Remove qlt refs, broken cli links, fix deprecated API names, fix import order, fix java_ast and README

- Remove qlt and broken ../resources/cli/ links from javascript, csharp, python security guides
- Replace CLI References sections with MCP tool name references
- Fix isAdditionalTaintStep → isAdditionalFlowStep in csharp guide (v2 API)
- Fix alphabetical import order in resources.ts
- Fix incomplete Example AST Hierarchy in java_ast.md with actual hierarchy
- Remove ql from README language AST references list

Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com>

Author: Copilot

server/README.md

@@ -91,7 +91,7 @@ Static reference materials and per-language references served to AI assistants:
 - **Server Tools** / **Server Prompts** — Complete tool and prompt references
 - **Query Basics** / **Test-Driven Development** — QL query writing guide and TDD workflow
 - **Security Templates** / **Performance Patterns** — Multi-language security templates and profiling guidance
-- **Language AST References** — For actions, cpp, csharp, go, java, javascript, python, ql, ruby
+- **Language AST References** — For actions, cpp, csharp, go, java, javascript, python, ruby
 - **Language Security Patterns** — For cpp, csharp, go, javascript, python
 
 Full reference: [Resources](https://github.com/advanced-security/codeql-development-mcp-server/blob/main/docs/ql-mcp/resources.md)

server/dist/codeql-development-mcp-server.js

@@ -10,12 +10,12 @@
 // Static imports — esbuild inlines the file contents as string literals.
 import learningQueryBasicsContent from '../resources/learning-query-basics.md';
 import performancePatternsContent from '../resources/performance-patterns.md';
+import qlTestDrivenDevelopmentContent from '../resources/ql-test-driven-development.md';
 import securityTemplatesContent from '../resources/security-templates.md';
 import serverOverviewContent from '../resources/server-overview.md';
 import serverPromptsContent from '../resources/server-prompts.md';
 import serverQueriesContent from '../resources/server-queries.md';
 import serverToolsContent from '../resources/server-tools.md';
-import testDrivenDevelopmentContent from '../resources/ql-test-driven-development.md';
 
 /**
  * Get the query basics learning guide content
@@ -70,5 +70,5 @@ export function getServerTools(): string {
  * Get the test-driven development guide content
  */
 export function getTestDrivenDevelopment(): string {
-  return testDrivenDevelopmentContent;
+  return qlTestDrivenDevelopmentContent;
 }

server/dist/codeql-development-mcp-server.js.map

@@ -400,7 +400,7 @@ class EntityFrameworkSink extends DataFlow::Node {
 
 - Use specific type restrictions to limit analysis scope
 - Leverage existing security libraries rather than reimplementing
-- Use `isAdditionalTaintStep` for custom propagation rules
+- In your `DataFlow::ConfigSig` module, use `isAdditionalFlowStep` for custom propagation rules
 - Consider using `isBarrier` to stop false positive flows
 
 ### Memory and Runtime Optimization
@@ -420,13 +420,13 @@ predicate isSecurityRelevantFile(File f) {
 }
 ```
 
-## CLI References
+## MCP Tools for Query Development
 
 For C# security query development and testing:
 
-- [codeql query format](../../../../resources/cli/codeql/codeql_query_format.prompt.md)
-- [codeql query compile](../../../../resources/cli/codeql/codeql_query_compile.prompt.md)
-- [codeql query run](../../../../resources/cli/codeql/codeql_query_run.prompt.md)
-- [codeql database analyze](../../../../resources/cli/codeql/codeql_database_analyze.prompt.md)
-- [codeql test run](../../../../resources/cli/codeql/codeql_test_run.prompt.md)
-- [codeql test extract](../../../../resources/cli/codeql/codeql_test_extract.prompt.md)
+- `codeql_query_format` — automatically format CodeQL source code files
+- `codeql_query_compile` — compile and validate CodeQL queries
+- `codeql_query_run` — execute a CodeQL query against a database
+- `codeql_database_analyze` — run queries or query suites against CodeQL databases
+- `codeql_test_run` — run CodeQL query tests
+- `codeql_test_extract` — extract test databases for CodeQL query tests

server/src/lib/resources.ts

@@ -214,7 +214,30 @@ Based on comprehensive analysis of CodeQL's Java test results from GitHub, here
 
 ### Example AST Hierarchy
 
-Based on CodeQL's comprehensive Java analysis capabilities:
+A typical Java method declaration produces the following AST node hierarchy:
+
+```text
+CompilationUnit
+  └── ClassDecl
+        ├── FieldDecl
+        │     ├── TypeAccess
+        │     └── VarDeclExpr
+        ├── MethodDecl
+        │     ├── TypeAccess (return type)
+        │     ├── Parameter
+        │     │     └── TypeAccess
+        │     └── Block
+        │           ├── ExprStmt
+        │           │     └── MethodCall
+        │           │           ├── VarAccess
+        │           │           └── StringLiteral
+        │           └── ReturnStmt
+        │                 └── VarAccess
+        └── ConstructorDecl
+              └── Block
+```
+
+Use `PrintAST` on your test code to see the exact hierarchy for your specific source patterns.
 
 ## Expected test results for local `PrintAst.ql` query
 

server/src/resources/languages/csharp_security_query_guide.md

@@ -350,10 +350,9 @@ app.get('/safe', (req, res) => {
 - **Handle dynamic property access**: Account for bracket notation and computed properties
 - **Framework method chaining**: Track fluent API calls through multiple steps
 
-## CLI References
+## MCP Tools for Query Development
 
-- [qlt query generate new-query](../../../resources/cli/qlt/qlt_query_generate_new-query.prompt.md)
-- [codeql query format](../../../resources/cli/codeql/codeql_query_format.prompt.md)
-- [codeql query compile](../../../resources/cli/codeql/codeql_query_compile.prompt.md)
-- [codeql query run](../../../resources/cli/codeql/codeql_query_run.prompt.md)
-- [codeql test run](../../../resources/cli/codeql/codeql_test_run.prompt.md)
+- `codeql_query_format` — automatically format CodeQL source code files
+- `codeql_query_compile` — compile and validate CodeQL queries
+- `codeql_query_run` — execute a CodeQL query against a database
+- `codeql_test_run` — run CodeQL query tests

server/src/resources/languages/java_ast.md

@@ -446,7 +446,7 @@ Once run check the output of the command to ensure that all tests have passed.
 If the test has failed, check the test file and the implementation of the class to ensure that the test is correct.
 Iterate on the implementation of the class and the test until the test passes.
 
-Reference [resources/cli/codeql/codeql_test_run.prompt.md](../../../../resources/cli/codeql/codeql_test_run.prompt.md) for more details on how to use the `codeql test run` command.
+Reference the `codeql_test_run` tool for more details on how to use the `codeql test run` command.
 
 ### Inline Tests