ref.mcp.apps · implementation
MCP Apps — Embedded Interactive Tool UI
Official MCP extension documentation for the Apps layer: ui:// resources, sandboxed iframe rendering, CSP and permissions policy, JSON-RPC host communication, tool-call approval, context updates, and guidance on when an embedded app surface is preferable to a normal link. Review frequently as the extension evolves.
https://modelcontextprotocol.io/extensions/apps/overview
この標準文書は未翻訳です。以下に英語の原文を表示します。
この情報源から得られる知見
- Apply a hostile-boundary threat model for every MCP App surface: least-privilege capability grant, explicit CSP allowlist, origin isolation between host and embedded app, and tool-call approval UX before any external action.
- Accessible iframe implementation requires: descriptive title attribute, focus management on open/close, keyboard-reachable close/fallback, and responsive host sizing.
- Provide fallback content for every embedded surface so MCP Apps are additive, not required, for core task completion.
- Define a teardown and cleanup contract for every App lifecycle event.
AwesomeDSへの反映先
rule.ai.generative-boundaries— Agents compose approved contractsrule.ai.ux-streaming-contract— Treat streaming as semantic asynchronous staterule.trust.embedded-ui-boundary— Treat every embedded agent UI as a hostile capability boundary
実装・成果物
直接リンクされた成果物はありません。
注意事項と模倣防止
Adopt the hostile-boundary threat model and explicit CSP/permission patterns; do not assume embedded UI is safe without explicit origin isolation and tool-call approval.