feat(mcp): add show_chart MCP tool + chart-scoped guest tokens (POC) by mistercrunch · Pull Request #39601 · apache/superset · GitHub
Skip to content

feat(mcp): add show_chart MCP tool + chart-scoped guest tokens (POC)#39601

Draft
mistercrunch wants to merge 1 commit intoapache:masterfrom
mistercrunch:mcp-apps
Draft

feat(mcp): add show_chart MCP tool + chart-scoped guest tokens (POC)#39601
mistercrunch wants to merge 1 commit intoapache:masterfrom
mistercrunch:mcp-apps

Conversation

@mistercrunch
Copy link
Copy Markdown
Member

@mistercrunch mistercrunch commented Apr 23, 2026

⚠️ DRAFT / POC — this is an exploratory PR for MCP Apps integration. Not ready for merge.

SUMMARY

Adds a new show_chart MCP tool and a ui://superset/chart-viewer MCP resource that together let MCP Apps clients (e.g. Claude Desktop) render a live, interactive Superset chart inline via a sandboxed iframe — without the user needing an active Superset session in the host app.

Mechanism:

  • show_chart(identifier) mints a short-lived (5 min), chart-scoped guest token and returns explore_url (/explore/?slice_id=…&standalone=1&guest_token=…) plus a resource descriptor for the MCP Apps UI mount point.
  • GuestTokenResourceType gains a CHART member so guest tokens can be scoped to a single chart (in addition to the existing dashboard-scoped path).
  • SupersetSecurityManager.validate_guest_token_resources and a new has_guest_chart_access branch honor chart-scoped tokens.
  • ChartFilter grants read access when the guest token's resource matches the requested chart (by id or uuid).
  • The ui://superset/chart-viewer resource holds the iframe shell the host client mounts.

BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF

To be added after the client-side iframe is wired up end-to-end.

TESTING INSTRUCTIONS

Automated:

pytest tests/unit_tests/mcp_service/chart/tool/test_show_chart.py \
       tests/unit_tests/security/chart_guest_token_test.py

Manual (POC):

  1. Run the Superset MCP service against a running Superset instance.
  2. Call the show_chart tool with {"identifier": "<chart_id_or_uuid>"}.
  3. Open the returned explore_url in a browser — the chart should render standalone without a login redirect.
  4. (Optional) Point an MCP Apps-capable client at the MCP server; the tool result includes the ui://superset/chart-viewer resource descriptor so the client can embed the chart inline.

ADDITIONAL INFORMATION

  • Has associated issue:
  • Required feature flags:
  • Changes UI
  • Includes DB Migration
  • Introduces new feature or API (new MCP tool + chart-scoped guest token type)
  • Removes existing feature or API

🤖 Generated with Claude Code

@mistercrunch @claude
feat(mcp): add show_chart MCP tool + chart-scoped guest tokens
5c17bf7 
Introduces the `show_chart` MCP tool that mints a short-lived, chart-
scoped guest token and returns an `explore_url` plus a `ui://superset/
chart-viewer` resource descriptor. MCP Apps clients (e.g. Claude Desktop)
can use this to render live, interactive Superset charts inline via a
sandboxed iframe, without the user needing a Superset session.

Key changes:
- New `show_chart` tool under `superset/mcp_service/chart/tool/`
- New `ui://superset/chart-viewer` MCP resource (chart_viewer.py)
- `GuestTokenResourceType` extended with a `CHART` member
- Security manager: `validate_guest_token_resources` and
  `has_guest_chart_access` now accept chart resources; `ChartFilter`
  allows guest access scoped to a specific chart uuid/id
- MCP middleware + core injection wiring updated to register the new
  tool and resource
- Unit tests for the tool and the chart-scoped guest token paths

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@netlify
Copy link
Copy Markdown

netlify Bot commented Apr 23, 2026

@codecov
Copy link
Copy Markdown

codecov Bot commented Apr 23, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 39.31034% with 88 lines in your changes missing coverage. Please review.
✅ Project coverage is 64.64%. Comparing base (bc2ffc6) to head (5c17bf7).
⚠️ Report is 10 commits behind head on master.

Files with missing lines Patch % Lines
superset/mcp_service/chart/tool/show_chart.py 29.03% 44 Missing ⚠️
superset/charts/filters.py 10.00% 17 Missing and 1 partial ⚠️
superset/security/manager.py 28.00% 14 Missing and 4 partials ⚠️
superset/mcp_service/middleware.py 0.00% 7 Missing ⚠️
...perset/mcp_service/chart/resources/chart_viewer.py 88.88% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #39601      +/-   ##
==========================================
+ Coverage   64.58%   64.64%   +0.06%     
==========================================
  Files        2564     2571       +7     
  Lines      133576   134396     +820     
  Branches    31033    31073      +40     
==========================================
+ Hits        86271    86885     +614     
- Misses      45813    46014     +201     
- Partials     1492     1497       +5
Flag Coverage Δ
hive 39.83% <34.48%> (-0.05%) ⬇️
mysql 60.33% <39.31%> (-0.11%) ⬇️
postgres 60.41% <39.31%> (-0.11%) ⬇️
presto 41.61% <35.17%> (-0.06%) ⬇️
python 61.98% <39.31%> (-0.13%) ⬇️
sqlite 60.04% <39.31%> (-0.13%) ⬇️
superset-extensions-cli 90.82% <ø> (?)
unit 100.00% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@michael-s-molina michael-s-molina Awaiting requested review from michael-s-molina michael-s-molina will be requested when the pull request is marked ready for review michael-s-molina is a code owner

@villebro villebro Awaiting requested review from villebro villebro will be requested when the pull request is marked ready for review villebro is a code owner

@geido geido Awaiting requested review from geido geido will be requested when the pull request is marked ready for review geido is a code owner

@eschutho eschutho Awaiting requested review from eschutho eschutho will be requested when the pull request is marked ready for review eschutho is a code owner

@rusackas rusackas Awaiting requested review from rusackas rusackas will be requested when the pull request is marked ready for review rusackas is a code owner

@kgabryje kgabryje Awaiting requested review from kgabryje kgabryje will be requested when the pull request is marked ready for review kgabryje is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

size/XL

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mistercrunch