add simple-host example

Author: ochafik

examples/simple-host/example-host-react.html

@@ -0,0 +1,21 @@
+<!DOCTYPE html>
+<html lang="en">
+    <head>
+        <meta charset="UTF-8">
+        <meta name="viewport" content="width=device-width, initial-scale=1.0">
+        <style>
+            * {
+                box-sizing: border-box;
+            }
+            body {
+                margin: 0;
+                font-family: system-ui, -apple-system, sans-serif;
+            }
+        </style>
+        <title>Example MCP-UI React Host</title>
+    </head>
+    <body>
+        <div id="root"></div>
+        <script src="/src/example-host-react.tsx" type="module"></script>
+    </body>
+</html>

examples/simple-host/example-host.html

@@ -0,0 +1,21 @@
+<!DOCTYPE html>
+<html lang="en">
+    <head>
+        <meta charset="UTF-8">
+        <meta name="viewport" content="width=device-width, initial-scale=1.0">
+        <style>
+            #chat-root {
+                display: flex;
+                flex-direction: column;
+            }
+        </style>
+        <script src="/src/example-host.ts" type="module"></script>
+        <title>Example MCP View Host</title>
+    </head>
+    <body>
+        <h1>Example MCP View Host</h1>
+
+        <div id="controls"></div>
+        <div id="chat-root"></div>
+    </body>
+</html>

examples/simple-host/package.json

@@ -0,0 +1,38 @@
+{
+  "homepage": "https://github.com/modelcontextprotocol/ext-apps/tree/main/examples/simple-host",
+  "name": "@modelcontextprotocol/ext-apps-host",
+  "version": "1.0.0",
+  "type": "module",
+  "scripts": {
+    "start:server": "python3 serve.py",
+    "start:mcp-server": "cd ../simple-server && npm install && npm run start",
+    "start:proxy": "python3 proxy/serve.py",
+    "build": "concurrently 'INPUT=example-host.html vite build' 'INPUT=example-host-react.html vite build' 'INPUT=sandbox.html vite build'",
+    "server": "bun server.ts",
+    "start": "NODE_ENV=development npm run build && concurrently 'npm run start:server' 'npm run start:mcp-server' 'npm run start:proxy'"
+  },
+  "dependencies": {
+    "@modelcontextprotocol/ext-apps": "../..",
+    "@modelcontextprotocol/sdk": "../../../modelcontextprotocol-typescript-sdk",
+    "react-dom": "^19.2.0",
+    "react": "^19.2.0",
+    "zod": "^3.25.0"
+  },
+  "devDependencies": {
+    "@types/express": "^5.0.0",
+    "@types/node": "^22.0.0",
+    "@types/react-dom": "^19.2.2",
+    "@types/react": "^19.2.2",
+    "@vitejs/plugin-react": "^4.3.4",
+    "concurrently": "^9.2.1",
+    "cors": "^2.8.5",
+    "esbuild": "~0.19.10",
+    "express": "^5.1.0",
+    "prettier": "^3.6.2",
+    "tsx": "^4.20.6",
+    "typescript": "^5.9.3",
+    "vite-plugin-singlefile": "^2.3.0",
+    "vite": "^6.0.0",
+    "vitest": "^3.2.4"
+  }
+}

examples/simple-host/sandbox.html

@@ -0,0 +1,48 @@
+<!doctype html>
+<html>
+  <head>
+    <meta charset="utf-8" />
+    <!-- Permissive CSP so nested content is not constrained by host CSP -->
+    <meta http-equiv="Content-Security-Policy" content="
+      default-src 'self';
+      img-src * data: blob: 'unsafe-inline';
+      media-src * blob: data:;
+      font-src * blob: data:;
+      script-src 'self'
+                 'wasm-unsafe-eval'
+                 'unsafe-inline'
+                 'unsafe-eval'
+                 blob: data: http://localhost:* https://localhost:*;
+      style-src * blob: data: 'unsafe-inline';
+      connect-src *;
+      frame-src * blob: data: http://localhost:* https://localhost:*;
+      base-uri 'self';
+    " />
+    <title>MCP-UI Proxy</title>
+    <style>
+      html,
+      body {
+        margin: 0;
+        height: 100vh;
+        width: 100vw;
+      }
+      body {
+        display: flex;
+        flex-direction: column;
+      }
+      * {
+        box-sizing: border-box;
+      }
+      iframe {
+        background-color: transparent;
+        border: 0px none transparent;
+        padding: 0px;
+        overflow: hidden;
+        flex-grow: 1;
+      }
+    </style>
+  </head>
+  <body>
+    <script type="module" src="/src/sandbox.ts"></script>
+  </body>
+</html>

examples/simple-host/serve.py

@@ -0,0 +1,63 @@
+#!/usr/bin/env python3
+"""
+Simple HTTP server to serve the MCP-UI proxy on port 8765
+"""
+
+import http.server
+import os
+import socketserver
+import sys
+from pathlib import Path
+
+PORT = int(os.environ.get('PORT', '8080'))
+DIRECTORY = Path(__file__).parent / 'dist'
+
+class CustomHTTPRequestHandler(http.server.SimpleHTTPRequestHandler):
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, directory=DIRECTORY.as_posix(), **kwargs)
+
+    def end_headers(self):
+        # Apply custom headers only to sandbox.html
+        if self.path == "/sandbox.html" or self.path == "/":
+            # Add CORS headers to allow cross-origin requests
+            self.send_header("Access-Control-Allow-Origin", "*")
+            self.send_header("Access-Control-Allow-Methods", "GET, POST, OPTIONS")
+            self.send_header("Access-Control-Allow-Headers", "*")
+
+            # Add permissive CSP to allow external resources (images, styles, scripts)
+            csp = "; ".join(
+                [
+                    "default-src 'self'",
+                    "img-src * data: blob: 'unsafe-inline'",
+                    "style-src * blob: data: 'unsafe-inline'",
+                    "script-src * blob: data: 'unsafe-inline' 'unsafe-eval'",
+                    "connect-src *",
+                    "font-src * blob: data:",
+                    "media-src * blob: data:",
+                    "frame-src * blob: data:",
+                ]
+            )
+            self.send_header("Content-Security-Policy", csp)
+
+            # Disable caching to ensure fresh content on every request
+            self.send_header("Cache-Control", "no-cache, no-store, must-revalidate")
+            self.send_header("Pragma", "no-cache")
+            self.send_header("Expires", "0")
+
+        super().end_headers()
+
+
+def main():
+    print(f"Server running on: http://localhost:{PORT}")
+    print(f"Press Ctrl+C to stop the server\n")
+
+    with socketserver.TCPServer(("", PORT), CustomHTTPRequestHandler) as httpd:
+        try:
+            httpd.serve_forever()
+        except KeyboardInterrupt:
+            print("\n\nServer stopped.")
+            sys.exit(0)
+
+
+if __name__ == "__main__":
+    main()

examples/simple-host/src/app-host-utils.ts

@@ -0,0 +1,115 @@
+import { McpUiSandboxProxyReadyNotificationSchema } from "@modelcontextprotocol/ext-apps";
+import { Client } from "@modelcontextprotocol/sdk/client/index.js";
+import { Tool } from "@modelcontextprotocol/sdk/types.js";
+
+const MCP_UI_RESOURCE_META_KEY = "ui/resourceUri";
+
+export async function setupSandboxProxyIframe(sandboxProxyUrl: URL): Promise<{
+  iframe: HTMLIFrameElement;
+  onReady: Promise<void>;
+}> {
+  const iframe = document.createElement("iframe");
+  iframe.style.width = "100%";
+  iframe.style.height = "600px";
+  iframe.style.border = "none";
+  iframe.style.backgroundColor = "transparent";
+  // iframe.allow = 'microphone'
+  iframe.setAttribute("sandbox", "allow-scripts allow-same-origin allow-forms");
+
+  const onReady = new Promise<void>((resolve, _reject) => {
+    const initialListener = async (event: MessageEvent) => {
+      if (event.source === iframe.contentWindow) {
+        if (
+          event.data &&
+          event.data.method ===
+            McpUiSandboxProxyReadyNotificationSchema.shape.method._def.value
+        ) {
+          window.removeEventListener("message", initialListener);
+          resolve();
+        }
+      }
+    };
+    window.addEventListener("message", initialListener);
+  });
+
+  iframe.src = sandboxProxyUrl.href;
+
+  return { iframe, onReady };
+}
+
+export type ToolUiResourceInfo = {
+  uri: string;
+};
+
+export async function getToolUiResourceUri(
+  client: Client,
+  toolName: string,
+): Promise<ToolUiResourceInfo | null> {
+  let tool: Tool | undefined;
+  let cursor: string | undefined = undefined;
+  do {
+    const toolsResult = await client.listTools({ cursor });
+    tool = toolsResult.tools.find((t) => t.name === toolName);
+    cursor = toolsResult.nextCursor;
+  } while (!tool && cursor);
+  if (!tool) {
+    throw new Error(`tool ${toolName} not found`);
+  }
+  if (!tool._meta) {
+    return null;
+  }
+
+  let uri: string;
+  if (MCP_UI_RESOURCE_META_KEY in tool._meta) {
+    uri = String(tool._meta[MCP_UI_RESOURCE_META_KEY]);
+  } else {
+    return null;
+  }
+  if (!uri.startsWith("ui://")) {
+    throw new Error(
+      `tool ${toolName} has unsupported output template URI: ${uri}`,
+    );
+  }
+  return { uri };
+}
+
+export async function readToolUiResourceHtml(
+  client: Client,
+  opts: {
+    uri: string;
+  },
+): Promise<string> {
+  const resource = await client.readResource({ uri: opts.uri });
+
+  if (!resource) {
+    throw new Error("UI resource not found: " + opts.uri);
+  }
+  if (resource.contents.length !== 1) {
+    throw new Error(
+      "Unsupported UI resource content length: " + resource.contents.length,
+    );
+  }
+  const content = resource.contents[0];
+  let html: string;
+  const isHtml = (t?: string) => t === "text/html+mcp";
+
+  if (
+    "text" in content &&
+    typeof content.text === "string" &&
+    isHtml(content.mimeType)
+  ) {
+    html = content.text;
+  } else if (
+    "blob" in content &&
+    typeof content.blob === "string" &&
+    isHtml(content.mimeType)
+  ) {
+    html = atob(content.blob);
+  } else {
+    throw new Error(
+      "Unsupported UI resource content format: " + JSON.stringify(content),
+    );
+  }
+
+  return html;
+}