nvidia-nat-mcp 1.3.0a20250929__py3-none-any.whl → 1.3.0a20251001__py3-none-any.whl

nat/plugins/mcp/auth/auth_flow_handler.py

@@ -127,7 +127,7 @@ class MCPAuthenticationFlowHandler(ConsoleAuthenticationFlowHandler):
         try:
             token = await asyncio.wait_for(flow_state.future, timeout=timeout)
             logger.info("MCP authentication successful, token obtained")
-        except asyncio.TimeoutError as exc:
+        except TimeoutError as exc:
             logger.error("MCP authentication timed out")
             raise RuntimeError(f"MCP authentication timed out ({timeout} seconds). Please try again.") from exc
         finally:

nat/plugins/mcp/auth/auth_provider.py

@@ -15,7 +15,7 @@
 
 import logging
 from collections.abc import Awaitable
-from typing import Callable
+from collections.abc import Callable
 from urllib.parse import urljoin
 from urllib.parse import urlparse
 
@@ -321,6 +321,10 @@ class MCPOAuth2Provider(AuthProviderBase[MCPOAuth2ProviderConfig]):
 
         Otherwise, performs standard authentication flow.
         """
+        if not user_id:
+            # MCP tool calls cannot be made without an authorized user
+            raise RuntimeError("User is not authorized to call the tool")
+
         response = kwargs.get('response')
         if response and response.status_code == 401:
             await self._discover_and_register(response=response)

nat/plugins/mcp/client_base.py

@@ -59,6 +59,8 @@ class AuthAdapter(httpx.Auth):
         self.auth_provider = auth_provider
         # each adapter instance has its own lock to avoid unnecessary delays for multiple clients
         self._lock = anyio.Lock()
+        # Track whether we're currently in an interactive authentication flow
+        self.is_authenticating = False
 
     async def async_auth_flow(self, request: httpx.Request) -> AsyncGenerator[httpx.Request, httpx.Response]:
         """Add authentication headers to the request using NAT auth provider."""
@@ -85,11 +87,21 @@ class AuthAdapter(httpx.Auth):
                     # 4. The auth headers are revoked
                     # 5. Auth config on the MCP server has changed
                     # In this case we attempt to re-run discovery and authentication
+
+                    # Signal that we're entering interactive auth flow
+                    self.is_authenticating = True
+                    logger.debug("Starting authentication flow due to 401 response")
+
                     auth_headers = await self._get_auth_headers(request=request, response=response)
                     request.headers.update(auth_headers)
                     yield request  # Retry the request
                 except Exception as e:
                     logger.info("Failed to refresh auth after 401: %s", e)
+                    raise
+                finally:
+                    # Signal that auth flow is complete
+                    self.is_authenticating = False
+                    logger.debug("Authentication flow completed")
         return
 
     def _get_session_id_from_tool_call_request(self, request: httpx.Request) -> tuple[str | None, bool]:
@@ -120,11 +132,8 @@ class AuthAdapter(httpx.Auth):
                 session_id, is_tool_call = self._get_session_id_from_tool_call_request(request)
 
             if is_tool_call:
-                # Tool call requests should use the session id if it exists, default user id can be used if allowed
-                if self.auth_provider.config.allow_default_user_id_for_tool_calls:
-                    user_id = session_id or self.auth_provider.config.default_user_id
-                else:
-                    user_id = session_id
+                # Tool call requests should use the session id
+                user_id = session_id
             else:
                 # Non-tool call requests should use the session id if it exists and fallback to default user id
                 user_id = session_id or self.auth_provider.config.default_user_id
@@ -151,12 +160,19 @@ class MCPBaseClient(ABC):
     Args:
         transport (str): The type of client to use ('sse', 'stdio', or 'streamable-http')
         auth_provider (AuthProviderBase | None): Optional authentication provider for Bearer token injection
+        tool_call_timeout (timedelta): Timeout for tool calls when authentication is not required
+        auth_flow_timeout (timedelta): Extended timeout for tool calls that may require interactive authentication
+        reconnect_enabled (bool): Whether to automatically reconnect on connection failures
+        reconnect_max_attempts (int): Maximum number of reconnection attempts
+        reconnect_initial_backoff (float): Initial backoff delay in seconds for reconnection attempts
+        reconnect_max_backoff (float): Maximum backoff delay in seconds for reconnection attempts
     """
 
     def __init__(self,
                  transport: str = 'streamable-http',
                  auth_provider: AuthProviderBase | None = None,
-                 tool_call_timeout: timedelta = timedelta(seconds=5),
+                 tool_call_timeout: timedelta = timedelta(seconds=60),
+                 auth_flow_timeout: timedelta = timedelta(seconds=300),
                  reconnect_enabled: bool = True,
                  reconnect_max_attempts: int = 2,
                  reconnect_initial_backoff: float = 0.5,
@@ -176,6 +192,7 @@ class MCPBaseClient(ABC):
         self._httpx_auth = AuthAdapter(auth_provider) if auth_provider else None
 
         self._tool_call_timeout = tool_call_timeout
+        self._auth_flow_timeout = auth_flow_timeout
 
         # Reconnect configuration
         self._reconnect_enabled = reconnect_enabled
@@ -184,6 +201,10 @@ class MCPBaseClient(ABC):
         self._reconnect_max_backoff = reconnect_max_backoff
         self._reconnect_lock: asyncio.Lock = asyncio.Lock()
 
+    @property
+    def auth_provider(self) -> AuthProviderBase | None:
+        return self._auth_provider
+
     @property
     def transport(self) -> str:
         return self._transport
@@ -266,12 +287,25 @@ class MCPBaseClient(ABC):
     async def _with_reconnect(self, coro):
         """
         Execute an awaited operation, reconnecting once on errors.
+        Does not reconnect if the error occurs during an active authentication flow.
         """
         try:
             return await coro()
         except Exception as e:
+            # Check if error happened during active authentication flow
+            if self._httpx_auth and self._httpx_auth.is_authenticating:
+                # Provide specific error message for authentication timeouts
+                if isinstance(e, TimeoutError):
+                    logger.error("Timeout during user authentication flow - user may have abandoned authentication")
+                    raise RuntimeError(
+                        "Authentication timed out. User did not complete authentication in browser within "
+                        f"{self._auth_flow_timeout.total_seconds()} seconds.") from e
+                else:
+                    logger.error("Error during authentication flow: %s", e)
+                    raise
+
+            # Normal error - attempt reconnect if enabled
             if self._reconnect_enabled:
-                logger.warning("MCP Client operation failed. Attempting reconnect: %s", e)
                 try:
                     await self._reconnect()
                 except Exception as reconnect_err:
@@ -280,7 +314,49 @@ class MCPBaseClient(ABC):
                 return await coro()
             raise
 
-    async def get_tools(self):
+    async def _has_cached_auth_token(self) -> bool:
+        """
+        Check if we have a cached, non-expired authentication token.
+
+        Returns:
+            bool: True if we have a valid cached token, False if authentication may be needed
+        """
+        if not self._auth_provider:
+            return True  # No auth needed
+
+        try:
+            # Check if OAuth2 provider has tokens cached
+            if hasattr(self._auth_provider, '_auth_code_provider'):
+                provider = self._auth_provider._auth_code_provider
+                if provider and hasattr(provider, '_authenticated_tokens'):
+                    # Check if we have at least one non-expired token
+                    for auth_result in provider._authenticated_tokens.values():
+                        if not auth_result.is_expired():
+                            return True
+
+            return False
+        except Exception:
+            # If we can't check, assume we need auth to be safe
+            return False
+
+    async def _get_tool_call_timeout(self) -> timedelta:
+        """
+        Determine the appropriate timeout for a tool call based on authentication state.
+
+        Returns:
+            timedelta: auth_flow_timeout if authentication may be needed, tool_call_timeout otherwise
+        """
+        if self._auth_provider:
+            has_token = await self._has_cached_auth_token()
+            timeout = self._tool_call_timeout if has_token else self._auth_flow_timeout
+            if not has_token:
+                logger.debug("Using extended timeout (%s) for potential interactive authentication", timeout)
+            return timeout
+        else:
+            return self._tool_call_timeout
+
+    @mcp_exception_handler
+    async def get_tools(self) -> dict[str, MCPToolClient]:
         """
         Retrieve a dictionary of all tools served by the MCP server.
         Uses unauthenticated session for discovery.
@@ -288,7 +364,16 @@ class MCPBaseClient(ABC):
 
         async def _get_tools():
             session = self._session
-            return await session.list_tools()
+            try:
+                # Add timeout to the list_tools call.
+                # This is needed because MCP SDK does not support timeout for list_tools()
+                with anyio.fail_after(self._tool_call_timeout.total_seconds()):
+                    tools = await session.list_tools()
+            except TimeoutError as e:
+                from nat.plugins.mcp.exceptions import MCPTimeoutError
+                raise MCPTimeoutError(self.server_name, e)
+
+            return tools
 
         try:
             response = await self._with_reconnect(_get_tools)
@@ -302,8 +387,7 @@ class MCPBaseClient(ABC):
                               tool_name=tool.name,
                               tool_description=tool.description,
                               tool_input_schema=tool.inputSchema,
-                              parent_client=self,
-                              tool_call_timeout=self._tool_call_timeout)
+                              parent_client=self)
             for tool in response.tools
         }
 
@@ -350,12 +434,7 @@ class MCPBaseClient(ABC):
         async def _call_tool_with_meta():
             params = CallToolRequestParams(name=tool_name, arguments=args, **{"_meta": {"session_id": session_id}})
             req = ClientRequest(CallToolRequest(params=params))
-            # We will increase the timeout to 5 minutes if the tool call timeout is less than 5 min and
-            # auth is enabled.
-            if self._auth_provider and self._tool_call_timeout.total_seconds() < 300:
-                timeout = timedelta(seconds=300)
-            else:
-                timeout = self._tool_call_timeout
+            timeout = await self._get_tool_call_timeout()
             return await self._session.send_request(req, CallToolResult, request_read_timeout_seconds=timeout)
 
         return await self._with_reconnect(_call_tool_with_meta)
@@ -365,7 +444,8 @@ class MCPBaseClient(ABC):
 
         async def _call_tool():
             session = self._session
-            return await session.call_tool(tool_name, tool_args, read_timeout_seconds=self._tool_call_timeout)
+            timeout = await self._get_tool_call_timeout()
+            return await session.call_tool(tool_name, tool_args, read_timeout_seconds=timeout)
 
         return await self._with_reconnect(_call_tool)
 
@@ -380,13 +460,15 @@ class MCPSSEClient(MCPBaseClient):
 
     def __init__(self,
                  url: str,
-                 tool_call_timeout: timedelta = timedelta(seconds=5),
+                 tool_call_timeout: timedelta = timedelta(seconds=60),
+                 auth_flow_timeout: timedelta = timedelta(seconds=300),
                  reconnect_enabled: bool = True,
                  reconnect_max_attempts: int = 2,
                  reconnect_initial_backoff: float = 0.5,
                  reconnect_max_backoff: float = 50.0):
         super().__init__("sse",
                          tool_call_timeout=tool_call_timeout,
+                         auth_flow_timeout=auth_flow_timeout,
                          reconnect_enabled=reconnect_enabled,
                          reconnect_max_attempts=reconnect_max_attempts,
                          reconnect_initial_backoff=reconnect_initial_backoff,
@@ -429,13 +511,15 @@ class MCPStdioClient(MCPBaseClient):
                  command: str,
                  args: list[str] | None = None,
                  env: dict[str, str] | None = None,
-                 tool_call_timeout: timedelta = timedelta(seconds=5),
+                 tool_call_timeout: timedelta = timedelta(seconds=60),
+                 auth_flow_timeout: timedelta = timedelta(seconds=300),
                  reconnect_enabled: bool = True,
                  reconnect_max_attempts: int = 2,
                  reconnect_initial_backoff: float = 0.5,
                  reconnect_max_backoff: float = 50.0):
         super().__init__("stdio",
                          tool_call_timeout=tool_call_timeout,
+                         auth_flow_timeout=auth_flow_timeout,
                          reconnect_enabled=reconnect_enabled,
                          reconnect_max_attempts=reconnect_max_attempts,
                          reconnect_initial_backoff=reconnect_initial_backoff,
@@ -486,7 +570,8 @@ class MCPStreamableHTTPClient(MCPBaseClient):
     def __init__(self,
                  url: str,
                  auth_provider: AuthProviderBase | None = None,
-                 tool_call_timeout: timedelta = timedelta(seconds=5),
+                 tool_call_timeout: timedelta = timedelta(seconds=60),
+                 auth_flow_timeout: timedelta = timedelta(seconds=300),
                  reconnect_enabled: bool = True,
                  reconnect_max_attempts: int = 2,
                  reconnect_initial_backoff: float = 0.5,
@@ -494,6 +579,7 @@ class MCPStreamableHTTPClient(MCPBaseClient):
         super().__init__("streamable-http",
                          auth_provider=auth_provider,
                          tool_call_timeout=tool_call_timeout,
+                         auth_flow_timeout=auth_flow_timeout,
                          reconnect_enabled=reconnect_enabled,
                          reconnect_max_attempts=reconnect_max_attempts,
                          reconnect_initial_backoff=reconnect_initial_backoff,
@@ -536,17 +622,15 @@ class MCPToolClient:
 
     def __init__(self,
                  session: ClientSession,
-                 parent_client: "MCPBaseClient",
+                 parent_client: MCPBaseClient,
                  tool_name: str,
                  tool_description: str | None,
-                 tool_input_schema: dict | None = None,
-                 tool_call_timeout: timedelta = timedelta(seconds=5)):
+                 tool_input_schema: dict | None = None):
         self._session = session
         self._tool_name = tool_name
         self._tool_description = tool_description
         self._input_schema = (model_from_mcp_schema(self._tool_name, tool_input_schema) if tool_input_schema else None)
         self._parent_client = parent_client
-        self._tool_call_timeout = tool_call_timeout
 
         if self._parent_client is None:
             raise RuntimeError("MCPToolClient initialized without a parent client.")
@@ -578,6 +662,32 @@ class MCPToolClient:
         """
         self._tool_description = description
 
+    def _get_session_id(self) -> str | None:
+        """
+        Get the session id from the context.
+        """
+        from nat.builder.context import Context as _Ctx
+
+        # get auth callback (for example: WebSocketAuthenticationFlowHandler). this is lazily set in the client
+        # on first tool call
+        auth_callback = _Ctx.get().user_auth_callback
+        if auth_callback and self._parent_client:
+            # set custom auth callback
+            self._parent_client.set_user_auth_callback(auth_callback)
+
+        # get session id from context, authentication is done per-websocket session for tool calls
+        session_id = None
+        cookies = getattr(_Ctx.get().metadata, "cookies", None)
+        if cookies:
+            session_id = cookies.get("nat-session")
+
+        if not session_id:
+            # use default user id if allowed
+            if self._parent_client.auth_provider and \
+                self._parent_client.auth_provider.config.allow_default_user_id_for_tool_calls:
+                session_id = self._parent_client.auth_provider.config.default_user_id
+        return session_id
+
     async def acall(self, tool_args: dict) -> str:
         """
         Call the MCP tool with the provided arguments.
@@ -589,31 +699,24 @@ class MCPToolClient:
             raise RuntimeError("No session available for tool call")
 
         # Extract context information
-        session_id = None
         try:
-            from nat.builder.context import Context as _Ctx
-
-            # get auth callback (for example: WebSocketAuthenticationFlowHandler). this is lazily set in the client
-            # on first tool call
-            auth_callback = _Ctx.get().user_auth_callback
-            if auth_callback and self._parent_client:
-                # set custom auth callback
-                self._parent_client.set_user_auth_callback(auth_callback)
-
-            # get session id from context, authentication is done per-websocket session for tool calls
-            cookies = getattr(_Ctx.get().metadata, "cookies", None)
-            if cookies:
-                session_id = cookies.get("nat-session")
+            session_id = self._get_session_id()
         except Exception:
-            pass
+            session_id = None
 
         try:
+            # if auth is enabled and session id is not available return user is not authorized to call the tool
+            if self._parent_client.auth_provider and not session_id:
+                result_str = "User is not authorized to call the tool"
+                mcp_error: MCPError = convert_to_mcp_error(RuntimeError(result_str), self._parent_client.server_name)
+                raise mcp_error
+
             if session_id:
                 logger.info("Calling tool %s with arguments %s for a user session", self._tool_name, tool_args)
                 result = await self._parent_client.call_tool_with_meta(self._tool_name, tool_args, session_id)
             else:
                 logger.info("Calling tool %s with arguments %s", self._tool_name, tool_args)
-                result = await self._session.call_tool(self._tool_name, tool_args)
+                result = await self._parent_client.call_tool(self._tool_name, tool_args)
 
             output = []
             for res in result.content:
@@ -630,6 +733,6 @@ class MCPToolClient:
 
         except MCPError as e:
             format_mcp_error(e, include_traceback=False)
-            result_str = "MCPToolClient tool call failed: %s" % e.original_exception
+            result_str = f"MCPToolClient tool call failed: {e.original_exception}"
 
         return result_str

nat/plugins/mcp/client_impl.py

@@ -32,6 +32,50 @@ from nat.plugins.mcp.tool import mcp_tool_function
 logger = logging.getLogger(__name__)
 
 
+class MCPFunctionGroup(FunctionGroup):
+    """
+    A specialized FunctionGroup for MCP clients that includes MCP-specific attributes
+    with proper type safety.
+    """
+
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+        # MCP client attributes with proper typing
+        self._mcp_client = None  # Will be set to the actual MCP client instance
+        self._mcp_client_server_name: str | None = None
+        self._mcp_client_transport: str | None = None
+
+    @property
+    def mcp_client(self):
+        """Get the MCP client instance."""
+        return self._mcp_client
+
+    @mcp_client.setter
+    def mcp_client(self, client):
+        """Set the MCP client instance."""
+        self._mcp_client = client
+
+    @property
+    def mcp_client_server_name(self) -> str | None:
+        """Get the MCP client server name."""
+        return self._mcp_client_server_name
+
+    @mcp_client_server_name.setter
+    def mcp_client_server_name(self, server_name: str | None):
+        """Set the MCP client server name."""
+        self._mcp_client_server_name = server_name
+
+    @property
+    def mcp_client_transport(self) -> str | None:
+        """Get the MCP client transport type."""
+        return self._mcp_client_transport
+
+    @mcp_client_transport.setter
+    def mcp_client_transport(self, transport: str | None):
+        """Set the MCP client transport type."""
+        self._mcp_client_transport = transport
+
+
 class MCPToolOverrideConfig(BaseModel):
     """
     Configuration for overriding tool properties when exposing from MCP server.
@@ -95,6 +139,10 @@ class MCPClientConfig(FunctionGroupBaseConfig, name="mcp_client"):
     tool_call_timeout: timedelta = Field(
         default=timedelta(seconds=60),
         description="Timeout (in seconds) for the MCP tool call. Defaults to 60 seconds.")
+    auth_flow_timeout: timedelta = Field(
+        default=timedelta(seconds=300),
+        description="Timeout (in seconds) for the MCP auth flow. When the tool call requires interactive \
+        authentication, this timeout is used. Defaults to 300 seconds.")
     reconnect_enabled: bool = Field(
         default=True,
         description="Whether to enable reconnecting to the MCP server if the connection is lost. \
@@ -152,7 +200,8 @@ async def mcp_client_function_group(config: MCPClientConfig, _builder: Builder):
         client = MCPStdioClient(config.server.command,
                                 config.server.args,
                                 config.server.env,
-                                config.tool_call_timeout,
+                                tool_call_timeout=config.tool_call_timeout,
+                                auth_flow_timeout=config.auth_flow_timeout,
                                 reconnect_enabled=config.reconnect_enabled,
                                 reconnect_max_attempts=config.reconnect_max_attempts,
                                 reconnect_initial_backoff=config.reconnect_initial_backoff,
@@ -160,6 +209,7 @@ async def mcp_client_function_group(config: MCPClientConfig, _builder: Builder):
     elif config.server.transport == "sse":
         client = MCPSSEClient(str(config.server.url),
                               tool_call_timeout=config.tool_call_timeout,
+                              auth_flow_timeout=config.auth_flow_timeout,
                               reconnect_enabled=config.reconnect_enabled,
                               reconnect_max_attempts=config.reconnect_max_attempts,
                               reconnect_initial_backoff=config.reconnect_initial_backoff,
@@ -168,6 +218,7 @@ async def mcp_client_function_group(config: MCPClientConfig, _builder: Builder):
         client = MCPStreamableHTTPClient(str(config.server.url),
                                          auth_provider=auth_provider,
                                          tool_call_timeout=config.tool_call_timeout,
+                                         auth_flow_timeout=config.auth_flow_timeout,
                                          reconnect_enabled=config.reconnect_enabled,
                                          reconnect_max_attempts=config.reconnect_max_attempts,
                                          reconnect_initial_backoff=config.reconnect_initial_backoff,
@@ -177,10 +228,16 @@ async def mcp_client_function_group(config: MCPClientConfig, _builder: Builder):
 
     logger.info("Configured to use MCP server at %s", client.server_name)
 
-    # Create the function group
-    group = FunctionGroup(config=config)
+    # Create the MCP function group
+    group = MCPFunctionGroup(config=config)
 
     async with client:
+        # Expose the live MCP client on the function group instance so other components (e.g., HTTP endpoints)
+        # can reuse the already-established session instead of creating a new client per request.
+        group.mcp_client = client
+        group.mcp_client_server_name = client.server_name
+        group.mcp_client_transport = client.transport
+
         all_tools = await client.get_tools()
         tool_overrides = mcp_apply_tool_alias_and_description(all_tools, config.tool_overrides)
 
@@ -196,12 +253,24 @@ async def mcp_client_function_group(config: MCPClientConfig, _builder: Builder):
             # Create the tool function
             tool_fn = mcp_tool_function(tool)
 
+            # Normalize optional typing for linter/type-checker compatibility
+            single_fn = tool_fn.single_fn
+            if single_fn is None:
+                # Should not happen because mcp_tool_function always sets a single_fn
+                logger.warning("Skipping tool %s because single_fn is None", function_name)
+                continue
+
+            input_schema = tool_fn.input_schema
+            # Convert NoneType sentinel to None for FunctionGroup.add_function signature
+            if input_schema is type(None):  # noqa: E721
+                input_schema = None
+
             # Add to group
             logger.info("Adding tool %s to group", function_name)
             group.add_function(name=function_name,
                                description=description,
-                               fn=tool_fn.single_fn,
-                               input_schema=tool_fn.input_schema,
+                               fn=single_fn,
+                               input_schema=input_schema,
                                converters=tool_fn.converters)
 
         yield group

nat/plugins/mcp/exception_handler.py

@@ -94,7 +94,7 @@ def extract_primary_exception(exceptions: list[Exception]) -> Exception:
     """
     # Prioritize connection errors
     for exc in exceptions:
-        if isinstance(exc, (httpx.ConnectError, ConnectionError)):
+        if isinstance(exc, httpx.ConnectError | ConnectionError):
             return exc
 
     # Then timeout errors

{nvidia_nat_mcp-1.3.0a20250929.dist-info → nvidia_nat_mcp-1.3.0a20251001.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: nvidia-nat-mcp
-Version: 1.3.0a20250929
+Version: 1.3.0a20251001
 Summary: Subpackage for MCP client integration in NeMo Agent toolkit
 Keywords: ai,rag,agents,mcp
 Classifier: Programming Language :: Python
@@ -9,7 +9,7 @@ Classifier: Programming Language :: Python :: 3.12
 Classifier: Programming Language :: Python :: 3.13
 Requires-Python: <3.14,>=3.11
 Description-Content-Type: text/markdown
-Requires-Dist: nvidia-nat==v1.3.0a20250929
+Requires-Dist: nvidia-nat==v1.3.0a20251001
 Requires-Dist: mcp~=1.14
 
 <!--

{nvidia_nat_mcp-1.3.0a20250929.dist-info → nvidia_nat_mcp-1.3.0a20251001.dist-info}/RECORD

@@ -1,19 +1,19 @@
 nat/meta/pypi.md,sha256=GyV4DI1d9ThgEhnYTQ0vh40Q9hPC8jN-goLnRiFDmZ8,1498
 nat/plugins/mcp/__init__.py,sha256=GUJrgGtpvyMUCjUBvR3faAdv-tZzbU9W-izgx9aMEQg,680
-nat/plugins/mcp/client_base.py,sha256=x6NHs3X2alyB6Wo4pjWZrGyuU7lLqGC_cLO9fuL4Zgw,25194
-nat/plugins/mcp/client_impl.py,sha256=M1gTMlp3RLhFaAHOvwkk38boFy05MixV_glrIEcMjvo,10759
-nat/plugins/mcp/exception_handler.py,sha256=JdPdZG1NgWpdRnIz7JTGHiJASS5wot9nJiD3SRWV4Kw,7649
+nat/plugins/mcp/client_base.py,sha256=x_mgrCORXqYfJcYZg8zd0wm1AN1uFl51A7bYye0X-rc,30151
+nat/plugins/mcp/client_impl.py,sha256=FGWlpzyBDR2tNkV9Ek7brSX9EWh98kfAGCr49zMzDSU,13657
+nat/plugins/mcp/exception_handler.py,sha256=4JVdZDJL4LyumZEcMIEBK2LYC6djuSMzqUhQDZZ6dUo,7648
 nat/plugins/mcp/exceptions.py,sha256=EGVOnYlui8xufm8dhJyPL1SUqBLnCGOTvRoeyNcmcWE,5980
 nat/plugins/mcp/register.py,sha256=HOT2Wl2isGuyFc7BUTi58-BbjI5-EtZMZo7stsv5pN4,831
 nat/plugins/mcp/tool.py,sha256=v3MFsiaLJy8Ourcfqa6ohtAE2Nn-vqpC6Q6gsCdJ28Q,6165
 nat/plugins/mcp/utils.py,sha256=3fuzYpC14wrfMOTOGvY2KHWcxZvBWqrxdDZD17lhmC8,4055
 nat/plugins/mcp/auth/__init__.py,sha256=GUJrgGtpvyMUCjUBvR3faAdv-tZzbU9W-izgx9aMEQg,680
-nat/plugins/mcp/auth/auth_flow_handler.py,sha256=eRqRS2t-YzJ3kEFaG0PEC8DzctYzaJzr9XLZGkvuxq0,6018
-nat/plugins/mcp/auth/auth_provider.py,sha256=5TTaPlIXMgwrE4YcZ_HO9-GNBBFaDTdUKAa5fuALayI,19142
+nat/plugins/mcp/auth/auth_flow_handler.py,sha256=2JgK0aH-5ouQCd2ov0lDMJAD5ZWIQJ7SVcXaLArxn6Y,6010
+nat/plugins/mcp/auth/auth_provider.py,sha256=OfxPCEaXuhP8anOdrTRH-_E78CrbJtzW6i81_kebpDk,19321
 nat/plugins/mcp/auth/auth_provider_config.py,sha256=vhU47Vcp_30M8tWu0FumbJ6pdUnFbBZm-ABdNlup__U,3821
 nat/plugins/mcp/auth/register.py,sha256=yzphsn1I4a5G39_IacbuX0ZQqGM8fevvTUM_B94UXKE,1211
-nvidia_nat_mcp-1.3.0a20250929.dist-info/METADATA,sha256=HceYMMAdbXe5IBiiXJIyrd5IdEUcWIHgjJtiW53BT4I,1997
-nvidia_nat_mcp-1.3.0a20250929.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-nvidia_nat_mcp-1.3.0a20250929.dist-info/entry_points.txt,sha256=rYvUp4i-klBr3bVNh7zYOPXret704vTjvCk1qd7FooI,97
-nvidia_nat_mcp-1.3.0a20250929.dist-info/top_level.txt,sha256=8-CJ2cP6-f0ZReXe5Hzqp-5pvzzHz-5Ds5H2bGqh1-U,4
-nvidia_nat_mcp-1.3.0a20250929.dist-info/RECORD,,
+nvidia_nat_mcp-1.3.0a20251001.dist-info/METADATA,sha256=RFkgBHpMSGrticp7yB2GeO5jvQh_OVW0iZ_QZTR1nUQ,1997
+nvidia_nat_mcp-1.3.0a20251001.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+nvidia_nat_mcp-1.3.0a20251001.dist-info/entry_points.txt,sha256=rYvUp4i-klBr3bVNh7zYOPXret704vTjvCk1qd7FooI,97
+nvidia_nat_mcp-1.3.0a20251001.dist-info/top_level.txt,sha256=8-CJ2cP6-f0ZReXe5Hzqp-5pvzzHz-5Ds5H2bGqh1-U,4
+nvidia_nat_mcp-1.3.0a20251001.dist-info/RECORD,,