Skip to content

docs: improve MCP Apps integration guide with step-by-step walkthrough#1062

Open
zeroasterisk wants to merge 4 commits intogoogle:mainfrom
zeroasterisk:improve-mcp-apps-guide
Open

docs: improve MCP Apps integration guide with step-by-step walkthrough#1062
zeroasterisk wants to merge 4 commits intogoogle:mainfrom
zeroasterisk:improve-mcp-apps-guide

Conversation

@zeroasterisk
Copy link
Copy Markdown
Collaborator

@zeroasterisk zeroasterisk commented Apr 3, 2026

Summary

Walked through the MCP Apps guide as a new developer and found several issues. This PR improves the guide with clearer step-by-step instructions, correct paths, and troubleshooting tips.

Issues Found & Fixed

  1. Wrong agent path: Guide referenced samples/agent/adk/contact_multiple_surfaces/ which doesn't exist — the correct path is samples/agent/adk/contact_lookup/
  2. Wrong Lit client path: Guide said to run npm run dev in samples/client/lit/contact/ but that directory has no package.json — the actual commands should run from samples/client/lit/
  3. Missing prerequisite steps: No mention of npm install, npm run build:renderer (Lit), or npm run build:sandbox (Angular) — these are required before clients will work
  4. No Python version note: The contact_lookup agent requires Python ≥ 3.13 per its pyproject.toml, but the guide only said "3.12 or higher suggested"
  5. No multi-terminal guidance: Samples need 2-3 simultaneous processes but the guide didn't mention this
  6. Missing GEMINI_API_KEY setup details: Only said "requires GEMINI_API_KEY in .env" without explaining how to set it up (export vs .env file)
  7. Fixed source link: Updated mcp-apps-component.ts GitHub link to correct path under custom-components-example
  8. Added demo:contact shortcut: Mentioned the convenient npm script that runs everything together
  9. Added troubleshooting table: Common errors and solutions for new developers

@zeroasterisk
docs: improve MCP Apps integration guide with step-by-step walkthrough
4109888 
Issues found and fixed:
- Wrong agent path: contact_multiple_surfaces -> contact_lookup
- Wrong Lit client path: samples/client/lit/contact/ has no package.json;
  actual commands run from samples/client/lit/
- Missing prerequisite steps (npm install, build:renderer, build:sandbox)
- No mention of Python version requirements (contact_lookup needs 3.13+)
- No mention that multiple terminals are needed
- Missing GEMINI_API_KEY setup instructions (.env vs export)
- Added demo:contact shortcut for Lit sample
- Added troubleshooting table
- Fixed mcp-apps-component.ts link path (contact -> custom-components-example)
- Clarified build:sandbox requirement for Angular sample
@github-project-automation github-project-automation bot moved this to Todo in A2UI Apr 3, 2026
gemini-code-assist[bot]
gemini-code-assist bot reviewed Apr 3, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request updates the documentation for MCP Apps in A2UI, providing comprehensive prerequisites, step-by-step execution guides for the Lit and Angular samples, and a troubleshooting section. A security review identified critical discrepancies between the documentation's security model and the actual implementation in the linked Lit sample code, specifically regarding iframe sandboxing and the use of the allow-same-origin attribute.

docs/guides/mcp-apps-in-a2ui-surface.md

1. **[Sandbox Proxy (`sandbox.html`)](https://github.com/google/A2UI/blob/main/samples/client/shared/mcp_apps_inner_iframe/sandbox.html)**: An intermediate `iframe` served from the same origin. It isolates raw DOM injection from the main app while maintaining a structured JSON-RPC channel.
- Permissions: **Do not sandbox** in the host template (e.g., [`mcp-app.ts`](https://github.com/google/A2UI/blob/main/samples/client/angular/projects/mcp_calculator/src/a2ui-catalog/mcp-app.ts) or [`mcp-apps-component.ts`](https://github.com/google/A2UI/blob/main/samples/client/lit/contact/ui/custom-components/mcp-apps-component.ts)).
- Permissions: **Do not sandbox** in the host template (e.g., [`mcp-app.ts`](https://github.com/google/A2UI/blob/main/samples/client/angular/projects/mcp_calculator/src/a2ui-catalog/mcp-app.ts) or [`mcp-apps-component.ts`](https://github.com/google/A2UI/blob/main/samples/client/lit/custom-components-example/ui/custom-components/mcp-apps-component.ts)).
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist bot Apr 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security-high high

The linked Lit example (mcp-apps-component.ts) contains two discrepancies with the security model described in this guide:

  1. Outer Iframe Sandboxing: The guide states that the host template should not sandbox the proxy iframe (line 24). However, the Lit component includes a sandbox attribute with allow-same-origin (line 79 of that file).
  2. Inner Iframe Isolation: The guide emphasizes that the inner iframe MUST NOT include allow-same-origin (lines 19 and 27). However, the Lit component explicitly includes it when calling sendSandboxResourceReady (line 179 of that file).

These should be corrected in the sample code to ensure it serves as a secure and consistent reference implementation. The Angular example (mcp-app.ts) correctly follows these principles.

Copy link
Copy Markdown
Collaborator Author

@zeroasterisk zeroasterisk Apr 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch — verified this is a real issue.

Angular sample correctly passes sandbox: 'allow-scripts' to sendSandboxResourceReady() (line ~89 of mcp-app.ts), so the inner iframe ends up with only allow-scripts.

Lit sample passes sandbox: 'allow-scripts allow-forms allow-popups allow-modals allow-same-origin' (line ~179 of mcp-apps-component.ts), which violates the guide's security model.

Additionally:

  • The outer iframe in Lit has sandbox="allow-scripts allow-forms allow-popups allow-modals allow-same-origin" (line 79) — the guide says the proxy iframe should not be sandboxed.
  • The shared sandbox.ts (line 66) sets an initial default of allow-scripts allow-same-origin allow-forms on the inner iframe before sendSandboxResourceReady overrides it — this means there's a brief window where the inner iframe has allow-same-origin.

This is a docs PR so fixing the Lit sample code is out of scope here, but it should be filed as a separate issue. The guide's security model description is correct — the Lit sample doesn't follow it.

@zeroasterisk
fix: correct default ports and add missing renderer build step
88f50f6 
- contact_lookup agent defaults to port 10003, not 8080
- mcp_app_proxy agent defaults to port 10006, not 8080
- Angular client needs build:renderer before npm install
- Updated troubleshooting table with correct port
@zeroasterisk
fix: add --include=dev for npm install, Angular 21 host troubleshooting
938190f 
Verified by running the full sample locally:
- npm install without --include=dev skips @angular/cli
- Angular 21 rejects --host 0.0.0.0 with allowed hosts check
- Added both to troubleshooting table
@zeroasterisk
docs: add MCP Calculator demo GIF to guide
80855cc 
Shows the full flow: initial load → opening the calculator from MCP server →
chatting with the agent. Captured from a real local run.
@zeroasterisk zeroasterisk mentioned this pull request Apr 3, 2026
Closed
zeroasterisk added a commit to zeroasterisk/A2UI-1 that referenced this pull request Apr 3, 2026
@zeroasterisk
fix(security): remove allow-same-origin from MCP Apps sandbox iframes
508231a 
The Lit sample and shared sandbox proxy included allow-same-origin in
iframe sandbox attributes, violating the MCP Apps guide/spec:

- Lit outer iframe: removed sandbox attribute entirely (guide says
  don't sandbox the proxy iframe)
- Lit sendSandboxResourceReady: allow-scripts only (was allow-scripts
  allow-forms allow-popups allow-modals allow-same-origin)
- Shared sandbox.ts inner iframe default: allow-scripts only (was
  allow-scripts allow-same-origin allow-forms)

The Angular sample already correctly used sandbox: 'allow-scripts'.

Confirmed against MCP Apps spec (SEP-1865) and AppBridge SDK docs.

Fixes security discrepancy found by Gemini Code Assist review on google#1062.
@zeroasterisk zeroasterisk mentioned this pull request Apr 3, 2026
Open
zeroasterisk added a commit to zeroasterisk/A2UI-1 that referenced this pull request Apr 5, 2026
@zeroasterisk
fix(security): remove allow-same-origin from MCP Apps sandbox iframes
7fedb1b 
The Lit sample and shared sandbox proxy included allow-same-origin in
iframe sandbox attributes, violating the MCP Apps guide/spec:

- Lit outer iframe: removed sandbox attribute entirely (guide says
  don't sandbox the proxy iframe)
- Lit sendSandboxResourceReady: allow-scripts only (was allow-scripts
  allow-forms allow-popups allow-modals allow-same-origin)
- Shared sandbox.ts inner iframe default: allow-scripts only (was
  allow-scripts allow-same-origin allow-forms)

The Angular sample already correctly used sandbox: 'allow-scripts'.

Confirmed against MCP Apps spec (SEP-1865) and AppBridge SDK docs.

Fixes security discrepancy found by Gemini Code Assist review on google#1062.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wrenj wrenj wrenj approved these changes

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

A2UI
Status: Todo

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@zeroasterisk @wrenj