feat(mcp): JFrog Platform remote MCP (token auth) + install hint

[michaelfrog]

Summary

Adds the JFrog Platform remote MCP to the OpenCode plugin (token auth, headless), on top of the skills work (#16). When JFROG_URL + JFROG_ACCESS_TOKEN are set, the plugin registers config.mcp.jfrog so the JFrog platform tools appear in OpenCode alongside the skills.

What changed

• Remote MCP injection in the config hook: config.mcp.jfrog → remote https://<host>/mcp, oauth:false, Authorization: Bearer <token>. Env-gated (host and token required), host precedence JFROG_URL → JF_URL → JFROG_PLATFORM_URL + scheme/trailing-slash normalization, idempotent (never clobbers a user-defined jfrog), JFROG_MCP_DISABLE opt-out. No network on load.
• Token handling: OpenCode does not expand {env:…} in config a plugin injects at runtime, so the plugin reads the token from the environment and sets the resolved Bearer <token> header directly. The token lives in the in-memory session config (sourced from env); the plugin never writes it to disk. Prefer a short-lived jf atc token.
• Install-jf hint: a tool.execute.before hook nudges once/session to install the CLI when jf is missing and a jf command runs. MCP setup problems (missing env, non-JWT token, 401) are surfaced by OpenCode's own mcp list/TUI + the README — a WARNING line is logged (debug) for a non-JWT token.
• Functional refactor + tests: pure helpers (resolveMcpCredentials, mcpServerEntry, commandExists, looksLikeJwt); unit tests for registration, gating, idempotency, host/token precedence + normalization, reference-token-still-registers, and the install hint.
• README: JFrog Platform MCP section — prerequisites (JWT not reference token), token handling, context cost, opt-out, and 401 troubleshooting.

Verification

• lint / typecheck / test (26 pass) / build green; sync-skills:check + pack:check pass.
• Manual: with a JWT → opencode mcp list shows ✓ jfrog connected + jfrog_* tools; reference token → 401 (surfaced by OpenCode) + debug WARNING; no env → not registered; JFROG_MCP_DISABLE=true → not registered.

Notes

• The JFrog MCP exposes 56 tools (+32K tokens/request; OpenCode has no lazy tool loading). Enabled by default for parity with the Cursor/Claude plugins; opt out with JFROG_MCP_DISABLE=true or scope via tools globbing.
• Squash-merge recommended.

[YoniMelki]

4 findings, 2 confirmed bugs + 2 design issues:

• Windows commandExists (line 53): split(':') hardcodes Unix PATH separator; .exe/.cmd extension not probed. hasJfCli is always false on Windows.
• Silent http://→https:// upgrade (line 97): normalizeHost strips scheme, mcpServerEntry hardcodes https://. On-prem HTTP instances get a broken MCP URL with no warning.
• No dedup guard on error toast (line 115): The nudgeShown guard was removed with the info toast, but the broken-package error toast has no equivalent — it fires on every config call.
• registerMcp skipped when skills broken (line 196): Two independent features are coupled; a missing skills/ dir silently prevents MCP registration.