AX-1644 - add jfrog mcp#26
Conversation
YoniMelki
left a comment
YoniMelki
left a comment
There was a problem hiding this comment.
Review — AX-1644: built-in always-on JFrog MCP (Cursor)
The change is coherent: mcp.json switches the jfrog server from a direct remote URL to npx @jfrog/agent-guard with _JF_ARGS=mcp=jfrog-mcp, and the README + jfrog-mcp-management.md hard-rules clearly explain the always-on, catalog-exempt model and the jfrog vs jfrog-catalog coexistence story. The template guidance (scope: plugin (jfrog), never run catalog flows against it, the admin-allowlist troubleshooting) is genuinely good.
Two things to resolve before merge:
1. ${VAR:-default} registry expansion in Cursor (functional risk). The bundled mcp.json depends on Cursor expanding a bash-style default inside args. If Cursor doesn't implement :-default semantics, npx gets the literal ${...} string as --registry and package resolution fails. This is a new pattern (the catalog flow writes a concrete URL, not a :-default). Please confirm the server launches with JFROG_AGENT_GUARD_REPO both set and unset. (inline)
2. JFROG_PLATFORM_URL → JFROG_URL is a breaking, format-changing rename. Needs a migration note + an explicit "must include https://" caveat. (inline)
Also heads-up (no change required here): the agent-guard-hook validates --registry as a literal http(s) URL and reads the raw mcp.json, so the ${VAR:-default} form would be rejected by a deployed hook — I've flagged that on the agent-guard PR for coordination.
| "command": "npx", | ||
| "args": [ | ||
| "--yes", | ||
| "--registry", "${JFROG_AGENT_GUARD_REPO:-https://releases.jfrog.io/artifactory/api/npm/coding-agents-npm/}", |
There was a problem hiding this comment.
Verify ${VAR:-default} expansion in Cursor. This relies on Cursor expanding the bash-style default ${JFROG_AGENT_GUARD_REPO:-https://...} inside args at launch. Cursor's mcp.json interpolation is ${env:VAR} / ${VAR} style and — as far as I know — does not implement bash :-default semantics. If that's the case, npx receives the literal string ${JFROG_AGENT_GUARD_REPO:-https://...} as the --registry value, which is not a valid registry, and package resolution fails. This pattern is new to this PR (the catalog flow writes a concrete <REGISTRY_URL>, never a :-default). Please confirm the built-in server actually launches in Cursor with JFROG_AGENT_GUARD_REPO unset (so the default fires) and set. Related: the agent-guard-hook validates this exact arg as a literal http(s) URL — see my note on the agent-guard PR.
There was a problem hiding this comment.
Resolved. The `--registry` value is now the hardcoded `https://releases.jfrog.io/artifactory/api/npm/coding-agents-npm/\` — no `${VAR:-default}` expansion, so the Cursor-interpolation concern is moot. I verified the new entry against agent-guard's own `agent-guard-hook.mjs`: `validateAgentGuard` returns `null` (pass), whereas the old `${VAR:-...}` string returned "not an http(s) URL" (would have denied every tool call). 👍
| | Variable | Description | | ||
| | --- | --- | | ||
| | `JFROG_PLATFORM_URL` | Your JFrog platform URL, e.g. `mycompany.jfrog.io` | | ||
| | `JFROG_URL` | Your JFrog platform URL, e.g. `https://mycompany.jfrog.io` | |
There was a problem hiding this comment.
This renames the user-facing env var JFROG_PLATFORM_URL → JFROG_URL and changes its format: the old var was host-only (mycompany.jfrog.io), the new one is a full URL with scheme (https://mycompany.jfrog.io). That's a breaking change for existing users. Two asks:
- Add a short migration note so upgraders know to switch the variable (and add the scheme).
- agent-guard does not prepend a scheme (
buildJfrogMCPDetailsonly trims trailing slashes), so a carried-over host-only value yieldsmycompany.jfrog.io/mcpand the connection fails silently. A one-line "must includehttps://" caveat would prevent that.
There was a problem hiding this comment.
Resolved. The breaking rename is now called out prominently: a Breaking: bullet in "What's new" and a dedicated upgrade blockquote in Authentication, both explaining the host-only → full-URL-with-scheme format change. One tiny nit (non-blocking): the note is filed under "What's new in v0.5.0" and says "pre-v0.5.0", but plugin.json is now 0.5.5 — consider aligning the version label. 👍
YoniMelki
left a comment
YoniMelki
left a comment
There was a problem hiding this comment.
Re-review — both findings resolved ✅
Re-reviewed at head 37bdf19 (was CHANGES_REQUESTED). Both blocking findings are addressed:
mcp.jsonregistry expansion — now a hardcodedhttps://releases.jfrog.io/artifactory/api/npm/coding-agents-npm/(no${JFROG_AGENT_GUARD_REPO:-default}). I verified this exact entry against agent-guard'sagent-guard-hook.mjs:validateAgentGuard→null(passes); the old${VAR:-default}string returned "not an http(s) URL" and would have denied every tool call on the built-injfrogserver. The Cursor${env:VAR}-interpolation + hook-rejection risk is gone. ✅JFROG_PLATFORM_URL→JFROG_URLbreaking rename — now flagged with a Breaking: bullet in "What's new" and a dedicated upgrade blockquote in Authentication, both spelling out the host-only → full-URL-with-scheme change and the silent-breakage failure mode. ✅
Docs are notably thorough (Prerequisites add Node ≥14/npx, new "JFrog MCP" section, troubleshooting entry that correctly frames the admin MCP-allowlist case as an enterprise-policy issue).
One non-blocking nit: the breaking note lives under "What's new in v0.5.0" / "pre-v0.5.0" but plugin.json is now 0.5.5 — worth aligning the version label. Not a blocker.
Switching to APPROVE.
2 participants
No description provided.