Until early 2026 every MCP interaction was text in, text out. MCP Apps changed that: it's the first official extension to the Model Context Protocol, and it lets a tool return a rich, interactive interface — a dashboard, a form, a chart, a multi-step workflow — that renders right inside the AI conversation. Announced on 26 January 2026 and co-developed with OpenAI, it's already production-ready.
Why it matters
Plenty of agent tasks are awkward as plain text. Picking a date, approving a row, scrubbing a chart, stepping through a wizard — these want a UI, not a paragraph. Before MCP Apps, servers could only describe such things in words and hope the model relayed them. Now a tool can hand back an actual interface, so the chat becomes a place where you do the thing instead of just reading about it. The launch lineup signalled how broad this is: Amplitude, Asana, Box, Canva, Clay, Figma, Hex, monday.com, Slack and Salesforce were all early partners.
How it works
The mechanism is deliberately small and auditable. A tool declares a ui:// resource that contains its HTML/JavaScript interface, referenced via a _meta.ui.resourceUri field. When the model calls that tool, the host fetches the resource and renders it in a sandboxed iframe. Communication runs both ways over JSON-RPC on postMessage: the host passes tool data into the UI, and the UI can call other tools back through the host. The interface is just web tech, so you can build it with React, Vue, Svelte, Solid, Preact or plain JavaScript — the official ext-apps repo ships starter templates for each.
Who supports it
As of April 2026, MCP Apps render in Claude (web and desktop), VS Code's GitHub Copilot, Goose, Postman and MCPJam, with Microsoft 365 Copilot adding support too. That cross-client reach is the whole point of standardising it rather than letting every host invent its own widget format.
The security model
Interactive UIs sound risky, and the spec takes that seriously. All UI content runs in sandboxed iframes with restricted permissions — it can't touch the parent window or fire arbitrary network requests. Templates are pre-declared rather than generated on the fly, and every UI-to-host message is loggable JSON-RPC with no hidden backchannel. The result is interactivity without handing a web page free rein over your client. Even so, the usual MCP hygiene applies — see MCP security best practices and detecting malicious MCP servers.
Going further
New to the protocol itself? Start with what is MCP and what is an MCP server, then see how it differs from plain integrations in MCP vs API. Browse the directory or grab a ready loadout.