Claude Desktop Extensions Development Guide

Currently viewing the human version

What Are Claude Desktop Extensions and Why They Don't Completely Suck

MCP Overview Diagram

Claude Desktop Extensions (.mcpb files) fix the nightmare that was getting MCP servers running on other people's machines. I've wasted months troubleshooting install issues - users would install Node 14 when I needed 18+, or their PATH got fucked by some other installer, or they'd edit the wrong config file and wonder why nothing worked.

Anthropic originally called these .dxt files, then switched to .mcpb (MCP Bundle) partway through development. Classic Anthropic naming consistency. Both file types work though.

The Nightmare Extensions Actually Fix

Before Extensions (aka Hell):

npm install -g some-mcp-server
## Edit ~/.claude/claude_desktop_config.json (if you can find it)
## Restart Claude Desktop
## Get \"Error: Cannot resolve module\" bullshit
## Spend 2 hours debugging why npm installed to wrong location

With Extensions:

Download .mcpb file
Drag into Claude Desktop
It fucking works (usually)

What's Inside a .mcpb File

Extensions are ZIP archives containing everything needed. Think of them like Docker containers but for MCP servers:

your-extension.mcpb
├── manifest.json    # Required: describes the extension
├── server/          # Your MCP server code
├── node_modules/    # All dependencies bundled (can get huge)
└── icon.png         # Optional: pretty icon

Warning: `node_modules` folders get massive. I once shipped a 180-something MB extension because I forgot `npm prune --production` and bundled every dev dependency I'd ever installed. Users were not happy about the download time.

The manifest.json handles most of the annoying stuff:

User configuration: GUI forms instead of making users edit JSON by hand (thank fuck)
Secret storage: API keys go in the system keychain, not sitting in plaintext config files
Platform compatibility: Works across platforms when you don't hardcode paths
Dependency management: Bundle everything so users can't screw up versions

Real Technical Benefits

Built-in Node.js runtime: Claude Desktop ships with Node.js, so JavaScript extensions work everywhere without users installing anything.

Secure configuration: API keys go in a GUI form, not plaintext config files. They're stored in the system keychain on macOS or Windows Credential Manager.

Template variables: Use ${__dirname} for paths, ${user_config.api_key} for user input, and ${HOME} for system variables.

Cross-platform overrides: Different commands and paths for Windows vs macOS in the same extension.

The Real Pain This Fixes

MCP Server Interface Screenshot

MCP servers were already powerful - they could access files, databases, APIs, anything local. But getting them running on someone else's machine was hell.

Real problems I've seen users hit:

Node 14.x when you need 18+ (breaks async/await patterns)
PATH variables fucked by other installers
Python virtual env conflicts with system packages
WSL2 port binding issues (0.0.0.0 vs 127.0.0.1)
`EACCES: permission denied` on Linux npm installs
Windows Defender blocking local servers
macOS Gatekeeper killing unsigned executables with zero explanation

Extensions bypass this shitshow:

Ship a .mcpb file, skip the 47-step installation guide
Users don't need to understand npm or Node versions
No more "works on my machine" rage
API keys in keychain instead of GitHub commits
Updates that don't break existing configs

User drags file into Claude Desktop. It works. End of story.

Extension Development Approaches (What Actually Works)

Aspect	Node.js Extensions	Python Extensions	Binary Extensions
Runtime	Built-in Node 18+ in Claude Desktop	System Python (good luck with versions)	Standalone executables
Setup Complexity	Easy usually just works	Medium (optimistic, it's pain)	Hard Windows will break you
Distribution Size	Small-ish unless you import React	50MB+ because dependencies are huge	100MB+ per OS you target
Performance	Good enough for API calls	Great until you hit threading issues	Actually fast when it works
Development Speed	Fast npm ecosystem is massive	Fast if you know Python well	Slow compiling everything sucks
Cross-Platform	Just works mostly	Works but Windows is always special	Need separate builds for everything
Popular Use Cases	APIs, file wrangling, JSON abuse	Data science, ML inference	System integration that matters
Learning Curve	Easy if you know JS	Easy if you live in Python	Hard systems programming is pain
Debugging	console.log() like a caveman	pdb when shit breaks	gdb and prayer
Package Management	npm (bloated but predictable)	pip (dependency hell since 2008)	What package management?
Common Gotchas	Memory leaks from unclosed handles	PYTHONPATH fuckery on Windows	Segfaults with no stack trace

Building Extensions Without Losing Your Mind

Visual Guide to MCP

Setup (The Easy Part)

Install the MCPB CLI and pray it works:

npm install -g @anthropic-ai/mcpb

This gives you the `mcpb` command which sometimes works and sometimes throws cryptic errors. When it works, it handles manifest validation and ZIP creation. When it doesn't, you'll be digging through GitHub issues.

Building a File Browser That Won't Crash (Much)

Here's a file browser extension that took me 3 tries to get right because file paths are hell:

1. Initialize the Project (Pray mcpb Works)

mcpb init file-browser-extension
cd file-browser-extension

This creates the standard layout (if the CLI doesn't shit itself):

file-browser-extension/
├── manifest.json    # Where things break first
├── server/          # Your actual code
│   └── index.js
├── package.json     # npm dependency nightmare
└── README.md        # Nobody reads this

2. Fight with manifest.json (The Fun Part)

The manifest.json uses spec version 0.2, which means half the examples online are wrong. This file will break in creative ways:

{
  "manifest_version": "0.2",
  "name": "file-browser",
  "display_name": "Safe File Browser",
  "version": "1.0.0",
  "description": "Browse and read local files safely with directory restrictions",
  "author": {
    "name": "Your Name",
    "email": "you@example.com"
  },
  "server": {
    "type": "node",
    "entry_point": "server/index.js",
    "mcp_config": {
      "command": "node",
      "args": ["${__dirname}/server/index.js"],
      "env": {
        "ALLOWED_PATHS": "${user_config.allowed_paths}"
      }
    }
  },
  "tools": [
    {
      "name": "list_directory",
      "description": "List files and directories in a path"
    },
    {
      "name": "read_file",
      "description": "Read the contents of a text file"
    }
  ],
  "user_config": {
    "allowed_paths": {
      "type": "directory",
      "title": "Allowed Directories",
      "description": "Directories this extension can access",
      "multiple": true,
      "required": true,
      "default": ["${HOME}/Desktop", "${HOME}/Documents"]
    }
  },
  "compatibility": {
    "claude_desktop": ">=1.0.0",
    "platforms": ["darwin", "win32", "linux"],
    "runtimes": {
      "node": ">=16.0.0"
    }
  }
}

3. Implement the MCP Server

Node.js Logo

The server/index.js implements the MCP protocol. This is where your extension does the actual work:

#!/usr/bin/env node
import { Server } from '@modelcontextprotocol/sdk/server/index.js';
import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
import fs from 'fs/promises';
import path from 'path';

// Get allowed paths from environment (set by user config)
const allowedPaths = process.env.ALLOWED_PATHS?.split(path.delimiter) || [];

class FileExplorerServer {
  constructor() {
    this.server = new Server({
      name: "file-browser",
      version: "1.0.0"
    }, {
      capabilities: {
        tools: {}
      }
    });

    this.setupToolHandlers();
  }

  isPathAllowed(targetPath) {
    const resolved = path.resolve(targetPath);
    return allowedPaths.some(allowedPath => {
      const allowedResolved = path.resolve(allowedPath);
      return resolved.startsWith(allowedResolved);
    });
  }

  setupToolHandlers() {
    this.server.setRequestHandler('tools/list', async () => {
      return {
        tools: [
          {
            name: "list_directory",
            description: "List files and directories in a path",
            inputSchema: {
              type: "object",
              properties: {
                path: {
                  type: "string",
                  description: "Directory path to list"
                }
              },
              required: ["path"]
            }
          },
          {
            name: "read_file",
            description: "Read contents of a text file",
            inputSchema: {
              type: "object",
              properties: {
                path: {
                  type: "string",
                  description: "File path to read"
                }
              },
              required: ["path"]
            }
          }
        ]
      };
    });

    this.server.setRequestHandler('tools/call', async (request) => {
      const { name, arguments: args } = request.params;

      if (!this.isPathAllowed(args.path)) {
        return {
          content: [
            {
              type: "text",
              text: `Access denied: ${args.path} is not in allowed directories`
            }
          ]
        };
      }

      switch (name) {
        case "list_directory":
          try {
            const entries = await fs.readdir(args.path, { withFileTypes: true });
            const listing = entries.map(entry => ({
              name: entry.name,
              type: entry.isDirectory() ? 'directory' : 'file',
              path: path.join(args.path, entry.name)
            }));

            return {
              content: [
                {
                  type: "text",
                  text: `Directory listing for ${args.path}:
${JSON.stringify(listing, null, 2)}`
                }
              ]
            };
          } catch (error) {
            return {
              content: [
                {
                  type: "text",
                  text: `Error reading directory: ${error.message}`
                }
              ]
            };
          }

        case "read_file":
          try {
            const content = await fs.readFile(args.path, 'utf8');
            return {
              content: [
                {
                  type: "text",
                  text: `Contents of ${args.path}:

${content}`
                }
              ]
            };
          } catch (error) {
            return {
              content: [
                {
                  type: "text",
                  text: `Error reading file: ${error.message}`
                }
              ]
            };
          }

        default:
          throw new Error(`Unknown tool: ${name}`);
      }
    });
  }

  async run() {
    const transport = new StdioServerTransport();
    await this.server.connect(transport);
  }
}

const server = new FileExplorerServer();
server.run().catch(console.error);

Packaging and Distribution

4. Package the Extension

File Management

mcpb pack .

This creates file-browser-1.0.0.mcpb with proper ZIP structure and validates the manifest. The CLI handles file permissions and cross-platform compatibility.

5. Local Testing

Install by dragging file-browser-1.0.0.mcpb into Claude Desktop. No CLI command needed - just drag and drop the file.

Claude Desktop will prompt for directory permissions and store choices in the system keychain. Test by asking Claude to list files in your Desktop directory.

Shit That Will Break (And How I Learned)

mcpb pack fails with "Invalid manifest.json" - You probably have a trailing comma in your JSON. I always forget JSON isn't JavaScript. Spent way too long on this exact issue.

Extension installs but tools don't show up - Your manifest `tools` array doesn't match what your server actually implements. Claude Desktop just silently ignores the mismatch with no error message. Super helpful.

Works on Mac, crashes on Windows - You hardcoded forward slashes in file paths. Windows uses backslashes and will break your stuff. Always use `path.join()` or Windows users will be pissed.

Cannot resolve module errors - The import paths are specific: @modelcontextprotocol/sdk/server/index.js, not the shortened version. Yeah, it's verbose.

User config variables are undefined - ${user_config.allowed_paths} comes back as a string, not an array. You have to split it yourself. The docs are unclear about this.

"Extension failed to start" with no useful error - Debugging nightmare. I ended up adding `console.error()` statements everywhere. They show up in Claude's dev console if you hit Cmd+Shift+I.

Works locally, breaks when packaged - Usually means you forgot `npm install --production` or some dependency is doing weird dynamic imports that break when bundled.

Permission denied on Linux - mcpb pack doesn't preserve execute permissions. Had to run `chmod +x server/index.js` before packaging to fix it.

Always test with `node server/index.js` first. If your MCP server doesn't work standalone, the extension is fucked too.

6. Publishing Options

GitHub Releases: Upload .mcpb files as release artifacts
Direct Distribution: Share .mcpb files like any other installer
Enterprise Distribution: Deploy through existing software distribution systems
Community: Share on forums and developer communities

Advanced Manifest Features

Extension Configuration

The manifest.json supports sophisticated configuration options:

User Configuration Types:

"user_config": {
  "api_key": {
    "type": "string",
    "title": "API Key",
    "sensitive": true,
    "required": true
  },
  "max_results": {
    "type": "number",
    "title": "Maximum Results",
    "min": 1,
    "max": 100,
    "default": 10
  },
  "output_directory": {
    "type": "directory",
    "title": "Output Directory",
    "required": true
  },
  "enable_logging": {
    "type": "boolean",
    "title": "Enable Debug Logging",
    "default": false
  }
}

Compatibility Constraints:

"compatibility": {
  "claude_desktop": ">=1.2.0",
  "platforms": ["darwin", "win32"],
  "runtimes": {
    "node": ">=18.0.0"
  }
}

This development workflow transforms complex MCP server setup into standard software development. The key is remembering that debugging is 90% of the work - plan accordingly.

FAQ - The Shit Nobody Tells You

What's the deal with .dxt vs .mcpb files?

Anthropic started with .dxt files, then switched to .mcpb (MCP Bundle) partway through development. Classic Anthropic move. Both file types work, but .mcpb is the current standard.

Do I need to understand MCP protocol internals?

The SDK handles most of the protocol stuff, but when your extension breaks in weird ways, you end up digging through the MCP specs anyway. It's like HTTP

you don't need to implement it, but you better understand how requests and responses work when debugging.

Can I make money off these extensions?

Technically yes, realistically good luck. Developers expect tools to be free unless they're really fucking amazing. You can sell them directly, bundle with SaaS, or do freemium. Just remember you're competing with free alternatives.

How do I handle API keys securely?

Use the user_config section in manifest.json with "sensitive": true. Claude Desktop stores these in the OS keychain and passes them as environment variables. Never hardcode secrets in your extension code:

"user_config": {
  "api_key": {
    "type": "string",
    "sensitive": true,
    "required": true,
    "title": "API Key"
  }
}

Extension works locally but breaks when packaged - why does God hate me?

Welcome to packaging hell. Common mistakes I've made:

File paths: Used relative paths instead of ${__dirname} in the manifest. Windows choked on it.
Dependencies: Imported something that was only in devDependencies. npm install --production nuked it.
Permissions: Tried to manually zip the extension instead of using mcpb pack. Broke execute permissions.
Dynamic imports: Some dependency was doing require() with computed strings that don't work when bundled.

Do extensions work with internet APIs?

Yeah, they can hit any HTTP endpoint. Users get permission prompts first time you make requests. Just don't be a dick about it

respect rate limits and handle network failures gracefully.

How do I debug when everything's fucked?

Node.js debugging:

Spam console.log() everywhere. They show up in Claude's dev console (Cmd+Shift+I).
Test your server standalone first: node server/index.js
If it doesn't work solo, it won't work packaged

Python debugging:

Use print() like it's 2010. Works better than proper logging in extensions.
Test with python server.py before packaging
Check Claude Desktop logs when Python crashes (they're buried in system logs)

How big can extensions get before users rage quit?

No official limit, but users get impatient:

Node.js: Usually under 10MB unless you accidentally bundle something huge like React dev tools
Python: Easily 50MB+ because Python dependencies are heavy. Data science packages make it worse.
Binary: 100MB+ per platform, so cross-platform extensions get really big

Users start complaining around 50MB because download times suck. Try to keep dependencies minimal.

Can extensions auto-update or am I stuck with manual installs?

Extensions have version tracking in the manifest. Claude Desktop can check for updates if you're using some marketplace with APIs, but for direct distribution, users drag new .mcpb files manually like cavemen.

Do extensions actually work cross-platform?

Depends how much pain you want:

Node.js: Works everywhere because Claude ships with Node 18.x
Python: "Works" if users have Python installed (they don't)
Binary: You need separate builds for each OS, and Windows will break in creative ways

Set compatibility.platforms in your manifest so Claude Desktop knows what you support.