{"id":"modelcontextprotocol-ext-apps","name":"ext-apps","homepage":"https://apps.extensions.modelcontextprotocol.io/","repo_url":"https://github.com/modelcontextprotocol/ext-apps","category":"ai-ml","subcategories":[],"tags":["ai","mcp","ui","sdk","typescript","protocol-extension","developer-tools"],"what_it_does":"@modelcontextprotocol/ext-apps (MCP Apps) provides an SDK/spec for extending the core MCP protocol so that MCP tools can declare interactive UI resources (e.g., charts, forms, dashboards) that chat clients render inline (typically in a sandboxed iframe) and communicate with via host-mediated messaging.","use_cases":["Add interactive UI to existing MCP tools (forms, dashboards, embedded visualizations).","Build MCP “Apps” that render interactive views inside compliant chat clients.","Create/host UI views and a bridge between UI and MCP tool calls.","Provide reference implementations (basic host, example servers) for MCP Apps integration."],"not_for":["Implementing a standalone web app that doesn’t integrate with MCP clients/hosts.","Using it as a full hosted SaaS with server-side authentication/billing guarantees.","Directly using it as a public REST/GraphQL API service for end users (it’s a protocol/SDK layer)."],"best_when":"You control (or can implement) an MCP server and a compatible MCP Apps-capable host/client, and you want tool-driven interactive UI inside chat conversations.","avoid_when":"You only need plain text/structured JSON outputs without interactive UI, or you need a conventional hosted HTTP API with documented auth/rate limiting semantics.","alternatives":["MCP-UI client frameworks (e.g., idosal/mcp-ui).","Custom chat-widget/front-end approaches that call MCP tools via your own transport layer.","Non-MCP UI embedding approaches using webhooks and your own UI hosting."],"af_score":61.0,"security_score":47.2,"reliability_score":41.2,"package_type":"mcp_server","discovery_source":["github"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-30T13:23:16.208149+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":false,"mcp_server_url":null,"has_sdk":true,"sdk_languages":["TypeScript","JavaScript"],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["None described in provided README content (likely depends on MCP server/host environment)."],"oauth":false,"scopes":false,"notes":"Authentication/authorization is not described in the provided README excerpt; MCP Apps typically relies on the surrounding MCP transport/host/client security model."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"No pricing information is present in the provided content; this appears to be open-source SDK/spec."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":61.0,"security_score":47.2,"reliability_score":41.2,"mcp_server_quality":70.0,"documentation_accuracy":85.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":60.0,"rate_limit_clarity":20.0,"tls_enforcement":80.0,"auth_strength":35.0,"scope_granularity":25.0,"dependency_hygiene":50.0,"secret_handling":50.0,"security_notes":"The README describes sandboxed iframe rendering, which is a security-positive isolation signal; however, authentication, authorization, and rate-limiting semantics are not specified in the provided material. Dependency hygiene and secret-handling practices are not verifiable from the provided excerpt alone.","uptime_documented":0.0,"version_stability":70.0,"breaking_changes_history":55.0,"error_recovery":40.0,"idempotency_support":"false","idempotency_notes":null,"pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["This package is primarily protocol/SDK/spec for MCP Apps; it is not a conventional hosted API with HTTP pagination, rate-limit headers, or REST-style retry guidance.","Security and auth behavior may be delegated to the MCP server and the host/client implementation; agents should not assume standard API-key semantics from the ext-apps README alone."]}}