diff --git a/src/seclab_taskflows/personalities/web_application_security_expert.yaml b/src/seclab_taskflows/personalities/web_application_security_expert.yaml
index 58033e0..cce8a82 100644
--- a/src/seclab_taskflows/personalities/web_application_security_expert.yaml
+++ b/src/seclab_taskflows/personalities/web_application_security_expert.yaml
@@ -19,5 +19,5 @@ task: |
 toolboxes:
   - seclab_taskflow_agent.toolboxes.memcache
   - seclab_taskflows.toolboxes.gh_file_viewer
-  - seclab_taskflow_agent.toolboxes.codeql
+  - seclab_taskflow_agent.toolboxes.codeql_ql_mcp
   - seclab_taskflows.toolboxes.ghsa
diff --git a/src/seclab_taskflows/taskflows/alert_triage_examples/triage_common/reachability_analysis.yaml b/src/seclab_taskflows/taskflows/alert_triage_examples/triage_common/reachability_analysis.yaml
index 704f921..51271fa 100644
--- a/src/seclab_taskflows/taskflows/alert_triage_examples/triage_common/reachability_analysis.yaml
+++ b/src/seclab_taskflows/taskflows/alert_triage_examples/triage_common/reachability_analysis.yaml
@@ -30,6 +30,14 @@ taskflow:
         Create a call graph to understand how the code flows from the entry point to the vulnerable code. Let's think step by step and go through the call graph.
         Always try to find out whether the code is in use and reachable from the outside (e.g. via HTTP request).
 
+        Use the CodeQL Development MCP server to compute the call graph authoritatively rather than guessing from
+        text search. Use `list_codeql_databases` to find the database for {{ result.repo }}, then use `codeql_query_run`
+        with the bundled tools query `CallGraphTo.ql` to find callers of the function containing the alert location,
+        and `CallGraphFrom.ql` to find callees. Pass the alert file and line as the location. Iterate outward from the
+        alert location until you either reach a remote/HTTP entry point or exhaust the callers. If you need to inspect
+        the structure of a single function, use `PrintAST.ql` or `PrintCFG.ql`. Fall back to `gh_file_viewer` only when
+        the database is unavailable.
+
         You should trace the calls where the data is passed through and in each call, check whether relevant sanitization is 
         applied to the data.
 
@@ -59,6 +67,7 @@ taskflow:
         You must then update the alert results with your notes. 
         You should finish the task without changing the alert validity.
       toolboxes:
+        - seclab_taskflow_agent.toolboxes.codeql_ql_mcp
         - seclab_taskflows.toolboxes.gh_file_viewer
         - seclab_taskflows.toolboxes.report_alert_state
       
diff --git a/src/seclab_taskflows/taskflows/alert_triage_examples/triage_taskflows/triage_js_ts_client_side_xss.yaml b/src/seclab_taskflows/taskflows/alert_triage_examples/triage_taskflows/triage_js_ts_client_side_xss.yaml
index 7816829..0f11efe 100644
--- a/src/seclab_taskflows/taskflows/alert_triage_examples/triage_taskflows/triage_js_ts_client_side_xss.yaml
+++ b/src/seclab_taskflows/taskflows/alert_triage_examples/triage_taskflows/triage_js_ts_client_side_xss.yaml
@@ -6,8 +6,12 @@ seclab-taskflow-agent:
   version: "1.0"
 model_config: seclab_taskflows.configs.model_config
 
+# Required: pass the target repository on the command line, e.g.
+#   --global repo=has-ghas/juice-shop
+# An empty default fetches alerts for no repository.
 globals:
   rule: js/xss
+  repo:
 taskflow:
   - task:
       must_complete: true
@@ -18,7 +22,7 @@ taskflow:
       name: create repo list
       description: create repo list to fetch alerts from.
       run: |
-        echo '[ {"repo": ""}]'
+        echo '[ {"repo": "{{ globals.repo }}"}]'
   - task:
       headless: true
       uses: seclab_taskflows.taskflows.alert_triage_examples.triage_common.fetch_code_scanning_alerts
@@ -50,6 +54,12 @@ taskflow:
         In this task, restrict your analysis to the function that contains the alert location only. Do not trace the calls of the function. Just
         perform a local analysis.
 
+        Use the CodeQL Development MCP server to get an authoritative view of that function: call `list_codeql_databases`
+        to find the database for {{ result.repo }}, then run the bundled `PrintAST.ql` tools query at the alert location
+        to get the exact AST of the enclosing function. This is more reliable than reading the file textually for
+        identifying real branches, sanitizer calls, and the syntactic context (HTML attribute, JS string, etc.) of the
+        sink. Fall back to `gh_file_viewer` only if the database is unavailable.
+
         Exploitable means that a remote attacker would be able to inject a malicious script into the web application that would be executed in the context of a user visiting the page.
         This could include a `javascript:` URL, a `<script>` tag, or any other way to inject JavaScript code into the page.
         It also means that the XSS vulnerability is not mitigated by any other code in the repository, such as sanitization or validation of the input.
@@ -83,6 +93,7 @@ taskflow:
         When you are done, set the `valid` field of the alert result to `true` using alert_id {{ result.alert_id }} and repo {{ result.repo }}
         if the alert is a potential vulnerability, otherwise set it to `false`. 
       toolboxes:
+        - seclab_taskflow_agent.toolboxes.codeql_ql_mcp
         - seclab_taskflows.toolboxes.gh_file_viewer
         - seclab_taskflows.toolboxes.report_alert_state
   - task:
diff --git a/src/seclab_taskflows/taskflows/alert_triage_examples/triage_taskflows/triage_js_ts_path_injection.yaml b/src/seclab_taskflows/taskflows/alert_triage_examples/triage_taskflows/triage_js_ts_path_injection.yaml
index 004f0d3..42e4b21 100644
--- a/src/seclab_taskflows/taskflows/alert_triage_examples/triage_taskflows/triage_js_ts_path_injection.yaml
+++ b/src/seclab_taskflows/taskflows/alert_triage_examples/triage_taskflows/triage_js_ts_path_injection.yaml
@@ -6,6 +6,11 @@ seclab-taskflow-agent:
   version: "1.0"
 model_config: seclab_taskflows.configs.model_config
 
+# Required: pass the target repository on the command line, e.g.
+#   --global repo=has-ghas/juice-shop
+# An empty default fetches alerts for no repository.
+globals:
+  repo:
 taskflow:
   - task:
       must_complete: true
@@ -15,7 +20,7 @@ taskflow:
       name: create repo list
       description: create repo list to fetch alerts from.
       run: |
-        echo '[ {"repo": ""}]'
+        echo '[ {"repo": "{{ globals.repo }}"}]'
   - task:
       headless: true
       uses: seclab_taskflows.taskflows.alert_triage_examples.triage_common.fetch_code_scanning_alerts
@@ -48,6 +53,13 @@ taskflow:
         Also check if the given path fragment is checked against a whitelist of allowed paths.
         Path validation can also take place at the location where the URL is registered in the web framework, e.g. as a validator middleware in Express.js.
         Always note where the URL path is registered in the web framework and the HTTP method required to call it. Write the lines that register the URL path in the notes.
+
+        When inspecting the function that contains the alert, prefer the CodeQL Development MCP server for authoritative
+        code structure: use `list_codeql_databases` to find the database for {{ result.repo }} and run the bundled
+        `PrintAST.ql` tools query at the alert location to get the exact AST of the surrounding function (more reliable
+        than `gh_file_viewer` for distinguishing real branches/sanitizers from text). Use `CallGraphTo.ql` if you need
+        to confirm the function is actually called from a route handler.
+
         Take notes while assessing the alert.
         Update the results field of the alert result with your notes using `update_alert_result` with 
         {{ result.alert_id }} as alert_id and {{ result.repo }} as repo.
@@ -56,7 +68,7 @@ taskflow:
       toolboxes:
         - seclab_taskflows.toolboxes.gh_file_viewer
         - seclab_taskflows.toolboxes.report_alert_state
-        - seclab_taskflow_agent.toolboxes.codeql
+        - seclab_taskflow_agent.toolboxes.codeql_ql_mcp
   - task:
       must_complete: true
       repeat_prompt: true
@@ -74,5 +86,5 @@ taskflow:
       toolboxes:
         - seclab_taskflows.toolboxes.gh_file_viewer
         - seclab_taskflows.toolboxes.report_alert_state
-        - seclab_taskflow_agent.toolboxes.codeql
+        - seclab_taskflow_agent.toolboxes.codeql_ql_mcp
 
diff --git a/src/seclab_taskflows/taskflows/audit/js_ts_endpoint_access_checks.yaml b/src/seclab_taskflows/taskflows/audit/js_ts_endpoint_access_checks.yaml
index dc3f8a0..a065e18 100644
--- a/src/seclab_taskflows/taskflows/audit/js_ts_endpoint_access_checks.yaml
+++ b/src/seclab_taskflows/taskflows/audit/js_ts_endpoint_access_checks.yaml
@@ -22,10 +22,13 @@ taskflow:
       agents:
         - seclab_taskflows.personalities.web_application_security_expert
       inputs:
-        repo_nwo: 
+        repo_nwo:
       user_prompt: |
         Fetch CodeQL database for the {{ inputs.repo_nwo }} repository for the
-        JavaScript language.
+        JavaScript language. Prefer the local CodeQL Development MCP server: call
+        `list_codeql_databases` to find a pre-built database for {{ inputs.repo_nwo }}
+        and use `register_database` if needed. Only fall back to the GitHub
+        Code Scanning APIs if no local database is available.
 
         You are auditing code using the previously fetched
         CodeQL database.
@@ -33,7 +36,7 @@ taskflow:
         This database is built for a JavaScript web project.
 
         ## IMPORTANT: Vulnerability Pattern Details
-        
+
         Review the files specifying routes and endpoints for the security vulnerabilities
         described as follows:
 
@@ -46,11 +49,18 @@ taskflow:
         For each endpoint add how it's protected, or if it's unprotected. Make a note
         of decorators or middleware that are used to protect the endpoint.
 
+        For each candidate route handler you identify, run the bundled `CallGraphTo.ql`
+        tools query against the handler to enumerate its callers (typically routing
+        registrations / middleware), and `PrintAST.ql` to inspect the structure of
+        any decorator or middleware chain. Use `read_database_source` to read the
+        exact source backing the CodeQL database rather than re-fetching files from
+        GitHub.
+
         ## IMPORTANT: General Guidance that ALWAYS applies
 
         1. Do NOT ask the user for permission to perform next steps, continue your
         analysis autonomously until it is complete.
-        
+
         2. Reflect on your analysis for accuracy before returning it to the user.
         We are only interested in results that you can clearly explain and
         motivate as potentially vulnerable based on code examples.
@@ -66,7 +76,7 @@ taskflow:
         5. Make small and concise single line notes while you work. Update the
         existing value for `notes` in memory as you work.
       toolboxes:
-        - seclab_taskflow_agent.toolboxes.codeql
+        - seclab_taskflow_agent.toolboxes.codeql_ql_mcp
         - seclab_taskflow_agent.toolboxes.memcache
         - seclab_taskflows.toolboxes.gh_code_scanning
   - task: