advanced-security
diff --git a/‎.codeql-version‎
Lines changed: 1 addition & 0 deletions b/‎.codeql-version‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎.devcontainer/devcontainer.json‎
Lines changed: 17 additions & 0 deletions b/‎.devcontainer/devcontainer.json‎
Lines changed: 17 additions & 0 deletions
diff --git a/‎.github/ISSUE_TEMPLATE/codeql-workshop-request.yml‎
Lines changed: 146 additions & 0 deletions b/‎.github/ISSUE_TEMPLATE/codeql-workshop-request.yml‎
Lines changed: 146 additions & 0 deletions
diff --git a/‎.github/ISSUE_TEMPLATE/mcp-integration-testing-improvement.yml‎
Lines changed: 162 additions & 0 deletions b/‎.github/ISSUE_TEMPLATE/mcp-integration-testing-improvement.yml‎
Lines changed: 162 additions & 0 deletions
@@ -0,0 +1 @@
+v2.23.9
@@ -0,0 +1,17 @@
+{
+  "image": "mcr.microsoft.com/devcontainers/typescript-node:22",
+  "customizations": {
+    "vscode": {
+      "extensions": [
+        "github.vscode-github-actions",
+        "github.vscode-codeql",
+        "ms-vscode.cpptools"
+      ],
+      "settings": {
+        "codeQL.runningQueries.memory": 2048,
+        "terminal.integrated.defaultProfile.linux": "bash"
+      }
+    }
+  },
+  "postCreateCommand": "npm install"
+}
@@ -0,0 +1,146 @@
+name: CodeQL Workshop Request
+description: Request creation of a custom CodeQL query development workshop from a production query
+title: '[Workshop] Create workshop for: '
+labels: ['workshop', 'learning']
+assignees:
+  - ''
+
+body:
+  - type: markdown
+    attributes:
+      value: |
+        ## CodeQL Workshop Request
+
+        Request a custom CodeQL query development workshop to be created from an existing production-grade query.
+        The workshop will teach developers how to build the query incrementally using test-driven development.
+
+  - type: input
+    id: workshop-name
+    attributes:
+      label: Workshop Name
+      description: Short name for the workshop (e.g., "dataflow-analysis-cpp", "find-sql-injection-java")
+      placeholder: 'dataflow-analysis-cpp'
+    validations:
+      required: true
+
+  - type: textarea
+    id: source-query
+    attributes:
+      label: Source Query
+      description: |
+        Provide either:
+        - The full content of the production-ready CodeQL query (.ql file)
+        - A public URL to the query file (e.g., GitHub raw URL)
+
+        This should be a complete, tested query that you want to teach developers how to build.
+      placeholder: |
+        /**
+         * @name Find unsafe pointer dereference
+         * @description Detects pointer dereferences that may be null
+         * @kind problem
+         * @id cpp/null-pointer-dereference
+         */
+
+        import cpp
+
+        from PointerDereferenceExpr deref
+        where ...
+        select deref, "Potential null pointer dereference"
+    validations:
+      required: true
+
+  - type: textarea
+    id: source-query-tests
+    attributes:
+      label: Source Query Unit Tests
+      description: |
+        Provide either:
+        - The full content of test files (.qlref, .expected, test source code)
+        - A public URL to the test directory
+        - A description of test cases if tests don't exist yet
+
+        Tests are essential for validating the workshop exercises and solutions.
+      placeholder: |
+        test.cpp:
+        ```cpp
+        void unsafe() {
+          int* ptr = nullptr;
+          *ptr = 42; // Should detect
+        }
+        ```
+
+        test.expected:
+        ```
+        | file     | line | col | endLine | endCol | message |
+        | test.cpp | 3    | 3   | 3       | 6      | Potential null pointer dereference |
+        ```
+    validations:
+      required: true
+
+  - type: dropdown
+    id: target-language
+    attributes:
+      label: Target Language
+      description: What programming language does this query analyze?
+      options:
+        - C/C++
+        - C#
+        - Go
+        - Java
+        - JavaScript/TypeScript
+        - Python
+        - Ruby
+    validations:
+      required: true
+
+  - type: dropdown
+    id: complexity
+    attributes:
+      label: Query Complexity
+      description: How complex is the source query?
+      options:
+        - Simple (syntactic analysis only)
+        - Moderate (includes control/data flow)
+        - Complex (advanced dataflow, multiple stages)
+    validations:
+      required: true
+
+  - type: textarea
+    id: learning-goals
+    attributes:
+      label: Learning Goals
+      description: What should developers learn from this workshop?
+      placeholder: |
+        - How to identify pointer dereferences using AST analysis
+        - How to track null values through control flow
+        - How to use data flow to connect null assignments to dereferences
+        - How to eliminate false positives with proper guards
+    validations:
+      required: true
+
+  - type: input
+    id: expected-stages
+    attributes:
+      label: Expected Number of Stages
+      description: How many incremental stages should the workshop have? (4-8 recommended)
+      placeholder: '5'
+    validations:
+      required: false
+
+  - type: textarea
+    id: target-audience
+    attributes:
+      label: Target Audience
+      description: Who is this workshop for? What's their current CodeQL experience level?
+      placeholder: 'Software engineers with basic C++ knowledge but new to CodeQL. Need to learn dataflow analysis.'
+    validations:
+      required: false
+
+  - type: textarea
+    id: additional-context
+    attributes:
+      label: Additional Context
+      description: Any other information that would help create an effective workshop?
+      placeholder: 'This query is based on a real vulnerability we found in production. We want the workshop to focus on practical detection techniques.'
+    validations:
+      required: false
@@ -0,0 +1,162 @@
+name: Integration Testing Improvement for MCP Server Primitives
+
+description: Request improvements to integration testing for MCP server primitives (tools/resources)
+
+title: '[Integration Testing]: '
+labels: ['enhancement', 'mcp-server', 'testing']
+assignees: []
+
+body:
+  - type: markdown
+    attributes:
+      value: |
+        > **🧪 Created from issue template:** `.github/ISSUE_TEMPLATE/mcp-integration-testing-improvement.yml`
+
+        This template helps you request improvements to integration testing for MCP server primitives (especially tool primitives).
+
+        Please provide examples of file contents expected (1) before and (2) after calling a given MCP server primitive, and any links or references to relevant files or test cases.
+
+        Once this issue is accepted and assigned, open a pull request using the PR template: `mcp-integration-testing-improvement`.
+
+        ✅ Scope Limitation: The corresponding PR MUST only modify files under `client/integration-tests/**` (plus this issue template or the PR template only if absolutely required). Changes outside that path will be asked to split into another PR.
+
+  - type: input
+    id: primitive-name
+    attributes:
+      label: Primitive Name
+      description: Name of the MCP server primitive (tool/resource) needing improved integration testing
+      placeholder: 'e.g., validate_codeql_query, update_resource_file'
+    validations:
+      required: true
+
+  - type: dropdown
+    id: primitive-type
+    attributes:
+      label: Primitive Type
+      description: What type of primitive is this?
+      options:
+        - Tool (Interactive function)
+        - Resource (Static content)
+        - Prompt (Dynamic prompt content)
+        - Combination (Multiple types together)
+      default: 0
+    validations:
+      required: true
+
+  - type: textarea
+    id: integration-test-gaps
+    attributes:
+      label: Integration Test Gaps
+      description: Describe the current gaps or limitations in integration testing for this primitive
+      placeholder: 'Current integration tests do not cover X, or fail to check Y...'
+    validations:
+      required: true
+
+  - type: textarea
+    id: improvement-suggestion
+    attributes:
+      label: Improvement Suggestion
+      description: Describe the desired improvement to integration testing
+      placeholder: 'Integration tests should be updated to cover Z, or include checks for W...'
+    validations:
+      required: true
+
+  - type: textarea
+    id: before-content
+    attributes:
+      label: Example File Content(s) Before (One or Many Files)
+      description: Provide one or more file states BEFORE invoking the primitive. You can supply links and/or inline snippets. For multiple files, list each as a fenced block preceded by a header line.
+      placeholder: |
+        You may list multiple files. Suggested structure:
+
+        file: path/to/fileA.ext (optional link)
+        ```lang
+        <contents before>
+        ```
+
+        file: path/to/fileB.ext
+        ```
+        <contents before>
+        ```
+
+        Or just provide links:
+        - https://github.com/org/repo/blob/sha/path/to/fileA.ext
+        - https://github.com/org/repo/blob/sha/path/to/fileB.ext
+    validations:
+      required: false
+
+  - type: textarea
+    id: after-content
+    attributes:
+      label: Example File Content(s) After (Match Each Before)
+      description: Provide corresponding AFTER states. Keep ordering aligned with the before list for clarity.
+      placeholder: |
+        Match each BEFORE entry:
+
+        file: path/to/fileA.ext (after)
+        ```lang
+        <contents after>
+        ```
+
+        file: path/to/fileB.ext (after)
+        ```
+        <contents after>
+        ```
+
+        If unchanged, note: (no change)
+    validations:
+      required: false
+
+  - type: textarea
+    id: test-scenarios
+    attributes:
+      label: Test Scenarios
+      description: Specific scenarios that should be tested to validate the integration improvement
+      placeholder: |
+        List scenarios or cases that should be covered by improved integration tests.
+    validations:
+      required: false
+
+  - type: textarea
+    id: references
+    attributes:
+      label: References
+      description: Links to related issues, documentation, or examples
+      placeholder: 'e.g., GitHub issue #123, MCP docs, CodeQL examples'
+    validations:
+      required: false
+
+  - type: dropdown
+    id: priority-level
+    attributes:
+      label: Priority Level
+      description: How urgent is this improvement?
+      options:
+        - Critical (Blocking key functionality)
+        - High (Major workflow improvement)
+        - Medium (Important but not urgent)
+        - Low (Minor enhancement)
+      default: 2
+    validations:
+      required: true
+
+  - type: checkboxes
+    id: terms
+    attributes:
+      label: Code of Conduct
+      description: By submitting this issue, you agree to follow our Code of Conduct
+      options:
+        - label: I agree to follow this project's Code of Conduct
+
+  - type: checkboxes
+    id: integration-tests-requirements
+    attributes:
+      label: Integration Test Requirements Acknowledgement
+      description: Confirm you have reviewed and will follow the integration test requirements (structure, before/after, determinism, no binaries).
+      options:
+        - label: I reviewed client/integration-tests/README.md
+        - label: I will follow directory structure under client/integration-tests/primitives/tools/
+        - label: Each test will have clear before/after matching files
+        - label: No binary or non-diffable files will be added
+        - label: Tests will be deterministic and focused on a single primitive
+        - label: I will run npm run lint:fix and npm run build-and-test before requesting review