codeql-development-mcp-server 2.24.3-rc2 → 2.25.0-rc1

package/dist/codeql-development-mcp-server.js

@@ -2242,8 +2242,8 @@ var require_resolve = __commonJS({
       }
       return count;
     }
-    function getFullPath(resolver, id = "", normalize) {
-      if (normalize !== false)
+    function getFullPath(resolver, id = "", normalize2) {
+      if (normalize2 !== false)
         id = normalizeId(id);
       const p = resolver.parse(id);
       return _getFullPath(resolver, p);
@@ -2991,7 +2991,7 @@ var require_compile = __commonJS({
       const schOrFunc = root.refs[ref];
       if (schOrFunc)
         return schOrFunc;
-      let _sch = resolve14.call(this, root, ref);
+      let _sch = resolve15.call(this, root, ref);
       if (_sch === void 0) {
         const schema2 = (_a = root.localRefs) === null || _a === void 0 ? void 0 : _a[ref];
         const { schemaId } = this.opts;
@@ -3018,7 +3018,7 @@ var require_compile = __commonJS({
     function sameSchemaEnv(s1, s2) {
       return s1.schema === s2.schema && s1.root === s2.root && s1.baseId === s2.baseId;
     }
-    function resolve14(root, ref) {
+    function resolve15(root, ref) {
       let sch;
       while (typeof (sch = this.refs[ref]) == "string")
         ref = sch;
@@ -3583,7 +3583,7 @@ var require_fast_uri = __commonJS({
     "use strict";
     var { normalizeIPv6, removeDotSegments, recomposeAuthority, normalizeComponentEncoding, isIPv4, nonSimpleDomain } = require_utils();
     var { SCHEMES, getSchemeHandler } = require_schemes();
-    function normalize(uri, options) {
+    function normalize2(uri, options) {
       if (typeof uri === "string") {
         uri = /** @type {T} */
         serialize(parse4(uri, options), options);
@@ -3593,55 +3593,55 @@ var require_fast_uri = __commonJS({
       }
       return uri;
     }
-    function resolve14(baseURI, relativeURI, options) {
+    function resolve15(baseURI, relativeURI, options) {
       const schemelessOptions = options ? Object.assign({ scheme: "null" }, options) : { scheme: "null" };
       const resolved = resolveComponent(parse4(baseURI, schemelessOptions), parse4(relativeURI, schemelessOptions), schemelessOptions, true);
       schemelessOptions.skipEscape = true;
       return serialize(resolved, schemelessOptions);
     }
-    function resolveComponent(base, relative, options, skipNormalization) {
+    function resolveComponent(base, relative2, options, skipNormalization) {
       const target = {};
       if (!skipNormalization) {
         base = parse4(serialize(base, options), options);
-        relative = parse4(serialize(relative, options), options);
+        relative2 = parse4(serialize(relative2, options), options);
       }
       options = options || {};
-      if (!options.tolerant && relative.scheme) {
-        target.scheme = relative.scheme;
-        target.userinfo = relative.userinfo;
-        target.host = relative.host;
-        target.port = relative.port;
-        target.path = removeDotSegments(relative.path || "");
-        target.query = relative.query;
+      if (!options.tolerant && relative2.scheme) {
+        target.scheme = relative2.scheme;
+        target.userinfo = relative2.userinfo;
+        target.host = relative2.host;
+        target.port = relative2.port;
+        target.path = removeDotSegments(relative2.path || "");
+        target.query = relative2.query;
       } else {
-        if (relative.userinfo !== void 0 || relative.host !== void 0 || relative.port !== void 0) {
-          target.userinfo = relative.userinfo;
-          target.host = relative.host;
-          target.port = relative.port;
-          target.path = removeDotSegments(relative.path || "");
-          target.query = relative.query;
+        if (relative2.userinfo !== void 0 || relative2.host !== void 0 || relative2.port !== void 0) {
+          target.userinfo = relative2.userinfo;
+          target.host = relative2.host;
+          target.port = relative2.port;
+          target.path = removeDotSegments(relative2.path || "");
+          target.query = relative2.query;
         } else {
-          if (!relative.path) {
+          if (!relative2.path) {
             target.path = base.path;
-            if (relative.query !== void 0) {
-              target.query = relative.query;
+            if (relative2.query !== void 0) {
+              target.query = relative2.query;
             } else {
               target.query = base.query;
             }
           } else {
-            if (relative.path[0] === "/") {
-              target.path = removeDotSegments(relative.path);
+            if (relative2.path[0] === "/") {
+              target.path = removeDotSegments(relative2.path);
             } else {
               if ((base.userinfo !== void 0 || base.host !== void 0 || base.port !== void 0) && !base.path) {
-                target.path = "/" + relative.path;
+                target.path = "/" + relative2.path;
               } else if (!base.path) {
-                target.path = relative.path;
+                target.path = relative2.path;
               } else {
-                target.path = base.path.slice(0, base.path.lastIndexOf("/") + 1) + relative.path;
+                target.path = base.path.slice(0, base.path.lastIndexOf("/") + 1) + relative2.path;
               }
               target.path = removeDotSegments(target.path);
             }
-            target.query = relative.query;
+            target.query = relative2.query;
           }
           target.userinfo = base.userinfo;
           target.host = base.host;
@@ -3649,7 +3649,7 @@ var require_fast_uri = __commonJS({
         }
         target.scheme = base.scheme;
       }
-      target.fragment = relative.fragment;
+      target.fragment = relative2.fragment;
       return target;
     }
     function equal(uriA, uriB, options) {
@@ -3819,8 +3819,8 @@ var require_fast_uri = __commonJS({
     }
     var fastUri = {
       SCHEMES,
-      normalize,
-      resolve: resolve14,
+      normalize: normalize2,
+      resolve: resolve15,
       resolveComponent,
       equal,
       serialize,
@@ -8862,8 +8862,8 @@ var require_resolve2 = __commonJS({
       }
       return count;
     }
-    function getFullPath(resolver, id = "", normalize) {
-      if (normalize !== false)
+    function getFullPath(resolver, id = "", normalize2) {
+      if (normalize2 !== false)
         id = normalizeId(id);
       const p = resolver.parse(id);
       return _getFullPath(resolver, p);
@@ -9611,7 +9611,7 @@ var require_compile2 = __commonJS({
       const schOrFunc = root.refs[ref];
       if (schOrFunc)
         return schOrFunc;
-      let _sch = resolve14.call(this, root, ref);
+      let _sch = resolve15.call(this, root, ref);
       if (_sch === void 0) {
         const schema2 = (_a = root.localRefs) === null || _a === void 0 ? void 0 : _a[ref];
         const { schemaId } = this.opts;
@@ -9638,7 +9638,7 @@ var require_compile2 = __commonJS({
     function sameSchemaEnv(s1, s2) {
       return s1.schema === s2.schema && s1.root === s2.root && s1.baseId === s2.baseId;
     }
-    function resolve14(root, ref) {
+    function resolve15(root, ref) {
       let sch;
       while (typeof (sch = this.refs[ref]) == "string")
         ref = sch;
@@ -13270,7 +13270,7 @@ var require_src = __commonJS({
 // ../node_modules/depd/index.js
 var require_depd = __commonJS({
   "../node_modules/depd/index.js"(exports, module) {
-    var relative = __require("path").relative;
+    var relative2 = __require("path").relative;
     module.exports = depd;
     var basePath = process.cwd();
     function containsNamespace(str2, namespace) {
@@ -13462,7 +13462,7 @@ var require_depd = __commonJS({
       return formatted;
     }
     function formatLocation(callSite) {
-      return relative(basePath, callSite[0]) + ":" + callSite[1] + ":" + callSite[2];
+      return relative2(basePath, callSite[0]) + ":" + callSite[1] + ":" + callSite[2];
     }
     function getStack() {
       var limit = Error.stackTraceLimit;
@@ -17919,10 +17919,10 @@ var require_raw_body = __commonJS({
       if (done) {
         return readStream(stream, encoding, length, limit, wrap(done));
       }
-      return new Promise(function executor(resolve14, reject) {
+      return new Promise(function executor(resolve15, reject) {
         readStream(stream, encoding, length, limit, function onRead(err, buf) {
           if (err) return reject(err);
-          resolve14(buf);
+          resolve15(buf);
         });
       });
     }
@@ -27905,7 +27905,7 @@ var require_type_is = __commonJS({
     module.exports = typeofrequest;
     module.exports.is = typeis;
     module.exports.hasBody = hasbody;
-    module.exports.normalize = normalize;
+    module.exports.normalize = normalize2;
     module.exports.match = mimeMatch;
     function typeis(value, types_) {
       var i;
@@ -27925,7 +27925,7 @@ var require_type_is = __commonJS({
       }
       var type2;
       for (i = 0; i < types.length; i++) {
-        if (mimeMatch(normalize(type2 = types[i]), val)) {
+        if (mimeMatch(normalize2(type2 = types[i]), val)) {
           return type2[0] === "+" || type2.indexOf("*") !== -1 ? val : type2;
         }
       }
@@ -27940,7 +27940,7 @@ var require_type_is = __commonJS({
       var value = req.headers["content-type"];
       return typeis(value, types);
     }
-    function normalize(type2) {
+    function normalize2(type2) {
       if (typeof type2 !== "string") {
         return false;
       }
@@ -31258,7 +31258,7 @@ var require_view = __commonJS({
     var basename8 = path4.basename;
     var extname3 = path4.extname;
     var join19 = path4.join;
-    var resolve14 = path4.resolve;
+    var resolve15 = path4.resolve;
     module.exports = View;
     function View(name, options) {
       var opts = options || {};
@@ -31292,7 +31292,7 @@ var require_view = __commonJS({
       debug('lookup "%s"', name);
       for (var i = 0; i < roots.length && !path5; i++) {
         var root = roots[i];
-        var loc = resolve14(root, name);
+        var loc = resolve15(root, name);
         var dir = dirname8(loc);
         var file = basename8(loc);
         path5 = this.resolve(dir, file);
@@ -31317,7 +31317,7 @@ var require_view = __commonJS({
       });
       sync = false;
     };
-    View.prototype.resolve = function resolve15(dir, file) {
+    View.prototype.resolve = function resolve16(dir, file) {
       var ext = this.ext;
       var path5 = join19(dir, file);
       var stat = tryStat(path5);
@@ -33458,7 +33458,7 @@ var require_application = __commonJS({
     var compileETag = require_utils4().compileETag;
     var compileQueryParser = require_utils4().compileQueryParser;
     var compileTrust = require_utils4().compileTrust;
-    var resolve14 = __require("node:path").resolve;
+    var resolve15 = __require("node:path").resolve;
     var once = require_once();
     var Router = require_router();
     var slice = Array.prototype.slice;
@@ -33512,7 +33512,7 @@ var require_application = __commonJS({
       this.mountpath = "/";
       this.locals.settings = this.settings;
       this.set("view", View);
-      this.set("views", resolve14("views"));
+      this.set("views", resolve15("views"));
       this.set("jsonp callback name", "callback");
       if (env === "production") {
         this.enable("view cache");
@@ -34970,9 +34970,9 @@ var require_send = __commonJS({
     var util2 = __require("util");
     var extname3 = path4.extname;
     var join19 = path4.join;
-    var normalize = path4.normalize;
-    var resolve14 = path4.resolve;
-    var sep2 = path4.sep;
+    var normalize2 = path4.normalize;
+    var resolve15 = path4.resolve;
+    var sep3 = path4.sep;
     var BYTES_RANGE_REGEXP = /^ *bytes=/;
     var MAX_MAXAGE = 60 * 60 * 24 * 365 * 1e3;
     var UP_PATH_REGEXP = /(?:^|[\\/])\.\.(?:[\\/]|$)/;
@@ -35000,7 +35000,7 @@ var require_send = __commonJS({
       this._maxage = opts.maxAge || opts.maxage;
       this._maxage = typeof this._maxage === "string" ? ms(this._maxage) : Number(this._maxage);
       this._maxage = !isNaN(this._maxage) ? Math.min(Math.max(0, this._maxage), MAX_MAXAGE) : 0;
-      this._root = opts.root ? resolve14(opts.root) : null;
+      this._root = opts.root ? resolve15(opts.root) : null;
     }
     util2.inherits(SendStream, Stream);
     SendStream.prototype.error = function error2(status, err) {
@@ -35133,23 +35133,23 @@ var require_send = __commonJS({
       var parts;
       if (root !== null) {
         if (path5) {
-          path5 = normalize("." + sep2 + path5);
+          path5 = normalize2("." + sep3 + path5);
         }
         if (UP_PATH_REGEXP.test(path5)) {
           debug('malicious path "%s"', path5);
           this.error(403);
           return res;
         }
-        parts = path5.split(sep2);
-        path5 = normalize(join19(root, path5));
+        parts = path5.split(sep3);
+        path5 = normalize2(join19(root, path5));
       } else {
         if (UP_PATH_REGEXP.test(path5)) {
           debug('malicious path "%s"', path5);
           this.error(403);
           return res;
         }
-        parts = normalize(path5).split(sep2);
-        path5 = resolve14(path5);
+        parts = normalize2(path5).split(sep3);
+        path5 = resolve15(path5);
       }
       if (containsDotFile(parts)) {
         debug('%s dotfile "%s"', this._dotfiles, path5);
@@ -35242,7 +35242,7 @@ var require_send = __commonJS({
       var self = this;
       debug('stat "%s"', path5);
       fs3.stat(path5, function onstat(err, stat) {
-        var pathEndsWithSep = path5[path5.length - 1] === sep2;
+        var pathEndsWithSep = path5[path5.length - 1] === sep3;
         if (err && err.code === "ENOENT" && !extname3(path5) && !pathEndsWithSep) {
           return next(err);
         }
@@ -35527,7 +35527,7 @@ var require_response = __commonJS({
     var cookie = require_cookie();
     var send = require_send();
     var extname3 = path4.extname;
-    var resolve14 = path4.resolve;
+    var resolve15 = path4.resolve;
     var vary = require_vary();
     var { Buffer: Buffer2 } = __require("node:buffer");
     var res = Object.create(http.ServerResponse.prototype);
@@ -35733,7 +35733,7 @@ var require_response = __commonJS({
       }
       opts = Object.create(opts);
       opts.headers = headers;
-      var fullPath = !opts.root ? resolve14(path5) : path5;
+      var fullPath = !opts.root ? resolve15(path5) : path5;
       return this.sendFile(fullPath, opts, done);
     };
     res.contentType = res.type = function contentType(type2) {
@@ -35982,7 +35982,7 @@ var require_serve_static = __commonJS({
     var encodeUrl = require_encodeurl();
     var escapeHtml = require_escape_html();
     var parseUrl = require_parseurl();
-    var resolve14 = __require("path").resolve;
+    var resolve15 = __require("path").resolve;
     var send = require_send();
     var url = __require("url");
     module.exports = serveStatic;
@@ -36001,7 +36001,7 @@ var require_serve_static = __commonJS({
         throw new TypeError("option setHeaders must be function");
       }
       opts.maxage = opts.maxage || opts.maxAge || 0;
-      opts.root = resolve14(root);
+      opts.root = resolve15(root);
       var onDirectory = redirect ? createRedirectDirectoryListener() : createNotFoundDirectoryListener();
       return function serveStatic2(req, res, next) {
         if (req.method !== "GET" && req.method !== "HEAD") {
@@ -36695,8 +36695,8 @@ var require_main = __commonJS({
         const shortPaths = [];
         for (const filePath of optionPaths) {
           try {
-            const relative = path4.relative(process.cwd(), filePath);
-            shortPaths.push(relative);
+            const relative2 = path4.relative(process.cwd(), filePath);
+            shortPaths.push(relative2);
           } catch (e) {
             if (debug) {
               _debug(`Failed to load ${filePath} ${e.message}`);
@@ -36992,7 +36992,7 @@ var init_temp_dir = __esm({
 import { clearTimeout as clearTimeout2, setTimeout as setTimeout2 } from "timers";
 function waitForProcessReady(child, name, opts) {
   const timeoutMs = opts?.timeoutMs ?? DEFAULT_READY_TIMEOUT_MS;
-  return new Promise((resolve14, reject) => {
+  return new Promise((resolve15, reject) => {
     let settled = false;
     const cleanup = () => {
       settled = true;
@@ -37006,13 +37006,13 @@ function waitForProcessReady(child, name, opts) {
       if (settled) return;
       logger.debug(`${name}: ready (stderr output detected)`);
       cleanup();
-      resolve14();
+      resolve15();
     };
     const onStdout = () => {
       if (settled) return;
       logger.debug(`${name}: ready (stdout output detected)`);
       cleanup();
-      resolve14();
+      resolve15();
     };
     const onError = (error2) => {
       if (settled) return;
@@ -37028,7 +37028,7 @@ function waitForProcessReady(child, name, opts) {
       if (settled) return;
       logger.warn(`${name}: readiness timeout (${timeoutMs} ms) \u2014 proceeding anyway`);
       cleanup();
-      resolve14();
+      resolve15();
     }, timeoutMs);
     child.stderr?.on("data", onStderr);
     child.stdout?.on("data", onStdout);
@@ -37196,7 +37196,7 @@ var init_language_server = __esm({
           method,
           params
         };
-        return new Promise((resolve14, reject) => {
+        return new Promise((resolve15, reject) => {
           const timer = setTimeout3(() => {
             if (this.pendingResponses.has(id)) {
               this.pendingResponses.delete(id);
@@ -37210,7 +37210,7 @@ var init_language_server = __esm({
             },
             resolve: (val) => {
               clearTimeout3(timer);
-              resolve14(val);
+              resolve15(val);
             }
           });
           this.sendMessage(message);
@@ -37299,7 +37299,7 @@ var init_language_server = __esm({
           throw new Error("Language server is not initialized");
         }
         const documentUri = uri || pathToFileURL(join2(getProjectTmpDir("lsp-eval"), "eval.ql")).href;
-        return new Promise((resolve14, reject) => {
+        return new Promise((resolve15, reject) => {
           let diagnosticsReceived = false;
           const timeout = setTimeout3(() => {
             if (!diagnosticsReceived) {
@@ -37315,7 +37315,7 @@ var init_language_server = __esm({
               this.sendNotification("textDocument/didClose", {
                 textDocument: { uri: documentUri }
               });
-              resolve14(params.diagnostics);
+              resolve15(params.diagnostics);
             }
           };
           this.on("diagnostics", diagnosticsHandler);
@@ -37375,6 +37375,28 @@ var init_language_server = __esm({
         });
         return this.normalizeLocations(result);
       }
+      /**
+       * Get document symbols (i.e. top-level declarations) for a file.
+       * Returns a hierarchical DocumentSymbol[] when the server supports it, or a
+       * flat SymbolInformation[] otherwise.  Top-level symbols are the root nodes
+       * of the returned array.
+       */
+      async getDocumentSymbols(params) {
+        if (!this.isInitialized) {
+          throw new Error("Language server is not initialized");
+        }
+        if (!this.isRunning()) {
+          throw new Error("Language server process is not running");
+        }
+        const result = await this.sendRequest("textDocument/documentSymbol", params);
+        if (!result || !Array.isArray(result) || result.length === 0) {
+          return [];
+        }
+        if ("selectionRange" in result[0]) {
+          return result;
+        }
+        return result;
+      }
       /**
        * Open a text document in the language server.
        * The document must be opened before requesting completions, definitions, etc.
@@ -37430,22 +37452,22 @@ var init_language_server = __esm({
         } catch (error2) {
           logger.warn("Error during graceful shutdown:", error2);
         }
-        await new Promise((resolve14) => {
+        await new Promise((resolve15) => {
           const timer = setTimeout3(() => {
             if (this.server) {
               this.server.kill("SIGTERM");
             }
-            resolve14();
+            resolve15();
           }, 1e3);
           if (this.server) {
             this.server.once("exit", () => {
               clearTimeout3(timer);
               this.server = null;
-              resolve14();
+              resolve15();
             });
           } else {
             clearTimeout3(timer);
-            resolve14();
+            resolve15();
           }
         });
         this.isInitialized = false;
@@ -37535,8 +37557,8 @@ var init_query_server = __esm({
           method,
           params
         };
-        return new Promise((resolve14, reject) => {
-          this.pendingRequests.set(id, { reject, resolve: resolve14 });
+        return new Promise((resolve15, reject) => {
+          this.pendingRequests.set(id, { reject, resolve: resolve15 });
           try {
             this.sendRaw(message);
           } catch (error2) {
@@ -37550,7 +37572,7 @@ var init_query_server = __esm({
               reject(new Error(`Query server request timeout for method: ${method}`));
             }
           }, timeoutMs);
-          const originalResolve = resolve14;
+          const originalResolve = resolve15;
           const originalReject = reject;
           const wrapped = {
             reject: (err) => {
@@ -37578,23 +37600,23 @@ var init_query_server = __esm({
         } catch (error2) {
           logger.warn("Error during query server graceful shutdown:", error2);
         }
-        await new Promise((resolve14) => {
+        await new Promise((resolve15) => {
           const timer = setTimeout4(() => {
             if (this.process) {
               this.process.kill("SIGTERM");
               this.process = null;
             }
-            resolve14();
+            resolve15();
           }, 2e3);
           if (this.process) {
             this.process.once("exit", () => {
               clearTimeout4(timer);
               this.process = null;
-              resolve14();
+              resolve15();
             });
           } else {
             clearTimeout4(timer);
-            resolve14();
+            resolve15();
           }
         });
       }
@@ -37755,9 +37777,9 @@ var init_cli_server = __esm({
        * @returns The stdout output from the command.
        */
       runCommand(args) {
-        return new Promise((resolve14, reject) => {
+        return new Promise((resolve15, reject) => {
           const execute = () => {
-            this.executeCommand({ args, reject, resolve: resolve14 });
+            this.executeCommand({ args, reject, resolve: resolve15 });
           };
           if (this.commandInProgress) {
             this.commandQueue.push(execute);
@@ -37780,23 +37802,23 @@ var init_cli_server = __esm({
         } catch (error2) {
           logger.warn("Error during CLI server shutdown request:", error2);
         }
-        await new Promise((resolve14) => {
+        await new Promise((resolve15) => {
           const timer = setTimeout5(() => {
             if (this.process) {
               this.process.kill("SIGTERM");
               this.process = null;
             }
-            resolve14();
+            resolve15();
           }, 2e3);
           if (this.process) {
             this.process.once("exit", () => {
               clearTimeout5(timer);
               this.process = null;
-              resolve14();
+              resolve15();
             });
           } else {
             clearTimeout5(timer);
-            resolve14();
+            resolve15();
           }
         });
         this.commandInProgress = false;
@@ -38041,11 +38063,11 @@ var init_server_manager = __esm({
       async warmUpLanguageServer() {
         try {
           const { packageRootDir: packageRootDir2 } = await Promise.resolve().then(() => (init_package_paths(), package_paths_exports));
-          const { resolve: resolve14 } = await import("path");
+          const { resolve: resolve15 } = await import("path");
           const config2 = {
             checkErrors: "ON_CHANGE",
             loglevel: "WARN",
-            searchPath: resolve14(packageRootDir2, "ql")
+            searchPath: resolve15(packageRootDir2, "ql")
           };
           logger.info("Warming up language server (background JVM start)...");
           await this.getLanguageServer(config2);
@@ -40527,8 +40549,8 @@ var require_adm_zip = __commonJS({
         return null;
       }
       function fixPath(zipPath) {
-        const { join: join19, normalize, sep: sep2 } = pth.posix;
-        return join19(".", normalize(sep2 + zipPath.split("\\").join(sep2) + sep2));
+        const { join: join19, normalize: normalize2, sep: sep3 } = pth.posix;
+        return join19(".", normalize2(sep3 + zipPath.split("\\").join(sep3) + sep3));
       }
       function filenameFilter(filterfn) {
         if (filterfn instanceof RegExp) {
@@ -40923,10 +40945,10 @@ var require_adm_zip = __commonJS({
          * @param {function|string} [props.namefix] - optional function to help fix filename
          */
         addLocalFolderPromise: function(localPath2, props) {
-          return new Promise((resolve14, reject) => {
+          return new Promise((resolve15, reject) => {
             this.addLocalFolderAsync2(Object.assign({ localPath: localPath2 }, props), (err, done) => {
               if (err) reject(err);
-              if (done) resolve14(this);
+              if (done) resolve15(this);
             });
           });
         },
@@ -41113,12 +41135,12 @@ var require_adm_zip = __commonJS({
           keepOriginalPermission = get_Bool(false, keepOriginalPermission);
           overwrite = get_Bool(false, overwrite);
           if (!callback) {
-            return new Promise((resolve14, reject) => {
+            return new Promise((resolve15, reject) => {
               this.extractAllToAsync(targetPath, overwrite, keepOriginalPermission, function(err) {
                 if (err) {
                   reject(err);
                 } else {
-                  resolve14(this);
+                  resolve15(this);
                 }
               });
             });
@@ -41216,11 +41238,11 @@ var require_adm_zip = __commonJS({
                  */
         writeZipPromise: function(targetFileName, props) {
           const { overwrite, perm } = Object.assign({ overwrite: true }, props);
-          return new Promise((resolve14, reject) => {
+          return new Promise((resolve15, reject) => {
             if (!targetFileName && opts.filename) targetFileName = opts.filename;
             if (!targetFileName) reject("ADM-ZIP: ZIP File Name Missing");
             this.toBufferPromise().then((zipData) => {
-              const ret = (done) => done ? resolve14(done) : reject("ADM-ZIP: Wasn't able to write zip file");
+              const ret = (done) => done ? resolve15(done) : reject("ADM-ZIP: Wasn't able to write zip file");
               filetools.writeFileToAsync(targetFileName, zipData, overwrite, perm, ret);
             }, reject);
           });
@@ -41229,8 +41251,8 @@ var require_adm_zip = __commonJS({
          * @returns {Promise<Buffer>} A promise to the Buffer.
          */
         toBufferPromise: function() {
-          return new Promise((resolve14, reject) => {
-            _zip.toAsyncBuffer(resolve14, reject);
+          return new Promise((resolve15, reject) => {
+            _zip.toAsyncBuffer(resolve15, reject);
           });
         },
         /**
@@ -53328,7 +53350,7 @@ var Protocol = class {
           return;
         }
         const pollInterval = task2.pollInterval ?? this._options?.defaultTaskPollInterval ?? 1e3;
-        await new Promise((resolve14) => setTimeout(resolve14, pollInterval));
+        await new Promise((resolve15) => setTimeout(resolve15, pollInterval));
         options?.signal?.throwIfAborted();
       }
     } catch (error2) {
@@ -53345,7 +53367,7 @@ var Protocol = class {
    */
   request(request, resultSchema, options) {
     const { relatedRequestId, resumptionToken, onresumptiontoken, task, relatedTask } = options ?? {};
-    return new Promise((resolve14, reject) => {
+    return new Promise((resolve15, reject) => {
       const earlyReject = (error2) => {
         reject(error2);
       };
@@ -53423,7 +53445,7 @@ var Protocol = class {
           if (!parseResult.success) {
             reject(parseResult.error);
           } else {
-            resolve14(parseResult.data);
+            resolve15(parseResult.data);
           }
         } catch (error2) {
           reject(error2);
@@ -53684,12 +53706,12 @@ var Protocol = class {
       }
     } catch {
     }
-    return new Promise((resolve14, reject) => {
+    return new Promise((resolve15, reject) => {
       if (signal.aborted) {
         reject(new McpError(ErrorCode.InvalidRequest, "Request cancelled"));
         return;
       }
-      const timeoutId = setTimeout(resolve14, interval);
+      const timeoutId = setTimeout(resolve15, interval);
       signal.addEventListener("abort", () => {
         clearTimeout(timeoutId);
         reject(new McpError(ErrorCode.InvalidRequest, "Request cancelled"));
@@ -54789,7 +54811,7 @@ var McpServer = class {
     let task = createTaskResult.task;
     const pollInterval = task.pollInterval ?? 5e3;
     while (task.status !== "completed" && task.status !== "failed" && task.status !== "cancelled") {
-      await new Promise((resolve14) => setTimeout(resolve14, pollInterval));
+      await new Promise((resolve15) => setTimeout(resolve15, pollInterval));
       const updatedTask = await extra.taskStore.getTask(taskId);
       if (!updatedTask) {
         throw new McpError(ErrorCode.InternalError, `Task ${taskId} not found during polling`);
@@ -55432,12 +55454,12 @@ var StdioServerTransport = class {
     this.onclose?.();
   }
   send(message) {
-    return new Promise((resolve14) => {
+    return new Promise((resolve15) => {
       const json2 = serializeMessage(message);
       if (this._stdout.write(json2)) {
-        resolve14();
+        resolve15();
       } else {
-        this._stdout.once("drain", resolve14);
+        this._stdout.once("drain", resolve15);
       }
     });
   }
@@ -55870,7 +55892,7 @@ var responseViaResponseObject = async (res, outgoing, options = {}) => {
         });
         if (!chunk) {
           if (i === 1) {
-            await new Promise((resolve14) => setTimeout(resolve14));
+            await new Promise((resolve15) => setTimeout(resolve15));
             maxReadCount = 3;
             continue;
           }
@@ -56366,9 +56388,9 @@ data:
       const initRequest = messages.find((m) => isInitializeRequest(m));
       const clientProtocolVersion = initRequest ? initRequest.params.protocolVersion : req.headers.get("mcp-protocol-version") ?? DEFAULT_NEGOTIATED_PROTOCOL_VERSION;
       if (this._enableJsonResponse) {
-        return new Promise((resolve14) => {
+        return new Promise((resolve15) => {
           this._streamMapping.set(streamId, {
-            resolveJson: resolve14,
+            resolveJson: resolve15,
             cleanup: () => {
               this._streamMapping.delete(streamId);
             }
@@ -56703,7 +56725,7 @@ var import_express = __toESM(require_express2(), 1);
 var import_cors = __toESM(require_lib3(), 1);
 var import_dotenv = __toESM(require_main(), 1);
 import { realpathSync as realpathSync2 } from "fs";
-import { resolve as resolve13 } from "path";
+import { resolve as resolve14 } from "path";
 import { pathToFileURL as pathToFileURL5 } from "url";
 
 // src/lib/cli-tool-registry.ts
@@ -57272,6 +57294,11 @@ function registerCLITool(server, definition) {
               positionalArgs = [...positionalArgs, query];
             }
             break;
+          case "codeql_resolve_library-path":
+            if (query) {
+              options.query = query;
+            }
+            break;
           case "codeql_resolve_queries":
             if (directory) {
               positionalArgs = [...positionalArgs, directory];
@@ -62790,19 +62817,19 @@ var codeqlResolveLanguagesTool = {
 // src/tools/codeql/resolve-library-path.ts
 var codeqlResolveLibraryPathTool = {
   name: "codeql_resolve_library-path",
-  description: "Resolve library path for CodeQL queries and libraries",
+  description: "Resolve paths to source code for all libraries used by, or available to, the given CodeQL query or qll file.",
   command: "codeql",
   subcommand: "resolve library-path",
   inputSchema: {
-    language: external_exports.string().optional().describe("Programming language to resolve library path for"),
+    query: external_exports.string().describe("Path to a .ql or .qll file for the context to perform resolution for."),
     format: external_exports.enum(["text", "json", "betterjson"]).optional().describe("Output format for library path information"),
     verbose: external_exports.boolean().optional().describe("Enable verbose output"),
     additionalArgs: external_exports.array(external_exports.string()).optional().describe("Additional command-line arguments")
   },
   examples: [
-    "codeql resolve library-path --language=java",
-    "codeql resolve library-path --format=json --language=python",
-    "codeql resolve library-path --format=betterjson"
+    "codeql resolve library-path --query=/path/to/query.ql",
+    "codeql resolve library-path --format=json --query=/path/to/query.ql",
+    "codeql resolve library-path --format=betterjson --query=/path/to/query.ql"
   ],
   resultProcessor: defaultCLIResultProcessor
 };
@@ -62826,6 +62853,24 @@ var codeqlResolveMetadataTool = {
   resultProcessor: defaultCLIResultProcessor
 };
 
+// src/tools/codeql/resolve-packs.ts
+var codeqlResolvePacksTool = {
+  name: "codeql_resolve_packs",
+  description: "Resolve packs available within a project directory, provided as a search path, and the source roots of those available packs.",
+  command: "codeql",
+  subcommand: "resolve packs",
+  inputSchema: {
+    "search-path": external_exports.string().describe('The project root, to search packs available in the project. Typically the ".", or the current working directory.'),
+    format: external_exports.enum(["text", "json", "betterjson"]).optional().describe("Output format for qlref resolution"),
+    verbose: createCodeQLSchemas.verbose(),
+    additionalArgs: createCodeQLSchemas.additionalArgs()
+  },
+  examples: [
+    "codeql resolve packs --search-path=."
+  ],
+  resultProcessor: defaultCLIResultProcessor
+};
+
 // src/tools/codeql/resolve-qlref.ts
 var codeqlResolveQlrefTool = {
   name: "codeql_resolve_qlref",
@@ -63435,6 +63480,7 @@ function registerCodeQLTools(server) {
   registerCLITool(server, codeqlResolveLanguagesTool);
   registerCLITool(server, codeqlResolveLibraryPathTool);
   registerCLITool(server, codeqlResolveMetadataTool);
+  registerCLITool(server, codeqlResolvePacksTool);
   registerCLITool(server, codeqlResolveQlrefTool);
   registerCLITool(server, codeqlResolveQueriesTool);
   registerCLITool(server, codeqlResolveTestsTool);
@@ -63967,6 +64013,39 @@ async function lspReferences(params) {
     server.closeDocument(docUri);
   }
 }
+async function lspDocumentSymbols(params) {
+  logger.info(`LSP documentSymbol for ${params.filePath}`);
+  const server = await getInitializedLanguageServer({
+    serverOptions: { searchPath: params.searchPath },
+    workspaceUri: params.workspaceUri
+  });
+  const paramsWithPosition = {
+    character: 0,
+    line: 0,
+    ...params
+  };
+  const { absPath, docUri } = prepareDocumentPosition(paramsWithPosition);
+  await openDocumentForPosition(server, paramsWithPosition, absPath, docUri);
+  try {
+    return await server.getDocumentSymbols({ textDocument: { uri: docUri } });
+  } finally {
+    server.closeDocument(docUri);
+  }
+}
+function extractNamesFromDocumentSymbols(symbols) {
+  let symbolNames = [];
+  function collectSymbolNames(symbols2) {
+    symbols2.forEach((s) => {
+      const sym = s;
+      symbolNames.push(sym.name ?? "(unknown)");
+      if ("children" in sym && Array.isArray(sym.children)) {
+        collectSymbolNames(sym.children);
+      }
+    });
+  }
+  collectSymbolNames(symbols);
+  return symbolNames;
+}
 
 // src/tools/lsp/lsp-tools.ts
 init_logger();
@@ -63988,6 +64067,12 @@ function toHandlerParams(input) {
     workspaceUri: input.workspace_uri
   };
 }
+var lspFileParamsSchema = {
+  file_content: external_exports.string().optional().describe("Optional file content override (reads from disk if omitted)"),
+  file_path: external_exports.string().describe("Path to the CodeQL (.ql/.qll) file. Relative paths are resolved against the user workspace directory (see CODEQL_MCP_WORKSPACE)."),
+  search_path: external_exports.string().optional().describe("Optional search path for CodeQL libraries"),
+  workspace_uri: external_exports.string().optional().describe("Optional workspace URI for context (defaults to ./ql directory)")
+};
 function registerLSPTools(server) {
   registerLspDiagnosticsTool(server);
   server.tool(
@@ -64083,6 +64168,42 @@ function registerLSPTools(server) {
       }
     }
   );
+  server.tool(
+    "codeql_lsp_document_symbols",
+    "List all top-level definitions (classes, predicates, modules) in a CodeQL file. Response contains location and type information unless names_only is set to true.",
+    {
+      names_only: external_exports.boolean().optional().describe("If true, returns only symbol names as a compact string array instead of full symbol objects. Use this when you only need to know what names a file defines."),
+      ...lspFileParamsSchema
+    },
+    async (input) => {
+      try {
+        const symbols = await lspDocumentSymbols({
+          fileContent: input.file_content,
+          filePath: input.file_path,
+          searchPath: input.search_path,
+          workspaceUri: input.workspace_uri
+        });
+        let result;
+        if (input.names_only) {
+          result = extractNamesFromDocumentSymbols(symbols);
+        } else {
+          result = symbols;
+        }
+        return {
+          content: [{
+            text: JSON.stringify({ symbolCount: result.length, symbols: result }, null, 2),
+            type: "text"
+          }]
+        };
+      } catch (error2) {
+        logger.error("codeql_lsp_document_symbols error:", error2);
+        return {
+          content: [{ text: `Error: ${error2 instanceof Error ? error2.message : "Unknown error"}`, type: "text" }],
+          isError: true
+        };
+      }
+    }
+  );
 }
 
 // src/resources/languages/actions_ast.md
@@ -64257,7 +64378,12 @@ function registerLanguageResources(server) {
 }
 
 // src/prompts/workflow-prompts.ts
-import { basename as basename7 } from "path";
+import { access as access2 } from "fs/promises";
+import { basename as basename7, isAbsolute as isAbsolute7, normalize, relative, resolve as resolve13, sep as sep2 } from "path";
+import { fileURLToPath as fileURLToPath3 } from "url";
+
+// src/prompts/check-for-duplicated-code.prompt.md
+var check_for_duplicated_code_prompt_default = '---\nagent: agent\n---\n\n# Check for Duplicated Code\n\nUse the MCP server tools to identify classes, modules, and predicates defined in a\n`.ql` or `.qll` file and check for possible "duplicated code," where duplicated code\nis defined to be:\n\n- Reimplementing functionality that already exists in the standard library, or shared project `.qll` files, and\n- The local definition is identical, or semantically equivalent, or superior to the library definition, or\n- The local definition could be simplified by reusing the existing definition (e.g. a base class already exists that captures some of the shared logic)\n\nHere are some examples:\n\n```ql\nimport cpp\n\n// Duplicated: `StandardNamespace` already exists in the standard library and is identical\nclass NamespaceStd extends Namespace {\n  NamespaceStd() { this.getName() = "std" }\n}\n\n// Duplicated: class should extend `Operator`, not `Function`\nclass ThrowingOperator extends Function {\n  ThrowingOperator() {\n    // Duplicated: this check is implied by using base class `Operator`\n    this.getName().matches("%operator%") and\n    and exists(ThrowExpr te |\n      // Duplicated: this is equivalent to `te.getEnclosingFunction() = this`\n      te.getParent*() = this.getAChild()\n    )\n  }\n\n  // Duplicated: member predicate `getDeclaringType()` already does this.\n  Class getDefiningClass() { ... }\n}\n\n// Duplicated: `ControlFlowNode.getASuccessor()` already exists in `cpp` and is superior\npredicate getASuccessor(Stmt a, Stmt b) {\n  exists(Block b, int i | a = b.getChild(i) and b = b.getChild(i + 1))\n}\n\n// Duplicated: prefer to import `semmle.code.cpp.controlflow.Dominance`, defined in dependency pack `cpp-all`\npredicate dominates(Block a, Block b) { ... }\n```\n\nDuplicate code removal isn\'t done arbitrarily, but for several key reasons:\n\n- **Maintainability**: Duplicated code must be maintained separately, may diverge and have different bugs\n- **Simplicity**: Relying on existing definitions reduces the amount of code to read and understand\n- **Readability**: Existing definitions map wrap complex ideas into readable names\n- **Consistency**: A single source of truth makes for a more consistent user experience across queries\n- **Completeness/Correctness**: Recreating an already-existing definition can miss edge cases, resulting in false positives or false negatives\n\n## Use This Prompt When\n\n- A query file defines a class or predicate whose name sounds generic (e.g.\n  `StandardNamespace`, `Callable`, `SecurityFeature`)\n- Refactoring a query that was written before a relevant library predicate existed\n- Reviewing a shared `.qll` file to check whether its helpers have been upstreamed\n  into the standard library in a newer CodeQL version\n- Performing a code-quality audit across a suite of custom queries\n\n## Prerequisites\n\n1. The file path of the `.ql` or `.qll` file to audit for code duplication\n2. Understand which packs are imported by `qlpack.yml`\n3. Understand where the relevant language library packs are located (e.g. `~/.codeql`)\n4. Understand where project-specific library packs are located (e.g. `$LANGUAGE/lib` or `$LANGUAGE/common`)\n5. Understand where pack-specific shared `.qll` files are located (e.g. `$PACKROOT/common/*.qll`)\n\n## Overview of the Approach\n\nThe core idea is to enumerate every top-level name defined in the file under review.\nThen, find candidate `.qll` files, based on file name and path, that are available to\nthat `.ql` file in review. Then, enumerate the top-level names in each candidate\n`.qll` file, to find potential duplicates, dive further if necessary, and then report\nthe findings as code improvement recommendations to the user.\n\n1. **Read the file** to see its imports and top-level structure\n2. **Enumerate top-level definitions** with `codeql_lsp_document_symbols`\n3. **Find available .qll files** in the `.ql` file\'s pack, and its dependencies, including the standard library\n4. **Identify promising .qll file candidates** based on their file name and path\n5. **Enumerate top-level definitions in candidate `.qll` files** with `codeql_lsp_document_symbols`\n6. **Detect overlap, comparing definitions if unclear** (e.g. by using `find_predicate_position` and `find_class_position` tools)\n7. **Report findings** as a set of recommendations to the user about which definitions could be improved, by reusing which existing definitions\n\n## Step 1: Read the File and Note Its Imports\n\n```text\nTool: read_file\nParameters:\n  file_path: /path/to/query.ql\n  start_line: 1\n  end_line: 60   # enough to see all imports\n```\n\nRecord every `import` statement. These are the namespaces the standard library\nexposes; duplication is only meaningful for libraries that are already imported (or\neasily importable).\n\n## Step 2: Enumerate Top-Level Definitions\n\nUse `codeql_lsp_document_symbols` to retrieve every class, predicate, and module\ndefined at the top level of the file in a single call:\n\n```text\nTool: codeql_lsp_document_symbols\nParameters:\n  file_path: /path/to/query.ql\n  names_only: true                    # provides significantly smaller response payload\n  workspace_uri: /path/to/pack-root   # directory containing codeql-pack.yml\n```\n\nThe response contains a `symbols` array. Each entry has:\n\n- `name` \u2014 the identifier as written in source\n- `kind` \u2014 numeric SymbolKind (5 = Class, 12 = Function/predicate, 2 = Module, etc.)\n- `range` \u2014 the full definition range (0-based lines)\n- `selectionRange` \u2014 the range of just the name token\n- `children` \u2014 nested members (for classes and modules)\n\nTop-level symbols are the root nodes of the array; `children` hold member\npredicates and fields.\n\n## Step 3. Read the filesystem to find candidate library `.qll` files\n\nRun the tool `codeql_resolve_library-path` with the given ql query file to find where\nthe available library sources live.\n\nFor each source root, run `find $ROOT -name "*.qll"` to find all `.qll` files\navailable in that pack. Do not preemptively filter this list of qll files. The names\nof the files may be broad or nondescriptive. Read all file names for each project to\nunderstand its structure and responsibilities before proceeding to step 3d.\n\nChoose promising candidate `.qll` files you found in the previous step. Pick\ncandidates that may potentially define behavior relevant to the current query and its\nenumerated definitions, based on the candidate filename, path, and priority.\n\nPrioritize as follows:\n\n- `.qll` files in the same directory as the query file have the absolute highest priority\n- `.qll` files in the same pack have the next extremely high priority\n- `.qll` files in project-specific library packs have the very high priority\n- `.qll` files in downloaded direct dependencies have standard priority\n- `.qll` files in transitive dependencies have the least priority.\n\n## Step 4: Identify candidate terms in the candidate library `.qll` files\n\nEnumerate the top-level definitions for each candidate `.qll` file using the tool\n`codeql_lsp_document_symbols` again. Some top levels may clearly match the name or\npurpose of a definition in the query file, while others may only appear as possibly\nrelated.\n\n```text\nTool: codeql_lsp_document_symbols\nParameters:\n  file_path: /path/to/library/file.qll\n  workspace_uri: /path/to/pack-root\n```\n\n## Step 5: Perform final overlap analysis\n\nFor each promising candidate, identify the predicate or class definitions that may overlap. One definition will be in the query file (`.ql`) and the other will be in the library file (`.qll`).\n\nUsing the tools `find_predicate_position` and `find_class_position`, you can retrieve the full definition of each predicate or class, and compare them to determine whether they are identical, equivalent, overlapping, or if one is a superior implementation that could be reused by the query file.\n\nDutifully analyze whether the shared library file definition would reduce code duplication in the categories identified before: maintenance, simplicity, readability, consistency, and completeness/correctness. Consider contextual factors such as comments explaining why the local definition differs from the library one, or whether the local definition is a thin wrapper around the library definition that adds value (e.g. by improving naming or adding extra checks).\n\nDo not go on a wild goose chase trying to find every possible overlap. Consider the likelihood of overlap based on the broadness of functionality, and the value that would be brought be reuse. Do not waste significant time on unimportant or unlikely overlaps.\n\n## Step 6: Report Findings\n\nFor each duplicate found, report:\n\n| Local name          | Local file    | import path                      | Notes      |\n| ------------------- | ------------- | -------------------------------- | ---------- |\n| `StandardNamespace` | `query.ql:42` | already imported in `import cpp` | Identical  |\n| `myHelper`          | `query.ql:80` | `import myproject.Helpers`       | Equivalent |\n| `myHelper`          | `query.ql:80` | `import myproject.Helpers`       | Equivalent |\n\nRecommend one of:\n\n- **Replace**: remove the local definition and use the standard definition directly instead\n- **Integrate**: refactor and simplify the local definition by making use of the standard definition\n- **Annotate**: add comments to the local definition to explain how it differs from the standard definition and why the duplication is necessary\n\nAdditionally, report if any issues came up in using the tools, or finding the qll files.\n\nFor each concept for which no duplicate was found, provide at most a **brief** description of what the concept is. Do not provide a long detailed explanation of a non-finding.\n\n# Conclusion\n\nDo **not** perform any updates to any code during this analysis.\n\nAs you work through completing this task, ask yourself:\n\n- Have I changed any code, even though that was not my task, or am I about to? Stop, do not change any code!\n- Did I sufficiently analyze the definitions such that I likely found most overlapping definitions?\n- Will my suggestions improve the maintainability, simplicity, readability, consistency, or completeness/correctness of the codebase?\n- Did I report my findings clearly?\n- Did I use the suggested LLM tools to their fullest extent?\n- Did I follow the steps in the recommended order, and not skip any steps?\n- Did I report any issues I had in finding the relevant `.qll` files, or using the tools to analyze definitions?\n';
 
 // src/prompts/document-codeql-query.prompt.md
 var document_codeql_query_prompt_default = '---\nagent: agent\n---\n\n# Document a CodeQL Query\n\nThis prompt guides you through creating or updating documentation for a CodeQL query file. The documentation is stored as a sibling file to the query with a standardized markdown format.\n\n## Purpose\n\nThe `document_codeql_query` prompt creates/updates **query documentation files** for a specific version of a CodeQL query. Documentation files are stored alongside the query file and provide concise yet comprehensive information about what the query does.\n\nFor creating **workshop learning content** with detailed explanations and visual diagrams, use the `explain_codeql_query` prompt instead.\n\n## Required Inputs\n\n- **queryPath**: Path to the CodeQL query file (`.ql` or `.qlref`)\n- **language**: Target programming language (actions, cpp, csharp, go, java, javascript, python, ruby, swift)\n\n## Documentation File Conventions\n\n### File Location and Naming\n\nFor a query file `QueryFileBaseName.ql`, the documentation file should be:\n\n- **Primary**: `QueryFileBaseName.md` (markdown format, preferred)\n- **Legacy**: `QueryFileBaseName.qhelp` (XML-based query help format)\n\nDocumentation files are **siblings** to the query file (same directory).\n\n### Handling Existing Documentation\n\n1. **No documentation exists**: Create new `QueryFileBaseName.md` file\n2. **`.md` file exists**: Update the existing markdown file\n3. **`.qhelp` file exists**: Use #codeql_generate_query-help tool to convert to markdown, then update\n\n## Workflow Checklist\n\nUse the following MCP server tools to gather context before creating documentation:\n\n### Phase 1: Query Discovery\n\n- [ ] **Step 1: Locate query files**\n  - Tool: #find_codeql_query_files\n  - Parameters: `queryPath` = provided query path\n  - Gather: Query source file path, existing documentation files, test files\n  - Check: Does `QueryFileBaseName.md` or `QueryFileBaseName.qhelp` exist?\n\n- [ ] **Step 2: Read query metadata**\n  - Tool: #codeql_resolve_metadata\n  - Parameters: `query` = query file path\n  - Gather: @name, @description, @kind, @id, @tags, @precision, @severity\n\n### Phase 2: Convert Existing qhelp (if needed)\n\n- [ ] **Step 3: Convert qhelp to markdown** (only if `.qhelp` exists)\n  - Tool: #codeql_generate_query-help\n  - Parameters: `query` = query file path, `format` = "markdown"\n  - Use output as starting point for updated documentation\n\n### Phase 3: Gather Query Context\n\n- [ ] **Step 4: Validate query structure**\n  - Tool: #validate_codeql_query\n  - Parameters: `query` = query source code\n  - Gather: Structural validation, suggestions\n  - Note: This is a heuristic check only \u2014 for full validation, use #codeql_query_compile\n\n- [ ] **Step 5: Explore query types** (if deeper understanding needed)\n  - Tool: #codeql_lsp_definition \u2014 navigate to class/predicate definitions\n  - Tool: #codeql_lsp_completion \u2014 explore member predicates on types used in the query\n  - Parameters: `file_path`, `line` (0-based), `character` (0-based), `workspace_uri` (pack root)\n  - Run #codeql_pack_install first \u2014 LSP tools require resolved dependencies\n\n- [ ] **Step 6: Run tests** (if tests exist from Step 1)\n  - Tool: #codeql_test_run\n  - Parameters: `tests` = test directories\n  - Gather: Pass/fail status, confirms query behavior\n\n### Phase 4: Create/Update Documentation\n\nBased on gathered context, create or update the documentation file.\n\n## Documentation Format\n\nThe documentation file (`QueryFileBaseName.md`) should follow this standardized format with these sections:\n\n### Section 1: Title and Description\n\n- H1 heading with the query name from @name metadata\n- One paragraph description from @description, expanded if needed\n\n### Section 2: Metadata Table\n\nA table with these rows:\n\n- ID: The @id value in backticks\n- Kind: The @kind value (problem, path-problem, etc.)\n- Severity: The @severity value\n- Precision: The @precision value\n- Tags: The @tags values\n\n### Section 3: Overview\n\nConcise explanation of what vulnerability/issue this query detects and why it matters. 2-4 sentences.\n\n### Section 4: Recommendation\n\nBrief guidance on how developers should fix issues flagged by this query. Include code patterns to use or avoid.\n\n### Section 5: Example\n\nTwo subsections:\n\n- **Vulnerable Code**: A code block showing a pattern that would be flagged by this query\n- **Fixed Code**: A code block showing the corrected version of the code\n\nUse the appropriate language identifier for the code blocks (e.g., `javascript`, `python`, `java`).\n\n### Section 6: References\n\nA list of links to:\n\n- Relevant CWE if security query\n- Relevant documentation or standards\n- CodeQL documentation for related concepts\n\n## Output Actions\n\nAfter generating documentation content:\n\n1. **For new documentation**: Create the file at `[QueryDirectory]/QueryFileBaseName.md`\n2. **For existing `.md` file**: Update the file with new content, preserving any custom sections\n3. **For existing `.qhelp` file**: Create new `.md` file (keeping `.qhelp` for backward compatibility)\n\n## Important Notes\n\n- **Be concise**: Documentation should be brief but complete. This is reference documentation, not tutorial content.\n- **Keep it current**: Documentation should reflect the current behavior of the query.\n- **Use examples from tests**: If unit tests exist, use those code patterns as examples.\n- **Standard format**: Always use the format above for consistency across all query documentation.\n- **Metadata accuracy**: Ensure documented metadata matches actual query metadata.\n- **For workshops**: Use `explain_codeql_query` prompt when creating workshop content that requires deeper explanations and visual diagrams.\n';
@@ -64265,6 +64391,9 @@ var document_codeql_query_prompt_default = '---\nagent: agent\n---\n\n# Document
 // src/prompts/explain-codeql-query.prompt.md
 var explain_codeql_query_prompt_default = '---\nagent: agent\n---\n\n# Explain a CodeQL Query (Workshop Learning Content)\n\nThis prompt guides you through gathering comprehensive context about a CodeQL query using MCP server tools, then generating detailed explanations suitable for CodeQL workshop learning content.\n\n## Purpose\n\nThe `explain_codeql_query` prompt is designed for creating **learning content** for CodeQL workshops and workshop improvements. It produces in-depth, educational explanations of how a query works, including visual diagrams.\n\nFor creating/updating **query documentation files** (`.md` or `.qhelp`), use the `document_codeql_query` prompt instead.\n\n## Required Inputs\n\n- **queryPath**: Path to the CodeQL query file (`.ql` or `.qlref`)\n- **language**: Target programming language (actions, cpp, csharp, go, java, javascript, python, ruby, swift)\n- **databasePath** (optional): Path to a real CodeQL database for profiling\n\n## Agent AI Instructions\n\n**Critical**: The evaluator logs and profiler outputs from CodeQL can be very large files. Use the MCP server tools to analyze them efficiently:\n\n- Use #profile_codeql_query_from_logs to extract pipeline timing, predicate evaluation order, tuple count progressions, RA operations, and dependencies from evaluator logs \u2014 this single tool provides all evaluator log analysis\n- Use #search_ql_code to find predicates, classes, or patterns across QL library files\n\n## Choosing a Database\n\nSeveral steps below require a CodeQL database. Determine which database to use:\n\n1. **User-provided `databasePath`** \u2014 use this if provided and valid (check with #codeql_resolve_database).\n2. **Test database** \u2014 if Step 1 finds tests, run them in Step 3 to create a `.testproj` database.\n3. **No database available** \u2014 skip Steps 4-6, and base the explanation on source code analysis only.\n\nStore the chosen database path as `$DB` for use in Steps 4-6.\n\n## Workflow Checklist\n\nYou MUST use the following MCP server tools in sequence to gather context before generating your explanation:\n\n### Phase 1: Query Discovery and Validation\n\n- [ ] **Step 1: Locate query files**\n  - Tool: #find_codeql_query_files\n  - Parameters: `queryPath` = provided query path\n  - Gather: Query source file, test files, expected results, metadata location\n  - Note: If tests exist, record the test directory path for later steps\n\n- [ ] **Step 2: Validate query structure**\n  - Tool: #validate_codeql_query\n  - Parameters: `query` = contents of the query file\n  - Gather: Structural validation results, heuristic warnings/suggestions\n\n### Phase 2: Test Execution and Database Creation\n\n- [ ] **Step 3: Run existing tests** (if tests exist from Step 1)\n  - Tool: #codeql_test_run\n  - Parameters: `tests` = array of test directories from Step 1\n  - Purpose: Ensures test database is created and current with test code\n  - Gather: Test pass/fail status, test database path (`.testproj` directory)\n  - **If no tests exist**: Skip this step. Use user-provided `databasePath` as `$DB`.\n\n### Phase 3: Code Structure Analysis (requires `$DB`)\n\nSkip this phase entirely if no database is available.\n\n- [ ] **Step 4: Generate PrintAST output**\n  - Tool: #codeql_query_run\n  - Parameters:\n    - `queryName`: `"PrintAST"`\n    - `queryLanguage`: provided language\n    - `database`: `$DB`\n    - `sourceFiles`: test source file names (or representative source files from the database)\n    - `format`: `"graphtext"`\n  - Gather: AST hierarchy showing code structure representation\n\n- [ ] **Step 5: Generate PrintCFG output** (for key functions)\n  - Tool: #codeql_query_run\n  - Parameters:\n    - `queryName`: `"PrintCFG"`\n    - `queryLanguage`: provided language\n    - `database`: `$DB`\n    - `sourceFunction`: key function name(s) from test code or query source\n    - `format`: `"graphtext"`\n  - Gather: Control flow graph showing execution paths\n\n### Phase 4: Query Profiling and Evaluation Order (requires `$DB`)\n\nSkip this phase entirely if no database is available.\n\n- [ ] **Step 6a: Run the query with evaluator logging**\n  - Tool: #codeql_query_run (or #codeql_database_analyze)\n  - Run the query against `$DB` with evaluator logging enabled\n  - The tool returns the path to the evaluator log file (`.jsonl`)\n\n- [ ] **Step 6b: Profile from evaluator logs**\n  - Tool: #profile_codeql_query_from_logs\n  - Parameters:\n    - `evaluatorLog`: path to the evaluator log file from Step 6a\n  - Gather: Pipeline execution order, predicate timing data, tuple counts\n  - **Critical**: This reveals the actual bottom-up evaluation order of predicates\n\n- [ ] **Step 7: Quick evaluate specific predicates** (as needed)\n  - First, locate the predicate: Tool: #find_predicate_position with `file` and `name`\n  - Then evaluate: Tool: #quick_evaluate with `file`, `db`, and `symbol`\n  - Use when: You need more context on how a specific predicate or class behaves\n  - Note: #find_class_position finds `class` definitions only, not `module` definitions\n  - Note: #find_predicate_position returns 1-based positions; LSP tools use 0-based\n\n### Phase 5: Generate Explanation\n\nBased on all gathered context, generate your explanation with both **verbal** and **visual** components.\n\n## Key Aspects to Analyze in Profiler Output\n\nUnderstanding the query profiler output is critical for explaining how the query actually works. Look for:\n\n1. **Evaluation Order**: Which predicates are evaluated first (base predicates) vs last (dependent predicates)\n2. **Pipeline Timing**: Time taken for each pipeline stage - indicates complexity\n3. **Tuple Counts**: Number of results at each stage - shows data flow volume\n4. **RA Operations**: The relational algebra operations (SCAN, JOIN, AGGREGATE) reveal query execution strategy\n5. **Dependencies**: Which predicates depend on others (shown by evaluation order)\n\n## Output Format\n\n### Verbal Explanation Structure\n\nGenerate a single markdown document with these sections in order:\n\n1. **Query Overview** \u2014 2-3 sentence summary of what the query detects and why it matters.\n2. **Query Metadata** \u2014 Table with: Name, Description, Kind, ID, Tags, Precision, Severity (from `@` annotations).\n3. **What This Query Detects** \u2014 Security implications (CWE/OWASP if applicable), why the pattern is problematic, real-world attack scenarios.\n4. **How the Query Works** \u2014 Two subsections:\n   - **Bottom-Up Evaluation Order**: Evaluation timeline table (Order, Predicate/Pipeline, Time ms, Tuples) derived from profiler data. Explain that CodeQL evaluates bottom-up.\n   - **Key Components**: Imports, classes and characteristic predicates, helper predicates, data flow configuration (sources, sinks, sanitizers, additional flow steps), main query `from`/`where`/`select`.\n5. **Test Code Analysis** (if database was available) \u2014 AST structure insights from PrintAST, control flow insights from PrintCFG.\n6. **Example Patterns** \u2014 Positive test cases (should match) and negative test cases (should not match) with explanations.\n7. **Performance Characteristics** (if profiler data available) \u2014 Most expensive predicates, highest tuple counts, optimization opportunities.\n8. **Limitations and Edge Cases** \u2014 Patterns the query might miss, known false positive scenarios.\n\n### Visual Explanation: Mermaid Evaluation Diagram\n\nGenerate a `mermaid` `flowchart BU` (bottom-up) diagram showing the evaluation order derived from profiler data. Guidelines:\n\n- Use subgraphs to group predicates by evaluation phase (base, intermediate, flow analysis, final select)\n- Label nodes with actual predicate/class names from the query\n- Show dependency edges between predicates\n- Annotate expensive operations with timing (e.g., `[500ms]`)\n- Direction must be `BU` to reflect bottom-up evaluation\n\n## Important Notes\n\n- **Always use tools first**: Do not generate explanations based only on query source code. Use the MCP tools to gather actual runtime data.\n- **Use the profiler tool for evaluator logs**: Evaluator logs can be huge. Use #profile_codeql_query_from_logs which returns compact JSON with per-predicate metrics and a line-indexed detail file. Use `read_file` with the `detailLines` ranges from the response to access full RA operations and tuple progressions for any predicate \u2014 do not use CLI grep or read log files directly.\n- **Evaluation order matters**: CodeQL evaluates bottom-up, not top-down. The profiler output reveals the true execution order.\n- **Focus on learning**: This is for workshop content, so include educational context and explanations suitable for CodeQL learners.\n- **Visual diagrams**: Always include a mermaid diagram showing evaluation order.\n- **Reference documentation**: For actual QL evaluation semantics, see [Evaluation of QL programs](https://codeql.github.com/docs/ql-language-reference/evaluation-of-ql-programs/)\n';
 
+// src/prompts/find-overlapping-queries.prompt.md
+var find_overlapping_queries_prompt_default = '---\nagent: agent\n---\n\n# Find Overlapping Queries and Libraries\n\nUse the MCP server tools to discover existing `.ql` query files and `.qll` library\nfiles whose content may overlap with a new query design \u2014 **before** writing any new\ncode \u2014 so that reusable building blocks can be identified and incorporated rather than\nreimplemented from scratch.\n\n"Overlap" here includes:\n\n- A shared library (`.qll`) that already models a concept central to the new query\n  (e.g. a class representing placement-new expressions, or a predicate identifying\n  types with non-trivial destructors)\n- An existing query (`.ql`) whose logic intersects the new query\'s domain (e.g. an\n  existing query that already detects misuse of placement-new, or already reasons\n  about destructor triviality)\n- Utility predicates or classes in either file type that could be imported and reused\n  directly, reducing the amount of new code needed\n\n## Use This Prompt When\n\n- Starting a new query and wanting to know what library support already exists for\n  the concepts it must model\n- Unsure whether a query (or a close variant) already exists in the codebase\n- Looking for concrete QL code examples of how to model a particular language\n  construct or pattern in the target language\n- Performing an audit of a query suite to identify potential consolidation\n  opportunities\n\n## Prerequisites\n\n1. A clear description of the new query\'s **purpose and target constructs** (e.g.\n   "detect placement-new calls on objects whose type has a non-trivial destructor")\n2. The **target language** (e.g. `cpp`, `java`, `python`)\n3. Optionally, the **pack root** \u2014 the directory containing `codeql-pack.yml` for the\n   pack that will own the new query; this is used to locate project-specific libraries\n   and existing queries in the same suite\n\n## Overview of the Approach\n\nThe core idea is to decompose the new query\'s description into a set of **key\nconcepts**, then search the available `.qll` library files and existing `.ql` query\nfiles for content that relates to those concepts. Finally, report which files contain\nrelevant material and highlight the specific classes, predicates, or modules that\ncould be reused.\n\n1. **Extract key concepts** from the query description\n2. **Resolve available library sources** for the target language and pack\n3. **Find candidate `.qll` files** \u2014 ranked by naming proximity to the key concepts\n4. **Enumerate symbols in candidate `.qll` files** to identify reusable definitions\n5. **Find candidate `.ql` query files** in the same pack and its dependencies\n6. **Inspect overlapping queries** to understand their scope and find reusable logic\n7. **Report findings** \u2014 which files and which specific definitions are most relevant\n\n## Step 1: Extract Key Concepts\n\nBefore touching any tools, decompose the query description into a set of\n**searchable key concepts**: concrete noun phrases (AST node types, predicates,\nlanguage-specific constructs) that are likely to appear in file names or class/\npredicate names.\n\nFor example, "placement-new calls on objects whose type has a non-trivial destructor"\ndecomposes into:\n\n- `PlacementNew` / `placement_new` / `NewExpr`\n- `NonTrivial` / `non_trivial` / `Trivial`\n- `Destructor` / `destructor` / `Dtor`\n\nRecord these key concept terms \u2014 they drive every subsequent search.\n\n## Step 2: Resolve Available Library Sources\n\nUse `codeql_resolve_library-path` to find every source root visible to the target\npack. If no pack root is known yet, use either a representative existing `.ql` file\nin the same language, or the language\'s default library root (typically\n`~/.codeql/packages`).\n\n```text\nTool: codeql_resolve_library-path\nParameters:\n  query:         /path/to/any-existing-query.ql   # or use --additional-packs\n  format:        json\n```\n\nRead the returned list of source roots. For each root, list the directory tree to\nunderstand the overall structure before narrowing your search:\n\n```text\nTool: list_directory\nParameters:\n  path: /returned/source/root\n```\n\nDo **not** preemptively discard any source root based on its name alone. The\nstructure of each root must be understood before filtering.\n\n## Step 3: Find Candidate `.qll` Files\n\nFor each source root, gather all `.qll` file paths:\n\n```text\nShell: find /source/root -name "*.qll" | sort\n```\n\nScan every path using the key concept terms from Step 1. A file is a **candidate**\nif its path or filename contains one or more of those terms, or if it lives in a\ndirectory whose name suggests domain relevance (e.g. `memory/`, `destructors/`,\n`initialization/`).\n\nPrioritize candidates as follows:\n\n- `.qll` files in the same directory as the planned new query \u2014 **highest priority**\n- `.qll` files elsewhere in the same pack \u2014 **very high priority**\n- `.qll` files in project-specific library packs \u2014 **high priority**\n- `.qll` files in downloaded direct dependencies \u2014 **standard priority**\n- `.qll` files in transitive dependencies \u2014 **lower priority**\n\nAim to identify the **top 5\u201310 most promising candidate `.qll` files** before\nproceeding. Breadth is important here: a small `.qll` file named `Destructor.qll`\nis more immediately useful than a 5000-line `Types.qll`, but both should be noted if\nrelevant.\n\n## Step 4: Enumerate Symbols in Candidate `.qll` Files\n\nFor each shortlisted candidate `.qll` file, retrieve its top-level definitions:\n\n```text\nTool: codeql_lsp_document_symbols\nParameters:\n  file_path:     /path/to/Candidate.qll\n  names_only:    true\n  workspace_uri: /path/to/pack-root   # plain directory containing codeql-pack.yml\n```\n\nNote: `workspace_uri` must be a **plain directory path**, not a `file://` URI. All\nline/character positions returned by LSP tools are **0-based**.\n\nScan the returned `symbols` array for classes, predicates, and modules whose names\ncontain or are closely related to the key concept terms. For any promising symbol,\nexpand its definition using `find_predicate_position` or `find_class_position` and\nthen `read_file` to inspect the actual implementation.\n\nNote: `find_predicate_position` and `find_class_position` use **1-based** line\nnumbers.\n\nRecord each relevant symbol as:\n\n```\nFile: /path/to/Candidate.qll\nSymbol: ClassName / predicateName\nRelevance: <which key concept it addresses>\nSummary: <one-sentence description of what it does>\n```\n\n## Step 5: Find Candidate Existing `.ql` Query Files\n\nExisting queries are an equally important source of reusable logic.\n\nFirst, list all `.ql` files in the target pack (and any closely related packs) using\nthe MCP tool `codeql_resolve_queries` or a recursive directory listing:\n\n```text\nTool: codeql_resolve_queries\nParameters:\n  directory: /path/to/pack-root\n  format:    json\n```\n\nOr equivalently:\n\n```text\nShell: find /pack-root -name "*.ql" | sort\n```\n\nScan every file name using the key concept terms from Step 1. A query file is a\n**candidate** if:\n\n- Its file name contains one or more key concept terms, or\n- It lives in a subdirectory whose name suggests domain overlap, or\n- Its containing rule directory (e.g. `RULE-X-Y-Z/`) has a description that overlaps\n  with the new query\'s domain (check `qlpack.yml` query metadata or directory names\n  if available)\n\n## Step 6: Inspect Overlapping Query Files\n\nFor each candidate `.ql` file identified in Step 5:\n\n1. Read the file header (first 60 lines) to understand what the query detects:\n\n   ```text\n   Tool: read_file\n   Parameters:\n     file_path:  /path/to/ExistingQuery.ql\n     start_line: 1\n     end_line:   60\n   ```\n\n2. Use `codeql_lsp_document_symbols` to enumerate its own top-level definitions:\n\n   ```text\n   Tool: codeql_lsp_document_symbols\n   Parameters:\n     file_path:     /path/to/ExistingQuery.ql\n     names_only:    true\n     workspace_uri: /path/to/pack-root\n   ```\n\n3. For any symbol whose name or kind maps to a key concept, retrieve its full\n   definition using `find_predicate_position` / `find_class_position` and `read_file`\n   to determine whether the logic could be reused by the new query.\n\n4. Note the import statements in the existing query. Any shared `.qll` imported\n   there is a strong signal that the same import could benefit the new query.\n\nAim to identify **which specific lines or definitions** are most relevant \u2014 not just\nwhich file \u2014 so that the report gives actionable guidance.\n\n## Step 7: Report Findings\n\n### Relevant Library Definitions (`.qll` files)\n\nPresent a table of reusable definitions found in library files:\n\n| Symbol                 | File                                                       | Kind      | Key Concept  | Notes                                            |\n| ---------------------- | ---------------------------------------------------------- | --------- | ------------ | ------------------------------------------------ |\n| `PlacementNewExpr`     | `semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll:12` | class     | PlacementNew | Models placement-new allocation sites            |\n| `hasTrivialDestructor` | `semmle/code/cpp/Type.qll:340`                             | predicate | Destructor   | Returns true if the type\'s destructor is trivial |\n\nFor each entry, state:\n\n- **How to import it**: the `import` statement needed to access the symbol\n- **How it maps**: which part of the new query could use this definition\n- **Limitation** (if any): cases where the existing definition does not fully cover\n  the new query\'s needs\n\n### Overlapping Existing Queries (`.ql` files)\n\nPresent a table of existing queries whose logic intersects:\n\n| Query file                   | Rule                 | What it detects                                | Overlap area                             |\n| ---------------------------- | -------------------- | ---------------------------------------------- | ---------------------------------------- |\n| `RULE-7-5-3/PlacementNew.ql` | MISRA C++ Rule 7.5.3 | Placement-new calls without matching destroy \u2014 | Placement-new enumeration, type analysis |\n\nFor each overlapping query, state:\n\n- **Shared logic**: the specific class or predicate definitions that could be lifted\n  into a shared `.qll` or imported directly\n- **Divergence**: how the existing query\'s intent differs from the new query\'s intent,\n  so the developer understands what cannot be reused directly\n\n### Summary Recommendation\n\nEnd with a short paragraph (3\u20135 sentences) summarising:\n\n1. Which existing definitions provide the **strongest starting points** for the new\n   query\n2. Whether a **shared `.qll`** should be created to house logic that would otherwise\n   be duplicated\n3. Which aspects of the new query appear to have **no existing foundation** and will\n   require original implementation\n\n## Worked Example\n\n> **Query description**: Detect placement-new calls in C++ involving object types\n> that have a non-trivial destructor, because the caller is responsible for manually\n> invoking the destructor and may forget to do so.\n>\n> **Language**: `cpp`\n>\n> **Pack root**: `/workspace/cpp/misra/src`\n\n**Key concepts extracted**: `PlacementNew`, `NewExpr`, `NonTrivial`, `Trivial`,\n`Destructor`, `Dtor`\n\n**Step 2** \u2014 resolve library paths for a representative query:\n\n```text\nTool: codeql_resolve_library-path\nParameters:\n  query: /workspace/cpp/misra/src/rules/RULE-7-5-1/SomeQuery.ql\n```\n\nReturns roots such as:\n\n- `/workspace/cpp/common/src` (project library)\n- `/workspace/cpp/misra/src` (pack being worked on)\n- `~/.codeql/packages/codeql/cpp-all/1.4.0` (standard library)\n\n**Step 3** \u2014 scanning `~/.codeql/packages/codeql/cpp-all/1.4.0` for `*.qll`:\n\nCandidates matching key concepts:\n\n- `semmle/code/cpp/exprs/New.qll` \u2014 contains `NewExpr`, likely covers placement-new\n- `semmle/code/cpp/Type.qll` \u2014 may contain destructor triviality predicates\n- `semmle/code/cpp/Destructor.qll` (if it exists) \u2014 direct match on `Destructor`\n\n**Step 4** \u2014 `codeql_lsp_document_symbols` on `New.qll`:\n\n```json\n{ "name": "NewExpr",         "kind": 5 }\n{ "name": "NewArrayExpr",    "kind": 5 }\n{ "name": "PlacementNewExpr","kind": 5 }   \u2190 highly relevant\n```\n\n`PlacementNewExpr` in `New.qll` exactly models placement-new allocations \u2014\nthis class should be imported and used directly in the new query rather than\nreimplementing it.\n\n**Step 5** \u2014 scanning `/workspace/cpp/misra/src` for `*.ql`:\n\nCandidates matching key concepts:\n\n- `rules/RULE-12-2-1/DestructorMustBeCalledExplicitly.ql` \u2014 destructor relevance\n- `rules/RULE-6-2-2/PlacementNewLifetime.ql` \u2014 placement-new relevance\n\n**Step 6** \u2014 reading `PlacementNewLifetime.ql` header:\n\nThe file imports `semmle.code.cpp.exprs.New` and defines a local predicate\n`placementNewTarget()` that wraps `PlacementNewExpr.getAllocatedType()`.\nThis predicate and the surrounding type-resolution logic can serve as a template.\n\n# Conclusion\n\nDo **not** write or modify any code during this analysis.\n\nAs you work through this task, ask yourself:\n\n- Have I changed any code, even though that was not my task, or am I about to?\n  Stop, do not change any code!\n- Did I extract enough key concepts to drive a thorough file-name search?\n- Did I inspect both library `.qll` files **and** existing `.ql` query files?\n- Did I identify specific symbols (not just files) that are relevant?\n- Did I report the import path needed to access each reusable symbol?\n- Did I summarise which parts of the new query still require original implementation?\n- Did I use the suggested tools to their fullest extent before concluding?\n- Did I report any difficulties encountered while resolving library paths or reading\n  files?\n';
+
 // src/prompts/ql-lsp-iterative-development.prompt.md
 var ql_lsp_iterative_development_prompt_default = '---\nagent: agent\n---\n\n# Iterative CodeQL Development with LSP Tools\n\nUse the MCP server tools from this prompt to iteratively develop and refine CodeQL queries using the LSP-powered tools.\nThese "iterative" tools work entirely through file paths and numeric positions.\nEvery operation is expressible as a tool call with explicit `file_path`, `line`, and `character` parameters.\nThus, this prompt can be used in any environment where the query files are on disk, and it does not require any special editor integration.\n\n## Use This Prompt When\n\n- Exploring unfamiliar CodeQL libraries to discover available classes and predicates\n- Incrementally building a query clause-by-clause with real-time feedback\n- Navigating from a type usage to its definition to understand its API\n- Finding all usages of a predicate to learn patterns from existing queries\n- Validating query fragments before assembling a complete query\n- Debugging individual predicates by evaluating them in isolation against a database\n\n## Prerequisites\n\n1. A CodeQL pack with `codeql-pack.yml` on disk\n2. Dependencies installed via #codeql_pack_install (pointing at the pack directory)\n3. Query files saved to disk (LSP tools operate on files, not inline strings)\n\n## Key Concept: Positions Are File Path + Line + Character\n\nAll LSP tools identify locations using three values:\n\n- `file_path`: absolute path to a `.ql` or `.qll` file\n- `line`: **0-based** line number (line 1 in the file = `line: 0`)\n- `character`: **0-based** column offset within that line\n\nThe `workspace_uri` parameter must point to the **pack root directory** (the folder\ncontaining `codeql-pack.yml`) for import resolution to work. Without it, completions\nand definitions for imported libraries will be empty.\n\n> **Critical**: LSP line/character positions are 0-based, but `read_file`,\n> #find_predicate_position, and #find_class_position return 1-based positions.\n> Always subtract 1 when passing their output to LSP tools.\n\n## Step 1: Discover Available Types with Completions\n\nUse #codeql_lsp_completion to explore what types and predicates are available at any\nposition in a query file. This replaces manual documentation browsing.\n\n**Example**: To see what classes are available in a `from` clause after `import javascript`:\n\n```text\nTool: codeql_lsp_completion\nParameters:\n  file_path: /path/to/your/query.ql\n  line: 9          # 0-based line of the `from` clause\n  character: 5     # position after `from ` where you want completions\n  workspace_uri: /path/to/pack-root   # directory containing codeql-pack.yml\n```\n\nCompletions include class names with full documentation. For example, requesting\ncompletions in a JavaScript query\'s `from` clause returns 150+ types like\n`CallNode`, `PropWrite`, `RemoteFlowSource`, etc., each with docstrings.\n\n**Exploring member predicates**: To see what methods a variable offers, request\ncompletions after the dot. For example, if `pw` is typed as `DataFlow::PropWrite`,\nrequesting completions at the position after `pw.` returns all member predicates\nlike `getPropertyName()`, `getRhs()`, `getBase()`, `writes(base, prop, rhs)`,\neach with full signature and documentation.\n\n## Step 2: Navigate to Definitions\n\nUse #codeql_lsp_definition to find where a class, predicate, or module is defined.\nThis returns the file URI and line range of the definition \u2014 even into library pack\nfiles you haven\'t opened.\n\n```text\nTool: codeql_lsp_definition\nParameters:\n  file_path: /path/to/your/query.ql\n  line: 11         # 0-based line containing the symbol\n  character: 30    # 0-based column within the symbol name\n  workspace_uri: /path/to/pack-root\n```\n\n**Example**: Navigating to `RemoteFlowSource` at line 12, character 30 returns:\n\n```text\nuri: file:///.../.codeql/packages/codeql/javascript-all/2.6.19/\n     semmle/javascript/security/dataflow/RemoteFlowSources.qll\nstartLine: 14, startCharacter: 17\n```\n\nYou can then read that file to understand the class\'s API. This is how you discover\nwhat predicates a type offers without documentation \u2014 go to the definition and read\nthe source.\n\n## Step 3: Find All References\n\nUse #codeql_lsp_references to find how a symbol is used across the workspace.\n\n```text\nTool: codeql_lsp_references\nParameters:\n  file_path: /path/to/your/query.ql\n  line: 11         # 0-based line\n  character: 30    # 0-based column within the symbol\n  workspace_uri: /path/to/pack-root\n```\n\n> **Scope note**: References are scoped to the pack identified by `workspace_uri`.\n> To find usages in library code, point `workspace_uri` to the library pack root.\n> For usages within your own pack only, point it to your pack root.\n\nThis is invaluable for learning how experienced query authors use a predicate \u2014\nfind real usage examples instead of guessing from documentation.\n\n## Step 4: Locate Symbols with Position Finders\n\nUse #find_predicate_position and #find_class_position to locate where a specific\nsymbol is defined in a file. These return **1-based** line/column positions.\n\n```text\nTool: find_predicate_position\nParameters:\n  file: /path/to/your/query.ql\n  name: isSource\nReturns: { start_line: 12, start_col: 13, end_line: 12, end_col: 20 }\n```\n\n> **Note**: #find_class_position finds `class` definitions only \u2014 it does not find\n> `module` definitions. Use #find_predicate_position for predicates inside modules,\n> or use #search_ql_code to search across QL files by text or regex pattern.\n\n**Combining with LSP tools**: To navigate to a predicate\'s definition in library code:\n\n1. Use #find_predicate_position to get its 1-based position\n2. Subtract 1 from line/col to convert to 0-based\n3. Pass to #codeql_lsp_definition to jump to the underlying type\n\n## Step 5: Quick-Evaluate Individual Predicates\n\nUse #quick_evaluate to evaluate a single predicate or class against a database\nwithout running the full query. This is the fastest way to debug whether a predicate\nmatches what you expect.\n\n```text\nTool: quick_evaluate\nParameters:\n  file: /path/to/your/query.ql\n  db: /path/to/test-database.testproj\n  symbol: isSink\n  output_path: /tmp/quickeval-results   # optional, for inspecting bqrs output\n```\n\nThe tool evaluates just that symbol (predicate or class) and returns the result path.\nUse #codeql_bqrs_decode on the output to inspect results in CSV or JSON format.\n\n## Step 6: Validate at Multiple Levels\n\nUse the right validation tool for each situation:\n\n| Tool                    | Use When                                | Input              | Resolves Imports?   |\n| ----------------------- | --------------------------------------- | ------------------ | ------------------- |\n| #validate_codeql_query  | Quick structural check                  | Inline QL string   | No (heuristic only) |\n| #codeql_lsp_diagnostics | Syntax/semantic validation of fragments | Inline QL string   | No                  |\n| #codeql_query_compile   | Full compilation check                  | On-disk `.ql` file | Yes                 |\n| #codeql_test_run        | End-to-end result validation            | Test directory     | Yes                 |\n\n**#codeql_lsp_diagnostics** validates QL syntax and semantics for inline code snippets,\nbut **cannot resolve `import` statements** (like `import javascript`). Use it for:\n\n- Checking predicate signatures and QL syntax\n- Verifying `from`/`where`/`select` clause structure\n- Catching type errors in import-free QL fragments\n\nFor queries with imports, always use #codeql_query_compile on the saved file.\n\n## Iterative Development Loop\n\n```text\n1. Write/modify a clause in the query file (save to disk)\n     \u2193\n2. codeql_lsp_completion \u2192 verify context is valid (non-empty = good)\n     \u2193\n3. codeql_query_compile \u2192 check for compilation errors\n     \u2193\n4. codeql_test_run \u2192 validate against expected results\n     \u2193\n5. If unexpected results: quick_evaluate on individual predicates\n     \u2193\n6. If predicate is wrong: codeql_lsp_completion to explore the API\n     \u2193\n7. If types are unclear: codeql_lsp_definition to read the source\n     \u2193\n8. If stuck: codeql_lsp_references to find usage examples\n     \u2193\n9. Repeat from step 1\n```\n\n## Worked Example: Building a Taint-Tracking Query\n\nThis example shows the tools in action for building a JavaScript XSS query.\n\n### 1. Create the query file and install dependencies\n\nWrite a `.ql` file with `import javascript` and a skeleton `from`/`where`/`select`.\nRun #codeql_pack_install on the pack directory.\n\n### 2. Explore sink types\n\nRequest completions in the `from` clause to discover `DataFlow::PropWrite`:\n\n```text\ncodeql_lsp_completion(file_path=..., line=9, character=5, workspace_uri=pack_root)\n\u2192 155 completions including PropWrite, CallNode, MethodCallNode, ...\n```\n\n### 3. Explore `PropWrite` member predicates\n\nAfter typing `pw.` in the `where` clause, request completions:\n\n```text\ncodeql_lsp_completion(file_path=..., line=12, character=9, workspace_uri=pack_root)\n\u2192 43 predicates: getPropertyName(), getRhs(), getBase(), writes(), ...\n```\n\n### 4. Navigate to `RemoteFlowSource` definition\n\n```text\ncodeql_lsp_definition(file_path=..., line=11, character=30, workspace_uri=pack_root)\n\u2192 RemoteFlowSources.qll line 14 in codeql/javascript-all\n```\n\n### 5. Compile and test incrementally\n\n```text\ncodeql_query_compile(query=file_path)  \u2192  check for errors\ncodeql_test_run(tests=[test_dir], learn=true)  \u2192  populate .expected files\n```\n\n### 6. Debug a predicate in isolation\n\n```text\nfind_predicate_position(file=..., name="isSink")  \u2192  line 16, col 13\nquick_evaluate(file=..., db=test.testproj, symbol="isSink")  \u2192  inspect results\n```\n\n## Important Notes\n\n- **All LSP tools use 0-based positions**. #find_class_position and\n  #find_predicate_position return 1-based positions. Convert before combining.\n- **`workspace_uri` must be the pack root** (the directory containing\n  `codeql-pack.yml`). Without it, completions and definitions will be empty.\n- **Run #codeql_pack_install first**. LSP tools require resolved dependencies.\n- **#codeql_lsp_diagnostics cannot resolve imports**. For `import javascript`\n  and similar, use #codeql_query_compile on the on-disk file instead.\n- **#find_class_position finds `class` only**, not `module` definitions.\n  Use #search_ql_code or #find_predicate_position for predicates inside modules.\n- **#codeql_lsp_references scope** depends on `workspace_uri`. Point it at\n  a library pack root to find usages across library code.\n';
 
@@ -64291,8 +64420,10 @@ var workshop_creation_workflow_prompt_default = '---\nagent: agent\n---\n\n# Cre
 
 // src/prompts/prompt-loader.ts
 var PROMPT_TEMPLATES = {
+  "check-for-duplicated-code.prompt.md": check_for_duplicated_code_prompt_default,
   "document-codeql-query.prompt.md": document_codeql_query_prompt_default,
   "explain-codeql-query.prompt.md": explain_codeql_query_prompt_default,
+  "find-overlapping-queries.prompt.md": find_overlapping_queries_prompt_default,
   "ql-lsp-iterative-development.prompt.md": ql_lsp_iterative_development_prompt_default,
   "ql-tdd-advanced.prompt.md": ql_tdd_advanced_prompt_default,
   "ql-tdd-basic.prompt.md": ql_tdd_basic_prompt_default,
@@ -64324,6 +64455,7 @@ function processPromptTemplate(template, variables) {
 }
 
 // src/prompts/workflow-prompts.ts
+init_package_paths();
 init_logger();
 var SUPPORTED_LANGUAGES = [
   "actions",
@@ -64336,6 +64468,82 @@ var SUPPORTED_LANGUAGES = [
   "ruby",
   "swift"
 ];
+function markdownInlineCode(value) {
+  const normalized = value.replace(/\r\n|\r|\n/g, " ");
+  let maxRun = 0;
+  let currentRun = 0;
+  for (const ch of normalized) {
+    if (ch === "`") {
+      currentRun += 1;
+      if (currentRun > maxRun) {
+        maxRun = currentRun;
+      }
+    } else {
+      currentRun = 0;
+    }
+  }
+  const fence = "`".repeat(maxRun + 1);
+  return `${fence}${normalized}${fence}`;
+}
+function blockedPathError(result, paramName) {
+  const message = result.warning ?? `The provided ${paramName} could not be resolved safely and cannot be used.`;
+  return {
+    messages: [
+      {
+        role: "user",
+        content: {
+          type: "text",
+          text: `${message}
+
+The workflow cannot proceed because the ${paramName} is not allowed.`
+        }
+      }
+    ]
+  };
+}
+async function resolvePromptFilePath(filePath, workspaceRoot) {
+  if (!filePath || filePath.trim() === "") {
+    return {
+      resolvedPath: filePath ?? "",
+      warning: "\u26A0 **File path is empty.** Please provide a valid file path."
+    };
+  }
+  let effectivePath = filePath;
+  if (/^file:\/\//i.test(filePath.trim())) {
+    try {
+      effectivePath = fileURLToPath3(filePath.trim());
+    } catch {
+      return {
+        resolvedPath: "",
+        blocked: true,
+        warning: `\u26A0 **File path** \`${filePath}\` **is not a valid file URI.**`
+      };
+    }
+  }
+  const effectiveRoot = workspaceRoot ?? getUserWorkspaceDir();
+  const normalizedPath = normalize(effectivePath);
+  const inputWasAbsolute = isAbsolute7(normalizedPath);
+  const absolutePath = inputWasAbsolute ? normalizedPath : resolve13(effectiveRoot, normalizedPath);
+  if (!inputWasAbsolute) {
+    const rel = relative(effectiveRoot, absolutePath);
+    if (rel === ".." || rel.startsWith(`..${sep2}`) || isAbsolute7(rel)) {
+      return {
+        blocked: true,
+        resolvedPath: "",
+        warning: "\u26A0 **File path resolves outside the workspace root.** The path has been blocked for security."
+      };
+    }
+  }
+  try {
+    await access2(absolutePath);
+  } catch {
+    return {
+      resolvedPath: absolutePath,
+      warning: `\u26A0 **File path** ${markdownInlineCode(filePath)} **does not exist.**`
+    };
+  }
+  return { resolvedPath: absolutePath };
+}
 var testDrivenDevelopmentSchema = external_exports.object({
   language: external_exports.enum(SUPPORTED_LANGUAGES).describe("Programming language for the query"),
   queryName: external_exports.string().optional().describe("Name of the query to develop")
@@ -64354,23 +64562,23 @@ var workshopCreationWorkflowSchema = external_exports.object({
   numStages: external_exports.coerce.number().optional().describe("Number of incremental stages (default: 4-8)")
 });
 var qlTddBasicSchema = external_exports.object({
-  language: external_exports.enum(SUPPORTED_LANGUAGES).optional().describe("Programming language for the query (optional)"),
+  language: external_exports.enum(SUPPORTED_LANGUAGES).describe("Programming language for the query"),
   queryName: external_exports.string().optional().describe("Name of the query to develop")
 });
 var qlTddAdvancedSchema = external_exports.object({
   database: external_exports.string().optional().describe("Path to the CodeQL database for analysis"),
-  language: external_exports.enum(SUPPORTED_LANGUAGES).optional().describe("Programming language for the query (optional)"),
+  language: external_exports.enum(SUPPORTED_LANGUAGES).describe("Programming language for the query"),
   queryName: external_exports.string().optional().describe("Name of the query to develop")
 });
 var sarifRankSchema = external_exports.object({
   queryId: external_exports.string().optional().describe("CodeQL query/rule identifier"),
-  sarifPath: external_exports.string().optional().describe("Path to the SARIF file to analyze")
+  sarifPath: external_exports.string().describe("Path to the SARIF file to analyze")
 });
 var describeFalsePositivesSchema = external_exports.object({
-  queryPath: external_exports.string().optional().describe("Path to the CodeQL query file")
+  queryPath: external_exports.string().describe("Path to the CodeQL query file")
 });
 var explainCodeqlQuerySchema = external_exports.object({
-  databasePath: external_exports.string().optional().describe("Optional path to a real CodeQL database for profiling"),
+  databasePath: external_exports.string().optional().describe("Path to a CodeQL database for profiling"),
   language: external_exports.enum(SUPPORTED_LANGUAGES).describe("Programming language of the query"),
   queryPath: external_exports.string().describe("Path to the CodeQL query file (.ql or .qlref)")
 });
@@ -64378,14 +64586,108 @@ var documentCodeqlQuerySchema = external_exports.object({
   language: external_exports.enum(SUPPORTED_LANGUAGES).describe("Programming language of the query"),
   queryPath: external_exports.string().describe("Path to the CodeQL query file (.ql or .qlref)")
 });
+var checkForDuplicatedCodeSchema = external_exports.object({
+  queryPath: external_exports.string().describe("Path to the .ql or .qll file to audit for duplicated definitions"),
+  workspaceUri: external_exports.string().optional().describe("Pack root directory containing codeql-pack.yml (for LSP resolution)")
+});
+var findOverlappingQueriesSchema = external_exports.object({
+  queryDescription: external_exports.string().describe(
+    `Description of the new query's purpose and target constructs (e.g. "detect placement-new on types with non-trivial destructors")`
+  ),
+  language: external_exports.enum(SUPPORTED_LANGUAGES).describe("Target language for the new query (e.g. cpp, java, python)"),
+  packRoot: external_exports.string().optional().describe("Directory containing codeql-pack.yml for the pack that will own the new query")
+});
 var qlLspIterativeDevelopmentSchema = external_exports.object({
-  language: external_exports.enum(SUPPORTED_LANGUAGES).optional().describe("Programming language for the query"),
-  queryPath: external_exports.string().optional().describe("Path to the query file being developed"),
+  language: external_exports.enum(SUPPORTED_LANGUAGES).describe("Programming language for the query"),
+  queryPath: external_exports.string().describe("Path to the query file being developed"),
   workspaceUri: external_exports.string().optional().describe("Workspace URI for LSP dependency resolution")
 });
+function toPermissiveShape(shape) {
+  const permissive = {};
+  for (const [key, zodType] of Object.entries(shape)) {
+    permissive[key] = widenZodType(zodType);
+  }
+  return permissive;
+}
+function widenZodType(zodType) {
+  if (zodType instanceof external_exports.ZodOptional) {
+    const inner = zodType.unwrap();
+    const widenedInner = widenZodType(inner);
+    if (widenedInner === inner) return zodType;
+    const result = widenedInner.optional();
+    const desc = zodType.description;
+    return desc ? result.describe(desc) : result;
+  }
+  if (zodType instanceof external_exports.ZodEnum) {
+    const desc = zodType.description;
+    const replacement = external_exports.string();
+    return desc ? replacement.describe(desc) : replacement;
+  }
+  return zodType;
+}
+function formatValidationError(promptName, error2) {
+  const lines = [
+    `\u26A0 **Invalid input for \`${promptName}\`**`,
+    ""
+  ];
+  for (const issue2 of error2.issues) {
+    const field = issue2.path.length > 0 ? issue2.path.join(".") : "input";
+    if (issue2.code === "invalid_enum_value" && "options" in issue2) {
+      const opts = issue2.options.join(", ");
+      lines.push(
+        `- **\`${field}\`**: received ${markdownInlineCode(String(issue2.received))} \u2014 must be one of: ${opts}`
+      );
+    } else if (issue2.code === "invalid_type") {
+      lines.push(
+        `- **\`${field}\`**: expected ${issue2.expected}, received ${issue2.received}`
+      );
+    } else {
+      lines.push(`- **\`${field}\`**: ${issue2.message}`);
+    }
+  }
+  lines.push(
+    "",
+    "Please correct the input and try again."
+  );
+  return lines.join("\n");
+}
+function createSafePromptHandler(promptName, strictSchema, handler) {
+  return async (rawArgs) => {
+    const parseResult = strictSchema.safeParse(rawArgs);
+    if (!parseResult.success) {
+      const errorText = formatValidationError(promptName, parseResult.error);
+      logger.warn(`Prompt ${promptName} validation failed: ${parseResult.error.message}`);
+      return {
+        messages: [{
+          role: "user",
+          content: { type: "text", text: errorText }
+        }]
+      };
+    }
+    try {
+      return await handler(parseResult.data);
+    } catch (err) {
+      const msg = err instanceof Error ? err.message : String(err);
+      logger.error(`Prompt ${promptName} handler error: ${msg}`);
+      return {
+        messages: [{
+          role: "user",
+          content: {
+            type: "text",
+            text: `\u26A0 **Error in \`${promptName}\`**: ${msg}
+
+Please check your inputs and try again.`
+          }
+        }]
+      };
+    }
+  };
+}
 var WORKFLOW_PROMPT_NAMES = [
+  "check_for_duplicated_code",
   "document_codeql_query",
   "explain_codeql_query",
+  "find_overlapping_queries",
   "ql_lsp_iterative_development",
   "ql_tdd_advanced",
   "ql_tdd_basic",
@@ -64400,262 +64702,387 @@ function registerWorkflowPrompts(server) {
   server.prompt(
     "test_driven_development",
     "Test-driven development workflow for CodeQL queries using MCP tools",
-    testDrivenDevelopmentSchema.shape,
-    async ({ language, queryName }) => {
-      const template = loadPromptTemplate("ql-tdd-basic.prompt.md");
-      const content = processPromptTemplate(template, {
-        language,
-        queryName: queryName || "[QueryName]"
-      });
-      return {
-        messages: [
-          {
-            role: "user",
-            content: {
-              type: "text",
-              text: `## Context
+    toPermissiveShape(testDrivenDevelopmentSchema.shape),
+    createSafePromptHandler(
+      "test_driven_development",
+      testDrivenDevelopmentSchema,
+      async ({ language, queryName }) => {
+        const template = loadPromptTemplate("ql-tdd-basic.prompt.md");
+        const content = processPromptTemplate(template, {
+          language,
+          queryName: queryName || "[QueryName]"
+        });
+        return {
+          messages: [
+            {
+              role: "user",
+              content: {
+                type: "text",
+                text: `## Context
 
 - **Language**: ${language}
 ${queryName ? `- **Query Name**: ${queryName}
 ` : ""}
 ${content}`
+              }
             }
-          }
-        ]
-      };
-    }
+          ]
+        };
+      }
+    )
   );
   server.prompt(
     "tools_query_workflow",
     "Guide for using built-in tools queries (PrintAST, PrintCFG, CallGraphFrom, CallGraphTo) to understand code structure",
-    toolsQueryWorkflowSchema.shape,
-    async ({
-      language,
-      database,
-      sourceFiles,
-      sourceFunction,
-      targetFunction
-    }) => {
-      const template = loadPromptTemplate("tools-query-workflow.prompt.md");
-      const content = processPromptTemplate(template, {
-        language,
-        database
-      });
-      const contextSection = buildToolsQueryContext(
-        language,
-        database,
-        sourceFiles,
-        sourceFunction,
-        targetFunction
-      );
-      return {
-        messages: [
-          {
-            role: "user",
-            content: {
-              type: "text",
-              text: contextSection + content
+    toPermissiveShape(toolsQueryWorkflowSchema.shape),
+    createSafePromptHandler(
+      "tools_query_workflow",
+      toolsQueryWorkflowSchema,
+      async ({ language, database, sourceFiles, sourceFunction, targetFunction }) => {
+        const template = loadPromptTemplate("tools-query-workflow.prompt.md");
+        const warnings = [];
+        const dbResult = await resolvePromptFilePath(database);
+        if (dbResult.blocked) return blockedPathError(dbResult, "database path");
+        const resolvedDatabase = dbResult.resolvedPath;
+        if (dbResult.warning) warnings.push(dbResult.warning);
+        const content = processPromptTemplate(template, {
+          language,
+          database: resolvedDatabase
+        });
+        const contextSection = buildToolsQueryContext(
+          language,
+          resolvedDatabase,
+          sourceFiles,
+          sourceFunction,
+          targetFunction
+        );
+        const warningSection = warnings.length > 0 ? warnings.join("\n") + "\n\n" : "";
+        return {
+          messages: [
+            {
+              role: "user",
+              content: {
+                type: "text",
+                text: warningSection + contextSection + content
+              }
             }
-          }
-        ]
-      };
-    }
+          ]
+        };
+      }
+    )
   );
   server.prompt(
     "workshop_creation_workflow",
     "Guide for creating CodeQL query development workshops from production-grade queries",
-    workshopCreationWorkflowSchema.shape,
-    async ({ queryPath, language, workshopName, numStages }) => {
-      const template = loadPromptTemplate("workshop-creation-workflow.prompt.md");
-      const derivedName = workshopName || basename7(queryPath).replace(/\.(ql|qlref)$/, "").toLowerCase().replace(/[^a-z0-9]+/g, "-") || "codeql-workshop";
-      const contextSection = buildWorkshopContext(
-        queryPath,
-        language,
-        derivedName,
-        numStages
-      );
-      return {
-        messages: [
-          {
-            role: "user",
-            content: {
-              type: "text",
-              text: contextSection + template
+    toPermissiveShape(workshopCreationWorkflowSchema.shape),
+    createSafePromptHandler(
+      "workshop_creation_workflow",
+      workshopCreationWorkflowSchema,
+      async ({ queryPath, language, workshopName, numStages }) => {
+        const template = loadPromptTemplate("workshop-creation-workflow.prompt.md");
+        const warnings = [];
+        const qpResult = await resolvePromptFilePath(queryPath);
+        if (qpResult.blocked) return blockedPathError(qpResult, "query path");
+        const resolvedQueryPath = qpResult.resolvedPath;
+        if (qpResult.warning) warnings.push(qpResult.warning);
+        const derivedName = workshopName || basename7(resolvedQueryPath).replace(/\.(ql|qlref)$/, "").toLowerCase().replace(/[^a-z0-9]+/g, "-") || "codeql-workshop";
+        const contextSection = buildWorkshopContext(
+          resolvedQueryPath,
+          language,
+          derivedName,
+          numStages
+        );
+        const warningSection = warnings.length > 0 ? warnings.join("\n") + "\n\n" : "";
+        return {
+          messages: [
+            {
+              role: "user",
+              content: {
+                type: "text",
+                text: warningSection + contextSection + template
+              }
             }
-          }
-        ]
-      };
-    }
+          ]
+        };
+      }
+    )
   );
   server.prompt(
     "ql_tdd_basic",
     "Test-driven CodeQL query development checklist - write tests first, implement query, iterate until tests pass",
-    qlTddBasicSchema.shape,
-    async ({ language, queryName }) => {
-      const template = loadPromptTemplate("ql-tdd-basic.prompt.md");
-      let contextSection = "## Your Development Context\n\n";
-      if (language) {
+    toPermissiveShape(qlTddBasicSchema.shape),
+    createSafePromptHandler(
+      "ql_tdd_basic",
+      qlTddBasicSchema,
+      async ({ language, queryName }) => {
+        const template = loadPromptTemplate("ql-tdd-basic.prompt.md");
+        let contextSection = "## Your Development Context\n\n";
         contextSection += `- **Language**: ${language}
 `;
-      }
-      if (queryName) {
-        contextSection += `- **Query Name**: ${queryName}
+        if (queryName) {
+          contextSection += `- **Query Name**: ${queryName}
 `;
-      }
-      if (language || queryName) {
+        }
         contextSection += "\n";
-      }
-      return {
-        messages: [
-          {
-            role: "user",
-            content: {
-              type: "text",
-              text: contextSection + template
+        return {
+          messages: [
+            {
+              role: "user",
+              content: {
+                type: "text",
+                text: contextSection + template
+              }
             }
-          }
-        ]
-      };
-    }
+          ]
+        };
+      }
+    )
   );
   server.prompt(
     "ql_tdd_advanced",
     "Advanced test-driven CodeQL development with AST visualization, control flow, and call graph analysis",
-    qlTddAdvancedSchema.shape,
-    async ({ language, queryName, database }) => {
-      const template = loadPromptTemplate("ql-tdd-advanced.prompt.md");
-      let contextSection = "## Your Development Context\n\n";
-      if (language) {
+    toPermissiveShape(qlTddAdvancedSchema.shape),
+    createSafePromptHandler(
+      "ql_tdd_advanced",
+      qlTddAdvancedSchema,
+      async ({ language, queryName, database }) => {
+        const template = loadPromptTemplate("ql-tdd-advanced.prompt.md");
+        const warnings = [];
+        let resolvedDatabase = database;
+        if (database) {
+          const dbResult = await resolvePromptFilePath(database);
+          if (dbResult.blocked) return blockedPathError(dbResult, "database path");
+          resolvedDatabase = dbResult.resolvedPath;
+          if (dbResult.warning) warnings.push(dbResult.warning);
+        }
+        let contextSection = "## Your Development Context\n\n";
         contextSection += `- **Language**: ${language}
 `;
-      }
-      if (queryName) {
-        contextSection += `- **Query Name**: ${queryName}
+        if (queryName) {
+          contextSection += `- **Query Name**: ${queryName}
 `;
-      }
-      if (database) {
-        contextSection += `- **Database**: ${database}
+        }
+        if (resolvedDatabase) {
+          contextSection += `- **Database**: ${resolvedDatabase}
 `;
-      }
-      if (language || queryName || database) {
+        }
         contextSection += "\n";
-      }
-      return {
-        messages: [
-          {
-            role: "user",
-            content: {
-              type: "text",
-              text: contextSection + template
+        const warningSection = warnings.length > 0 ? warnings.join("\n") + "\n\n" : "";
+        return {
+          messages: [
+            {
+              role: "user",
+              content: {
+                type: "text",
+                text: warningSection + contextSection + template
+              }
             }
-          }
-        ]
-      };
-    }
+          ]
+        };
+      }
+    )
   );
   server.prompt(
     "sarif_rank_false_positives",
     "Analyze SARIF results to identify likely false positives in CodeQL query results",
-    sarifRankSchema.shape,
-    async ({ queryId, sarifPath }) => {
-      const template = loadPromptTemplate("sarif-rank-false-positives.prompt.md");
-      let contextSection = "## Analysis Context\n\n";
-      if (queryId) {
-        contextSection += `- **Query ID**: ${queryId}
+    toPermissiveShape(sarifRankSchema.shape),
+    createSafePromptHandler(
+      "sarif_rank_false_positives",
+      sarifRankSchema,
+      async ({ queryId, sarifPath }) => {
+        const template = loadPromptTemplate("sarif-rank-false-positives.prompt.md");
+        const warnings = [];
+        const spResult = await resolvePromptFilePath(sarifPath);
+        if (spResult.blocked) return blockedPathError(spResult, "SARIF path");
+        const resolvedSarifPath = spResult.resolvedPath;
+        if (spResult.warning) warnings.push(spResult.warning);
+        let contextSection = "## Analysis Context\n\n";
+        if (queryId) {
+          contextSection += `- **Query ID**: ${queryId}
 `;
-      }
-      if (sarifPath) {
-        contextSection += `- **SARIF File**: ${sarifPath}
+        }
+        contextSection += `- **SARIF File**: ${resolvedSarifPath}
 `;
-      }
-      if (queryId || sarifPath) {
         contextSection += "\n";
-      }
-      return {
-        messages: [
-          {
-            role: "user",
-            content: {
-              type: "text",
-              text: contextSection + template
+        const warningSection = warnings.length > 0 ? warnings.join("\n") + "\n\n" : "";
+        return {
+          messages: [
+            {
+              role: "user",
+              content: {
+                type: "text",
+                text: warningSection + contextSection + template
+              }
             }
-          }
-        ]
-      };
-    }
+          ]
+        };
+      }
+    )
   );
   server.prompt(
     "sarif_rank_true_positives",
     "Analyze SARIF results to identify likely true positives in CodeQL query results",
-    sarifRankSchema.shape,
-    async ({ queryId, sarifPath }) => {
-      const template = loadPromptTemplate("sarif-rank-true-positives.prompt.md");
-      let contextSection = "## Analysis Context\n\n";
-      if (queryId) {
-        contextSection += `- **Query ID**: ${queryId}
+    toPermissiveShape(sarifRankSchema.shape),
+    createSafePromptHandler(
+      "sarif_rank_true_positives",
+      sarifRankSchema,
+      async ({ queryId, sarifPath }) => {
+        const template = loadPromptTemplate("sarif-rank-true-positives.prompt.md");
+        const warnings = [];
+        const spResult = await resolvePromptFilePath(sarifPath);
+        if (spResult.blocked) return blockedPathError(spResult, "SARIF path");
+        const resolvedSarifPath = spResult.resolvedPath;
+        if (spResult.warning) warnings.push(spResult.warning);
+        let contextSection = "## Analysis Context\n\n";
+        if (queryId) {
+          contextSection += `- **Query ID**: ${queryId}
 `;
-      }
-      if (sarifPath) {
-        contextSection += `- **SARIF File**: ${sarifPath}
+        }
+        contextSection += `- **SARIF File**: ${resolvedSarifPath}
 `;
-      }
-      if (queryId || sarifPath) {
         contextSection += "\n";
-      }
-      return {
-        messages: [
-          {
-            role: "user",
-            content: {
-              type: "text",
-              text: contextSection + template
+        const warningSection = warnings.length > 0 ? warnings.join("\n") + "\n\n" : "";
+        return {
+          messages: [
+            {
+              role: "user",
+              content: {
+                type: "text",
+                text: warningSection + contextSection + template
+              }
             }
-          }
-        ]
-      };
-    }
+          ]
+        };
+      }
+    )
   );
   server.prompt(
     "run_query_and_summarize_false_positives",
     "Help a user figure out where their query may need improvement to have a lower false positive rate",
-    describeFalsePositivesSchema.shape,
-    async ({ queryPath }) => {
-      const template = loadPromptTemplate("run-query-and-summarize-false-positives.prompt.md");
-      let contextSection = "## Analysis Context\n\n";
-      if (queryPath) {
-        contextSection += `- **Query Path**: ${queryPath}
+    toPermissiveShape(describeFalsePositivesSchema.shape),
+    createSafePromptHandler(
+      "run_query_and_summarize_false_positives",
+      describeFalsePositivesSchema,
+      async ({ queryPath }) => {
+        const template = loadPromptTemplate("run-query-and-summarize-false-positives.prompt.md");
+        const warnings = [];
+        const qpResult = await resolvePromptFilePath(queryPath);
+        if (qpResult.blocked) return blockedPathError(qpResult, "query path");
+        const resolvedQueryPath = qpResult.resolvedPath;
+        if (qpResult.warning) warnings.push(qpResult.warning);
+        const contextSection = `## Analysis Context
+
+- **Query Path**: ${resolvedQueryPath}
+
 `;
-      }
-      contextSection += "\n";
-      return {
-        messages: [
-          {
-            role: "user",
-            content: {
-              type: "text",
-              text: contextSection + template
+        const warningSection = warnings.length > 0 ? warnings.join("\n") + "\n\n" : "";
+        return {
+          messages: [
+            {
+              role: "user",
+              content: {
+                type: "text",
+                text: warningSection + contextSection + template
+              }
             }
-          }
-        ]
-      };
-    }
+          ]
+        };
+      }
+    )
   );
   server.prompt(
     "explain_codeql_query",
     "Generate detailed explanation of a CodeQL query for workshop learning content - uses MCP tools to gather context and produces both verbal explanations and mermaid evaluation diagrams",
-    explainCodeqlQuerySchema.shape,
-    async ({ queryPath, language, databasePath }) => {
-      const template = loadPromptTemplate("explain-codeql-query.prompt.md");
-      let contextSection = "## Query to Explain\n\n";
-      contextSection += `- **Query Path**: ${queryPath}
+    toPermissiveShape(explainCodeqlQuerySchema.shape),
+    createSafePromptHandler(
+      "explain_codeql_query",
+      explainCodeqlQuerySchema,
+      async ({ queryPath, language, databasePath }) => {
+        const template = loadPromptTemplate("explain-codeql-query.prompt.md");
+        const warnings = [];
+        const qpResult = await resolvePromptFilePath(queryPath);
+        if (qpResult.blocked) return blockedPathError(qpResult, "query path");
+        const resolvedQueryPath = qpResult.resolvedPath;
+        if (qpResult.warning) warnings.push(qpResult.warning);
+        let resolvedDatabasePath = databasePath;
+        if (databasePath) {
+          const dbResult = await resolvePromptFilePath(databasePath);
+          if (dbResult.blocked) return blockedPathError(dbResult, "database path");
+          resolvedDatabasePath = dbResult.resolvedPath;
+          if (dbResult.warning) warnings.push(dbResult.warning);
+        }
+        let contextSection = "## Query to Explain\n\n";
+        contextSection += `- **Query Path**: ${resolvedQueryPath}
 `;
-      contextSection += `- **Language**: ${language}
+        contextSection += `- **Language**: ${language}
 `;
-      if (databasePath) {
-        contextSection += `- **Database Path**: ${databasePath}
+        if (resolvedDatabasePath) {
+          contextSection += `- **Database Path**: ${resolvedDatabasePath}
 `;
+        }
+        contextSection += "\n";
+        const warningSection = warnings.length > 0 ? warnings.join("\n") + "\n\n" : "";
+        return {
+          messages: [
+            {
+              role: "user",
+              content: {
+                type: "text",
+                text: warningSection + contextSection + template
+              }
+            }
+          ]
+        };
       }
-      contextSection += "\n";
+    )
+  );
+  server.prompt(
+    "document_codeql_query",
+    "Create or update documentation for a CodeQL query - generates standardized markdown documentation as a sibling file to the query",
+    toPermissiveShape(documentCodeqlQuerySchema.shape),
+    createSafePromptHandler(
+      "document_codeql_query",
+      documentCodeqlQuerySchema,
+      async ({ queryPath, language }) => {
+        const template = loadPromptTemplate("document-codeql-query.prompt.md");
+        const warnings = [];
+        const qpResult = await resolvePromptFilePath(queryPath);
+        if (qpResult.blocked) return blockedPathError(qpResult, "query path");
+        const resolvedQueryPath = qpResult.resolvedPath;
+        if (qpResult.warning) warnings.push(qpResult.warning);
+        const contextSection = `## Query to Document
+
+- **Query Path**: ${resolvedQueryPath}
+- **Language**: ${language}
+
+`;
+        const warningSection = warnings.length > 0 ? warnings.join("\n") + "\n\n" : "";
+        return {
+          messages: [
+            {
+              role: "user",
+              content: {
+                type: "text",
+                text: warningSection + contextSection + template
+              }
+            }
+          ]
+        };
+      }
+    )
+  );
+  server.prompt(
+    "check_for_duplicated_code",
+    "Check a .ql or .qll file for classes, predicates, and modules that duplicate definitions already available in the standard CodeQL libraries or shared project .qll files",
+    checkForDuplicatedCodeSchema.shape,
+    async ({ queryPath, workspaceUri }) => {
+      const template = loadPromptTemplate("check-for-duplicated-code.prompt.md");
+      const contextSection = `## File to Audit
+
+- **Query Path**: ${queryPath}
+${workspaceUri ? `- **Workspace URI**: ${workspaceUri}
+` : ""}
+`;
       return {
         messages: [
           {
@@ -64670,24 +65097,24 @@ ${content}`
     }
   );
   server.prompt(
-    "document_codeql_query",
-    "Create or update documentation for a CodeQL query - generates standardized markdown documentation as a sibling file to the query",
-    documentCodeqlQuerySchema.shape,
-    async ({ queryPath, language }) => {
-      const template = loadPromptTemplate("document-codeql-query.prompt.md");
-      const contextSection = `## Query to Document
-
-- **Query Path**: ${queryPath}
+    "find_overlapping_queries",
+    "Discover existing .ql query files and .qll library files whose content may overlap with a new query design, identifying reusable classes, predicates, and modules",
+    findOverlappingQueriesSchema.shape,
+    async ({ queryDescription, language, packRoot }) => {
+      const template = loadPromptTemplate("find-overlapping-queries.prompt.md");
+      const contextSection = `## New Query Context
+
+- **Query Description**: ${queryDescription}
 - **Language**: ${language}
-
-`;
+` + (packRoot ? `- **Pack Root**: ${packRoot}
+` : "");
       return {
         messages: [
           {
             role: "user",
             content: {
               type: "text",
-              text: contextSection + template
+              text: contextSection + "\n" + template
             }
           }
         ]
@@ -64697,37 +65124,48 @@ ${content}`
   server.prompt(
     "ql_lsp_iterative_development",
     "Iterative CodeQL query development using LSP tools for completion, navigation, and validation",
-    qlLspIterativeDevelopmentSchema.shape,
-    async ({ language, queryPath, workspaceUri }) => {
-      const template = loadPromptTemplate("ql-lsp-iterative-development.prompt.md");
-      let contextSection = "## Your Development Context\n\n";
-      if (language) {
+    toPermissiveShape(qlLspIterativeDevelopmentSchema.shape),
+    createSafePromptHandler(
+      "ql_lsp_iterative_development",
+      qlLspIterativeDevelopmentSchema,
+      async ({ language, queryPath, workspaceUri }) => {
+        const template = loadPromptTemplate("ql-lsp-iterative-development.prompt.md");
+        const warnings = [];
+        const qpResult = await resolvePromptFilePath(queryPath);
+        if (qpResult.blocked) return blockedPathError(qpResult, "query path");
+        const resolvedQueryPath = qpResult.resolvedPath;
+        if (qpResult.warning) warnings.push(qpResult.warning);
+        let resolvedWorkspaceUri = workspaceUri;
+        if (workspaceUri) {
+          const wsResult = await resolvePromptFilePath(workspaceUri);
+          if (wsResult.blocked) return blockedPathError(wsResult, "workspace URI");
+          resolvedWorkspaceUri = wsResult.resolvedPath;
+          if (wsResult.warning) warnings.push(wsResult.warning);
+        }
+        let contextSection = "## Your Development Context\n\n";
         contextSection += `- **Language**: ${language}
 `;
-      }
-      if (queryPath) {
-        contextSection += `- **Query Path**: ${queryPath}
+        contextSection += `- **Query Path**: ${resolvedQueryPath}
 `;
-      }
-      if (workspaceUri) {
-        contextSection += `- **Workspace URI**: ${workspaceUri}
+        if (resolvedWorkspaceUri) {
+          contextSection += `- **Workspace URI**: ${resolvedWorkspaceUri}
 `;
-      }
-      if (language || queryPath || workspaceUri) {
+        }
         contextSection += "\n";
-      }
-      return {
-        messages: [
-          {
-            role: "user",
-            content: {
-              type: "text",
-              text: contextSection + template
+        const warningSection = warnings.length > 0 ? warnings.join("\n") + "\n\n" : "";
+        return {
+          messages: [
+            {
+              role: "user",
+              content: {
+                type: "text",
+                text: warningSection + contextSection + template
+              }
             }
-          }
-        ]
-      };
-    }
+          ]
+        };
+      }
+    )
   );
   logger.info(`Registered ${WORKFLOW_PROMPT_NAMES.length} workflow prompts`);
 }
@@ -66186,9 +66624,9 @@ init_cli_executor();
 init_server_manager();
 init_package_paths();
 init_logger();
-import_dotenv.default.config({ path: resolve13(packageRootDir, ".env"), quiet: true });
+import_dotenv.default.config({ path: resolve14(packageRootDir, ".env"), quiet: true });
 var PACKAGE_NAME = "codeql-development-mcp-server";
-var VERSION = "2.24.3-rc2";
+var VERSION = "2.25.0-rc1";
 async function startServer(mode = "stdio") {
   logger.info(`Starting CodeQL Development MCP McpServer v${VERSION} in ${mode} mode`);
   const codeqlBinary = resolveCodeQLBinary();
@@ -66242,10 +66680,10 @@ async function startServer(mode = "stdio") {
     });
     const host = process.env.HTTP_HOST || "localhost";
     const port = Number(process.env.HTTP_PORT || process.env.PORT) || 3e3;
-    return new Promise((resolve14, reject) => {
+    return new Promise((resolve15, reject) => {
       const httpServer = app.listen(port, host, () => {
         logger.info(`HTTP server listening on http://${host}:${port}/mcp`);
-        resolve14();
+        resolve15();
       });
       httpServer.on("error", (error2) => {
         logger.error("HTTP server error:", error2);
@@ -66282,7 +66720,7 @@ async function main() {
     process.exit(1);
   }
 }
-var scriptPath = process.argv[1] ? realpathSync2(resolve13(process.argv[1])) : void 0;
+var scriptPath = process.argv[1] ? realpathSync2(resolve14(process.argv[1])) : void 0;
 if (scriptPath && import.meta.url === pathToFileURL5(scriptPath).href) {
   main();
 }