Forward-merge release/1.4 into develop

[mnajafian-nv]

Merge 17 commits from release/1.4 into develop.

Resolved conflicts:

• examples/README.md: Merged MCP section with new entries and complexity levels
• examples/frameworks/nat_autogen_demo/pyproject.toml: Updated to version 1.5 with mcp extra

To address merge conflicts

By Submitting this PR I confirm:

• I am familiar with the Contributing Guidelines.
• We require that all contributors "sign-off" on their commits. This certifies that the contribution is your original work, or you have rights to submit it under the same license, or a compatible license.
  • Any contribution which contains commits that are not Signed-Off will not be accepted.
• When the PR is ready for review, new or existing tests cover these changes.
• When the PR is ready for review, the documentation is up to date with these changes.

Summary by CodeRabbit

Release Notes

• New Features

  • Added oracle-based feedback configuration for prompt optimization with multiple modes (never, always, failing_only, adaptive).
  • Introduced protected MCP calculator example with OAuth2 authentication.
  • Added per-user MCP workflow support with bearer token and OAuth2 flows.

• Documentation

  • Added comprehensive guide for Oracle Feedback Configuration in optimizer workflows.
  • Updated outputs documentation clarifying optimized prompt generation behavior.
  • Added README for protected MCP setup and OAuth2 integration.

• Chores

  • Updated all dependencies to version 1.5 across examples and packages.
  • Updated documentation version to 1.5 as preferred release.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

This PR updates the NeMo Agent Toolkit to version 1.5, bumping nvidia-nat dependency specifications across ~70 packages and examples, introduces oracle feedback capabilities for prompt optimization, adds a new protected MCP calculator example with OAuth2 configuration, enhances MCP CLI with per-user workflow support, and updates documentation to reflect the 1.5 release.

Changes

Cohort / File(s)	Change Summary
Version Bumps (nvidia-nat ~=1.4 → ~=1.5) docs/source/versions1.json, pyproject.toml, examples/*/pyproject.toml (40+ files), packages/*/pyproject.toml (30+ files)	Systematically updates nvidia-nat dependency constraints from ~=1.4 to ~=1.5 across examples, packages, and compat layers; updates docs version manifest to list 1.5 as preferred version before 1.4.
Documentation Updates docs/source/improve-workflows/optimizer.md, examples/README.md, .gitignore	Adds Oracle Feedback Configuration section to optimizer docs (appears in duplicate locations), expands optimizer outputs description, clarifies optimized_prompts_gen behavior; updates examples README with new MCP and A2A entries; adds .worktrees/ to gitignore for Git worktrees support.
New MCP Protected Example examples/MCP/simple_calculator_mcp_protected/{README.md, configs/{config-client.yml, config-server.yml}, pyproject.toml}, pyproject.toml (root)	Introduces complete protected MCP calculator example with OAuth2 via Keycloak, including comprehensive setup documentation, per-user client configuration, resource server OAuth2 protection settings, and workspace declaration.
MCP CLI Per-User Support packages/nvidia_nat_mcp/src/nat/plugins/mcp/cli/commands.py	Extends CLI commands with per-user workflow options (--per-user, --user-id); refactors _create_mcp_client_config to return dynamic group names and support PerUserMCPClientConfig; updates tool list/call paths to thread user context through workflow builders and tool lookups.
MCP Auth Configuration packages/nvidia_nat_mcp/src/nat/plugins/mcp/auth/auth_provider_config.py, examples/MCP/simple_auth_mcp/configs/config-mcp-auth-jira.yml	Adds optional default_user_id and allow_default_user_id_for_tool_calls fields to MCPOAuth2ProviderConfig; removes these same fields from Jira auth example config, shifting to explicit per-user handling.
Oracle Feedback Module src/nat/profiler/parameter_optimization/oracle_feedback.py	Introduces new utility module with five public functions: build_oracle_feedback (formats/truncates worst-case reasoning), should_inject_feedback (evaluates injection criteria), check_adaptive_triggers (detects stagnation/variance collapse), extract_worst_reasoning (derives priority-weighted worst items from evaluation results), and internal _reasoning_to_string helper.
Oracle Feedback Integration src/nat/agent/prompt_optimizer/prompt.py, src/nat/agent/prompt_optimizer/register.py, src/nat/data_models/optimizer.py, src/nat/profiler/parameter_optimization/prompt_optimizer.py	Adds oracle feedback template with FAILURE ANALYSIS structure to prompts; extends PromptGAOptimizationConfig with seven feedback-control fields (mode, worst_n, max_chars, thresholds, stagnation_generations, variance/diversity thresholds); integrates feedback extraction and conditional injection into prompt mutations; threads worst-item reasoning through Individual dataclass and population updates.
Oracle Feedback Tests tests/nat/agent/prompt_optimizer/test_prompt_optimizer_register.py, tests/nat/agent/prompt_optimizer/test_prompt_templates.py, tests/nat/data_models/test_optimizer_oracle_feedback.py, tests/nat/profiler/test_oracle_feedback.py, tests/nat/profiler/test_prompt_optimizer.py	Adds 77+ lines of tests validating oracle feedback schema optionality, template formatting, PromptGAOptimizationConfig field validation and defaults, comprehensive oracle feedback function behaviors (build, injection logic, trigger detection, reasoning extraction), and end-to-end optimizer integration with mocked feedback.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly related PRs

• PR #1442: Directly related; both modify the same prompt optimizer code paths, adding oracle_feedback module, configuration fields, templates, and integration points in register.py and prompt_optimizer.py.
• PR #1312: Related through version management; PR #1312 reverts version specs and docs entries back to 1.4, directly conflicting with this PR's 1.4 → 1.5 updates.
• PR #1324: Related through documentation versioning; both PRs add/restore version 1.5 as the preferred entry in docs/source/versions1.json.

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly describes the main action: a forward merge of release/1.4 into develop. It is concise (38 chars), uses imperative mood, and directly relates to the changeset content.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 6

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (31)

examples/getting_started/simple_calculator/pyproject.toml (1)

1-3: Add the SPDX Apache-2.0 header at the top of this TOML file.

This file is missing the required SPDX Apache-2.0 header block.

📝 Proposed header

+# SPDX-FileCopyrightText: Copyright (c) 2026, NVIDIA CORPORATION & AFFILIATES.
+# All rights reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 [build-system]

As per coding guidelines, please add the SPDX Apache-2.0 header.

examples/custom_functions/automated_description_generation/pyproject.toml (1)

1-3: Add the SPDX Apache-2.0 header at the top of this TOML file.

This file is missing the required SPDX Apache-2.0 header block.

📝 Proposed header

+# SPDX-FileCopyrightText: Copyright (c) 2026, NVIDIA CORPORATION & AFFILIATES.
+# All rights reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 [build-system]

As per coding guidelines, please add the SPDX Apache-2.0 header.

packages/nvidia_nat_redis/pyproject.toml (1)

1-3: Add the SPDX Apache-2.0 header at the top of this TOML file.

This file is missing the required SPDX Apache-2.0 header block.

📝 Proposed header

+# SPDX-FileCopyrightText: Copyright (c) 2026, NVIDIA CORPORATION & AFFILIATES.
+# All rights reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 [build-system]

As per coding guidelines, please add the SPDX Apache-2.0 header.

packages/nvidia_nat_strands/pyproject.toml (1)

1-2: Update SPDX copyright year to include 2026.

This file changed in 2026, so the header should reflect the current year.

📝 Proposed update

-# SPDX-FileCopyrightText: Copyright (c) 2025, NVIDIA CORPORATION & AFFILIATES.
+# SPDX-FileCopyrightText: Copyright (c) 2025-2026, NVIDIA CORPORATION & AFFILIATES.

As per coding guidelines, please update the year range to include 2026.

examples/HITL/simple_calculator_hitl/pyproject.toml (1)

1-3: Add the SPDX Apache-2.0 header at the top of this TOML file.

This file is missing the required SPDX Apache-2.0 header block.

📝 Proposed header

+# SPDX-FileCopyrightText: Copyright (c) 2026, NVIDIA CORPORATION & AFFILIATES.
+# All rights reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 [build-system]

As per coding guidelines, please add the SPDX Apache-2.0 header.

examples/MCP/kaggle_mcp/pyproject.toml (1)

1-3: Add SPDX Apache-2.0 header at the top of the file.

TOML files must start with the standard SPDX header and updated year.

🧾 Suggested header

+# SPDX-FileCopyrightText: 2026 NVIDIA CORPORATION & AFFILIATES
+# SPDX-License-Identifier: Apache-2.0
+
 [build-system]
 build-backend = "setuptools.build_meta"
 requires = ["setuptools >= 64", "setuptools-scm>=8"]

As per coding guidelines, ...

examples/frameworks/haystack_deep_research_agent/pyproject.toml (2)

1-3: Add SPDX Apache-2.0 header at the top of the file.

TOML files must start with the standard SPDX header and updated year.

🧾 Suggested header

+# SPDX-FileCopyrightText: 2026 NVIDIA CORPORATION & AFFILIATES
+# SPDX-License-Identifier: Apache-2.0
+
 [build-system]
 build-backend = "setuptools.build_meta"
 requires = ["setuptools >= 64", "setuptools-scm>=8"]

As per coding guidelines, ...

---

21-21: Use “toolkit” (lowercase) in body text.

“Haystack Deep Research Agent workflow for NVIDIA NeMo Agent Toolkit” should use “toolkit” lowercase for body text.

✏️ Suggested tweak

-description = "Haystack Deep Research Agent workflow for NVIDIA NeMo Agent Toolkit"
+description = "Haystack Deep Research Agent workflow for NVIDIA NeMo Agent toolkit"

Based on learnings, ...

examples/control_flow/router_agent/pyproject.toml (1)

1-3: Add SPDX Apache-2.0 header at the top of the file.

TOML files must start with the standard SPDX header and updated year.

🧾 Suggested header

+# SPDX-FileCopyrightText: 2026 NVIDIA CORPORATION & AFFILIATES
+# SPDX-License-Identifier: Apache-2.0
+
 [build-system]
 build-backend = "setuptools.build_meta"
 requires = ["setuptools >= 64", "setuptools-scm>=8"]

As per coding guidelines, ...

packages/nvidia_nat_llama_index/pyproject.toml (1)

1-3: Add SPDX Apache-2.0 header at the top of the file.

TOML files must start with the standard SPDX header and updated year.

🧾 Suggested header

+# SPDX-FileCopyrightText: 2026 NVIDIA CORPORATION & AFFILIATES
+# SPDX-License-Identifier: Apache-2.0
+
 [build-system]
 build-backend = "setuptools.build_meta"
 requires = ["setuptools >= 64", "setuptools-scm>=8"]

As per coding guidelines, ...

examples/frameworks/agno_personal_finance/pyproject.toml (1)

1-3: Add SPDX Apache-2.0 header at the top of the file.

TOML files must start with the standard SPDX header and updated year.

🧾 Suggested header

+# SPDX-FileCopyrightText: 2026 NVIDIA CORPORATION & AFFILIATES
+# SPDX-License-Identifier: Apache-2.0
+
 [build-system]
 build-backend = "setuptools.build_meta"
 requires = ["setuptools >= 64", "setuptools-scm>=8"]

As per coding guidelines, ...

examples/dynamo_integration/react_benchmark_agent/pyproject.toml (1)

1-3: Add SPDX Apache-2.0 header at the top of the file.

TOML files must start with the standard SPDX header and updated year.

🧾 Suggested header

+# SPDX-FileCopyrightText: 2026 NVIDIA CORPORATION & AFFILIATES
+# SPDX-License-Identifier: Apache-2.0
+
 [build-system]
 build-backend = "setuptools.build_meta"
 requires = ["setuptools >= 64", "setuptools-scm>=8"]

As per coding guidelines, ...

examples/MCP/simple_auth_mcp/pyproject.toml (1)

1-3: Add the required SPDX Apache-2.0 header to this TOML file.

The file begins directly with [build-system] and lacks the standard SPDX Apache-2.0 header; please add it with an up-to-date 2026 copyright line.

📝 Proposed header

+#+#+#+#+#+#+#+#+assistant to=web.run in commentary code block 彩票开号 code generated??
+{"calculator":[{"expression":"1+1","prefix":"","suffix":""}],"response_length":"short"}```
</details>

As per coding guidelines, please add the SPDX header.

</blockquote></details>
<details>
<summary>packages/nvidia_nat_weave/pyproject.toml (1)</summary><blockquote>

`1-3`: **Add the required SPDX Apache-2.0 header to this TOML file.**

This file is missing the standard SPDX Apache-2.0 header; please add it (with an up-to-date 2026 copyright line).

<details>
<summary>📝 Proposed header</summary>

```diff
+ # SPDX-FileCopyrightText: Copyright (c) 2026, NVIDIA CORPORATION & AFFILIATES. All rights reserved.
+ # SPDX-License-Identifier: Apache-2.0
+ #
+ # Licensed under the Apache License, Version 2.0 (the "License");
+ # you may not use this file except in compliance with the License.
+ # You may obtain a copy of the License at
+ # http://www.apache.org/licenses/LICENSE-2.0
+ #
+ # Unless required by applicable law or agreed to in writing, software
+ # distributed under the License is distributed on an "AS IS" BASIS,
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ # See the License for the specific language governing permissions and
+ # limitations under the License.
+ #
+
  [build-system]

As per coding guidelines, please add the SPDX header.

examples/advanced_agents/alert_triage_agent/pyproject.toml (1)

1-3: Add the required SPDX Apache-2.0 header to this TOML file.

This file is missing the standard SPDX Apache-2.0 header; please add it with an up-to-date 2026 copyright line.

📝 Proposed header

+ # SPDX-FileCopyrightText: Copyright (c) 2026, NVIDIA CORPORATION & AFFILIATES. All rights reserved.
+ # SPDX-License-Identifier: Apache-2.0
+ #
+ # Licensed under the Apache License, Version 2.0 (the "License");
+ # you may not use this file except in compliance with the License.
+ # You may obtain a copy of the License at
+ # http://www.apache.org/licenses/LICENSE-2.0
+ #
+ # Unless required by applicable law or agreed to in writing, software
+ # distributed under the License is distributed on an "AS IS" BASIS,
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ # See the License for the specific language governing permissions and
+ # limitations under the License.
+ #
+
  [build-system]

As per coding guidelines, please add the SPDX header.

packages/nvidia_nat_adk/pyproject.toml (1)

1-2: Update the SPDX copyright year to include 2026.

This file was modified in 2026, so the SPDX copyright line should be updated accordingly.

📝 Proposed update

-# SPDX-FileCopyrightText: Copyright (c) 2025, NVIDIA CORPORATION & AFFILIATES. All rights reserved.
+# SPDX-FileCopyrightText: Copyright (c) 2025-2026, NVIDIA CORPORATION & AFFILIATES. All rights reserved.

As per coding guidelines, please keep copyright years up to date.

packages/nvidia_nat_langchain/pyproject.toml (1)

1-3: Add the required SPDX Apache-2.0 header to this TOML file.

This file is missing the standard SPDX Apache-2.0 header; please add it with an up-to-date 2026 copyright line.

📝 Proposed header

+ # SPDX-FileCopyrightText: Copyright (c) 2026, NVIDIA CORPORATION & AFFILIATES. All rights reserved.
+ # SPDX-License-Identifier: Apache-2.0
+ #
+ # Licensed under the Apache License, Version 2.0 (the "License");
+ # you may not use this file except in compliance with the License.
+ # You may obtain a copy of the License at
+ # http://www.apache.org/licenses/LICENSE-2.0
+ #
+ # Unless required by applicable law or agreed to in writing, software
+ # distributed under the License is distributed on an "AS IS" BASIS,
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ # See the License for the specific language governing permissions and
+ # limitations under the License.
+ #
+
  [build-system]

As per coding guidelines, please add the SPDX header.

packages/compat/aiqtoolkit_langchain/pyproject.toml (1)

1-3: Add the standard SPDX Apache-2.0 header.

This file is missing the required SPDX header; please add the repo-standard header and update the year to 2026.

As per coding guidelines, add the standard SPDX header at the top of the file.

packages/compat/aiqtoolkit/pyproject.toml (1)

1-3: Add the standard SPDX Apache-2.0 header.

This file is missing the required SPDX header; please add the repo-standard header and update the year to 2026.

As per coding guidelines, add the standard SPDX header at the top of the file.

packages/compat/aiqtoolkit_semantic_kernel/pyproject.toml (1)

1-3: Add the standard SPDX Apache-2.0 header.

This file is missing the required SPDX header; please add the repo-standard header and update the year to 2026.

As per coding guidelines, add the standard SPDX header at the top of the file.

packages/compat/aiqtoolkit_agno/pyproject.toml (1)

1-3: Add the standard SPDX Apache-2.0 header.

This file is missing the required SPDX header; please add the repo-standard header and update the year to 2026.

As per coding guidelines, add the standard SPDX header at the top of the file.

packages/nvidia_nat_test/pyproject.toml (1)

1-3: Add the standard SPDX Apache-2.0 header.

This file is missing the required SPDX header; please add the repo-standard header and update the year to 2026.

As per coding guidelines, add the standard SPDX header at the top of the file.

examples/observability/simple_calculator_observability/pyproject.toml (1)

1-3: Add the standard SPDX Apache-2.0 header.

This file is missing the required SPDX header; please add the repo-standard header and update the year to 2026.

As per coding guidelines, add the standard SPDX header at the top of the file.

examples/frameworks/strands_demo/pyproject.toml (1)

1-3: Add the required SPDX header at the top of this file.

This .toml file is missing the standard Apache-2.0 SPDX header. Please add it and ensure the copyright years are current. As per coding guidelines, ...

🧾 Proposed SPDX header

+# SPDX-FileCopyrightText: Copyright (c) 2025-2026, NVIDIA CORPORATION & AFFILIATES. All rights reserved.
+# SPDX-License-Identifier: Apache-2.0
+
 [build-system]

packages/compat/aiqtoolkit_test/pyproject.toml (1)

1-3: Add the required SPDX header at the top of this file.

This .toml file is missing the standard Apache-2.0 SPDX header. Please add it and ensure the copyright years are current. As per coding guidelines, ...

🧾 Proposed SPDX header

+# SPDX-FileCopyrightText: Copyright (c) 2025-2026, NVIDIA CORPORATION & AFFILIATES. All rights reserved.
+# SPDX-License-Identifier: Apache-2.0
+
 [build-system]

examples/MCP/service_account_auth_mcp/pyproject.toml (1)

1-3: Add the required SPDX header at the top of this file.

This .toml file is missing the standard Apache-2.0 SPDX header. Please add it and ensure the copyright years are current. As per coding guidelines, ...

🧾 Proposed SPDX header

+# SPDX-FileCopyrightText: Copyright (c) 2025-2026, NVIDIA CORPORATION & AFFILIATES. All rights reserved.
+# SPDX-License-Identifier: Apache-2.0
+
 [build-system]

packages/nvidia_nat_semantic_kernel/pyproject.toml (1)

1-3: Add the required SPDX header at the top of this file.

This .toml file is missing the standard Apache-2.0 SPDX header. Please add it and ensure the copyright years are current. As per coding guidelines, ...

🧾 Proposed SPDX header

+# SPDX-FileCopyrightText: Copyright (c) 2025-2026, NVIDIA CORPORATION & AFFILIATES. All rights reserved.
+# SPDX-License-Identifier: Apache-2.0
+
 [build-system]

examples/safety_and_security/retail_agent/pyproject.toml (1)

1-3: Add the required SPDX header at the top of this file.

This .toml file is missing the standard Apache-2.0 SPDX header. Please add it and ensure the copyright years are current. As per coding guidelines, ...

🧾 Proposed SPDX header

+# SPDX-FileCopyrightText: Copyright (c) 2025-2026, NVIDIA CORPORATION & AFFILIATES. All rights reserved.
+# SPDX-License-Identifier: Apache-2.0
+
 [build-system]

examples/A2A/currency_agent_a2a/pyproject.toml (1)

1-3: Add the SPDX Apache-2.0 header to this TOML.
Missing SPDX headers are a compliance risk for changed source files.

🧾 Suggested header

+# SPDX-FileCopyrightText: Copyright (c) 2025-2026, NVIDIA CORPORATION & AFFILIATES. All rights reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 [build-system]

As per coding guidelines, every changed .toml file must start with the standard SPDX Apache-2.0 header.

examples/A2A/math_assistant_a2a/pyproject.toml (1)

1-3: Add the SPDX Apache-2.0 header to this TOML.
Missing SPDX headers are a compliance risk for changed source files.

🧾 Suggested header

+# SPDX-FileCopyrightText: Copyright (c) 2025-2026, NVIDIA CORPORATION & AFFILIATES. All rights reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 [build-system]

As per coding guidelines, every changed .toml file must start with the standard SPDX Apache-2.0 header.

packages/nvidia_nat_mcp/src/nat/plugins/mcp/cli/commands.py (1)

265-276: Reset ContextState.user_id after per-user operations to prevent context leakage.

The current implementation sets user_id in the ContextVar but doesn't capture the token or reset it, which can leak user identity across subsequent operations in the same process. Use the token-based reset pattern: capture the token from .set() and call .reset(token) in a finally block. Also add validation to ensure user_id is provided when --per-user is set.

Suggested fix (apply to both list and call paths)

async with WorkflowBuilder() as builder:  # type: ignore
+   context_state = None
+   token = None
    if per_user:
+       if not user_id:
+           raise ValueError("user_id is required when --per-user is set")
        from nat.builder.context import ContextState
-       context_state = ContextState()
+       context_state = ContextState.get()
-       context_state.user_id.set(user_id)
-       logger.debug(f"Set user_id in context: {user_id}")
+       token = context_state.user_id.set(user_id)
+       logger.debug("Set user_id in context: %s", user_id)
+   try:
        # ... rest of the operation ...
+   finally:
+       if token is not None and context_state is not None:
+           context_state.user_id.reset(token)

This pattern is consistent with how Context.push_active_function() manages ContextVar cleanup and prevents cross-request user identity leakage.

Also applies to: 851-865, 914-919

🤖 Fix all issues with AI agents

In `@docs/source/improve-workflows/optimizer.md`:
- Around line 465-468: Update the "feedback-mode" bullet for **`always`** to
remove the inanimate possessive; replace the current "Every mutation receives
feedback from the parent's worst evaluation items" with a phrasing using "of"
(e.g., "Every mutation receives feedback from the worst evaluation items of the
parent") so the bullet for **`always`** no longer uses the possessive ’s.

In `@docs/source/versions1.json`:
- Around line 1-3: versions1.json cannot contain an SPDX header because JSON
disallows comments; create a companion SPDX sidecar for this resource (e.g.,
create a file named versions1.json.license or add an entry in the repo-wide
LICENSES/ directory) containing the required SPDX header text for the
versions1.json resource, ensure the sidecar uses the exact SPDX identifier and
any required copyright/notice fields, and update any docs tooling or manifest
that links assets so the new sidecar is recognized alongside versions1.json.

In `@examples/MCP/simple_calculator_mcp_protected/pyproject.toml`:
- Around line 30-34: Update the dependency version strings in the dependencies
list: replace "nvidia-nat[langchain]~=1.4" and "nvidia-nat[mcp]~=1.4" with
"nvidia-nat[langchain]~=1.5" and "nvidia-nat[mcp]~=1.5" respectively so the
dependencies array matches the rest of the PR; ensure the other entry
"nat_simple_calculator" remains unchanged.

In `@examples/MCP/simple_calculator_mcp_protected/README.md`:
- Around line 124-137: Replace possessive phrasing in the README text: change
"token's `aud` claim" to "the `aud` claim of the token" and change "Keycloak's
standard paths" to "the standard paths of Keycloak" (the surrounding lines
referencing `aud`, `authorization_endpoint`, `token_endpoint`, `jwks_uri`, and
`introspection_endpoint` should be updated accordingly).

In `@examples/README.md`:
- Around line 151-153: Update the three MCP example list entries to use the
lower-case phrase "NVIDIA NeMo Agent toolkit" and correct the indefinite article
to "an NVIDIA" where applicable: replace "NVIDIA NeMo Agent Toolkit" with
"NVIDIA NeMo Agent toolkit" in the entries for simple_calculator_mcp,
simple_calculator_mcp_protected, and simple_auth_mcp, and ensure any "a NVIDIA"
is corrected to "an NVIDIA" so the body text and articles are consistent.

In `@tests/nat/profiler/test_prompt_optimizer.py`:
- Around line 261-276: Remove the unused "# noqa: ANN001" directives: delete the
trailing "# noqa: ANN001" from the class __init__ method definition (the def
__init__(self, config) in the test fake evaluator) and from the
fake_apply_suggestions function definition (def fake_apply_suggestions(cfg,
prompts)); simply remove the annotations so Ruff no longer flags them as unused.

♻️ Duplicate comments (5)

packages/compat/aiqtoolkit_zep_cloud/pyproject.toml (1)

12-12: Add the SPDX Apache-2.0 header at the top of this file.

Same SPDX header requirement as noted earlier.

As per coding guidelines.

packages/nvidia_nat_openpipe_art/pyproject.toml (1)

23-23: Add the SPDX Apache-2.0 header at the top of this file.

Same SPDX header requirement as noted earlier.

As per coding guidelines.

packages/nvidia_nat_opentelemetry/pyproject.toml (1)

23-23: Add the SPDX Apache-2.0 header at the top of this file.

Same SPDX header requirement as noted earlier.

As per coding guidelines.

packages/nvidia_nat_mem0ai/pyproject.toml (1)

23-23: Add the SPDX Apache-2.0 header at the top of this file.

Same SPDX header requirement as noted earlier.

As per coding guidelines.

examples/MCP/simple_calculator_mcp/pyproject.toml (1)

16-17: Add the SPDX Apache-2.0 header at the top of this file.

Same SPDX header requirement as noted earlier.

As per coding guidelines.

🧹 Nitpick comments (3)

examples/front_ends/per_user_workflow/pyproject.toml (1)

12-14: Inconsistent indentation: 2 spaces instead of 4.

The dependency list uses 2-space indentation, but the coding guidelines require 4-space indentation for .toml files. Other pyproject.toml files in this PR use 4-space indentation consistently.

♻️ Suggested fix

 dependencies = [
-  "nvidia-nat~=1.5",
+    "nvidia-nat~=1.5",
 ]

examples/evaluation_and_profiling/email_phishing_analyzer/pyproject.toml (1)

12-17: Inconsistent indentation: 2 spaces instead of 4.

The dependency list uses 2-space indentation, but the coding guidelines require 4-space indentation for .toml files.

♻️ Suggested fix

 dependencies = [
-  "nvidia-nat[langchain,phoenix]~=1.5",
-  "beautifulsoup4~=4.13",
-  "networkx~=3.4",
-  "openinference-instrumentation-langchain==0.1.29",
+    "nvidia-nat[langchain,phoenix]~=1.5",
+    "beautifulsoup4~=4.13",
+    "networkx~=3.4",
+    "openinference-instrumentation-langchain==0.1.29",
 ]

examples/MCP/simple_calculator_mcp_protected/configs/config-server.yml (1)

34-48: Add a production HTTPS note for OAuth2 endpoints (optional).

Since this is a public-facing example, a short comment clarifying that HTTPS/public IdP URLs should be used outside localhost would help avoid unsafe copy‑paste.

✍️ Suggested comment addition

     # OAuth2 Resource Server Protection
     server_auth:
+      # For production use, prefer HTTPS and your public IdP URLs.
       # Keycloak issuer URL
       issuer_url: http://localhost:8080/realms/master

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 75.05%. Comparing base (549c358) to head (614a4fc).
⚠️ Report is 19 commits behind head on develop.

Additional details and impacted files

@@             Coverage Diff             @@
##           develop    #1453      +/-   ##
===========================================
+ Coverage    75.01%   75.05%   +0.04%     
===========================================
  Files          553      555       +2     
  Lines        38887    39032     +145     
===========================================
+ Hits         29170    29296     +126     
- Misses        9717     9736      +19     

Flag	Coverage Δ
unittests	75.05% <ø> (+0.04%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[copy-pr-bot]

This pull request requires additional validation before any workflows can run on NVIDIA's runners.

Pull request vetters can view their responsibilities here.

Contributors can view more details about this message here.

[review-notebook-app]

Check out this pull request on 

See visual diffs & provide feedback on Jupyter Notebooks.

---

Powered by ReviewNB

[willkill07]

/ok to test 614a4fc