Try JFrog
Guides
Contact SupportTry JFrog
  1. MCP REGISTRY
  2. Enforce Organization-Wide MCP Policies

VS Code: Enforce JFrog-Governed MCP Usage

Install the JFrog Agent Guard hook on developer machines via MDM to enforce organization-wide MCP usage policies in VS Code. Includes macOS, Windows, and Linux deployment instructions.

JFrog enables you to enforce organization-wide MCP usage policies in VS Code by deploying the JFrog Agent Guard hook to developer machines. The hook runs locally on each machine, intercepts MCP calls, and blocks unapproved servers before they execute.

This is one of three organization-wide MCP enforcement models. For a comparison of Claude Code, Cursor, and VS Code enforcement, see Enforce Organization-Wide MCP Policies.

Prerequisites

  • JFrog AI Catalog entitlement with MCP Registry enabled.
  • JFrog Platform administrator access.
  • VS Code Stable or VS Code Insiders installed on all developer machines (and launched at least once, so the settings folder exists).
  • Node.js 18 or later on the PATH on every developer machine.
  • MDM tool with VS Code policy support — Jamf Pro (macOS), Microsoft Intune (Windows), or Kandji (macOS). If you don't have MDM, see the FAQs.
  • At least one MCP server allowed in your JFrog AI Catalog project.

Enforce MCP Usage in VS Code

Enforcing MCP usage in VS Code requires three steps:

  1. Install the Agent Guard hook on all developer machines via MDM
  2. Lock the hook policy via MDM so developers cannot disable it
  3. Inform developers of the critical reload requirement

Step 1: Install the Agent Guard Hook

The JFrog Agent Guard hook is installed via an MDM-pushed script. The installer is idempotent — running it multiple times is safe and will not break the system. If the hook is already installed at the published version, the file copy is skipped and only the registration is re-asserted.

To install the hook:

Push the following command to all developer machines via your MDM tool:

macOS

curl -fsSL https://releases.jfrog.io/artifactory/coding-agents-generic/agent-guard-hook/install-hook.mjs | node

Example for installing the hook on macOS pinned to a specific version:

curl -fsSL https://releases.jfrog.io/artifactory/coding-agents-generic/agent-guard-hook/install-hook.mjs -o install-hook.mjs
node install-hook.mjs --version 0.5.0

Windows (PowerShell)

curl.exe -fsSL https://releases.jfrog.io/artifactory/coding-agents-generic/agent-guard-hook/install-hook.mjs | node

Example for installing the hook on Windows (PowerShell) pinned to a specific version:

curl.exe -fsSL https://releases.jfrog.io/artifactory/coding-agents-generic/agent-guard-hook/install-hook.mjs -o install-hook.mjs
node install-hook.mjs --version 0.5.0

Linux (Bash or Zsh)

curl -fsSL https://releases.jfrog.io/artifactory/coding-agents-generic/agent-guard-hook/install-hook.mjs | node

Example for installing the hook on Linux (Bash or Zsh) pinned to a specific version:

curl -fsSL https://releases.jfrog.io/artifactory/coding-agents-generic/agent-guard-hook/install-hook.mjs -o install-hook.mjs
node install-hook.mjs --version 0.5.0

Step 2: Lock the Hook Policy

After the hook is installed, lock VS Code's ChatHooks policy via MDM so developers cannot disable the hook through the VS Code UI. This ensures the hook remains active regardless of user action.

To lock the hook policy:

macOS

  1. Download mobileconfig`profile:

    curl -fsSL https://releases.jfrog.io/artifactory/coding-agents-generic/agent-guard-hook/install-policy.mjs | node

  2. Push this configuration profile through your MDM (Jamf, Intune, Kandji, or equivalent) to all developer machines.

    The profile locks the VS Code ChatHooks policy to true on all machines it is deployed to.

To remove the lock (for example, during incident response):

Retract the configuration profile through your MDM.

Windows (PowerShell)

  1. Download the MDM policy artifact (IT pushes via Intune / GPO / SCCM):

    curl.exe -fsSL https://releases.jfrog.io/artifactory/coding-agents-generic/agent-guard-hook/install-policy.mjs | node

  2. Push this script through your MDM as a startup or scheduled script that runs with administrator rights:

    powershell -ExecutionPolicy Bypass -File Set-AgentGuardHookPolicy.ps1

    The script writes the VS Code ChatHooks enterprise policy to the Windows registry under HKLM, locking the setting for every user on the machine. Running the script multiple times is safe (idempotent).

To remove the lock (for example, during incident response):

Run the script with the -Unset flag:

powershell -ExecutionPolicy Bypass -File Set-AgentGuardHookPolicy.ps1 -Unset
📘

Note - MDM policy artifact — N/A on Linux

VS Code has no managed-policy mechanism on Linux; install-hook.mjs is the only layer of enforcement on this OS.

Step 3: Inform Developers of the Critical Reload Requirement

⚠️

CRITICAL — Developer Reload Required

After the Agent Guard hook is installed via MDM, the developer must manually reload VS Code for the hook to take effect. Without this step, unapproved MCP servers remain accessible.

Reload instruction for developers:

  1. Open VS Code.
  2. Open the Command Palette (Ctrl+Shift+P on Windows/Linux, Cmd+Shift+P on macOS).
  3. Type Developer: Reload Window and press Enter.
  4. VS Code reloads and the Agent Guard hook activates.

Clearly communicate this requirement to all developers when rolling out the hook. We recommend sending an email or Slack message with these exact steps.

After all developers have reloaded VS Code, the Agent Guard hook is active. Developers can only use approved MCP servers.

Verify activation: You can audit hook decisions by checking the log file on each developer machine:

~/.vscode/hooks/agent-guard-hook.log

This log contains one JSON line per hook decision (allow or deny), so you can verify which MCPs are being accessed and whether any denials have occurred.

Frequently Asked Questions

This section provides answers to frequently asked questions.

FAQs
Q: What happens if a developer doesn't reload VS Code after the hook is installed?

A: The hook will not be active, and unapproved MCP servers will remain accessible to that developer. This is why it's critical to clearly communicate the reload requirement and verify that all developers have reloaded. You can check the hook log at ~/.vscode/hooks/agent-guard-hook.log to confirm whether the hook has been activated.

Q: Can I run the installation script multiple times without breaking anything?

A: Yes. The installer is idempotent — if the hook is already installed at the published version, running it again will only re-assert the registration in settings.json. The file copy is skipped. This makes it safe to re-run the installer through MDM for updates or healing.

Q: What if I don't have MDM infrastructure?

A: Agent Guard Hook enforcement requires MDM to deploy the hook at scale. If you don't have MDM, you have two options:

  1. Evaluate and deploy MDM — Jamf Pro (macOS), Microsoft Intune (Windows), or Kandji (macOS) are common choices. Deploying MDM is a broader security initiative that benefits multiple teams.
  2. Use a different IDE — If MDM is not feasible, consider using Claude Code (managed settings) or Cursor (team config) where governance does not require MDM infrastructure.
Q: How do I know if my organization has MDM infrastructure?

A: Ask your IT or security team: "Do we use Jamf, Intune, Kandji, or similar device management tools?" If the answer is yes, you already have the infrastructure to deploy Agent Guard hooks.

Related Topics