address PR review comments for prompt path handling

- Treat path traversal as hard failure: return blocked=true with empty
  resolvedPath instead of leaking the outside-root absolute path
- Handle file:// URIs in resolvePromptFilePath via fileURLToPath so all
  callers (queryPath, workspaceUri, etc.) get consistent URI handling
- Replace synchronous existsSync with async fs/promises.access to avoid
  blocking the event loop on the prompt hot path
- Fix integration test success condition to fail when no tests executed
- Make VS Code e2e invalid-language test deterministic (assert inline
  validation instead of accepting both throw and inline error)
- Fix misleading test name "should return the original path" to match
  actual behavior (resolves relative to workspace root)

Author: data-douser

client/src/lib/integration-test-runner.js

@@ -246,11 +246,15 @@ export class IntegrationTestRunner {
         );
       }
 
-      return (
-        (totalIntegrationTests > 0 || workflowIntegrationSucceeded || promptIntegrationSucceeded) &&
-        workflowIntegrationSucceeded &&
-        promptIntegrationSucceeded
-      );
+      if (totalIntegrationTests === 0) {
+        this.logger.log(
+          "No integration tests were executed across tool, workflow, or prompt suites.",
+          "ERROR"
+        );
+        return false;
+      }
+
+      return workflowIntegrationSucceeded && promptIntegrationSucceeded;
     } catch (error) {
       this.logger.log(`Error running integration tests: ${error.message}`, "ERROR");
       return false;

extensions/vscode/test/suite/mcp-prompt-e2e.integration.test.ts

@@ -177,34 +177,26 @@ suite('MCP Prompt Error Handling Integration Tests', () => {
     this.timeout(15_000);
 
     // VS Code slash command might let a user type an invalid language value.
-    // The server should return a helpful error message rather than a raw
-    // MCP protocol error (-32602).
-    try {
-      const result = await client.getPrompt({
-        name: 'explain_codeql_query',
-        arguments: {
-          queryPath: '/some/query.ql',
-          language: 'rust',
-        },
-      });
+    // The server should return a helpful inline validation message rather than
+    // a raw MCP protocol error (-32602), and client.getPrompt() should not throw.
+    const result = await client.getPrompt({
+      name: 'explain_codeql_query',
+      arguments: {
+        queryPath: '/some/query.ql',
+        language: 'rust',
+      },
+    });
 
-      // If the server returns messages instead of throwing, the error info
-      // should be embedded in the response text.
-      const text = getFirstMessageText(result);
-      assert.ok(
-        text.includes('Invalid') || text.includes('invalid') || text.includes('not supported'),
-        `Response should indicate the language is invalid. Got:\n${text.slice(0, 500)}`,
-      );
-      console.log('[mcp-prompt-e2e] explain_codeql_query returned inline error for invalid language');
-    } catch (error: unknown) {
-      // If the SDK throws, verify the error message is user-friendly.
-      const msg = error instanceof Error ? error.message : String(error);
-      assert.ok(
-        msg.includes('Invalid') || msg.includes('invalid') || msg.includes('language'),
-        `Error should mention invalid argument. Got: ${msg.slice(0, 500)}`,
-      );
-      console.log(`[mcp-prompt-e2e] explain_codeql_query threw for invalid language: ${msg.slice(0, 200)}`);
-    }
+    const text = getFirstMessageText(result);
+
+    // The error info should be embedded in the response text, including clear
+    // indication that the input was invalid and what options are allowed.
+    assert.ok(
+      text.includes('Invalid input for') && text.includes('javascript'),
+      `Response should indicate the language is invalid and show allowed options. Got:\n${text.slice(0, 500)}`,
+    );
+
+    console.log('[mcp-prompt-e2e] explain_codeql_query returned inline validation error for invalid language');
   });
 
   // ─────────────────────────────────────────────────────────────────────