// GLOSSARY -- MCP & TOOL INFRASTRUCTURE

What are MCP Apps?

2 min read Updated

MCP Apps is the first official extension to the Model Context Protocol (SEP-1865), allowing MCP servers to deliver interactive HTML user interfaces — forms, dashboards, visualisations — that host applications render in a sandboxed iframe within the conversation.

WHY IT MATTERS

Standard MCP tool results are text, images or structured data. MCP Apps extends this so a tool can return an interactive interface the user manipulates directly. It began as proposal SEP-1865, building on the community MCP-UI project and OpenAI's Apps SDK, and became the first official MCP extension in January 2026, maintained in the ext-apps repository with its own specification (revision 2026-01-26) — an extension to the core spec, not part of the base protocol.

The mechanics:

  • Servers declare UI templates as resources using the ui:// URI scheme and associate them with tools through tool metadata.
  • Because templates are declared ahead of time, hosts can prefetch, cache and security-review them before anything renders.
  • The host renders the HTML in a sandboxed iframe; the embedded UI and host communicate bidirectionally over MCP's JSON-RPC base protocol.

Clients including ChatGPT, Claude, Goose and Visual Studio Code have shipped support. For platform teams, MCP Apps widens what a server delivers into the client from data to executable UI. The sandboxed iframe and pre-declared templates are the spec's containment mechanisms, but an app's interactions still flow through MCP — a UI can trigger tool calls on the user's behalf, which makes the served templates and the tools they can invoke part of the review surface when assessing a server.

See mcp apps working in your own stack — route your MCP servers through PolicyLayer and every tool call is checked against policy before it runs.

GOVERN YOUR MCP SERVERS →

Enforced before the call runs. Nothing to install.

HOW POLICYLAYER USES THIS

PolicyLayer's gateway evaluates tools/call traffic regardless of whether a call originates from a model's decision or from a user interacting with an MCP App — the policy check sits in the protocol path, not in the client UI. Server scanning and the catalogue at policylayer.com/tools give teams visibility into what a server exposes before its tools, with or without embedded UI, reach their fleet.

Browse the MCP server catalogue →

FREQUENTLY ASKED QUESTIONS

Is MCP Apps part of the core MCP specification?
No. It is the first official MCP extension, specified in the modelcontextprotocol ext-apps repository (revision 2026-01-26) rather than the base protocol. Hosts opt in to supporting it.
How are MCP Apps interfaces kept contained?
UI templates are declared ahead of time as ui:// resources so hosts can prefetch and review them, and the host renders them in a sandboxed iframe. Communication between the UI and host uses MCP's JSON-RPC protocol.
Which clients support MCP Apps?
At launch as an official extension, ChatGPT, Claude, Goose and Visual Studio Code had shipped support, with more clients expected to follow.

FURTHER READING

Let agents act without letting them run wild.

Route your MCP servers through PolicyLayer and every tool call is checked against your policy before it runs — allow, deny, or require approval. Per-identity grants. Full audit log. Live in minutes.

GOVERN YOUR MCP SERVERS →

Free to start. No card required.

43,000+ MCP servers and 220,000+ tools scanned and risk-classified.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.