MCP Apps: Beyond Text

MCP Apps: Beyond Text

MCPAILLMDeveloper ToolsAgentic AI
Nir Miron
Nir Miron
5 min read read

MCP Apps: Beyond Text

Since the advent of modern large language models, our primary mode of interaction with AI has been constrained to a single medium: text. Even when Anthropic introduced the core Model Context Protocol (MCP) in late 2024 to act as a "USB-C port" for AI agents to securely connect to external tools and data, the results returned to the user were still entirely text-based.

If you asked an AI to analyze your sales database, it could successfully fetch the data, but it could only output a wall of text or a static JSON table. If you wanted to sort that data, filter by region, or visualize a specific trend, you were forced into an exhausting cycle of follow-up prompts.

With the official release of the MCP Apps Extension (SEP-1865) in early 2026, the paradigm has shifted. AI assistants are finally being given a visual voice.

What Are MCP Apps?

An MCP App is a standardized way for MCP servers to deliver interactive user interfaces—such as data dashboards, complex forms, and rich media viewers—directly inside an AI chat client. Instead of just returning a text summary of an action, a tool can now render a fully interactive web application in a sandboxed iframe right alongside the conversation.

This innovation was born out of a community project called mcp-ui, which proved that UI could be treated as a first-class resource within the protocol. By formalizing this into an official standard, developers can now build an interactive experience once and have it render consistently across compliant hosts like Claude (web and desktop), ChatGPT, Goose, and Visual Studio Code.

The Architectural Shift: From Result to Resource

The magic of MCP Apps lies in how elegantly it extends the existing protocol without breaking backward compatibility. The architecture revolves around treating the UI not as a random chunk of HTML attached to a response, but as a distinct, pre-declared resource.

Here is how the lifecycle works under the hood:

  1. Tool Linkage: When a developer registers a tool on their MCP server, they include a _meta.ui.resourceUri field that points to a specific ui:// URI.
  2. Resource Fetching: When the LLM decides to call that tool, the host application (e.g., Claude) recognizes the metadata, fetches the bundled HTML/JS resource from the server, and renders it in a sandboxed iframe.
  3. Initialization & Data Delivery: The UI initializes, receiving host context like the current theme (light/dark mode) and container dimensions. The host then pushes the tool's input arguments and subsequent results directly to the UI.
  4. Bidirectional Communication: The UI and the host communicate using JSON-RPC messages over the browser's postMessage API.

Because communication is bidirectional, the interactive UI can proactively call other tools on the server, or use updateModelContext to quietly send structured data back into the LLM's memory based on what the user is clicking.

Real-World Use Cases: Why Text Isn't Enough

The ability to render UIs transforms AI from a simple chat interface into a centralized "agentic app runtime". Workflows that were previously frustrating over text are now seamless:

  • Interactive Data Exploration: Instead of asking an AI to manually re-slice data, an analytics tool (like Amplitude or Hex) can return a live dashboard. Users can hover over charts, adjust sliders, and drill into specific accounts, with all those selections informing the AI's context.
  • Rich Media & 3D Modeling: Text descriptions fall woefully short for physical design. With MCP Apps, a user can ask to preview an architectural design, and the AI can embed a fully functional 3D viewer (like the Autodesk APS Viewer) directly in the chat. The user can orbit, zoom, and select specific components to ask the AI follow-up questions about them.
  • Configuration Wizards & E-Commerce: Setting up cloud infrastructure or booking a service often involves interdependent choices. Rather than a tedious 10-turn conversation, an MCP App can present a dynamic form with dropdowns and instant validation. E-commerce checkouts—complete with payment and shipping—can now happen without ever opening a browser tab.

Security Built for the AI Era

Running remote, third-party code inside your AI assistant introduces obvious security risks. The MCP Apps specification mitigates these through a strict, defense-in-depth model:

  • Iframe Sandboxing: All UIs are rendered in tightly restricted iframes. They cannot access the host's DOM, steal cookies, or navigate the parent page.
  • Content Security Policy (CSP): By default, external resources (like images or fonts) are blocked. Servers must explicitly declare required domains in their csp metadata, giving the host strict control over what external network requests are permitted.
  • Auditable Actions: Because all communication flows through the standardized JSON-RPC postMessage channel, there are no hidden backchannels. Every tool call requested by the UI is logged and can be gated behind explicit user consent prompts.

The Future is the Agentic Workspace

MCP Apps represent a fundamental inversion of how we use software. For decades, the industry has embedded isolated AI assistants into individual applications—creating a fragmented, siloed experience.

MCP Apps flip this model on its head: the applications are now becoming pluggable components within the AI agent. We are moving toward a future where you don't context-switch between a dozen different web apps to do your job. Instead, you navigate through one trusted AI agent that summons the exact, interactive interface you need, precisely when you need it.

8 views0 likes0 comments