Skip to content

v2.24.3

Choose a tag to compare

View all tags
@data-douser data-douser released this 12 Mar 01:18
· 38 commits to main since this release
v2.24.3
3bd0471
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

v2.24.3

Highlights

πŸ”“ Database Lock Contention Fix & New CodeQL Search/Discovery Tools

This release resolves a critical compatibility issue where databases locked by the GitHub.vscode-codeql extension prevented the MCP server from running CLI commands. A new DatabaseCopier syncs databases into a managed, lock-free directory under the extension's globalStorage. Two new tools β€” search_ql_code and codeql_resolve_files β€” eliminate the need for LLMs to use grep or shell access for QL code search and file discovery.

πŸ” Automatic CodeQL CLI Discovery

The MCP server now automatically finds the CodeQL CLI binary installed by the GitHub.vscode-codeql extension, which stores it off-PATH. Discovery uses distribution.json (folder index hint) with a fallback to scanning distribution* directories. This works at two layers: the VS Code extension CliResolver and the server-side cli-executor.

πŸ“š Rewritten MCP Resources as Actionable LLM-Oriented Guides

All static MCP resources have been rewritten as actionable, LLM-oriented guides. Resources are now registered under clearer URIs (e.g., codeql://server/overview, codeql://server/queries, codeql://server/tools, codeql://server/prompts) and include new resources for learning query basics, test-driven development, and language-specific security query guides.

New MCP Server Tools
search_ql_code Searches QL source code by text or regex pattern across resolved CodeQL packs and workspace folders, returning matched lines with surrounding context. Eliminates the need for LLMs to use grep or shell access.
codeql_resolve_files Discovers files by extension or glob pattern within CodeQL databases and packs, enabling LLMs to find source files without CLI dependencies.

New MCP Server Resources
codeql://server/overview MCP server orientation guide (replaces getting-started.md)
codeql://server/queries PrintAST, PrintCFG, CallGraphFrom, CallGraphTo overview
codeql://server/tools Complete default tool reference
codeql://server/prompts Complete prompt reference
codeql://learning/query-basics Practical query writing reference
codeql://learning/test-driven-development TDD theory overview with cross-links
codeql://learning/security-queries/* Language-specific security query guides (migrated from .github/skills/)

Changed MCP Server Prompts & Resources

All existing workflow prompts and resources have been updated to remove grep/CLI references in favor of the new search_ql_code and codeql_resolve_files tools.

Changed MCP Server Tools
profile_codeql_query_from_logs Rewritten with two-tier design: compact inline JSON + line-indexed detail file for targeted read_file access. Parser now captures RA operations and pipeline-stage tuple progressions. Output is deterministic (no timestamps). Uses streaming async generators instead of readFileSync for large evaluator logs.
codeql_query_run resolveDatabasePath helper auto-resolves multi-language database roots and throws on ambiguity instead of silently picking the first candidate.
codeql_database_analyze Same resolveDatabasePath helper applied for consistent database path resolution.
codeql_resolve_database Now probes child directories for databases; uses resolveDatabasePath for ambiguity detection.

Bug Fixes

  • Database lock contention with vscode-codeql β€” Fixed a critical issue where .lock files created by the vscode-codeql query server prevented codeql_query_run and codeql_database_analyze from executing. A new DatabaseCopier syncs databases into a managed lock-free directory. (#119)
  • Version-bearing files not updated during release β€” The update-release-version.sh script now tracks server/src/codeql-development-mcp-server.ts (const VERSION) alongside all other version files. (#90)
  • MCP resource content missing at runtime in VSIX β€” Embedded MCP resource content at build time via esbuild loader for VSIX compatibility. (#111)
  • CODEQL_PATH tests failing on Windows CI β€” Fixed robust binary search and MSYS2 FIFO skip for windows-latest. (#115)
  • TOCTOU race condition in search_ql_code β€” Eliminated filesystem race (read-then-check instead of stat-then-read); added symlink cycle detection. (#119)
  • OOM risk with large files in search_ql_code β€” Large files (>5 MB) are now streamed line-by-line instead of loaded into memory. (#119)
  • Transient HTTP 503 in install-packs.sh β€” Added exponential backoff retry (3 attempts, 10s/20s/40s) for codeql pack install to handle GHCR.io rate limits. (#121)

Infrastructure & CI/CD

  • Added CODEQL_MCP_TMP_DIR and CODEQL_MCP_WORKSPACE_FOLDERS environment variables for workspace-local scratch directories. (#119)
  • Added query-file-finder contextual hints for missing tests, documentation, and expected results. (#119)
  • Set ENABLE_MONITORING_TOOLS=false for client integration tests to avoid CI interference. (#115)

Dependency Updates

  • Upgraded CodeQL CLI dependency to v2.24.3. (#114)
  • Upgraded NodeJS dependencies to latest available versions. (#108, #114)
  • Bumped actions/download-artifact from 7 to 8. (#94)
  • Bumped actions/upload-artifact from 6 to 7. (#93)

What's Changed (PRs)

  • Fix release update of version-bearing files from 2.24.2-rc3 to 2.24.2 by @data-douser in #90
  • Support automatic discovery of codeql CLI distributions installed off-PATH by VS Code extension by @data-douser in #91
  • Build(deps): bump actions/upload-artifact from 6 to 7 by @dependabot[bot] in #93
  • Build(deps): bump actions/download-artifact from 7 to 8 by @dependabot[bot] in #94
  • Upgrade NodeJS dependencies to latest available versions by @data-douser in #108
  • Embed MCP resource content at build time for VSIX compatibility by @Copilot in #111
  • Rewrite static MCP resources as actionable LLM-oriented guides by @Copilot in #113
  • Upgrade CodeQL to v2.24.3 and upgrade NodeJS dependencies to latest by @data-douser in #114
  • Fix CODEQL_PATH Tests (windows-latest) CI failure by @Copilot in #115
  • Fixes for extension .lock database contention and tool improvements to avoid LLM use of grep by @data-douser in #119

Full Changelog: v2.24.2...v2.24.3

What's Changed

  • Prep for v2.24.1 release by @data-douser in #38
  • Refactor release into separate child workflows with isolated deployment environments by @data-douser in #45
  • Build(deps): bump actions/download-artifact from 6 to 7 by @dependabot[bot] in #49
  • Build(deps): bump dotenv from 17.2.4 to 17.3.0 by @dependabot[bot] in #54
  • Add nightly CodeQL CLI update workflow by @data-douser in #58
  • Add vscode-codeql-development-mcp-server.vsix extension for "bridge" to GitHub.vscode-codeql extension's databases, query results, and MRVA results by @data-douser in #61
  • Fixes and integration tests for MCP-provided prompts and VSIX bundle by @data-douser in #71
  • Avoid timeouts in client integration test fixtures by @data-douser in #74
  • Add a new prompt & tool for diagnosing FPs/FNs from query runs. by @MichaelRFairhurst in #70
  • Upgrade CodeQL CLI dependency to v2.24.2 by @github-actions[bot] in #65
  • Fixes for v2.24.2 release prep by @data-douser in #75
  • Add stdio transport support to client integration test runner by @Copilot in #77
  • Prep for v2.24.2 release by @data-douser in #81
  • Fix release-tag workflow for releases created from v* tag on main branch by @data-douser in #85
  • Fix release-tag workflow to push only annotated tags to main by @data-douser in #87
  • Fix release update of version-bearing files from 2.24.2-rc3 to 2.24.2 by @data-douser in #90
  • Build(deps): bump actions/upload-artifact from 6 to 7 by @dependabot[bot] in #93
  • Upgrade NodeJS dependencies to latest available versions by @data-douser in #108
  • Build(deps): bump actions/download-artifact from 7 to 8 by @dependabot[bot] in #94
  • Embed MCP resource content at build time for VSIX compatibility by @Copilot in #111
  • Support automatic discovery of codeql CLI distributions installed off-PATH by VS Code extension by @data-douser in #91
  • Upgrade CodeQL to v2.24.3 and upgrade NodeJS dependencies to latest by @data-douser in #114
  • Fix CODEQL_PATH Tests (windows-latest) CI failure by @Copilot in #115
  • [UPDATE PRIMITIVE] Rewrite static MCP resources as actionable LLM-oriented guides by @Copilot in #113
  • Fixes for extension .lock database contention and tool improvements to avoid LLM use of grep by @data-douser in #119

New Contributors

Full Changelog: v2.24.0...v2.24.3

Contributors

MichaelRFairhurst, dependabot, and data-douser
Assets 13
Loading
0 Join discussion