Skip to content

Prepare CHANGELOG and docs for v2.25.4 release #276

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Copilot wants to merge 2 commits into
base: main
Choose a base branch
from
+59 −25
Open

Prepare CHANGELOG and docs for v2.25.4 release #276

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
4aabf61
Prepare CHANGELOG and docs for v2.25.4 release
Copilot May 8, 2026
89b09d3
Tighten v2.25.4 MaD-resources note in CHANGELOG
Copilot May 8, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
51 changes: 41 additions & 10 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,27 +14,57 @@ release cadence.

_Changes on `main` since the latest tagged release that have not yet been included in a stable release._

## [v2.25.4] — 2026-05-08

### Highlights

- **Upgraded CodeQL CLI to v2.25.4** — Full compatibility with the latest CodeQL CLI release, including upgraded QL pack dependencies for all supported languages and re-baselined `PrintCFG` test expectations for C# (csharp-all 6.0.0 dropped the legacy `ControlFlow::Node` namespace) and Java (deterministic node-ordering change). ([#272](https://github.com/advanced-security/codeql-development-mcp-server/pull/272))
- **First-class Models-as-Data (MaD) authoring support** — New `data_extension_development` workflow prompt plus a `codeql://learning/data-extensions` overview resource and per-language `codeql://languages/<lang>/library-modeling` guides for every CodeQL language that supports MaD upstream (`cpp`, `csharp`, `go`, `java`, `javascript`, `python`, `ruby`, `rust`, `swift`). ([#271](https://github.com/advanced-security/codeql-development-mcp-server/pull/271))
- **Schema fix unblocks GitHub Copilot Chat** — Replaced `z.tuple([...])` parameters on `query_results_cache_retrieve` with `z.object({ start, end })` so the MCP SDK emits a valid JSON Schema accepted by Copilot Chat's strict validator. ([#263](https://github.com/advanced-security/codeql-development-mcp-server/pull/263))

### Added

#### MCP Server Prompts

| Prompt | Description |
| ---------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `data_extension_development` | End-to-end workflow for authoring CodeQL data extensions (Models-as-Data) for third-party libraries; restricts `language` to MaD-supported languages. ([#266](https://github.com/advanced-security/codeql-development-mcp-server/pull/266)) |
| Prompt | Description |
| ---------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `data_extension_development` | End-to-end workflow for authoring CodeQL data extensions (Models-as-Data) for third-party libraries; restricts `language` to MaD-supported languages. ([#271](https://github.com/advanced-security/codeql-development-mcp-server/pull/271)) |

#### MCP Server Resources

| URI | Description |
| ------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `codeql://learning/data-extensions` | Models-as-Data (MaD) overview: YAML model formats, extensible predicates, and model-pack layout. ([#266](https://github.com/advanced-security/codeql-development-mcp-server/pull/266)) |
| `codeql://languages/rust/library-modeling` | Rust-specific library-modeling guide (crate-path-based MaD format) for the `data_extension_development` workflow. ([#266](https://github.com/advanced-security/codeql-development-mcp-server/pull/266)) |
| `codeql://languages/swift/library-modeling` | Swift-specific library-modeling guide (MaD tuple format) for the `data_extension_development` workflow. ([#266](https://github.com/advanced-security/codeql-development-mcp-server/pull/266)) |
| URI | Description |
| ------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `codeql://learning/data-extensions` | Models-as-Data (MaD) overview: YAML model formats, extensible predicates, and model-pack layout. ([#271](https://github.com/advanced-security/codeql-development-mcp-server/pull/271)) |
| `codeql://languages/cpp/library-modeling` | C/C++-specific library-modeling guide for the `data_extension_development` workflow. ([#271](https://github.com/advanced-security/codeql-development-mcp-server/pull/271)) |
| `codeql://languages/csharp/library-modeling` | C#-specific library-modeling guide for the `data_extension_development` workflow. ([#271](https://github.com/advanced-security/codeql-development-mcp-server/pull/271)) |
| `codeql://languages/java/library-modeling` | Java/Kotlin-specific library-modeling guide for the `data_extension_development` workflow. ([#271](https://github.com/advanced-security/codeql-development-mcp-server/pull/271)) |
| `codeql://languages/javascript/library-modeling` | JavaScript/TypeScript-specific library-modeling guide for the `data_extension_development` workflow. ([#271](https://github.com/advanced-security/codeql-development-mcp-server/pull/271)) |
| `codeql://languages/python/library-modeling` | Python-specific library-modeling guide for the `data_extension_development` workflow. ([#271](https://github.com/advanced-security/codeql-development-mcp-server/pull/271)) |
| `codeql://languages/ruby/library-modeling` | Ruby-specific library-modeling guide for the `data_extension_development` workflow. ([#271](https://github.com/advanced-security/codeql-development-mcp-server/pull/271)) |
| `codeql://languages/rust/library-modeling` | Rust-specific library-modeling guide (crate-path-based MaD format) for the `data_extension_development` workflow. ([#271](https://github.com/advanced-security/codeql-development-mcp-server/pull/271)) |
| `codeql://languages/swift/library-modeling` | Swift-specific library-modeling guide (MaD tuple format) for the `data_extension_development` workflow. ([#271](https://github.com/advanced-security/codeql-development-mcp-server/pull/271)) |

Every CodeQL language that supports Models-as-Data upstream (`cpp`, `csharp`, `go`, `java`, `javascript`, `python`, `ruby`, `rust`, `swift`) now has a registered `codeql://languages/<language>/library-modeling` resource. `actions` is intentionally excluded because it does not support data extensions.
With these additions, every CodeQL language that supports Models-as-Data upstream (`cpp`, `csharp`, `go`, `java`, `javascript`, `python`, `ruby`, `rust`, `swift`) now has a registered `codeql://languages/<lang>/library-modeling` resource. `actions` is intentionally excluded because it does not support data extensions.
Comment on lines +35 to +47

### Fixed

- **`query_results_cache_retrieve` rejected by GitHub Copilot Chat (HTTP 400 invalid schema)** — The `lineRange` and `resultIndices` parameters were defined with `z.tuple([...])`, which the MCP SDK serialized to a bare-array JSON Schema value (e.g. `[{"type":"integer"}, {"type":"integer"}]`). GitHub Copilot Chat enforces strict JSON Schema validation and rejected the entire `ql-mcp` server with `"... is not of type 'object', 'boolean'"`. Both parameters now use `z.object({ start, end })` so they serialize to a valid `type: "object"` JSON Schema. Tool callers must now pass `{ "lineRange": { "start": 1, "end": 10 } }` instead of `{ "lineRange": [1, 10] }`. ([#263](https://github.com/advanced-security/codeql-development-mcp-server/pull/263))
- **C# `PrintCFG` query failed to compile against `codeql/csharp-all` 6.0.0** — The legacy `ControlFlow::Node` namespace was removed by the new pack; the query now uses `ControlFlowNode` directly and the `PrintCFG.expected` baseline has been regenerated against the new CFG (`Entry` / `Normal Exit` / `Exit` markers and explicit `Before <expr>` nodes). The Java `PrintCFG.expected` baseline was also re-generated to absorb a deterministic node-ordering change in CodeQL CLI v2.25.4 (same nodes and edges, reordered). ([#272](https://github.com/advanced-security/codeql-development-mcp-server/pull/272))

### Dependencies

- Upgraded CodeQL CLI dependency to v2.25.4 and synchronized all `ql-mcp-*` pack dependencies to the matching upstream library packs. ([#272](https://github.com/advanced-security/codeql-development-mcp-server/pull/272))
- Bumped `hono` from 4.12.14 to 4.12.18. ([#273](https://github.com/advanced-security/codeql-development-mcp-server/pull/273))

### Changed

#### Infrastructure & CI/CD

- Tightened `on.paths` triggers for the `build-server`, `build-and-test-client`, and `build-and-test-extension` workflows so unrelated changes no longer re-run the matrix builds. ([#274](https://github.com/advanced-security/codeql-development-mcp-server/pull/274))

**Full Changelog**: [`v2.25.2...v2.25.4`](https://github.com/advanced-security/codeql-development-mcp-server/compare/v2.25.2...v2.25.4)

---

## [v2.25.2] — 2026-04-15

Expand Down Expand Up @@ -448,7 +478,8 @@ _Initial public release of the CodeQL Development MCP Server._

<!-- Link definitions -->

[Unreleased]: https://github.com/advanced-security/codeql-development-mcp-server/compare/v2.25.2...HEAD
[Unreleased]: https://github.com/advanced-security/codeql-development-mcp-server/compare/v2.25.4...HEAD
[v2.25.4]: https://github.com/advanced-security/codeql-development-mcp-server/releases/tag/v2.25.4
[v2.25.2]: https://github.com/advanced-security/codeql-development-mcp-server/releases/tag/v2.25.2
[v2.25.1]: https://github.com/advanced-security/codeql-development-mcp-server/releases/tag/v2.25.1
[v2.25.0]: https://github.com/advanced-security/codeql-development-mcp-server/releases/tag/v2.25.0
Expand Down
2 changes: 1 addition & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ A comprehensive [Model Context Protocol (MCP)](https://modelcontextprotocol.io/)
## Features

- **Comprehensive Tool Suite** - Wraps CodeQL CLI commands for query compilation, execution, testing, and database operations
- **Multi-Language Support** - Supports CodeQL query development for 9 languages including Python, JavaScript, Java, C/C++, and more
- **Multi-Language Support** - Supports CodeQL query development for 10 languages including Python, JavaScript, Java, C/C++, Rust, Swift, and more
- **AI-Optimized Prompts** - Built-in prompts and resources that guide AI assistants through CodeQL development workflows
- **Test-Driven Development** - Integrated testing tools for validating query accuracy with expected results
- **Flexible Transport** - Supports both stdio and HTTP transport modes for different integration scenarios
Expand Down
4 changes: 2 additions & 2 deletions docs/ql-mcp/prompts.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,8 @@

## Overview

The server provides **11 prompts** that guide AI assistants through common CodeQL development workflows. Each prompt is backed by a `*.prompt.md` file containing structured instructions.
The server provides **15 prompts** that guide AI assistants through common CodeQL development workflows. Each prompt is backed by a `*.prompt.md` file containing structured instructions.

> **Authoritative reference**: The MCP-served resource at `codeql://server/prompts` ([`server/src/resources/server-prompts.md`](../../server/src/resources/server-prompts.md)) is the canonical documentation for prompts. Update that file when adding, removing, or changing any prompt.

For the complete prompt reference (all 11 prompts with descriptions and categories), see [`server/src/resources/server-prompts.md`](../../server/src/resources/server-prompts.md).
For the complete prompt reference (all 15 prompts with descriptions and categories), see [`server/src/resources/server-prompts.md`](../../server/src/resources/server-prompts.md).
Comment on lines +7 to +11
27 changes: 15 additions & 12 deletions docs/ql-mcp/resources.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,14 +4,15 @@

## Overview

The server exposes **10 static resources** and a set of **dynamic per-language resources** that supply AI assistants with CodeQL reference material. Resources are read-only and backed by `.md` files bundled with the server.
The server exposes **11 static resources** and a set of **dynamic per-language resources** that supply AI assistants with CodeQL reference material. Resources are read-only and backed by `.md` files bundled with the server.

## Static Resources

| Resource | URI | Description |
| ------------------------------ | --------------------------------------------- | --------------------------------------------------------------------------------- |
| CodeQL Query Basics | `codeql://learning/query-basics` | QL query writing reference: syntax, metadata, patterns, testing |
| CodeQL Test-Driven Development | `codeql://learning/test-driven-development` | TDD theory and workflow for developing CodeQL queries |
| CodeQL Data Extensions | `codeql://learning/data-extensions` | Models-as-Data (MaD) overview: YAML model formats, extensible predicates, layout |
| CodeQL Performance Patterns | `codeql://patterns/performance` | Performance profiling and optimization for CodeQL queries |
| CodeQL Server Overview | `codeql://server/overview` | MCP server orientation guide: tools, prompts, resources, and workflows |
| CodeQL Server Prompts | `codeql://server/prompts` | Complete reference of MCP prompts for CodeQL development workflows |
Expand All @@ -25,21 +26,23 @@ The server exposes **10 static resources** and a set of **dynamic per-language r

Each supported language can expose one or more of the following resource types under the URI pattern `codeql://languages/{language}/{type}`:

| Language | AST Reference | Security Patterns | Additional |
| ---------- | :-----------: | :---------------: | ----------------------------------------- |
| actions | ✓ | | |
| cpp | ✓ | ✓ | |
| csharp | ✓ | ✓ | |
| go | ✓ | ✓ | dataflow, library-modeling, basic-queries |
| java | ✓ | | |
| javascript | ✓ | ✓ | |
| python | ✓ | ✓ | |
| ruby | ✓ | | |
| Language | AST Reference | Security Patterns | Library Modeling | Additional |
| ---------- | :-----------: | :---------------: | :--------------: | ------------------------ |
| actions | ✓ | | | |
| cpp | ✓ | ✓ | ✓ | |
| csharp | ✓ | ✓ | ✓ | |
| go | ✓ | ✓ | ✓ | dataflow, basic-queries |
| java | ✓ | | ✓ | |
| javascript | ✓ | ✓ | ✓ | |
| python | ✓ | ✓ | ✓ | |
| ruby | ✓ | | ✓ | |
| rust | ✓ | | ✓ | |
| swift | | | ✓ | |

### Resource Types

- **AST Reference** (`codeql://languages/{language}/ast`) — CodeQL AST class reference for the language, describing how source constructs map to QL classes.
- **Security Patterns** (`codeql://languages/{language}/security`) — Security query patterns and framework modeling guidance.
- **Library Modeling** (`codeql://languages/{language}/library-modeling`) — Language-specific guide for authoring CodeQL data extensions (Models-as-Data) for third-party libraries. Registered for every CodeQL language that supports MaD upstream (`cpp`, `csharp`, `go`, `java`, `javascript`, `python`, `ruby`, `rust`, `swift`).
- **Dataflow** (`codeql://languages/go/dataflow`) — Guide to using the CodeQL dataflow library.
- **Library Modeling** (`codeql://languages/go/library-modeling`) — Guide to modeling third-party libraries for CodeQL analysis.
- **Basic Queries** (`codeql://languages/go/basic-queries`) — Introductory query examples for the language.
Loading