@mcp-use/inspector 0.16.2 → 0.17.0-canary.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.js +351 -6
- package/dist/client/components/AddToClientDropdown.d.ts +1 -0
- package/dist/client/components/AddToClientDropdown.d.ts.map +1 -1
- package/dist/client/components/ui/SandboxedIframe.d.ts +60 -0
- package/dist/client/components/ui/SandboxedIframe.d.ts.map +1 -0
- package/dist/client/components/ui/WidgetWrapper.d.ts +12 -0
- package/dist/client/components/ui/WidgetWrapper.d.ts.map +1 -0
- package/dist/client/constants/debug-options.d.ts +28 -0
- package/dist/client/constants/debug-options.d.ts.map +1 -0
- package/dist/client/constants/iframe.d.ts +9 -0
- package/dist/client/constants/iframe.d.ts.map +1 -0
- package/dist/client/constants/index.d.ts +7 -0
- package/dist/client/constants/index.d.ts.map +1 -0
- package/dist/client/constants/mcp-apps.d.ts +38 -0
- package/dist/client/constants/mcp-apps.d.ts.map +1 -0
- package/dist/client/context/WidgetDebugContext.d.ts +143 -0
- package/dist/client/context/WidgetDebugContext.d.ts.map +1 -0
- package/dist/client/index.js +43 -4
- package/dist/client/utils/mcpClientUtils.d.ts +11 -0
- package/dist/client/utils/mcpClientUtils.d.ts.map +1 -1
- package/dist/client/utils/widget-detection.d.ts +35 -0
- package/dist/client/utils/widget-detection.d.ts.map +1 -0
- package/dist/server/{chunk-E6MN7HFJ.js → chunk-PGVC5F62.js} +331 -3
- package/dist/server/{chunk-6FB3A5YT.js → chunk-UTH6HZXK.js} +38 -4
- package/dist/server/{chunk-GF2XQFD5.js → chunk-WNPLSGD3.js} +1 -1
- package/dist/server/cli.js +2 -2
- package/dist/server/index.js +3 -3
- package/dist/server/middleware.js +3 -3
- package/dist/server/routes/mcp-apps.d.ts +12 -0
- package/dist/server/routes/mcp-apps.d.ts.map +1 -0
- package/dist/server/server.js +2 -2
- package/dist/server/shared-routes.d.ts.map +1 -1
- package/dist/server/shared-routes.js +2 -2
- package/dist/server/shared-utils-browser.d.ts +48 -0
- package/dist/server/shared-utils-browser.d.ts.map +1 -1
- package/dist/server/shared-utils-browser.js +5 -3
- package/dist/server/shared-utils.d.ts +14 -0
- package/dist/server/shared-utils.d.ts.map +1 -1
- package/dist/web/assets/{1c-BxKq7gEq.js → 1c-DSqWOTc8.js} +1 -1
- package/dist/web/assets/{abnf-Ck1R21wa.js → abnf-6JTXzTGh.js} +1 -1
- package/dist/web/assets/{accesslog-BzUyB_iE.js → accesslog-Cj7ZRLqh.js} +1 -1
- package/dist/web/assets/{actionscript-C4ZkhLW6.js → actionscript-CncAWPUr.js} +1 -1
- package/dist/web/assets/{ada-CuUi1qJk.js → ada-SzrCNcrI.js} +1 -1
- package/dist/web/assets/{angelscript-CFtT6oDh.js → angelscript-BkgLXwC8.js} +1 -1
- package/dist/web/assets/{apache-BHqae0Rw.js → apache-B-2nL7a9.js} +1 -1
- package/dist/web/assets/{applescript-DNoyWZnl.js → applescript-BFY8mwF8.js} +1 -1
- package/dist/web/assets/{arcade-D8RwNdb7.js → arcade-Dm_Ag8hE.js} +1 -1
- package/dist/web/assets/{arduino-ChibuQAr.js → arduino-IUm-503q.js} +1 -1
- package/dist/web/assets/{armasm-DbIklyNO.js → armasm-CKL1P7GO.js} +1 -1
- package/dist/web/assets/{asciidoc-BSyR6jYC.js → asciidoc-DIg1i2N3.js} +1 -1
- package/dist/web/assets/{aspectj-BZWsaY6R.js → aspectj-BMh21YGB.js} +1 -1
- package/dist/web/assets/{autohotkey-DVi_LYK3.js → autohotkey-C_0wGLZf.js} +1 -1
- package/dist/web/assets/{autoit-D6BnHUb0.js → autoit-CD1_ke_N.js} +1 -1
- package/dist/web/assets/{avrasm-UlkY1V4H.js → avrasm-CGGTtWnD.js} +1 -1
- package/dist/web/assets/{awk-CyBFhAY5.js → awk-D0jV7RHg.js} +1 -1
- package/dist/web/assets/{axapta-CLPaSCZj.js → axapta-CYdO4q2F.js} +1 -1
- package/dist/web/assets/{bash-DGT_TfoF.js → bash-COAbOgMP.js} +1 -1
- package/dist/web/assets/{basic-BygyjExO.js → basic-_xa-jJGn.js} +1 -1
- package/dist/web/assets/{bnf-DEZx7-sB.js → bnf-CWPCSvTt.js} +1 -1
- package/dist/web/assets/{brainfuck-BP34JwjI.js → brainfuck-DAIXEdNy.js} +1 -1
- package/dist/web/assets/{browser-2CLn9kcZ.js → browser-Z1MnJyNV.js} +84 -84
- package/dist/web/assets/{c-4kOtx7bw.js → c-CSjlnjxd.js} +1 -1
- package/dist/web/assets/{c-like-D_QTabq7.js → c-like-Fxy71HRk.js} +1 -1
- package/dist/web/assets/{cal-LwuF16pc.js → cal-BTT8dy5Y.js} +1 -1
- package/dist/web/assets/{capnproto-DOwNRuB2.js → capnproto-DMEWR9WX.js} +1 -1
- package/dist/web/assets/{ceylon-DRQbrxhT.js → ceylon-DmhsAgJ1.js} +1 -1
- package/dist/web/assets/{chunk-VL2OQCWN-BCWRa_Qg.js → chunk-VL2OQCWN-B2esRI8J.js} +1 -1
- package/dist/web/assets/{clean-gkgUEGqX.js → clean-KKJ9119y.js} +1 -1
- package/dist/web/assets/{client-iTFQicJ9.js → client-DwnQIdkR.js} +1 -1
- package/dist/web/assets/{clojure-CtfKIFF4.js → clojure-BAzeoCCZ.js} +1 -1
- package/dist/web/assets/{clojure-repl-BVPTKNz2.js → clojure-repl-DPHZ8n0O.js} +1 -1
- package/dist/web/assets/{cmake-ClKsBuux.js → cmake-BjMlev11.js} +1 -1
- package/dist/web/assets/{coffeescript-BTuF51du.js → coffeescript-CgvCTJ7y.js} +1 -1
- package/dist/web/assets/{coq-CfExO0Gz.js → coq-Bp_YPIkg.js} +1 -1
- package/dist/web/assets/{core-Dz3rHLFg.js → core-CU3tR8uf.js} +1 -1
- package/dist/web/assets/{cos-CM1IBMc-.js → cos-Dru8iT09.js} +1 -1
- package/dist/web/assets/{cpp-BEwLVpas.js → cpp-7IL4PYeU.js} +1 -1
- package/dist/web/assets/{crmsh-Dqwzx9BD.js → crmsh-DOTC_s6J.js} +1 -1
- package/dist/web/assets/{crystal-BlJvLH5q.js → crystal-CHZ3vbPh.js} +1 -1
- package/dist/web/assets/{csharp-DY2giZ-V.js → csharp-Bf8RaNCg.js} +1 -1
- package/dist/web/assets/{csp-DEhY_NXW.js → csp-hVkhGW7V.js} +1 -1
- package/dist/web/assets/{css-Zm_IVDl8.js → css-JQlUlYhA.js} +1 -1
- package/dist/web/assets/{d-fsbrEcfw.js → d-xUr--sHA.js} +1 -1
- package/dist/web/assets/{dart-U-x4popx.js → dart-VoFaKf1z.js} +1 -1
- package/dist/web/assets/{delphi-DSm3675g.js → delphi-BEAD0y64.js} +1 -1
- package/dist/web/assets/{diff-D02JlsZ1.js → diff-Br78aydF.js} +1 -1
- package/dist/web/assets/{display-A5IEINAP-XA74NGqf.js → display-A5IEINAP-BVtgLpP9.js} +2 -2
- package/dist/web/assets/{django-cI56NNKD.js → django-C3Ytzbqr.js} +1 -1
- package/dist/web/assets/{dns-NEA7xSp0.js → dns-CzSNJsnt.js} +1 -1
- package/dist/web/assets/{dockerfile-CcREGW7Q.js → dockerfile-DkzfCh8h.js} +1 -1
- package/dist/web/assets/{dos-sZhkkJfU.js → dos-DB3fBW_2.js} +1 -1
- package/dist/web/assets/{dsconfig-CWkCCdMG.js → dsconfig-Bq2GLUyD.js} +1 -1
- package/dist/web/assets/{dts-B-8IDChv.js → dts-Dr_Or-Kx.js} +1 -1
- package/dist/web/assets/{dust-DEXSWSHU.js → dust-ChQTiXXE.js} +1 -1
- package/dist/web/assets/{ebnf-DJtr94pw.js → ebnf-Btae1n4K.js} +1 -1
- package/dist/web/assets/{elixir-BdbAOJuf.js → elixir-2SOVX7Eo.js} +1 -1
- package/dist/web/assets/{elm-WqcL2B6O.js → elm-BfS-Ss9q.js} +1 -1
- package/dist/web/assets/{embeddings-BSMordvb.js → embeddings-CSveKC7I.js} +1 -1
- package/dist/web/assets/{erb-DVBEDJnb.js → erb-B1gSwIiL.js} +1 -1
- package/dist/web/assets/{erlang-CiWRQtbw.js → erlang-DJ8UCogf.js} +1 -1
- package/dist/web/assets/{erlang-repl-I_GD2kvF.js → erlang-repl-L_W1zF-d.js} +1 -1
- package/dist/web/assets/{excel-czJMeAGZ.js → excel-BZLwdOqk.js} +1 -1
- package/dist/web/assets/{fix-BaKgDhmm.js → fix-Cft5AAdV.js} +1 -1
- package/dist/web/assets/{flix-Ck9ImYUm.js → flix-Cm2ySqqC.js} +1 -1
- package/dist/web/assets/{fortran-BrvbQHR4.js → fortran-B9f4WxBy.js} +1 -1
- package/dist/web/assets/{fsharp-BGzhIWdF.js → fsharp-vbUfJemW.js} +1 -1
- package/dist/web/assets/{gams-aEU578P8.js → gams-Cz9p1FmZ.js} +1 -1
- package/dist/web/assets/{gauss-iGwhPiF7.js → gauss-BrHUdzIe.js} +1 -1
- package/dist/web/assets/{gcode-hXiMKj5F.js → gcode-BrKOgP_F.js} +1 -1
- package/dist/web/assets/{gherkin-BR8b-Gab.js → gherkin-DzgGJdHV.js} +1 -1
- package/dist/web/assets/{glsl-DBBt7lqL.js → glsl-CMnE4DK0.js} +1 -1
- package/dist/web/assets/{gml-hFR8fns3.js → gml-B40qXa2T.js} +1 -1
- package/dist/web/assets/{go-DK4bluir.js → go-hn7WAeyf.js} +1 -1
- package/dist/web/assets/{golo-DOO3jPHo.js → golo-C4KbfzGs.js} +1 -1
- package/dist/web/assets/{gradle-BQHLhxYe.js → gradle-uqiSWiUS.js} +1 -1
- package/dist/web/assets/{groovy-D-0ye3k7.js → groovy-CR75Ibbc.js} +1 -1
- package/dist/web/assets/{haml-DkbexILR.js → haml-BsiTNt51.js} +1 -1
- package/dist/web/assets/{handlebars-BVlqY0Va.js → handlebars-BeyIkwvs.js} +1 -1
- package/dist/web/assets/{haskell-8p9Qg9EH.js → haskell-BeWGMULZ.js} +1 -1
- package/dist/web/assets/{haxe-DUkKP-Pw.js → haxe-JBAIEN-g.js} +1 -1
- package/dist/web/assets/{hsp-OOj-nPXo.js → hsp-CyRrHBBg.js} +1 -1
- package/dist/web/assets/{htmlbars-D0Z2Z1vi.js → htmlbars-BiQ1Ka2R.js} +1 -1
- package/dist/web/assets/{http-BXPh_9at.js → http-BS5gfFZw.js} +1 -1
- package/dist/web/assets/{hy-C_7TZYpj.js → hy-5ryUquLx.js} +1 -1
- package/dist/web/assets/{index-DKcdz4Dd.js → index-4CqYQ7IM.js} +1 -1
- package/dist/web/assets/{index-CBy4Ujf5.js → index-A0UtzyD3.js} +1 -1
- package/dist/web/assets/{index-yH--GviA.js → index-Bp6PUJj3.js} +1 -1
- package/dist/web/assets/{index-D-h09Z2X.js → index-C2btSeoK.js} +1 -1
- package/dist/web/assets/{index-CSmyBdYZ.js → index-CQosKwcZ.js} +1 -1
- package/dist/web/assets/{index-Ccg6bnbx.js → index-Cb9ZEKTv.js} +1 -1
- package/dist/web/assets/index-CyaCThik.css +1 -0
- package/dist/web/assets/index-D-iupAn-.js +1902 -0
- package/dist/web/assets/{index-DDX96333.js → index-DzwTqj61.js} +1 -1
- package/dist/web/assets/{index-CHuWxSPa.js → index-syEQpePs.js} +1 -1
- package/dist/web/assets/{inform7-B_XTsvch.js → inform7-D29cNLhB.js} +1 -1
- package/dist/web/assets/{ini-DdGs73uv.js → ini-QoOp2Mje.js} +1 -1
- package/dist/web/assets/{irpf90-BaWU01TO.js → irpf90-DB6iPind.js} +1 -1
- package/dist/web/assets/{isbl-BiDbX3D4.js → isbl-dn87i3Lo.js} +1 -1
- package/dist/web/assets/{java-C7GcF4TC.js → java-ConVLmvN.js} +1 -1
- package/dist/web/assets/{javascript-C6ZRDfN3.js → javascript-D8SFbSsr.js} +1 -1
- package/dist/web/assets/{jboss-cli-De092tjL.js → jboss-cli-Bl5OJljo.js} +1 -1
- package/dist/web/assets/{json-B61oopWW.js → json-D4olMUQz.js} +1 -1
- package/dist/web/assets/{julia-elWgZ5IY.js → julia-DcYtMjbJ.js} +1 -1
- package/dist/web/assets/{julia-repl-BF2XfK_F.js → julia-repl-60sM8_IL.js} +1 -1
- package/dist/web/assets/{kotlin-5BlZ2IRm.js → kotlin-B8vNFDVy.js} +1 -1
- package/dist/web/assets/{lasso-0duQY7tE.js → lasso-CAD53556.js} +1 -1
- package/dist/web/assets/{latex-0nIXMvMZ.js → latex-BOM7rTT4.js} +1 -1
- package/dist/web/assets/{ldif-B7KPCSIO.js → ldif-But5L1_0.js} +1 -1
- package/dist/web/assets/{leaf-BVDhw0UF.js → leaf-BkryNyYr.js} +1 -1
- package/dist/web/assets/{less-COO-py6i.js → less-C-VVQ8ZU.js} +1 -1
- package/dist/web/assets/{lisp-BzKemyEG.js → lisp-BvF77Bqf.js} +1 -1
- package/dist/web/assets/{livecodeserver-FNRi5L_V.js → livecodeserver-CqHId6oL.js} +1 -1
- package/dist/web/assets/{livescript-BwpsuUet.js → livescript-CCoSkODN.js} +1 -1
- package/dist/web/assets/{llvm-PD-CZJRZ.js → llvm-CCmT5Dw-.js} +1 -1
- package/dist/web/assets/{lsl-BTSetHXF.js → lsl-B5pXPdVL.js} +1 -1
- package/dist/web/assets/{lua-BzGus2bC.js → lua-Dm3RFv_W.js} +1 -1
- package/dist/web/assets/{makefile-DjJ2C_hh.js → makefile-B3oNPZrv.js} +1 -1
- package/dist/web/assets/{markdown-DsYtYd5f.js → markdown-CIoDGENW.js} +1 -1
- package/dist/web/assets/{mathematica-DYn7N0PY.js → mathematica-D9YGaIoz.js} +1 -1
- package/dist/web/assets/{matlab-C1jxIMJ5.js → matlab-BCuN1tYb.js} +1 -1
- package/dist/web/assets/{maxima-OvYAQBQu.js → maxima-CE-xmSWY.js} +1 -1
- package/dist/web/assets/{mel-BvkB30-L.js → mel-CMwu3yM_.js} +1 -1
- package/dist/web/assets/{mercury-KudNVKhv.js → mercury-CKSl992Q.js} +1 -1
- package/dist/web/assets/{mipsasm-vF2-Du4V.js → mipsasm-Dkcwy1ua.js} +1 -1
- package/dist/web/assets/{mizar-D6bhIvoo.js → mizar-BUzrzJpN.js} +1 -1
- package/dist/web/assets/{mojolicious-DTGlqinH.js → mojolicious-0lioCZK1.js} +1 -1
- package/dist/web/assets/{monkey-f8mV8rj_.js → monkey-ujj2luda.js} +1 -1
- package/dist/web/assets/{moonscript-CF0NDewD.js → moonscript-Bda2MP_9.js} +1 -1
- package/dist/web/assets/{n1ql-DDokXzNM.js → n1ql-GqsFoDQa.js} +1 -1
- package/dist/web/assets/{nginx-B1FOlyr1.js → nginx-BD1aZGTU.js} +1 -1
- package/dist/web/assets/{nim-rTZhVRMZ.js → nim-g2Qym1VE.js} +1 -1
- package/dist/web/assets/{nix-CSLLeTyW.js → nix-tx-ydGfG.js} +1 -1
- package/dist/web/assets/{node-repl-BOPRdUlV.js → node-repl-BQM8hL8-.js} +1 -1
- package/dist/web/assets/{nsis-BoSNap8I.js → nsis-CJbzChgA.js} +1 -1
- package/dist/web/assets/{objectivec-CoBjJuGZ.js → objectivec-BlAJeLzM.js} +1 -1
- package/dist/web/assets/{ocaml-Cr-FjU_F.js → ocaml-BakKXK-k.js} +1 -1
- package/dist/web/assets/{openscad-C0RJIAgr.js → openscad-JslhatbS.js} +1 -1
- package/dist/web/assets/{oxygene-BlIrOQiF.js → oxygene-Bl3A4hHo.js} +1 -1
- package/dist/web/assets/{parser3-BnWvTkd_.js → parser3-DI_3CMrq.js} +1 -1
- package/dist/web/assets/{perl-DTiswPh_.js → perl-B_fHBeW7.js} +1 -1
- package/dist/web/assets/{pf-CQ7KZTSM.js → pf-CBLLL78G.js} +1 -1
- package/dist/web/assets/{pgsql-CiCgdyMz.js → pgsql-B9DQlnc6.js} +1 -1
- package/dist/web/assets/{php-D3_UFCqd.js → php-VMmKP4rI.js} +1 -1
- package/dist/web/assets/{php-template-CsTayW0O.js → php-template-BLQ8Bq9d.js} +1 -1
- package/dist/web/assets/{plaintext-Cl__GYw6.js → plaintext-BnUiQmL5.js} +1 -1
- package/dist/web/assets/{pony-DVxYEbOy.js → pony-CzpsapYT.js} +1 -1
- package/dist/web/assets/{powershell-MkmyIceu.js → powershell-CCAszj4O.js} +1 -1
- package/dist/web/assets/{processing-BSMs0pPn.js → processing-Be2DtioH.js} +1 -1
- package/dist/web/assets/{profile-Cd7dymY6.js → profile-D3tqEKPA.js} +1 -1
- package/dist/web/assets/{prolog-ClT8Vv8i.js → prolog-C3KPksov.js} +1 -1
- package/dist/web/assets/{properties-OC76l9lc.js → properties-CcjuuUOj.js} +1 -1
- package/dist/web/assets/{protobuf-CIWlageq.js → protobuf-Dy-7tE__.js} +1 -1
- package/dist/web/assets/{puppet-ah56-ouH.js → puppet-BPOYPSyv.js} +1 -1
- package/dist/web/assets/{purebasic-BqPUi7Vw.js → purebasic-BeRxiObt.js} +1 -1
- package/dist/web/assets/{python-DiZ_KyL6.js → python-WhU90ELl.js} +1 -1
- package/dist/web/assets/{python-repl-BOjuT42U.js → python-repl-PrmnKuOn.js} +1 -1
- package/dist/web/assets/{q-Cf_UqZKJ.js → q-DjX_o_Ld.js} +1 -1
- package/dist/web/assets/{qml-BUjDxruE.js → qml-B4he2GHo.js} +1 -1
- package/dist/web/assets/{r-D4eEWmuo.js → r-jH_6DWWS.js} +1 -1
- package/dist/web/assets/{reasonml-D991dllW.js → reasonml-De3Ozq0l.js} +1 -1
- package/dist/web/assets/{rib-DAo6jWjt.js → rib-BVtuXWqd.js} +1 -1
- package/dist/web/assets/{roboconf-BSwW3NKA.js → roboconf-CNsykQ9u.js} +1 -1
- package/dist/web/assets/{routeros-HTnF6fMb.js → routeros-DZ3n6SFu.js} +1 -1
- package/dist/web/assets/{rsl-C7oMkIYX.js → rsl-DGF3j0dh.js} +1 -1
- package/dist/web/assets/{ruby-CZIybNnS.js → ruby-CQgxGy4R.js} +1 -1
- package/dist/web/assets/{ruleslanguage-CSRCLgDR.js → ruleslanguage-CD1GJ6oU.js} +1 -1
- package/dist/web/assets/{rust-BPGi_67o.js → rust-DlFCSQih.js} +1 -1
- package/dist/web/assets/{sas-DretrBXq.js → sas-CxFFxJAF.js} +1 -1
- package/dist/web/assets/{scala-mqkeXuPj.js → scala-DFlmZ1Pt.js} +1 -1
- package/dist/web/assets/{scheme-Dbj96tbr.js → scheme-Bq10lSQi.js} +1 -1
- package/dist/web/assets/{scilab-CTKCFN8w.js → scilab-CN45gNRW.js} +1 -1
- package/dist/web/assets/{scss-DJ3_22Sc.js → scss-BEbw1YGb.js} +1 -1
- package/dist/web/assets/{shell-DRHvU0ip.js → shell-ekb9mQCe.js} +1 -1
- package/dist/web/assets/{smali-k10LqHsl.js → smali-a0hg2DXD.js} +1 -1
- package/dist/web/assets/{smalltalk-C_CZLtO8.js → smalltalk-BrS3kf-E.js} +1 -1
- package/dist/web/assets/{sml-DsO4dfXh.js → sml-BRzjCMNG.js} +1 -1
- package/dist/web/assets/{sqf-CrDL-PZD.js → sqf-P4-UnIZW.js} +1 -1
- package/dist/web/assets/{sql-BHsi0FTI.js → sql-N6cY24Tr.js} +1 -1
- package/dist/web/assets/{sql_more-DJudYIWp.js → sql_more-DR2lT0SU.js} +1 -1
- package/dist/web/assets/{stan-C1TB5-Rv.js → stan-Bzq8hLvq.js} +1 -1
- package/dist/web/assets/{stata-Dp31nEch.js → stata-wXEpwu4O.js} +1 -1
- package/dist/web/assets/{step21-BlMDt6J7.js → step21-C3pralgh.js} +1 -1
- package/dist/web/assets/{stylus-9R_p92AO.js → stylus-B9RzcXF9.js} +1 -1
- package/dist/web/assets/{subunit-BKWCNe5L.js → subunit-Da9LA8Ah.js} +1 -1
- package/dist/web/assets/{swift-C0PMr5wL.js → swift-DFGYdkvF.js} +1 -1
- package/dist/web/assets/{taggerscript-BDAXysTm.js → taggerscript-qsJAVIg4.js} +1 -1
- package/dist/web/assets/{tap-C11whvfj.js → tap-SHNq9vTO.js} +1 -1
- package/dist/web/assets/{tcl-ihP9EHd0.js → tcl-C87Sdk-h.js} +1 -1
- package/dist/web/assets/{thrift-D3aEmCT1.js → thrift-hi0b3pw0.js} +1 -1
- package/dist/web/assets/{tp-BJVOp8lM.js → tp-BUyMqQ9w.js} +1 -1
- package/dist/web/assets/{twig-BEYL9Ktc.js → twig-CYK45jxJ.js} +1 -1
- package/dist/web/assets/{typescript-601DPOL6.js → typescript-7LTM3qZn.js} +1 -1
- package/dist/web/assets/{vala-BJv0QnOV.js → vala-Bgeh9zo2.js} +1 -1
- package/dist/web/assets/{validator-DN6vXJpy.js → validator-8fEQ9iPj.js} +1 -1
- package/dist/web/assets/{vbnet-C2F7YnNr.js → vbnet-DfeJrh_B.js} +1 -1
- package/dist/web/assets/{vbscript-C6r9Y5RO.js → vbscript-DYjjepwM.js} +1 -1
- package/dist/web/assets/{vbscript-html-CRnVy3La.js → vbscript-html-2owWFnLK.js} +1 -1
- package/dist/web/assets/{verilog-CrposiLW.js → verilog-Bo8oCOr2.js} +1 -1
- package/dist/web/assets/{vhdl-BVVyVWEs.js → vhdl-VOdVrOe2.js} +1 -1
- package/dist/web/assets/{vim-D0wI9pFB.js → vim-CPJTG-ZA.js} +1 -1
- package/dist/web/assets/{x86asm-CgxtbOMr.js → x86asm-CkdDAMt4.js} +1 -1
- package/dist/web/assets/{xl-Dhdx9krk.js → xl-DGuEiBdb.js} +1 -1
- package/dist/web/assets/{xml-C5wslyyy.js → xml-DsALHUL1.js} +1 -1
- package/dist/web/assets/{xquery-CBn4cPee.js → xquery-C2t92Suc.js} +1 -1
- package/dist/web/assets/{yaml-liWgEVYj.js → yaml-D-IeyGhp.js} +1 -1
- package/dist/web/assets/{zephir-By_wBmP0.js → zephir-DhGsgZ4v.js} +1 -1
- package/dist/web/index.html +3 -3
- package/package.json +3 -2
- package/dist/web/assets/index-C2irLQKN.js +0 -1842
- package/dist/web/assets/index-DCUjTHTh.css +0 -1
package/dist/cli.js
CHANGED
|
@@ -421,7 +421,8 @@ function generateWidgetContentHtml(widgetData) {
|
|
|
421
421
|
resourceData,
|
|
422
422
|
toolId,
|
|
423
423
|
devServerBaseUrl,
|
|
424
|
-
theme
|
|
424
|
+
theme,
|
|
425
|
+
playground
|
|
425
426
|
} = widgetData;
|
|
426
427
|
console.log("[Widget Content] Using pre-fetched resource for:", {
|
|
427
428
|
serverId,
|
|
@@ -455,6 +456,24 @@ function generateWidgetContentHtml(widgetData) {
|
|
|
455
456
|
const safeToolId = JSON.stringify(toolId);
|
|
456
457
|
const safeWidgetStateKey = JSON.stringify(widgetStateKey);
|
|
457
458
|
const safeTheme = JSON.stringify(theme === "dark" ? "dark" : "light");
|
|
459
|
+
const locale = playground?.locale || "en-US";
|
|
460
|
+
const deviceType = playground?.deviceType || "desktop";
|
|
461
|
+
const capabilities = playground?.capabilities || {
|
|
462
|
+
hover: true,
|
|
463
|
+
touch: false
|
|
464
|
+
};
|
|
465
|
+
const safeAreaInsets = playground?.safeAreaInsets || {
|
|
466
|
+
top: 0,
|
|
467
|
+
right: 0,
|
|
468
|
+
bottom: 0,
|
|
469
|
+
left: 0
|
|
470
|
+
};
|
|
471
|
+
const safeLocale = JSON.stringify(locale);
|
|
472
|
+
const safeUserAgent = JSON.stringify({
|
|
473
|
+
device: { type: deviceType },
|
|
474
|
+
capabilities
|
|
475
|
+
});
|
|
476
|
+
const safeSafeArea = JSON.stringify({ insets: safeAreaInsets });
|
|
458
477
|
const apiScript = `
|
|
459
478
|
<script>
|
|
460
479
|
(function() {
|
|
@@ -479,9 +498,9 @@ function generateWidgetContentHtml(widgetData) {
|
|
|
479
498
|
displayMode: 'inline',
|
|
480
499
|
maxHeight: 600,
|
|
481
500
|
theme: ${safeTheme},
|
|
482
|
-
locale:
|
|
483
|
-
safeArea: {
|
|
484
|
-
userAgent: {},
|
|
501
|
+
locale: ${safeLocale},
|
|
502
|
+
safeArea: ${safeSafeArea},
|
|
503
|
+
userAgent: ${safeUserAgent},
|
|
485
504
|
widgetState: null,
|
|
486
505
|
|
|
487
506
|
async setWidgetState(state) {
|
|
@@ -884,8 +903,333 @@ function formatErrorResponse(error, context) {
|
|
|
884
903
|
};
|
|
885
904
|
}
|
|
886
905
|
|
|
906
|
+
// src/server/routes/mcp-apps.ts
|
|
907
|
+
var RESOURCE_MIME_TYPE = "text/html;profile=mcp-app";
|
|
908
|
+
async function fetchWithRetry(url, maxRetries = 3, delay = 1e3) {
|
|
909
|
+
for (let i = 0; i < maxRetries; i++) {
|
|
910
|
+
try {
|
|
911
|
+
const response = await fetch(url);
|
|
912
|
+
if (response.ok) return response;
|
|
913
|
+
if (i < maxRetries - 1) {
|
|
914
|
+
await new Promise((resolve) => setTimeout(resolve, delay));
|
|
915
|
+
}
|
|
916
|
+
} catch (error) {
|
|
917
|
+
if (i === maxRetries - 1) throw error;
|
|
918
|
+
await new Promise((resolve) => setTimeout(resolve, delay));
|
|
919
|
+
}
|
|
920
|
+
}
|
|
921
|
+
throw new Error(`Failed to fetch after ${maxRetries} retries`);
|
|
922
|
+
}
|
|
923
|
+
var SANDBOX_PROXY_HTML = `<!doctype html>
|
|
924
|
+
<html>
|
|
925
|
+
<head>
|
|
926
|
+
<meta charset="utf-8" />
|
|
927
|
+
<meta
|
|
928
|
+
http-equiv="Content-Security-Policy"
|
|
929
|
+
content="default-src 'self'; img-src * data: blob: 'unsafe-inline'; media-src * blob: data:; font-src * blob: data:; script-src * 'wasm-unsafe-eval' 'unsafe-inline' 'unsafe-eval' blob: data:; style-src * blob: data: 'unsafe-inline'; connect-src * data: blob: about:; frame-src * blob: data: http://localhost:* https://localhost:* http://127.0.0.1:* https://127.0.0.1:*;"
|
|
930
|
+
/>
|
|
931
|
+
<title>MCP Apps Sandbox Proxy</title>
|
|
932
|
+
<style>
|
|
933
|
+
html, body { margin: 0; padding: 0; height: 100%; width: 100%; overflow: hidden; }
|
|
934
|
+
* { box-sizing: border-box; }
|
|
935
|
+
iframe { display: block; background-color: transparent; border: 0px none transparent; padding: 0px; width: 100%; height: 100%; }
|
|
936
|
+
</style>
|
|
937
|
+
</head>
|
|
938
|
+
<body>
|
|
939
|
+
<script>
|
|
940
|
+
function sanitizeDomain(domain) {
|
|
941
|
+
if (typeof domain !== "string") return "";
|
|
942
|
+
return domain.replace(/['"<>;]/g, "").trim();
|
|
943
|
+
}
|
|
944
|
+
|
|
945
|
+
function buildAllowAttribute(permissions) {
|
|
946
|
+
if (!permissions) return "";
|
|
947
|
+
const allowList = [];
|
|
948
|
+
if (permissions.camera) allowList.push("camera *");
|
|
949
|
+
if (permissions.microphone) allowList.push("microphone *");
|
|
950
|
+
if (permissions.geolocation) allowList.push("geolocation *");
|
|
951
|
+
if (permissions.clipboardWrite) allowList.push("clipboard-write *");
|
|
952
|
+
return allowList.join("; ");
|
|
953
|
+
}
|
|
954
|
+
|
|
955
|
+
function buildCSP(csp) {
|
|
956
|
+
if (!csp) {
|
|
957
|
+
return [
|
|
958
|
+
"default-src 'none'",
|
|
959
|
+
"script-src 'unsafe-inline'",
|
|
960
|
+
"style-src 'unsafe-inline'",
|
|
961
|
+
"img-src data:",
|
|
962
|
+
"font-src data:",
|
|
963
|
+
"media-src data:",
|
|
964
|
+
"connect-src 'none'",
|
|
965
|
+
"frame-src 'none'",
|
|
966
|
+
"object-src 'none'",
|
|
967
|
+
"base-uri 'none'",
|
|
968
|
+
].join("; ");
|
|
969
|
+
}
|
|
970
|
+
|
|
971
|
+
const connectDomains = (csp.connectDomains || []).map(sanitizeDomain).filter(Boolean);
|
|
972
|
+
const resourceDomains = (csp.resourceDomains || []).map(sanitizeDomain).filter(Boolean);
|
|
973
|
+
const frameDomains = (csp.frameDomains || []).map(sanitizeDomain).filter(Boolean);
|
|
974
|
+
const baseUriDomains = (csp.baseUriDomains || []).map(sanitizeDomain).filter(Boolean);
|
|
975
|
+
|
|
976
|
+
const connectSrc = connectDomains.length > 0 ? connectDomains.join(" ") : "'none'";
|
|
977
|
+
const resourceSrc = resourceDomains.length > 0 ? ["data:", "blob:", ...resourceDomains].join(" ") : "data: blob:";
|
|
978
|
+
const frameSrc = frameDomains.length > 0 ? frameDomains.join(" ") : "'none'";
|
|
979
|
+
const baseUri = baseUriDomains.length > 0 ? baseUriDomains.join(" ") : "'none'";
|
|
980
|
+
|
|
981
|
+
return [
|
|
982
|
+
"default-src 'none'",
|
|
983
|
+
"script-src 'unsafe-inline' " + resourceSrc,
|
|
984
|
+
"style-src 'unsafe-inline' " + resourceSrc,
|
|
985
|
+
"img-src " + resourceSrc,
|
|
986
|
+
"font-src " + resourceSrc,
|
|
987
|
+
"media-src " + resourceSrc,
|
|
988
|
+
"connect-src " + connectSrc,
|
|
989
|
+
"frame-src " + frameSrc,
|
|
990
|
+
"object-src 'none'",
|
|
991
|
+
"base-uri " + baseUri,
|
|
992
|
+
].join("; ");
|
|
993
|
+
}
|
|
994
|
+
|
|
995
|
+
function buildViolationListenerScript() {
|
|
996
|
+
return \`<script>
|
|
997
|
+
document.addEventListener('securitypolicyviolation', function(e) {
|
|
998
|
+
var violation = {
|
|
999
|
+
type: 'mcp-apps:csp-violation',
|
|
1000
|
+
directive: e.violatedDirective,
|
|
1001
|
+
blockedUri: e.blockedURI,
|
|
1002
|
+
sourceFile: e.sourceFile || null,
|
|
1003
|
+
lineNumber: e.lineNumber || null,
|
|
1004
|
+
columnNumber: e.columnNumber || null,
|
|
1005
|
+
effectiveDirective: e.effectiveDirective,
|
|
1006
|
+
originalPolicy: e.originalPolicy,
|
|
1007
|
+
disposition: e.disposition,
|
|
1008
|
+
timestamp: Date.now()
|
|
1009
|
+
};
|
|
1010
|
+
console.warn('[MCP Apps CSP Violation]', violation.directive, ':', violation.blockedUri);
|
|
1011
|
+
window.parent.postMessage(violation, '*');
|
|
1012
|
+
});
|
|
1013
|
+
</\` + \`script>\`;
|
|
1014
|
+
}
|
|
1015
|
+
|
|
1016
|
+
function injectCSP(html, cspValue) {
|
|
1017
|
+
const cspMeta = '<meta http-equiv="Content-Security-Policy" content="' + cspValue + '">';
|
|
1018
|
+
const violationListener = buildViolationListenerScript();
|
|
1019
|
+
const injection = cspMeta + violationListener;
|
|
1020
|
+
|
|
1021
|
+
if (html.includes("<head>")) {
|
|
1022
|
+
return html.replace("<head>", "<head>" + injection);
|
|
1023
|
+
} else if (html.includes("<HEAD>")) {
|
|
1024
|
+
return html.replace("<HEAD>", "<HEAD>" + injection);
|
|
1025
|
+
} else if (html.includes("<html>")) {
|
|
1026
|
+
return html.replace("<html>", "<html><head>" + injection + "</head>");
|
|
1027
|
+
} else if (html.includes("<HTML>")) {
|
|
1028
|
+
return html.replace("<HTML>", "<HTML><head>" + injection + "</head>");
|
|
1029
|
+
} else if (html.includes("<!DOCTYPE") || html.includes("<!doctype")) {
|
|
1030
|
+
return html.replace(/(<!DOCTYPE[^>]*>|<!doctype[^>]*>)/i, "$1<head>" + injection + "</head>");
|
|
1031
|
+
} else {
|
|
1032
|
+
return injection + html;
|
|
1033
|
+
}
|
|
1034
|
+
}
|
|
1035
|
+
|
|
1036
|
+
const inner = document.createElement("iframe");
|
|
1037
|
+
inner.style = "width:100%; height:100%; border:none;";
|
|
1038
|
+
inner.setAttribute("sandbox", "allow-scripts allow-same-origin allow-forms");
|
|
1039
|
+
document.body.appendChild(inner);
|
|
1040
|
+
|
|
1041
|
+
window.addEventListener("message", async (event) => {
|
|
1042
|
+
if (event.source === window.parent) {
|
|
1043
|
+
if (event.data && event.data.method === "ui/notifications/sandbox-resource-ready") {
|
|
1044
|
+
const { html, sandbox, csp, permissions, permissive } = event.data.params || {};
|
|
1045
|
+
if (typeof sandbox === "string") {
|
|
1046
|
+
inner.setAttribute("sandbox", sandbox);
|
|
1047
|
+
}
|
|
1048
|
+
const allowAttribute = buildAllowAttribute(permissions);
|
|
1049
|
+
if (allowAttribute) {
|
|
1050
|
+
inner.setAttribute("allow", allowAttribute);
|
|
1051
|
+
}
|
|
1052
|
+
if (typeof html === "string") {
|
|
1053
|
+
if (permissive) {
|
|
1054
|
+
const permissiveCsp = [
|
|
1055
|
+
"default-src * 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: about:",
|
|
1056
|
+
"script-src * 'unsafe-inline' 'unsafe-eval' data: blob:",
|
|
1057
|
+
"style-src * 'unsafe-inline' data: blob:",
|
|
1058
|
+
"img-src * data: blob: https: http:",
|
|
1059
|
+
"media-src * data: blob: https: http:",
|
|
1060
|
+
"font-src * data: blob: https: http:",
|
|
1061
|
+
"connect-src * data: blob: https: http: ws: wss: about:",
|
|
1062
|
+
"frame-src * data: blob: https: http: about:",
|
|
1063
|
+
"object-src * data: blob:",
|
|
1064
|
+
"base-uri *",
|
|
1065
|
+
"form-action *",
|
|
1066
|
+
].join("; ");
|
|
1067
|
+
const processedHtml = injectCSP(html, permissiveCsp);
|
|
1068
|
+
inner.srcdoc = processedHtml;
|
|
1069
|
+
} else {
|
|
1070
|
+
const cspValue = buildCSP(csp);
|
|
1071
|
+
const processedHtml = injectCSP(html, cspValue);
|
|
1072
|
+
inner.srcdoc = processedHtml;
|
|
1073
|
+
}
|
|
1074
|
+
}
|
|
1075
|
+
} else {
|
|
1076
|
+
if (inner && inner.contentWindow) {
|
|
1077
|
+
inner.contentWindow.postMessage(event.data, "*");
|
|
1078
|
+
}
|
|
1079
|
+
}
|
|
1080
|
+
} else if (event.source === inner.contentWindow) {
|
|
1081
|
+
window.parent.postMessage(event.data, "*");
|
|
1082
|
+
}
|
|
1083
|
+
});
|
|
1084
|
+
|
|
1085
|
+
window.parent.postMessage({
|
|
1086
|
+
jsonrpc: "2.0",
|
|
1087
|
+
method: "ui/notifications/sandbox-proxy-ready",
|
|
1088
|
+
params: {},
|
|
1089
|
+
}, "*");
|
|
1090
|
+
</script>
|
|
1091
|
+
</body>
|
|
1092
|
+
</html>`;
|
|
1093
|
+
function registerMcpAppsRoutes(app2) {
|
|
1094
|
+
app2.post("/inspector/api/mcp-apps/widget/store", async (c) => {
|
|
1095
|
+
try {
|
|
1096
|
+
const body = await c.req.json();
|
|
1097
|
+
const result = storeWidgetData({
|
|
1098
|
+
...body,
|
|
1099
|
+
protocol: "mcp-apps"
|
|
1100
|
+
// Tag as MCP Apps protocol
|
|
1101
|
+
});
|
|
1102
|
+
if (!result.success) {
|
|
1103
|
+
return c.json(result, 400);
|
|
1104
|
+
}
|
|
1105
|
+
return c.json(result);
|
|
1106
|
+
} catch (error) {
|
|
1107
|
+
console.error("[MCP Apps] Error storing widget data:", error);
|
|
1108
|
+
return c.json(
|
|
1109
|
+
{
|
|
1110
|
+
success: false,
|
|
1111
|
+
error: error instanceof Error ? error.message : "Unknown error"
|
|
1112
|
+
},
|
|
1113
|
+
500
|
|
1114
|
+
);
|
|
1115
|
+
}
|
|
1116
|
+
});
|
|
1117
|
+
app2.get("/inspector/api/mcp-apps/widget-content/:toolId", async (c) => {
|
|
1118
|
+
try {
|
|
1119
|
+
const toolId = c.req.param("toolId");
|
|
1120
|
+
const cspModeParam = c.req.query("csp_mode");
|
|
1121
|
+
const widgetData = getWidgetData(toolId);
|
|
1122
|
+
if (!widgetData) {
|
|
1123
|
+
return c.json({ error: "Widget data not found or expired" }, 404);
|
|
1124
|
+
}
|
|
1125
|
+
const { resourceData, mcpAppsCsp, mcpAppsPermissions } = widgetData;
|
|
1126
|
+
let htmlContent = "";
|
|
1127
|
+
let mimeType;
|
|
1128
|
+
const contentsArray = Array.isArray(resourceData?.contents) ? resourceData.contents : [];
|
|
1129
|
+
const firstContent = contentsArray[0];
|
|
1130
|
+
if (firstContent) {
|
|
1131
|
+
mimeType = firstContent.mimeType;
|
|
1132
|
+
if (typeof firstContent.text === "string") {
|
|
1133
|
+
htmlContent = firstContent.text;
|
|
1134
|
+
} else if (typeof firstContent.blob === "string") {
|
|
1135
|
+
htmlContent = Buffer.from(firstContent.blob, "base64").toString(
|
|
1136
|
+
"utf-8"
|
|
1137
|
+
);
|
|
1138
|
+
}
|
|
1139
|
+
}
|
|
1140
|
+
if (!htmlContent) {
|
|
1141
|
+
return c.json({ error: "No HTML content in resource" }, 404);
|
|
1142
|
+
}
|
|
1143
|
+
const mimeTypeValid = mimeType === RESOURCE_MIME_TYPE;
|
|
1144
|
+
const mimeTypeWarning = !mimeTypeValid ? mimeType ? `Invalid MIME type "${mimeType}" - SEP-1865 requires "${RESOURCE_MIME_TYPE}"` : `Missing MIME type - SEP-1865 requires "${RESOURCE_MIME_TYPE}"` : null;
|
|
1145
|
+
if (mimeTypeWarning) {
|
|
1146
|
+
console.warn("[MCP Apps] MIME type validation:", mimeTypeWarning, {
|
|
1147
|
+
resourceUri: widgetData.uri
|
|
1148
|
+
});
|
|
1149
|
+
}
|
|
1150
|
+
const cspMode = cspModeParam || "permissive";
|
|
1151
|
+
const isPermissive = cspMode === "permissive";
|
|
1152
|
+
c.header("Cache-Control", "no-cache, no-store, must-revalidate");
|
|
1153
|
+
return c.json({
|
|
1154
|
+
html: htmlContent,
|
|
1155
|
+
csp: isPermissive ? void 0 : mcpAppsCsp,
|
|
1156
|
+
permissions: mcpAppsPermissions,
|
|
1157
|
+
permissive: isPermissive,
|
|
1158
|
+
cspMode,
|
|
1159
|
+
mimeType,
|
|
1160
|
+
mimeTypeValid,
|
|
1161
|
+
mimeTypeWarning
|
|
1162
|
+
});
|
|
1163
|
+
} catch (error) {
|
|
1164
|
+
console.error("[MCP Apps] Error fetching widget content:", error);
|
|
1165
|
+
return c.json(
|
|
1166
|
+
{ error: error instanceof Error ? error.message : "Unknown error" },
|
|
1167
|
+
500
|
|
1168
|
+
);
|
|
1169
|
+
}
|
|
1170
|
+
});
|
|
1171
|
+
app2.get("/inspector/api/mcp-apps/dev-widget-content/:toolId", async (c) => {
|
|
1172
|
+
try {
|
|
1173
|
+
const toolId = c.req.param("toolId");
|
|
1174
|
+
const cspModeParam = c.req.query("csp_mode");
|
|
1175
|
+
const widgetData = getWidgetData(toolId);
|
|
1176
|
+
if (!widgetData?.devWidgetUrl || !widgetData?.devServerBaseUrl) {
|
|
1177
|
+
return c.json({ error: "Dev widget data not found or expired" }, 404);
|
|
1178
|
+
}
|
|
1179
|
+
console.log(
|
|
1180
|
+
`[MCP Apps] Fetching live HTML from Vite dev server: ${widgetData.devWidgetUrl}`
|
|
1181
|
+
);
|
|
1182
|
+
const response = await fetchWithRetry(widgetData.devWidgetUrl);
|
|
1183
|
+
if (!response.ok) {
|
|
1184
|
+
return c.json(
|
|
1185
|
+
{ error: `Failed to fetch from dev server (${response.status})` },
|
|
1186
|
+
response.status
|
|
1187
|
+
);
|
|
1188
|
+
}
|
|
1189
|
+
const htmlContent = await response.text();
|
|
1190
|
+
const cspMode = cspModeParam || "permissive";
|
|
1191
|
+
const isPermissive = cspMode === "permissive";
|
|
1192
|
+
c.header("Cache-Control", "no-cache, no-store, must-revalidate");
|
|
1193
|
+
return c.json({
|
|
1194
|
+
html: htmlContent,
|
|
1195
|
+
csp: isPermissive ? void 0 : widgetData.mcpAppsCsp,
|
|
1196
|
+
permissions: widgetData.mcpAppsPermissions,
|
|
1197
|
+
mimeTypeValid: true
|
|
1198
|
+
// Dev mode widgets always valid
|
|
1199
|
+
});
|
|
1200
|
+
} catch (error) {
|
|
1201
|
+
console.error("[MCP Apps] Error fetching dev widget:", error);
|
|
1202
|
+
return c.json(
|
|
1203
|
+
{ error: error instanceof Error ? error.message : "Unknown error" },
|
|
1204
|
+
500
|
|
1205
|
+
);
|
|
1206
|
+
}
|
|
1207
|
+
});
|
|
1208
|
+
app2.get("/inspector/api/mcp-apps/sandbox-proxy", (c) => {
|
|
1209
|
+
c.header("Content-Type", "text/html; charset=utf-8");
|
|
1210
|
+
c.header("Cache-Control", "no-cache, no-store, must-revalidate");
|
|
1211
|
+
const additionalFrameAncestors = process.env.FRAME_ANCESTORS || "";
|
|
1212
|
+
const frameAncestors = [
|
|
1213
|
+
"'self'",
|
|
1214
|
+
// Local development
|
|
1215
|
+
"http://localhost:*",
|
|
1216
|
+
"http://127.0.0.1:*",
|
|
1217
|
+
"https://localhost:*",
|
|
1218
|
+
"https://127.0.0.1:*",
|
|
1219
|
+
// Production - allow mcp-use.com subdomain pattern (sandbox-* convention)
|
|
1220
|
+
"https://*.mcp-use.com",
|
|
1221
|
+
"http://*.mcp-use.com",
|
|
1222
|
+
// Custom domains from environment variable
|
|
1223
|
+
additionalFrameAncestors
|
|
1224
|
+
].filter(Boolean).join(" ");
|
|
1225
|
+
c.header("Content-Security-Policy", `frame-ancestors ${frameAncestors}`);
|
|
1226
|
+
c.res.headers.delete("X-Frame-Options");
|
|
1227
|
+
return c.body(SANDBOX_PROXY_HTML);
|
|
1228
|
+
});
|
|
1229
|
+
}
|
|
1230
|
+
|
|
887
1231
|
// src/server/shared-routes.ts
|
|
888
|
-
async function
|
|
1232
|
+
async function fetchWithRetry2(url, options, maxRetries = 3, initialDelay = 500) {
|
|
889
1233
|
let lastError;
|
|
890
1234
|
for (let attempt = 0; attempt <= maxRetries; attempt++) {
|
|
891
1235
|
try {
|
|
@@ -932,6 +1276,7 @@ function registerInspectorRoutes(app2, config) {
|
|
|
932
1276
|
basePath: "/inspector/api/oauth",
|
|
933
1277
|
enableLogging: true
|
|
934
1278
|
});
|
|
1279
|
+
registerMcpAppsRoutes(app2);
|
|
935
1280
|
app2.post("/inspector/api/chat/stream", async (c) => {
|
|
936
1281
|
try {
|
|
937
1282
|
const requestBody = await c.req.json();
|
|
@@ -1045,7 +1390,7 @@ function registerInspectorRoutes(app2, config) {
|
|
|
1045
1390
|
404
|
|
1046
1391
|
);
|
|
1047
1392
|
}
|
|
1048
|
-
const response = await
|
|
1393
|
+
const response = await fetchWithRetry2(widgetData.devWidgetUrl);
|
|
1049
1394
|
if (!response.ok) {
|
|
1050
1395
|
const status = response.status;
|
|
1051
1396
|
return c.html(
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"AddToClientDropdown.d.ts","sourceRoot":"","sources":["../../../src/client/components/AddToClientDropdown.tsx"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"AddToClientDropdown.d.ts","sourceRoot":"","sources":["../../../src/client/components/AddToClientDropdown.tsx"],"names":[],"mappings":"AA6BA,UAAU,wBAAwB;IAChC,YAAY,EAAE;QACZ,GAAG,EAAE,MAAM,CAAC;QACZ,IAAI,EAAE,MAAM,CAAC;QACb,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,QAAQ,CAAC,EAAE,MAAM,CAAC;KACnB,CAAC;IACF,eAAe,CAAC,EAAE,KAAK,CAAC;QACtB,EAAE,EAAE,MAAM,CAAC;QACX,KAAK,EAAE,MAAM,CAAC;QACd,IAAI,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC;QACvB,OAAO,EAAE,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;KACrC,CAAC,CAAC;IACH,WAAW,CAAC,EAAE;QACZ,MAAM,CAAC,EAAE,OAAO,CAAC;QACjB,MAAM,CAAC,EAAE,OAAO,CAAC;QACjB,cAAc,CAAC,EAAE,OAAO,CAAC;QACzB,aAAa,CAAC,EAAE,OAAO,CAAC;QACxB,UAAU,CAAC,EAAE,OAAO,CAAC;QACrB,SAAS,CAAC,EAAE,OAAO,CAAC;QACpB,QAAQ,CAAC,EAAE,OAAO,CAAC;KACpB,CAAC;IACF,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,IAAI,CAAC;IACrC,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,IAAI,CAAC;IACjC,OAAO,CAAC,EACJ,KAAK,CAAC,SAAS,GACf,CAAC,CAAC,KAAK,EAAE;QAAE,MAAM,EAAE,OAAO,CAAC;QAAC,OAAO,EAAE,MAAM,IAAI,CAAA;KAAE,KAAK,KAAK,CAAC,SAAS,CAAC,CAAC;CAC5E;AAID;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,mBAAmB,CAAC,EAClC,YAAY,EACZ,eAAoB,EACpB,WAQC,EACD,SAAc,EACd,SAAS,EACT,OAAO,EACP,OAAO,GACR,EAAE,wBAAwB,2CAgd1B"}
|
|
@@ -0,0 +1,60 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* SandboxedIframe - Double-Iframe Sandbox Component for MCP Apps
|
|
3
|
+
*
|
|
4
|
+
* Provides secure double-iframe architecture for rendering untrusted HTML:
|
|
5
|
+
* Host Page → Sandbox Proxy (different origin) → Guest UI
|
|
6
|
+
*
|
|
7
|
+
* The sandbox proxy:
|
|
8
|
+
* 1. Runs on a different origin for security isolation (localhost ↔ 127.0.0.1)
|
|
9
|
+
* 2. Loads guest HTML via srcdoc when ready
|
|
10
|
+
* 3. Forwards messages between host and guest (except sandbox-internal)
|
|
11
|
+
*
|
|
12
|
+
* Per SEP-1865, this component provides cross-origin isolation for MCP Apps.
|
|
13
|
+
*/
|
|
14
|
+
export interface SandboxedIframeHandle {
|
|
15
|
+
postMessage: (data: unknown) => void;
|
|
16
|
+
getIframeElement: () => HTMLIFrameElement | null;
|
|
17
|
+
}
|
|
18
|
+
interface SandboxedIframeProps {
|
|
19
|
+
/** HTML content to render in the sandbox */
|
|
20
|
+
html: string | null;
|
|
21
|
+
/** Sandbox attribute for the inner iframe */
|
|
22
|
+
sandbox?: string;
|
|
23
|
+
/** CSP metadata from resource _meta.ui.csp (SEP-1865) */
|
|
24
|
+
csp?: {
|
|
25
|
+
connectDomains?: string[];
|
|
26
|
+
resourceDomains?: string[];
|
|
27
|
+
frameDomains?: string[];
|
|
28
|
+
baseUriDomains?: string[];
|
|
29
|
+
};
|
|
30
|
+
/** Permissions metadata from resource _meta.ui.permissions (SEP-1865) */
|
|
31
|
+
permissions?: {
|
|
32
|
+
camera?: object;
|
|
33
|
+
microphone?: object;
|
|
34
|
+
geolocation?: object;
|
|
35
|
+
clipboardWrite?: object;
|
|
36
|
+
};
|
|
37
|
+
/** Skip CSP injection entirely (for permissive/testing mode) */
|
|
38
|
+
permissive?: boolean;
|
|
39
|
+
/** Callback when sandbox proxy is ready */
|
|
40
|
+
onProxyReady?: () => void;
|
|
41
|
+
/** Callback for messages from guest UI (excluding sandbox-internal messages) */
|
|
42
|
+
onMessage: (event: MessageEvent) => void;
|
|
43
|
+
/** CSS class for the outer iframe */
|
|
44
|
+
className?: string;
|
|
45
|
+
/** Inline styles for the outer iframe */
|
|
46
|
+
style?: React.CSSProperties;
|
|
47
|
+
/** Title for accessibility */
|
|
48
|
+
title?: string;
|
|
49
|
+
}
|
|
50
|
+
/**
|
|
51
|
+
* SandboxedIframe provides a secure double-iframe architecture per SEP-1865.
|
|
52
|
+
*
|
|
53
|
+
* Message flow:
|
|
54
|
+
* 1. Proxy sends ui/notifications/sandbox-proxy-ready when loaded
|
|
55
|
+
* 2. Host sends ui/notifications/sandbox-resource-ready with HTML
|
|
56
|
+
* 3. Guest UI initializes and communicates via JSON-RPC 2.0
|
|
57
|
+
*/
|
|
58
|
+
export declare const SandboxedIframe: import("react").ForwardRefExoticComponent<SandboxedIframeProps & import("react").RefAttributes<SandboxedIframeHandle>>;
|
|
59
|
+
export {};
|
|
60
|
+
//# sourceMappingURL=SandboxedIframe.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"SandboxedIframe.d.ts","sourceRoot":"","sources":["../../../../src/client/components/ui/SandboxedIframe.tsx"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAaH,MAAM,WAAW,qBAAqB;IACpC,WAAW,EAAE,CAAC,IAAI,EAAE,OAAO,KAAK,IAAI,CAAC;IACrC,gBAAgB,EAAE,MAAM,iBAAiB,GAAG,IAAI,CAAC;CAClD;AAED,UAAU,oBAAoB;IAC5B,4CAA4C;IAC5C,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,6CAA6C;IAC7C,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,yDAAyD;IACzD,GAAG,CAAC,EAAE;QACJ,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;QAC1B,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;QAC3B,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;QACxB,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;KAC3B,CAAC;IACF,yEAAyE;IACzE,WAAW,CAAC,EAAE;QACZ,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,cAAc,CAAC,EAAE,MAAM,CAAC;KACzB,CAAC;IACF,gEAAgE;IAChE,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,2CAA2C;IAC3C,YAAY,CAAC,EAAE,MAAM,IAAI,CAAC;IAC1B,gFAAgF;IAChF,SAAS,EAAE,CAAC,KAAK,EAAE,YAAY,KAAK,IAAI,CAAC;IACzC,qCAAqC;IACrC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,yCAAyC;IACzC,KAAK,CAAC,EAAE,KAAK,CAAC,aAAa,CAAC;IAC5B,8BAA8B;IAC9B,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;;;;;;GAOG;AACH,eAAO,MAAM,eAAe,wHA8I1B,CAAC"}
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
interface WidgetWrapperProps {
|
|
2
|
+
children: React.ReactNode;
|
|
3
|
+
className?: string;
|
|
4
|
+
noWrapper?: boolean;
|
|
5
|
+
}
|
|
6
|
+
/**
|
|
7
|
+
* Widget wrapper with dotted radial gradient background
|
|
8
|
+
* Shared by OpenAI Apps SDK and MCP Apps renderers
|
|
9
|
+
*/
|
|
10
|
+
export declare function WidgetWrapper({ children, className, noWrapper, }: WidgetWrapperProps): string | number | bigint | boolean | import("react/jsx-runtime").JSX.Element | Iterable<import("react").ReactNode> | Promise<string | number | bigint | boolean | import("react").ReactPortal | import("react").ReactElement<unknown, string | import("react").JSXElementConstructor<any>> | Iterable<import("react").ReactNode> | null | undefined> | null | undefined;
|
|
11
|
+
export {};
|
|
12
|
+
//# sourceMappingURL=WidgetWrapper.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"WidgetWrapper.d.ts","sourceRoot":"","sources":["../../../../src/client/components/ui/WidgetWrapper.tsx"],"names":[],"mappings":"AAEA,UAAU,kBAAkB;IAC1B,QAAQ,EAAE,KAAK,CAAC,SAAS,CAAC;IAC1B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,OAAO,CAAC;CACrB;AAED;;;GAGG;AACH,wBAAgB,aAAa,CAAC,EAC5B,QAAQ,EACR,SAAS,EACT,SAAS,GACV,EAAE,kBAAkB,2WAcpB"}
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Debug and playground options constants
|
|
3
|
+
*/
|
|
4
|
+
export declare const LOCALE_OPTIONS: {
|
|
5
|
+
value: string;
|
|
6
|
+
label: string;
|
|
7
|
+
}[];
|
|
8
|
+
/**
|
|
9
|
+
* Available timezone options for widget testing
|
|
10
|
+
* Generated dynamically from Intl.supportedValuesOf("timeZone")
|
|
11
|
+
*/
|
|
12
|
+
export declare const TIMEZONE_OPTIONS: {
|
|
13
|
+
value: string;
|
|
14
|
+
label: string;
|
|
15
|
+
}[];
|
|
16
|
+
/**
|
|
17
|
+
* CSP mode options with descriptions
|
|
18
|
+
*/
|
|
19
|
+
export declare const CSP_MODE_OPTIONS: readonly [{
|
|
20
|
+
readonly value: "strict";
|
|
21
|
+
readonly label: "Strict";
|
|
22
|
+
readonly description: "Enforce CSP as specified by widget";
|
|
23
|
+
}, {
|
|
24
|
+
readonly value: "permissive";
|
|
25
|
+
readonly label: "Permissive";
|
|
26
|
+
readonly description: "Relaxed CSP for development";
|
|
27
|
+
}];
|
|
28
|
+
//# sourceMappingURL=debug-options.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"debug-options.d.ts","sourceRoot":"","sources":["../../../src/client/constants/debug-options.ts"],"names":[],"mappings":"AAAA;;GAEG;AA4EH,eAAO,MAAM,cAAc;;;GAAiB,CAAC;AAc7C;;;GAGG;AACH,eAAO,MAAM,gBAAgB;;;GAAuB,CAAC;AAErD;;GAEG;AACH,eAAO,MAAM,gBAAgB;;;;;;;;EAWnB,CAAC"}
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Iframe configuration constants
|
|
3
|
+
*/
|
|
4
|
+
/**
|
|
5
|
+
* Standard sandbox permissions for widget iframes
|
|
6
|
+
* Used across all widget renderers for consistent security policy
|
|
7
|
+
*/
|
|
8
|
+
export declare const IFRAME_SANDBOX_PERMISSIONS: "allow-scripts allow-same-origin allow-forms allow-popups allow-popups-to-escape-sandbox";
|
|
9
|
+
//# sourceMappingURL=iframe.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"iframe.d.ts","sourceRoot":"","sources":["../../../src/client/constants/iframe.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH;;;GAGG;AACH,eAAO,MAAM,0BAA0B,EACrC,yFAAkG,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/client/constants/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,cAAc,UAAU,CAAC;AACzB,cAAc,YAAY,CAAC;AAC3B,cAAc,iBAAiB,CAAC"}
|
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* MCP Apps configuration constants
|
|
3
|
+
*/
|
|
4
|
+
export declare const MCP_APPS_CONFIG: {
|
|
5
|
+
/**
|
|
6
|
+
* API endpoints for widget operations
|
|
7
|
+
*/
|
|
8
|
+
readonly API_ENDPOINTS: {
|
|
9
|
+
readonly WIDGET_STORE: "/inspector/api/mcp-apps/widget/store";
|
|
10
|
+
readonly DEV_WIDGET_CONTENT: (toolCallId: string) => string;
|
|
11
|
+
readonly WIDGET_CONTENT: (toolCallId: string) => string;
|
|
12
|
+
};
|
|
13
|
+
/**
|
|
14
|
+
* Protocol version for MCP Apps bridge
|
|
15
|
+
*/
|
|
16
|
+
readonly VERSION: "0.16.2";
|
|
17
|
+
/**
|
|
18
|
+
* Timeout values (in milliseconds)
|
|
19
|
+
*/
|
|
20
|
+
readonly TIMEOUTS: {
|
|
21
|
+
/** Tool call timeout - 10 minutes */
|
|
22
|
+
readonly TOOL_CALL: 600000;
|
|
23
|
+
/** Animation duration for size changes */
|
|
24
|
+
readonly ANIMATION: 300;
|
|
25
|
+
};
|
|
26
|
+
/**
|
|
27
|
+
* Default dimensions for widget display
|
|
28
|
+
*/
|
|
29
|
+
readonly DIMENSIONS: {
|
|
30
|
+
/** Picture-in-picture width */
|
|
31
|
+
readonly PIP_WIDTH: 768;
|
|
32
|
+
/** Picture-in-picture height */
|
|
33
|
+
readonly PIP_HEIGHT: 384;
|
|
34
|
+
/** Default iframe height for inline mode */
|
|
35
|
+
readonly DEFAULT_HEIGHT: 400;
|
|
36
|
+
};
|
|
37
|
+
};
|
|
38
|
+
//# sourceMappingURL=mcp-apps.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"mcp-apps.d.ts","sourceRoot":"","sources":["../../../src/client/constants/mcp-apps.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,eAAO,MAAM,eAAe;IAC1B;;OAEG;;;kDAGgC,MAAM;8CAEV,MAAM;;IAIrC;;OAEG;;IAGH;;OAEG;;QAED,qCAAqC;;QAErC,0CAA0C;;;IAI5C;;OAEG;;QAED,+BAA+B;;QAE/B,gCAAgC;;QAEhC,4CAA4C;;;CAGtC,CAAC"}
|