nvidia-nat-mcp 1.3.0a20251012__py3-none-any.whl → 1.4.0a20251105__py3-none-any.whl

nat/plugins/mcp/auth/auth_flow_handler.py

@@ -54,6 +54,9 @@ class MCPAuthenticationFlowHandler(ConsoleAuthenticationFlowHandler):
         self._redirect_app: FastAPI | None = None
         self._server_lock = asyncio.Lock()
         self._oauth_client: AsyncOAuth2Client | None = None
+        self._redirect_host: str = "localhost"  # Default host, will be overridden from config
+        self._redirect_port: int = 8000  # Default port, will be overridden from config
+        self._server_task: asyncio.Task | None = None
 
     async def authenticate(self, config: AuthProviderBaseConfig, method: AuthFlowType) -> AuthenticatedContext:
         """
@@ -88,6 +91,34 @@ class MCPAuthenticationFlowHandler(ConsoleAuthenticationFlowHandler):
     async def _handle_oauth2_auth_code_flow(self, cfg: OAuth2AuthCodeFlowProviderConfig) -> AuthenticatedContext:
         logger.info("Starting MCP OAuth2 authorization code flow")
 
+        # Extract and validate host and port from redirect_uri for callback server
+        from urllib.parse import urlparse
+        parsed_uri = urlparse(str(cfg.redirect_uri))
+
+        # Validate scheme/host and choose a safe non-privileged bind port
+        scheme = (parsed_uri.scheme or "http").lower()
+        if scheme not in ("http", "https"):
+            raise ValueError(f"redirect_uri must use http or https scheme, got '{scheme}'")
+
+        host = parsed_uri.hostname
+        if not host:
+            raise ValueError("redirect_uri must include a hostname, for example http://localhost:8000/auth/redirect")
+
+        # Never auto-bind to 80/443; default to 8000 when port is not specified
+        port = parsed_uri.port or 8000
+        if not (1 <= port <= 65535):
+            raise ValueError(f"Invalid redirect port: {port}. Expected 1-65535.")
+
+        if scheme == "https" and parsed_uri.port is None:
+            logger.warning(
+                "redirect_uri uses https without an explicit port; binding to %d (plain HTTP). "
+                "Terminate TLS at a reverse proxy and forward to this port.",
+                port)
+
+        self._redirect_host = host
+        self._redirect_port = port
+        logger.info("MCP redirect server will use %s:%d", self._redirect_host, self._redirect_port)
+
         state = secrets.token_urlsafe(16)
         flow_state = _FlowState()
         client = self.construct_oauth_client(cfg)
@@ -142,3 +173,36 @@ class MCPAuthenticationFlowHandler(ConsoleAuthenticationFlowHandler):
                 "raw_token": token,
             },
         )
+
+    async def _start_redirect_server(self) -> None:
+        """
+        Override to use the host and port from redirect_uri config instead of hardcoded localhost:8000.
+
+        This allows MCP authentication to work with custom redirect hosts and ports
+        specified in the configuration.
+        """
+        # If the server is already running, do nothing
+        if self._server_controller:
+            return
+        try:
+            if not self._redirect_app:
+                raise RuntimeError("Redirect app not built.")
+
+            self._server_controller = _FastApiFrontEndController(self._redirect_app)
+
+            self._server_task = asyncio.create_task(
+                self._server_controller.start_server(host=self._redirect_host, port=self._redirect_port))
+            logger.debug("MCP redirect server starting on %s:%d", self._redirect_host, self._redirect_port)
+
+            # Wait for the server to bind (max ~10s)
+            start = asyncio.get_running_loop().time()
+            while True:
+                server = getattr(self._server_controller, "_server", None)
+                if server and getattr(server, "started", False):
+                    break
+                if asyncio.get_running_loop().time() - start > 10:
+                    raise RuntimeError("Redirect server did not report ready within 10s")
+                await asyncio.sleep(0.1)
+        except Exception as exc:
+            raise RuntimeError(
+                f"Failed to start MCP redirect server on {self._redirect_host}:{self._redirect_port}: {exc}") from exc

nat/plugins/mcp/auth/auth_provider_config.py

@@ -18,6 +18,7 @@ from pydantic import HttpUrl
 from pydantic import model_validator
 
 from nat.authentication.interfaces import AuthProviderBaseConfig
+from nat.data_models.common import OptionalSecretStr
 
 
 class MCPOAuth2ProviderConfig(AuthProviderBaseConfig, name="mcp_oauth2"):
@@ -36,7 +37,8 @@ class MCPOAuth2ProviderConfig(AuthProviderBaseConfig, name="mcp_oauth2"):
 
     # Client registration (manual registration vs DCR)
     client_id: str | None = Field(default=None, description="OAuth2 client ID for pre-registered clients")
-    client_secret: str | None = Field(default=None, description="OAuth2 client secret for pre-registered clients")
+    client_secret: OptionalSecretStr = Field(default=None,
+                                             description="OAuth2 client secret for pre-registered clients")
     enable_dynamic_registration: bool = Field(default=True,
                                               description="Enable OAuth2 Dynamic Client Registration (RFC 7591)")
     client_name: str = Field(default="NAT MCP Client", description="OAuth2 client name for dynamic registration")

nat/plugins/mcp/utils.py

@@ -47,7 +47,7 @@ def model_from_mcp_schema(name: str, mcp_input_schema: dict) -> type[BaseModel]:
         "integer": int,
         "boolean": bool,
         "array": list,
-        "null": None,
+        "null": type(None),
         "object": dict,
     }
 
@@ -58,51 +58,168 @@ def model_from_mcp_schema(name: str, mcp_input_schema: dict) -> type[BaseModel]:
     def _generate_valid_classname(class_name: str):
         return class_name.replace('_', ' ').replace('-', ' ').title().replace(' ', '')
 
-    def _generate_field(field_name: str, field_properties: dict[str, Any]) -> tuple:
-        json_type = field_properties.get("type", "string")
-        enum_vals = field_properties.get("enum")
-
+    def _resolve_schema_type(schema: dict[str, Any], name: str) -> Any:
+        """
+        Recursively resolve a JSON schema to a Python type.
+        Handles nested anyOf/oneOf, arrays, objects, enums, and primitive types.
+        """
+        # Check for anyOf/oneOf first
+        any_of = schema.get("anyOf")
+        one_of = schema.get("oneOf")
+
+        if any_of or one_of:
+            union_schemas = any_of if any_of else one_of
+            resolved_type: Any = None
+
+            if union_schemas:
+                for sub_schema in union_schemas:
+                    mapped = _resolve_schema_type(sub_schema, name)
+                    if resolved_type is None:
+                        resolved_type = mapped
+                    elif mapped is not type(None):
+                        # Don't add None here, handle separately
+                        resolved_type = resolved_type | mapped
+                    else:
+                        # If we encounter null, combine with None at the end
+                        resolved_type = resolved_type | None if resolved_type else type(None)
+
+            return resolved_type if resolved_type is not None else Any
+
+        # Handle enum values
+        enum_vals = schema.get("enum")
         if enum_vals:
-            enum_name = f"{field_name.capitalize()}Enum"
-            field_type = Enum(enum_name, {item: item for item in enum_vals})
-
-        elif json_type == "object" and "properties" in field_properties:
-            field_type = model_from_mcp_schema(name=field_name, mcp_input_schema=field_properties)
-        elif json_type == "array" and "items" in field_properties:
-            item_properties = field_properties.get("items", {})
-            if item_properties.get("type") == "object":
-                item_type = model_from_mcp_schema(name=field_name, mcp_input_schema=item_properties)
+            # Check if enum contains null
+            has_null = any(val is None or val == "null" for val in enum_vals)
+            # Filter out None/null values from enum
+            non_null_vals = [v for v in enum_vals if v is not None and v != "null"]
+
+            if non_null_vals:
+                enum_name = f"{name.capitalize()}Enum"
+                enum_type: Any = Enum(enum_name, {item: item for item in non_null_vals})
+                # If enum had null, make it a union with None
+                return enum_type | None if has_null else enum_type
+            elif has_null:
+                # Enum only contains null
+                return type(None)
             else:
-                item_type = _type_map.get(item_properties.get("type", "string"), Any)
-            field_type = list[item_type]
-        elif isinstance(json_type, list):
-            field_type = None
-            for t in json_type:
-                mapped = _type_map.get(t, Any)
-                field_type = mapped if field_type is None else field_type | mapped
-
-            return field_type, Field(
-                default=field_properties.get("default", None if "null" in json_type else ...),
-                description=field_properties.get("description", "")
-            )
-        else:
-            field_type = _type_map.get(json_type, Any)
+                # Empty enum (shouldn't happen but handle gracefully)
+                return Any
+
+        schema_type = schema.get("type")
+
+        # Handle type as list (e.g., ["string", "integer", "null"])
+        if isinstance(schema_type, list):
+            list_type: Any = None
+            for t in schema_type:
+                if t == "array":
+                    # Incorporate the mapped type of items
+                    item_schema = schema.get("items", {})
+                    if item_schema:
+                        item_type = _resolve_schema_type(item_schema, name)
+                        mapped = list[item_type]
+                    else:
+                        mapped = _type_map.get(t, Any)
+                elif t == "object":
+                    # Incorporate the mapped type from properties
+                    if "properties" in schema:
+                        mapped = model_from_mcp_schema(name=name, mcp_input_schema=schema)
+                    else:
+                        mapped = _type_map.get(t, Any)
+                else:
+                    mapped = _type_map.get(t, Any)
+
+                list_type = mapped if list_type is None else list_type | mapped
+            return list_type if list_type is not None else Any
+
+        # Handle null type
+        if schema_type == "null":
+            return type(None)
+
+        # Handle object type
+        if schema_type == "object" and "properties" in schema:
+            return model_from_mcp_schema(name=name, mcp_input_schema=schema)
+
+        # Handle array type
+        if schema_type == "array" and "items" in schema:
+            item_schema = schema.get("items", {})
+            # Recursively resolve item type (handles nested anyOf/oneOf)
+            item_type = _resolve_schema_type(item_schema, name)
+            return list[item_type]
+
+        # Handle primitive types
+        if schema_type is not None:
+            return _type_map.get(schema_type, Any)
+
+        return Any
+
+    def _has_null_in_type(field_properties: dict[str, Any]) -> bool:
+        """Check if a schema contains null as a valid type."""
+        # Check anyOf/oneOf for null
+        any_of = field_properties.get("anyOf")
+        one_of = field_properties.get("oneOf")
+        if any_of or one_of:
+            union_schemas = any_of if any_of else one_of
+            if union_schemas:
+                for schema in union_schemas:
+                    if schema.get("type") == "null":
+                        return True
+
+        # Check type list for null
+        json_type = field_properties.get("type")
+        if isinstance(json_type, list) and "null" in json_type:
+            return True
+
+        # Check enum for null (Python None or string "null")
+        enum_vals = field_properties.get("enum")
+        if enum_vals:
+            for val in enum_vals:
+                if val is None or val == "null":
+                    return True
+
+        # Check const for null (Python None or string "null")
+        if "const" in field_properties:
+            const_val = field_properties.get("const")
+            if const_val is None or const_val == "null":
+                return True
+
+        return False
+
+    def _generate_field(field_name: str, field_properties: dict[str, Any]) -> tuple:
+        """
+        Generate a Pydantic field from JSON schema properties.
+        Uses _resolve_schema_type for type resolution and handles field-specific logic.
+        """
+        # Resolve the field type using the unified resolver
+        field_type = _resolve_schema_type(field_properties, field_name)
+
+        # Check if the type includes null
+        has_null = _has_null_in_type(field_properties)
 
         # Determine the default value based on whether the field is required
+        default_value = field_properties.get("default")
+
         if field_name in required_fields:
-            # Field is required - use explicit default if provided, otherwise make it required
-            default_value = field_properties.get("default", ...)
+            # Field is required - use explicit default if provided, otherwise use ... to enforce presence
+            if default_value is None and "default" not in field_properties:
+                # Required field without explicit default: always use ... even if nullable
+                default_value = ...
+            # Make the field type nullable if it allows null
+            if has_null:
+                field_type = field_type | None
         else:
             # Field is optional - use explicit default if provided, otherwise None
-            default_value = field_properties.get("default", None)
-            # Make the type optional if no default was provided
-            if "default" not in field_properties:
+            if default_value is None:
+                default_value = None
+            # Make the type optional if no default was provided and not already nullable
+            if "default" not in field_properties and not has_null:
                 field_type = field_type | None
 
+        # Handle nullable property (less common, but still supported)
         nullable = field_properties.get("nullable", False)
-        description = field_properties.get("description", "")
+        if nullable and not has_null:
+            field_type = field_type | None
 
-        field_type = field_type | None if nullable else field_type
+        description = field_properties.get("description", "")
 
         return field_type, Field(default=default_value, description=description)
 

{nvidia_nat_mcp-1.3.0a20251012.dist-info → nvidia_nat_mcp-1.4.0a20251105.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: nvidia-nat-mcp
-Version: 1.3.0a20251012
+Version: 1.4.0a20251105
 Summary: Subpackage for MCP client integration in NeMo Agent toolkit
 Author: NVIDIA Corporation
 Maintainer: NVIDIA Corporation
@@ -16,7 +16,7 @@ Requires-Python: <3.14,>=3.11
 Description-Content-Type: text/markdown
 License-File: LICENSE-3rd-party.txt
 License-File: LICENSE.md
-Requires-Dist: nvidia-nat==v1.3.0a20251012
+Requires-Dist: nvidia-nat==v1.4.0a20251105
 Requires-Dist: aiorwlock~=1.5
 Requires-Dist: mcp~=1.14
 Dynamic: license-file

{nvidia_nat_mcp-1.3.0a20251012.dist-info → nvidia_nat_mcp-1.4.0a20251105.dist-info}/RECORD

@@ -7,17 +7,17 @@ nat/plugins/mcp/exception_handler.py,sha256=4JVdZDJL4LyumZEcMIEBK2LYC6djuSMzqUhQ
 nat/plugins/mcp/exceptions.py,sha256=EGVOnYlui8xufm8dhJyPL1SUqBLnCGOTvRoeyNcmcWE,5980
 nat/plugins/mcp/register.py,sha256=HOT2Wl2isGuyFc7BUTi58-BbjI5-EtZMZo7stsv5pN4,831
 nat/plugins/mcp/tool.py,sha256=xNfBIF__ugJKFEjkYEM417wWM1PpuTaCMGtSFmxHSuA,6089
-nat/plugins/mcp/utils.py,sha256=4kNF5FJRiDUn-3fQcsvwvWtG6tYG1y4jU7vpptp0fsA,4522
+nat/plugins/mcp/utils.py,sha256=dUIig7jeKz0ctb4o38jFGbe2uvM3DMR3PSJjfN_Lr5M,9111
 nat/plugins/mcp/auth/__init__.py,sha256=GUJrgGtpvyMUCjUBvR3faAdv-tZzbU9W-izgx9aMEQg,680
-nat/plugins/mcp/auth/auth_flow_handler.py,sha256=2JgK0aH-5ouQCd2ov0lDMJAD5ZWIQJ7SVcXaLArxn6Y,6010
+nat/plugins/mcp/auth/auth_flow_handler.py,sha256=v21IK3IKZ2TLEP6wO9r-sJQiilWPq7Ry40M96SAxQFA,9125
 nat/plugins/mcp/auth/auth_provider.py,sha256=BgH66DlZgzhLDLO4cBERpHvNAmli5fMo_SCy11W9aBU,21251
-nat/plugins/mcp/auth/auth_provider_config.py,sha256=b1AaXzOuAkygKXAWSxMKWg8wfW8k33tmUUq6Dk5Mmwk,4038
+nat/plugins/mcp/auth/auth_provider_config.py,sha256=ZdiUObYU_Oj8KDDZ-JqkS6kJgup5EBy2ZREUOBw_kkI,4143
 nat/plugins/mcp/auth/register.py,sha256=L2x69NjJPS4s6CCE5myzWVrWn3e_ttHyojmGXvBipMg,1228
 nat/plugins/mcp/auth/token_storage.py,sha256=aS13ZvEJXcYzkZ0GSbrSor4i5bpjD5BkXHQw1iywC9k,9240
-nvidia_nat_mcp-1.3.0a20251012.dist-info/licenses/LICENSE-3rd-party.txt,sha256=fOk5jMmCX9YoKWyYzTtfgl-SUy477audFC5hNY4oP7Q,284609
-nvidia_nat_mcp-1.3.0a20251012.dist-info/licenses/LICENSE.md,sha256=QwcOLU5TJoTeUhuIXzhdCEEDDvorGiC6-3YTOl4TecE,11356
-nvidia_nat_mcp-1.3.0a20251012.dist-info/METADATA,sha256=VM-zKs9T5TYpPOeBahovycvuO1Vo_8OYUp6moYwwLVA,2319
-nvidia_nat_mcp-1.3.0a20251012.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-nvidia_nat_mcp-1.3.0a20251012.dist-info/entry_points.txt,sha256=rYvUp4i-klBr3bVNh7zYOPXret704vTjvCk1qd7FooI,97
-nvidia_nat_mcp-1.3.0a20251012.dist-info/top_level.txt,sha256=8-CJ2cP6-f0ZReXe5Hzqp-5pvzzHz-5Ds5H2bGqh1-U,4
-nvidia_nat_mcp-1.3.0a20251012.dist-info/RECORD,,
+nvidia_nat_mcp-1.4.0a20251105.dist-info/licenses/LICENSE-3rd-party.txt,sha256=fOk5jMmCX9YoKWyYzTtfgl-SUy477audFC5hNY4oP7Q,284609
+nvidia_nat_mcp-1.4.0a20251105.dist-info/licenses/LICENSE.md,sha256=QwcOLU5TJoTeUhuIXzhdCEEDDvorGiC6-3YTOl4TecE,11356
+nvidia_nat_mcp-1.4.0a20251105.dist-info/METADATA,sha256=cTjlqRzR05jFifL18XNTxYMjMLbI6rZNCQCWqB5FV54,2319
+nvidia_nat_mcp-1.4.0a20251105.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+nvidia_nat_mcp-1.4.0a20251105.dist-info/entry_points.txt,sha256=rYvUp4i-klBr3bVNh7zYOPXret704vTjvCk1qd7FooI,97
+nvidia_nat_mcp-1.4.0a20251105.dist-info/top_level.txt,sha256=8-CJ2cP6-f0ZReXe5Hzqp-5pvzzHz-5Ds5H2bGqh1-U,4
+nvidia_nat_mcp-1.4.0a20251105.dist-info/RECORD,,