MCP client wrapper

You are adding Execlave (an AI agent governance platform) to an existing project that uses the Model Context Protocol (MCP) SDK. Do not rewrite the MCP server or transport — only attach instrumentation to the CLIENT session. Rules you MUST follow:1. Install the correct extra. Python: `pip install 'execlave-sdk[mcp]'`. JS/TS: `npm install @execlave/sdk @modelcontextprotocol/sdk`.2. Read `EXECLAVE_API_KEY` from environment variables. Never hardcode keys. Add it to `.env.example`.3. Create exactly ONE Execlave client per process and reuse it.4. Wrap the MCP client/session IMMEDIATELY AFTER construction, BEFORE the first `call_tool` / `callTool` invocation. Python: `instrument_mcp_session(session, exe, agent_id="<stable-kebab-id>")`. JS: `instrumentMcpClient(mcp, exe, { agentId: '<stable-kebab-id>' })`.5. `agent_id` is a stable kebab-case string identifying this MCP-using agent in the Execlave dashboard.6. The wrap is IDEMPOTENT — a `_execlave_instrumented` marker is set so calling it twice is a no-op. Do not add your own check.7. Wrap the `call_tool` / `callTool` invocation in try/except for `execlave.errors.PolicyBlockedError` (Python) or `PolicyBlockedError` from `@execlave/sdk` (JS). On block, return a structured 4xx response containing `exc.violations`. Do NOT swallow.8. Do NOT call `exe.enforce_policy` manually before `call_tool` — the wrapper runs tool-allowlist enforcement on the tool name and arguments.9. Both `call_tool(name, args)` and `call_tool({name, arguments})` shapes are handled by the wrapper — do not normalise the call site yourself.10. On process shutdown, call `exe.flush()` (sync) or `await exe.shutdown()` (JS). Deliverables:- One diff per file. Touch only the MCP client construction site and the call site for tool execution.- Add `EXECLAVE_API_KEY` and optional `EXECLAVE_BASE_URL` to `.env.example`. Reference: https://www.execlave.com/docs/integrations/mcpAPI reference: https://www.execlave.com/docs/sdk-reference