+
+
diff --git a/webui/js/messages.js b/webui/js/messages.js
index acf25a80c4..b8323fba5f 100644
--- a/webui/js/messages.js
+++ b/webui/js/messages.js
@@ -101,6 +101,8 @@ export async function getMessageHandler(type) {
return drawMessageMcp;
case "mcp_elicitation":
return drawMessageMcpElicitation;
+ case "mcp_sampling":
+ return drawMessageMcpSampling;
case "subagent":
return drawMessageSubagent;
case "warning":
@@ -1194,6 +1196,41 @@ export function drawMessageToolSimple({
* @param {MessageHandlerArgs & Record
} param0
* @returns {MessageHandlerResult}
*/
+export function drawMessageMcpSampling({
+ id,
+ type,
+ heading,
+ content,
+ kvps,
+ timestamp,
+ agentno = 0,
+ ...additional
+}) {
+ const title = cleanStepTitle(heading);
+ let displayKvps = { ...kvps };
+ const contentText = String(content ?? "");
+ const actionButtons = contentText.trim()
+ ? [
+ createActionButton("detail", "", () =>
+ stepDetailStore.showStepDetail(
+ buildDetailPayload(arguments[0], { headerLabels: [] }),
+ ),
+ ),
+ ].filter(Boolean)
+ : [];
+
+ return drawProcessStep({
+ id,
+ title,
+ code: "SMP",
+ classes: undefined,
+ kvps: displayKvps,
+ content,
+ actionButtons,
+ log: arguments[0],
+ });
+}
+
export function drawMessageMcpElicitation({
id,
type,
From 002b8dbf229a397392ee3500650b6f3db5c1fc47 Mon Sep 17 00:00:00 2001
From: Alexander Vaagan <2428222+vaaale@users.noreply.github.com>
Date: Tue, 31 Mar 2026 20:50:29 +0200
Subject: [PATCH 4/6] Implemented support for mcp-app
---
agent.py | 5 +-
helpers/mcp_handler.py | 142 +++++++++++++++++-
tests/mcp_elicitation_test_server.py | 213 +++++++++++++++++++++++++++
3 files changed, 352 insertions(+), 8 deletions(-)
diff --git a/agent.py b/agent.py
index 68a5e13695..855b431103 100644
--- a/agent.py
+++ b/agent.py
@@ -920,6 +920,7 @@ async def process_tools(self, msg: str):
self,
response=response,
tool_name=tool_name,
+ tool_args=tool_args or {},
)
await tool.after_execution(response)
@@ -954,8 +955,8 @@ async def validate_tool_request(self, tool_request: Any):
raise ValueError("Tool request must be a dictionary")
if not tool_request.get("tool_name") or not isinstance(tool_request.get("tool_name"), str):
raise ValueError("Tool request must have a tool_name (type string) field")
- if not tool_request.get("tool_args") or not isinstance(tool_request.get("tool_args"), dict):
- raise ValueError("Tool request must have a tool_args (type dictionary) field")
+ # if not tool_request.get("tool_args") or not isinstance(tool_request.get("tool_args"), dict):
+ # raise ValueError("Tool request must have a tool_args (type dictionary) field")
diff --git a/helpers/mcp_handler.py b/helpers/mcp_handler.py
index e7f99cf58d..5b9f4a0c76 100644
--- a/helpers/mcp_handler.py
+++ b/helpers/mcp_handler.py
@@ -34,7 +34,7 @@
from mcp.client.sse import sse_client
from mcp.client.streamable_http import streamablehttp_client
from mcp.shared.message import SessionMessage
-from mcp.types import CallToolResult, ListToolsResult
+from mcp.types import CallToolResult, ListToolsResult, ReadResourceResult
from anyio.streams.memory import (
MemoryObjectReceiveStream,
MemoryObjectSendStream,
@@ -267,6 +267,14 @@ async def call_tool(
# We already run in an event loop, dont believe Pylance
return await self.__client.call_tool(tool_name, input_data) # type: ignore
+ def get_tool_ui_meta(self, tool_name: str) -> dict[str, Any] | None:
+ with self.__lock:
+ return self.__client.get_tool_ui_meta(tool_name) # type: ignore
+
+ async def read_resource(self, uri: str) -> ReadResourceResult:
+ with self.__lock:
+ return await self.__client.read_resource(uri) # type: ignore
+
def update(self, config: dict[str, Any]) -> "MCPServerRemote":
with self.__lock:
for key, value in config.items():
@@ -345,6 +353,14 @@ async def call_tool(
# We already run in an event loop, dont believe Pylance
return await self.__client.call_tool(tool_name, input_data) # type: ignore
+ def get_tool_ui_meta(self, tool_name: str) -> dict[str, Any] | None:
+ with self.__lock:
+ return self.__client.get_tool_ui_meta(tool_name) # type: ignore
+
+ async def read_resource(self, uri: str) -> ReadResourceResult:
+ with self.__lock:
+ return await self.__client.read_resource(uri) # type: ignore
+
def update(self, config: dict[str, Any]) -> "MCPServerLocal":
with self.__lock:
for key, value in config.items():
@@ -793,6 +809,25 @@ def get_tool(self, agent: Any, tool_name: str) -> MCPTool | None:
return None
return MCPTool(agent=agent, name=tool_name, method=None, args={}, message="", loop_data=None)
+ def get_tool_ui_meta(self, tool_name: str) -> dict[str, Any] | None:
+ """Return the _meta.ui dict for a qualified tool name (server.tool), or None."""
+ if "." not in tool_name:
+ return None
+ server_name_part, tool_name_part = tool_name.split(".", 1)
+ with self.__lock:
+ for server in self.servers:
+ if server.name == server_name_part:
+ return server.get_tool_ui_meta(tool_name_part)
+ return None
+
+ async def read_resource(self, server_name: str, uri: str) -> ReadResourceResult:
+ """Read a resource by URI from a specific server."""
+ with self.__lock:
+ for server in self.servers:
+ if server.name == server_name:
+ return await server.read_resource(uri)
+ raise ValueError(f"Server '{server_name}' not found")
+
async def call_tool(
self, tool_name: str, input_data: Dict[str, Any]
) -> CallToolResult:
@@ -810,6 +845,63 @@ async def call_tool(
T = TypeVar("T")
+async def _initialize_with_ui_ext(session: ClientSession):
+ """Initialize a ClientSession with the io.modelcontextprotocol/ui extension capability.
+
+ Replicates the SDK's initialize() logic but injects an extensions field
+ into ClientCapabilities to advertise MCP Apps support.
+ """
+ from mcp import types as _t
+ from mcp.client.session import (
+ SUPPORTED_PROTOCOL_VERSIONS,
+ _default_sampling_callback,
+ _default_elicitation_callback,
+ _default_list_roots_callback,
+ )
+
+ sampling = _t.SamplingCapability() if session._sampling_callback is not _default_sampling_callback else None
+ elicitation = _t.ElicitationCapability() if session._elicitation_callback is not _default_elicitation_callback else None
+ roots = (
+ _t.RootsCapability(listChanged=True)
+ if session._list_roots_callback is not _default_list_roots_callback
+ else None
+ )
+
+ capabilities = _t.ClientCapabilities(
+ sampling=sampling,
+ elicitation=elicitation,
+ experimental=None,
+ roots=roots,
+ )
+ # Inject MCP Apps extension capability (ClientCapabilities allows extra fields)
+ capabilities.extensions = { # type: ignore[attr-defined]
+ "io.modelcontextprotocol/ui": {
+ "mimeTypes": ["text/html;profile=mcp-app"]
+ }
+ }
+
+ result = await session.send_request(
+ _t.ClientRequest(
+ _t.InitializeRequest(
+ params=_t.InitializeRequestParams(
+ protocolVersion=_t.LATEST_PROTOCOL_VERSION,
+ capabilities=capabilities,
+ clientInfo=session._client_info,
+ ),
+ )
+ ),
+ _t.InitializeResult,
+ )
+
+ if result.protocolVersion not in SUPPORTED_PROTOCOL_VERSIONS:
+ raise RuntimeError(f"Unsupported protocol version from the server: {result.protocolVersion}")
+
+ session._server_capabilities = result.capabilities
+ await session.send_notification(_t.ClientNotification(_t.InitializedNotification()))
+
+ return result
+
+
class MCPClientBase(ABC):
# server: Union[MCPServerLocal, MCPServerRemote] # Defined in __init__
# tools: List[dict[str, Any]] # Defined in __init__
@@ -871,7 +963,7 @@ async def _execute_with_session(
sampling_callback=sampling_cb,
)
)
- await session.initialize()
+ await _initialize_with_ui_ext(session)
result = await coro_func(session)
@@ -912,14 +1004,25 @@ async def update_tools(self) -> "MCPClientBase":
async def list_tools_op(current_session: ClientSession):
response: ListToolsResult = await current_session.list_tools()
with self.__lock:
- self.tools = [
- {
+ self.tools = []
+ for tool in response.tools:
+ tool_dict: dict[str, Any] = {
"name": tool.name,
"description": tool.description,
"input_schema": tool.inputSchema,
}
- for tool in response.tools
- ]
+ # Preserve _meta.ui for MCP Apps support
+ PrintStyle(font_color="yellow", padding=True).print(
+ f"DEBUG update_tools: tool '{tool.name}' meta={tool.meta}"
+ )
+ if tool.meta and isinstance(tool.meta, dict):
+ ui_meta = tool.meta.get("ui")
+ if ui_meta and isinstance(ui_meta, dict):
+ tool_dict["ui_meta"] = ui_meta
+ PrintStyle(font_color="green", padding=True).print(
+ f"DEBUG update_tools: captured ui_meta for '{tool.name}': {ui_meta}"
+ )
+ self.tools.append(tool_dict)
PrintStyle(font_color="green").print(
f"MCPClientBase ({self.server.name}): Tools updated. Found {len(self.tools)} tools."
)
@@ -958,6 +1061,33 @@ def get_tools(self) -> List[dict[str, Any]]:
with self.__lock:
return self.tools
+ def get_tool_ui_meta(self, tool_name: str) -> dict[str, Any] | None:
+ """Return the _meta.ui dict for a tool, or None."""
+ with self.__lock:
+ for tool in self.tools:
+ if tool["name"] == tool_name:
+ return tool.get("ui_meta")
+ return None
+
+ async def read_resource(self, uri: str) -> "ReadResourceResult":
+ """Read a resource by URI (e.g. ui:// resources for MCP Apps)."""
+ from pydantic import AnyUrl
+
+ async def read_resource_op(current_session: ClientSession):
+ return await current_session.read_resource(AnyUrl(uri))
+
+ try:
+ return await self._execute_with_session(read_resource_op)
+ except Exception as e:
+ PrintStyle(
+ background_color="#AA4455", font_color="white", padding=True
+ ).print(
+ f"MCPClientBase ({self.server.name}): 'read_resource' for '{uri}' failed: {type(e).__name__}: {e}"
+ )
+ raise ConnectionError(
+ f"Failed to read resource '{uri}' on server '{self.server.name}': {type(e).__name__}: {e}"
+ )
+
async def call_tool(
self, tool_name: str, input_data: Dict[str, Any]
) -> CallToolResult:
diff --git a/tests/mcp_elicitation_test_server.py b/tests/mcp_elicitation_test_server.py
index 48723ed372..c6b7f270e4 100644
--- a/tests/mcp_elicitation_test_server.py
+++ b/tests/mcp_elicitation_test_server.py
@@ -20,6 +20,8 @@
- simple_echo: No elicitation, just echoes input (control test).
"""
+import json
+import time
from enum import Enum
from typing import Optional
@@ -185,5 +187,216 @@ async def analyze_sentiment(ctx: Context, text: str) -> str:
return f"Sentiment analysis: {result.text}"
+# --- MCP Apps tools ---
+
+DASHBOARD_HTML = """
+
+
+
+Server Dashboard
+
+
+
+ ๐ Server Dashboard
+
+
+
Server Time
+
Loading...
+
Last updated
+
+
+
Status
+
โ
+
Checking...
+
+
+
+
Requests
+
--
+
Total served
+
+
๐ Server Dashboard
-
-
-
Server Time
-
Loading...
-
Last updated
-
-
-
Status
-
โ
-
Checking...
-
-
-
-
Requests
-
--
-
Total served
-
-
Failed to load MCP App renderer
`;
+ return;
+ }
+ const html = await resp.text();
+ mountEl.innerHTML = html;
+
+ if (window.Alpine) {
+ window.Alpine.initTree(mountEl);
+ }
+ } catch (e) {
+ console.error("[mcp-apps] Failed to load renderer:", e);
+ mountEl.innerHTML = `Error: ${e.message}
`;
+ }
+}
diff --git a/plugins/_mcp_apps/helpers/__init__.py b/plugins/_mcp_apps/helpers/__init__.py
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/plugins/_mcp_apps/helpers/mcp_apps_manager.py b/plugins/_mcp_apps/helpers/mcp_apps_manager.py
new file mode 100644
index 0000000000..046144e8ff
--- /dev/null
+++ b/plugins/_mcp_apps/helpers/mcp_apps_manager.py
@@ -0,0 +1,433 @@
+"""
+MCP Apps Manager โ singleton that tracks UI-enabled tools, fetches UI resources,
+manages active app sessions, and proxies tool calls from iframes back to MCP servers.
+
+Proxy calls from iframes use persistent MCP sessions to avoid the per-call overhead
+of creating new connections and running the MCP handshake each time.
+"""
+
+import asyncio
+import threading
+import uuid
+from contextlib import AsyncExitStack
+from datetime import timedelta
+from typing import Any, Optional
+
+from helpers.print_style import PrintStyle
+
+
+class _ActiveApp:
+ """Tracks a single active MCP App iframe instance."""
+
+ def __init__(
+ self,
+ app_id: str,
+ server_name: str,
+ tool_name: str,
+ resource_uri: str,
+ html_content: str,
+ tool_args: dict[str, Any],
+ tool_result: dict[str, Any] | None,
+ ui_meta: dict[str, Any],
+ tool_description: str = "",
+ tool_input_schema: dict[str, Any] | None = None,
+ ):
+ self.app_id = app_id
+ self.server_name = server_name
+ self.tool_name = tool_name
+ self.resource_uri = resource_uri
+ self.html_content = html_content
+ self.tool_args = tool_args
+ self.tool_result = tool_result
+ self.ui_meta = ui_meta
+ self.tool_description = tool_description
+ self.tool_input_schema = tool_input_schema or {"type": "object"}
+
+
+class _ProxySession:
+ """Maintains a persistent MCP ClientSession in a dedicated background task.
+
+ anyio cancel scopes (used by streamablehttp_client) require enter/exit from
+ the same asyncio Task. We satisfy this by running the entire session
+ lifecycle inside a single long-lived task and communicating via a queue.
+ """
+
+ def __init__(self):
+ self.session = None
+ self._queue: asyncio.Queue | None = None
+ self._task: asyncio.Task | None = None
+ self._ready = asyncio.Event()
+ self._open_error: BaseException | None = None
+
+ async def open(self, server):
+ """Start the background task that owns the transport + session."""
+ self._ready = asyncio.Event()
+ self._open_error = None
+ self._queue = asyncio.Queue()
+ self._task = asyncio.create_task(self._run(server))
+ await self._ready.wait()
+ if self._open_error:
+ raise self._open_error
+
+ async def _run(self, server):
+ """Background task โ owns the full async-context-manager stack."""
+ from mcp import ClientSession
+ from helpers.mcp_handler import (
+ MCPServerRemote,
+ MCPServerLocal,
+ _initialize_with_ui_ext,
+ _is_streaming_http_type,
+ CustomHTTPClientFactory,
+ )
+ from helpers import settings
+
+ try:
+ async with AsyncExitStack() as stack:
+ if isinstance(server, MCPServerRemote):
+ set_ = settings.get_settings()
+ init_timeout = server.init_timeout or set_["mcp_client_init_timeout"] or 5
+ tool_timeout = server.tool_timeout or set_["mcp_client_tool_timeout"] or 60
+ client_factory = CustomHTTPClientFactory(verify=server.verify)
+
+ if _is_streaming_http_type(server.type):
+ from mcp.client.streamable_http import streamablehttp_client
+
+ read_stream, write_stream, _ = await stack.enter_async_context(
+ streamablehttp_client(
+ url=server.url,
+ headers=server.headers,
+ timeout=timedelta(seconds=init_timeout),
+ sse_read_timeout=timedelta(seconds=tool_timeout),
+ httpx_client_factory=client_factory,
+ )
+ )
+ else:
+ from mcp.client.sse import sse_client
+
+ read_stream, write_stream = await stack.enter_async_context(
+ sse_client(
+ url=server.url,
+ headers=server.headers,
+ timeout=init_timeout,
+ sse_read_timeout=tool_timeout,
+ httpx_client_factory=client_factory,
+ )
+ )
+ elif isinstance(server, MCPServerLocal):
+ from mcp import StdioServerParameters
+ from mcp.client.stdio import stdio_client
+ from shutil import which
+
+ if not server.command or not which(server.command):
+ raise ValueError(f"Command '{server.command}' not found")
+
+ params = StdioServerParameters(
+ command=server.command,
+ args=server.args,
+ env=server.env,
+ encoding=server.encoding,
+ encoding_error_handler=server.encoding_error_handler,
+ )
+ read_stream, write_stream = await stack.enter_async_context(
+ stdio_client(params)
+ )
+ else:
+ raise TypeError(f"Unsupported server type: {type(server)}")
+
+ self.session = await stack.enter_async_context(
+ ClientSession(
+ read_stream,
+ write_stream,
+ read_timeout_seconds=timedelta(seconds=120),
+ )
+ )
+ await _initialize_with_ui_ext(self.session)
+
+ # Signal that we are ready to accept requests
+ self._ready.set()
+
+ # Process requests until a None sentinel arrives
+ while True:
+ item = await self._queue.get()
+ if item is None:
+ break
+ coro_factory, future = item
+ try:
+ result = await coro_factory(self.session)
+ if not future.done():
+ future.set_result(result)
+ except Exception as exc:
+ if not future.done():
+ future.set_exception(exc)
+ except Exception as exc:
+ # If we haven't signalled ready yet, store the error so open() can raise it
+ if not self._ready.is_set():
+ self._open_error = exc
+ self._ready.set()
+ else:
+ PrintStyle(font_color="red", padding=True).print(
+ f"MCP Apps: Proxy session background task error: {exc}"
+ )
+ finally:
+ self.session = None
+
+ async def execute(self, coro_factory):
+ """Submit work to the background task and wait for the result."""
+ loop = asyncio.get_running_loop()
+ future = loop.create_future()
+ await self._queue.put((coro_factory, future))
+ return await future
+
+ async def close(self):
+ """Signal the background task to shut down and wait for it."""
+ self.session = None
+ if self._queue:
+ try:
+ await self._queue.put(None)
+ except Exception:
+ pass
+ if self._task and not self._task.done():
+ try:
+ await asyncio.wait_for(self._task, timeout=5)
+ except (asyncio.TimeoutError, Exception):
+ self._task.cancel()
+ self._task = None
+ self._queue = None
+
+
+class MCPAppsManager:
+ """Singleton managing MCP App lifecycle and communication."""
+
+ _instance: Optional["MCPAppsManager"] = None
+ _lock = threading.Lock()
+
+ def __init__(self):
+ self._apps: dict[str, _ActiveApp] = {}
+ self._resource_cache: dict[str, str] = {}
+ self._proxy_sessions: dict[str, _ProxySession] = {}
+
+ @classmethod
+ def get_instance(cls) -> "MCPAppsManager":
+ if cls._instance is None:
+ with cls._lock:
+ if cls._instance is None:
+ cls._instance = cls()
+ return cls._instance
+
+ def register_app(
+ self,
+ server_name: str,
+ tool_name: str,
+ resource_uri: str,
+ html_content: str,
+ tool_args: dict[str, Any],
+ tool_result: dict[str, Any] | None,
+ ui_meta: dict[str, Any],
+ tool_description: str = "",
+ tool_input_schema: dict[str, Any] | None = None,
+ ) -> str:
+ """Register a new active app instance. Returns the app_id."""
+ app_id = str(uuid.uuid4())
+ app = _ActiveApp(
+ app_id=app_id,
+ server_name=server_name,
+ tool_name=tool_name,
+ resource_uri=resource_uri,
+ html_content=html_content,
+ tool_args=tool_args,
+ tool_result=tool_result,
+ ui_meta=ui_meta,
+ tool_description=tool_description,
+ tool_input_schema=tool_input_schema,
+ )
+ with self._lock:
+ self._apps[app_id] = app
+ PrintStyle(font_color="cyan", padding=True).print(
+ f"MCP Apps: Registered app '{app_id}' for tool '{server_name}.{tool_name}'"
+ )
+ return app_id
+
+ def get_app(self, app_id: str) -> _ActiveApp | None:
+ with self._lock:
+ return self._apps.get(app_id)
+
+ def remove_app(self, app_id: str) -> None:
+ with self._lock:
+ self._apps.pop(app_id, None)
+
+ def get_app_data(self, app_id: str) -> dict[str, Any] | None:
+ """Return serializable app data for the frontend."""
+ app = self.get_app(app_id)
+ if not app:
+ return None
+ return {
+ "app_id": app.app_id,
+ "server_name": app.server_name,
+ "tool_name": app.tool_name,
+ "resource_uri": app.resource_uri,
+ "html_content": app.html_content,
+ "tool_args": app.tool_args,
+ "tool_result": app.tool_result,
+ "ui_meta": app.ui_meta,
+ "tool_description": app.tool_description,
+ "tool_input_schema": app.tool_input_schema,
+ }
+
+ def cache_resource(self, uri: str, html: str) -> None:
+ with self._lock:
+ self._resource_cache[uri] = html
+
+ def get_cached_resource(self, uri: str) -> str | None:
+ with self._lock:
+ return self._resource_cache.get(uri)
+
+ @staticmethod
+ def _find_mcp_server(server_name: str, tool_name: str | None = None):
+ """Find an MCP server (and optionally verify it has a tool).
+ Returns the server reference so callers can invoke async methods
+ without holding MCPConfig's threading lock."""
+ import helpers.mcp_handler as mcp_handler
+
+ mcp_config = mcp_handler.MCPConfig.get_instance()
+ for server in mcp_config.servers:
+ if server.name == server_name:
+ if tool_name is None or server.has_tool(tool_name):
+ return server
+ return None
+
+ async def fetch_ui_resource(self, server_name: str, resource_uri: str) -> str:
+ """Fetch a ui:// resource from an MCP server. Uses cache if available."""
+ cached = self.get_cached_resource(resource_uri)
+ if cached:
+ return cached
+
+ import helpers.mcp_handler as mcp_handler
+
+ mcp_config = mcp_handler.MCPConfig.get_instance()
+ result = await mcp_config.read_resource(server_name, resource_uri)
+
+ html_content = ""
+ for content in result.contents:
+ if hasattr(content, "text") and content.text:
+ html_content = content.text
+ break
+ elif hasattr(content, "blob") and content.blob:
+ import base64
+ html_content = base64.b64decode(content.blob).decode("utf-8")
+ break
+
+ if not html_content:
+ raise ValueError(
+ f"UI resource '{resource_uri}' from server '{server_name}' returned no content"
+ )
+
+ self.cache_resource(resource_uri, html_content)
+ return html_content
+
+ async def _get_proxy_session(self, server_name: str) -> _ProxySession:
+ """Get or create a persistent proxy session for the given server."""
+ ps = self._proxy_sessions.get(server_name)
+ if ps and ps.session is not None:
+ return ps
+
+ # Create a new persistent session
+ server = self._find_mcp_server(server_name)
+ if not server:
+ raise ValueError(f"MCP server '{server_name}' not found")
+
+ ps = _ProxySession()
+ await ps.open(server)
+ self._proxy_sessions[server_name] = ps
+ PrintStyle(font_color="cyan", padding=True).print(
+ f"MCP Apps: Opened persistent proxy session for '{server_name}'"
+ )
+ return ps
+
+ async def _close_proxy_session(self, server_name: str):
+ """Close and discard a persistent proxy session."""
+ ps = self._proxy_sessions.pop(server_name, None)
+ if ps:
+ await ps.close()
+ PrintStyle(font_color="cyan", padding=True).print(
+ f"MCP Apps: Closed proxy session for '{server_name}'"
+ )
+
+ async def _proxy_with_retry(self, server_name: str, coro_factory):
+ """Run coro_factory(session) via the background task, with one retry on failure."""
+ for attempt in range(2):
+ try:
+ ps = await self._get_proxy_session(server_name)
+ return await ps.execute(coro_factory)
+ except Exception:
+ if attempt == 0:
+ PrintStyle(font_color="yellow", padding=True).print(
+ f"MCP Apps: Proxy session error for '{server_name}', recreating..."
+ )
+ await self._close_proxy_session(server_name)
+ else:
+ raise
+
+ async def proxy_tool_call(
+ self, app_id: str, tool_name: str, arguments: dict[str, Any]
+ ) -> dict[str, Any]:
+ """Proxy a tools/call request from an iframe back to the MCP server."""
+ app = self.get_app(app_id)
+ if not app:
+ return {"error": {"code": -32000, "message": f"App '{app_id}' not found"}}
+
+ try:
+ from mcp.types import CallToolResult
+
+ async def do_call(session):
+ return await session.call_tool(tool_name, arguments)
+
+ result: CallToolResult = await self._proxy_with_retry(app.server_name, do_call)
+ content_list = []
+ for item in result.content:
+ if item.type == "text":
+ content_list.append({"type": "text", "text": item.text})
+ elif item.type == "image":
+ content_list.append({
+ "type": "image",
+ "data": item.data,
+ "mimeType": item.mimeType,
+ })
+ response = {"content": content_list, "isError": result.isError}
+ if hasattr(result, "structuredContent") and result.structuredContent:
+ response["structuredContent"] = result.structuredContent
+ return response
+ except Exception as e:
+ PrintStyle(font_color="red", padding=True).print(
+ f"MCP Apps: Proxy tool call failed for '{app.server_name}.{tool_name}': {e}"
+ )
+ return {"error": {"code": -32000, "message": str(e)}}
+
+ async def proxy_resource_read(
+ self, app_id: str, uri: str
+ ) -> dict[str, Any]:
+ """Proxy a resources/read request from an iframe back to the MCP server."""
+ app = self.get_app(app_id)
+ if not app:
+ return {"error": {"code": -32000, "message": f"App '{app_id}' not found"}}
+
+ try:
+ async def do_read(session):
+ return await session.read_resource(uri)
+
+ result = await self._proxy_with_retry(app.server_name, do_read)
+ contents = []
+ for c in result.contents:
+ entry: dict[str, Any] = {"uri": str(c.uri)}
+ if hasattr(c, "mimeType") and c.mimeType:
+ entry["mimeType"] = c.mimeType
+ if hasattr(c, "text") and c.text:
+ entry["text"] = c.text
+ elif hasattr(c, "blob") and c.blob:
+ entry["blob"] = c.blob
+ contents.append(entry)
+ return {"contents": contents}
+ except Exception as e:
+ PrintStyle(font_color="red", padding=True).print(
+ f"MCP Apps: Proxy resource read failed for '{uri}': {e}"
+ )
+ return {"error": {"code": -32000, "message": str(e)}}
diff --git a/plugins/_mcp_apps/plugin.yaml b/plugins/_mcp_apps/plugin.yaml
new file mode 100644
index 0000000000..8eef78d095
--- /dev/null
+++ b/plugins/_mcp_apps/plugin.yaml
@@ -0,0 +1,8 @@
+name: mcp_apps
+title: MCP Apps
+description: Renders interactive UI applications from MCP servers in sandboxed iframes within chat messages. Implements the MCP Apps extension (SEP-1865).
+version: 0.1.0
+settings_sections: []
+per_project_config: false
+per_agent_config: false
+always_enabled: false
diff --git a/plugins/_mcp_apps/test_mcp/__init__.py b/plugins/_mcp_apps/test_mcp/__init__.py
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/plugins/_mcp_apps/test_mcp/mcp_elicitation_test_server.py b/plugins/_mcp_apps/test_mcp/mcp_elicitation_test_server.py
new file mode 100644
index 0000000000..c6b7f270e4
--- /dev/null
+++ b/plugins/_mcp_apps/test_mcp/mcp_elicitation_test_server.py
@@ -0,0 +1,402 @@
+#!/usr/bin/env python3
+"""
+Simple MCP server for end-to-end testing of the elicitation feature.
+
+Usage:
+ Start the server:
+ python tests/mcp_elicitation_test_server.py
+
+ Add to Agent Zero MCP config as:
+ {
+ "name": "elicitation-test",
+ "type": "streamable-http",
+ "url": "http://localhost:8100/mcp"
+ }
+
+Tools provided:
+ - greet_user: Elicits user's name and greeting style, returns a personalized greeting.
+ - create_task: Elicits task details (title, priority, description), returns summary.
+ - confirm_action: Elicits a yes/no confirmation before proceeding.
+ - simple_echo: No elicitation, just echoes input (control test).
+"""
+
+import json
+import time
+from enum import Enum
+from typing import Optional
+
+from fastmcp import FastMCP, Context
+from fastmcp.server.elicitation import AcceptedElicitation
+from mcp.types import TextContent, SamplingMessage
+from pydantic import BaseModel, Field
+
+
+mcp = FastMCP(
+ name="elicitation-test",
+ instructions="A test server for MCP elicitation. Use the tools to test human-in-the-loop input gathering.",
+)
+
+
+# --- Elicitation response models ---
+
+class GreetingInfo(BaseModel):
+ name: str = Field(description="Your name")
+ style: str = Field(description="Greeting style: formal, casual, or pirate")
+
+
+class Priority(str, Enum):
+ LOW = "low"
+ MEDIUM = "medium"
+ HIGH = "high"
+ CRITICAL = "critical"
+
+
+class TaskInfo(BaseModel):
+ title: str = Field(description="Task title")
+ priority: Priority = Field(default=Priority.MEDIUM, description="Task priority level")
+ description: str = Field(default="", description="Optional task description")
+
+
+class Confirmation(BaseModel):
+ confirmed: bool = Field(description="Do you want to proceed?")
+
+
+# --- Tools ---
+
+@mcp.tool()
+async def greet_user(ctx: Context, reason: str = "general") -> str:
+ """Generate a personalized greeting. Will ask for the user's name and preferred greeting style.
+
+ Args:
+ reason: Why the greeting is being generated (e.g. 'welcome', 'farewell', 'general').
+ """
+ result = await ctx.elicit(
+ message="I'd like to greet you! Please provide your name and preferred greeting style.",
+ response_type=GreetingInfo,
+ )
+
+ if isinstance(result, AcceptedElicitation):
+ name = result.data.name
+ style = result.data.style.lower()
+ if style == "formal":
+ return f"Good day, {name}. It is a pleasure to make your acquaintance."
+ elif style == "pirate":
+ return f"Ahoy, {name}! Welcome aboard, ye scallywag!"
+ else:
+ return f"Hey {name}! What's up?"
+ else:
+ return f"Greeting cancelled (action: {result.action})."
+
+
+@mcp.tool()
+async def create_task(ctx: Context, project: str = "default") -> str:
+ """Create a new task. Will ask for task details via elicitation.
+
+ Args:
+ project: The project to create the task in.
+ """
+ result = await ctx.elicit(
+ message=f"Please provide details for the new task in project '{project}'.",
+ response_type=TaskInfo,
+ )
+
+ if isinstance(result, AcceptedElicitation):
+ task = result.data
+ return (
+ f"Task created in '{project}':\n"
+ f" Title: {task.title}\n"
+ f" Priority: {task.priority.value}\n"
+ f" Description: {task.description or '(none)'}"
+ )
+ else:
+ return f"Task creation cancelled (action: {result.action})."
+
+
+@mcp.tool()
+async def confirm_action(action_description: str, ctx: Context) -> str:
+ """Ask for user confirmation before performing an action.
+
+ Args:
+ action_description: Description of the action that needs confirmation.
+ """
+ result = await ctx.elicit(
+ message=f"Please confirm: {action_description}",
+ response_type=Confirmation,
+ )
+
+ if isinstance(result, AcceptedElicitation):
+ if result.data.confirmed:
+ return f"Action confirmed: {action_description}. Proceeding."
+ else:
+ return f"User explicitly declined via the form for: {action_description}."
+ else:
+ return f"Confirmation cancelled (action: {result.action})."
+
+
+@mcp.tool()
+async def simple_echo(message: str) -> str:
+ """Echo the input message back. No elicitation involved (control test).
+
+ Args:
+ message: The message to echo.
+ """
+ return f"Echo: {message}"
+
+
+# --- Sampling tools ---
+
+@mcp.tool()
+async def summarize_text(ctx: Context, text: str) -> str:
+ """Summarize a piece of text using the client's LLM via MCP sampling.
+
+ Args:
+ text: The text to summarize.
+ """
+ result = await ctx.sample(
+ messages=[
+ SamplingMessage(
+ role="user",
+ content=TextContent(type="text", text=f"Please summarize the following text in 2-3 sentences:\n\n{text}"),
+ )
+ ],
+ system_prompt="You are a concise summarizer. Respond only with the summary.",
+ max_tokens=256,
+ temperature=0.3,
+ )
+ return f"Summary: {result.text}"
+
+
+@mcp.tool()
+async def analyze_sentiment(ctx: Context, text: str) -> str:
+ """Analyze the sentiment of text using the client's LLM via MCP sampling.
+
+ Args:
+ text: The text to analyze.
+ """
+ result = await ctx.sample(
+ messages=[
+ SamplingMessage(
+ role="user",
+ content=TextContent(type="text", text=f"Analyze the sentiment of this text and respond with one word (positive, negative, or neutral) followed by a brief explanation:\n\n{text}"),
+ )
+ ],
+ system_prompt="You are a sentiment analysis expert. Be concise.",
+ max_tokens=128,
+ temperature=0.0,
+ )
+ return f"Sentiment analysis: {result.text}"
+
+
+# --- MCP Apps tools ---
+
+DASHBOARD_HTML = """
+
+
+
+Server Dashboard
+
+
+
+ ๐ Server Dashboard
+
+
+
Server Time
+
Loading...
+
Last updated
+
+
+
Status
+
โ
+
Checking...
+
+
+
+
Requests
+
--
+
Total served
+
+
+
+
+
+
progress_activity
+
Loading MCP App...
+
+
+
+
+
+ error
+
+
+
+
+
+
+