From 72b0ad06fd338749f9c8c24d695bbd3aa9802edc Mon Sep 17 00:00:00 2001
From: yanivt <yanivt@jfrog.com>
Date: Wed, 10 Jun 2026 10:04:49 +0300
Subject: [PATCH 1/8] mcp

---
 plugins/jfrog/.cursor-plugin/plugin.json      |  2 +-
 plugins/jfrog/README.md                       | 24 ++++++++-
 .../jfrog/templates/jfrog-mcp-management.md   | 52 +++++++++++++++++--
 3 files changed, 72 insertions(+), 6 deletions(-)

diff --git a/plugins/jfrog/.cursor-plugin/plugin.json b/plugins/jfrog/.cursor-plugin/plugin.json
index 0fb9e09..f040179 100644
--- a/plugins/jfrog/.cursor-plugin/plugin.json
+++ b/plugins/jfrog/.cursor-plugin/plugin.json
@@ -1,7 +1,7 @@
 {
   "name": "jfrog",
   "displayName": "JFrog Platform",
-  "version": "0.5.2",
+  "version": "0.5.3",
   "description": "JFrog Platform integration with MCP, security skills, supply-chain best practices, and JFrog Agent Guard governance for adding, removing, and listing MCP servers.",
   "author": {
     "name": "JFrog",
diff --git a/plugins/jfrog/README.md b/plugins/jfrog/README.md
index d3919f0..b4ff89b 100644
--- a/plugins/jfrog/README.md
+++ b/plugins/jfrog/README.md
@@ -17,11 +17,33 @@ CLI authentication options: run `jf login` for browser-based setup, or set the `
 
 | Component | Path | Description |
 |---|---|---|
-| **MCP** | `mcp.json` | Remote JFrog MCP server (OAuth, no API keys) |
+| **MCP** | `mcp.json` | Plugin-bundled JFrog MCP at `https://${JFROG_PLATFORM_URL}/mcp` (server name: `jfrog`). Always available, not subject to AI Catalog policy — see [Plugin-managed JFrog MCP](#plugin-managed-jfrog-mcp). |
 | **Rule** | `rules/jfrog-security.mdc` | Supply-chain security practices for dependency files |
 | **Agent** | `agents/supply-chain-security.md` | Dependency audit for CVEs, licenses, and curation |
 | **Hook** | `hooks/hooks.json` | Agent Guard — MCP server governance via JFrog AI Catalog |
 
+### Plugin-managed JFrog MCP
+
+The plugin ships a built-in `jfrog` MCP registered in `mcp.json`,
+pointing at `https://${JFROG_PLATFORM_URL}/mcp`. Cursor starts it
+automatically when the plugin is enabled — no manual install, no
+Agent Guard catalog fetch, no AI Catalog approval involved.
+
+**Always on, regardless of AI Catalog policy.** The plugin owns this
+MCP. AI Catalog allow/deny lists, missing entitlement, and catalog
+reconciliation never reach this entry. The only supported removal is
+uninstalling the plugin from Cursor.
+
+**Subject to Cursor admin MCP Configuration.** Like every MCP, the
+`jfrog` server is filtered by your Cursor admin's **MCP
+Configuration** panel and the global MCP toggles. The plugin cannot
+opt out of admin policy. If admins use a URL allowlist, they should
+permit `https://${JFROG_PLATFORM_URL}/mcp` (e.g. via a wildcard like
+`https://*.jfrog.io/mcp`). The claude-plugin and vscode-plugin
+sibling plugins use a different shape (`npx @jfrog/agent-guard` with
+a builtin signal in env) for tighter integration with the JFrog
+agent-guard policy hook on those platforms.
+
 ### Skills
 
 | Skill | Triggers when you mention... |
diff --git a/plugins/jfrog/templates/jfrog-mcp-management.md b/plugins/jfrog/templates/jfrog-mcp-management.md
index 33b5547..763d5ac 100644
--- a/plugins/jfrog/templates/jfrog-mcp-management.md
+++ b/plugins/jfrog/templates/jfrog-mcp-management.md
@@ -1,9 +1,41 @@
+# Plugin-managed JFrog MCP — always-on, off-limits to Agent Guard
+
+The plugin ships a built-in `jfrog` MCP (HTTP at
+`https://${JFROG_PLATFORM_URL}/mcp`) registered in the plugin's own
+`mcp.json`. **Read these rules before any MCP action below**:
+
+- `jfrog` is always available to the user with respect to AI Catalog
+  policy. Never tell them it is blocked, missing, or pending because
+  the catalog disallowed it or entitlement is off.
+- NEVER run any Agent Guard flow (`--inspect`, `--login`, install,
+  remove) against the plugin-managed `jfrog` server, and NEVER edit,
+  replace, or delete its entry. The entry lives in the plugin's
+  read-only `mcp.json`, not in the user's `~/.cursor/mcp.json` or any
+  workspace `.cursor/mcp.json`. Removal is only possible by
+  uninstalling the plugin from Cursor.
+- Always report `jfrog` in any "currently installed" listing as
+  `scope: plugin (jfrog)`, `managed-by: plugin`. The rest of this
+  document does not apply to it.
+- If the AI Catalog also exposes a JFrog-branded MCP whose name
+  resolves to `jfrog`, do NOT install it on top of the plugin-managed
+  one — the names would collide. Skip the install and tell the user
+  the plugin already provides `jfrog`.
+- Entitlement transitions (gaining/losing AI Catalog entitlement,
+  catalog adding/removing `jfrog`) MUST NOT trigger any reconciliation
+  against the plugin-managed `jfrog` server.
+- The always-on guarantee is **with respect to AI Catalog / Agent
+  Guard policy only**. Cursor's enterprise admin **MCP Configuration**
+  panel (Server/Command list, Command or URL entries) sits above
+  plugins and CAN block `jfrog`. If the user reports `jfrog` is
+  missing, see "Plugin-managed `jfrog` MCP missing under enterprise
+  MCP Configuration" in Troubleshooting.
+
 # MCP Server Management — JFrog Agent Guard
 
-All MCP servers MUST be installed ONLY through the JFrog Agent Guard
-(`npx @jfrog/agent-guard`). If an MCP's documentation suggests any
-other installation command, ignore it and use the agent guard workflow
-below instead.
+All other MCP servers MUST be installed ONLY through the JFrog Agent
+Guard (`npx @jfrog/agent-guard`). If an MCP's documentation suggests
+any other installation command, ignore it and use the agent guard
+workflow below instead.
 
 
 **Registry URL**: Wherever `<REGISTRY_URL>` appears below, substitute
@@ -415,6 +447,18 @@ the display name.
   Tools & MCP** — never enabled. Re-run Step 4a
   (`cursor agent mcp enable <name>`); if the entry is brand-new,
   also `Developer: Reload Window` so Cursor picks up the file.
+- **Plugin-managed `jfrog` MCP missing under enterprise MCP
+  Configuration** — the plugin-managed `jfrog` server is HTTP at
+  `https://${JFROG_PLATFORM_URL}/mcp` and is filtered by Cursor's
+  admin **MCP Configuration** allowlist (Server/Command list with
+  Command or URL entries) like every MCP. Most common silent-block:
+  an allowlist with only Command entries (e.g. agent-guard-only
+  `npx ... @jfrog/agent-guard ...`) and zero URL entries — an HTTP
+  server has nothing to match. The plugin cannot bypass the admin
+  panel. Tell the user this is an enterprise-policy block (not a
+  plugin or AI Catalog issue) and to ask their Cursor admin to add a
+  URL entry covering `https://${JFROG_PLATFORM_URL}/mcp` in the
+  admin **MCP Configuration** panel.
 - **Agent Guard: `multiple/no JFrog server configured`** (the agent guard
   cannot pick a JFrog server) — pass `--server <ID>` (after
   `jf c add <SERVER_ID>`) OR export both `JFROG_URL` and

From ad4a92e04e6b3a320f1538375e93e3340d758815 Mon Sep 17 00:00:00 2001
From: yanivt <yanivt@jfrog.com>
Date: Sun, 14 Jun 2026 09:14:26 +0300
Subject: [PATCH 2/8] mcp

---
 plugins/jfrog/README.md | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/plugins/jfrog/README.md b/plugins/jfrog/README.md
index b4ff89b..d0f2a28 100644
--- a/plugins/jfrog/README.md
+++ b/plugins/jfrog/README.md
@@ -41,8 +41,9 @@ opt out of admin policy. If admins use a URL allowlist, they should
 permit `https://${JFROG_PLATFORM_URL}/mcp` (e.g. via a wildcard like
 `https://*.jfrog.io/mcp`). The claude-plugin and vscode-plugin
 sibling plugins use a different shape (`npx @jfrog/agent-guard` with
-a builtin signal in env) for tighter integration with the JFrog
-agent-guard policy hook on those platforms.
+the reserved name `jfrog-plugin-mcp` in `_JF_ARGS` and no project)
+for tighter integration with the JFrog agent-guard policy hook on
+those platforms.
 
 ### Skills
 

From 6ab10be1286546c5203529ce943dd0d875b27057 Mon Sep 17 00:00:00 2001
From: yanivt <yanivt@jfrog.com>
Date: Sun, 14 Jun 2026 15:20:13 +0300
Subject: [PATCH 3/8] mcp

---
 plugins/jfrog/README.md                       | 29 +++---------
 .../jfrog/templates/jfrog-mcp-management.md   | 44 +++++++------------
 2 files changed, 24 insertions(+), 49 deletions(-)

diff --git a/plugins/jfrog/README.md b/plugins/jfrog/README.md
index d0f2a28..f916742 100644
--- a/plugins/jfrog/README.md
+++ b/plugins/jfrog/README.md
@@ -17,33 +17,18 @@ CLI authentication options: run `jf login` for browser-based setup, or set the `
 
 | Component | Path | Description |
 |---|---|---|
-| **MCP** | `mcp.json` | Plugin-bundled JFrog MCP at `https://${JFROG_PLATFORM_URL}/mcp` (server name: `jfrog`). Always available, not subject to AI Catalog policy — see [Plugin-managed JFrog MCP](#plugin-managed-jfrog-mcp). |
+| **MCP** | `mcp.json` | Built-in JFrog MCP at `https://${JFROG_PLATFORM_URL}/mcp` (server name: `jfrog`). Always available, not subject to AI Catalog policy — see [JFrog MCP](#jfrog-mcp). |
 | **Rule** | `rules/jfrog-security.mdc` | Supply-chain security practices for dependency files |
 | **Agent** | `agents/supply-chain-security.md` | Dependency audit for CVEs, licenses, and curation |
 | **Hook** | `hooks/hooks.json` | Agent Guard — MCP server governance via JFrog AI Catalog |
 
-### Plugin-managed JFrog MCP
+### JFrog MCP
 
-The plugin ships a built-in `jfrog` MCP registered in `mcp.json`,
-pointing at `https://${JFROG_PLATFORM_URL}/mcp`. Cursor starts it
-automatically when the plugin is enabled — no manual install, no
-Agent Guard catalog fetch, no AI Catalog approval involved.
-
-**Always on, regardless of AI Catalog policy.** The plugin owns this
-MCP. AI Catalog allow/deny lists, missing entitlement, and catalog
-reconciliation never reach this entry. The only supported removal is
-uninstalling the plugin from Cursor.
-
-**Subject to Cursor admin MCP Configuration.** Like every MCP, the
-`jfrog` server is filtered by your Cursor admin's **MCP
-Configuration** panel and the global MCP toggles. The plugin cannot
-opt out of admin policy. If admins use a URL allowlist, they should
-permit `https://${JFROG_PLATFORM_URL}/mcp` (e.g. via a wildcard like
-`https://*.jfrog.io/mcp`). The claude-plugin and vscode-plugin
-sibling plugins use a different shape (`npx @jfrog/agent-guard` with
-the reserved name `jfrog-plugin-mcp` in `_JF_ARGS` and no project)
-for tighter integration with the JFrog agent-guard policy hook on
-those platforms.
+The plugin ships a built-in `jfrog` MCP registered in `mcp.json`, pointing
+at `https://${JFROG_PLATFORM_URL}/mcp`. Cursor launches it automatically
+when the plugin is enabled. If your Cursor admin enforces a URL allowlist,
+permit `https://${JFROG_PLATFORM_URL}/mcp` (or a wildcard like
+`https://*.jfrog.io/mcp`).
 
 ### Skills
 
diff --git a/plugins/jfrog/templates/jfrog-mcp-management.md b/plugins/jfrog/templates/jfrog-mcp-management.md
index 763d5ac..544bbd4 100644
--- a/plugins/jfrog/templates/jfrog-mcp-management.md
+++ b/plugins/jfrog/templates/jfrog-mcp-management.md
@@ -1,34 +1,24 @@
-# Plugin-managed JFrog MCP — always-on, off-limits to Agent Guard
+# Built-in `jfrog` MCP
 
-The plugin ships a built-in `jfrog` MCP (HTTP at
-`https://${JFROG_PLATFORM_URL}/mcp`) registered in the plugin's own
-`mcp.json`. **Read these rules before any MCP action below**:
+The plugin ships a built-in `jfrog` MCP at
+`https://${JFROG_PLATFORM_URL}/mcp` in its read-only `mcp.json`.
+**Hard rules** (apply before any MCP action below):
 
-- `jfrog` is always available to the user with respect to AI Catalog
-  policy. Never tell them it is blocked, missing, or pending because
-  the catalog disallowed it or entitlement is off.
+- `jfrog` is always available with respect to AI Catalog policy;
+  never tell the user it's blocked or missing for catalog reasons.
 - NEVER run any Agent Guard flow (`--inspect`, `--login`, install,
-  remove) against the plugin-managed `jfrog` server, and NEVER edit,
-  replace, or delete its entry. The entry lives in the plugin's
-  read-only `mcp.json`, not in the user's `~/.cursor/mcp.json` or any
-  workspace `.cursor/mcp.json`. Removal is only possible by
-  uninstalling the plugin from Cursor.
-- Always report `jfrog` in any "currently installed" listing as
+  remove) against `jfrog`, and NEVER edit or delete its entry.
+  Removal is only possible by uninstalling the plugin from Cursor.
+- In any "currently installed" listing, report `jfrog` as
   `scope: plugin (jfrog)`, `managed-by: plugin`. The rest of this
   document does not apply to it.
-- If the AI Catalog also exposes a JFrog-branded MCP whose name
-  resolves to `jfrog`, do NOT install it on top of the plugin-managed
-  one — the names would collide. Skip the install and tell the user
-  the plugin already provides `jfrog`.
-- Entitlement transitions (gaining/losing AI Catalog entitlement,
-  catalog adding/removing `jfrog`) MUST NOT trigger any reconciliation
-  against the plugin-managed `jfrog` server.
-- The always-on guarantee is **with respect to AI Catalog / Agent
-  Guard policy only**. Cursor's enterprise admin **MCP Configuration**
-  panel (Server/Command list, Command or URL entries) sits above
+- If the AI Catalog also exposes an MCP whose name resolves to
+  `jfrog`, do NOT install it — names would collide. Skip and tell
+  the user the plugin already provides `jfrog`.
+- Cursor's enterprise admin **MCP Configuration** panel sits above
   plugins and CAN block `jfrog`. If the user reports `jfrog` is
-  missing, see "Plugin-managed `jfrog` MCP missing under enterprise
-  MCP Configuration" in Troubleshooting.
+  missing, see "Built-in `jfrog` MCP missing under enterprise MCP
+  Configuration" in Troubleshooting.
 
 # MCP Server Management — JFrog Agent Guard
 
@@ -447,8 +437,8 @@ the display name.
   Tools & MCP** — never enabled. Re-run Step 4a
   (`cursor agent mcp enable <name>`); if the entry is brand-new,
   also `Developer: Reload Window` so Cursor picks up the file.
-- **Plugin-managed `jfrog` MCP missing under enterprise MCP
-  Configuration** — the plugin-managed `jfrog` server is HTTP at
+- **Built-in `jfrog` MCP missing under enterprise MCP
+  Configuration** — the built-in `jfrog` server is HTTP at
   `https://${JFROG_PLATFORM_URL}/mcp` and is filtered by Cursor's
   admin **MCP Configuration** allowlist (Server/Command list with
   Command or URL entries) like every MCP. Most common silent-block:

From 7bb055b5194a16083a1fa119330177c288b36430 Mon Sep 17 00:00:00 2001
From: yanivt <yanivt@jfrog.com>
Date: Sun, 14 Jun 2026 15:28:58 +0300
Subject: [PATCH 4/8] mcp

---
 plugins/jfrog/templates/jfrog-mcp-management.md | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/plugins/jfrog/templates/jfrog-mcp-management.md b/plugins/jfrog/templates/jfrog-mcp-management.md
index 544bbd4..f348df7 100644
--- a/plugins/jfrog/templates/jfrog-mcp-management.md
+++ b/plugins/jfrog/templates/jfrog-mcp-management.md
@@ -12,9 +12,12 @@ The plugin ships a built-in `jfrog` MCP at
 - In any "currently installed" listing, report `jfrog` as
   `scope: plugin (jfrog)`, `managed-by: plugin`. The rest of this
   document does not apply to it.
-- If the AI Catalog also exposes an MCP whose name resolves to
-  `jfrog`, do NOT install it — names would collide. Skip and tell
-  the user the plugin already provides `jfrog`.
+- If the AI Catalog also publishes the JFrog MCP (typically as
+  `jfrog-mcp`) and the user wants catalog-managed tool policy,
+  install it via the standard catalog flow under a different
+  `mcpServers` key — e.g., `jfrog-catalog` — so it coexists with
+  the built-in `jfrog`. Tell the user about the rename and that
+  they end up with both entries.
 - Cursor's enterprise admin **MCP Configuration** panel sits above
   plugins and CAN block `jfrog`. If the user reports `jfrog` is
   missing, see "Built-in `jfrog` MCP missing under enterprise MCP

From 85cec072be97b57acaba8b9428346d4ecfdeeb4e Mon Sep 17 00:00:00 2001
From: yanivt <yanivt@jfrog.com>
Date: Tue, 16 Jun 2026 16:38:20 +0300
Subject: [PATCH 5/8] mcp

---
 plugins/jfrog/mcp.json | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/plugins/jfrog/mcp.json b/plugins/jfrog/mcp.json
index a89f5dd..21c628f 100644
--- a/plugins/jfrog/mcp.json
+++ b/plugins/jfrog/mcp.json
@@ -1,7 +1,15 @@
 {
   "mcpServers": {
     "jfrog": {
-      "url": "https://${JFROG_PLATFORM_URL}/mcp"
+      "command": "npx",
+      "args": [
+        "--yes",
+        "--registry", "${JFROG_AGENT_GUARD_REPO:-https://releases.jfrog.io/artifactory/api/npm/coding-agents-npm/}",
+        "@jfrog/agent-guard"
+      ],
+      "env": {
+        "_JF_ARGS": "mcp=jfrog-mcp"
+      }
     }
   }
 }

From 89db210579f64f7745c7af6161e54c98f449de50 Mon Sep 17 00:00:00 2001
From: yanivt <yanivt@jfrog.com>
Date: Tue, 16 Jun 2026 16:53:15 +0300
Subject: [PATCH 6/8] alignment for jfrog mcp to be like claude

---
 plugins/jfrog/README.md                       | 20 +++---
 .../jfrog/templates/jfrog-mcp-management.md   | 61 +++++++++----------
 2 files changed, 41 insertions(+), 40 deletions(-)

diff --git a/plugins/jfrog/README.md b/plugins/jfrog/README.md
index f21e879..9d2e91e 100644
--- a/plugins/jfrog/README.md
+++ b/plugins/jfrog/README.md
@@ -8,25 +8,27 @@ JFrog Platform integration for Cursor — artifact management, security scanning
 2. An admin must **enable the JFrog MCP Server** on the platform (Cloud/SaaS only):
    - Navigate to **Administration > General > Settings** in the JFrog UI.
    - Toggle the **MCP Server** option ON and save.
-3. Set the `JFROG_PLATFORM_URL` environment variable to your JFrog instance (e.g., `mycompany.jfrog.io`).
-4. **JFrog CLI** (`jf`) is used by the skills for authentication and REST/GraphQL API operations. If missing, the agent will attempt to install it. You can also install manually via `brew install jfrog-cli` or the [official install script](https://jfrog.com/help/r/jfrog-cli/install-the-jfrog-cli).
+3. Set the `JFROG_URL` (full URL, e.g. `https://mycompany.jfrog.io`) and `JFROG_ACCESS_TOKEN` environment variables — the built-in `jfrog` MCP needs both at launch.
+4. **Node.js** (≥ 14) — with `npx` on your `PATH` (used to launch `@jfrog/agent-guard`).
+5. **JFrog CLI** (`jf`) is used by the skills for authentication and REST/GraphQL API operations. If missing, the agent will attempt to install it. You can also install manually via `brew install jfrog-cli` or the [official install script](https://jfrog.com/help/r/jfrog-cli/install-the-jfrog-cli).
 
-CLI authentication options: run `jf login` for browser-based setup, or set the `JFROG_ACCESS_TOKEN` environment variable. MCP-based workflows authenticate via **OAuth** and require no additional configuration.
+CLI authentication options: run `jf login` for browser-based setup, or set the same `JFROG_ACCESS_TOKEN` from step 3.
 
 ## Included
 
 | Component | Path | Description |
 |---|---|---|
-| **MCP** | `mcp.json` | Built-in JFrog MCP at `https://${JFROG_PLATFORM_URL}/mcp` (server name: `jfrog`). Always available, not subject to AI Catalog policy — see [JFrog MCP](#jfrog-mcp). |
+| **MCP** | `mcp.json` | Built-in JFrog MCP routed through `@jfrog/agent-guard` to `${JFROG_URL}/mcp` (server name: `jfrog`). Always available, not subject to AI Catalog policy — see [JFrog MCP](#jfrog-mcp). |
 | **Hook** | `hooks/hooks.json` | Agent Guard — MCP server governance via JFrog AI Catalog |
 
 ### JFrog MCP
 
-The plugin ships a built-in `jfrog` MCP registered in `mcp.json`, pointing
-at `https://${JFROG_PLATFORM_URL}/mcp`. Cursor launches it automatically
-when the plugin is enabled. If your Cursor admin enforces a URL allowlist,
-permit `https://${JFROG_PLATFORM_URL}/mcp` (or a wildcard like
-`https://*.jfrog.io/mcp`).
+The plugin ships a built-in `jfrog` MCP registered in `mcp.json`. Cursor
+launches it automatically as `npx @jfrog/agent-guard` with
+`_JF_ARGS=mcp=jfrog-mcp`. agent-guard recognizes that shape, skips the AI
+Catalog, and connects directly to `${JFROG_URL}/mcp` with
+`Authorization: Bearer ${JFROG_ACCESS_TOKEN}` (both env vars are listed
+under [Prerequisites](#prerequisites)).
 
 ### Skills
 
diff --git a/plugins/jfrog/templates/jfrog-mcp-management.md b/plugins/jfrog/templates/jfrog-mcp-management.md
index cc59bab..0c1a5ec 100644
--- a/plugins/jfrog/templates/jfrog-mcp-management.md
+++ b/plugins/jfrog/templates/jfrog-mcp-management.md
@@ -1,27 +1,28 @@
 # Built-in `jfrog` MCP
 
-The plugin ships a built-in `jfrog` MCP at
-`https://${JFROG_PLATFORM_URL}/mcp` in its read-only `mcp.json`.
-**Hard rules** (apply before any MCP action below):
-
-- `jfrog` is always available with respect to AI Catalog policy;
-  never tell the user it's blocked or missing for catalog reasons.
-- NEVER run any Agent Guard flow (`--inspect`, `--login`, install,
-  remove) against `jfrog`, and NEVER edit or delete its entry.
-  Removal is only possible by uninstalling the plugin from Cursor.
+The plugin ships a built-in `jfrog` MCP in its read-only `mcp.json`,
+launched as `npx @jfrog/agent-guard` with `_JF_ARGS=mcp=jfrog-mcp`.
+agent-guard recognizes that shape, skips the AI Catalog, and connects
+directly to `${JFROG_URL}/mcp`. **Hard rules** (apply before any MCP
+action below):
+
+- `jfrog` is always available; never tell the user it's blocked,
+  missing, or pending because of catalog/entitlement.
+- NEVER run any Agent Guard catalog flow (`--inspect`, `--login`,
+  install, remove) against `jfrog`, and NEVER edit or delete its
+  entry. Removal is only possible by uninstalling the plugin from
+  Cursor.
 - In any "currently installed" listing, report `jfrog` as
   `scope: plugin (jfrog)`, `managed-by: plugin`. The rest of this
   document does not apply to it.
-- If the AI Catalog also publishes the JFrog MCP (typically as
-  `jfrog-mcp`) and the user wants catalog-managed tool policy,
-  install it via the standard catalog flow under a different
-  `mcpServers` key — e.g., `jfrog-catalog` — so it coexists with
-  the built-in `jfrog`. Tell the user about the rename and that
-  they end up with both entries.
-- Cursor's enterprise admin **MCP Configuration** panel sits above
-  plugins and CAN block `jfrog`. If the user reports `jfrog` is
-  missing, see "Built-in `jfrog` MCP missing under enterprise MCP
-  Configuration" in Troubleshooting.
+- Tool calls on the built-in `jfrog` are constrained by the JFrog
+  access token, not by AI Catalog tool policy. If the AI Catalog
+  also publishes the JFrog MCP (typically as `jfrog-mcp`) and the
+  user wants catalog-managed tool policy, install it via the
+  standard catalog flow (`_JF_ARGS=project=<key>&mcp=jfrog-mcp`)
+  under a different `mcpServers` key — e.g., `jfrog-catalog` — so
+  it coexists with the built-in `jfrog`. Tell the user about the
+  rename and that they end up with both entries.
 
 # MCP Server Management — JFrog Agent Guard
 
@@ -446,18 +447,16 @@ the display name.
   Tools & MCP** — never enabled. Re-run Step 4a
   (`cursor agent mcp enable <name>`); if the entry is brand-new,
   also `Developer: Reload Window` so Cursor picks up the file.
-- **Built-in `jfrog` MCP missing under enterprise MCP
-  Configuration** — the built-in `jfrog` server is HTTP at
-  `https://${JFROG_PLATFORM_URL}/mcp` and is filtered by Cursor's
-  admin **MCP Configuration** allowlist (Server/Command list with
-  Command or URL entries) like every MCP. Most common silent-block:
-  an allowlist with only Command entries (e.g. agent-guard-only
-  `npx ... @jfrog/agent-guard ...`) and zero URL entries — an HTTP
-  server has nothing to match. The plugin cannot bypass the admin
-  panel. Tell the user this is an enterprise-policy block (not a
-  plugin or AI Catalog issue) and to ask their Cursor admin to add a
-  URL entry covering `https://${JFROG_PLATFORM_URL}/mcp` in the
-  admin **MCP Configuration** panel.
+- **Built-in `jfrog` MCP missing** — almost always either (a)
+  `JFROG_URL` / `JFROG_ACCESS_TOKEN` unset (agent-guard fails fast at
+  startup; check the error in the Cursor MCP / Output panel), or (b)
+  Cursor's admin **MCP Configuration** allowlist filters the
+  `npx ... @jfrog/agent-guard` Command. The plugin cannot bypass the
+  admin panel — tell the user this is an environment / enterprise
+  policy issue (not a plugin or AI Catalog issue) and either to set
+  the env vars or to ask their Cursor admin to add a Command entry
+  covering `npx ... @jfrog/agent-guard` (no `--server` / `--mcp` /
+  `--project` args) in the admin **MCP Configuration** panel.
 - **Agent Guard: `multiple/no JFrog server configured`** (the agent guard
   cannot pick a JFrog server) — pass `--server <ID>` (after
   `jf c add <SERVER_ID>`) OR export both `JFROG_URL` and

From 10c9b2c4569188a5ccca899b3c95a759acfb39d4 Mon Sep 17 00:00:00 2001
From: yanivt <yanivt@jfrog.com>
Date: Tue, 16 Jun 2026 16:59:57 +0300
Subject: [PATCH 7/8] alignment for jfrog mcp

---
 README.md | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 53f3739..4a3b7c4 100644
--- a/README.md
+++ b/README.md
@@ -52,12 +52,14 @@ Use either the marketplace link from the [Configure Cursor](https://docs.jfrog.c
 
 | Variable | Description |
 | --- | --- |
-| `JFROG_PLATFORM_URL` | Your JFrog platform URL, e.g. `mycompany.jfrog.io` |
+| `JFROG_URL` | Your JFrog platform URL, e.g. `https://mycompany.jfrog.io` |
 | `JFROG_ACCESS_TOKEN` | Your JFrog access token |
 
+The built-in `jfrog` MCP launches `npx @jfrog/agent-guard` and reads both `JFROG_URL` and `JFROG_ACCESS_TOKEN` from the launching shell, so make sure they're exported in the shell that starts Cursor.
+
 ### 2. Configure the JFrog CLI
 
-Run `jf login` for browser-based setup, or set the `JFROG_ACCESS_TOKEN` environment variable. MCP-based workflows authenticate via OAuth and require no additional configuration.
+Run `jf login` for browser-based setup, or set the same `JFROG_ACCESS_TOKEN` from step 1.
 
 ---
 

From e8d4e528cf42d8571204c6b05a19862efc8db701 Mon Sep 17 00:00:00 2001
From: yanivt <yanivt@jfrog.com>
Date: Tue, 16 Jun 2026 21:11:38 +0300
Subject: [PATCH 8/8] fix instructions

---
 plugins/jfrog/templates/jfrog-mcp-management.md | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/plugins/jfrog/templates/jfrog-mcp-management.md b/plugins/jfrog/templates/jfrog-mcp-management.md
index 0c1a5ec..ee3b003 100644
--- a/plugins/jfrog/templates/jfrog-mcp-management.md
+++ b/plugins/jfrog/templates/jfrog-mcp-management.md
@@ -448,8 +448,12 @@ the display name.
   (`cursor agent mcp enable <name>`); if the entry is brand-new,
   also `Developer: Reload Window` so Cursor picks up the file.
 - **Built-in `jfrog` MCP missing** — almost always either (a)
-  `JFROG_URL` / `JFROG_ACCESS_TOKEN` unset (agent-guard fails fast at
-  startup; check the error in the Cursor MCP / Output panel), or (b)
+  `JFROG_URL` / `JFROG_ACCESS_TOKEN` not exported in the launching
+  shell (agent-guard reads them from the shell for the plugin's
+  bundled `jfrog` entry — they MUST NEVER be added to any
+  `mcp.json` `env` block, including the bundled one); agent-guard
+  fails fast at startup, check the error in the Cursor MCP / Output
+  panel. Or (b)
   Cursor's admin **MCP Configuration** allowlist filters the
   `npx ... @jfrog/agent-guard` Command. The plugin cannot bypass the
   admin panel — tell the user this is an environment / enterprise