JFrog MCP Server

Official

Overview Schema Related Servers Score Discussions

jfrog_create_permission_target

Define and manage access permissions for resources in the JFrog Platform by creating a new permission target. Specify user and group actions, including READ, WRITE, and MANAGE, for artifacts, builds, and release bundles.

Instructions

Create a new permission target in the JFrog platform

Input Schema

TableJSON Schema

Name	Required	Description	Default
`created_by`	No
`modified_by`	No
`name`	Yes
`resources`	Yes

Implementation Reference

tools/permissions.ts:198-200 (handler)
The handler function for the jfrog_create_permission_target tool. It receives the tool arguments and delegates to the createPermissionTarget helper function.
```
handler: async (args: any) => {
  return await createPermissionTarget(args);
}
```

tools/permissions.ts:83-89 (helper)

Core helper function that performs the HTTP POST request to the JFrog Platform's Access API to create a new permission target and validates the response.

export async function createPermissionTarget(permissionTarget: z.infer<typeof PermissionTargetSchema>) {
  const response = await jfrogRequest("/access/api/v2/permissions", {
    method: "POST",
    body: permissionTarget
  });
  return PermissionTargetSchema.parse(response);
}

tools/permissions.ts:45-54 (schema)

Zod schema defining the structure of the permission target object, used for input validation in the tool's inputSchema via zodToJsonSchema.

const PermissionTargetSchema = z.object({
  name: z.string(),
  resources: z.object({
    artifact: ArtifactResourceSchema.optional(),
    release_bundle: ReleaseBundleResourceSchema.optional(),
    build: BuildResourceSchema.optional()
  }),
  created_by: z.string().optional(),
  modified_by: z.string().optional()
});

tools/permissions.ts:193-201 (registration)

Tool object registration defining the name, description, input schema, and handler for jfrog_create_permission_target.

const createPermissionTargetTool = {
  name: "jfrog_create_permission_target",
  description: "Create a new permission target in the JFrog platform",
  inputSchema: zodToJsonSchema(PermissionTargetSchema),
  //outputSchema: zodToJsonSchema(PermissionTargetSchema),
  handler: async (args: any) => {
    return await createPermissionTarget(args);
  }
};

tools/permissions.ts:288-298 (registration)

Export of the PermissionsTools array, which includes the jfrog_create_permission_target tool (at index for createPermissionTargetTool). This array is imported and spread into the main tools list in tools/index.ts.

export const PermissionsTools = [
  listPermissionTargetsTool,
  getPermissionTargetTool,
  createPermissionTargetTool,
  updatePermissionTargetTool,
  deletePermissionTargetTool,
  getPermissionResourceTool,
  updatePermissionResourceTool,
  replacePermissionResourceTool,
  deletePermissionResourceTool
];

Tool Definition Quality

C2.8/5.0

Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries full burden for behavioral disclosure. It states 'Create' which implies a write/mutation operation, but doesn't mention required permissions, whether the operation is idempotent, potential side effects, or error conditions. This is inadequate for a tool that modifies platform permissions.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is a single, efficient sentence with no wasted words. It's front-loaded with the core action and resource, making it immediately understandable at a basic level despite lacking detail.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness2/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

For a complex permission management tool with 4 parameters (including nested objects), 0% schema coverage, no annotations, and no output schema, the description is severely inadequate. It doesn't explain what a 'permission target' is, how resources are structured, what the expected response looks like, or any behavioral constraints.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters2/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 0%, meaning all 4 parameters are undocumented in the schema. The description provides no information about parameters beyond implying a 'permission target' is created. It doesn't explain what 'name', 'resources', 'created_by', or 'modified_by' represent or how they should be structured, leaving critical gaps.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose4/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the action ('Create') and resource ('new permission target in the JFrog platform'), making the purpose unambiguous. However, it doesn't differentiate from sibling tools like 'jfrog_update_permission_target' or 'jfrog_delete_permission_target' beyond the basic verb, missing an opportunity to clarify scope distinctions.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines2/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides no guidance on when to use this tool versus alternatives. With siblings like 'jfrog_update_permission_target' and 'jfrog_delete_permission_target', there's no indication of prerequisites, use cases, or exclusions, leaving the agent to infer usage from tool names alone.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Related Tools

jfrog_update_permission_targetC
@jfrog/mcp-jfrog
jfrog_get_permission_targetB
@jfrog/mcp-jfrog
jfrog_update_permission_resourceC
@jfrog/mcp-jfrog
jfrog_delete_permission_targetC
@jfrog/mcp-jfrog
jfrog_create_projectC
@jfrog/mcp-jfrog
jfrog_get_permission_resourceC
@jfrog/mcp-jfrog

Latest Blog Posts

Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security
Open Source Has a Bot Problem
By punkpeye on March 19, 2026.
open source

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/jfrog/mcp-jfrog'

If you have feedback or need assistance with the MCP directory API, please join our Discord server