Open
Conversation
Add a lightweight version check in the check-tag step that inspects server/package.json at the tagged commit. If the version doesn't match the release name, the stale tag is deleted and recreated with correct versions through the normal update/build/test/tag flow. Also suppress stderr on git restore --staged for paths that may not exist (.codeql, *.qlx).
VSIX install fixes: - Skip npm install entirely when the VSIX bundle is present; the bundle already ships server/dist/, server/ql/, and server/package.json - PackInstaller now prefers bundled qlpacks from the VSIX over the npm-installed copy in globalStorage, fixing version skew between the packs being installed and the server code being run - In the unbundled fallback path (Extension Development Host), compare the npm-installed version against the extension's own version instead of short-circuiting on targetVersion === 'latest' Versioned release artifact filenames: - VSIX: codeql-development-mcp-server-vX.Y.Z.vsix (was unversioned) - CodeQL pack bundles: ql-mcp-<lang>-tools-src-vX.Y.Z.tar.gz (was unversioned) - Update release, build-and-test, and package scripts accordingly - Add *.vsix to .gitignore - Normalize docs to use vX.Y.Z placeholders consistently
* Add .md docs for all tools queries (#78) Add query documentation (.md) for every `server/ql/*/tools/src/*/*.ql` query across all 9 supported languages: PrintAST, PrintCFG, CallGraphFrom, and CallGraphTo. - Add `query-documentation.test.ts` to enforce that every tools query has a matching .md file - Update `server_ql_languages_tools.instructions.md` to require query docs, clarify `@kind graph` vs detection-query guidance, and scope COMPLIANT/NON_COMPLIANT annotations to detection queries only - Remove COMPLIANT/NON_COMPLIANT annotations from existing PrintCFG docs (structural queries, not detection queries) * Apply suggestions from code review Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: Nathan Randall <70299490+data-douser@users.noreply.github.com> * [UPDATE PRIMITIVE] Consistent `CallGraphFrom`/`CallGraphTo` naming in all language docs (#80) * Initial plan * Use CallGraphFrom and CallGraphTo naming consistently in all docs (no spaces) Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com> * Update server/ql/cpp/tools/src/CallGraphFrom/CallGraphFrom.md Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: Nathan Randall <70299490+data-douser@users.noreply.github.com> --------- Signed-off-by: Nathan Randall <70299490+data-douser@users.noreply.github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com>
![github-license-compliance[bot]](https://avatars.githubusercontent.com/u/9919?s=60&v=4){kind=small}
Contributor
Dependency ReviewThe following issues were found:
License Issuespackage-lock.json
OpenSSF Scorecard
Scanned Files
|
Contributor
There was a problem hiding this comment.
Pull request overview
Prepares the repository for the v2.24.2 release candidate by tightening query documentation requirements, standardizing release artifact naming, and making the VS Code extension prefer the VSIX-bundled server/QL packs (with npm install as a fallback).
Changes:
- Add a unit test to enforce
.mddocumentation presence for tools queries underserver/ql/*/tools/src/. - Update VS Code extension server/pack resolution to prefer the VSIX-bundled
server/tree, with improved install/activation flow and updated tests. - Standardize release artifact filenames to include versions and bump versions across packages/packs to
2.24.2-rc3.
Reviewed changes
Copilot reviewed 71 out of 73 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| server/test/src/tools/query-documentation.test.ts | Adds filesystem guard ensuring tools queries have adjacent .md docs. |
| server/ql/swift/tools/test/codeql-pack.yml | Bumps Swift tools test pack version to 2.24.2-rc3. |
| server/ql/swift/tools/src/codeql-pack.yml | Bumps Swift tools src pack version to 2.24.2-rc3. |
| server/ql/swift/tools/src/PrintCFG/PrintCFG.md | Adds Swift PrintCFG query documentation. |
| server/ql/swift/tools/src/PrintAST/PrintAST.md | Adds Swift PrintAST query documentation. |
| server/ql/swift/tools/src/CallGraphTo/CallGraphTo.md | Adds Swift CallGraphTo query documentation. |
| server/ql/swift/tools/src/CallGraphFrom/CallGraphFrom.md | Adds Swift CallGraphFrom query documentation. |
| server/ql/ruby/tools/test/codeql-pack.yml | Bumps Ruby tools test pack version to 2.24.2-rc3. |
| server/ql/ruby/tools/src/codeql-pack.yml | Bumps Ruby tools src pack version to 2.24.2-rc3. |
| server/ql/ruby/tools/src/PrintCFG/PrintCFG.md | Removes COMPLIANT-style annotations from graph-query docs example. |
| server/ql/ruby/tools/src/PrintAST/PrintAST.md | Adds Ruby PrintAST query documentation. |
| server/ql/ruby/tools/src/CallGraphTo/CallGraphTo.md | Adds Ruby CallGraphTo query documentation. |
| server/ql/ruby/tools/src/CallGraphFrom/CallGraphFrom.md | Adds Ruby CallGraphFrom query documentation. |
| server/ql/python/tools/test/codeql-pack.yml | Bumps Python tools test pack version to 2.24.2-rc3. |
| server/ql/python/tools/src/codeql-pack.yml | Bumps Python tools src pack version to 2.24.2-rc3. |
| server/ql/python/tools/src/PrintCFG/PrintCFG.md | Removes COMPLIANT-style annotations from graph-query docs example. |
| server/ql/python/tools/src/PrintAST/PrintAST.md | Adds Python PrintAST query documentation. |
| server/ql/python/tools/src/CallGraphTo/CallGraphTo.md | Adds Python CallGraphTo query documentation. |
| server/ql/python/tools/src/CallGraphFrom/CallGraphFrom.md | Adds Python CallGraphFrom query documentation. |
| server/ql/javascript/tools/test/codeql-pack.yml | Bumps JavaScript tools test pack version to 2.24.2-rc3. |
| server/ql/javascript/tools/src/codeql-pack.yml | Bumps JavaScript tools src pack version to 2.24.2-rc3. |
| server/ql/javascript/tools/src/PrintCFG/PrintCFG.md | Removes COMPLIANT-style annotations from graph-query docs example. |
| server/ql/javascript/tools/src/PrintAST/PrintAST.md | Adds JavaScript PrintAST query documentation. |
| server/ql/javascript/tools/src/CallGraphTo/CallGraphTo.md | Adds JavaScript CallGraphTo query documentation. |
| server/ql/javascript/tools/src/CallGraphFrom/CallGraphFrom.md | Adds JavaScript CallGraphFrom query documentation. |
| server/ql/java/tools/test/codeql-pack.yml | Bumps Java tools test pack version to 2.24.2-rc3. |
| server/ql/java/tools/src/codeql-pack.yml | Bumps Java tools src pack version to 2.24.2-rc3. |
| server/ql/java/tools/src/PrintCFG/PrintCFG.md | Removes COMPLIANT-style annotations from graph-query docs example. |
| server/ql/java/tools/src/PrintAST/PrintAST.md | Adds Java PrintAST query documentation. |
| server/ql/java/tools/src/CallGraphTo/CallGraphTo.md | Adds Java CallGraphTo query documentation. |
| server/ql/java/tools/src/CallGraphFrom/CallGraphFrom.md | Adds Java CallGraphFrom query documentation. |
| server/ql/go/tools/test/codeql-pack.yml | Bumps Go tools test pack version to 2.24.2-rc3. |
| server/ql/go/tools/src/codeql-pack.yml | Bumps Go tools src pack version to 2.24.2-rc3. |
| server/ql/go/tools/src/PrintCFG/PrintCFG.md | Removes COMPLIANT-style annotations from graph-query docs example. |
| server/ql/go/tools/src/PrintAST/PrintAST.md | Adds Go PrintAST query documentation. |
| server/ql/go/tools/src/CallGraphTo/CallGraphTo.md | Adds Go CallGraphTo query documentation. |
| server/ql/go/tools/src/CallGraphFrom/CallGraphFrom.md | Adds Go CallGraphFrom query documentation. |
| server/ql/csharp/tools/test/codeql-pack.yml | Bumps C# tools test pack version to 2.24.2-rc3. |
| server/ql/csharp/tools/src/codeql-pack.yml | Bumps C# tools src pack version to 2.24.2-rc3. |
| server/ql/csharp/tools/src/PrintCFG/PrintCFG.md | Removes COMPLIANT-style annotations from graph-query docs example. |
| server/ql/csharp/tools/src/PrintAST/PrintAST.md | Adds C# PrintAST query documentation. |
| server/ql/csharp/tools/src/CallGraphTo/CallGraphTo.md | Adds C# CallGraphTo query documentation. |
| server/ql/csharp/tools/src/CallGraphFrom/CallGraphFrom.md | Adds C# CallGraphFrom query documentation. |
| server/ql/cpp/tools/test/codeql-pack.yml | Bumps C++ tools test pack version to 2.24.2-rc3. |
| server/ql/cpp/tools/src/codeql-pack.yml | Bumps C++ tools src pack version to 2.24.2-rc3. |
| server/ql/cpp/tools/src/PrintCFG/PrintCFG.md | Removes COMPLIANT-style annotations from graph-query docs example. |
| server/ql/cpp/tools/src/PrintAST/PrintAST.md | Adds C++ PrintAST query documentation. |
| server/ql/cpp/tools/src/CallGraphTo/CallGraphTo.md | Adds C++ CallGraphTo query documentation. |
| server/ql/cpp/tools/src/CallGraphFrom/CallGraphFrom.md | Adds C++ CallGraphFrom query documentation. |
| server/ql/actions/tools/test/codeql-pack.yml | Bumps Actions tools test pack version to 2.24.2-rc3. |
| server/ql/actions/tools/src/codeql-pack.yml | Bumps Actions tools src pack version to 2.24.2-rc3. |
| server/ql/actions/tools/src/PrintCFG/PrintCFG.md | Removes COMPLIANT-style annotations from graph-query docs example. |
| server/ql/actions/tools/src/PrintAST/PrintAST.md | Adds Actions PrintAST query documentation. |
| server/package.json | Bumps server package version to 2.24.2-rc3. |
| package.json | Bumps root workspace version to 2.24.2-rc3. |
| package-lock.json | Updates lockfile versions to 2.24.2-rc3. |
| extensions/vscode/test/server/server-manager.test.ts | Expands tests for bundled root detection and version handling. |
| extensions/vscode/test/server/pack-installer.test.ts | Adds coverage for preferring bundled QL root over npm package root. |
| extensions/vscode/src/server/server-manager.ts | Prefers VSIX/monorepo server bundle; adds bundle detection and version logic. |
| extensions/vscode/src/server/pack-installer.ts | Resolves pack roots from bundled server when available, else npm install. |
| extensions/vscode/src/extension.ts | Simplifies activation flow around server install + pack setup. |
| extensions/vscode/package.json | Bumps extension version; updates VSIX packaging script to include version in filename. |
| extensions/vscode/README.md | Updates install instructions for versioned VSIX filenames. |
| docs/vscode/extension.md | Updates docs for versioned VSIX filenames. |
| docs/getting-started.md | Updates tarball filename example to vX.Y.Z. |
| client/package.json | Bumps client version to 2.24.2-rc3. |
| .gitignore | Ignores .vsix artifacts. |
| .github/workflows/release.yml | Adds concurrency + switches to versioned VSIX artifact name. |
| .github/workflows/release-vsix.yml | Produces versioned VSIX filenames and updates workflow outputs. |
| .github/workflows/release-tag.yml | Adds stale-tag verification/removal and improves staging restore robustness. |
| .github/workflows/release-codeql.yml | Adds prerelease publish flag; bundles packs with versioned tarball names. |
| .github/workflows/build-and-test-extension.yml | Verifies VSIX packaging using a versioned output filename. |
| .github/instructions/server_ql_languages_tools.instructions.md | Clarifies/enforces tools query doc/test conventions (esp. @kind graph). |
Comments suppressed due to low confidence (1)
extensions/vscode/src/server/server-manager.ts:144
effectiveTargetis computed to treatserverVersion: 'latest'as the extension version, but the install call still usestargetVersion. IftargetVersionis'latest'and the installed version differs, this will repeatedly install@latestinstead of the intended version. UseeffectiveTarget(or compute an install spec) when callinginstall().
}
await this.install({ version: targetVersion });
return true;
Comment on lines
+98
to
+100
| getExtensionVersion(): string { | ||
| return this.context.extension.packageJSON.version as string; | ||
| } |
There was a problem hiding this comment.
vscode.ExtensionContext does not expose a context.extension property. This will fail to compile (and likely at runtime). Consider reading the version from vscode.extensions.getExtension('<publisher>.<name>')?.packageJSON.version or by reading/parsing <extensionRoot>/package.json via context.extensionUri.fsPath.
Comment on lines
+166
to
+188
| /** | ||
| * Root of the bundled `server/` directory inside the VSIX. | ||
| * | ||
| * In VSIX layout the `vscode:prepublish` step copies `server/dist/`, | ||
| * `server/ql/`, and `server/package.json` into the extension so the VSIX | ||
| * is self-contained. Returns the path to that `server/` directory, or | ||
| * `undefined` if the bundle is missing (local dev without a prepublish | ||
| * build). | ||
| */ | ||
| getBundledQlRoot(): string | undefined { | ||
| const extensionRoot = this.context.extensionUri.fsPath; | ||
| const candidate = join(extensionRoot, 'server'); | ||
| try { | ||
| accessSync(join(candidate, 'package.json'), constants.R_OK); | ||
| return candidate; | ||
| } catch { | ||
| // Not in VSIX layout — check monorepo | ||
| } | ||
|
|
||
| const monorepo = join(extensionRoot, '..', '..', 'server'); | ||
| try { | ||
| accessSync(join(monorepo, 'package.json'), constants.R_OK); | ||
| return monorepo; |
There was a problem hiding this comment.
getBundledQlRoot() returns both the VSIX-bundled server/ directory and the monorepo ../../server directory, but the docstring and log message call it “VSIX-bundled”. This is misleading and can cause confusing logs/behavior in Extension Development Host. Consider renaming/splitting (e.g., getVsixServerRoot vs getMonorepoServerRoot) or updating docs/logging to reflect both cases.
Collaborator
Author
|
@copilot open a new pull request to apply changes based on the comments in this thread |
Contributor
|
@data-douser I've opened a new pull request, #82, to work on those changes. Once the pull request is ready, I'll request review from you. |
35 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request introduces several improvements and refinements across documentation, packaging, and the VS Code extension to standardize naming conventions, clarify documentation requirements, and improve robustness for release and installation workflows. The most significant changes are grouped below.
Documentation and Query Pack Structure:
.mddocumentation files for every query, clarify documentation/test conventions for@kind graphqueries, and enforce these via unit tests. Also, explicitly require/forbidCOMPLIANT/NON_COMPLIANTannotations only for detection-style queries..mddocumentation for any query in atools/src/pack directory.Release and Packaging Automation:
codeql-development-mcp-server-vX.Y.Z.vsix), with documentation and workflow steps updated accordingly. [1] [2] [3] [4] [5] [6] [7] [8] [9]VS Code Extension Improvements:
Version Bumps:
client/package.jsonandextensions/vscode/package.jsonto2.24.2-rc3for the release candidate. [1] [2] [3]These changes collectively improve the maintainability, reliability, and clarity of the CodeQL MCP server project, especially around release and extension packaging processes.