https://modelcontextprotocol.io/extensions/apps/overview

What this source teaches

  • Apply a hostile-boundary threat model for every MCP App surface: least-privilege capability grant, explicit CSP allowlist, origin isolation between host and embedded app, and tool-call approval UX before any external action.
  • Accessible iframe implementation requires: descriptive title attribute, focus management on open/close, keyboard-reachable close/fallback, and responsive host sizing.
  • Provide fallback content for every embedded surface so MCP Apps are additive, not required, for core task completion.
  • Define a teardown and cleanup contract for every App lifecycle event.

Where AwesomeDS applied it

Implementations and artifacts

No directly linked artifacts.

Caveats & anti-imitation

Adopt the hostile-boundary threat model and explicit CSP/permission patterns; do not assume embedded UI is safe without explicit origin isolation and tool-call approval.

Evidence: first-party-guidance · Verified 2026-07-16 · Cadence 30d