MaD QL : Improve ql-mcp support for CodeQL Models-as-Data Extensions#271
Draft
data-douser wants to merge 2 commits intomainfrom
Draft
MaD QL : Improve ql-mcp support for CodeQL Models-as-Data Extensions#271data-douser wants to merge 2 commits intomainfrom
ql-mcp support for CodeQL Models-as-Data Extensions#271data-douser wants to merge 2 commits intomainfrom
Conversation
Adds first-class support for authoring CodeQL data extensions (MaD) for third-party libraries via a new `data_extension_development` workflow prompt and per-language `codeql://languages/<lang>/library-modeling` resources for every CodeQL language that supports MaD upstream (cpp, csharp, go, java, javascript, python, ruby, rust, swift), plus a shared `codeql://learning/data-extensions` overview resource. Also includes review-feedback fixes: MaD tuple format updates in the overview resource, prompt wiring + type fixes, and assorted client/ go lint and format cleanups.
Contributor
Dependency Review✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.Scanned FilesNone |
Contributor
There was a problem hiding this comment.
Pull request overview
Adds first-class support for authoring CodeQL Models-as-Data (MaD) “data extensions” by introducing a dedicated workflow prompt and a set of new learning/per-language library-modeling resources, plus related tests and documentation updates.
Changes:
- Added
data_extension_developmentworkflow prompt with language restricted to MaD-supported languages and embedded context. - Added a MaD overview learning resource and per-language
library-modelingresources; wired them into server resource registration and language resource types/tests. - Strengthened tool JSON schema validation tests (via public MCP
tools/list) and extended graph mermaid evaluation to support object-shaped tuples.
Show a summary per file
| File | Description |
|---|---|
| server/test/src/tools/tool-schema-validation.test.ts | Switches schema validation to use a public in-memory MCP client/server pair; adds targeted schema assertions for cache retrieve fields. |
| server/test/src/tools/cache-tools.test.ts | Removes cache-tool-specific schema serialization regression tests now covered globally. |
| server/test/src/resources/language-resources.test.ts | Updates expectations for additional per-language resources (library modeling) and total resource counts. |
| server/test/src/prompts/workflow-prompts.test.ts | Updates prompt name count expectation for the newly added workflow prompt. |
| server/test/src/prompts/prompt-loader.test.ts | Ensures the new prompt template is embedded in the bundle (and updates the expected file list). |
| server/test/src/lib/query-results-evaluator.test.ts | Adds regression coverage for object-based graph tuples (source/target) in mermaid output generation. |
| server/src/types/language-types.ts | Adds per-language library-modeling resource content into LANGUAGE_RESOURCES via additionalResources. |
| server/src/types/codeql.ts | Extends QueryFilesResult with optional LLM-facing hints. |
| server/src/tools/codeql-resources.ts | Registers new codeql://learning/data-extensions resource. |
| server/src/resources/server-queries.md | Cleans up bundled tools queries table formatting/content. |
| server/src/resources/server-prompts.md | Documents the new data_extension_development prompt. |
| server/src/resources/server-overview.md | Updates overview resource list and prompt category/count to include data extensions support. |
| server/src/resources/learning-data-extensions.md | Adds a new learning resource describing MaD formats, predicates, pack layout, and workflow. |
| server/src/resources/languages/swift_library_modeling.md | Adds Swift library modeling guidance for MaD tuple format. |
| server/src/resources/languages/rust_library_modeling.md | Adds Rust library modeling guidance for crate-path-based MaD format. |
| server/src/resources/languages/ruby_library_modeling.md | Adds Ruby API-graph-based library modeling guidance and examples. |
| server/src/resources/languages/python_library_modeling.md | Adds Python API-graph-based library modeling guidance and examples. |
| server/src/resources/languages/javascript_library_modeling.md | Adds JavaScript/TypeScript API-graph-based library modeling guidance and examples. |
| server/src/resources/languages/java_library_modeling.md | Adds Java/Kotlin MaD tuple-format library modeling guidance and examples. |
| server/src/resources/languages/go_library_modeling.md | Extends Go library modeling documentation with barrier/barrierGuard guidance (2.25.2+). |
| server/src/resources/languages/csharp_library_modeling.md | Adds C# MaD tuple-format library modeling guidance and examples. |
| server/src/resources/languages/cpp_library_modeling.md | Adds C/C++ MaD tuple-format library modeling guidance and examples. |
| server/src/prompts/workflow-prompts.ts | Adds schema + registration for data_extension_development prompt; updates prompt name list and prompt result typing. |
| server/src/prompts/prompt-loader.ts | Embeds the new prompt template into the bundled prompt template registry. |
| server/src/prompts/data-extension-development.prompt.md | Adds the end-to-end MaD authoring workflow prompt template content. |
| server/src/prompts/constants.ts | Introduces MAD_SUPPORTED_LANGUAGES subset for MaD-capable languages. |
| server/src/lib/resources.ts | Adds static import + getter for the new learning data extensions resource. |
| server/src/lib/query-results-evaluator.ts | Improves mermaid graph generation to handle object-shaped tuples safely. |
| server/src/codeql-development-mcp-server.ts | Fixes HTTP-mode server start promise typing to resolve with the McpServer. |
| client/internal/testing/runner.go | Ignores os.RemoveAll error when cleaning stale outputs. |
| client/internal/testing/runner_test.go | Makes filesystem setup/fixture writes explicitly ignore errors in test helpers. |
| client/internal/testing/params_test.go | Ignores cleanup and fixture file write errors in tests for tool param building. |
| client/internal/mcp/primitives.go | Avoids fmt.Sprintf intermediate strings by writing directly into strings.Builder. |
| client/cmd/use_tool.go | Ignores stdout write errors and ignores deferred Close() error. |
| client/cmd/use_resource.go | Ignores stdout write errors and ignores deferred Close() error. |
| client/cmd/use_prompt.go | Ignores stdout write errors and ignores deferred Close() error. |
| client/cmd/list.go | Ignores write/flush errors for tabwriter output and ignores deferred Close() error. |
| client/cmd/integration_tests.go | Ignores os.Setenv error when setting CODEQL_MCP_TMP_DIR default. |
| client/cmd/code_scanning_list_analyses.go | Ignores tabwriter output write errors in list command. |
| client/cmd/code_scanning_list_alerts.go | Ignores tabwriter output write errors in list command. |
| client/cmd/code_scanning_download_analysis.go | Ignores output write errors when reporting download result. |
| CHANGELOG.md | Adds Unreleased entries for the new prompt/resources and notes prior schema fix. |
Copilot's findings
Comments suppressed due to low confidence (1)
server/src/tools/codeql-resources.ts:18
- Per the
server/src/**/*.tsconventions requiring alphabetical ordering, the named imports from../lib/resourcesshould be sorted.getLearningDataExtensionsis currently listed beforegetDataflowMigration; please reorder this import list alphabetically to keep it consistent.
- Files reviewed: 42/44 changed files
- Comments generated: 3
Comment on lines
+27
to
+33
| ### MaD Tuple Format (9–10 Column Tuples) | ||
|
|
||
| **Languages**: C/C++, C#, Go, Java/Kotlin, Swift | ||
|
|
||
| Identifies callables by **package/namespace, type, method name, and signature**. Each row is a tuple of 9–10 string columns. | ||
|
|
||
| > **Rust** uses a distinct crate-path-based format that does not match either the tuple or API-graph layout described here. Consult `codeql://languages/rust/library-modeling` for the Rust-specific column layout. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds first-class support for authoring CodeQL data extensions (Models-as-Data) for third-party libraries.
Replaces #266 with a clean, linear history on top of latest
main(CodeQL CLI v2.25.3).Changes
New MCP Server Prompt
data_extension_developmentlanguageto MaD-supported languages.New MCP Server Resources
codeql://learning/data-extensionscodeql://languages/<lang>/library-modelingcpp,csharp,go,java,javascript,python,ruby,rust,swift.actionsis intentionally excluded (no MaD support upstream).Commits
feat(resources): add CodeQL MaD (Models-as-Data) extensions support— sources, prompts, resources, tests, CHANGELOG.chore: rebuild server/dist/** for MaD extensions support— regenerated bundle.Validation
npm run lint(root, server, extensions/vscode) — cleannpm run format:check+markdownlint(pre-commit) — cleannpm run build -w server— clean bundle