Migrate external to extensible predicates w/ dataExtensions

Replace `external string` declarations with `extensible predicate` syntax
across all 8 languages, enabling YAML-based data extensions for testing
instead of fragile fallback hacks.

Architecture:
- Add ExternalPredicates.qll per language with shared extensible predicate
  declarations (sourceFunction, targetFunction, selectedSourceFiles)
- Add dataExtensions YAML files in test/*/ext/ directories providing
  test values for each query's external predicates
- Add dataExtensions glob to all test pack codeql-pack.yml files
- Remove all "Fallback for unit tests" or clauses from queries

This means:
- Tests now exercise the actual external predicate logic path
- No more path-based hacks (getParentContainer().getBaseName() = "test")
- CallGraphFromTo tests produce precise source→target results
- New queries only need a .model.yml file, not query modifications

Author: data-douser

.prettierignore

@@ -17,5 +17,6 @@ extensions/vscode/test/fixtures/
 node_modules
 query-results*
 server/dist/
+server/ql/*/tools/test/*
 workshops/
 

server/dist/codeql-development-mcp-server.js

@@ -57226,65 +57226,72 @@ function registerCLITool(server, definition) {
             } else if (query) {
               positionalArgs = [...positionalArgs, query];
             }
-            if (queryName === "PrintAST" && sourceFiles) {
+            const extensiblePredicates = {};
+            if ((queryName === "PrintAST" || queryName === "PrintCFG") && sourceFiles) {
               const filePaths = sourceFiles.split(",").map((f) => f.trim());
-              let tempDir;
-              let csvPath;
-              try {
-                tempDir = createProjectTempDir("codeql-external-");
-                tempDirsToCleanup.push(tempDir);
-                csvPath = join6(tempDir, "selectedSourceFiles.csv");
-                const csvContent = filePaths.join("\n") + "\n";
-                writeFileSync2(csvPath, csvContent, "utf8");
-              } catch (err) {
-                logger.error(`Failed to create external predicate CSV for PrintAST query at path ${csvPath || "[unknown]"}: ${err instanceof Error ? err.message : String(err)}`);
-                throw err;
-              }
-              const currentExternal = options.external || [];
-              const externalArray = Array.isArray(currentExternal) ? currentExternal : [currentExternal];
-              externalArray.push(`selectedSourceFiles=${csvPath}`);
-              options.external = externalArray;
-              logger.info(`Created external predicate CSV at ${csvPath} for files: ${filePaths.join(", ")}`);
+              extensiblePredicates["selectedSourceFiles"] = filePaths;
             }
-            if (queryName === "CallGraphFrom" && sourceFunction) {
+            if (sourceFunction) {
               const functionNames = sourceFunction.split(",").map((f) => f.trim());
-              let tempDir;
-              let csvPath;
-              try {
-                tempDir = createProjectTempDir("codeql-external-");
-                tempDirsToCleanup.push(tempDir);
-                csvPath = join6(tempDir, "sourceFunction.csv");
-                const csvContent = functionNames.join("\n") + "\n";
-                writeFileSync2(csvPath, csvContent, "utf8");
-              } catch (err) {
-                logger.error(`Failed to create external predicate CSV for CallGraphFrom query at path ${csvPath || "[unknown]"}: ${err instanceof Error ? err.message : String(err)}`);
-                throw err;
-              }
-              const currentExternal = options.external || [];
-              const externalArray = Array.isArray(currentExternal) ? currentExternal : [currentExternal];
-              externalArray.push(`sourceFunction=${csvPath}`);
-              options.external = externalArray;
-              logger.info(`Created external predicate CSV at ${csvPath} for functions: ${functionNames.join(", ")}`);
+              extensiblePredicates["sourceFunction"] = functionNames;
             }
-            if (queryName === "CallGraphTo" && targetFunction) {
+            if (targetFunction) {
               const functionNames = targetFunction.split(",").map((f) => f.trim());
-              let tempDir;
-              let csvPath;
-              try {
-                tempDir = createProjectTempDir("codeql-external-");
-                tempDirsToCleanup.push(tempDir);
-                csvPath = join6(tempDir, "targetFunction.csv");
-                const csvContent = functionNames.join("\n") + "\n";
-                writeFileSync2(csvPath, csvContent, "utf8");
-              } catch (err) {
-                logger.error(`Failed to create external predicate CSV for CallGraphTo query at path ${csvPath || "[unknown]"}: ${err instanceof Error ? err.message : String(err)}`);
-                throw err;
+              extensiblePredicates["targetFunction"] = functionNames;
+            }
+            if (Object.keys(extensiblePredicates).length > 0) {
+              let targetPackName;
+              if (_queryLanguage) {
+                targetPackName = `advanced-security/ql-mcp-${_queryLanguage}-tools-src`;
+              } else if (query && typeof query === "string") {
+                const match = query.match(/\/ql\/([^/]+)\/tools\/src\//);
+                if (match) {
+                  targetPackName = `advanced-security/ql-mcp-${match[1]}-tools-src`;
+                }
+              }
+              if (targetPackName) {
+                try {
+                  const extPackDir = createProjectTempDir("codeql-ext-pack-");
+                  tempDirsToCleanup.push(extPackDir);
+                  const qlpackContent = [
+                    "library: true",
+                    "name: advanced-security/ql-mcp-runtime-extensions",
+                    "version: 0.0.0",
+                    "extensionTargets:",
+                    `  ${targetPackName}: "*"`,
+                    "dataExtensions:",
+                    '  - "ext/*.model.yml"',
+                    ""
+                  ].join("\n");
+                  writeFileSync2(join6(extPackDir, "qlpack.yml"), qlpackContent, "utf8");
+                  const extDir = join6(extPackDir, "ext");
+                  mkdirSync5(extDir, { recursive: true });
+                  const extensions = ["extensions:"];
+                  for (const [predName, values] of Object.entries(extensiblePredicates)) {
+                    extensions.push("  - addsTo:");
+                    extensions.push(`      pack: ${targetPackName}`);
+                    extensions.push(`      extensible: ${predName}`);
+                    extensions.push("    data:");
+                    for (const val of values) {
+                      extensions.push(`      - ["${val}"]`);
+                    }
+                  }
+                  extensions.push("");
+                  writeFileSync2(join6(extDir, "runtime.model.yml"), extensions.join("\n"), "utf8");
+                  const existingPacks = options["additional-packs"];
+                  options["additional-packs"] = existingPacks ? `${existingPacks}:${extPackDir}` : extPackDir;
+                  const modelPacks = options["model-packs"];
+                  const modelPacksArray = Array.isArray(modelPacks) ? modelPacks : [];
+                  modelPacksArray.push("advanced-security/ql-mcp-runtime-extensions@*");
+                  options["model-packs"] = modelPacksArray;
+                  logger.info(`Created runtime extension pack at ${extPackDir} targeting ${targetPackName} with predicates: ${Object.keys(extensiblePredicates).join(", ")}`);
+                } catch (err) {
+                  logger.error(`Failed to create runtime extension pack: ${err instanceof Error ? err.message : String(err)}`);
+                  throw err;
+                }
+              } else {
+                logger.warn("Could not determine target pack name for extensible predicates \u2014 queryLanguage not set and query path does not match expected pattern");
               }
-              const currentExternal = options.external || [];
-              const externalArray = Array.isArray(currentExternal) ? currentExternal : [currentExternal];
-              externalArray.push(`targetFunction=${csvPath}`);
-              options.external = externalArray;
-              logger.info(`Created external predicate CSV at ${csvPath} for functions: ${functionNames.join(", ")}`);
             }
             break;
           }
@@ -57348,7 +57355,8 @@ function registerCLITool(server, definition) {
           const defaultExamplesPath = resolve4(packageRootDir, "ql", "javascript", "examples");
           const additionalPacksPath = process.env.CODEQL_ADDITIONAL_PACKS || (existsSync4(defaultExamplesPath) ? defaultExamplesPath : void 0);
           if (additionalPacksPath && (name === "codeql_test_run" || name === "codeql_query_run" || name === "codeql_query_compile" || name === "codeql_database_analyze")) {
-            options["additional-packs"] = additionalPacksPath;
+            const existingAdditionalPacks = options["additional-packs"];
+            options["additional-packs"] = existingAdditionalPacks ? `${existingAdditionalPacks}:${additionalPacksPath}` : additionalPacksPath;
           }
           if (name === "codeql_test_run") {
             options["keep-databases"] = true;

server/dist/codeql-development-mcp-server.js.map

@@ -8,17 +8,14 @@
  */
 
 import cpp
-
-/**
- * Gets the source function name for which to generate the call graph.
- * Can be a single function name or comma-separated list of function names.
- */
-external string sourceFunction();
+import ExternalPredicates
 
 /**
  * Gets a single source function name from the comma-separated list.
  */
-string getSourceFunctionName() { result = sourceFunction().splitAt(",").trim() }
+string getSourceFunctionName() {
+  exists(string s | sourceFunction(s) | result = s.splitAt(",").trim())
+}
 
 /**
  * Gets a function by matching against the selected source function names.
@@ -40,12 +37,5 @@ from FunctionCall call, Function source, Function callee
 where
   call.getTarget() = callee and
   call.getEnclosingFunction() = source and
-  (
-    // Use external predicate if available
-    source = getSourceFunction()
-    or
-    // Fallback for unit tests: include test files
-    not exists(getSourceFunction()) and
-    source.getFile().getParentContainer().getParentContainer().getBaseName() = "test"
-  )
+  source = getSourceFunction()
 select call, "Call from `" + source.getQualifiedName() + "` to `" + callee.getQualifiedName() + "`"

server/ql/cpp/tools/src/CallGraphFrom/CallGraphFrom.ql

@@ -8,28 +8,21 @@
  */
 
 import cpp
-
-/**
- * Gets the source function name for call graph reachability analysis.
- * Can be a single function name or comma-separated list of function names.
- */
-external string sourceFunction();
-
-/**
- * Gets the target function name for call graph reachability analysis.
- * Can be a single function name or comma-separated list of function names.
- */
-external string targetFunction();
+import ExternalPredicates
 
 /**
  * Gets a single source function name from the comma-separated list.
  */
-string getSourceFunctionName() { result = sourceFunction().splitAt(",").trim() }
+string getSourceFunctionName() {
+  exists(string s | sourceFunction(s) | result = s.splitAt(",").trim())
+}
 
 /**
  * Gets a single target function name from the comma-separated list.
  */
-string getTargetFunctionName() { result = targetFunction().splitAt(",").trim() }
+string getTargetFunctionName() {
+  exists(string s | targetFunction(s) | result = s.splitAt(",").trim())
+}
 
 /**
  * Gets a function by matching against the selected source function names.
@@ -74,19 +67,11 @@ from FunctionCall call, Function caller, Function callee
 where
   call.getTarget() = callee and
   call.getEnclosingFunction() = caller and
-  (
-    // Use external predicates if available: show calls on paths from source to target
-    exists(Function source, Function target |
-      source = getSourceFunction() and
-      target = getTargetFunction() and
-      calls*(source, caller) and
-      calls*(callee, target)
-    )
-    or
-    // Fallback for unit tests: include test files
-    not exists(getSourceFunctionName()) and
-    not exists(getTargetFunctionName()) and
-    caller.getFile().getParentContainer().getParentContainer().getBaseName() = "test"
+  exists(Function source, Function target |
+    source = getSourceFunction() and
+    target = getTargetFunction() and
+    calls*(source, caller) and
+    calls*(callee, target)
   )
 select call,
   "Reachable call from `" + caller.getQualifiedName() + "` to `" + callee.getQualifiedName() + "`"

server/ql/cpp/tools/src/CallGraphFromTo/CallGraphFromTo.ql

@@ -8,17 +8,14 @@
  */
 
 import cpp
-
-/**
- * Gets the target function name for which to generate the call graph.
- * Can be a single function name or comma-separated list of function names.
- */
-external string targetFunction();
+import ExternalPredicates
 
 /**
  * Gets a single target function name from the comma-separated list.
  */
-string getTargetFunctionName() { result = targetFunction().splitAt(",").trim() }
+string getTargetFunctionName() {
+  exists(string s | targetFunction(s) | result = s.splitAt(",").trim())
+}
 
 /**
  * Gets a function by matching against the selected target function names.
@@ -40,12 +37,5 @@ from FunctionCall call, Function target, Function caller
 where
   call.getTarget() = target and
   call.getEnclosingFunction() = caller and
-  (
-    // Use external predicate if available
-    target = getTargetFunction()
-    or
-    // Fallback for unit tests: include test files
-    not exists(getTargetFunction()) and
-    target.getFile().getParentContainer().getParentContainer().getBaseName() = "test"
-  )
+  target = getTargetFunction()
 select call, "Call to `" + target.getQualifiedName() + "` from `" + caller.getQualifiedName() + "`"

server/ql/cpp/tools/src/CallGraphTo/CallGraphTo.ql

@@ -0,0 +1,14 @@
+/**
+ * Shared extensible predicate declarations for MCP server tools queries.
+ * Values are provided via dataExtensions YAML files during testing,
+ * or via CSV files at runtime from the MCP server.
+ */
+
+/** Holds for each source function name for call graph analysis. */
+extensible predicate sourceFunction(string name);
+
+/** Holds for each target function name for call graph analysis. */
+extensible predicate targetFunction(string name);
+
+/** Holds for each selected source file path for AST/CFG printing. */
+extensible predicate selectedSourceFiles(string path);

server/ql/cpp/tools/src/ExternalPredicates.qll

@@ -8,17 +8,14 @@
 
 import cpp
 import semmle.code.cpp.PrintAST
-
-/**
- * Gets the source files to generate AST from.
- * Can be a single file path or comma-separated list of file paths.
- */
-external string selectedSourceFiles();
+import ExternalPredicates
 
 /**
  * Gets a single source file from the comma-separated list.
  */
-string getSelectedSourceFile() { result = selectedSourceFiles().splitAt(",").trim() }
+string getSelectedSourceFile() {
+  exists(string s | selectedSourceFiles(s) | result = s.splitAt(",").trim())
+}
 
 /**
  * Gets a file by matching against the selected source file paths.
@@ -45,12 +42,5 @@ File getSelectedFile() {
  * Falls back to test directory structure when external predicates are not available.
  */
 class Cfg extends PrintAstConfiguration {
-  override predicate shouldPrintDeclaration(Declaration decl) {
-    // Use external predicate if available
-    decl.getFile() = getSelectedFile()
-    or
-    // Fallback for unit tests: include test files
-    not exists(getSelectedFile()) and
-    decl.getFile().getParentContainer().getParentContainer().getBaseName() = "test"
-  }
+  override predicate shouldPrintDeclaration(Declaration decl) { decl.getFile() = getSelectedFile() }
 }

server/ql/cpp/tools/src/PrintAST/PrintAST.ql

@@ -1,3 +1,2 @@
-| Example1.cpp:7:5:7:14 | call to unrelated1 | Call from `unrelated2` to `unrelated1` |
 | Example1.cpp:12:5:12:14 | call to unrelated1 | Call from `sourceFunc` to `unrelated1` |
 | Example1.cpp:13:5:13:14 | call to unrelated2 | Call from `sourceFunc` to `unrelated2` |

server/ql/cpp/tools/test/CallGraphFrom/CallGraphFrom.expected

@@ -1,3 +1,2 @@
-| Example1.cpp:6:5:6:13 | call to unrelated | Reachable call from `target` to `unrelated` |
 | Example1.cpp:10:5:10:10 | call to target | Reachable call from `intermediate` to `target` |
 | Example1.cpp:14:5:14:16 | call to intermediate | Reachable call from `source` to `intermediate` |