MCP server fails to find CodeQL CLI installed by the `vscode-codeql` extension

[data-douser]

Bug Description

When the ql-mcp server is launched from the VSIX-installed VS Code extension, it fails to start because it cannot find the codeql CLI binary. The GitHub.vscode-codeql extension installs the CodeQL CLI into an off-PATH location inside VS Code's global storage directory, but neither the MCP server nor the VS Code extension's CLI resolver knows how to discover it there.

Error

[ERROR] Failed to start server: Error: CodeQL CLI is not reachable (binary: codeql).
Ensure codeql is on PATH or set the CODEQL_PATH environment variable to the
absolute path of the CodeQL CLI binary. Details: spawn codeql ENOENT

Root Cause

The GitHub.vscode-codeql extension manages its own CodeQL CLI distribution at:

<globalStorage>/github.vscode-codeql/distribution<N>/codeql/codeql

where <N> is an incrementing folder index that increases each time the extension upgrades the CLI version (e.g., distribution1 → distribution2 → distribution3). Old versions are deleted during upgrades.

A distribution.json file in the storage root tracks the current distribution:

{"folderIndex": 3, "release": {"name": "v2.24.2", ...}}

This binary is not added to $PATH — the vscode-codeql extension uses it internally. Users who only have the CodeQL CLI via the vscode-codeql extension (the most common installation method per GitHub docs) will always hit this failure.

Current Resolution Strategy

The MCP server's resolveCodeQLBinary() (in server/src/lib/cli-executor.ts) only checks:

1. CODEQL_PATH environment variable
2. Bare codeql command (resolved via $PATH at exec time)

The VS Code extension's CliResolver (in extensions/vscode/src/codeql/cli-resolver.ts) checks:

1. CODEQL_PATH environment variable
2. codeql on $PATH (via which)
3. Known filesystem locations (e.g., /usr/local/bin/codeql, ~/.codeql/codeql)

Neither layer probes the vscode-codeql managed distribution directory.

Proposed Fix

VS Code Extension (CliResolver)

Add a new resolution strategy (between the PATH lookup and known filesystem locations) that:

1. Accepts the vscode-codeql global storage path (from StoragePaths.getCodeqlGlobalStoragePath())
2. Reads distribution.json for the folderIndex to locate the binary directly (fast path)
3. Falls back to scanning distribution* directories sorted by descending numeric suffix

MCP Server (cli-executor.ts)

Add a server-side fallback (for when CODEQL_PATH is unset and codeql is not on PATH) that:

1. Computes platform-specific VS Code global storage candidate directories (macOS, Windows, Linux) for Code, Code - Insiders, and VSCodium
2. Probes github.vscode-codeql/distribution.json + distribution*/codeql/codeql using the same JSON hint + directory scan approach

This ensures the MCP server can find the CLI whether launched from the VS Code extension or standalone (e.g., via mcp.json).