# Add MCP Apps to Your AI SDK Application > Source: > Published: 2026-06-27 00:10:53+00:00 MCP Apps let a Model Context Protocol (MCP) tool return an interactive UI instead of plain text. The model still calls ordinary MCP tools, but a tool can point to a `ui://` resource that holds HTML, and your app renders that HTML in a sandboxed iframe. To build the host side, the AI SDK provides `@ai-sdk/mcp` helpers for advertising MCP Apps support, filtering which tools the model sees, and reading `ui://` resources, plus `@ai-sdk/react` components for rendering the iframe and bridging its messages. Your chat can then display a dashboard, form, or other interactive view generated by a tool, while the untrusted HTML remains isolated. In this guide, you'll learn how to: - Connect to an MCP server with MCP Apps capabilities - Pass only model-visible tools to the model with `splitMCPAppTools` - Read a tool's `ui://` resource with`readMCPAppResource` - Proxy app-initiated tool calls safely from the iframe - Render the app UI in your React chat with `experimental_MCPAppRenderer` Before you begin, make sure you have: - The `ai` package with`@ai-sdk/mcp` and`@ai-sdk/react` - The MCP TypeScript SDK ( `@modelcontextprotocol/sdk` ) and a provider package, such as`@ai-sdk/openai` - An MCP server that exposes MCP Apps tools (tools that point to `ui://` resources) - A React app that uses `useChat` (the examples below use the Next.js App Router) An MCP Apps host connects to an MCP server, decides which tools the model can see, and renders any app UI that a tool points to. At runtime, the host follows these steps: - Connect to the MCP server with MCP Apps client capabilities. - List the server's tools and split them by MCP Apps visibility. - Pass only the model-visible tools to `streamText` or`generateText` . - Read a tool's `ui://` resource when its tool part includes MCP App metadata. - Render the HTML resource in a sandboxed iframe. - Proxy allowed iframe requests, such as app-visible tool calls, back to the MCP server. The rest of this guide builds each step. Create the MCP client with `mcpAppClientCapabilities` so the host advertises that it can render `text/html;profile=mcp-app` resources. Advertise these capabilities only if your host can safely fetch and render MCP App resources. MCP Apps tools can declare `_meta.ui.visibility` . Pass tools marked `"model"` to the model, and keep tools marked only `"app"` for iframe requests so the model never sees them. Split the tool list with `splitMCPAppTools` and pass `modelVisible` to `streamText` . When the model calls an app-backed tool, the MCP client keeps the app metadata in the tool UI, which the React renderer uses to determine whether a tool part has an MCP App. Read a tool's `ui://` resource with `readMCPAppResource` before you send it to the browser host. `readMCPAppResource` checks that the resource uses a `ui://` URI, requires the MCP Apps MIME type, decodes text or base64 content, and returns the HTML along with rendering metadata such as its content security policy and permissions. The iframe can't reach your MCP server directly. It sends JSON-RPC messages to your host, and your host decides which ones to allow. For an app-initiated tool call, confirm that the requested tool is app-visible before calling the MCP server. In production, add any policy and user-approval checks your app needs before forwarding an iframe request. In your React chat UI, render normal message parts as usual and pass tool parts to `experimental_MCPAppRenderer` . `experimental_MCPAppRenderer` is experimental and may change in a future release. `experimental_MCPAppRenderer` renders nothing for ordinary tools. For an app-backed tool, it loads the resource, creates the sandbox bridge, sends tool input and result notifications to the iframe, and forwards supported app requests through your handlers. - Treat MCP App HTML as untrusted. Render it in a sandboxed iframe, ideally through a sandbox proxy route on a separate origin. - Never pass app-only tools to the model. Use `splitMCPAppTools` and expose only the`modelVisible` tools. - Validate every iframe request on the server before you call `client.callTool` . - Cache resources by `resourceUri` so repeated tool calls don't refetch identical HTML. - Keep each tool's `content` and`structuredContent` useful on their own, so text-only hosts still work without the UI. - Close short-lived MCP clients when the response or host request finishes. - Read the [MCP Apps helpers reference](https://ai-sdk.dev/v7/docs/reference/ai-sdk-core/mcp-apps)for the host-side functions. - See the [MCP App Renderer reference](https://ai-sdk.dev/v7/docs/reference/ai-sdk-ui/mcp-app-renderer)for the React component's props. - Learn more about setting up the [underlying MCP tools](https://ai-sdk.dev/docs/ai-sdk-core/mcp-tools).