diff --git a/.github/instructions/changelog_md.instructions.md b/.github/instructions/changelog_md.instructions.md new file mode 100644 index 00000000..07fdffa8 --- /dev/null +++ b/.github/instructions/changelog_md.instructions.md @@ -0,0 +1,84 @@ +--- +applyTo: 'CHANGELOG.md' +description: 'Instructions for maintaining the CHANGELOG.md file that tracks changes between stable releases.' +--- + +# Copilot Instructions for `CHANGELOG.md` + +## PURPOSE + +This file contains instructions for maintaining the repository-root `CHANGELOG.md`. The changelog is the authoritative, human-readable record of all notable changes between stable (non-pre-release, non-RC) tagged releases, following the [Keep a Changelog](https://keepachangelog.com/en/1.1.0/) format. + +## REQUIREMENTS + +### General + +- ALWAYS follow the [Keep a Changelog v1.1.0](https://keepachangelog.com/en/1.1.0/) specification. +- ALWAYS list only **stable** releases (tags matching `vMAJOR.MINOR.PATCH` with no suffix). NEVER list pre-release or release-candidate tags (e.g., `v2.25.0-rc1`, `v2.24.3-rc2`). +- ALWAYS keep entries in **reverse chronological order** — newest release at the top, oldest at the bottom. +- ALWAYS include the full date in `YYYY-MM-DD` format after the version heading (e.g., `## [v2.25.0] — 2026-03-27`). +- ALWAYS include a `[Unreleased]` section at the top for changes on `main` that have not yet been included in a stable release. +- ALWAYS include reference-style link definitions at the bottom of the file for every version heading and the `[Unreleased]` comparison link. +- ALWAYS link PR numbers in the format `([#NNN](https://github.com/advanced-security/codeql-development-mcp-server/pull/NNN))`. +- ALWAYS link contributor handles in the format `[@username](https://github.com/username)`. +- **ALWAYS run `npm run build-and-test` from the repo root directory and ensure it passes completely before committing any changes.** + +### Section Structure + +Each release entry MUST use the following section hierarchy. Omit any section that has no entries for that release. + +``` +## [vX.Y.Z] — YYYY-MM-DD + +### Highlights ← 2-4 sentence summaries of the most important changes +### Added ← new tools, prompts, resources, queries, VS Code extension features +### Changed ← modifications to existing tools, prompts, resources, infrastructure +### Deprecated ← features marked for future removal +### Removed ← features or tools that were removed +### Fixed ← bug fixes +### Security ← vulnerability fixes or hardening +### Dependencies ← CodeQL CLI upgrades, npm dependency bumps, action version bumps +### New Contributors ← first-time contributors (include only in the release where they first appeared) +``` + +Within `Added` and `Changed`, use sub-headings to group entries by area: + +``` +#### MCP Server Tools +#### MCP Server Prompts +#### MCP Server Resources +#### CodeQL Query Packs +#### VS Code Extension +#### Infrastructure & CI/CD +``` + +### Tables for Tools, Prompts, and Resources + +- ALWAYS use a two-column markdown table (`| Name | Description |`) when listing new or changed MCP server tools, prompts, or resources. +- For changed tools, use a two-column table (`| Tool | Change |`) describing what changed. + +### Full Changelog Link + +- ALWAYS end each release section with a **Full Changelog** comparison link in the format: + ``` + **Full Changelog**: [`vPREV...vCURR`](https://github.com/advanced-security/codeql-development-mcp-server/compare/vPREV...vCURR) + ``` + +### Horizontal Rule + +- ALWAYS separate release entries with a `---` horizontal rule. + +## PREFERENCES + +- PREFER concise, specific descriptions over vague summaries. Name the tool, prompt, or resource affected. +- PREFER grouping related dependency bumps (e.g., multiple `@vitest/*` packages) into a single bullet. +- PREFER the `Highlights` section to summarize the 2-4 most impactful changes for a release, with links to relevant PRs. +- PREFER linking to PRs rather than issues when both exist, since PRs contain the implementation details. + +## CONSTRAINTS + +- NEVER leave any trailing whitespace on any line. +- NEVER include placeholder or TODO content — if a release section is not ready, keep changes under `[Unreleased]` until the release is tagged. +- NEVER duplicate the same change under multiple sections (e.g., do not list the same fix under both `Fixed` and `Changed`). +- NEVER include internal-only or draft PR references that have not been merged to `main`. +- NEVER modify historical release entries unless correcting a factual error (wrong PR number, broken link, etc.). diff --git a/.github/skills/maintain-changelog/SKILL.md b/.github/skills/maintain-changelog/SKILL.md new file mode 100644 index 00000000..aa34ae62 --- /dev/null +++ b/.github/skills/maintain-changelog/SKILL.md @@ -0,0 +1,161 @@ +--- +name: maintain-changelog +description: Maintain the CHANGELOG.md file by drafting or updating entries for new stable releases. Use this skill when preparing a release, after merging significant PRs, or when moving changes from Unreleased to a new version section. +--- + +# Maintain Changelog + +This skill provides a systematic workflow for keeping `CHANGELOG.md` up-to-date as changes land on `main` and when cutting new stable releases. + +## When to Use This Skill + +- **After merging a PR** that adds, changes, removes, or fixes MCP server tools, prompts, resources, CodeQL query packs, VS Code extension features, or infrastructure. +- **When preparing a stable release** (tagging `vMAJOR.MINOR.PATCH` without a pre-release suffix). +- **When reviewing the `[Unreleased]` section** for accuracy before a release candidate or final release. + +## Key Concepts + +### Release Scope + +The changelog tracks changes between **stable releases only** — tags matching `vMAJOR.MINOR.PATCH` with no `-rc*` or other suffix. Pre-release tags are excluded. + +### Section Taxonomy + +Each release entry follows the [Keep a Changelog](https://keepachangelog.com/en/1.1.0/) categories: + +| Section | What goes here | +| -------------------- | --------------------------------------------------------------------- | +| **Highlights** | 2-4 sentence summaries of the most impactful changes, with PR links | +| **Added** | New tools, prompts, resources, query packs, extension features | +| **Changed** | Modifications to existing tools, prompts, resources, infrastructure | +| **Deprecated** | Features marked for future removal | +| **Removed** | Features or tools removed in this release | +| **Fixed** | Bug fixes | +| **Security** | Vulnerability fixes or hardening changes | +| **Dependencies** | CodeQL CLI upgrades, npm dependency bumps, action version bumps | +| **New Contributors** | First-time contributors (only in the release where they first appear) | + +Within `Added` and `Changed`, use sub-headings to group by area: `MCP Server Tools`, `MCP Server Prompts`, `MCP Server Resources`, `CodeQL Query Packs`, `VS Code Extension`, `Infrastructure & CI/CD`. + +### Entry Format + +- Each bullet links to the PR: `- Description of change. ([#NNN](https://github.com/advanced-security/codeql-development-mcp-server/pull/NNN))` +- New or changed tools/prompts/resources use a two-column markdown table. +- Each release ends with: `**Full Changelog**: [\`vPREV...vCURR\`](https://github.com/advanced-security/codeql-development-mcp-server/compare/vPREV...vCURR)` + +## Workflow + +### Phase 1: Gather Changes + +Identify all merged PRs since the last stable release tag. + +```sh +# List PRs merged since the last stable release (replace vPREV with the last stable tag) +git log --oneline --merges vPREV..HEAD +``` + +Alternatively, use the GitHub compare view: + +``` +https://github.com/advanced-security/codeql-development-mcp-server/compare/vPREV...HEAD +``` + +### Phase 2: Classify Each Change + +For each merged PR, determine: + +1. **Which section** it belongs to (Added, Changed, Fixed, Dependencies, etc.) +2. **Which sub-area** it affects (MCP Server Tools, VS Code Extension, Infrastructure, etc.) +3. **Whether it warrants a Highlights mention** (significant user-facing impact) + +Use these heuristics: + +| PR title pattern | Likely section | +| ----------------------------------------- | ------------------------------------------------ | +| `Build(deps)` or `Bump` | Dependencies | +| `Fix` or `Fixes` | Fixed | +| `Add` or `New` or `Implement` | Added | +| `Update` or `Improve` or `Refactor` | Changed | +| `Upgrade CodeQL CLI` | Dependencies + possibly Highlights | +| `[UPDATE PRIMITIVE]` | Changed > MCP Server Tools | +| `Pin actions` or `dependabot` | Changed > Infrastructure & CI/CD or Dependencies | +| `Security` or `TOCTOU` or `vulnerability` | Security | + +### Phase 3: Draft Entries + +1. Open `CHANGELOG.md`. +2. Add entries under the `[Unreleased]` section, grouped by section and sub-area. +3. Use concise, specific descriptions. Name the tool, prompt, or resource affected. +4. Link every entry to its PR number. + +### Phase 4: Cut a Release Entry + +When a stable release is being tagged: + +1. Replace `[Unreleased]` content with a new version heading: + ```markdown + ## [vX.Y.Z] — YYYY-MM-DD + ``` +2. Re-create an empty `[Unreleased]` section above the new entry. +3. Write a `Highlights` section summarizing the 2-4 most important changes. +4. Add a `**Full Changelog**` comparison link at the bottom of the entry. +5. Update the reference-style link definitions at the bottom of the file: + - Add `[vX.Y.Z]: https://github.com/advanced-security/codeql-development-mcp-server/releases/tag/vX.Y.Z` + - Update `[Unreleased]` to compare against the new tag: `https://github.com/advanced-security/codeql-development-mcp-server/compare/vX.Y.Z...HEAD` +6. Add a `---` horizontal rule between the new entry and the previous release. + +### Phase 5: Validate + +1. Verify all PR links resolve correctly. +2. Verify the `[Unreleased]` comparison link points to `vLATEST...HEAD`. +3. Verify no duplicate entries exist across sections. +4. Verify entries are in reverse chronological order. +5. Run `npm run build-and-test` from the repo root to ensure no regressions. + +## Example: Adding an Unreleased Entry + +After merging PR #200 that adds a new `foo_bar` tool: + +```markdown +## [Unreleased] + +### Added + +#### MCP Server Tools + +| Tool | Description | +| --------- | ------------------------- | +| `foo_bar` | Does X for Y, enabling Z. | + +- New `foo_bar` tool for doing X. ([#200](https://github.com/advanced-security/codeql-development-mcp-server/pull/200)) +``` + +## Example: Promoting Unreleased to a New Version + +```markdown +## [Unreleased] + +_Changes on `main` since the latest tagged release that have not yet been included in a stable release._ + +## [v2.26.0] — 2026-04-15 + +### Highlights + +- **New `foo_bar` tool** — ... + +### Added + +... + +**Full Changelog**: [`v2.25.0...v2.26.0`](https://github.com/advanced-security/codeql-development-mcp-server/compare/v2.25.0...v2.26.0) + +--- + +## [v2.25.0] — 2026-03-27 + +... +``` + +## Related Instructions + +- [`.github/instructions/changelog_md.instructions.md`](../../instructions/changelog_md.instructions.md) — Formatting rules applied when editing `CHANGELOG.md`. diff --git a/.github/skills/upgrade-codeql-cli-and-packs/SKILL.md b/.github/skills/upgrade-codeql-cli-and-packs/SKILL.md index 3a7d8528..3c3806d8 100644 --- a/.github/skills/upgrade-codeql-cli-and-packs/SKILL.md +++ b/.github/skills/upgrade-codeql-cli-and-packs/SKILL.md @@ -289,3 +289,4 @@ See [verify-pack-compatibility.sh](verify-pack-compatibility.sh) for automated c - [add-mcp-support-for-new-language](../add-mcp-support-for-new-language/SKILL.md) - Adding support for new CodeQL languages - [validate-ql-mcp-server-tools-queries](../validate-ql-mcp-server-tools-queries/SKILL.md) - Validating tool query functionality +- [maintain-changelog](../maintain-changelog/SKILL.md) - Updating `CHANGELOG.md` when preparing a release diff --git a/.github/workflows/lint-and-format.yml b/.github/workflows/lint-and-format.yml index 99c07c33..7cde85b3 100644 --- a/.github/workflows/lint-and-format.yml +++ b/.github/workflows/lint-and-format.yml @@ -26,7 +26,7 @@ jobs: node-version-file: '.node-version' - name: Lint and Format - Install node dependencies for all workspaces - run: npm ci --workspaces + run: npm ci - name: Lint and Format - Run eslint run: npm run lint @@ -39,3 +39,4 @@ jobs: echo "## Lint and Format Check Summary" >> $GITHUB_STEP_SUMMARY echo "✅ ESLint checks completed on all workspaces" >> $GITHUB_STEP_SUMMARY echo "✅ Prettier format checks completed" >> $GITHUB_STEP_SUMMARY + echo "✅ Markdownlint checks completed" >> $GITHUB_STEP_SUMMARY diff --git a/.markdownlint.yml b/.markdownlint.yml new file mode 100644 index 00000000..2aa994e6 --- /dev/null +++ b/.markdownlint.yml @@ -0,0 +1,15 @@ +# markdownlint configuration +# https://github.com/DavidAnson/markdownlint/blob/main/schema/.markdownlint.yaml +# +# This config is consumed by: +# 1. The repo-maintained `npm run lint:md` script (markdownlint-cli) +# 2. The org-required `markdown-lint.yml` workflow (markdownlint-cli) + +# MD013 - Line length: disabled (handled by prettier) +MD013: false + +# MD024 - Multiple headings with the same content: allow across sections +# Changelogs and release notes intentionally repeat headings like +# "### Added", "### Changed", "#### MCP Server Tools" under each version. +MD024: + siblings_only: true diff --git a/.markdownlintignore b/.markdownlintignore new file mode 100644 index 00000000..de8cb5c5 --- /dev/null +++ b/.markdownlintignore @@ -0,0 +1,16 @@ +node_modules +**/node_modules +server/dist +coverage +server/coverage +extensions/vscode/coverage +extensions/vscode/.vscode-test +extensions/vscode/test/fixtures +server/ql/*/tools/test/* +server/src/prompts/ +server/src/resources/ +workshops +**/*.testproj +client/**/after/ +client/**/before/ +query-results* diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 00000000..da332094 --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,286 @@ +# Changelog + +All notable changes to the **CodeQL Development MCP Server** are documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html) +aligned with the [CodeQL CLI](https://github.com/github/codeql-cli-binaries/releases) +release cadence. + +> **Scope**: Only stable (non-pre-release, non-RC) tagged versions are listed. +> Pre-release and release-candidate tags (e.g., `v2.25.0-rc1`) are omitted. + +## [Unreleased] + +_Changes on `main` since the latest tagged release that have not yet been included in a stable release._ + +## [v2.25.0] — 2026-03-27 + +### Highlights + +- **Duplicated code detection prompts and tools** — New workflow prompts and supporting tools for identifying and reporting duplicated code patterns across CodeQL databases, contributed by [@MichaelRFairhurst](https://github.com/MichaelRFairhurst). ([#109](https://github.com/advanced-security/codeql-development-mcp-server/pull/109)) +- **CallGraphFromTo queries for all supported languages** — Unified call-graph entry-point queries added for every language pack. ([#168](https://github.com/advanced-security/codeql-development-mcp-server/pull/168)) +- **Upgraded CodeQL CLI to v2.25.0** — Full compatibility with the latest CodeQL CLI release. ([#161](https://github.com/advanced-security/codeql-development-mcp-server/pull/161)) + +### Added + +#### MCP Server Tools + +| Tool | Description | +| --------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `check_for_duplicated_code` | Detects duplicated code patterns across CodeQL databases to support the duplicate-code workflow prompts. ([#109](https://github.com/advanced-security/codeql-development-mcp-server/pull/109)) | +| `find_overlapping_queries` | Finds overlapping or redundant CodeQL queries to support the duplicate-code workflow prompts. ([#109](https://github.com/advanced-security/codeql-development-mcp-server/pull/109)) | + +#### MCP Server Prompts + +| Prompt | Description | +| --------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| `check_for_duplicated_code` | Guides agents through finding and reporting duplicated code patterns across a CodeQL database. ([#109](https://github.com/advanced-security/codeql-development-mcp-server/pull/109)) | +| `find_overlapping_queries` | Guides agents through identifying overlapping or redundant CodeQL queries. ([#109](https://github.com/advanced-security/codeql-development-mcp-server/pull/109)) | + +#### CodeQL Query Packs + +| Pack | Description | +| ----------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `CallGraphFromTo` | Unified call-graph entry-point queries added for all supported languages (actions, cpp, csharp, go, java, javascript, python, ruby, swift). ([#168](https://github.com/advanced-security/codeql-development-mcp-server/pull/168)) | + +### Changed + +#### Infrastructure & CI/CD + +- Pinned all GitHub Actions to full-length commit SHAs for supply-chain integrity. ([#190](https://github.com/advanced-security/codeql-development-mcp-server/pull/190)) +- Updated dependabot configuration to group related PRs. ([#191](https://github.com/advanced-security/codeql-development-mcp-server/pull/191)) +- Improved prompt error handling and added relative path support for prompt resolution. ([#153](https://github.com/advanced-security/codeql-development-mcp-server/pull/153)) +- Updated action versions and fixed the build-and-test step in the `update-codeql` workflow. ([#158](https://github.com/advanced-security/codeql-development-mcp-server/pull/158)) +- Added support for a target upgrade version parameter in `update-codeql.yml`. ([#160](https://github.com/advanced-security/codeql-development-mcp-server/pull/160)) + +### Fixed + +- `codeql_database_analyze` `additionalArgs` were silently dropped instead of being forwarded to the CLI. ([#188](https://github.com/advanced-security/codeql-development-mcp-server/pull/188)) + +### Dependencies + +- Upgraded CodeQL CLI dependency to v2.25.0. ([#161](https://github.com/advanced-security/codeql-development-mcp-server/pull/161)) +- Upgraded NodeJS dependencies and rebuilt `server/dist/**`. ([#189](https://github.com/advanced-security/codeql-development-mcp-server/pull/189)) +- Bumped `@vitest/coverage-v8` from 4.0.18 to 4.1.0. ([#141](https://github.com/advanced-security/codeql-development-mcp-server/pull/141)) +- Bumped `softprops/action-gh-release` from 2.5.0 to 2.6.1. ([#146](https://github.com/advanced-security/codeql-development-mcp-server/pull/146)) +- Updated `copilot-setup-steps` and NodeJS dependencies. ([#142](https://github.com/advanced-security/codeql-development-mcp-server/pull/142)) +- Applied `npm audit fix` for NodeJS dependencies. ([#144](https://github.com/advanced-security/codeql-development-mcp-server/pull/144)) +- Upgraded NodeJS dependencies to latest. ([#156](https://github.com/advanced-security/codeql-development-mcp-server/pull/156)) + +**Full Changelog**: [`v2.24.3...v2.25.0`](https://github.com/advanced-security/codeql-development-mcp-server/compare/v2.24.3...v2.25.0) + +--- + +## [v2.24.3] — 2026-03-11 + +### Highlights + +- **Database lock contention fix** — Resolved a critical compatibility issue where `.lock` files created by the `GitHub.vscode-codeql` extension prevented the MCP server from running CLI commands. A new `DatabaseCopier` syncs databases into a managed, lock-free directory under the extension's `globalStorage`. ([#119](https://github.com/advanced-security/codeql-development-mcp-server/pull/119)) +- **New CodeQL search and discovery tools** — Two new tools (`search_ql_code`, `codeql_resolve_files`) eliminate the need for LLMs to use `grep` or shell access for QL code search and file discovery. ([#119](https://github.com/advanced-security/codeql-development-mcp-server/pull/119)) +- **Automatic CodeQL CLI discovery** — The MCP server now automatically finds the CodeQL CLI binary installed by the `GitHub.vscode-codeql` extension off-PATH, using `distribution.json` with a fallback to scanning `distribution*` directories. ([#91](https://github.com/advanced-security/codeql-development-mcp-server/pull/91)) +- **Rewritten MCP resources as actionable LLM-oriented guides** — All static MCP resources rewritten with clearer URIs and actionable content. ([#113](https://github.com/advanced-security/codeql-development-mcp-server/pull/113)) + +### Added + +#### MCP Server Tools + +| Tool | Description | +| ---------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------ | +| `search_ql_code` | Searches QL source code by text or regex pattern across resolved CodeQL packs and workspace folders, returning matched lines with surrounding context. | +| `codeql_resolve_files` | Discovers files by extension or glob pattern within CodeQL databases and packs, enabling LLMs to find source files without CLI dependencies. | + +#### MCP Server Resources + +| URI | Description | +| ------------------------------------------- | ------------------------------------------------------------------------- | +| `codeql://server/overview` | MCP server orientation guide (replaces getting-started.md) | +| `codeql://server/queries` | PrintAST, PrintCFG, CallGraphFrom, CallGraphTo overview | +| `codeql://server/tools` | Complete default tool reference | +| `codeql://server/prompts` | Complete prompt reference | +| `codeql://learning/query-basics` | Practical query writing reference | +| `codeql://learning/test-driven-development` | TDD theory overview with cross-links | +| `codeql://learning/security-queries/*` | Language-specific security query guides (migrated from `.github/skills/`) | + +### Changed + +#### MCP Server Tools + +| Tool | Change | +| -------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `profile_codeql_query_from_logs` | Rewritten with two-tier design: compact inline JSON + line-indexed detail file. Parser now captures RA operations and pipeline-stage tuple progressions. Output is deterministic (no timestamps). Uses streaming async generators for large evaluator logs. | +| `codeql_query_run` | `resolveDatabasePath` helper auto-resolves multi-language database roots and throws on ambiguity instead of silently picking the first candidate. | +| `codeql_database_analyze` | Same `resolveDatabasePath` helper applied for consistent database path resolution. | +| `codeql_resolve_database` | Now probes child directories for databases; uses `resolveDatabasePath` for ambiguity detection. | + +#### MCP Server Prompts & Resources + +- All existing workflow prompts and resources updated to remove `grep`/CLI references in favor of `search_ql_code` and `codeql_resolve_files`. + +#### Infrastructure & CI/CD + +- Added `CODEQL_MCP_TMP_DIR` and `CODEQL_MCP_WORKSPACE_FOLDERS` environment variables for workspace-local scratch directories. ([#119](https://github.com/advanced-security/codeql-development-mcp-server/pull/119)) +- Added query-file-finder contextual hints for missing tests, documentation, and expected results. ([#119](https://github.com/advanced-security/codeql-development-mcp-server/pull/119)) +- Set `ENABLE_MONITORING_TOOLS=false` for client integration tests to avoid CI interference. ([#115](https://github.com/advanced-security/codeql-development-mcp-server/pull/115)) + +### Fixed + +- **Database lock contention with `vscode-codeql`** — `.lock` files created by the `vscode-codeql` query server prevented `codeql_query_run` and `codeql_database_analyze` from executing. A new `DatabaseCopier` syncs databases into a managed lock-free directory. ([#119](https://github.com/advanced-security/codeql-development-mcp-server/pull/119)) +- **Version-bearing files not updated during release** — `update-release-version.sh` now tracks `server/src/codeql-development-mcp-server.ts` (`const VERSION`) alongside all other version files. ([#90](https://github.com/advanced-security/codeql-development-mcp-server/pull/90)) +- **MCP resource content missing at runtime in VSIX** — Embedded MCP resource content at build time via esbuild loader for VSIX compatibility. ([#111](https://github.com/advanced-security/codeql-development-mcp-server/pull/111)) +- **CODEQL_PATH tests failing on Windows CI** — Fixed robust binary search and MSYS2 FIFO skip for `windows-latest`. ([#115](https://github.com/advanced-security/codeql-development-mcp-server/pull/115)) +- **TOCTOU race condition in `search_ql_code`** — Eliminated filesystem race (read-then-check instead of stat-then-read); added symlink cycle detection. ([#119](https://github.com/advanced-security/codeql-development-mcp-server/pull/119)) +- **OOM risk with large files in `search_ql_code`** — Large files (>5 MB) are now streamed line-by-line instead of loaded into memory. ([#119](https://github.com/advanced-security/codeql-development-mcp-server/pull/119)) +- **Transient HTTP 503 in `install-packs.sh`** — Added exponential backoff retry (3 attempts, 10s/20s/40s) for `codeql pack install` to handle GHCR.io rate limits. ([#121](https://github.com/advanced-security/codeql-development-mcp-server/pull/121)) + +### Dependencies + +- Upgraded CodeQL CLI dependency to v2.24.3. ([#114](https://github.com/advanced-security/codeql-development-mcp-server/pull/114)) +- Upgraded NodeJS dependencies to latest available versions. ([#108](https://github.com/advanced-security/codeql-development-mcp-server/pull/108), [#114](https://github.com/advanced-security/codeql-development-mcp-server/pull/114)) +- Bumped `actions/download-artifact` from 7 to 8. ([#94](https://github.com/advanced-security/codeql-development-mcp-server/pull/94)) +- Bumped `actions/upload-artifact` from 6 to 7. ([#93](https://github.com/advanced-security/codeql-development-mcp-server/pull/93)) + +**Full Changelog**: [`v2.24.2...v2.24.3`](https://github.com/advanced-security/codeql-development-mcp-server/compare/v2.24.2...v2.24.3) + +--- + +## [v2.24.2] — 2026-02-24 + +### Highlights + +- **New VS Code extension** — Introduced `advanced-security.vscode-codeql-development-mcp-server`, a VS Code extension distributed as a VSIX archive that bridges the [GitHub CodeQL extension](https://marketplace.visualstudio.com/items?itemName=GitHub.vscode-codeql) and the MCP server. It auto-discovers databases, query results, and MRVA results; bundles the server and all CodeQL tool packs; manages the server lifecycle; and registers an MCP Server Definition Provider. ([#61](https://github.com/advanced-security/codeql-development-mcp-server/pull/61)) +- **Five new MCP server tools** — `list_codeql_databases`, `list_query_run_results`, `list_mrva_run_results`, `profile_codeql_query_from_logs`, and `read_database_source`. ([#61](https://github.com/advanced-security/codeql-development-mcp-server/pull/61), [#70](https://github.com/advanced-security/codeql-development-mcp-server/pull/70)) +- **New FP/FN diagnosis prompt** — `run_query_and_summarize_false_positives` guides agents through running queries and diagnosing precision issues. ([#70](https://github.com/advanced-security/codeql-development-mcp-server/pull/70)) + +### Added + +#### MCP Server Tools + +| Tool | Description | +| -------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `list_codeql_databases` | Discovers CodeQL databases in configured base directories. Returns path, language, CLI version, and creation time for each database. | +| `list_query_run_results` | Lists discovered query run result directories. Returns path, query name, timestamp, language, and available artifacts. Supports filtering by queryName, language, or queryPath. | +| `list_mrva_run_results` | Lists discovered MRVA run results. Returns run ID, timestamp, repositories scanned, analysis status, and available artifacts. | +| `profile_codeql_query_from_logs` | Parses CodeQL query evaluation logs into a performance profile without re-running the query. Works with logs from `codeql query run`, `codeql database analyze`, or `vscode-codeql` query history. | +| `read_database_source` | Reads source file contents directly from a CodeQL database's source archive (`src.zip`) or extracted source directory (`src/`), enabling agents to inspect code at alert locations without the original source tree. | + +#### MCP Server Prompts + +| Prompt | Description | +| ----------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| `run_query_and_summarize_false_positives` | Guides an agent through running a CodeQL query, reading source code from the database archive via `read_database_source`, and diagnosing false positives / false negatives to improve query precision. | + +#### VS Code Extension + +- Initial release of `advanced-security.vscode-codeql-development-mcp-server` VSIX. ([#61](https://github.com/advanced-security/codeql-development-mcp-server/pull/61)) + +### Changed + +#### MCP Server Tools + +| Tool | Change | +| ------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `codeql_bqrs_decode` | Added `text` and `bqrs` output formats, `--result-set` selection, `--sort-key` / `--sort-direction` sorting, `--no-titles` flag, `--entities` column display control, and `--rows` pagination. | +| `codeql_bqrs_info` | Enhanced description with cross-references to related tools and workflow guidance. | +| `codeql_database_analyze` | Improved logging and error messages; auto-creates output directories. | +| `codeql_query_run` | Minor logging improvements. | +| `register_database` | Error objects now chain the original cause for better debugging. | + +#### MCP Server Prompts + +- All existing workflow prompts updated to use `#tool_name` hashtag references (instead of backtick formatting) for tool mentions, improving consistency in VS Code Copilot Chat. +- Prompt templates embedded at build time via esbuild's `loader: { '.md': 'text' }`. + +#### Infrastructure & CI/CD + +- Refactored the release workflow into separate child workflows with isolated deployment environments. ([#45](https://github.com/advanced-security/codeql-development-mcp-server/pull/45)) +- Added a nightly CodeQL CLI update workflow that automates version bumps across all packages. ([#58](https://github.com/advanced-security/codeql-development-mcp-server/pull/58)) +- Added dedicated GitHub Actions workflows for building, testing (with coverage), linting, bundling, and packaging the VS Code extension. ([#61](https://github.com/advanced-security/codeql-development-mcp-server/pull/61)) +- Added `stdio` transport support to the client integration test runner alongside SSE. ([#77](https://github.com/advanced-security/codeql-development-mcp-server/pull/77)) +- Release artifacts now include version strings in filenames (e.g., `codeql-development-mcp-server-v2.24.2.vsix`). ([#81](https://github.com/advanced-security/codeql-development-mcp-server/pull/81)) +- Release workflow uses a concurrency group keyed by version, preventing overlapping releases. ([#81](https://github.com/advanced-security/codeql-development-mcp-server/pull/81)) +- Added `.md` documentation enforcement for all `.ql` tool queries. ([#81](https://github.com/advanced-security/codeql-development-mcp-server/pull/81)) + +### Fixed + +- **VSIX bundle missing server dependencies** — esbuild `external` configuration excluded required Node.js dependencies (`express`, `cors`, `zod`, etc.) from the bundled VSIX, causing runtime failures. ([#71](https://github.com/advanced-security/codeql-development-mcp-server/pull/71)) +- **Prompt templates not found at runtime** — Refactored prompt loading from `readFileSync` to build-time static imports for all deployment scenarios. ([#71](https://github.com/advanced-security/codeql-development-mcp-server/pull/71)) +- **Client integration test timeouts** — Resolved timeout issues in client integration test fixtures that caused flaky CI runs. ([#74](https://github.com/advanced-security/codeql-development-mcp-server/pull/74)) +- **VS Code extension version not tracked in release scripts** — `update-release-version.sh` and nightly CodeQL CLI update workflow now detect and update the version in `extensions/vscode/package.json`. ([#75](https://github.com/advanced-security/codeql-development-mcp-server/pull/75)) +- **VSIX-bundled server pack installation** — Extension now prefers the bundled `server/` directory inside the VSIX for CodeQL pack resolution. ([#81](https://github.com/advanced-security/codeql-development-mcp-server/pull/81)) +- **Error chaining in `register_database`** — All error paths now preserve the original `cause`. ([#61](https://github.com/advanced-security/codeql-development-mcp-server/pull/61)) + +### Dependencies + +- Upgraded CodeQL CLI dependency to v2.24.2. ([#65](https://github.com/advanced-security/codeql-development-mcp-server/pull/65)) +- Bumped `actions/download-artifact` from 6 to 7. ([#49](https://github.com/advanced-security/codeql-development-mcp-server/pull/49)) +- Bumped `dotenv` from 17.2.4 to 17.3.0. ([#54](https://github.com/advanced-security/codeql-development-mcp-server/pull/54)) +- Bumped `eslint` from ^10.0.0 to ^10.0.1 across all packages. ([#75](https://github.com/advanced-security/codeql-development-mcp-server/pull/75)) + +### New Contributors + +- @dependabot\[bot\] made their first contribution in [#49](https://github.com/advanced-security/codeql-development-mcp-server/pull/49) +- [@MichaelRFairhurst](https://github.com/MichaelRFairhurst) made their first contribution in [#70](https://github.com/advanced-security/codeql-development-mcp-server/pull/70) +- @github-actions[bot] made their first contribution in [#65](https://github.com/advanced-security/codeql-development-mcp-server/pull/65) + +**Full Changelog**: [`v2.24.1...v2.24.2`](https://github.com/advanced-security/codeql-development-mcp-server/compare/v2.24.1...v2.24.2) + +--- + +## [v2.24.1] — 2026-02-10 + +### Changed + +- Release preparation and version-bearing file updates. ([#38](https://github.com/advanced-security/codeql-development-mcp-server/pull/38)) + +**Full Changelog**: [`v2.24.0...v2.24.1`](https://github.com/advanced-security/codeql-development-mcp-server/compare/v2.24.0...v2.24.1) + +--- + +## [v2.24.0] — 2026-02-09 + +_Initial public release of the CodeQL Development MCP Server._ + +### Highlights + +- First public release, tested against CodeQL CLI v2.24.0. +- MCP server with tools for running CodeQL queries, decoding BQRS results, analyzing databases, and managing CodeQL packs. +- PrintAST, PrintCFG, CallGraphFrom, and CallGraphTo tool queries for all supported languages (actions, cpp, csharp, go, java, javascript, python, ruby, swift). +- Client integration test suite with SSE transport support. +- `npm`-installable package and tarball release artifacts. + +### Added + +- Core MCP server (`codeql-development-mcp-server`) with SSE and stdio transports. +- CodeQL query execution tools: `codeql_query_run`, `codeql_database_analyze`, `codeql_bqrs_decode`, `codeql_bqrs_info`, `register_database`, `codeql_resolve_database`. +- Tool query packs for all supported languages with PrintAST, PrintCFG, CallGraphFrom, and CallGraphTo queries. +- Client integration test runner (`ql-mcp-client.js`). +- Documentation: `README.md`, `docs/getting-started.md`, `docs/testing.md`, `docs/ql-mcp/tools.md`, `docs/ql-mcp/prompts.md`, `docs/ql-mcp/resources.md`. + +### Fixed + +- **Security: TOCTOU & OS tmp file vulnerabilities** — Fixed time-of-check-time-of-use races and insecure temporary file handling. ([#18](https://github.com/advanced-security/codeql-development-mcp-server/pull/18)) + +### Changed + +- Cross-platform support ensured via CI integration tests on `ubuntu-latest` and `windows-latest`. ([#22](https://github.com/advanced-security/codeql-development-mcp-server/pull/22)) +- Java PrintCFG query excludes exit nodes for deterministic test output. ([#23](https://github.com/advanced-security/codeql-development-mcp-server/pull/23)) +- Dynamic package version resolution and `CODEQL_MCP_TMP_DIR` environment variable support. ([#27](https://github.com/advanced-security/codeql-development-mcp-server/pull/27)) +- Improved MCP server integrations with `codeql execute *-server` servers. ([#29](https://github.com/advanced-security/codeql-development-mcp-server/pull/29)) + +### Dependencies + +- Upgraded CodeQL CLI and dependencies to v2.24.0. ([#31](https://github.com/advanced-security/codeql-development-mcp-server/pull/31)) + +**Full Changelog**: [`v2.23.9...v2.24.0`](https://github.com/advanced-security/codeql-development-mcp-server/compare/v2.23.9...v2.24.0) + +--- + + + +[Unreleased]: https://github.com/advanced-security/codeql-development-mcp-server/compare/v2.25.0...HEAD +[v2.25.0]: https://github.com/advanced-security/codeql-development-mcp-server/releases/tag/v2.25.0 +[v2.24.3]: https://github.com/advanced-security/codeql-development-mcp-server/releases/tag/v2.24.3 +[v2.24.2]: https://github.com/advanced-security/codeql-development-mcp-server/releases/tag/v2.24.2 +[v2.24.1]: https://github.com/advanced-security/codeql-development-mcp-server/releases/tag/v2.24.1 +[v2.24.0]: https://github.com/advanced-security/codeql-development-mcp-server/releases/tag/v2.24.0 diff --git a/package-lock.json b/package-lock.json index 8d11e609..6305e39c 100644 --- a/package-lock.json +++ b/package-lock.json @@ -17,6 +17,7 @@ "eslint": "^10.1.0", "eslint-config-prettier": "^10.1.8", "eslint-plugin-prettier": "^5.5.5", + "markdownlint-cli": "^0.48.0", "prettier": "^3.8.1", "typescript": "^5.9.3", "typescript-eslint": "^8.57.2" @@ -1933,6 +1934,16 @@ "@types/node": "*" } }, + "node_modules/@types/debug": { + "version": "4.1.13", + "resolved": "https://registry.npmjs.org/@types/debug/-/debug-4.1.13.tgz", + "integrity": "sha512-KSVgmQmzMwPlmtljOomayoR89W4FynCAi3E8PPs7vmDVPe84hT+vGPKkJfThkmXs0x0jAaa9U8uW8bbfyS2fWw==", + "dev": true, + "license": "MIT", + "dependencies": { + "@types/ms": "*" + } + }, "node_modules/@types/deep-eql": { "version": "4.0.2", "resolved": "https://registry.npmjs.org/@types/deep-eql/-/deep-eql-4.0.2.tgz", @@ -2007,6 +2018,13 @@ "dev": true, "license": "MIT" }, + "node_modules/@types/katex": { + "version": "0.16.8", + "resolved": "https://registry.npmjs.org/@types/katex/-/katex-0.16.8.tgz", + "integrity": "sha512-trgaNyfU+Xh2Tc+ABIb44a5AYUpicB3uwirOioeOkNPPbmgRNtcWyDeeFRzjPZENO9Vq8gvVqfhaaXWLlevVwg==", + "dev": true, + "license": "MIT" + }, "node_modules/@types/mocha": { "version": "10.0.10", "resolved": "https://registry.npmjs.org/@types/mocha/-/mocha-10.0.10.tgz", @@ -2014,6 +2032,13 @@ "dev": true, "license": "MIT" }, + "node_modules/@types/ms": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/@types/ms/-/ms-2.1.0.tgz", + "integrity": "sha512-GsCCIZDE/p3i96vtEqx+7dBUGXrc7zeSK3wwPHIaRThS+9OhWIXRqzs4d6k1SVU8g91DrNRWxWUGhp5KXQb2VA==", + "dev": true, + "license": "MIT" + }, "node_modules/@types/node": { "version": "25.5.0", "resolved": "https://registry.npmjs.org/@types/node/-/node-25.5.0.tgz", @@ -2073,6 +2098,13 @@ "@types/node": "*" } }, + "node_modules/@types/unist": { + "version": "2.0.11", + "resolved": "https://registry.npmjs.org/@types/unist/-/unist-2.0.11.tgz", + "integrity": "sha512-CmBKiL6NNo/OqgmMn95Fk9Whlp2mtvIv+KNpQKN2F4SjvrEesubTRWGYSg+BnWZOnlCaSTU1sMpsBOzgbYhnsA==", + "dev": true, + "license": "MIT" + }, "node_modules/@types/vscode": { "version": "1.110.0", "resolved": "https://registry.npmjs.org/@types/vscode/-/vscode-1.110.0.tgz", @@ -3432,6 +3464,39 @@ "node": ">=8" } }, + "node_modules/character-entities": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/character-entities/-/character-entities-2.0.2.tgz", + "integrity": "sha512-shx7oQ0Awen/BRIdkjkvz54PnEEI/EjwXDSIZp86/KKdbafHh1Df/RYGBhn4hbe2+uKC9FnT5UCEdyPz3ai9hQ==", + "dev": true, + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/character-entities-legacy": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/character-entities-legacy/-/character-entities-legacy-3.0.0.tgz", + "integrity": "sha512-RpPp0asT/6ufRm//AJVwpViZbGM/MkjQFxJccQRHmISF/22NBtsHqAWmL+/pmkPWoIUJdWyeVleTl1wydHATVQ==", + "dev": true, + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/character-reference-invalid": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/character-reference-invalid/-/character-reference-invalid-2.0.1.tgz", + "integrity": "sha512-iBZ4F4wRbyORVsu0jPV7gXkOsGYjGHPmAyv+HiHG8gi5PtC9KI2j1+v8/tlibRvjoWX027ypmG/n0HtO5t7unw==", + "dev": true, + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, "node_modules/cheerio": { "version": "1.2.0", "resolved": "https://registry.npmjs.org/cheerio/-/cheerio-1.2.0.tgz", @@ -3807,6 +3872,20 @@ "url": "https://github.com/sponsors/sindresorhus" } }, + "node_modules/decode-named-character-reference": { + "version": "1.3.0", + "resolved": "https://registry.npmjs.org/decode-named-character-reference/-/decode-named-character-reference-1.3.0.tgz", + "integrity": "sha512-GtpQYB283KrPp6nRw50q3U9/VfOutZOe103qlN7BPP6Ad27xYnOIWv4lPzo8HCAL+mMZofJ9KEy30fq6MfaK6Q==", + "dev": true, + "license": "MIT", + "dependencies": { + "character-entities": "^2.0.0" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, "node_modules/decompress-response": { "version": "6.0.0", "resolved": "https://registry.npmjs.org/decompress-response/-/decompress-response-6.0.0.tgz", @@ -3830,7 +3909,6 @@ "integrity": "sha512-LOHxIOaPYdHlJRtCQfDIVZtfw/ufM8+rVj649RIHzcm/vGwQRXFt6OPqIFWsm2XEMrNIEtWR64sY1LEKD2vAOA==", "dev": true, "license": "MIT", - "optional": true, "engines": { "node": ">=4.0.0" } @@ -3904,6 +3982,16 @@ "node": ">= 0.8" } }, + "node_modules/dequal": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/dequal/-/dequal-2.0.3.tgz", + "integrity": "sha512-0je+qPKHEMohvfRTCEo3CrPG6cAzAYgmzKyxRiYSSDkS6eGJdyVJm7WaYA5ECaAD9wLB2T4EEeymA5aFVcYXCA==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=6" + } + }, "node_modules/detect-libc": { "version": "2.1.2", "resolved": "https://registry.npmjs.org/detect-libc/-/detect-libc-2.1.2.tgz", @@ -3914,6 +4002,20 @@ "node": ">=8" } }, + "node_modules/devlop": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/devlop/-/devlop-1.1.0.tgz", + "integrity": "sha512-RWmIqhcFf1lRYBvNmr7qTNuyCt/7/ns2jbpp1+PalgE/rDQcBT0fioSMUpJ93irlUhC5hrg4cYqe6U+0ImW0rA==", + "dev": true, + "license": "MIT", + "dependencies": { + "dequal": "^2.0.0" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, "node_modules/diff": { "version": "7.0.0", "resolved": "https://registry.npmjs.org/diff/-/diff-7.0.0.tgz", @@ -5394,6 +5496,32 @@ "node": ">= 0.10" } }, + "node_modules/is-alphabetical": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/is-alphabetical/-/is-alphabetical-2.0.1.tgz", + "integrity": "sha512-FWyyY60MeTNyeSRpkM2Iry0G9hpr7/9kD40mD/cGQEuilcZYS4okz8SN2Q6rLCJ8gbCt6fN+rC+6tMGS99LaxQ==", + "dev": true, + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/is-alphanumerical": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/is-alphanumerical/-/is-alphanumerical-2.0.1.tgz", + "integrity": "sha512-hmbYhX/9MUMF5uh7tOXyK/n0ZvWpad5caBA17GsC6vyuCqaWliRG5K1qS9inmUhEMaOBIW7/whAnSwveW/LtZw==", + "dev": true, + "license": "MIT", + "dependencies": { + "is-alphabetical": "^2.0.0", + "is-decimal": "^2.0.0" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, "node_modules/is-binary-path": { "version": "2.1.0", "resolved": "https://registry.npmjs.org/is-binary-path/-/is-binary-path-2.1.0.tgz", @@ -5407,6 +5535,17 @@ "node": ">=8" } }, + "node_modules/is-decimal": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/is-decimal/-/is-decimal-2.0.1.tgz", + "integrity": "sha512-AAB9hiomQs5DXWcRB1rqsxGUstbRroFOPPVAomNk/3XHR5JyEZChOyTWe2oayKnsSsr/kcGqF+z6yuH6HHpN0A==", + "dev": true, + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, "node_modules/is-docker": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/is-docker/-/is-docker-3.0.0.tgz", @@ -5456,6 +5595,17 @@ "node": ">=0.10.0" } }, + "node_modules/is-hexadecimal": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/is-hexadecimal/-/is-hexadecimal-2.0.1.tgz", + "integrity": "sha512-DgZQp241c8oO6cA1SbTEWiXeoxV42vlcJxgH+B3hi1AiqqKruZR3ZGF8In3fj4+/y/7rHvlOZLZtgJ/4ttYGZg==", + "dev": true, + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, "node_modules/is-inside-container": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/is-inside-container/-/is-inside-container-1.0.0.tgz", @@ -5739,6 +5889,16 @@ "graceful-fs": "^4.1.6" } }, + "node_modules/jsonpointer": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/jsonpointer/-/jsonpointer-5.0.1.tgz", + "integrity": "sha512-p/nXbhSEcu3pZRdkW1OfJhpsVtW1gd4Wa1fnQc9YLiTfAjn0312eMKimbdIQzuZl9aa9xUGaRlP9T/CJE/ditQ==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, "node_modules/jsonwebtoken": { "version": "9.0.3", "resolved": "https://registry.npmjs.org/jsonwebtoken/-/jsonwebtoken-9.0.3.tgz", @@ -5798,6 +5958,33 @@ "safe-buffer": "^5.0.1" } }, + "node_modules/katex": { + "version": "0.16.44", + "resolved": "https://registry.npmjs.org/katex/-/katex-0.16.44.tgz", + "integrity": "sha512-EkxoDTk8ufHqHlf9QxGwcxeLkWRR3iOuYfRpfORgYfqc8s13bgb+YtRY59NK5ZpRaCwq1kqA6a5lpX8C/eLphQ==", + "dev": true, + "funding": [ + "https://opencollective.com/katex", + "https://github.com/sponsors/katex" + ], + "license": "MIT", + "dependencies": { + "commander": "^8.3.0" + }, + "bin": { + "katex": "cli.js" + } + }, + "node_modules/katex/node_modules/commander": { + "version": "8.3.0", + "resolved": "https://registry.npmjs.org/commander/-/commander-8.3.0.tgz", + "integrity": "sha512-OkTL9umf+He2DZkUq8f8J9of7yL6RJKI24dVITBmNfZBmri9zYZQrKkuXiKhyfPSu8tUhnVBB1iKXevvnlR4Ww==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">= 12" + } + }, "node_modules/keytar": { "version": "7.9.0", "resolved": "https://registry.npmjs.org/keytar/-/keytar-7.9.0.tgz", @@ -6303,6 +6490,133 @@ "markdown-it": "bin/markdown-it.mjs" } }, + "node_modules/markdownlint": { + "version": "0.40.0", + "resolved": "https://registry.npmjs.org/markdownlint/-/markdownlint-0.40.0.tgz", + "integrity": "sha512-UKybllYNheWac61Ia7T6fzuQNDZimFIpCg2w6hHjgV1Qu0w1TV0LlSgryUGzM0bkKQCBhy2FDhEELB73Kb0kAg==", + "dev": true, + "license": "MIT", + "dependencies": { + "micromark": "4.0.2", + "micromark-core-commonmark": "2.0.3", + "micromark-extension-directive": "4.0.0", + "micromark-extension-gfm-autolink-literal": "2.1.0", + "micromark-extension-gfm-footnote": "2.1.0", + "micromark-extension-gfm-table": "2.1.1", + "micromark-extension-math": "3.1.0", + "micromark-util-types": "2.0.2", + "string-width": "8.1.0" + }, + "engines": { + "node": ">=20" + }, + "funding": { + "url": "https://github.com/sponsors/DavidAnson" + } + }, + "node_modules/markdownlint-cli": { + "version": "0.48.0", + "resolved": "https://registry.npmjs.org/markdownlint-cli/-/markdownlint-cli-0.48.0.tgz", + "integrity": "sha512-NkZQNu2E0Q5qLEEHwWj674eYISTLD4jMHkBzDobujXd1kv+yCxi8jOaD/rZoQNW1FBBMMGQpuW5So8B51N/e0A==", + "dev": true, + "license": "MIT", + "dependencies": { + "commander": "~14.0.3", + "deep-extend": "~0.6.0", + "ignore": "~7.0.5", + "js-yaml": "~4.1.1", + "jsonc-parser": "~3.3.1", + "jsonpointer": "~5.0.1", + "markdown-it": "~14.1.1", + "markdownlint": "~0.40.0", + "minimatch": "~10.2.4", + "run-con": "~1.3.2", + "smol-toml": "~1.6.0", + "tinyglobby": "~0.2.15" + }, + "bin": { + "markdownlint": "markdownlint.js" + }, + "engines": { + "node": ">=20" + } + }, + "node_modules/markdownlint-cli/node_modules/balanced-match": { + "version": "4.0.4", + "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-4.0.4.tgz", + "integrity": "sha512-BLrgEcRTwX2o6gGxGOCNyMvGSp35YofuYzw9h1IMTRmKqttAZZVU67bdb9Pr2vUHA8+j3i2tJfjO6C6+4myGTA==", + "dev": true, + "license": "MIT", + "engines": { + "node": "18 || 20 || >=22" + } + }, + "node_modules/markdownlint-cli/node_modules/brace-expansion": { + "version": "5.0.5", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.5.tgz", + "integrity": "sha512-VZznLgtwhn+Mact9tfiwx64fA9erHH/MCXEUfB/0bX/6Fz6ny5EGTXYltMocqg4xFAQZtnO3DHWWXi8RiuN7cQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "balanced-match": "^4.0.2" + }, + "engines": { + "node": "18 || 20 || >=22" + } + }, + "node_modules/markdownlint-cli/node_modules/commander": { + "version": "14.0.3", + "resolved": "https://registry.npmjs.org/commander/-/commander-14.0.3.tgz", + "integrity": "sha512-H+y0Jo/T1RZ9qPP4Eh1pkcQcLRglraJaSLoyOtHxu6AapkjWVCy2Sit1QQ4x3Dng8qDlSsZEet7g5Pq06MvTgw==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=20" + } + }, + "node_modules/markdownlint-cli/node_modules/ignore": { + "version": "7.0.5", + "resolved": "https://registry.npmjs.org/ignore/-/ignore-7.0.5.tgz", + "integrity": "sha512-Hs59xBNfUIunMFgWAbGX5cq6893IbWg4KnrjbYwX3tx0ztorVgTDA6B2sxf8ejHJ4wz8BqGUMYlnzNBer5NvGg==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">= 4" + } + }, + "node_modules/markdownlint-cli/node_modules/minimatch": { + "version": "10.2.4", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.2.4.tgz", + "integrity": "sha512-oRjTw/97aTBN0RHbYCdtF1MQfvusSIBQM0IZEgzl6426+8jSC0nF1a/GmnVLpfB9yyr6g6FTqWqiZVbxrtaCIg==", + "dev": true, + "license": "BlueOak-1.0.0", + "dependencies": { + "brace-expansion": "^5.0.2" + }, + "engines": { + "node": "18 || 20 || >=22" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, + "node_modules/markdownlint/node_modules/string-width": { + "version": "8.1.0", + "resolved": "https://registry.npmjs.org/string-width/-/string-width-8.1.0.tgz", + "integrity": "sha512-Kxl3KJGb/gxkaUMOjRsQ8IrXiGW75O4E3RPjFIINOVH8AMl2SQ/yWdTzWwF3FevIX9LcMAjJW+GRwAlAbTSXdg==", + "dev": true, + "license": "MIT", + "dependencies": { + "get-east-asian-width": "^1.3.0", + "strip-ansi": "^7.1.0" + }, + "engines": { + "node": ">=20" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, "node_modules/math-intrinsics": { "version": "1.1.0", "resolved": "https://registry.npmjs.org/math-intrinsics/-/math-intrinsics-1.1.0.tgz", @@ -6350,6 +6664,542 @@ "node": ">= 8" } }, + "node_modules/micromark": { + "version": "4.0.2", + "resolved": "https://registry.npmjs.org/micromark/-/micromark-4.0.2.tgz", + "integrity": "sha512-zpe98Q6kvavpCr1NPVSCMebCKfD7CA2NqZ+rykeNhONIJBpc1tFKt9hucLGwha3jNTNI8lHpctWJWoimVF4PfA==", + "dev": true, + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "@types/debug": "^4.0.0", + "debug": "^4.0.0", + "decode-named-character-reference": "^1.0.0", + "devlop": "^1.0.0", + "micromark-core-commonmark": "^2.0.0", + "micromark-factory-space": "^2.0.0", + "micromark-util-character": "^2.0.0", + "micromark-util-chunked": "^2.0.0", + "micromark-util-combine-extensions": "^2.0.0", + "micromark-util-decode-numeric-character-reference": "^2.0.0", + "micromark-util-encode": "^2.0.0", + "micromark-util-normalize-identifier": "^2.0.0", + "micromark-util-resolve-all": "^2.0.0", + "micromark-util-sanitize-uri": "^2.0.0", + "micromark-util-subtokenize": "^2.0.0", + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-core-commonmark": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/micromark-core-commonmark/-/micromark-core-commonmark-2.0.3.tgz", + "integrity": "sha512-RDBrHEMSxVFLg6xvnXmb1Ayr2WzLAWjeSATAoxwKYJV94TeNavgoIdA0a9ytzDSVzBy2YKFK+emCPOEibLeCrg==", + "dev": true, + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "decode-named-character-reference": "^1.0.0", + "devlop": "^1.0.0", + "micromark-factory-destination": "^2.0.0", + "micromark-factory-label": "^2.0.0", + "micromark-factory-space": "^2.0.0", + "micromark-factory-title": "^2.0.0", + "micromark-factory-whitespace": "^2.0.0", + "micromark-util-character": "^2.0.0", + "micromark-util-chunked": "^2.0.0", + "micromark-util-classify-character": "^2.0.0", + "micromark-util-html-tag-name": "^2.0.0", + "micromark-util-normalize-identifier": "^2.0.0", + "micromark-util-resolve-all": "^2.0.0", + "micromark-util-subtokenize": "^2.0.0", + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-extension-directive": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/micromark-extension-directive/-/micromark-extension-directive-4.0.0.tgz", + "integrity": "sha512-/C2nqVmXXmiseSSuCdItCMho7ybwwop6RrrRPk0KbOHW21JKoCldC+8rFOaundDoRBUWBnJJcxeA/Kvi34WQXg==", + "dev": true, + "license": "MIT", + "dependencies": { + "devlop": "^1.0.0", + "micromark-factory-space": "^2.0.0", + "micromark-factory-whitespace": "^2.0.0", + "micromark-util-character": "^2.0.0", + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0", + "parse-entities": "^4.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/micromark-extension-gfm-autolink-literal": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/micromark-extension-gfm-autolink-literal/-/micromark-extension-gfm-autolink-literal-2.1.0.tgz", + "integrity": "sha512-oOg7knzhicgQ3t4QCjCWgTmfNhvQbDDnJeVu9v81r7NltNCVmhPy1fJRX27pISafdjL+SVc4d3l48Gb6pbRypw==", + "dev": true, + "license": "MIT", + "dependencies": { + "micromark-util-character": "^2.0.0", + "micromark-util-sanitize-uri": "^2.0.0", + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/micromark-extension-gfm-footnote": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/micromark-extension-gfm-footnote/-/micromark-extension-gfm-footnote-2.1.0.tgz", + "integrity": "sha512-/yPhxI1ntnDNsiHtzLKYnE3vf9JZ6cAisqVDauhp4CEHxlb4uoOTxOCJ+9s51bIB8U1N1FJ1RXOKTIlD5B/gqw==", + "dev": true, + "license": "MIT", + "dependencies": { + "devlop": "^1.0.0", + "micromark-core-commonmark": "^2.0.0", + "micromark-factory-space": "^2.0.0", + "micromark-util-character": "^2.0.0", + "micromark-util-normalize-identifier": "^2.0.0", + "micromark-util-sanitize-uri": "^2.0.0", + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/micromark-extension-gfm-table": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/micromark-extension-gfm-table/-/micromark-extension-gfm-table-2.1.1.tgz", + "integrity": "sha512-t2OU/dXXioARrC6yWfJ4hqB7rct14e8f7m0cbI5hUmDyyIlwv5vEtooptH8INkbLzOatzKuVbQmAYcbWoyz6Dg==", + "dev": true, + "license": "MIT", + "dependencies": { + "devlop": "^1.0.0", + "micromark-factory-space": "^2.0.0", + "micromark-util-character": "^2.0.0", + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/micromark-extension-math": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/micromark-extension-math/-/micromark-extension-math-3.1.0.tgz", + "integrity": "sha512-lvEqd+fHjATVs+2v/8kg9i5Q0AP2k85H0WUOwpIVvUML8BapsMvh1XAogmQjOCsLpoKRCVQqEkQBB3NhVBcsOg==", + "dev": true, + "license": "MIT", + "dependencies": { + "@types/katex": "^0.16.0", + "devlop": "^1.0.0", + "katex": "^0.16.0", + "micromark-factory-space": "^2.0.0", + "micromark-util-character": "^2.0.0", + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/micromark-factory-destination": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-factory-destination/-/micromark-factory-destination-2.0.1.tgz", + "integrity": "sha512-Xe6rDdJlkmbFRExpTOmRj9N3MaWmbAgdpSrBQvCFqhezUn4AHqJHbaEnfbVYYiexVSs//tqOdY/DxhjdCiJnIA==", + "dev": true, + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-character": "^2.0.0", + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-factory-label": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-factory-label/-/micromark-factory-label-2.0.1.tgz", + "integrity": "sha512-VFMekyQExqIW7xIChcXn4ok29YE3rnuyveW3wZQWWqF4Nv9Wk5rgJ99KzPvHjkmPXF93FXIbBp6YdW3t71/7Vg==", + "dev": true, + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "devlop": "^1.0.0", + "micromark-util-character": "^2.0.0", + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-factory-space": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-factory-space/-/micromark-factory-space-2.0.1.tgz", + "integrity": "sha512-zRkxjtBxxLd2Sc0d+fbnEunsTj46SWXgXciZmHq0kDYGnck/ZSGj9/wULTV95uoeYiK5hRXP2mJ98Uo4cq/LQg==", + "dev": true, + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-character": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-factory-title": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-factory-title/-/micromark-factory-title-2.0.1.tgz", + "integrity": "sha512-5bZ+3CjhAd9eChYTHsjy6TGxpOFSKgKKJPJxr293jTbfry2KDoWkhBb6TcPVB4NmzaPhMs1Frm9AZH7OD4Cjzw==", + "dev": true, + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-factory-space": "^2.0.0", + "micromark-util-character": "^2.0.0", + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-factory-whitespace": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-factory-whitespace/-/micromark-factory-whitespace-2.0.1.tgz", + "integrity": "sha512-Ob0nuZ3PKt/n0hORHyvoD9uZhr+Za8sFoP+OnMcnWK5lngSzALgQYKMr9RJVOWLqQYuyn6ulqGWSXdwf6F80lQ==", + "dev": true, + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-factory-space": "^2.0.0", + "micromark-util-character": "^2.0.0", + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-util-character": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/micromark-util-character/-/micromark-util-character-2.1.1.tgz", + "integrity": "sha512-wv8tdUTJ3thSFFFJKtpYKOYiGP2+v96Hvk4Tu8KpCAsTMs6yi+nVmGh1syvSCsaxz45J6Jbw+9DD6g97+NV67Q==", + "dev": true, + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-util-chunked": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-chunked/-/micromark-util-chunked-2.0.1.tgz", + "integrity": "sha512-QUNFEOPELfmvv+4xiNg2sRYeS/P84pTW0TCgP5zc9FpXetHY0ab7SxKyAQCNCc1eK0459uoLI1y5oO5Vc1dbhA==", + "dev": true, + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-symbol": "^2.0.0" + } + }, + "node_modules/micromark-util-classify-character": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-classify-character/-/micromark-util-classify-character-2.0.1.tgz", + "integrity": "sha512-K0kHzM6afW/MbeWYWLjoHQv1sgg2Q9EccHEDzSkxiP/EaagNzCm7T/WMKZ3rjMbvIpvBiZgwR3dKMygtA4mG1Q==", + "dev": true, + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-character": "^2.0.0", + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-util-combine-extensions": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-combine-extensions/-/micromark-util-combine-extensions-2.0.1.tgz", + "integrity": "sha512-OnAnH8Ujmy59JcyZw8JSbK9cGpdVY44NKgSM7E9Eh7DiLS2E9RNQf0dONaGDzEG9yjEl5hcqeIsj4hfRkLH/Bg==", + "dev": true, + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-chunked": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-util-decode-numeric-character-reference": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/micromark-util-decode-numeric-character-reference/-/micromark-util-decode-numeric-character-reference-2.0.2.tgz", + "integrity": "sha512-ccUbYk6CwVdkmCQMyr64dXz42EfHGkPQlBj5p7YVGzq8I7CtjXZJrubAYezf7Rp+bjPseiROqe7G6foFd+lEuw==", + "dev": true, + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-symbol": "^2.0.0" + } + }, + "node_modules/micromark-util-encode": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-encode/-/micromark-util-encode-2.0.1.tgz", + "integrity": "sha512-c3cVx2y4KqUnwopcO9b/SCdo2O67LwJJ/UyqGfbigahfegL9myoEFoDYZgkT7f36T0bLrM9hZTAaAyH+PCAXjw==", + "dev": true, + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT" + }, + "node_modules/micromark-util-html-tag-name": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-html-tag-name/-/micromark-util-html-tag-name-2.0.1.tgz", + "integrity": "sha512-2cNEiYDhCWKI+Gs9T0Tiysk136SnR13hhO8yW6BGNyhOC4qYFnwF1nKfD3HFAIXA5c45RrIG1ub11GiXeYd1xA==", + "dev": true, + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT" + }, + "node_modules/micromark-util-normalize-identifier": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-normalize-identifier/-/micromark-util-normalize-identifier-2.0.1.tgz", + "integrity": "sha512-sxPqmo70LyARJs0w2UclACPUUEqltCkJ6PhKdMIDuJ3gSf/Q+/GIe3WKl0Ijb/GyH9lOpUkRAO2wp0GVkLvS9Q==", + "dev": true, + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-symbol": "^2.0.0" + } + }, + "node_modules/micromark-util-resolve-all": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-resolve-all/-/micromark-util-resolve-all-2.0.1.tgz", + "integrity": "sha512-VdQyxFWFT2/FGJgwQnJYbe1jjQoNTS4RjglmSjTUlpUMa95Htx9NHeYW4rGDJzbjvCsl9eLjMQwGeElsqmzcHg==", + "dev": true, + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-util-sanitize-uri": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-sanitize-uri/-/micromark-util-sanitize-uri-2.0.1.tgz", + "integrity": "sha512-9N9IomZ/YuGGZZmQec1MbgxtlgougxTodVwDzzEouPKo3qFWvymFHWcnDi2vzV1ff6kas9ucW+o3yzJK9YB1AQ==", + "dev": true, + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-character": "^2.0.0", + "micromark-util-encode": "^2.0.0", + "micromark-util-symbol": "^2.0.0" + } + }, + "node_modules/micromark-util-subtokenize": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/micromark-util-subtokenize/-/micromark-util-subtokenize-2.1.0.tgz", + "integrity": "sha512-XQLu552iSctvnEcgXw6+Sx75GflAPNED1qx7eBJ+wydBb2KCbRZe+NwvIEEMM83uml1+2WSXpBAcp9IUCgCYWA==", + "dev": true, + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "devlop": "^1.0.0", + "micromark-util-chunked": "^2.0.0", + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-util-symbol": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-symbol/-/micromark-util-symbol-2.0.1.tgz", + "integrity": "sha512-vs5t8Apaud9N28kgCrRUdEed4UJ+wWNvicHLPxCa9ENlYuAY31M0ETy5y1vA33YoNPDFTghEbnh6efaE8h4x0Q==", + "dev": true, + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT" + }, + "node_modules/micromark-util-types": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/micromark-util-types/-/micromark-util-types-2.0.2.tgz", + "integrity": "sha512-Yw0ECSpJoViF1qTU4DC6NwtC4aWGt1EkzaQB8KPPyCRR8z9TWeV0HbEFGTO+ZY1wB22zmxnJqhPyTpOVCpeHTA==", + "dev": true, + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT" + }, "node_modules/micromatch": { "version": "4.0.8", "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.8.tgz", @@ -6451,7 +7301,6 @@ "integrity": "sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA==", "dev": true, "license": "MIT", - "optional": true, "funding": { "url": "https://github.com/sponsors/ljharb" } @@ -6977,6 +7826,26 @@ "dev": true, "license": "(MIT AND Zlib)" }, + "node_modules/parse-entities": { + "version": "4.0.2", + "resolved": "https://registry.npmjs.org/parse-entities/-/parse-entities-4.0.2.tgz", + "integrity": "sha512-GG2AQYWoLgL877gQIKeRPGO1xF9+eG1ujIb5soS5gPvLQ1y2o8FL90w2QWNdf9I361Mpp7726c+lj3U0qK1uGw==", + "dev": true, + "license": "MIT", + "dependencies": { + "@types/unist": "^2.0.0", + "character-entities-legacy": "^3.0.0", + "character-reference-invalid": "^2.0.0", + "decode-named-character-reference": "^1.0.0", + "is-alphanumerical": "^2.0.0", + "is-decimal": "^2.0.0", + "is-hexadecimal": "^2.0.0" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, "node_modules/parse-json": { "version": "8.3.0", "resolved": "https://registry.npmjs.org/parse-json/-/parse-json-8.3.0.tgz", @@ -7665,6 +8534,32 @@ "url": "https://github.com/sponsors/sindresorhus" } }, + "node_modules/run-con": { + "version": "1.3.2", + "resolved": "https://registry.npmjs.org/run-con/-/run-con-1.3.2.tgz", + "integrity": "sha512-CcfE+mYiTcKEzg0IqS08+efdnH0oJ3zV0wSUFBNrMHMuxCtXvBCLzCJHatwuXDcu/RlhjTziTo/a1ruQik6/Yg==", + "dev": true, + "license": "(BSD-2-Clause OR MIT OR Apache-2.0)", + "dependencies": { + "deep-extend": "^0.6.0", + "ini": "~4.1.0", + "minimist": "^1.2.8", + "strip-json-comments": "~3.1.1" + }, + "bin": { + "run-con": "cli.js" + } + }, + "node_modules/run-con/node_modules/ini": { + "version": "4.1.3", + "resolved": "https://registry.npmjs.org/ini/-/ini-4.1.3.tgz", + "integrity": "sha512-X7rqawQBvfdjS10YU1y1YVreA3SsLrW9dX2CewP2EbBJM4ypVNLDkO5y04gejPwKIY9lR+7r9gn3rFPt/kmWFg==", + "dev": true, + "license": "ISC", + "engines": { + "node": "^14.17.0 || ^16.13.0 || >=18.0.0" + } + }, "node_modules/run-parallel": { "version": "1.2.0", "resolved": "https://registry.npmjs.org/run-parallel/-/run-parallel-1.2.0.tgz", @@ -8022,6 +8917,19 @@ "url": "https://github.com/chalk/slice-ansi?sponsor=1" } }, + "node_modules/smol-toml": { + "version": "1.6.1", + "resolved": "https://registry.npmjs.org/smol-toml/-/smol-toml-1.6.1.tgz", + "integrity": "sha512-dWUG8F5sIIARXih1DTaQAX4SsiTXhInKf1buxdY9DIg4ZYPZK5nGM1VRIYmEbDbsHt7USo99xSLFu5Q1IqTmsg==", + "dev": true, + "license": "BSD-3-Clause", + "engines": { + "node": ">= 18" + }, + "funding": { + "url": "https://github.com/sponsors/cyyynthia" + } + }, "node_modules/source-map-js": { "version": "1.2.1", "resolved": "https://registry.npmjs.org/source-map-js/-/source-map-js-1.2.1.tgz", @@ -8922,6 +9830,7 @@ "integrity": "sha512-B9ifbFudT1TFhfltfaIPgjo9Z3mDynBTJSUYxTjOQruf/zHH+ezCQKcoqO+h7a9Pw9Nm/OtlXAiGT1axBgwqrQ==", "dev": true, "license": "MIT", + "peer": true, "dependencies": { "lightningcss": "^1.32.0", "picomatch": "^4.0.4", diff --git a/package.json b/package.json index 9d05da31..829b58bc 100644 --- a/package.json +++ b/package.json @@ -26,6 +26,7 @@ "eslint": "^10.1.0", "eslint-config-prettier": "^10.1.8", "eslint-plugin-prettier": "^5.5.5", + "markdownlint-cli": "^0.48.0", "prettier": "^3.8.1", "typescript": "^5.9.3", "typescript-eslint": "^8.57.2" @@ -42,6 +43,7 @@ "format:check": "prettier --check '**/*.{yml,yaml,md}'", "lint": "npm run lint -w client -w server -w extensions/vscode", "lint:fix": "npm run lint:fix -w client -w server -w extensions/vscode", + "lint:md": "markdownlint '**/*.md'", "start": "npm run start -w server", "test": "npm run test:server && npm run test:client && npm run test:vscode", "test:all": "npm run test:server && npm run test:client && npm run test:vscode", @@ -49,7 +51,7 @@ "test:server": "npm run test -w server", "test:vscode": "npm run test -w extensions/vscode", "package:vsix": "npm run clean:test-dbs && npm run build -w server && npm run package -w extensions/vscode", - "tidy": "npm run lint:fix && npm run format", + "tidy": "npm run lint:fix && npm run format && npm run lint:md", "tidy:check": "npm run lint && npm run format:check", "upgrade": "npm run upgrade:node", "upgrade:node": "npx -y npm-check-updates --color --install always --peer --reject zod --root --upgrade --workspaces"