AX-1705 - Add JFrog CLI credential support to inject-instructions#36
Merged
Conversation
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…jection validation
- inject-instructions.mjs: add 3s timeout on 'jf config export'; emit
{} on template read failure (fail-closed, well-formed empty payload)
- jfrog-mcp-management.md: resolve servers via 'jf config show
--format=json' instead of parsing ~/.jfrog/jfrog-cli.conf.v6; add
Live-execution pre-flight rule; fix two typos
- add scripts/validate-hook-injector.mjs smoke test + CI workflow
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- Add Apache license URL line to inject-instructions.mjs and
validate-hook-injector.mjs headers.
- Template: rename "gateway" -> "agent guard" throughout and
JFROG_MCP_GATEWAY_REPO -> JFROG_AGENT_GUARD_REPO; describe
--list-available output as compact TSV; use jf CLI server with
"isDefault": true when multiple servers exist; fix the garbled
--server clarification; restructure the Pre-flight <SERVER_ID> block
into an ordered "stop at first match" list; add the case-sensitive
package-scope and no-python3/2>&1 Key Rules.
Kept Cursor-specific mechanics (.cursor/mcp.json, mcpServers,
${env:VAR}, cursor agent mcp / Tools & MCPs UI, full_network notes).
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Port the early JFROG_URL validation block from claude-plugin: warn and exit with a single SessionStart payload when JFROG_URL is unset or has a trailing slash, surfacing the misconfig before the MCP server fails with a confusing DNS/double-slash error. Wording adapted to "restart Cursor". Supply a JFROG_URL override in the validator's force-enable test so it exercises the real template-injection path past the new URL check. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…in-add-support-for-jf_cli # Conflicts: # plugins/jfrog/templates/jfrog-mcp-management.md
The injector emits a flat { additional_context } object, not a
hookSpecificOutput/SessionStart wrapper, so the CI validation script
was failing on every run.
Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
yanivt-jfrog
requested changes
Jul 7, 2026
Reviewer asked for a comment on what this part does, in addition to the function-level docstring covering the env-vars-first/jf-CLI -fallback order. Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
…I fallback jf config show/export only support --format=json from CLI 2.105.0 onward; older CLIs error on it. Reviewer flagged this as an undocumented new hard requirement introduced by the jf-CLI credential fallback. Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
yanivt-jfrog
approved these changes
Jul 7, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Replaces #29 — same change, now from a branch on jfrog/cursor-plugin directly instead of a fork branch.
What
Add support for JF_CLI
Why
Users who have the JFrog CLI configured but no env vars set were not getting agent guard instructions injected.
Validation
Test 1 — env vars only: Rename
~/.jfrog/jfrog-cli.conf.v6to.v6.bak, run the script with env vars present, restore the file. Expect:Resolved credentials from environment variables.Test 2 — jf config export fallback: With v6 present, run with
JFROG_URL="" JF_URL="" JFROG_ACCESS_TOKEN="" JF_ACCESS_TOKEN=""as inline overrides. Expect:Resolved credentials via 'jf config export'and the full template injected in stdout.Test 3 — no credentials: Rename v6 to
.v6.bakand blank env vars inline. Expect:'jf config export' failed→No JFrog credentials resolved→Agent Guard not enabled. Stdout must be{}. Restore the file after.