feat(tools): Add MCP Apps visualization support for search_events#744
feat(tools): Add MCP Apps visualization support for search_events#744
Conversation
Add interactive chart visualizations for aggregate query results using the MCP Apps protocol. When search_events returns aggregate data, it now includes structured chart data that MCP Apps-compatible clients can render as bar, pie, line charts, tables, or single numbers. Key changes: - Create new mcp-apps-ui package with Chart.js-based visualization - Extend ToolConfig with optional UI metadata for resource URIs - Register UI resources in server for client fetching - Enhance formatters to return chart data alongside text for aggregates - Add chartType field to search_events agent for visualization hints The implementation maintains backward compatibility - clients without MCP Apps support continue to receive text responses. Co-Authored-By: Claude <noreply@anthropic.com>
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 2 potential issues.
Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.
| chartType, | ||
| ), | ||
| ]; | ||
| } |
There was a problem hiding this comment.
list_events returns chart data without UI configuration
Low Severity
The list_events tool uses the shared formatters (formatErrorResults, formatLogResults, formatSpanResults) which now return chart data for aggregate queries. However, list_events doesn't have a ui configuration, so MCP Apps clients won't receive the _meta.ui.resourceUri in tool annotations and won't know to render the chart. This creates inconsistent behavior where chart data is returned but can never be used.
| return value.toLocaleString(); | ||
| } | ||
| return String(value); | ||
| } |
There was a problem hiding this comment.
Unescaped user data in innerHTML creates XSS vulnerability
Medium Severity
The formatNumber function uses String(value) for non-numeric values without HTML escaping, then the result is inserted via innerHTML in renderTable and renderNumberDisplay. Sentry event data (error messages, span descriptions, custom attributes) can contain user-controlled content, which would be rendered as HTML. An attacker who can inject malicious content into Sentry events (e.g., <img onerror=...>) could execute JavaScript when a user visualizes that data.
Additional Locations (1)
1 participant
Add interactive chart visualizations for aggregate query results using the MCP Apps protocol. When
search_eventsreturns aggregate data, it now includes structured chart data that MCP Apps-compatible clients can render as bar, pie, line charts, tables, or single numbers.What this adds
mcp-apps-uipackage - Contains Chart.js-based visualization app bundled as a single HTML file using Viteui://sentry/search-events-chart.htmlresource that clients can fetchsearch_eventsnow includes_meta.ui.resourceUriin its tool definitionHow it works
_meta.ui.resourceUriin tool definitionsearch_eventsreturns aggregate results, the response includes:mimeType: "application/json;chart"containing structured dataapp.ontoolresultand renders the chartBackward compatibility
Clients without MCP Apps support continue to receive text responses exactly as before. The chart data is an additional content block that non-Apps clients simply ignore.
Chart type inference
The system infers chart type based on data shape:
The AI agent can also explicitly suggest a chart type based on query intent.