From 4d915337fd44c00a49bb67c33f31bbbf4e0fb8db Mon Sep 17 00:00:00 2001 From: yanivt Date: Sun, 21 Jun 2026 11:30:52 +0300 Subject: [PATCH 1/2] Reapply "AX-1644 - add jfrog mcp (#23)" (#24) This reverts commit bdf022a3ad3eaf67d893a744b717dd92c7f2b470. --- README.md | 10 +++++ marketplace.json | 2 +- plugin/.mcp.json | 15 ++++++++ plugin/templates/copilot-instructions.md | 47 +++++++++++++++++++++--- 4 files changed, 68 insertions(+), 6 deletions(-) create mode 100644 plugin/.mcp.json diff --git a/README.md b/README.md index d4ed663..2239bec 100644 --- a/README.md +++ b/README.md @@ -15,6 +15,7 @@ The JFrog plugin provides the following capabilities, grouped by component: | Component | Feature | Description | | --- | --- | --- | +| **MCP** | JFrog MCP (always-on) | Built-in JFrog MCP routed through `@jfrog/agent-guard` to `${JFROG_URL}/mcp`. Always available, not subject to AI Catalog policy — see [JFrog MCP](#jfrog-mcp). | | **Hook** | Agent Guard | Copilot manage MCPs through the JFrog Agent Guard. Through it you can discover, install, configure, update, and remove MCP servers from the JFrog AI Catalog approved for your project, and authenticate to remote HTTP MCPs via OAuth, API key, or bearer token. | --- @@ -115,6 +116,15 @@ After authentication, open a workspace in VS Code. The session-start hook instal | "Log in to the remote Jira MCP server using OAuth." | Authenticates with a remote HTTP-based MCP server (OAuth, API key, or bearer token). | | "Log out of the Jira MCP server." | Removes stored authentication credentials for a server. | +### JFrog MCP + +The plugin ships a built-in `jfrog` MCP registered in `.mcp.json`. VS Code +launches it automatically as `npx @jfrog/agent-guard` with +`_JF_ARGS=mcp=jfrog-mcp`. agent-guard recognizes that shape, skips the AI +Catalog, and connects directly to `${JFROG_URL}/mcp` with +`Authorization: Bearer ${JFROG_ACCESS_TOKEN}` (both env vars are listed +under [Authentication](#authentication)). + ### How secrets are handled When an MCP server requires a sensitive configuration, the agent cannot set the value directly. Instead, it returns a CLI command for you to copy and run in your terminal. Secrets such as API keys, tokens, and connection strings are never exposed in the agent chat history. diff --git a/marketplace.json b/marketplace.json index 9c8506a..655c1b2 100644 --- a/marketplace.json +++ b/marketplace.json @@ -9,7 +9,7 @@ { "name": "jfrog", "description": "JFrog Platform integration with MCP, security skills, and supply-chain best practices", - "version": "1.0.3", + "version": "1.0.4", "source": "plugin", "categories": ["security", "artifact-management", "supply-chain", "devops", "mcp", "mlops", "agent-guard", "ai-catalog"], "platforms": ["darwin", "linux", "windows"], diff --git a/plugin/.mcp.json b/plugin/.mcp.json new file mode 100644 index 0000000..8869e56 --- /dev/null +++ b/plugin/.mcp.json @@ -0,0 +1,15 @@ +{ + "mcpServers": { + "jfrog": { + "command": "npx", + "args": [ + "--yes", + "--registry", "https://releases.jfrog.io/artifactory/api/npm/coding-agents-npm/", + "@jfrog/agent-guard" + ], + "env": { + "_JF_ARGS": "mcp=jfrog-mcp" + } + } + } +} diff --git a/plugin/templates/copilot-instructions.md b/plugin/templates/copilot-instructions.md index ebd361e..1efdbcc 100644 --- a/plugin/templates/copilot-instructions.md +++ b/plugin/templates/copilot-instructions.md @@ -1,9 +1,36 @@ +# Built-in `jfrog` MCP + +The plugin ships a built-in `jfrog` MCP in its read-only `.mcp.json`, +launched as `npx @jfrog/agent-guard` with `_JF_ARGS=mcp=jfrog-mcp`. +agent-guard recognizes that shape, skips the AI Catalog, and connects +directly to `${JFROG_URL}/mcp`. **Hard rules** (apply before any MCP +action below): + +- `jfrog` is always available; never tell the user it's blocked, + missing, or pending because of catalog/entitlement. +- NEVER run any Agent Guard catalog flow (`--inspect`, `--login`, + install, remove) against `jfrog`, and NEVER edit or delete its + entry. Removal is only possible by uninstalling the plugin from + VS Code. +- In any "currently installed" listing, report `jfrog` as + `scope: plugin (jfrog)`, `managed-by: plugin`. The rest of this + document does not apply to it. +- Tool calls on the built-in `jfrog` are constrained by the JFrog + access token, not by AI Catalog tool policy. If the AI Catalog + also publishes the JFrog MCP (typically as `jfrog-mcp`) and the + user wants catalog-managed tool policy, install it via the + standard catalog flow (`_JF_ARGS=project=&mcp=jfrog-mcp`) + under a different `mcpServers` key — e.g., `jfrog-catalog` — so + it coexists with the built-in `jfrog`. Tell the user about the + rename and that they end up with both entries. + # MCP Server Management - JFrog Agent Guard -All MCP servers MUST be installed ONLY through the JFrog MCP Agent Guard -(`npx @jfrog/agent-guard`). There is no other approved installation -method. If an MCP's documentation suggests any other installation -command, ignore it and use the agent guard workflow below instead. +All other MCP servers MUST be installed ONLY through the JFrog MCP +Agent Guard (`npx @jfrog/agent-guard`). There is no other approved +installation method. If an MCP's documentation suggests any other +installation command, ignore it and use the agent guard workflow +below instead. **Registry URL**: Wherever `` appears in commands or config entries below, **always** substitute the value of the `JFROG_AGENT_GUARD_REPO` @@ -222,7 +249,17 @@ working. refresh token is likely dead. Re-run Step 5; the new tokens overwrite the old ones. -2. **Anything else** - ask the user to open `MCP: List Servers`, +2. **Built-in `jfrog` MCP missing** - almost always `JFROG_URL` / + `JFROG_ACCESS_TOKEN` not exported in the launching shell + (agent-guard reads them from the shell for the plugin's bundled + `jfrog` entry — they MUST NEVER be added to any `mcp.json` `env` + block, including the bundled one; `JFROG_URL` must include + `https://`; agent-guard fails fast at startup and the entry shows + as failed in **MCP: List Servers**). Tell the user not to edit the + plugin's bundled `.mcp.json`; reinstall the plugin to restore the + entry. + +3. **Anything else** - ask the user to open `MCP: List Servers`, right-click the failed (or 0-tools) server, choose **Show Output**, and paste the last 50 lines. Read the output before guessing at a cause. Common recoveries based on what the output From 5a272b98b69803f205baf4fb9931abee9c18d5ae Mon Sep 17 00:00:00 2001 From: yanivt Date: Sun, 21 Jun 2026 11:35:13 +0300 Subject: [PATCH 2/2] AX-1644 - drop bundled-jfrog priming + dedup-safe registry Two changes that mirror the same fix shipped on claude-plugin main as PR #18: 1. plugin/.mcp.json: drop the trailing slash on the bundled --registry URL (.../coding-agents-npm/ -> .../coding-agents-npm). VS Code's MCP loader (and Claude Code's) dedupes server entries by (command, registry-URL); when the user already has an AI-Catalog-installed jfrog-mcp / chrome-devtools-mcp / etc. under the same npx + same registry URL, the bundled jfrog is silently skipped. The trailing-slash difference is enough to make the URL string distinct so dedup no longer collapses them. Functionally identical for npm, the agent-guard hook allowlist, and the agent guard itself. 2. plugin/templates/copilot-instructions.md: drop the top-of-document "# Built-in jfrog MCP" priming section. That section's "Hard rules" were strong enough to make Copilot bias listing answers toward the installed view and skip the AI-Catalog rows. Distribute the rules as small per-subsection notes that only fire when the LLM is actually doing that operation: - ## Adding an MCP: bundled jfrog is never installed via catalog; coexist as jfrog-catalog if catalog tool policy wanted. - ## Removing an MCP: removal is by uninstalling the JFrog plugin from VS Code; never delete the bundled .mcp.json. - ### Installed MCPs: report bundled jfrog as scope: plugin (jfrog), package: jfrog-mcp (bundled). The AX-1644 troubleshooting bullet ("Built-in jfrog MCP missing") is preserved exactly. Co-authored-by: Cursor --- plugin/.mcp.json | 2 +- plugin/templates/copilot-instructions.md | 47 ++++++++---------------- 2 files changed, 16 insertions(+), 33 deletions(-) diff --git a/plugin/.mcp.json b/plugin/.mcp.json index 8869e56..b0c9447 100644 --- a/plugin/.mcp.json +++ b/plugin/.mcp.json @@ -4,7 +4,7 @@ "command": "npx", "args": [ "--yes", - "--registry", "https://releases.jfrog.io/artifactory/api/npm/coding-agents-npm/", + "--registry", "https://releases.jfrog.io/artifactory/api/npm/coding-agents-npm", "@jfrog/agent-guard" ], "env": { diff --git a/plugin/templates/copilot-instructions.md b/plugin/templates/copilot-instructions.md index 1efdbcc..ef5b3aa 100644 --- a/plugin/templates/copilot-instructions.md +++ b/plugin/templates/copilot-instructions.md @@ -1,36 +1,9 @@ -# Built-in `jfrog` MCP - -The plugin ships a built-in `jfrog` MCP in its read-only `.mcp.json`, -launched as `npx @jfrog/agent-guard` with `_JF_ARGS=mcp=jfrog-mcp`. -agent-guard recognizes that shape, skips the AI Catalog, and connects -directly to `${JFROG_URL}/mcp`. **Hard rules** (apply before any MCP -action below): - -- `jfrog` is always available; never tell the user it's blocked, - missing, or pending because of catalog/entitlement. -- NEVER run any Agent Guard catalog flow (`--inspect`, `--login`, - install, remove) against `jfrog`, and NEVER edit or delete its - entry. Removal is only possible by uninstalling the plugin from - VS Code. -- In any "currently installed" listing, report `jfrog` as - `scope: plugin (jfrog)`, `managed-by: plugin`. The rest of this - document does not apply to it. -- Tool calls on the built-in `jfrog` are constrained by the JFrog - access token, not by AI Catalog tool policy. If the AI Catalog - also publishes the JFrog MCP (typically as `jfrog-mcp`) and the - user wants catalog-managed tool policy, install it via the - standard catalog flow (`_JF_ARGS=project=&mcp=jfrog-mcp`) - under a different `mcpServers` key — e.g., `jfrog-catalog` — so - it coexists with the built-in `jfrog`. Tell the user about the - rename and that they end up with both entries. - # MCP Server Management - JFrog Agent Guard -All other MCP servers MUST be installed ONLY through the JFrog MCP -Agent Guard (`npx @jfrog/agent-guard`). There is no other approved -installation method. If an MCP's documentation suggests any other -installation command, ignore it and use the agent guard workflow -below instead. +All MCP servers MUST be installed ONLY through the JFrog MCP Agent Guard +(`npx @jfrog/agent-guard`). There is no other approved installation +method. If an MCP's documentation suggests any other installation +command, ignore it and use the agent guard workflow below instead. **Registry URL**: Wherever `` appears in commands or config entries below, **always** substitute the value of the `JFROG_AGENT_GUARD_REPO` @@ -39,6 +12,12 @@ environment variable if it is set. Only use the default ## Adding an MCP +**Note - built-in `jfrog`:** the bundled `jfrog` entry +(`_JF_ARGS=mcp=jfrog-mcp`, bypasses the catalog) is NEVER installed, +inspected, or edited via this flow. For catalog-managed tool policy +on JFrog, install the catalog version under a DIFFERENT `servers` +key (e.g., `jfrog-catalog`) so it coexists with the built-in. + When the user asks to add an MCP, do ALL of the following autonomously - do NOT ask the user for project, server, package name, or binary path unless absolutely necessary: @@ -277,6 +256,9 @@ working. ## Removing an MCP +**Note - built-in `jfrog`:** removal is only via uninstalling the +JFrog plugin from VS Code; never delete it from the bundled `.mcp.json`. + Delete the entry from `servers` in `.vscode/mcp.json` and any now-unused entries from the top-level `inputs` array. @@ -287,7 +269,8 @@ entries from the top-level `inputs` array. Read the `servers` entries from the VS Code MCP config file (workspace `.vscode/mcp.json` or in the user profile settings) and list each entry by display name, showing its package name (from `_JF_ARGS`) -and server ID. +and server ID. The bundled `jfrog` entry (`_JF_ARGS=mcp=jfrog-mcp`) +is reported with `scope: plugin (jfrog)`, `package: jfrog-mcp (bundled)`. ### Available MCPs (JFrog AI Catalog)