AR

Summary

Implements MCP Apps support per SEP-1865, enabling MCP servers to return interactive HTML UIs (charts, forms, drawing canvases) that render inline in the Chat UI via sandboxed iframes.

  • MCP Apps in Chat UI: New McpAppIframe component renders sandboxed <iframe> with a full JSON-RPC 2.0 postMessage bridge (handshake, tool calls, resource reads, theme sync, size changes, display modes, teardown)
  • MCP Gateway passthrough: _meta now flows from DB instead of being hardcoded to {}
  • LLM Gateway compatibility: Anthropic, OpenAI, and Gemini adapters extract _meta from tool definitions and persist it
  • Security: Session auth + RBAC on all proxy endpoints, strict CSP headers (no unsafe-eval), origin validation via window.location.origin, tool visibility filtering (app-only tools hidden from LLM)

Key changes (27 files, +958/-25)

New files:

  • platform/backend/src/database/migrations/0158_add_tool_meta.sql — adds meta JSONB column to tools table
  • platform/shared/mcp-app-types.ts — shared TypeScript types for MCP App UI metadata
  • platform/backend/src/routes/mcp-app-proxy.tsGET /api/mcp-app/resource (serves HTML with strict CSP) + POST /api/mcp-app/tool-call (proxies iframe tool calls)
  • platform/frontend/src/components/chat/mcp-app-iframe.tsx — iframe component with JSON-RPC 2.0 bridge
  • platform/backend/src/routes/mcp-app-proxy.test.ts — 8 backend tests (CSP, validation)
  • platform/frontend/src/components/chat/mcp-app-iframe.test.tsx — 6 frontend tests (rendering, sandbox)

Modified files:

  • Tool sync pipeline: mcp-client.ts, mcp-server.ts, tool.ts, mcp-reinstall.ts, mcp-server.ts routes — persist _meta during sync
  • MCP Gateway: mcp-gateway.utils.ts — pass through _meta from DB
  • LLM Gateway: anthropic.ts, openai.ts, gemini.ts adapters + llm-proxy-handler.ts + tools.ts — extract and persist _meta
  • Chat streaming: chat-mcp-client.ts extracts toolUiMeta, filters app-only tools, routes.chat.ts streams data-tool-ui-meta
  • Frontend: global-chat-context.tsx handles the new stream part, chat-messages.tsx renders McpAppIframe, chat/page.tsx threads the prop

Addresses PR #2898 review feedback

All 23 review comments from @iskhakov on PR #2898 are addressed:

  • RBAC on proxy endpoints (not just session auth)
  • window.location.origin for postMessage validation (not hardcoded localhost)
  • Strict CSP built server-side from _meta.ui.csp (never unsafe-eval)
  • Tool visibility filtering (app-only tools hidden from LLM)
  • Theme from useOrgTheme() (not hardcoded “dark”)
  • Teardown on unmount

Test plan

  • Backend TypeScript compiles with 0 errors
  • Frontend TypeScript compiles with 0 errors
  • Backend tests: 55/55 pass (mcp-app-proxy, chat-mcp-client, mcp-client)
  • Frontend tests: 6/6 pass (mcp-app-iframe)
  • E2E: install excalidraw-mcp, verify iframe renders in chat
  • E2E: install n8n-mcp, verify iframe renders in chat
  • E2E: verify MCP Gateway passes _meta to 3rd party clients
  • E2E: verify LLM Gateway preserves _meta for 3rd party clients

/claim #1301

Claim

Total prize pool $900
Total paid $0
Status Pending
Submitted February 27, 2026
Last updated February 27, 2026

Contributors

DE

dejan1007

@dejan1007

 100%

Sponsors

AR

Archestra

@archestra-ai

$900