Appa Tools documentation for MCP Studio, including setup, guides, concepts, and API-related reference content.

Skip to main content

Configuring Sources

Sources are the content types your end users can connect to their MCP servers. The SDK lets you control which source types are available.

How Source Configuration Works

All 5 source types are enabled by default. Disable specific types to narrow the experience:

MCPStudio.init({
  clientId: "YOUR_CLIENT_ID",
  container: "#mcp-studio-widget",
  sources: {
    mcp: false,   // Hide MCP server federation
    api: false,   // Hide API endpoint type
  },
});

Available Source Types

TypeKeyDescription
WebsitewebsiteAny public website or documentation site
GitHub RepositorygithubPublic or private GitHub repositories
DocumentationdocsStructured documentation sites (Docusaurus, ReadTheDocs, etc.)
API EndpointapiREST or GraphQL API documentation
MCP Server URLmcpConnect to another MCP server (federation)

Beta Limits

During the beta period, each MCP server created by your end users can have a maximum of 2 sources. This matches the MCP Studio free tier. Source guidelines also apply:

  • Large websites (1,000+ pages) may be partially crawled
  • Private GitHub repos require authentication from the end user
  • Source content is periodically refreshed
info

At least 1 source type must be enabled for the wizard to function.

Private GitHub repos in the embed

The SDK widget reuses the same private-repo flow as the main MCP Studio wizard:

  1. When the end user pastes a GitHub URL, the embed calls POST /mcp-studio-sdk/api/sdk/check-source which proxies to the main app's accessibility probe.
  2. If the repo is private and the end user has not yet linked GitHub, the wizard shows a Sign in with GitHub button. The user is redirected to MCP Studio for OAuth and bounces back to the embed.
  3. After verification, the source is created with an isPrivate: true flag. The widget surfaces a lock badge.
  4. Crawl errors (auth_required, not_found, rate_limited, network) are exposed inline next to the source so the end user can re-link GitHub or refresh.

The proxy intentionally does not forward your SDK auth cookies to the main app — the main app sees an unauthenticated probe, which is sufficient to detect public-vs-private. End-user GitHub auth always happens against MCP Studio directly.

Documentation products

sources: {
  api: false,
  mcp: false,
}

Developer tools

sources: {
  mcp: false,  // Keep it simple — hide federation
}