docs(mcp-apps): address worth-doing review feedback

mattdholloway · Copilot · mattdholloway · commit f61d1feafd87 · 2026-05-22T16:08:52.000+01:00
- python: add enable_mcp_apps entries to create_session and
  resume_session docstring Args lists, describing the runtime gate and
  the capabilities.ui.mcpApps detection mechanism.
- java: thread sessionId through warnIfMcpAppsDropped and include it in
  the warning message, matching the Python/Go/.NET/Rust pattern for
  multi-session debugging.
- nodejs/test: replace the 'see review feedback' marker in the
  sandbox sanitization section header with a self-contained reference
  to SEP-1865 \xc2\xa7Security Implications.

Co-authored-by: Copilot &lt;223556219+Copilot@users.noreply.github.com&gt;
diff --git a/java/src/main/java/com/github/copilot/sdk/CopilotClient.java b/java/src/main/java/com/github/copilot/sdk/CopilotClient.java
@@ -300,7 +300,7 @@ private static boolean isUnsupportedConnectMethod(JsonRpcException ex) {
      * a consumer trying to use MCP Apps would see no error -- just tools that never
      * expose {@code _meta.ui.resourceUri}.
      */
-    private static void warnIfMcpAppsDropped(boolean requested, SessionCapabilities capabilities) {
+    private static void warnIfMcpAppsDropped(boolean requested, SessionCapabilities capabilities, String sessionId) {
         if (!requested) {
             return;
         }
@@ -309,7 +309,8 @@ private static void warnIfMcpAppsDropped(boolean requested, SessionCapabilities
         if (advertised) {
             return;
         }
-        LOG.warning("enableMcpApps was requested but the runtime did not advertise capabilities.ui.mcpApps. "
+        LOG.warning("Session " + sessionId
+                + ": enableMcpApps was requested but the runtime did not advertise capabilities.ui.mcpApps. "
                 + "The runtime's MCP_APPS feature flag or COPILOT_MCP_APPS=true environment override is "
                 + "likely unset; the MCP Apps surface is unavailable for this session.");
     }
@@ -491,7 +492,7 @@ public CompletableFuture<CopilotSession> createSession(SessionConfig config) {
                         rpcNanos);
                 session.setWorkspacePath(response.workspacePath());
                 session.setCapabilities(response.capabilities());
-                warnIfMcpAppsDropped(config.isEnableMcpApps(), response.capabilities());
+                warnIfMcpAppsDropped(config.isEnableMcpApps(), response.capabilities(), sessionId);
                 // If the server returned a different sessionId (e.g. a v2 CLI that ignores
                 // the client-supplied ID), re-key the sessions map.
                 String returnedId = response.sessionId();
@@ -577,7 +578,7 @@ public CompletableFuture<CopilotSession> resumeSession(String sessionId, ResumeS
                         rpcNanos);
                 session.setWorkspacePath(response.workspacePath());
                 session.setCapabilities(response.capabilities());
-                warnIfMcpAppsDropped(config.isEnableMcpApps(), response.capabilities());
+                warnIfMcpAppsDropped(config.isEnableMcpApps(), response.capabilities(), sessionId);
                 // If the server returned a different sessionId than what was requested, re-key.
                 String returnedId = response.sessionId();
                 if (returnedId != null && !returnedId.equals(sessionId)) {
diff --git a/nodejs/test/mcpAppsSandbox.test.ts b/nodejs/test/mcpAppsSandbox.test.ts
@@ -73,8 +73,9 @@ describe("buildMcpAppsCspHeader", () => {
     });
 
     // ------------------------------------------------------------------
-    // Domain-input sanitization (defends against CSP directive injection
-    // from malicious or sloppy MCP servers — see review feedback).
+    // Domain-input sanitization per SEP-1865 §Security Implications:
+    // server-supplied CSP domain entries must be validated before
+    // interpolation to prevent directive injection.
     // ------------------------------------------------------------------
 
     it("drops entries containing CSP metacharacters that would inject a sibling directive", () => {
diff --git a/python/copilot/client.py b/python/copilot/client.py
@@ -1644,6 +1644,13 @@ async def create_session(
                 session. Optionally associates repository metadata with the
                 cloud session.
             on_event: Callback for session events.
+            enable_mcp_apps: Opt into MCP Apps (SEP-1865) UI passthrough.
+                When True, the SDK sends ``requestMcpApps: True`` on
+                ``session.create``. The runtime only honors the opt-in when its
+                ``MCP_APPS`` feature flag (or ``COPILOT_MCP_APPS=true`` env
+                override) is on; otherwise the request is silently dropped.
+                Inspect ``capabilities.ui.mcpApps`` on the create response to
+                detect the drop (the SDK also logs a warning).
 
         Returns:
             A :class:`CopilotSession` instance for the new session.
@@ -2020,6 +2027,13 @@ async def resume_session(
             disabled_skills: Skills to disable.
             infinite_sessions: Infinite session configuration.
             on_event: Callback for session events.
+            enable_mcp_apps: Opt into MCP Apps (SEP-1865) UI passthrough on
+                resume. When True, the SDK sends ``requestMcpApps: True`` on
+                ``session.resume``. The runtime only honors the opt-in when its
+                ``MCP_APPS`` feature flag (or ``COPILOT_MCP_APPS=true`` env
+                override) is on; otherwise the request is silently dropped.
+                Inspect ``capabilities.ui.mcpApps`` on the resume response to
+                detect the drop (the SDK also logs a warning).
             continue_pending_work: When True, instructs the runtime to continue any
                 tool calls or permission prompts that were still pending when the
                 session was last suspended. When False (the default), the runtime
