npm - @frontmcp/uipack - Versions diffs - 0.8.1 → 0.9.0 - Mend

@frontmcp/uipack 0.8.1 → 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

package/README.md +46 -106
package/esm/index.mjs +190 -175
package/esm/package.json +3 -2
package/esm/runtime/index.mjs +433 -176
package/esm/tool-template/index.mjs +1 -0
package/index.js +190 -175
package/package.json +3 -2
package/runtime/adapters/html.adapter.d.ts.map +1 -1
package/runtime/index.d.ts +1 -1
package/runtime/index.d.ts.map +1 -1
package/runtime/index.js +434 -176
package/runtime/mcp-bridge.d.ts.map +1 -1
package/runtime/sanitizer.d.ts +8 -0
package/runtime/sanitizer.d.ts.map +1 -1
package/tool-template/index.js +1 -0

package/README.md CHANGED Viewed

@@ -1,98 +1,47 @@
 # @frontmcp/uipack
-React-free build utilities, theming, runtime helpers, and platform adapters for FrontMCP UI development. `@frontmcp/uipack` powers HTML string templates, cacheable widgets, and discovery metadata without pulling React or DOM libraries into your server.
+React-free build utilities, theming, runtime helpers, and platform adapters for FrontMCP UI development.
-## Package Split
+[![NPM](https://img.shields.io/npm/v/@frontmcp/uipack.svg)](https://www.npmjs.com/package/@frontmcp/uipack)
-| Package            | Purpose                                                               | React Required        |
-| ------------------ | --------------------------------------------------------------------- | --------------------- |
-| `@frontmcp/uipack` | Themes, runtime helpers, build/render pipelines, validation, adapters | No                    |
-| `@frontmcp/ui`     | HTML/React components, layouts, widgets, web components               | Yes (peer dependency) |
+## Package Split
-Install `@frontmcp/uipack` when you need HTML-first tooling, template validation, or platform adapters. Install `@frontmcp/ui` alongside it for ready-made components.
+| Package            | Purpose                                                               | React Required |
+| ------------------ | --------------------------------------------------------------------- | -------------- |
+| `@frontmcp/uipack` | Themes, runtime helpers, build/render pipelines, validation, adapters | No             |
+| `@frontmcp/ui`     | HTML/React components, layouts, widgets, web components               | Yes (peer dep) |
-## Installation
+## Install
 ```bash
 npm install @frontmcp/uipack
-# or
-yarn add @frontmcp/uipack
 ```
 ## Features
-- **Theme system** – Configure Tailwind-style palettes, fonts, and CDN assets, then inline or externalize scripts per platform.
-- **Build API** – Compile tool templates with esbuild/SWC, emit static widgets, and ship cached manifests for serverless environments.
-- **Build modes** – Choose static, dynamic, or hybrid rendering plus multi-platform bundler helpers so the same widget rehydrates on OpenAI, Claude, and Gemini.
-- **Runtime helpers** – Wrap HTML/React/MDX templates with CSP, sanitize user content, and expose MCP Bridge metadata.
-- **Platform adapters** – Generate OpenAI/Claude/Gemini discovery metadata, resolve serving modes, and understand host capabilities.
-- **Validation** – Extract schema paths, validate Handlebars templates, and render error boxes before code hits production.
-- **Bundler/cache** – File-system and Redis caches, transpile/render caches, and hashing utilities for incremental builds.
-## Quick Start
-### Theme + layout utilities
-```ts
-import { DEFAULT_THEME, createTheme, buildCdnScriptsFromTheme } from '@frontmcp/uipack/theme';
-const customTheme = createTheme({
-  name: 'brand',
-  colors: {
-    semantic: {
-      primary: '#0BA5EC',
-      secondary: '#6366F1',
-    },
-  },
-});
-const scripts = await buildCdnScriptsFromTheme(customTheme, { inline: true });
-```
+- **Theme system** — Tailwind-style palettes, fonts, CDN assets, platform-aware inlining ([docs][docs-theme])
+- **Build API** — compile tool templates with esbuild/SWC, emit static widgets, cached manifests ([docs][docs-build])
+- **Build modes** — static, dynamic, or hybrid rendering; multi-platform bundler helpers ([docs][docs-build-modes])
+- **Runtime helpers** — wrap HTML/React/MDX with CSP, sanitize content, expose MCP Bridge metadata ([docs][docs-runtime])
+- **Platform adapters** — OpenAI/Claude/Gemini discovery metadata, serving modes, host capabilities ([docs][docs-adapters])
+- **Validation** — schema path extraction, Handlebars template validation, error boxes ([docs][docs-validation])
+- **Bundler/cache** — filesystem and Redis caches, transpile/render caches, hashing utilities ([docs][docs-bundler])
-### Build tool UI HTML
+## Quick Example
 ```ts
 import { buildToolUI } from '@frontmcp/uipack/build';
 const result = await buildToolUI({
-  template: '<div>{{output.temperature}} °C</div>',
-  context: {
-    input: { location: 'London' },
-    output: { temperature: 18 },
-  },
+  template: '<div>{{output.temperature}} C</div>',
+  context: { input: { location: 'London' }, output: { temperature: 18 } },
   platform: 'openai',
 });
-console.log(result.html);
 ```
-### Wrap tool responses with MCP metadata
-```ts
-import { wrapToolUI, createTemplateHelpers } from '@frontmcp/uipack/runtime';
+> Full guide: [UI Overview][docs-overview]
-The helpers = createTemplateHelpers();
-const html = `<div>${helpers.escapeHtml(ctx.output.summary)}</div>`;
-const response = wrapToolUI({
-  html,
-  displayMode: 'inline',
-  servingMode: 'auto',
-  widgetDescription: 'Summarized status card',
-});
-```
-### Resolve platform capabilities
-```ts
-import { getPlatform, canUseCdn, needsInlineScripts } from '@frontmcp/uipack/theme';
-const claude = getPlatform('claude');
-const inline = needsInlineScripts(claude);
-const cdnOk = canUseCdn(claude);
-```
-## Entry points
+## Entry Points
 | Path                          | Purpose                                                  |
 | ----------------------------- | -------------------------------------------------------- |
@@ -107,45 +56,36 @@ const cdnOk = canUseCdn(claude);
 | `@frontmcp/uipack/types`      | Shared template/context types                            |
 | `@frontmcp/uipack/utils`      | Escaping, safe stringify, helper utilities               |
-## Template validation
+## Docs
-```ts
-import { validateTemplate } from '@frontmcp/uipack/validation';
-import { z } from 'zod';
+| Topic             | Link                            |
+| ----------------- | ------------------------------- |
+| Overview          | [UI Overview][docs-overview]    |
+| Theme system      | [Theming][docs-theme]           |
+| Build API         | [Build Tools][docs-build]       |
+| Build modes       | [Build Modes][docs-build-modes] |
+| Runtime helpers   | [Runtime][docs-runtime]         |
+| Platform adapters | [Adapters][docs-adapters]       |
+| Validation        | [Validation][docs-validation]   |
+| Bundler           | [Bundler][docs-bundler]         |
-const outputSchema = z.object({
-  temperature: z.number(),
-  city: z.string(),
-});
+## Related Packages
-const result = validateTemplate('<div>{{output.city}}</div>', outputSchema);
-if (!result valid) {
-  console.warn(result.errors);
-}
-```
-## Cache + bundler helpers
-```ts
-import { createFilesystemBuilder } from '@frontmcp/uipack/bundler/file-cache';
+- [`@frontmcp/ui`](../ui) — React components that consume these helpers
+- [`@frontmcp/sdk`](../sdk) — core framework and decorators
+- [`@frontmcp/testing`](../testing) — UI assertions for automated testing
-const builder = await createFilesystemBuilder('.frontmcp-cache/builds');
-const manifest = await builder.build({ entry: './widgets/weather.tsx' });
-```
-## Development
-```bash
-yarn nx build uipack
-yarn nx test uipack
-```
-## Related packages
+## License
-- [`@frontmcp/ui`](../ui/README.md) – Component library that consumes these helpers
-- [`@frontmcp/sdk`](../sdk/README.md) – Core SDK and decorators
-- [`@frontmcp/testing`](../testing/README.md) – UI assertions for automated testing
+Apache-2.0 — see [LICENSE](../../LICENSE).
-## License
+<!-- links -->
-Apache-2.0
+[docs-overview]: https://docs.agentfront.dev/frontmcp/ui/overview
+[docs-theme]: https://docs.agentfront.dev/frontmcp/ui/theming
+[docs-build]: https://docs.agentfront.dev/frontmcp/ui/build-tools
+[docs-build-modes]: https://docs.agentfront.dev/frontmcp/ui/build-modes
+[docs-runtime]: https://docs.agentfront.dev/frontmcp/ui/runtime
+[docs-adapters]: https://docs.agentfront.dev/frontmcp/ui/adapters
+[docs-validation]: https://docs.agentfront.dev/frontmcp/ui/validation
+[docs-bundler]: https://docs.agentfront.dev/frontmcp/ui/bundler

package/esm/index.mjs CHANGED Viewed

@@ -797,6 +797,184 @@ var init_theme2 = __esm({
   }
 });
+// libs/uipack/src/runtime/sanitizer.ts
+import DOMPurify from "dompurify";
+function isEmail(value) {
+  return PII_PATTERNS.email.test(value);
+}
+function isPhone(value) {
+  return PII_PATTERNS.phone.test(value);
+}
+function isCreditCard(value) {
+  const digits = value.replace(/[-\s]/g, "");
+  return digits.length >= 13 && digits.length <= 19 && PII_PATTERNS.creditCard.test(value);
+}
+function isSSN(value) {
+  return PII_PATTERNS.ssn.test(value);
+}
+function isIPv4(value) {
+  return PII_PATTERNS.ipv4.test(value);
+}
+function detectPIIType(value) {
+  if (isEmail(value)) return "EMAIL";
+  if (isCreditCard(value)) return "CARD";
+  if (isSSN(value)) return "ID";
+  if (isPhone(value)) return "PHONE";
+  if (isIPv4(value)) return "IP";
+  return null;
+}
+function redactPIIFromText(text) {
+  if (text.length > MAX_PII_TEXT_LENGTH) {
+    return text;
+  }
+  let result = text;
+  result = result.replace(PII_PATTERNS.creditCardInText, REDACTION_TOKENS.CARD);
+  result = result.replace(PII_PATTERNS.ssnInText, REDACTION_TOKENS.ID);
+  result = result.replace(PII_PATTERNS.emailInText, REDACTION_TOKENS.EMAIL);
+  result = result.replace(PII_PATTERNS.phoneInText, REDACTION_TOKENS.PHONE);
+  result = result.replace(PII_PATTERNS.ipv4InText, REDACTION_TOKENS.IP);
+  return result;
+}
+function sanitizeValue(key, value, path, options, depth, visited) {
+  const maxDepth = options.maxDepth ?? 10;
+  if (depth > maxDepth) {
+    return value;
+  }
+  if (value === null || value === void 0) {
+    return value;
+  }
+  if (typeof options.mode === "function") {
+    return options.mode(key, value, path);
+  }
+  if (Array.isArray(options.mode)) {
+    const lowerKey = key.toLowerCase();
+    if (options.mode.some((f) => f.toLowerCase() === lowerKey)) {
+      return REDACTION_TOKENS.REDACTED;
+    }
+  }
+  if (typeof value === "string") {
+    if (options.mode === true) {
+      const piiType = detectPIIType(value);
+      if (piiType) {
+        return REDACTION_TOKENS[piiType];
+      }
+      if (options.sanitizeInText !== false) {
+        const redacted = redactPIIFromText(value);
+        if (redacted !== value) {
+          return redacted;
+        }
+      }
+    }
+    return value;
+  }
+  if (Array.isArray(value)) {
+    if (visited.has(value)) {
+      return REDACTION_TOKENS.REDACTED;
+    }
+    visited.add(value);
+    return value.map(
+      (item, index) => sanitizeValue(String(index), item, [...path, String(index)], options, depth + 1, visited)
+    );
+  }
+  if (typeof value === "object") {
+    if (visited.has(value)) {
+      return REDACTION_TOKENS.REDACTED;
+    }
+    visited.add(value);
+    const result = {};
+    for (const [k, v] of Object.entries(value)) {
+      result[k] = sanitizeValue(k, v, [...path, k], options, depth + 1, visited);
+    }
+    return result;
+  }
+  return value;
+}
+function sanitizeInput(input, mode = true) {
+  if (!input || typeof input !== "object") {
+    return {};
+  }
+  const options = {
+    mode,
+    maxDepth: 10,
+    sanitizeInText: true
+  };
+  const visited = /* @__PURE__ */ new WeakSet();
+  return sanitizeValue("", input, [], options, 0, visited);
+}
+function createSanitizer(mode = true) {
+  return (input) => sanitizeInput(input, mode);
+}
+function detectPII(input, options) {
+  const maxDepth = options?.maxDepth ?? 10;
+  const fields = [];
+  const visited = /* @__PURE__ */ new WeakSet();
+  const check = (value, path, depth) => {
+    if (depth > maxDepth) return;
+    if (value === null || value === void 0) return;
+    if (typeof value === "string") {
+      if (detectPIIType(value)) {
+        fields.push(path.join("."));
+      }
+      return;
+    }
+    if (Array.isArray(value)) {
+      if (visited.has(value)) return;
+      visited.add(value);
+      value.forEach((item, index) => check(item, [...path, String(index)], depth + 1));
+      return;
+    }
+    if (typeof value === "object") {
+      if (visited.has(value)) return;
+      visited.add(value);
+      for (const [k, v] of Object.entries(value)) {
+        check(v, [...path, k], depth + 1);
+      }
+    }
+  };
+  check(input, [], 0);
+  return {
+    hasPII: fields.length > 0,
+    fields
+  };
+}
+var REDACTION_TOKENS, PII_PATTERNS, MAX_PII_TEXT_LENGTH;
+var init_sanitizer = __esm({
+  "libs/uipack/src/runtime/sanitizer.ts"() {
+    "use strict";
+    REDACTION_TOKENS = {
+      EMAIL: "[EMAIL]",
+      PHONE: "[PHONE]",
+      CARD: "[CARD]",
+      ID: "[ID]",
+      IP: "[IP]",
+      REDACTED: "[REDACTED]"
+    };
+    PII_PATTERNS = {
+      // Email: user@domain.tld
+      email: /^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$/,
+      // Email embedded in text
+      emailInText: /[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}/g,
+      // Phone: Various formats (US-centric but flexible)
+      phone: /^[+]?[(]?[0-9]{1,4}[)]?[-\s.]?[0-9]{1,4}[-\s.]?[0-9]{1,9}$/,
+      // Phone embedded in text
+      phoneInText: /(?:\+?1[-.\s]?)?\(?[0-9]{3}\)?[-.\s]?[0-9]{3}[-.\s]?[0-9]{4}/g,
+      // Credit card: 13-19 digits (with optional separators)
+      creditCard: /^(?:[0-9]{4}[-\s]?){3,4}[0-9]{1,4}$/,
+      // Credit card embedded in text
+      creditCardInText: /\b(?:[0-9]{4}[-\s]?){3,4}[0-9]{1,4}\b/g,
+      // SSN: XXX-XX-XXXX
+      ssn: /^[0-9]{3}[-]?[0-9]{2}[-]?[0-9]{4}$/,
+      // SSN embedded in text
+      ssnInText: /\b[0-9]{3}[-]?[0-9]{2}[-]?[0-9]{4}\b/g,
+      // IPv4 address
+      ipv4: /^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$/,
+      // IPv4 embedded in text
+      ipv4InText: /\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b/g
+    };
+    MAX_PII_TEXT_LENGTH = 1e5;
+  }
+});
 // libs/uipack/src/renderers/utils/detect.ts
 function isReactComponent(value) {
   if (typeof value !== "function") {
@@ -6491,8 +6669,14 @@ var MCP_BRIDGE_RUNTIME = `
 </script>
 `;
 function getMCPBridgeScript() {
-  const match = MCP_BRIDGE_RUNTIME.match(/<script>([\s\S]*?)<\/script>/);
-  return match ? match[1].trim() : "";
+  const openTag = "<script>";
+  const closeTag = "</script>";
+  const startIdx = MCP_BRIDGE_RUNTIME.indexOf(openTag);
+  const endIdx = MCP_BRIDGE_RUNTIME.lastIndexOf(closeTag);
+  if (startIdx === -1 || endIdx === -1 || endIdx <= startIdx) {
+    return "";
+  }
+  return MCP_BRIDGE_RUNTIME.slice(startIdx + openTag.length, endIdx).trim();
 }
 function isMCPBridgeSupported() {
   if (typeof window === "undefined") return false;
@@ -6587,179 +6771,7 @@ function sanitizeCSPDomains(domains) {
 // libs/uipack/src/runtime/wrapper.ts
 init_theme2();
 init_utils();
-// libs/uipack/src/runtime/sanitizer.ts
-var REDACTION_TOKENS = {
-  EMAIL: "[EMAIL]",
-  PHONE: "[PHONE]",
-  CARD: "[CARD]",
-  ID: "[ID]",
-  IP: "[IP]",
-  REDACTED: "[REDACTED]"
-};
-var PII_PATTERNS = {
-  // Email: user@domain.tld
-  email: /^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$/,
-  // Email embedded in text
-  emailInText: /[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}/g,
-  // Phone: Various formats (US-centric but flexible)
-  phone: /^[+]?[(]?[0-9]{1,4}[)]?[-\s.]?[0-9]{1,4}[-\s.]?[0-9]{1,9}$/,
-  // Phone embedded in text
-  phoneInText: /(?:\+?1[-.\s]?)?\(?[0-9]{3}\)?[-.\s]?[0-9]{3}[-.\s]?[0-9]{4}/g,
-  // Credit card: 13-19 digits (with optional separators)
-  creditCard: /^(?:[0-9]{4}[-\s]?){3,4}[0-9]{1,4}$/,
-  // Credit card embedded in text
-  creditCardInText: /\b(?:[0-9]{4}[-\s]?){3,4}[0-9]{1,4}\b/g,
-  // SSN: XXX-XX-XXXX
-  ssn: /^[0-9]{3}[-]?[0-9]{2}[-]?[0-9]{4}$/,
-  // SSN embedded in text
-  ssnInText: /\b[0-9]{3}[-]?[0-9]{2}[-]?[0-9]{4}\b/g,
-  // IPv4 address
-  ipv4: /^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$/,
-  // IPv4 embedded in text
-  ipv4InText: /\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b/g
-};
-function isEmail(value) {
-  return PII_PATTERNS.email.test(value);
-}
-function isPhone(value) {
-  return PII_PATTERNS.phone.test(value);
-}
-function isCreditCard(value) {
-  const digits = value.replace(/[-\s]/g, "");
-  return digits.length >= 13 && digits.length <= 19 && PII_PATTERNS.creditCard.test(value);
-}
-function isSSN(value) {
-  return PII_PATTERNS.ssn.test(value);
-}
-function isIPv4(value) {
-  return PII_PATTERNS.ipv4.test(value);
-}
-function detectPIIType(value) {
-  if (isEmail(value)) return "EMAIL";
-  if (isCreditCard(value)) return "CARD";
-  if (isSSN(value)) return "ID";
-  if (isPhone(value)) return "PHONE";
-  if (isIPv4(value)) return "IP";
-  return null;
-}
-var MAX_PII_TEXT_LENGTH = 1e5;
-function redactPIIFromText(text) {
-  if (text.length > MAX_PII_TEXT_LENGTH) {
-    return text;
-  }
-  let result = text;
-  result = result.replace(PII_PATTERNS.creditCardInText, REDACTION_TOKENS.CARD);
-  result = result.replace(PII_PATTERNS.ssnInText, REDACTION_TOKENS.ID);
-  result = result.replace(PII_PATTERNS.emailInText, REDACTION_TOKENS.EMAIL);
-  result = result.replace(PII_PATTERNS.phoneInText, REDACTION_TOKENS.PHONE);
-  result = result.replace(PII_PATTERNS.ipv4InText, REDACTION_TOKENS.IP);
-  return result;
-}
-function sanitizeValue(key, value, path, options, depth, visited) {
-  const maxDepth = options.maxDepth ?? 10;
-  if (depth > maxDepth) {
-    return value;
-  }
-  if (value === null || value === void 0) {
-    return value;
-  }
-  if (typeof options.mode === "function") {
-    return options.mode(key, value, path);
-  }
-  if (Array.isArray(options.mode)) {
-    const lowerKey = key.toLowerCase();
-    if (options.mode.some((f) => f.toLowerCase() === lowerKey)) {
-      return REDACTION_TOKENS.REDACTED;
-    }
-  }
-  if (typeof value === "string") {
-    if (options.mode === true) {
-      const piiType = detectPIIType(value);
-      if (piiType) {
-        return REDACTION_TOKENS[piiType];
-      }
-      if (options.sanitizeInText !== false) {
-        const redacted = redactPIIFromText(value);
-        if (redacted !== value) {
-          return redacted;
-        }
-      }
-    }
-    return value;
-  }
-  if (Array.isArray(value)) {
-    if (visited.has(value)) {
-      return REDACTION_TOKENS.REDACTED;
-    }
-    visited.add(value);
-    return value.map(
-      (item, index) => sanitizeValue(String(index), item, [...path, String(index)], options, depth + 1, visited)
-    );
-  }
-  if (typeof value === "object") {
-    if (visited.has(value)) {
-      return REDACTION_TOKENS.REDACTED;
-    }
-    visited.add(value);
-    const result = {};
-    for (const [k, v] of Object.entries(value)) {
-      result[k] = sanitizeValue(k, v, [...path, k], options, depth + 1, visited);
-    }
-    return result;
-  }
-  return value;
-}
-function sanitizeInput(input, mode = true) {
-  if (!input || typeof input !== "object") {
-    return {};
-  }
-  const options = {
-    mode,
-    maxDepth: 10,
-    sanitizeInText: true
-  };
-  const visited = /* @__PURE__ */ new WeakSet();
-  return sanitizeValue("", input, [], options, 0, visited);
-}
-function createSanitizer(mode = true) {
-  return (input) => sanitizeInput(input, mode);
-}
-function detectPII(input, options) {
-  const maxDepth = options?.maxDepth ?? 10;
-  const fields = [];
-  const visited = /* @__PURE__ */ new WeakSet();
-  const check = (value, path, depth) => {
-    if (depth > maxDepth) return;
-    if (value === null || value === void 0) return;
-    if (typeof value === "string") {
-      if (detectPIIType(value)) {
-        fields.push(path.join("."));
-      }
-      return;
-    }
-    if (Array.isArray(value)) {
-      if (visited.has(value)) return;
-      visited.add(value);
-      value.forEach((item, index) => check(item, [...path, String(index)], depth + 1));
-      return;
-    }
-    if (typeof value === "object") {
-      if (visited.has(value)) return;
-      visited.add(value);
-      for (const [k, v] of Object.entries(value)) {
-        check(v, [...path, k], depth + 1);
-      }
-    }
-  };
-  check(input, [], 0);
-  return {
-    hasPII: fields.length > 0,
-    fields
-  };
-}
-// libs/uipack/src/runtime/wrapper.ts
+init_sanitizer();
 function createTemplateHelpers() {
   let idCounter2 = 0;
   return {
@@ -10909,6 +10921,9 @@ async function buildToolUIMulti(options) {
   };
 }
+// libs/uipack/src/runtime/index.ts
+init_sanitizer();
 // libs/uipack/src/preview/openai-preview.ts
 init_utils();
 var DEFAULT_WIDGET_CSP = {

package/esm/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@frontmcp/uipack",
-  "version": "0.8.1",
+  "version": "0.9.0",
   "description": "FrontMCP UIpack - Bundling, build tools, and platform adapters for MCP UI development (React-free core)",
   "author": "AgentFront <info@agentfront.dev>",
   "homepage": "https://docs.agentfront.dev",
@@ -58,9 +58,10 @@
     "node": ">=22.0.0"
   },
   "dependencies": {
-    "@frontmcp/utils": "0.8.1",
+    "@frontmcp/utils": "0.9.0",
     "@swc/core": "^1.5.0",
     "@enclave-vm/core": "^2.10.1",
+    "dompurify": "^3.3.1",
     "esbuild": "^0.27.1",
     "handlebars": "^4.7.8",
     "zod": "^4.0.0"