You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This SEP proposes an extension to MCP (per SEP-1724) that enables servers to deliver interactive user interfaces to hosts. MCP Apps introduces a standardized pattern for declaring UI resources via the `ui://` URI scheme, associating them with tools through metadata, and facilitating bi-directional communication between the UI and the host using MCP's JSON-RPC base protocol. This extension addresses the growing community need for rich, interactive experiences in MCP-enabled applications, maintaining security, auditability, and alignment with MCP's core architecture. The initial specification focuses on HTML resources (`text/html;profile=mcp-app`) with a clear path for future extensions.
29
+
This SEP proposes an extension to MCP (per SEP-1724) that enables servers to deliver interactive
30
+
user interfaces to hosts. MCP Apps introduces a standardized pattern for declaring UI resources via
31
+
the `ui://` URI scheme, associating them with tools through metadata, and facilitating
32
+
bi-directional communication between the UI and the host using MCP's JSON-RPC base protocol. This
33
+
extension addresses the growing community need for rich, interactive experiences in MCP-enabled
34
+
applications, maintaining security, auditability, and alignment with MCP's core architecture. The
35
+
initial specification focuses on HTML resources (`text/html;profile=mcp-app`) with a clear path for
36
+
future extensions.
30
37
31
38
## Motivation
32
39
33
-
MCP lacks a standardized way for servers to deliver rich, interactive user interfaces to hosts. This gap blocks many use cases that require visual presentation and interactivity that go beyond plain text or structured data. As more hosts adopt this capability, the risk of fragmentation and interoperability challenges grows.
40
+
MCP lacks a standardized way for servers to deliver rich, interactive user interfaces to hosts.
41
+
This gap blocks many use cases that require visual presentation and interactivity that go beyond
42
+
plain text or structured data. As more hosts adopt this capability, the risk of fragmentation and
43
+
interoperability challenges grows.
34
44
35
-
[MCP-UI](https://mcpui.dev/) has demonstrated the viability and value of MCP apps built on UI resources and serves as a community playground for the UI spec and SDK. Fueled by a dedicated community, it developed the bi-directional communication model and the HTML, external URL, and remote DOM content types. MCP-UI's adopters, including hosts and providers such as Postman, HuggingFace, Shopify, Goose, and ElevenLabs, have provided critical insights and contributions to the community.
45
+
[MCP-UI](https://mcpui.dev/) has demonstrated the viability and value of MCP apps built on UI
46
+
resources and serves as a community playground for the UI spec and SDK. Fueled by a dedicated
47
+
community, it developed the bi-directional communication model and the HTML, external URL, and
48
+
remote DOM content types. MCP-UI's adopters, including hosts and providers such as Postman,
49
+
HuggingFace, Shopify, Goose, and ElevenLabs, have provided critical insights and contributions to
50
+
the community.
36
51
37
-
OpenAI's [Apps SDK](https://developers.openai.com/apps-sdk/), launched in November 2025, further validated the demand for rich UI experiences within conversational AI interfaces. The Apps SDK enables developers to build rich, interactive applications inside ChatGPT using MCP as its backbone.
52
+
OpenAI's [Apps SDK](https://developers.openai.com/apps-sdk/), launched in November 2025, further
53
+
validated the demand for rich UI experiences within conversational AI interfaces. The Apps SDK
54
+
enables developers to build rich, interactive applications inside ChatGPT using MCP as its
55
+
backbone.
38
56
39
-
The architecture of both the Apps SDK and MCP-UI has significantly informed the design of this specification.
57
+
The architecture of both the Apps SDK and MCP-UI has significantly informed the design of this
58
+
specification.
40
59
41
60
However, without formal standardization:
42
61
43
62
- Servers cannot reliably expect UI support via MCP
44
63
- Each host may implement slightly different behaviors
45
64
- Security and auditability patterns are inconsistent
46
-
- Developers must maintain separate implementations or adapters for different hosts (e.g., MCP-UI vs. Apps SDK)
65
+
- Developers must maintain separate implementations or adapters for different hosts (e.g., MCP-UI
66
+
vs. Apps SDK)
47
67
48
-
This SEP addresses the current limitations through an optional, backwards-compatible extension that unifies the approaches pioneered by MCP-UI and the Apps SDK into a single, open standard.
68
+
This SEP addresses the current limitations through an optional, backwards-compatible extension that
69
+
unifies the approaches pioneered by MCP-UI and the Apps SDK into a single, open standard.
49
70
50
71
## Specification
51
72
52
-
The full specification can be found at [modelcontextprotocol/ext-apps](https://github.com/modelcontextprotocol/ext-apps/blob/main/specification/draft/apps.mdx).
At a high level, MCP Apps extends the Model Context Protocol to enable servers to deliver interactive user interfaces to hosts. This extension introduces:
76
+
At a high level, MCP Apps extends the Model Context Protocol to enable servers to deliver
77
+
interactive user interfaces to hosts. This extension introduces:
55
78
56
79
-**UI Resources:** Predeclared resources using the `ui://` URI scheme
57
80
-**Resource Discovery:** Tools reference UI resources via metadata
58
-
-**Bi-directional Communication:** UI iframes communicate with hosts using standard MCP JSON-RPC protocol
81
+
-**Bi-directional Communication:** UI iframes communicate with hosts using standard MCP JSON-RPC
82
+
protocol
59
83
-**Security Model:** Mandatory iframe sandboxing with auditable communication
60
84
61
-
This specification focuses on HTML content (`text/html;profile=mcp-app`) as the initial content type, with extensibility for future formats.
85
+
This specification focuses on HTML content (`text/html;profile=mcp-app`) as the initial content
86
+
type, with extensibility for future formats.
62
87
63
-
As an extension, MCP Apps is optional and must be explicitly negotiated between clients and servers through the extension capabilities mechanism (see Capability Negotiation section in the [full specification](https://github.com/modelcontextprotocol/ext-apps/blob/main/specification/draft/apps.mdx)).
88
+
As an extension, MCP Apps is optional and must be explicitly negotiated between clients and servers
89
+
through the extension capabilities mechanism (see Capability Negotiation section in the
@@ -74,17 +101,23 @@ UI is modeled as predeclared resources (`ui://`), referenced by tools via metada
74
101
75
102
**Alternatives considered:**
76
103
77
-
-**Embedded resources:** Current MCP-UI approach, where resources are returned in tool results. Although it's more convenient for server development, it was deferred due to the gaps in performance optimization and the challenges in the UI review process.
78
-
-**Resource links:** Predeclare the resources but return links in tool results. Deferred due to the gaps in performance optimization.
104
+
-**Embedded resources:** Current MCP-UI approach, where resources are returned in tool results.
105
+
Although it's more convenient for server development, it was deferred due to the gaps in
106
+
performance optimization and the challenges in the UI review process.
107
+
-**Resource links:** Predeclare the resources but return links in tool results. Deferred due to
108
+
the gaps in performance optimization.
79
109
80
110
### Reusing MCP JSON-RPC instead of a custom protocol
-**Custom message protocol:** Current MCP-UI approach with message types like tool, intent, prompt, etc. These message types can be translated to a subset of the proposed JSON-RPC messages.
87
-
-**Global API object:** Rejected because it requires host-specific injection and doesn't work with external iframe sources. Syntactic sugar may still be added on the server/UI side.
117
+
-**Custom message protocol:** Current MCP-UI approach with message types like tool, intent,
118
+
prompt, etc. These message types can be translated to a subset of the proposed JSON-RPC messages.
119
+
-**Global API object:** Rejected because it requires host-specific injection and doesn't work with
120
+
external iframe sources. Syntactic sugar may still be added on the server/UI side.
-**Include external URLs in MVP:** This is one of the easiest content types for servers to adopt, as it's possible to embed regular apps. However, it was deferred due to concerns around model visibility, inability to screenshot content, and review process. It may effectively be supported with the SEP's new `externalIframes` capability.
132
+
-**Include external URLs in MVP:** This is one of the easiest content types for servers to adopt,
133
+
as it's possible to embed regular apps. However, it was deferred due to concerns around model
134
+
visibility, inability to screenshot content, and review process. It may effectively be supported
135
+
with the SEP's new `externalIframes` capability.
100
136
101
137
## Backward Compatibility
102
138
103
-
The proposal is an optional extension to the core protocol. Existing implementations continue working without changes.
139
+
The proposal is an optional extension to the core protocol. Existing implementations continue
Based on the threat model, MCP Apps proposes the following mitigations:
110
148
@@ -113,9 +151,12 @@ Based on the threat model, MCP Apps proposes the following mitigations:
113
151
-**Auditable messages**: All UI-to-host communication goes through loggable JSON-RPC
114
152
-**User consent**: Hosts can require explicit approval for UI-initiated tool calls
115
153
116
-
A full threat model analysis and mitigations are available in the [full specification](https://github.com/modelcontextprotocol/ext-apps/blob/main/specification/draft/apps.mdx).
154
+
A full threat model analysis and mitigations are available in the
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?v=4&size=40){kind=avatar}
0 commit comments