feat(resources): improve CodeQL MaD extensions support#266
Open
data-douser wants to merge 19 commits intomainfrom
Open
feat(resources): improve CodeQL MaD extensions support#266data-douser wants to merge 19 commits intomainfrom
data-douser wants to merge 19 commits intomainfrom
Conversation
Implements changes required for resolution of issue #261 and first-class support for CodeQL Models-as-Data (MaD) extensions as part of agentic CodeQL development. Add per-language library-modeling resources, a common data-extensions overview, and a procedural MCP prompt for data extension development workflows. Resources: - Add library-modeling for cpp, csharp, java, javascript, python, ruby (from template PR #42) - Add data-extensions-overview.md covering MaD tuple and API Graph formats (codeql://learning/data-extensions) - Update Go library-modeling with barrierModel and barrierGuardModel (CodeQL 2.25.2+) - Register 6 new language resources in language-types.ts Prompt: - Add data_extension_development MCP prompt with 8-step procedural workflow (from template PR #48) Docs: - Update server-overview.md, server-prompts.md, server-queries.md with new URIs and references
Contributor
Dependency Review✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.OpenSSF Scorecard
Scanned Files
|
Contributor
There was a problem hiding this comment.
Pull request overview
Adds first-class Models-as-Data (MaD) / data extensions documentation and workflow support to the CodeQL Development MCP Server, enabling agentic development of library models via new learning resources, per-language guides, and a dedicated MCP prompt.
Changes:
- Added a new
codeql://learning/data-extensionsresource plus per-languagelibrary-modelingresources for multiple languages. - Introduced a new
data_extension_developmentworkflow prompt (template + registration + schema) for end-to-end MaD authoring/testing. - Updated server documentation and tests to account for newly registered resources/prompts and expanded Go library-modeling docs with
barrierModel/barrierGuardModel.
Show a summary per file
| File | Description |
|---|---|
| server/test/src/resources/language-resources.test.ts | Updates expectations for additional language resources registration. |
| server/test/src/prompts/workflow-prompts.test.ts | Updates prompt-name count expectation for the new workflow prompt. |
| server/src/types/language-types.ts | Registers new per-language library-modeling markdown resources via additionalResources. |
| server/src/tools/codeql-resources.ts | Registers new learning resource codeql://learning/data-extensions. |
| server/src/resources/server-queries.md | Table formatting adjustments in bundled queries documentation. |
| server/src/resources/server-prompts.md | Documents the newly added data_extension_development prompt. |
| server/src/resources/server-overview.md | Adds references to the new data extensions resource and library-modeling resources; updates prompt count/category list. |
| server/src/resources/languages/cpp_library_modeling.md | Adds C/C++ library-modeling (MaD) guidance resource. |
| server/src/resources/languages/csharp_library_modeling.md | Adds C# library-modeling (MaD) guidance resource. |
| server/src/resources/languages/java_library_modeling.md | Adds Java/Kotlin library-modeling (MaD) guidance resource. |
| server/src/resources/languages/javascript_library_modeling.md | Adds JavaScript/TypeScript library-modeling (API graph format) guidance resource. |
| server/src/resources/languages/python_library_modeling.md | Adds Python library-modeling (API graph format) guidance resource. |
| server/src/resources/languages/ruby_library_modeling.md | Adds Ruby library-modeling (API graph format) guidance resource. |
| server/src/resources/languages/go_library_modeling.md | Extends Go library-modeling docs with barrierModel / barrierGuardModel (2.25.2+). |
| server/src/resources/data-extensions-overview.md | Adds shared overview doc covering MaD formats, predicates, packs, and workflow. |
| server/src/prompts/workflow-prompts.ts | Registers data_extension_development prompt, schema, and handler. |
| server/src/prompts/data-extension-development.prompt.md | Adds the procedural workflow prompt template for data extension development. |
| server/src/lib/resources.ts | Adds getDataExtensionsOverview() for serving the new learning resource. |
| server/dist/codeql-development-mcp-server.js | Updates the built server bundle to include new resources/prompt wiring. |
Copilot's findings
- Files reviewed: 18/20 changed files
- Comments generated: 5
…eview feedback Agent-Logs-Url: https://github.com/advanced-security/codeql-development-mcp-server/sessions/4266e55f-3c7d-4ab3-9bd9-338cdb43bbee Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com>
Contributor
|
Just as a heads up, I was blocked by some firewall rules while working on your feedback. Expand below for details. Warning Firewall rules blocked me from connecting to one or more addresses (expand for details)I tried to connect to the following addresses, but was blocked by firewall rules:
If you need me to access, download, or install something from one of these locations, you can either:
|
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5.6.0 to 6.4.0. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@40f1582...4a36011) --- updated-dependencies: - dependency-name: actions/setup-go dependency-version: 6.4.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Nathan Randall <70299490+data-douser@users.noreply.github.com>
* Initial plan * Fix invalid JSON Schema for query_results_cache_retrieve (use z.object for lineRange/resultIndices) Agent-Logs-Url: https://github.com/advanced-security/codeql-development-mcp-server/sessions/950558d1-9e5d-4eec-bdd3-0668c904dd1f Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com> * Add server tool-schema-validation.test.ts Adds tests to generically avoid regressions due to invalid schema for any MCP tool. * Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> Signed-off-by: Nathan Randall <70299490+data-douser@users.noreply.github.com> * Address PR review feedback --------- Signed-off-by: Nathan Randall <70299490+data-douser@users.noreply.github.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com> Co-authored-by: Nathan Randall <data-douser@github.com> Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 6.3.0 to 6.4.0. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](actions/setup-node@53b8394...48b55a0) --- updated-dependencies: - dependency-name: actions/setup-node dependency-version: 6.4.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…elopment-mcp-server into dd/mad-ql/1
Implements changes required for resolution of issue #261 and first-class support for CodeQL Models-as-Data (MaD) extensions as part of agentic CodeQL development. Add per-language library-modeling resources, a common data-extensions overview, and a procedural MCP prompt for data extension development workflows. Resources: - Add library-modeling for cpp, csharp, java, javascript, python, ruby (from template PR #42) - Add data-extensions-overview.md covering MaD tuple and API Graph formats (codeql://learning/data-extensions) - Update Go library-modeling with barrierModel and barrierGuardModel (CodeQL 2.25.2+) - Register 6 new language resources in language-types.ts Prompt: - Add data_extension_development MCP prompt with 8-step procedural workflow (from template PR #48) Docs: - Update server-overview.md, server-prompts.md, server-queries.md with new URIs and references
…eview feedback Agent-Logs-Url: https://github.com/advanced-security/codeql-development-mcp-server/sessions/4266e55f-3c7d-4ab3-9bd9-338cdb43bbee Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com>
- Register data-extension-development.prompt.md in prompt-loader - Add index signature to PromptResult for MCP SDK compat - Fix startServer HTTP branch to return Promise<McpServer> - Add hints field to QueryFilesResult interface - Narrow unknown types in mermaid graph evaluator - Update EXPECTED_PROMPT_FILES in prompt-loader tests - Add test for object-based mermaid graph tuples
Contributor
There was a problem hiding this comment.
Copilot's findings
Comments suppressed due to low confidence (1)
server/src/codeql-development-mcp-server.ts:158
- In HTTP mode,
startServer()returns early from inside thenew Promise(...)block, sosetupGracefulShutdown(server)is never reached. That means SIGINT/SIGTERM won’t triggershutdownServerManager()/server.close()when running withTRANSPORT_MODE=http. Consider movingsetupGracefulShutdown(server)before the mode branch and (optionally) wiring shutdown to also close the underlyinghttpServer.
const host = process.env.HTTP_HOST || 'localhost';
const port = Number(process.env.HTTP_PORT || process.env.PORT) || 3000;
// Return a promise that keeps the process alive
return new Promise<McpServer>((resolve, reject) => {
const httpServer = app.listen(port, host, () => {
logger.info(`HTTP server listening on http://${host}:${port}/mcp`);
resolve(server);
});
httpServer.on('error', (error) => {
logger.error('HTTP server error:', error);
reject(error);
});
});
}
- Files reviewed: 36/38 changed files
- Comments generated: 3
Contributor
There was a problem hiding this comment.
Copilot's findings
Comments suppressed due to low confidence (1)
server/src/tools/codeql-resources.ts:18
- The named imports from
../lib/resourcesaren’t in alphabetical order (getLearningDataExtensionsis listed beforegetDataflowMigration). Repo convention is to keep imports/specifier lists alphabetized (see.github/instructions/server_src_ts.instructions.md:16). Please reorder the specifiers accordingly.
- Files reviewed: 49/51 changed files
- Comments generated: 1
Comment on lines
41
to
53
| export const LANGUAGE_RESOURCES: LanguageResource[] = [ | ||
| { | ||
| language: 'actions', | ||
| astContent: actionsAst | ||
| }, | ||
| { | ||
| language: 'cpp', | ||
| astContent: cppAst, | ||
| securityContent: cppSecurity | ||
| securityContent: cppSecurity, | ||
| additionalResources: { | ||
| 'library-modeling': cppLibraryModeling, | ||
| } | ||
| }, |
There was a problem hiding this comment.
LANGUAGE_RESOURCES array is missing commas after object properties / elements (e.g., after astContent: actionsAst and after each closing }), which makes this file invalid TypeScript and will break compilation. Add the missing trailing commas between object entries and after the last property in each object.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #261.
Summary of Changes
Implements changes required for resolution of issue #261 and first-class support for CodeQL Models-as-Data (MaD) extensions as part of agentic CodeQL development.
Add per-language library-modeling resources, a common data-extensions overview, and a procedural MCP prompt for data extension development workflows.
Resources:
data-extensions-overview.mdcovering MaD tuple and API Graph formats (codeql://learning/data-extensions)barrierModelandbarrierGuardModel(CodeQL 2.25.2+)language-types.tsPrompt:
Docs:
server-overview.md,server-prompts.md,server-queries.mdwith new URIs and referencesOutline of Changes
TODO