modelcontextprotocol · dsp-ant · Sep 9, 2025 · Jul 11, 2025 · Jul 17, 2025 · Jul 17, 2025
@@ -147,3 +147,54 @@ may reserve particular names for purpose-specific metadata, as declared in those
 
 - Unless empty, MUST begin and end with an alphanumeric character (`[a-z0-9A-Z]`).
 - MAY contain hyphens (`-`), underscores (`_`), dots (`.`), and alphanumerics in between.
+
+#### `icons`
+
+The `icons` property provides a standardized way for servers to expose visual identifiers for their resources, tools, prompts, and implementations. Icons enhance user interfaces by providing visual context and improving the discoverability of available functionality.
+
+Icons are represented as an array of `Icon` objects, where each icon includes:
+
+- `src`: A URI pointing to the icon resource (required). This can be:
+  - An HTTP/HTTPS URL pointing to an image file
+  - A data URI with base64-encoded image data
+- `mimeType`: Optional MIME type if the server's type is missing or generic
+- `sizes`: Optional size specification (e.g., "48x48", "any" for scalable formats like SVG, or "48x48 96x96" for multiple sizes)
+
+**Required MIME type support:**
+
+Clients that support rendering icons **MUST** support at least the following MIME types:
+
+- `image/png` - PNG images (safe, universal compatibility)
+- `image/jpeg` (and `image/jpg`) - JPEG images (safe, universal compatibility)
+
+Clients that support rendering icons **SHOULD** also support:
+
+- `image/svg+xml` - SVG images (scalable but requires security precautions as noted below)
+- `image/webp` - WebP images (modern, efficient format)
+
+**Security considerations:**
+
+Consumers of icon metadata **MUST** take appropriate security precautions when handling icons to prevent compromise:
+
+- Treat icon metadata and icon bytes as untrusted inputs and defend against network, privacy, and parsing risks.
+- Ensure that the icon URI is either a HTTPS or `data:` URI. Clients **MUST** reject icon URIs that use unsafe schemes and redirects, such as `javascript:`, `file:`, `ftp:`, `ws:`, or local app URI schemes.
+  - Disallow scheme changes and redirects to hosts on different origins.
+- Be resilient against resource exhaustion attacks stemming from oversized images, large dimensions, or excessive frames (e.g., in GIFs).
+  - Consumers **MAY** set limits for image and content size.
+- Fetch icons without credentials. Do not send cookies, `Authorization` headers, or client credentials.
+- Verify that icon URIs are from the same origin as the server. This minimizes the risk of exposing data or tracking information to third-parties.
+- Exercise caution when fetching and rendering icons as the payload **MAY** contain executable content (e.g., SVG with [embedded JavaScript](https://www.w3.org/TR/SVG11/script.html) or [extended capabilities](https://www.w3.org/TR/SVG11/extend.html)).
+  - Consumers **MAY** choose to disallow specific file types or otherwize sanitize icon files before rendering.
+- Validate MIME types and file contents before rendering. Treat the MIME type information as advisory. Detect content type via magic bytes; reject on mismatch or unknown types.
+  - Maintain a strict allowlist of image types.
+
+**Usage:**
+
+Icons can be attached to:
+
+- `Implementation`: Visual identifier for the MCP server/client implementation
+- `Tool`: Visual representation of the tool's functionality
+- `Prompt`: Icon to display alongside prompt templates
+- `Resource`: Visual indicator for different resource types
+
+Multiple icons can be provided to support different display contexts and resolutions. Clients should select the most appropriate icon based on their UI requirements.
@@ -69,7 +69,15 @@ The client **MUST** initiate this phase by sending an `initialize` request conta
     "clientInfo": {
       "name": "ExampleClient",
       "title": "Example Client Display Name",
-      "version": "1.0.0"
+      "version": "1.0.0",
+      "icons": [
+        {
+          "src": "https://example.com/icon.png",
+          "mimeType": "image/png",
+          "sizes": "48x48"
+        }
+      ],
+      "websiteUrl": "https://example.com"
     }
   }
 }
@@ -99,7 +107,15 @@ The server **MUST** respond with its own capabilities and information:
     "serverInfo": {
       "name": "ExampleServer",
       "title": "Example Server Display Name",
-      "version": "1.0.0"
+      "version": "1.0.0",
+      "icons": [
+        {
+          "src": "https://example.com/server-icon.svg",
+          "mimeType": "image/svg+xml",
+          "sizes": "any"
+        }
+      ],
+      "websiteUrl": "https://example.com/server"
     },
     "instructions": "Optional instructions for the client"
   }

@@ -10,6 +10,7 @@ the previous revision, [2025-06-18](/specification/2025-06-18).
 ## Major changes
 
 1. Enhance authorization server discovery with support for [OpenID Connect Discovery 1.0](https://openid.net/specs/openid-connect-discovery-1_0.html). (PR [#797](https://github.com/modelcontextprotocol/modelcontextprotocol/pull/797))
+2. Allow servers to expose icons as additional metadata for tools, resources and prompts ([SEP-973](https://github.com/modelcontextprotocol/modelcontextprotocol/issues/973)).
 
 ## Other schema changes
 

@@ -83,6 +83,13 @@ supports [pagination](/specification/draft/server/utilities/pagination).
             "description": "The code to review",
             "required": true
           }
+        ],
+        "icons": [
+          {
+            "src": "https://example.com/review-icon.svg",
+            "mimeType": "image/svg+xml",
+            "sizes": "any"
+          }
         ]
       }
     ],

@@ -115,7 +115,14 @@ supports [pagination](/specification/draft/server/utilities/pagination).
         "name": "main.rs",
         "title": "Rust Software Application Main File",
         "description": "Primary application entry point",
-        "mimeType": "text/x-rust"
+        "mimeType": "text/x-rust",
+        "icons": [
+          {
+            "src": "https://example.com/rust-file-icon.png",
+            "mimeType": "image/png",
+            "sizes": "48x48"
+          }
+        ]
       }
     ],
     "nextCursor": "next-page-cursor"

@@ -93,7 +93,14 @@ To discover available tools, clients send a `tools/list` request. This operation
             }
           },
           "required": ["location"]
-        }
+        },
+        "icons": [
+          {
+            "src": "https://example.com/weather-icon.png",
+            "mimeType": "image/png",
+            "sizes": "48x48"
+          }
+        ]
       }
     ],
     "nextCursor": "next-page-cursor"