"``
 
 ## References
 

diff --git a/server/ql/ruby/tools/src/CallGraphFrom/CallGraphFrom.md b/server/ql/ruby/tools/src/CallGraphFrom/CallGraphFrom.md
@@ -15,7 +15,6 @@ This query is primarily used for:
 - Mapping outbound dependencies of a specific method
 - Understanding what a method calls and in what order
 - Analyzing call chains for refactoring or security review
-- IDE integration for call hierarchy navigation
 
 ## Example
 
@@ -35,13 +34,13 @@ def source_func                   # Source method for analysis
 end
 ```
 
-Running with `sourceFunction = "source_func"` produces results showing each call site with the message pattern `Call from 'source_func' to 'helper1'`.
+Running with `sourceFunction = "source_func"` produces results showing each call site with the message pattern ``Call from `source_func` to `helper1``.
 
 ## Output Format
 
 The query is a `@kind problem` query producing rows of:
 
-- `select call, "Call from 'source' to 'callee'"`
+- ``select call, "Call from `source` to `callee`"``
 
 ## References
 

diff --git a/server/ql/ruby/tools/src/CallGraphTo/CallGraphTo.md b/server/ql/ruby/tools/src/CallGraphTo/CallGraphTo.md
@@ -15,7 +15,6 @@ This query is primarily used for:
 - Finding all callers of a specific method
 - Impact analysis before modifying a method signature
 - Understanding usage patterns and entry points
-- IDE integration for call hierarchy navigation
 
 ## Example
 
@@ -34,13 +33,13 @@ def caller2
 end
 ```
 
-Running with `targetFunction = "target_func"` produces results showing each call site with the message pattern `Call to 'target_func' from 'caller1'`.
+Running with `targetFunction = "target_func"` produces results showing each call site with the message pattern ``Call to `target_func` from `caller1``.
 
 ## Output Format
 
 The query is a `@kind problem` query producing rows of:
 
-- `select call, "Call to 'target' from 'caller'"`
+- ``select call, "Call to `target` from `caller`"``
 
 ## References
 

diff --git a/server/ql/swift/tools/src/CallGraphFrom/CallGraphFrom.md b/server/ql/swift/tools/src/CallGraphFrom/CallGraphFrom.md
@@ -15,7 +15,6 @@ This query is primarily used for:
 - Mapping outbound dependencies of a specific function
 - Understanding what a function calls and in what order
 - Analyzing call chains for refactoring or security review
-- IDE integration for call hierarchy navigation
 
 ## Example
 
@@ -31,13 +30,13 @@ func sourceFunc() {               // Source function for analysis
 }
 ```
 
-Running with `sourceFunction = "sourceFunc"` produces results showing each call site with the message pattern `Call from 'sourceFunc' to 'helper1'`.
+Running with `sourceFunction = "sourceFunc"` produces results showing each call site with the message pattern ``Call from `sourceFunc` to `helper1``.
 
 ## Output Format
 
 The query is a `@kind problem` query producing rows of:
 
-- `select call, "Call from 'source' to 'callee'"`
+- ``select call, "Call from `source` to `callee`"``
 
 ## References
 

diff --git a/server/ql/swift/tools/src/CallGraphTo/CallGraphTo.md b/server/ql/swift/tools/src/CallGraphTo/CallGraphTo.md
@@ -15,7 +15,6 @@ This query is primarily used for:
 - Finding all callers of a specific function
 - Impact analysis before modifying a function signature
 - Understanding usage patterns and entry points
-- IDE integration for call hierarchy navigation
 
 ## Example
 
@@ -28,13 +27,13 @@ func caller1() { targetFunc() }
 func caller2() { targetFunc() }
 ```
 
-Running with `targetFunction = "targetFunc"` produces results showing each call site with the message pattern `Call to 'targetFunc' from 'caller1'`.
+Running with `targetFunction = "targetFunc"` produces results showing each call site with the message pattern ``Call to `targetFunc` from `caller1``.
 
 ## Output Format
 
 The query is a `@kind problem` query producing rows of:
 
-- `select call, "Call to 'target' from 'caller'"`
+- ``select call, "Call to `target` from `caller`"``
 
 ## References