AX-1644 - add jfrog mcp with Agent guard

.claude-plugin/plugin.json

@@ -2,7 +2,7 @@
   "name": "jfrog",
   "displayName": "JFrog",
   "description": "Official JFrog plugin. Connect Claude Code to JFrog to manage, secure, and govern your software supply chain. Give agents the context to build secure, compliant software.",
-  "version": "0.2.7",
+  "version": "0.2.8",
   "author": {
     "name": "JFrog Ltd.",
     "email": "devrel@jfrog.com",

.mcp.json

@@ -0,0 +1,15 @@
+{
+  "mcpServers": {
+    "jfrog": {
+      "command": "npx",
+      "args": [
+        "--yes",
+        "--registry", "https://releases.jfrog.io/artifactory/api/npm/coding-agents-npm",
+        "@jfrog/agent-guard"
+      ],
+      "env": {
+        "_JF_ARGS": "mcp=jfrog-mcp"
+      }
+    }
+  }
+}

README.md

@@ -8,6 +8,7 @@ The JFrog plugin provides the following capabilities, grouped by component:
 
 | Component | Feature | Description |
 | --- | --- | --- |
+| **MCP** | JFrog MCP (always-on) | Built-in JFrog MCP routed through `@jfrog/agent-guard` to `${JFROG_URL}/mcp`. Always available, not subject to AI Catalog policy — see [JFrog MCP](#jfrog-mcp). |
 | **Skill** | JFrog Platform | Interact with Artifactory repositories, builds, permissions, users, access tokens, projects, release bundles, and platform administration via the JFrog CLI and REST/GraphQL APIs. Also covers security audits, CVE lookups, and Advanced Security exposure queries. |
 | **Skill** | Package safety & download | Check whether npm, Maven, PyPI, Go, and other packages are safe, curated, or allowed, then download them through Artifactory remote caches or curation-aware package managers. |
 | **Hook** | Agent Guard | Claude manages MCPs through the JFrog Agent Guard. Through the Agent Guard you can discover, install, configure, update, and remove MCP servers from the JFrog AI Catalog approved for your project, and authenticate to remote HTTP MCPs via OAuth, API key, or bearer token. |
@@ -92,6 +93,15 @@ Once configured, interact with the JFrog plugin through natural language. Exampl
 | "Is this Maven package approved for use?" | Checks curation entitlement and policy for the requested package. |
 | "Download `requests` via JFrog." | Resolves the package through an Artifactory remote cache or curation-aware package manager. |
 
+### JFrog MCP
+
+The plugin ships a built-in `jfrog` MCP registered in `.mcp.json`. Claude
+Code launches it automatically as `npx @jfrog/agent-guard` with
+`_JF_ARGS=mcp=jfrog-mcp`. agent-guard recognizes that shape, skips the AI
+Catalog, and connects directly to `${JFROG_URL}/mcp` with
+`Authorization: Bearer ${JFROG_ACCESS_TOKEN}` (both env vars are listed
+under [Authentication](#authentication)).
+
 ### MCP server management (Agent Guard)
 
 | Ask the agent… | What happens |

templates/jfrog-mcp-management.md

@@ -48,6 +48,12 @@ STOP — do NOT run the command with guesses.
 
 ## Adding an MCP
 
+**Note — built-in `jfrog`:** the bundled `jfrog` entry
+(`_JF_ARGS=mcp=jfrog-mcp`, bypasses the catalog) is NEVER installed,
+inspected, or edited via this flow. For catalog-managed tool policy
+on JFrog, install the catalog version under a DIFFERENT `mcpServers`
+key (e.g., `jfrog-catalog`) so it coexists with the built-in.
+
 **Did the user name a specific MCP package?** ("add `foo-mcp`",
 "install `@scope/bar`"). If NOT — they said something like "yes",
 "add an MCP", "what can I install" — your FIRST action is to show
@@ -295,6 +301,9 @@ Outcomes:
 
 ## Removing an MCP
 
+**Note — built-in `jfrog`:** removal is `/plugin uninstall jfrog`
+ONLY; never delete it from `.mcp.json`.
+
 1. Delete the entry from `mcpServers` in the file it was installed
    in (`.mcp.json` or top-level `~/.claude.json`).
 2. If OAuth was used (Step 5), also remove its entry from
@@ -309,7 +318,7 @@ touching any file or shell:
 
 | User said… | Run |
 | --- | --- |
-| "available", "what can I install", "what's in the catalog", "list MCPs" without other context | **Available to install** below — go straight to `--list-available`; do NOT inspect local files first |
+| "available", "what can I install", "what's in the catalog", "list MCPs", "what MCPs can I use", "which MCP servers can I use" without other context | **Available to install** below — go straight to `--list-available`; do NOT inspect local files first |
 | "installed", "configured", "connected", "running", "what MCPs do I have" | **Currently installed** below |
 | ambiguous / both | run **both** subsections in order: Currently installed first, then Available to install, and present them as separate tables |
 
@@ -329,7 +338,9 @@ elsewhere.
    and whose `args` include `@jfrog/agent-guard`, show: display name
    (the JSON key), package (`mcp=` in `_JF_ARGS`), server
    ID (value after `--server`), scope (project / user).
-3. If a configured entry does not appear in `claude mcp list`, it is
+3. The bundled `jfrog` entry (`_JF_ARGS=mcp=jfrog-mcp`) is reported
+   with `scope: plugin (jfrog)`, `package: jfrog-mcp (bundled)`.
+4. If a configured entry does not appear in `claude mcp list`, it is
    either pending approval (see Step 4a) or filtered by an
    `allowedMcpServers` / `deniedMcpServers` policy in managed
    settings (`managed-settings.json`; `allowedMcpServers` is
@@ -451,6 +462,14 @@ the display name.
   undefined `${VAR}`), or an `allowedMcpServers` / `deniedMcpServers`
   policy in managed settings (`managed-settings.json`) filtering the
   entry.
+- **Built-in `jfrog` MCP missing** — almost always either (a)
+  `JFROG_URL` / `JFROG_ACCESS_TOKEN` not exported in the launching
+  shell (agent-guard reads them from the shell for the plugin's
+  bundled `jfrog` entry — they MUST NEVER be added to any
+  `.mcp.json` `env` block, including the bundled one); fails fast at
+  startup, check the error in `/mcp`. Or (b) an MDM
+  `deniedMcpServers` entry denying the agent-guard command. Both are
+  environment issues, not plugin issues.
 - **Agent Guard: `multiple/no JFrog server configured`** (the agent guard
   cannot pick a JFrog server) — pass `--server <ID>` (after
   `jf c add <SERVER_ID>`) OR export both `JFROG_URL` and