chuk-tool-processor 0.6.25__py3-none-any.whl → 0.6.27__py3-none-any.whl

chuk_tool_processor/mcp/setup_mcp_http_streamable.py

@@ -44,6 +44,7 @@ async def setup_mcp_http_streamable(
     enable_retries: bool = True,
     max_retries: int = 3,
     namespace: str = "http",
+    oauth_refresh_callback: any | None = None,  # NEW: OAuth token refresh callback
 ) -> tuple[ToolProcessor, StreamManager]:
     """
     Initialize HTTP Streamable transport MCP + a :class:`ToolProcessor`.
@@ -69,6 +70,7 @@ async def setup_mcp_http_streamable(
         enable_retries: Whether to enable automatic retries
         max_retries: Maximum retry attempts
         namespace: Namespace for registered tools
+        oauth_refresh_callback: Optional async callback to refresh OAuth tokens (NEW)
 
     Returns:
         Tuple of (ToolProcessor, StreamManager)
@@ -93,6 +95,7 @@ async def setup_mcp_http_streamable(
         connection_timeout=connection_timeout,
         default_timeout=default_timeout,
         initialization_timeout=initialization_timeout,
+        oauth_refresh_callback=oauth_refresh_callback,  # NEW: Pass OAuth callback
     )
 
     # 2️⃣  pull the remote tool list and register each one locally

chuk_tool_processor/mcp/setup_mcp_sse.py

@@ -40,6 +40,7 @@ async def setup_mcp_sse(  # noqa: C901 - long but just a config facade
     enable_retries: bool = True,
     max_retries: int = 3,
     namespace: str = "sse",
+    oauth_refresh_callback: any | None = None,  # NEW: OAuth token refresh callback
 ) -> tuple[ToolProcessor, StreamManager]:
     """
     Initialise SSE-transport MCP + a :class:`ToolProcessor`.
@@ -61,6 +62,7 @@ async def setup_mcp_sse(  # noqa: C901 - long but just a config facade
         enable_retries: Whether to enable automatic retries
         max_retries: Maximum retry attempts
         namespace: Namespace for registered tools
+        oauth_refresh_callback: Optional async callback to refresh OAuth tokens (NEW)
 
     Returns:
         Tuple of (ToolProcessor, StreamManager)
@@ -72,6 +74,7 @@ async def setup_mcp_sse(  # noqa: C901 - long but just a config facade
         connection_timeout=connection_timeout,  # 🔧 ADD THIS LINE
         default_timeout=default_timeout,  # 🔧 ADD THIS LINE
         initialization_timeout=initialization_timeout,
+        oauth_refresh_callback=oauth_refresh_callback,  # NEW: Pass OAuth callback
     )
 
     # 2️⃣  pull the remote tool list and register each one locally

chuk_tool_processor/mcp/stream_manager.py

@@ -81,6 +81,7 @@ class StreamManager:
         connection_timeout: float = 10.0,
         default_timeout: float = 30.0,
         initialization_timeout: float = 60.0,  # NEW
+        oauth_refresh_callback: any | None = None,  # NEW: OAuth token refresh callback
     ) -> StreamManager:
         """Create StreamManager with SSE transport and timeout protection."""
         inst = cls()
@@ -90,6 +91,7 @@ class StreamManager:
             connection_timeout=connection_timeout,
             default_timeout=default_timeout,
             initialization_timeout=initialization_timeout,
+            oauth_refresh_callback=oauth_refresh_callback,  # NEW: Pass OAuth callback
         )
         return inst
 
@@ -101,6 +103,7 @@ class StreamManager:
         connection_timeout: float = 30.0,
         default_timeout: float = 30.0,
         initialization_timeout: float = 60.0,  # NEW
+        oauth_refresh_callback: any | None = None,  # NEW: OAuth token refresh callback
     ) -> StreamManager:
         """Create StreamManager with HTTP Streamable transport and timeout protection."""
         inst = cls()
@@ -110,6 +113,7 @@ class StreamManager:
             connection_timeout=connection_timeout,
             default_timeout=default_timeout,
             initialization_timeout=initialization_timeout,
+            oauth_refresh_callback=oauth_refresh_callback,  # NEW: Pass OAuth callback
         )
         return inst
 
@@ -285,6 +289,7 @@ class StreamManager:
         connection_timeout: float = 10.0,
         default_timeout: float = 30.0,
         initialization_timeout: float = 60.0,
+        oauth_refresh_callback: any | None = None,  # NEW: OAuth token refresh callback
     ) -> None:
         """Initialize with SSE transport with optional headers support."""
         if self._closed:
@@ -313,6 +318,11 @@ class StreamManager:
                         logger.debug("SSE %s: Using configured headers: %s", name, list(headers.keys()))
                         transport_params["headers"] = headers
 
+                    # Add OAuth refresh callback if provided (NEW)
+                    if oauth_refresh_callback:
+                        transport_params["oauth_refresh_callback"] = oauth_refresh_callback
+                        logger.debug("SSE %s: OAuth refresh callback configured", name)
+
                     transport = SSETransport(**transport_params)
 
                     try:
@@ -354,6 +364,7 @@ class StreamManager:
         connection_timeout: float = 30.0,
         default_timeout: float = 30.0,
         initialization_timeout: float = 60.0,
+        oauth_refresh_callback: any | None = None,  # NEW: OAuth token refresh callback
     ) -> None:
         """Initialize with HTTP Streamable transport with graceful headers handling."""
         if self._closed:
@@ -385,6 +396,11 @@ class StreamManager:
                         transport_params["headers"] = headers
                         logger.debug("HTTP Streamable %s: Custom headers configured: %s", name, list(headers.keys()))
 
+                    # Add OAuth refresh callback if provided (NEW)
+                    if oauth_refresh_callback:
+                        transport_params["oauth_refresh_callback"] = oauth_refresh_callback
+                        logger.debug("HTTP Streamable %s: OAuth refresh callback configured", name)
+
                     transport = HTTPStreamableTransport(**transport_params)
 
                     logger.debug(f"Calling transport.initialize() for {name} with timeout={initialization_timeout}s")

chuk_tool_processor/mcp/transport/http_streamable_transport.py

@@ -45,6 +45,7 @@ class HTTPStreamableTransport(MCPBaseTransport):
         default_timeout: float = 30.0,
         session_id: str | None = None,
         enable_metrics: bool = True,
+        oauth_refresh_callback: Any | None = None,  # NEW: OAuth token refresh callback
     ):
         """
         Initialize HTTP Streamable transport with enhanced configuration.
@@ -57,6 +58,7 @@ class HTTPStreamableTransport(MCPBaseTransport):
             default_timeout: Default timeout for operations
             session_id: Optional session ID for stateful connections
             enable_metrics: Whether to track performance metrics
+            oauth_refresh_callback: Optional async callback to refresh OAuth tokens (NEW)
         """
         # Ensure URL points to the /mcp endpoint
         if not url.endswith("/mcp"):
@@ -70,6 +72,7 @@ class HTTPStreamableTransport(MCPBaseTransport):
         self.default_timeout = default_timeout
         self.session_id = session_id
         self.enable_metrics = enable_metrics
+        self.oauth_refresh_callback = oauth_refresh_callback  # NEW: OAuth refresh callback
 
         logger.debug("HTTP Streamable transport initialized with URL: %s", self.url)
         if self.api_key:
@@ -422,9 +425,44 @@ class HTTPStreamableTransport(MCPBaseTransport):
             response_time = time.time() - start_time
             result = self._normalize_mcp_response(raw_response)
 
+            # NEW: Check for OAuth errors and attempt refresh if callback is available
+            if result.get("isError", False) and self._is_oauth_error(result.get("error", "")):
+                logger.warning("OAuth error detected: %s", result.get("error"))
+
+                if self.oauth_refresh_callback:
+                    logger.info("Attempting OAuth token refresh...")
+                    try:
+                        # Call the refresh callback
+                        new_headers = await self.oauth_refresh_callback()
+
+                        if new_headers and "Authorization" in new_headers:
+                            # Update configured headers with new token
+                            self.configured_headers.update(new_headers)
+                            logger.info("OAuth token refreshed, reconnecting...")
+
+                            # Reconnect with new token
+                            if await self._attempt_recovery():
+                                logger.info("Retrying tool call after token refresh...")
+                                # Retry the tool call once with new token
+                                raw_response = await asyncio.wait_for(
+                                    send_tools_call(self._read_stream, self._write_stream, tool_name, arguments),
+                                    timeout=tool_timeout,
+                                )
+                                result = self._normalize_mcp_response(raw_response)
+                                logger.info("Tool call retry completed")
+                            else:
+                                logger.error("Failed to reconnect after token refresh")
+                        else:
+                            logger.warning("Token refresh did not return valid Authorization header")
+                    except Exception as refresh_error:
+                        logger.error("OAuth token refresh failed: %s", refresh_error)
+                else:
+                    logger.warning("OAuth error detected but no refresh callback configured")
+
             # Reset failure count on success
-            self._consecutive_failures = 0
-            self._last_successful_ping = time.time()  # Update health timestamp
+            if not result.get("isError", False):
+                self._consecutive_failures = 0
+                self._last_successful_ping = time.time()  # Update health timestamp
 
             if self.enable_metrics:
                 self._update_metrics(response_time, not result.get("isError", False))
@@ -477,6 +515,24 @@ class HTTPStreamableTransport(MCPBaseTransport):
         if self._metrics["total_calls"] > 0:
             self._metrics["avg_response_time"] = self._metrics["total_time"] / self._metrics["total_calls"]
 
+    def _is_oauth_error(self, error_msg: str) -> bool:
+        """Detect if error is OAuth-related (NEW)."""
+        if not error_msg:
+            return False
+
+        error_lower = error_msg.lower()
+        oauth_indicators = [
+            "invalid_token",
+            "expired token",
+            "oauth validation",
+            "unauthorized",
+            "token expired",
+            "authentication failed",
+            "invalid access token",
+        ]
+
+        return any(indicator in error_lower for indicator in oauth_indicators)
+
     async def list_resources(self) -> dict[str, Any]:
         """Enhanced resource listing with error handling."""
         if not self._initialized:

chuk_tool_processor/mcp/transport/sse_transport.py

@@ -38,6 +38,7 @@ class SSETransport(MCPBaseTransport):
         connection_timeout: float = 30.0,
         default_timeout: float = 60.0,
         enable_metrics: bool = True,
+        oauth_refresh_callback: Any | None = None,  # NEW: OAuth token refresh callback
     ):
         """
         Initialize SSE transport.
@@ -48,6 +49,7 @@ class SSETransport(MCPBaseTransport):
         self.connection_timeout = connection_timeout
         self.default_timeout = default_timeout
         self.enable_metrics = enable_metrics
+        self.oauth_refresh_callback = oauth_refresh_callback  # NEW: OAuth refresh callback
 
         logger.debug("SSE Transport initialized with URL: %s", self.url)
 
@@ -517,11 +519,55 @@ class SSETransport(MCPBaseTransport):
                 "tools/call", {"name": tool_name, "arguments": arguments}, timeout=timeout
             )
 
+            # Check for errors
             if "error" in response:
+                error_msg = response["error"].get("message", "Unknown error")
+
+                # NEW: Check for OAuth errors and attempt refresh if callback is available
+                if self._is_oauth_error(error_msg):
+                    logger.warning("OAuth error detected: %s", error_msg)
+
+                    if self.oauth_refresh_callback:
+                        logger.info("Attempting OAuth token refresh...")
+                        try:
+                            # Call the refresh callback
+                            new_headers = await self.oauth_refresh_callback()
+
+                            if new_headers and "Authorization" in new_headers:
+                                # Update configured headers with new token
+                                self.configured_headers.update(new_headers)
+                                logger.info("OAuth token refreshed, retrying tool call...")
+
+                                # Retry the tool call once with new token
+                                response = await self._send_request(
+                                    "tools/call", {"name": tool_name, "arguments": arguments}, timeout=timeout
+                                )
+
+                                # Check if retry succeeded
+                                if "error" not in response:
+                                    logger.info("Tool call succeeded after token refresh")
+                                    result = response.get("result", {})
+                                    normalized_result = self._normalize_mcp_response({"result": result})
+
+                                    if self.enable_metrics:
+                                        self._update_metrics(time.time() - start_time, True)
+
+                                    return normalized_result
+                                else:
+                                    error_msg = response["error"].get("message", "Unknown error")
+                                    logger.error("Tool call failed after token refresh: %s", error_msg)
+                            else:
+                                logger.warning("Token refresh did not return valid Authorization header")
+                        except Exception as refresh_error:
+                            logger.error("OAuth token refresh failed: %s", refresh_error)
+                    else:
+                        logger.warning("OAuth error detected but no refresh callback configured")
+
+                # Return error (original or from failed retry)
                 if self.enable_metrics:
                     self._update_metrics(time.time() - start_time, False)
 
-                return {"isError": True, "error": response["error"].get("message", "Unknown error")}
+                return {"isError": True, "error": error_msg}
 
             # Extract and normalize result using base class method
             result = response.get("result", {})
@@ -555,6 +601,24 @@ class SSETransport(MCPBaseTransport):
         if self._metrics["total_calls"] > 0:
             self._metrics["avg_response_time"] = self._metrics["total_time"] / self._metrics["total_calls"]
 
+    def _is_oauth_error(self, error_msg: str) -> bool:
+        """Detect if error is OAuth-related (NEW)."""
+        if not error_msg:
+            return False
+
+        error_lower = error_msg.lower()
+        oauth_indicators = [
+            "invalid_token",
+            "expired token",
+            "oauth validation",
+            "unauthorized",
+            "token expired",
+            "authentication failed",
+            "invalid access token",
+        ]
+
+        return any(indicator in error_lower for indicator in oauth_indicators)
+
     async def list_resources(self) -> dict[str, Any]:
         """List available resources from the server."""
         if not self._initialized:

{chuk_tool_processor-0.6.25.dist-info → chuk_tool_processor-0.6.27.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: chuk-tool-processor
-Version: 0.6.25
+Version: 0.6.27
 Summary: Async-native framework for registering, discovering, and executing tools referenced in LLM responses
 Author-email: CHUK Team <chrishayuk@somejunkmailbox.com>
 Maintainer-email: CHUK Team <chrishayuk@somejunkmailbox.com>
@@ -770,6 +770,78 @@ results = await processor.process(
 
 See `examples/notion_oauth.py`, `examples/stdio_sqlite.py`, and `examples/stdio_echo.py` for complete working implementations.
 
+#### OAuth Token Refresh
+
+For MCP servers that use OAuth authentication, CHUK Tool Processor supports automatic token refresh when access tokens expire. This prevents your tools from failing due to expired tokens during long-running sessions.
+
+**How it works:**
+1. When a tool call receives an OAuth-related error (e.g., "invalid_token", "expired token", "unauthorized")
+2. The processor automatically calls your refresh callback
+3. Updates the authentication headers with the new token
+4. Retries the tool call with fresh credentials
+
+**Setup with HTTP Streamable:**
+
+```python
+from chuk_tool_processor.mcp import setup_mcp_http_streamable
+
+async def refresh_oauth_token():
+    """Called automatically when tokens expire."""
+    # Your token refresh logic here
+    # Return dict with new Authorization header
+    new_token = await your_refresh_logic()
+    return {"Authorization": f"Bearer {new_token}"}
+
+processor, manager = await setup_mcp_http_streamable(
+    servers=[{
+        "name": "notion",
+        "url": "https://mcp.notion.com/mcp",
+        "headers": {"Authorization": f"Bearer {initial_access_token}"}
+    }],
+    namespace="notion",
+    oauth_refresh_callback=refresh_oauth_token  # Enable auto-refresh
+)
+```
+
+**Setup with SSE:**
+
+```python
+from chuk_tool_processor.mcp import setup_mcp_sse
+
+async def refresh_oauth_token():
+    """Refresh expired OAuth token."""
+    # Exchange refresh token for new access token
+    new_access_token = await exchange_refresh_token(refresh_token)
+    return {"Authorization": f"Bearer {new_access_token}"}
+
+processor, manager = await setup_mcp_sse(
+    servers=[{
+        "name": "atlassian",
+        "url": "https://mcp.atlassian.com/v1/sse",
+        "headers": {"Authorization": f"Bearer {initial_token}"}
+    }],
+    namespace="atlassian",
+    oauth_refresh_callback=refresh_oauth_token
+)
+```
+
+**OAuth errors detected automatically:**
+- `invalid_token`
+- `expired token`
+- `OAuth validation failed`
+- `unauthorized`
+- `token expired`
+- `authentication failed`
+- `invalid access token`
+
+**Important notes:**
+- The refresh callback must return a dict with an `Authorization` key
+- If refresh fails or returns invalid headers, the original error is returned
+- Token refresh is attempted only once per tool call (no infinite retry loops)
+- After successful refresh, the updated headers are used for all subsequent calls
+
+See `examples/notion_oauth.py` for a complete OAuth 2.1 implementation with PKCE and automatic token refresh.
+
 ### Observability
 
 #### Structured Logging

{chuk_tool_processor-0.6.25.dist-info → chuk_tool_processor-0.6.27.dist-info}/RECORD

@@ -19,14 +19,14 @@ chuk_tool_processor/logging/metrics.py,sha256=8LRHjgkfdcQnh4H7AP2FJDfcRO3q1UpsBS
 chuk_tool_processor/mcp/__init__.py,sha256=xqtoSGX1_5jZDJ6AKJpBByaytS22baDOrhzFiecvVSs,1031
 chuk_tool_processor/mcp/mcp_tool.py,sha256=zOx3YeuKyuFK-PbUt3gqdq_q8VRrHFD6sgma6qKbfPY,19170
 chuk_tool_processor/mcp/register_mcp_tools.py,sha256=OyHczwVnqhvBZO9g4I0T56EPMvFYBOl0Y2ivNPdKjCE,4822
-chuk_tool_processor/mcp/setup_mcp_http_streamable.py,sha256=dL-sWS7WivzmAc3SxrPS1jSmhX6AFg3NBegsEy7W9gk,4682
-chuk_tool_processor/mcp/setup_mcp_sse.py,sha256=7suVUR9Is4dFlgrG3_6ebgek8Yy9KpZA3hTWaCoo7vs,3921
+chuk_tool_processor/mcp/setup_mcp_http_streamable.py,sha256=8NCjeEZjV0KrapCqAvGh6jr5G8B24xOxxAaKUyoiykw,4935
+chuk_tool_processor/mcp/setup_mcp_sse.py,sha256=gvixVml8HN2BdM9Ug_JYp0yHqA1owieyX8Yxx0HNOqg,4174
 chuk_tool_processor/mcp/setup_mcp_stdio.py,sha256=KxCC0BL0C6z5ZHxBzPhWZC9CKrGUACXqx1tkjru-UYI,2922
-chuk_tool_processor/mcp/stream_manager.py,sha256=P3XsT__e-Giv3SCgv5w7X7sUX85HUL4CSpgoWUU4StE,33056
+chuk_tool_processor/mcp/stream_manager.py,sha256=GKUXqJpRn_O8008qJompwZfdFlb6nRlZZGh8jqr23y0,34184
 chuk_tool_processor/mcp/transport/__init__.py,sha256=Gpw9QZctxfO-tWZ8URpyFU8rePc5Xe7VZiAvXaiF8cw,657
 chuk_tool_processor/mcp/transport/base_transport.py,sha256=rG61TlaignbVZbsqdBS38TnFzTVO666ehKEI0IUAJCM,8675
-chuk_tool_processor/mcp/transport/http_streamable_transport.py,sha256=00-kGM3Ie-fdi8VdIE-_YFsKP9_O8lEz9rGtPrR-Vy4,23619
-chuk_tool_processor/mcp/transport/sse_transport.py,sha256=gjtDe7KHnJMECITqjxfUhg3nVBuUFZhZv-k77gRiUsE,27399
+chuk_tool_processor/mcp/transport/http_streamable_transport.py,sha256=PKU-s2cofagY_x5nwocfi3Q0uJjoAHh8ALP0nePWVRc,26547
+chuk_tool_processor/mcp/transport/sse_transport.py,sha256=WfsfsHzN579vPLl13cjHwi5sn_uKrf4ZnVxasEYHy6I,30629
 chuk_tool_processor/mcp/transport/stdio_transport.py,sha256=bDh3eqe9BnPvcmG7F4BWqGjGO3e8q0lwcZeswx_jK0U,29558
 chuk_tool_processor/models/__init__.py,sha256=A3ysSvRxaxso_AN57QZt5ZYahJH5zlL-IENqNaius84,41
 chuk_tool_processor/models/execution_strategy.py,sha256=O0h8d8JSgm-tv26Cc5jAkZqup8vIgx0zfb5n0b2vpSk,1967
@@ -54,7 +54,7 @@ chuk_tool_processor/registry/providers/__init__.py,sha256=iGc_2JzlYJSBRQ6tFbX781
 chuk_tool_processor/registry/providers/memory.py,sha256=udfboAHH0gRxtnf3GsI3wMshhobJxYnCkMwKjQ_uqkw,5017
 chuk_tool_processor/utils/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 chuk_tool_processor/utils/validation.py,sha256=jHPO65sB61ynm9P6V3th4pN7j4u0SQhYR-bstj5QjnI,4175
-chuk_tool_processor-0.6.25.dist-info/METADATA,sha256=p0Up04jiimvOqYutjykDUoj7gviM6vSmA6SixQGdWTw,36881
-chuk_tool_processor-0.6.25.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-chuk_tool_processor-0.6.25.dist-info/top_level.txt,sha256=7lTsnuRx4cOW4U2sNJWNxl4ZTt_J1ndkjTbj3pHPY5M,20
-chuk_tool_processor-0.6.25.dist-info/RECORD,,
+chuk_tool_processor-0.6.27.dist-info/METADATA,sha256=_EJFoLfhbyqOeXNhpHu9N2z4HMLlTfkDMCb9nO97OVo,39362
+chuk_tool_processor-0.6.27.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+chuk_tool_processor-0.6.27.dist-info/top_level.txt,sha256=7lTsnuRx4cOW4U2sNJWNxl4ZTt_J1ndkjTbj3pHPY5M,20
+chuk_tool_processor-0.6.27.dist-info/RECORD,,