The simplest approach is adding the following to jupyter-lite.json (example) and re-build:
{
"jupyter-config-data": {
"exposeAppInBrowser": true
}
}
Provided the parent window and child window are able to talk (e.g. same domain, no aggresive sandbox), the child will then have the window.jupyterapp global defined, which can be used to do anything available in the public API.
// from the parent, that created the iframe
await child.contentWindow.jupyterapp.commands.execute('notebook:run-all-cells')
For more involved behavior, a custom lab extension can create its own postMessage API, which allows for better control and security.