@mcp-apps-kit/core
Advanced tools
Server-side TypeScript framework for building interactive MCP apps that can run on both:
It provides a single createApp() API to define tools, validate inputs/outputs with Zod v4, and attach UI resources to tool responses.
npm install @mcp-apps-kit/core zod
>=18^4.0.0Create an app with one tool using the defineTool helper for full type safety:
import { createApp, defineTool } from "@mcp-apps-kit/core";
import { z } from "zod";
const app = createApp({
name: "my-app",
version: "1.0.0",
tools: {
greet: defineTool({
description: "Greet a user",
input: z.object({
name: z.string().describe("Name to greet"),
}),
output: z.object({ message: z.string() }),
handler: async (input) => {
// input.name is fully typed - no assertion needed!
return { message: `Hello, ${input.name}!` };
},
}),
},
});
await app.start({ port: 3000 });
defineTool HelperUse defineTool to get automatic type inference in your handlers:
import { defineTool } from "@mcp-apps-kit/core";
tools: {
search: defineTool({
input: z.object({
query: z.string(),
maxResults: z.number().optional(),
}),
handler: async (input) => {
// ✅ input.query and input.maxResults are fully typed!
return { results: await search(input.query, input.maxResults) };
},
}),
}
Why defineTool?
With Zod v4, TypeScript cannot infer concrete schema types across module boundaries when using generic z.ZodType. The defineTool helper captures specific schema types at the call site, enabling proper type inference without manual type assertions.
If you prefer not to use defineTool, you can use the object syntax directly, but you'll need type assertions:
If you prefer not to use defineTool, you can use the object syntax directly, but you'll need type assertions:
// Define schema separately
const searchInput = z.object({
query: z.string(),
maxResults: z.number().optional(),
});
const app = createApp({
tools: {
search: {
input: searchInput,
handler: async (input) => {
// Manual type assertion required
const typed = input as z.infer<typeof searchInput>;
return { results: await search(typed.query, typed.maxResults) };
},
},
},
});
Use .describe() to add descriptions that appear in tool parameter documentation:
handler: async (input, context) => {
const typedInput = input as z.infer<typeof myInputSchema>;
// Now typedInput has full type safety
const value = typedInput.someProperty;
}
## Attach UI to tool outputs
Tools can optionally reference a UI resource by ID (e.g. `"restaurant-list"`). The host can then render the returned HTML as a widget.
A common pattern is to return both:
- the model-visible output (typed by your Zod `output` schema), and
- UI-only payload in `_meta`.
```ts
import { createApp } from "@mcp-apps-kit/core";
import { z } from "zod";
const app = createApp({
name: "restaurant-finder",
version: "1.0.0",
tools: {
search_restaurants: {
description: "Search for restaurants by location",
input: z.object({ location: z.string() }),
output: z.object({ count: z.number() }),
handler: async ({ location }) => {
const restaurants = await fetchRestaurants(location);
return {
count: restaurants.length,
_meta: { restaurants },
};
},
ui: "restaurant-list",
},
},
ui: {
"restaurant-list": {
html: "./dist/widget.html",
},
},
});
Extend your app with cross-cutting concerns (logging, authentication, analytics) using plugins, middleware, and events.
Plugins provide hooks into the application lifecycle and tool execution:
import { createPlugin } from "@mcp-apps-kit/core";
const loggingPlugin = createPlugin({
name: "logger",
version: "1.0.0",
// Lifecycle hooks
onInit: async () => console.log("App initializing..."),
onStart: async () => console.log("App started"),
// Tool execution hooks
beforeToolCall: async (context) => {
console.log(`Tool called: ${context.toolName}`);
},
afterToolCall: async (context, result) => {
console.log(`Tool completed: ${context.toolName}`);
},
onToolError: async (context, error) => {
console.error(`Tool failed: ${context.toolName}`, error);
},
});
const app = createApp({
name: "my-app",
version: "1.0.0",
plugins: [loggingPlugin],
tools: {
/* ... */
},
});
Middleware processes requests in a pipeline, similar to Express or Koa:
import type { Middleware } from "@mcp-apps-kit/core";
// Request logging middleware
const logger: Middleware = async (context, next) => {
const start = Date.now();
console.log(`Processing ${context.toolName}...`);
// Store data in context.state (shared with other middleware & handler)
context.state.set("startTime", start);
await next(); // Call next middleware or tool handler
const duration = Date.now() - start;
console.log(`${context.toolName} completed in ${duration}ms`);
};
// Register middleware (executed in order)
app.use(logger);
app.use(rateLimiter);
app.use(authenticator);
Listen to application events for analytics and monitoring:
// Track application lifecycle
app.on("app:init", ({ config }) => {
console.log(`App initialized: ${config.name}`);
});
app.on("app:start", ({ transport }) => {
console.log(`Started with transport: ${transport}`);
});
// Monitor tool execution
app.on("tool:called", ({ toolName, input }) => {
analytics.track("tool_called", { tool: toolName });
});
app.on("tool:success", ({ toolName, duration }) => {
metrics.timing("tool_duration", duration, { tool: toolName });
});
app.on("tool:error", ({ toolName, error }) => {
errorTracker.report(error, { tool: toolName });
});
See the kanban example for a complete demonstration.
Enable debug logging to receive structured logs from client UIs through the MCP protocol. This is especially useful in sandboxed environments (like mobile ChatGPT) where console access is restricted.
const app = createApp({
name: "my-app",
version: "1.0.0",
tools: {
/* ... */
},
config: {
debug: {
enabled: true, // Enable debug logging
level: "debug", // "debug" | "info" | "warn" | "error"
},
},
});
When enabled, the server:
log_debug tool (hidden from the model)| Level | Description |
|---|---|
debug | All logs including debug info |
info | Info, warning, and error logs |
warn | Warning and error logs only |
error | Error logs only |
You can also use the debug logger directly in your server code:
import { debugLogger } from "@mcp-apps-kit/core";
// Log messages at different levels
debugLogger.debug("Processing request", { requestId: "123" });
debugLogger.info("User logged in", { userId: "456" });
debugLogger.warn("Rate limit approaching", { remaining: 10 });
debugLogger.error("Database connection failed", { error: err.message });
See also: @mcp-apps-kit/ui README for client-side logging.
MIT
FAQs
Server-side framework for building MCP applications
The npm package @mcp-apps-kit/core receives a total of 12 weekly downloads. As such, @mcp-apps-kit/core popularity was classified as not popular.
We found that @mcp-apps-kit/core demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
The worm-enabled campaign hit @emilgroup and @teale.io, then used an ICP canister to deliver follow-on payloads.
Research
/Security News
Attackers compromised Trivy GitHub Actions by force-updating tags to deliver malware, exposing CI/CD secrets across affected pipelines.
Security News
ENISA’s new package manager advisory outlines the dependency security practices companies will need to demonstrate as the EU’s Cyber Resilience Act begins enforcing software supply chain requirements.