ext-apps

@modelcontextprotocol/ext-apps (MCP Apps) provides an SDK/spec for extending the core MCP protocol so that MCP tools can declare interactive UI resources (e.g., charts, forms, dashboards) that chat clients render inline (typically in a sandboxed iframe) and communicate with via host-mediated messaging.

Evaluated Mar 30, 2026 (21d ago)

Homepage ↗ Repo ↗ Ai Ml ai mcp ui sdk typescript protocol-extension developer-tools

⚙ Agent Friendliness

/ 100

Can an agent use this?

🔒 Security

/ 100

Is it safe for agents?

⚡ Reliability

/ 100

Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality

Documentation

Error Messages

Auth Simplicity

Rate Limits

🔒 Security

TLS Enforcement

Auth Strength

Scope Granularity

Dep. Hygiene

Secret Handling

The README describes sandboxed iframe rendering, which is a security-positive isolation signal; however, authentication, authorization, and rate-limiting semantics are not specified in the provided material. Dependency hygiene and secret-handling practices are not verifiable from the provided excerpt alone.

⚡ Reliability

Uptime/SLA

Version Stability

Breaking Changes

Error Recovery

Best When

You control (or can implement) an MCP server and a compatible MCP Apps-capable host/client, and you want tool-driven interactive UI inside chat conversations.

Avoid When

You only need plain text/structured JSON outputs without interactive UI, or you need a conventional hosted HTTP API with documented auth/rate limiting semantics.

Use Cases

• Add interactive UI to existing MCP tools (forms, dashboards, embedded visualizations).
• Build MCP “Apps” that render interactive views inside compliant chat clients.
• Create/host UI views and a bridge between UI and MCP tool calls.
• Provide reference implementations (basic host, example servers) for MCP Apps integration.

Not For

• Implementing a standalone web app that doesn’t integrate with MCP clients/hosts.
• Using it as a full hosted SaaS with server-side authentication/billing guarantees.
• Directly using it as a public REST/GraphQL API service for end users (it’s a protocol/SDK layer).

Interface

REST API

GraphQL

gRPC

MCP Server

SDK

Yes

Webhooks

Authentication

Methods: None described in provided README content (likely depends on MCP server/host environment).

OAuth: No Scopes: No

Authentication/authorization is not described in the provided README excerpt; MCP Apps typically relies on the surrounding MCP transport/host/client security model.

Pricing

Free tier: No

Requires CC: No

No pricing information is present in the provided content; this appears to be open-source SDK/spec.

Agent Metadata

Pagination

none

Idempotent

False

Retry Guidance

Not documented

Known Gotchas

⚠ This package is primarily protocol/SDK/spec for MCP Apps; it is not a conventional hosted API with HTTP pagination, rate-limit headers, or REST-style retry guidance.
⚠ Security and auth behavior may be delegated to the MCP server and the host/client implementation; agents should not assume standard API-key semantics from the ext-apps README alone.

Alternatives

MCP-UI client frameworks (e.g., idosal/mcp-ui). Custom chat-widget/front-end approaches that call MCP tools via your own transport layer. Non-MCP UI embedding approaches using webhooks and your own UI hosting.

Full Evaluation Report

Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for ext-apps.

AI-powered analysis · PDF + markdown · Delivered within 30 minutes

$99

Package Brief

Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.

Delivered within 10 minutes

Score Monitoring

Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.

Continuous monitoring

$3/mo

API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-30.