https://modelcontextprotocol.io/extensions/apps/overview

この標準文書は未翻訳です。以下に英語の原文を表示します。

この情報源から得られる知見

  • Apply a hostile-boundary threat model for every MCP App surface: least-privilege capability grant, explicit CSP allowlist, origin isolation between host and embedded app, and tool-call approval UX before any external action.
  • Accessible iframe implementation requires: descriptive title attribute, focus management on open/close, keyboard-reachable close/fallback, and responsive host sizing.
  • Provide fallback content for every embedded surface so MCP Apps are additive, not required, for core task completion.
  • Define a teardown and cleanup contract for every App lifecycle event.

AwesomeDSへの反映先

実装・成果物

直接リンクされた成果物はありません。

注意事項と模倣防止

Adopt the hostile-boundary threat model and explicit CSP/permission patterns; do not assume embedded UI is safe without explicit origin isolation and tool-call approval.

証拠レベル: first-party-guidance · 最終確認 2026-07-16 · 確認周期 30d