Clarify execution mandates for live command usage in JFrog MCP docume…#18
Merged
MatanEden1 merged 6 commits intoJun 8, 2026
Merged
Conversation
The main merge conflict resolution dropped the STRICT live-execution block from the "Available to install" step. Re-add it while keeping main's server-config clarification and agent-guard rename. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
YoniMelki
requested changes
Jun 7, 2026
YoniMelki
left a comment
YoniMelki
left a comment
Collaborator
There was a problem hiding this comment.
Here are also the changes AI noticed in addition to my review:
- Trailing whitespace (nit). Several added lines have trailing spaces (
live details. ,available MCPs,terminal,turns,fresh). Harmless here, but a single edge case: two trailing spaces in markdown become a hard<br>. Worth stripping. - "every single inquiry" could over-trigger (low/clarification). Within a single add flow, Step 3 (Plan inputs) consumes Step 2's output. The phrase "you MUST physically run the terminal command… for every single inquiry" is aimed at repeated user questions, but a literal reading could push the agent to re-inspect redundantly mid-flow. Consider "each time the user asks again" to anchor it to repeated questions rather than every internal step.
| (compare against `mcp=` in `_JF_ARGS`). Mark the rest as | ||
| available to install. | ||
|
|
||
| ## Key Rules |
Collaborator
There was a problem hiding this comment.
The PR description describes a reinforcement here, it looks like this entire section is unchanged.
Comment on lines
+126
to
+128
| **STRICT LIVE EXECUTION MANDATE:** Every time the user asks for details, parameters, configuration, or an inspection of a specific MCP, you **MUST** physically run the terminal command below. **NEVER** reuse, assume, or copy configuration payloads from previous chat turns or context history, as the underlying configuration or headers may have changed. A fresh, live execution tool call is mandatory for every single inquiry. | ||
|
|
||
| Run EXACTLY this command — no Fetch/WebFetch, no custom curl/Python, no direct JFrog API calls: |
Collaborator
There was a problem hiding this comment.
Isn't it supposed to be in the pre-flight like written in the PR?
Comment on lines
+332
to
+338
| 2. **STRICT LIVE EXECUTION MANDATE:** Every time the user asks to see available MCPs, | ||
| the catalog, or what can be installed, you **MUST** physically run the terminal | ||
| command below. **NEVER** copy, reuse, or re-display lists from previous turns | ||
| or context history, even if the request was made just moments ago. A fresh, | ||
| live execution tool call is mandatory for every single inquiry. | ||
|
|
||
| 3. Run EXACTLY this command — `--project` is passed as a CLI flag |
Collaborator
There was a problem hiding this comment.
It's a near-identical duplication of the previous block in step 2. The "natural" single home is the Pre-Flight section, which already says "applies to every gateway command - --list-available, --inspect, --login" (BTW, this should be called agent guard and not gateway).
Writing it only in the pre-flight will avoid this duplication.
|
|
||
| Run EXACTLY this command — no Fetch/WebFetch, no custom curl/Python, no direct JFrog API calls: | ||
|
|
||
| ```bash |
Collaborator
There was a problem hiding this comment.
Let's remove the bash here since other code blocks don't have it (on purpose for shell-aware OS). I don't want inconsistencies
Collaborator
Author
There was a problem hiding this comment.
Here
the bash meaning is not related with the os,
it just highlight a code snippet
Collaborator
There was a problem hiding this comment.
I know, I still want consistency
Addresses AI review nit: trailing spaces on added lines (two trailing spaces render as a hard <br> in markdown). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
YoniMelki
requested changes
Jun 7, 2026
YoniMelki
left a comment
YoniMelki
left a comment
Collaborator
There was a problem hiding this comment.
--loginis incorrectly inside the re-run mandate (correctness). The new Pre-flight bullet scopes the rule to "--list-available, --inspect, --login." But "re-run, don't recall" is harmful for --login — re-running it re-opens the OAuth browser flow on every inquiry. --login should be excluded from this bullet (it belongs in the header's triplet for project/server resolution, but not in the live-re-run rule). Drop --login from that bullet's scope.- Key Rules reinforcement still missing (your L359 comment). No bullet was added to Key Rules. The PR description still claims one ("Re-run, don't recall (MANDATORY) for --list-available, --inspect, --login"). Either add a short Key Rules bullet pointing to Pre-flight, or update the PR description so it matches the diff. (Note: that description line also repeats the --login mistake.)
- Line 406 heading is now inconsistent. The body was renamed but the bold label wasn't: - Gateway:
multiple/no JFrog server configured(the agent-guard cannot pick…)
Verify whether Gateway: is the literal string the CLI prints. If it's just the doc's label, rename it too (→ "Agent Guard:") so the heading and body agree.
| @@ -1,8 +1,8 @@ | |||
| # MCP Server Management — JFrog Gateway | |||
| # MCP Server Management — JFrog agent-guard | |||
| All MCP servers MUST be installed ONLY through the JFrog Agent Guard | ||
| (`npx @jfrog/agent-guard`). If an MCP's documentation suggests any | ||
| other installation command, ignore it and use the gateway workflow | ||
| other installation command, ignore it and use the agent-guard workflow |
Collaborator
There was a problem hiding this comment.
Suggested change
| other installation command, ignore it and use the agent-guard workflow | |
| other installation command, ignore it and use the agent guard workflow |
| `args`) → `~/.jfrog/jfrog-cli.conf.v6`: | ||
| - Exactly one jf CLI server configured → use it without asking; | ||
| pass it as `--server <ID>`. The gateway would auto-resolve to the same | ||
| pass it as `--server <ID>`. The agent-guard would auto-resolve to the same |
Collaborator
There was a problem hiding this comment.
Suggested change
| pass it as `--server <ID>`. The agent-guard would auto-resolve to the same | |
| pass it as `--server <ID>`. The agent guard would auto-resolve to the same |
| clarity and forward-compatibility. | ||
| - `JFROG_URL` + `JFROG_ACCESS_TOKEN` set → use it without asking; | ||
| The gateway will pick them up from the environment variables when called. | ||
| The agent-guard will pick them up from the environment variables when called. |
Collaborator
There was a problem hiding this comment.
Suggested change
| The agent-guard will pick them up from the environment variables when called. | |
| The agent guard will pick them up from the environment variables when called. |
| 2. Else `JFROG_URL` env var set (with `JFROG_ACCESS_TOKEN`) — the | ||
| gateway can resolve credentials from these directly; | ||
| DO NOT pass `--server` as that would make the gateway try to | ||
| agent-guard can resolve credentials from these directly; |
Collaborator
There was a problem hiding this comment.
Suggested change
| agent-guard can resolve credentials from these directly; | |
| agent guard can resolve credentials from these directly; |
| - Package name MUST come from the catalog (`--inspect` / | ||
| `--list-available`). NEVER guess. NEVER install MCPs outside the | ||
| gateway. NEVER use Fetch/WebFetch for catalog calls. | ||
| agent-guard. NEVER use Fetch/WebFetch for catalog calls. |
Collaborator
There was a problem hiding this comment.
Suggested change
| agent-guard. NEVER use Fetch/WebFetch for catalog calls. | |
| agent guard. NEVER use Fetch/WebFetch for catalog calls. |
|
|
||
| - **`ready` but 0 tools (empty `mcps/<key>/tools/` after a | ||
| Command Palette `Developer: Reload Window`)** — gateway proxy | ||
| Command Palette `Developer: Reload Window`)** — agent-guard proxy |
Collaborator
There was a problem hiding this comment.
Suggested change
| Command Palette `Developer: Reload Window`)** — agent-guard proxy | |
| Command Palette `Developer: Reload Window`)** — agent guard proxy |
| misleading here. NEVER report success when there are 0 tools. | ||
| 1. Open Cursor's MCP / Output panel for the | ||
| gateway stderr; diagnose by MCP type: | ||
| agent-guard stderr; diagnose by MCP type: |
Collaborator
There was a problem hiding this comment.
Suggested change
| agent-guard stderr; diagnose by MCP type: | |
| agent guard stderr; diagnose by MCP type: |
| still valid. | ||
| - **Local (stdio)** — check that the bundled binary actually | ||
| launched (gateway stderr will show the spawn error). | ||
| launched (agent-guard stderr will show the spawn error). |
Collaborator
There was a problem hiding this comment.
Suggested change
| launched (agent-guard stderr will show the spawn error). | |
| launched (agent guard stderr will show the spawn error). |
| (`cursor agent mcp enable <name>`); if the entry is brand-new, | ||
| also `Developer: Reload Window` so Cursor picks up the file. | ||
| - **Gateway: `multiple/no JFrog server configured`** (the gateway | ||
| - **Gateway: `multiple/no JFrog server configured`** (the agent-guard |
Collaborator
There was a problem hiding this comment.
Suggested change
| - **Gateway: `multiple/no JFrog server configured`** (the agent-guard | |
| - **Agent Guard: `multiple/no JFrog server configured`** (the agent guard |
- Move the live-execution mandate into a single Pre-flight rule and remove the duplicated STRICT blocks from Step 2 and Available-to-install. - Exclude --login from the re-run scope (re-running it re-opens the OAuth browser); the Pre-flight header keeps --login for project/server resolution. - Rename remaining prose "gateway" -> "agent guard" (title, body, troubleshooting label); keep the @jfrog/agent-guard package name. - Make shell code fences consistent (plain ```), strip trailing whitespace on touched lines. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
YoniMelki
approved these changes
Jun 7, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
AX-1631: Require live execution for Agent Guard catalog commands (no context reuse)
Summary
Adds an explicit rule to the JFrog Agent Guard governance template instructing the agent to ALWAYS re-run catalog/registry commands live and NEVER reuse a previous command's output from conversation context.
Problem
When a user asked the same question twice in one chat (e.g. "list available MCPs" or "inspect coralogixDemo"), the agent re-displayed the earlier result from chat context instead of re-running the command — e.g. replying
"the list I fetched earlier is still current." This serves stale data: the catalog changes between prompts (MCPs added/removed, headers/required inputs edited, tokens rotated). Two reproductions are attached.
Change
plugins/jfrog/templates/jfrog-mcp-management.md— added a single governance rule to the Pre-flight section (which already applies to every Agent Guard command —--list-available,--inspect,--login):Scoped to catalog/registry fetches only (
--list-availableand--inspect; NOT--login, which would re-open the OAuth browser). Does NOT affect reading local config for installed state. Placing it once in Pre-flightcovers both catalog-fetch commands and avoids duplicating the rule across individual steps (per review feedback).
Testing
node scripts/validate-template.mjs→ passes (CI gate).inject-instructions.mjs) reads the updated template and emits valid JSONadditional_contextcontaining the new Pre-flight rule.