Building a Full MCP Application: From UI Resources to Advanced Patterns

Introduction

Welcome to the final chapter of our journey into the Model Context Protocol (MCP)! So far, we’ve laid the groundwork, understanding how AI agents can discover and utilize external tools through well-defined schemas. We’ve explored the core concepts of tool registration, interaction, and the crucial role of permissions.

In this chapter, we’re going to push the boundaries and explore what it takes to build truly sophisticated, production-ready MCP applications. We’ll dive into the exciting world of UI resources, which allow tools to provide rich, interactive experiences beyond just data. We’ll also tackle advanced interaction patterns like asynchronous operations and streaming, essential for real-world scenarios. Finally, we’ll wrap up by reinforcing the critical aspects of secure deployment and operational best practices, ensuring your MCP integrations are robust and reliable.

By the end of this chapter, you’ll have a holistic understanding of how to design, implement, and secure a comprehensive MCP-enabled application, ready to empower your AI agents with advanced capabilities. Get ready to synthesize all your knowledge and build something truly powerful!

Core Concepts

As we move towards building full-fledged MCP applications, we encounter scenarios that require more than just simple function calls. We need ways for tools to communicate richer context, handle long-running processes, and even provide interactive elements. That’s where UI Resources and advanced interaction patterns come into play.

Remember, the Model Context Protocol specification is still in its draft phase (as of 2026-01-26), and SDKs like the TypeScript v2 are anticipated to reach stable release in Q1 2026. This means the protocol is actively evolving, and staying updated with the official documentation is always a best practice.

Beyond Functions: UI Resources in MCP (ext-apps)

Imagine an AI agent assisting a user with booking a flight. After the agent finds suitable flights, instead of just returning raw JSON data, wouldn’t it be great if the tool could also provide a pre-rendered UI component for the user to review and confirm the booking directly? This is precisely what UI resources enable within MCP, as defined in the ext-apps extension.

What are UI Resources? UI resources allow a tool to declare that it can provide not just data or invoke functions, but also renderable user interface components. These components could be anything from a simple confirmation dialog to a complex data visualization, or even an embedded web application. The idea is to bridge the gap between AI agent interactions and direct human interaction, making the overall experience more seamless and intuitive.

Why are they Important?

• Enhanced User Experience: Agents can present information in a visually appealing and interactive manner, reducing cognitive load for the end-user.
• Complex Interactions: Facilitate multi-step processes or approvals that require human input beyond simple text prompts.
• Extending Agent Capabilities: Agents can “delegate” visual presentation or complex UI-driven tasks to specialized tools, focusing on their core reasoning capabilities.
• Contextual UI: The UI can be dynamically generated or tailored based on the specific context of the agent’s interaction.

How do they Work? Tools declare their UI resource capabilities within their JSON Schema, typically under a dedicated ext-apps section. This section might specify:

• type: The type of UI resource (e.g., web-component, iframe, native-view).
• url: A URL pointing to where the UI component can be loaded (e.g., a web component bundle, an iframe source).
• properties: A schema describing the data that the AI agent (or the client rendering the UI) should pass to the UI component.
• events: A schema describing events that the UI component might emit back to the agent or client.

The AI agent, upon receiving a tool response that includes a UI resource, doesn’t execute code directly. Instead, it interprets the UI resource declaration and, if operating within a UI-capable environment, can instruct the client application to render that UI component. The client application then handles loading and displaying the specified UI, potentially passing data received from the agent.

Let’s visualize this flow:

Figure 8.1: AI Agent interaction with an MCP Tool providing UI Resources.

Advanced Tool Interaction Patterns

While direct request-response is fundamental, real-world applications often demand more sophisticated communication.

Asynchronous Operations and Long-Running Tasks

Many tool operations aren’t instantaneous. Think about generating a complex report, training a small model, or processing a large batch of data. These are long-running tasks that shouldn’t block the agent’s execution.

How MCP Handles It (Conceptually):

• Immediate Acknowledgment: The tool can respond immediately with a status indicating the operation has started and provide a unique jobId or task_id.
• Polling: The agent can periodically call another tool function (e.g., checkJobStatus) with the jobId to inquire about the task’s progress and retrieve results once completed.
• Webhooks/Callbacks: For more advanced setups, the tool might register a webhook URL with the agent or client to send a notification once the task is complete, pushing results rather than requiring the agent to pull.

This pattern prevents timeouts and allows the agent to manage multiple concurrent tasks efficiently.

Streaming Results

For operations that generate large amounts of data incrementally (e.g., live data feeds, large language model inference output, log streams), returning all data at once can be inefficient or infeasible. Streaming allows the tool to send data in chunks.

How MCP Handles It (Conceptually): While the core MCP specification focuses on request/response, a tool could indicate streaming capability within its schema. The actual streaming mechanism would then rely on underlying transport protocols (e.g., HTTP/2 Server-Sent Events, WebSockets). The agent’s client would need to support these protocols to consume the stream.

A common approach involves the tool returning a stream_id or websocket_url that the agent’s client can then connect to separately to receive the stream.

Stateful vs. Stateless Tools (Briefly)

• Stateless Tools: Each call to a stateless tool is independent; the tool doesn’t remember past interactions. This simplifies design and scaling. Most MCP tools will ideally be stateless.
• Stateful Tools: A stateful tool retains information about previous interactions with a specific user or session. For example, a “shopping cart” tool might remember items added. If a tool needs to be stateful, the state management typically occurs within the tool’s implementation, and the agent passes a session_id or context_id with each call to allow the tool to retrieve the relevant state. The MCP protocol itself remains stateless at its core, relying on well-defined inputs for each tool call.

Secure Deployment & Operations

Building a full MCP application isn’t just about functionality; it’s about reliability and security.

Review of Permissions and Authorization

As discussed in earlier chapters, permissions are non-negotiable.

• Principle of Least Privilege: Grant only the minimum permissions necessary for a tool or agent to perform its function.
• Fine-Grained Permissions: Define granular permissions within your tool’s authorization system (e.g., order:create, order:read, order:cancel).
• Policy Enforcement: Your MCP server and tool implementations must strictly enforce these policies based on the authenticated agent’s identity and roles.

Environmental Variables and Secrets Management

Never hardcode sensitive information like API keys, database credentials, or private keys directly into your code.

• Environmental Variables: Use environment variables for configuration that changes between deployment environments (development, staging, production).
• Secrets Management Systems: For highly sensitive data, integrate with dedicated secrets management services (e.g., AWS Secrets Manager, Azure Key Vault, HashiCorp Vault). These systems provide secure storage, rotation, and access control for secrets.

Auditing and Logging

Visibility into your system’s operations is crucial for debugging, security, and compliance.

• Comprehensive Logging: Implement logging for all critical operations: tool calls received, execution outcomes (success/failure), authorization decisions, and error details.
• Structured Logging: Use structured log formats (e.g., JSON) for easier parsing and analysis by logging aggregation tools.
• Auditing: Maintain an audit trail of who (which agent) did what, when, and with what results. This is invaluable for security investigations and compliance requirements.

Network Security (TLS, Firewalls)

Protecting communication channels is fundamental.

• TLS/SSL: All communication between AI agents, MCP servers, and MCP tools MUST be encrypted using TLS (Transport Layer Security) to prevent eavesdropping and tampering. Use strong ciphers and up-to-date TLS versions.
• Firewalls: Configure network firewalls to restrict access to your MCP server and tool endpoints. Only allow traffic from known and trusted sources on required ports.
• API Gateway: Consider placing an API Gateway in front of your MCP tools to handle authentication, rate limiting, and additional security policies.

Step-by-Step Implementation: Integrating UI Resources and Advanced Patterns

Let’s enhance our BurgerOrder tool from previous chapters. We’ll add a UI resource to allow for visual order confirmation and conceptually discuss how to handle an asynchronous order placement.

We’ll assume you have a basic BurgerOrder tool definition and an MCP server set up. We’ll focus on modifying the tool-schema.json and discussing the associated implementation.

Step 1: Defining a UI Resource Schema

We want our confirmOrder function to, optionally, return a UI resource that shows the order details and asks the user for final confirmation. This UI resource would be a simple web component.

First, let’s update our tool-schema.json to include the ext-apps extension and define a ConfirmationUI resource.

Locate: Your tool-schema.json file for the BurgerOrder tool.

Add: The ext-apps definition within your tool’s schema. This typically goes at the root level of the tool definition, alongside name, description, and functions.

// tool-schema.json (partial)
{
  "name": "BurgerOrder",
  "description": "Manages burger orders, including selecting, adding, and confirming.",
  "version": "1.0.0",
  "namespace": "com.example.food",
  "ext-apps": {
    "ConfirmationUI": {
      "type": "web-component",
      "url": "https://example.com/burger-order-ui/confirmation-widget.js",
      "properties": {
        "orderId": {
          "type": "string",
          "description": "The ID of the order to confirm."
        },
        "items": {
          "type": "array",
          "description": "List of items in the order.",
          "items": {
            "type": "object",
            "properties": {
              "name": { "type": "string" },
              "quantity": { "type": "integer" },
              "price": { "type": "number" }
            },
            "required": ["name", "quantity", "price"]
          }
        },
        "totalPrice": {
          "type": "number",
          "description": "The total price of the order."
        }
      },
      "events": {
        "orderConfirmed": {
          "type": "object",
          "properties": {
            "orderId": { "type": "string" },
            "confirmedBy": { "type": "string" }
          },
          "required": ["orderId", "confirmedBy"]
        },
        "orderCancelled": {
          "type": "object",
          "properties": {
            "orderId": { "type": "string" }
          },
          "required": ["orderId"]
        }
      }
    }
  },
  "functions": [
    // ... existing functions like selectBurger, addItem, etc.
    {
      "name": "confirmOrder",
      "description": "Confirms the current burger order and optionally provides a UI for user review.",
      "parameters": {
        "type": "object",
        "properties": {
          "orderId": {
            "type": "string",
            "description": "The ID of the order to confirm."
          },
          "requiresUIAssistance": {
            "type": "boolean",
            "description": "If true, the tool should respond with a UI resource for user confirmation.",
            "default": false
          }
        },
        "required": ["orderId"]
      },
      "returns": {
        "type": "object",
        "properties": {
          "status": {
            "type": "string",
            "enum": ["pending_confirmation", "confirmed", "error"]
          },
          "orderId": { "type": "string" },
          "confirmationUI": {
            "$ref": "#/ext-apps/ConfirmationUI",
            "description": "Optional UI resource for user confirmation."
          }
        },
        "required": ["status", "orderId"]
      }
    }
  ]
}

Explanation:

• We added an ext-apps object at the root.
• Inside ext-apps, ConfirmationUI is a custom identifier for our UI resource.
• type: "web-component" indicates it’s a standard web component. Other types like iframe might also be supported.
• url: This is where the client application would fetch the JavaScript bundle for our web component.
• properties: Defines the data that the AI agent or client passes into the UI component. For ConfirmationUI, it needs orderId, items, and totalPrice.
• events: Defines events that the UI component emits back. Here, orderConfirmed and orderCancelled with their respective data structures.
• Our confirmOrder function’s returns schema now includes an optional confirmationUI property that $references our ConfirmationUI definition. This tells the agent that this function can return a UI resource.

Step 2: Implementing the Tool Logic for UI Resource Response

Now, let’s look at how the TypeScript tool implementation would respond when requiresUIAssistance is true.

Locate: Your src/tools/BurgerOrderTool.ts (or similar) file.

Modify: The confirmOrder function implementation.

// src/tools/BurgerOrderTool.ts (partial)
import { MCPTool, FunctionCall, ToolResponse } from '@modelcontextprotocol/typescript-sdk';
// Assume Order type and existing order management logic

class BurgerOrderTool implements MCPTool {
  // ... existing constructor and other functions

  async confirmOrder(call: FunctionCall): Promise<ToolResponse> {
    const { orderId, requiresUIAssistance } = call.parameters;

    // In a real application, you'd fetch the actual order details from a database
    // For this example, let's mock some order data.
    const mockOrder = {
      orderId: orderId,
      items: [
        { name: "Classic Burger", quantity: 1, price: 12.99 },
        { name: "Fries", quantity: 1, price: 3.50 }
      ],
      totalPrice: 16.49
    };

    if (requiresUIAssistance) {
      console.log(`Agent requested UI assistance for order ${orderId}.`);
      return {
        status: "success", // Or "pending_confirmation" as per schema
        output: {
          status: "pending_confirmation",
          orderId: orderId,
          confirmationUI: {
            type: "web-component",
            url: "https://example.com/burger-order-ui/confirmation-widget.js", // Must match schema
            properties: {
              orderId: mockOrder.orderId,
              items: mockOrder.items,
              totalPrice: mockOrder.totalPrice
            }
          }
        }
      };
    } else {
      // Directly confirm the order if no UI assistance needed
      console.log(`Order ${orderId} confirmed directly by agent.`);
      // In a real app, this would trigger the actual order placement.
      return {
        status: "success",
        output: {
          status: "confirmed",
          orderId: orderId
        }
      };
    }
  }

  // ... other tool functions
}

// Don't forget to register your tool with the MCP server!

Explanation:

• The confirmOrder function now checks the requiresUIAssistance parameter.
• If true, it constructs an output object that includes the confirmationUI property.
• The confirmationUI object contains the type, url, and properties that match the schema definition. The properties are populated with actual order data.
• The status in the output could be pending_confirmation to indicate that human input is still needed.
• If requiresUIAssistance is false, the tool proceeds with direct confirmation.

Step 3: Agent Interaction with UI Resources (Conceptual)

How does an AI agent use this?

1. Agent’s Decision: The AI agent, based on its internal logic or user prompt, decides if a UI confirmation is needed. It then calls confirmOrder with requiresUIAssistance: true.
2. Receiving UI Resource: The agent receives the ToolResponse containing the confirmationUI object.
3. Instruction to Client: The agent doesn’t render the UI itself. Instead, it instructs its client application (e.g., a web browser interface, a desktop app) to render the UI. The instruction would include the url and properties from the confirmationUI object.
4. Client Renders: The client application loads the confirmation-widget.js web component, passes the orderId, items, and totalPrice as properties, and displays it to the user.
5. User Interaction: The user interacts with the web component (e.g., clicks “Confirm” or “Cancel”).
6. Event Emission: The web component emits an event (e.g., orderConfirmed or orderCancelled).
7. Client Relays Event: The client application captures this event and relays it back to the AI agent.
8. Agent Responds: The agent receives the event, understands the user’s decision, and takes further action (e.g., calls another tool to finalize the order, or informs the user of cancellation).

Step 4: Implementing Asynchronous Tool Execution (Conceptual/Example)

Let’s imagine our placeOrder function (which would be called after confirmation) is a long-running process.

Modify: Add a placeOrder function to your tool-schema.json and BurgerOrderTool.ts.

// tool-schema.json (partial, add to functions array)
{
  "name": "placeOrder",
  "description": "Initiates the placement of a confirmed order, which is an asynchronous process.",
  "parameters": {
    "type": "object",
    "properties": {
      "orderId": {
        "type": "string",
        "description": "The ID of the order to place."
      }
    },
    "required": ["orderId"]
  },
  "returns": {
    "type": "object",
    "properties": {
      "status": {
        "type": "string",
        "enum": ["processing", "error"]
      },
      "jobId": {
        "type": "string",
        "description": "A unique ID to track the asynchronous order placement job."
      }
    },
    "required": ["status", "jobId"]
  }
},
{
  "name": "checkOrderStatus",
  "description": "Checks the status of an asynchronous order placement job.",
  "parameters": {
    "type": "object",
    "properties": {
      "jobId": {
        "type": "string",
        "description": "The ID of the order placement job to check."
      }
    },
    "required": ["jobId"]
  },
  "returns": {
    "type": "object",
    "properties": {
      "status": {
        "type": "string",
        "enum": ["processing", "completed", "failed"]
      },
      "orderId": { "type": "string" },
      "etaSeconds": {
        "type": "integer",
        "description": "Estimated time remaining in seconds, if still processing."
      },
      "details": {
        "type": "string",
        "description": "Further details or error messages."
      }
    },
    "required": ["status"]
  }
}

// src/tools/BurgerOrderTool.ts (partial, add to BurgerOrderTool class)
import { v4 as uuidv4 } from 'uuid'; // npm install uuid @types/uuid

// This would be a real database or message queue in a production app
const jobStore: Map<string, { orderId: string; status: string; startTime: number }> = new Map();

class BurgerOrderTool implements MCPTool {
  // ... existing code

  async placeOrder(call: FunctionCall): Promise<ToolResponse> {
    const { orderId } = call.parameters;
    const jobId = uuidv4();
    console.log(`Initiating asynchronous order placement for order ${orderId}. Job ID: ${jobId}`);

    // Simulate a long-running process
    jobStore.set(jobId, { orderId, status: "processing", startTime: Date.now() });

    setTimeout(() => {
      // Simulate completion after 5-10 seconds
      const status = Math.random() > 0.1 ? "completed" : "failed"; // 10% chance of failure
      const job = jobStore.get(jobId);
      if (job) {
        job.status = status;
        console.log(`Job ${jobId} for order ${orderId} finished with status: ${status}`);
      }
    }, Math.random() * 5000 + 5000); // 5 to 10 seconds

    return {
      status: "success",
      output: {
        status: "processing",
        jobId: jobId
      }
    };
  }

  async checkOrderStatus(call: FunctionCall): Promise<ToolResponse> {
    const { jobId } = call.parameters;
    const job = jobStore.get(jobId);

    if (!job) {
      return {
        status: "error",
        output: { status: "failed", details: `Job ID ${jobId} not found.` }
      };
    }

    const elapsed = (Date.now() - job.startTime) / 1000;
    let etaSeconds = 0;
    if (job.status === "processing") {
      etaSeconds = Math.max(0, 10 - Math.floor(elapsed)); // Max 10s wait
    }

    return {
      status: "success",
      output: {
        status: job.status,
        orderId: job.orderId,
        etaSeconds: etaSeconds,
        details: job.status === "failed" ? "Order placement failed due to a simulated error." : undefined
      }
    };
  }
}

Explanation:

• placeOrder now immediately returns a jobId and status: "processing".
• A setTimeout simulates the actual long-running process, updating the jobStore after a delay.
• checkOrderStatus allows the agent to query the status using the jobId. It returns the current status, orderId, and etaSeconds if still processing.

Agent’s Role in Asynchronous Tasks: The AI agent would:

1. Call placeOrder and receive a jobId.
2. Store this jobId.
3. Periodically call checkOrderStatus with the jobId (e.g., every few seconds).
4. Once checkOrderStatus returns status: "completed" or status: "failed", the agent can proceed with the next steps or inform the user.

Mini-Challenge: Enhance Your Own Tool with an Asynchronous Read

Pick one of your existing MCP tools (or create a simple new one). Your challenge is to:

1. Add a new function to its tool-schema.json that simulates a “long-running read” operation (e.g., fetchLargeReport, analyzeSensorData).
2. This new function should return a jobId and status: "processing" immediately.
3. Add a corresponding checkJobStatus function to the schema and your tool’s TypeScript implementation. This function should take a jobId and return the current status (processing, completed, failed) and potentially some mock data if completed.
4. Implement a simple in-memory jobStore (like our jobStore above) and a setTimeout to simulate the asynchronous completion of the “long-running read” after a few seconds.

Hint: Focus on correctly defining the returns schemas for both functions to communicate the asynchronous nature and the jobId. Remember to use uuidv4() for unique job IDs.

What to observe/learn: You’ll see how to design tool interactions that don’t block the agent and how to provide a mechanism for the agent to track progress and retrieve results later. This pattern is crucial for any non-trivial external service integration.

Common Pitfalls & Troubleshooting

Even with careful design, complex MCP applications can encounter issues. Here’s how to navigate some common pitfalls:

1. UI Resource Not Rendering/Incorrectly Displayed:

   • Pitfall: The client application doesn’t receive the UI resource, or it fails to load/render it.
   • Troubleshooting:
     • Check Tool Response: Verify that your tool’s ToolResponse correctly includes the confirmationUI object with the type, url, and properties as defined in your schema.
     • Client Implementation: Ensure your client application is correctly parsing the ToolResponse and instructing its UI framework to load the specified url and pass the properties.
     • CORS Issues: If your web-component or iframe url is hosted on a different domain, check for Cross-Origin Resource Sharing (CORS) errors in the browser’s developer console. The UI resource server needs to allow requests from your client’s domain.
     • UI Resource Availability: Confirm that the url for your UI component is publicly accessible and the JavaScript bundle/HTML file is correctly deployed.

2. Asynchronous Operations Not Progressing or Timing Out:

   • Pitfall: The agent keeps polling for a job that never completes, or the checkJobStatus always returns “processing”.
   • Troubleshooting:
     • Tool’s Internal Logic: Debug your tool’s placeOrder (or similar) function. Is the simulated setTimeout actually firing and updating the jobStore? Are there any errors preventing the job’s status from changing?
     • Job ID Mismatch: Ensure the jobId returned by placeOrder is exactly the same jobId being passed to checkJobStatus.
     • Agent Polling Logic: Verify the agent’s logic for polling checkJobStatus. Is it polling frequently enough? Is it handling potential network issues or temporary errors from the checkJobStatus call? Is there a maximum retry limit?
     • Concurrency Issues: If multiple agents are interacting, ensure your jobStore (or actual persistence layer) can handle concurrent updates and reads correctly.

3. Security Vulnerabilities in Production Deployment:

   • Pitfall: Sensitive data exposed, unauthorized access, or unencrypted communication.
   • Troubleshooting:
     • TLS/HTTPS: Immediately verify that all communication endpoints (MCP server, tools, UI resource servers) are using HTTPS. If not, configure TLS certificates.
     • Environment Variables: Double-check that all sensitive configurations are stored in environment variables or a secrets manager, NOT hardcoded.
     • Access Control: Review your MCP server’s and individual tool’s authorization logs. Are unauthorized requests being correctly denied? Are permissions too broad?
     • Input Validation: Ensure all incoming parameters to your tool functions are rigorously validated against their JSON Schema and any additional business logic to prevent injection attacks or unexpected behavior.
     • Regular Audits: Schedule regular security audits and penetration tests for your deployed MCP application.

Remember, a systematic approach to debugging, starting from the most visible layers (agent interaction, client UI) and moving down to the tool’s internal logic and infrastructure, is key to resolving issues efficiently.

Summary

Phew! We’ve covered a lot of ground, moving from the foundational concepts of MCP to building sophisticated, production-ready AI agent integrations.

Here are the key takeaways from this chapter:

• UI Resources (ext-apps): MCP tools can define and expose rich UI components (like web components or iframes) through their schemas, allowing AI agents to instruct clients to render interactive experiences for users. This bridges the gap between AI automation and human interaction.
• Advanced Interaction Patterns:
  • Asynchronous Operations: Tools can initiate long-running tasks and immediately return a jobId, allowing agents to poll for completion. This prevents timeouts and improves responsiveness.
  • Streaming Results: While requiring underlying transport mechanisms, tools can conceptually indicate the ability to stream large datasets incrementally.
  • Stateful vs. Stateless: Prefer stateless tool designs where possible; if state is needed, manage it within the tool’s implementation using context or session IDs.
• Secure Deployment & Operations:
  • Permissions & Authorization: Strictly adhere to the principle of least privilege and implement fine-grained access controls.
  • Secrets Management: Never hardcode sensitive information; use environment variables or dedicated secrets management solutions.
  • Auditing & Logging: Implement comprehensive, structured logging for all critical operations to ensure visibility, aid debugging, and support security audits.
  • Network Security: Secure all communication with TLS/HTTPS, use firewalls, and consider API gateways for robust protection.

You now possess a comprehensive understanding of the Model Context Protocol, from basic tool definitions to advanced integration patterns and critical security considerations. The ability to define powerful tools, integrate them securely, and even provide interactive UI experiences will be invaluable as you build the next generation of AI-powered applications.

References

1. Model Context Protocol Specification: The core specification document (currently a draft).
   • https://github.com/modelcontextprotocol/modelcontextprotocol
2. MCP ext-apps Repository: Details on extending MCP with UI resources.
   • https://github.com/modelcontextprotocol/ext-apps/
3. TypeScript SDK for Model Context Protocol: The official SDK for building MCP applications with TypeScript.
   • https://github.com/modelcontextprotocol/typescript-sdk
4. JSON Schema Official Website: For detailed information on defining robust schemas.
   • https://json-schema.org/
5. MDN Web Docs - Web Components: Understanding the foundation for UI resources like custom elements.
   • https://developer.mozilla.org/en-US/docs/Web/Web_Components
6. OWASP Top 10 Web Application Security Risks: General security best practices applicable to any web-facing service.
   • https://owasp.org/www-project-top-ten/

This page is AI-assisted and reviewed. It references official documentation and recognized resources where relevant.