Implement multi-root CodeQL query resolution with workspace support#308
Draft
data-douser wants to merge 3 commits into
Draft
Implement multi-root CodeQL query resolution with workspace support#308data-douser wants to merge 3 commits into
data-douser wants to merge 3 commits into
Conversation
Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com>
Make the VS Code extension select CodeQL query/pack resolution roots from workspace folders that contain a top-level codeql-workspace.yml, and give the MCP server's completion providers an independent per-root scan budget so non-first folders are never starved. Extension: - Add codeql-mcp.requireCodeqlWorkspace (default true); only folders with a top-level codeql-workspace.yml become resolution roots. - queryPackIncludeDirs remains the explicit opt-in; fall back to all folders with a warning when none qualify and no include dirs are set. - Export computeResolutionRoots/hasTopLevelCodeqlWorkspaceFile. Server: - Give each workspace root (and base dir) its own completion scan budget so a populous first root no longer hides later roots. Tests/docs: - Add codeql-workspace-resolution and multi-root completion integration suites, unit tests, and codeql-workspace.yml fixtures. - Update README and CHANGELOG.
data-douser
added
bug
Contributor
Dependency Review✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.Scanned FilesNone |
64 tasks
Contributor
There was a problem hiding this comment.
Pull request overview
This PR (#308) fixes multi-root workspace resolution for CodeQL MCP prompt-driven workflows by making both the VS Code extension and the MCP server’s prompt completion providers “multi-root aware”, with explicit include/exclude controls and a default CodeQL-workspace-based root selection model.
Changes:
- Extend server-side prompt completions to scan all workspace roots (
CODEQL_MCP_WORKSPACE_FOLDERS) with a per-root scan budget to avoid “first root starvation”. - Add VS Code extension settings (
queryPackIncludeDirs,queryPackExcludeDirs,requireCodeqlWorkspace) and implement CodeQL-workspace-aware root selection in the environment builder. - Add/expand unit + integration tests, update extension README, and add changelog entries.
Show a summary per file
| File | Description |
|---|---|
| server/test/src/prompts/prompt-completions.test.ts | Adds server-side unit tests asserting completions span multiple workspace roots and that later roots aren’t starved. |
| server/src/utils/package-paths.ts | Clarifies multi-root workspace dir resolution documentation (uses CODEQL_MCP_WORKSPACE_FOLDERS). |
| server/src/prompts/workflow-prompts.ts | Minor doc/comment updates related to multi-root path resolution. |
| server/src/prompts/prompt-completions.ts | Implements multi-root scanning and per-root budgets for query/sarif/db/pack completions. |
| server/dist/codeql-development-mcp-server.js | Updates the bundled server build output to reflect TypeScript changes. |
| extensions/vscode/src/bridge/environment-builder.ts | Computes effective resolution roots using new settings + codeql-workspace.yml detection and exports them via env vars. |
| extensions/vscode/package.json | Adds settings definitions/descriptions for include/exclude and CodeQL workspace requirement. |
| extensions/vscode/README.md | Documents multi-root behavior, new settings, and recommended codeql-workspace.yml usage. |
| extensions/vscode/test/bridge/environment-builder.test.ts | Adds unit tests for root computation logic, include/exclude behavior, and fallback warning. |
| extensions/vscode/test/suite/workspace-scenario.integration.test.ts | Adds integration coverage for CODEQL_MCP_WORKSPACE_FOLDERS and include/exclude effects. |
| extensions/vscode/test/suite/workspace-folder-change.integration.test.ts | Adjusts workspace-folder change tests to align with the default CodeQL-workspace requirement. |
| extensions/vscode/test/suite/mcp-completion-multiroot.integration.test.ts | New end-to-end test spawning the server with synthetic multi-root env to validate completions + prompt resolution. |
| extensions/vscode/test/suite/codeql-workspace-resolution.integration.test.ts | New integration tests for default CodeQL-workspace-aware root selection and opt-in/out settings. |
| extensions/vscode/test/fixtures/single-folder-workspace/codeql-workspace.yml | Adds fixture CodeQL workspace marker file. |
| extensions/vscode/test/fixtures/multi-root-workspace/folder-a/codeql-workspace.yml | Adds fixture CodeQL workspace marker file. |
| extensions/vscode/test/fixtures/multi-root-workspace/folder-b/codeql-workspace.yml | Adds fixture CodeQL workspace marker file. |
| extensions/vscode/test/fixtures/multi-root-workspace/folder-c/codeql-workspace.yml | Adds fixture CodeQL workspace marker file. |
| extensions/vscode/test/fixtures/multi-root-workspace/folder-d/codeql-workspace.yml | Adds fixture CodeQL workspace marker file. |
| extensions/vscode/esbuild.config.js | Registers new extension integration test entrypoints in the test bundle config. |
| CHANGELOG.md | Adds Unreleased entries describing the new settings, default behavior changes, and the multi-root prompt fix. |
Copilot's findings
- Files reviewed: 19/21 changed files
- Comments generated: 8
Comment on lines
+153
to
155
| const workspaces = getUserWorkspaceDirs(); | ||
| const cacheKey = `queryPath:${workspaces.join('|')}`; | ||
| let allResults = getCachedResults(cacheKey); |
Comment on lines
185
to
188
| export async function completeSarifPath(value: string): Promise<string[]> { | ||
| const workspace = getUserWorkspaceDir(); | ||
| const cacheKey = `sarifPath:${workspace}`; | ||
| const workspaces = getUserWorkspaceDirs(); | ||
| const cacheKey = `sarifPath:${workspaces.join('|')}`; | ||
| let allResults = getCachedResults(cacheKey); |
Comment on lines
220
to
225
| export async function completeDatabasePath(value: string): Promise<string[]> { | ||
| const workspace = getUserWorkspaceDir(); | ||
| const workspaces = getUserWorkspaceDirs(); | ||
| const baseDirs = getDatabaseBaseDirs(); | ||
| const homeDbDir = join(homedir(), 'codeql', 'databases'); | ||
| const cacheKey = `databasePath:${workspace}:${baseDirs.join(',')}`; | ||
| const cacheKey = `databasePath:${workspaces.join('|')}:${baseDirs.join(',')}`; | ||
| let allResults = getCachedResults(cacheKey); |
Comment on lines
343
to
346
| export async function completePackRoot(value: string): Promise<string[]> { | ||
| const workspace = getUserWorkspaceDir(); | ||
| const cacheKey = `packRoot:${workspace}`; | ||
| const workspaces = getUserWorkspaceDirs(); | ||
| const cacheKey = `packRoot:${workspaces.join('|')}`; | ||
| let allResults = getCachedResults(cacheKey); |
Comment on lines
238
to
243
| if (workspaceFolders && workspaceFolders.length > 0) { | ||
| env.CODEQL_MCP_WORKSPACE = workspaceFolders[0].uri.fsPath; | ||
| env.CODEQL_MCP_WORKSPACE_FOLDERS = workspaceFolders | ||
| .map((f) => f.uri.fsPath) | ||
| .join(delimiter); | ||
| } | ||
| if (resolutionRoots.length > 0) { | ||
| env.CODEQL_MCP_WORKSPACE_FOLDERS = resolutionRoots.join(delimiter); | ||
| } |
Comment on lines
+44
to
+45
| - **`codeql-mcp.queryPackIncludeDirs` / `codeql-mcp.queryPackExcludeDirs` settings** — Two new array settings give explicit, workspace-folder-ordering-independent control over which directories the prompt-driven workflows resolve CodeQL query and pack paths against. `queryPackIncludeDirs` adds extra roots (e.g. a query repository that is not opened as the first folder, or not opened at all); `queryPackExcludeDirs` drops roots (matching directories and anything nested inside them). Absolute entries are used as-is; relative entries are resolved against every workspace folder. Both are folded into the `CODEQL_MCP_WORKSPACE_FOLDERS` and `CODEQL_ADDITIONAL_PACKS` environment variables. ([#307](https://github.com/advanced-security/codeql-development-mcp-server/pull/307)) | ||
| - **`codeql-mcp.requireCodeqlWorkspace` setting (default `true`)** — Makes the extension aware of [CodeQL workspaces](https://docs.github.com/en/code-security/concepts/code-scanning/codeql/codeql-workspaces): by default only workspace folders that contain a **top-level `codeql-workspace.yml`** are used as CodeQL query/pack resolution roots, so unrelated repositories opened in the same window are not scanned. `queryPackIncludeDirs` entries are always honored as the explicit opt-in for resolving CodeQL files outside this default pattern. When the setting is `true` but no open folder has a `codeql-workspace.yml` and no `queryPackIncludeDirs` are configured, the extension falls back to using every folder and logs a warning, so existing setups keep working. Set it to `false` to always use every open folder (legacy behavior). ([#307](https://github.com/advanced-security/codeql-development-mcp-server/pull/307)) |
|
|
||
| #### VS Code Extension | ||
|
|
||
| - **Multi-root resolution is now CodeQL-workspace-aware by default** — The environment builder no longer treats _every_ open workspace folder as a CodeQL query/pack resolution root. By default (`codeql-mcp.requireCodeqlWorkspace = true`) only folders containing a top-level `codeql-workspace.yml` are auto-selected, matching the CodeQL CLI's own workspace model. The previous all-folders behavior remains available via `requireCodeqlWorkspace: false`, via `queryPackIncludeDirs` for targeted opt-in, and via an automatic fallback (with a logged warning) when no folder qualifies and no include dirs are set. To exclude specific sub-paths or globs within a workspace, use the `ignore:` block of that folder's `codeql-workspace.yml`. ([#307](https://github.com/advanced-security/codeql-development-mcp-server/pull/307)) |
|
|
||
| ### Fixed | ||
|
|
||
| - **VS Code extension: MCP workflow prompts could not target queries outside the first workspace folder.** In a multi-root workspace, the prompt-driven workflows only surfaced and resolved CodeQL queries, packs, databases, and SARIF files in the first root folder. The MCP server's prompt-argument completion providers now scan **every** workspace root (`CODEQL_MCP_WORKSPACE_FOLDERS`) with an **independent per-root scan budget** so a populous first root cannot starve the later roots out of the completion dropdown, and the extension's environment builder folds the new `queryPackIncludeDirs`/`queryPackExcludeDirs` settings into the resolution roots, so a query that lives in a non-first root (or an out-of-workspace query repository) is found and usable regardless of folder order. ([#307](https://github.com/advanced-security/codeql-development-mcp-server/pull/307)) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request:
Summary of Changes
This pull request introduces significant improvements to how the VS Code extension for CodeQL MCP resolves queries, packs, and related resources in multi-root workspaces. The main focus is to make the extension "CodeQL-workspace-aware" by default, giving users explicit and flexible control over which directories are used for CodeQL resolution, and to fix issues where prompt-driven workflows could not find queries outside the first workspace folder. The update also adds new settings, updates documentation, and enhances test coverage.
Key improvements and changes:
Multi-root workspace resolution enhancements:
Added new settings:
codeql-mcp.queryPackIncludeDirs,codeql-mcp.queryPackExcludeDirs, andcodeql-mcp.requireCodeqlWorkspace. These provide explicit, order-independent control over which directories are treated as CodeQL query/pack resolution roots. By default, only folders with a top-levelcodeql-workspace.ymlare used, matching the CodeQL CLI model. Users can opt in or out of this behavior and include or exclude specific directories as needed. [1] [2] [3]The environment builder now computes the set of resolution roots using the new settings, including support for fallback behavior and exclusion logic. This ensures that queries and packs in any workspace folder (not just the first) or in explicitly included directories are found and usable. [1] [2] [3] [4]
Documentation and user guidance:
README.mdwith detailed explanations and usage examples for the new multi-root workspace resolution settings, including guidance on usingcodeql-workspace.ymland how to opt in or out of the new behavior.Bug fixes:
Test coverage:
Changelog updates:
CHANGELOG.mdwith entries describing the new features, bug fixes, and changes to default behavior regarding multi-root workspace resolution. [1] [2] [3]