Update MCP proxy to adhere to the latest draft of MCP specification

internal/authz/default.go

@@ -94,3 +94,26 @@ func (p *defaultProvider) WellKnownHandler() http.HandlerFunc {
 func (p *defaultProvider) RegisterHandler() http.HandlerFunc {
 	return nil
 }
+
+func (p *defaultProvider) ProtectedResourceMetadataHandler() http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "application/json")
+		meta := map[string]interface{}{
+			"resource": p.cfg.ResourceIdentifier,
+			"scopes_supported": p.cfg.ScopesSupported,
+			"authorization_servers": p.cfg.AuthorizationServers,
+		}
+
+		if p.cfg.JwksURI != "" {
+			meta["jwks_uri"] = p.cfg.JwksURI
+		}
+
+		if len(p.cfg.BearerMethodsSupported) > 0 {
+			meta["bearer_methods_supported"] = p.cfg.BearerMethodsSupported
+		}
+
+		if err := json.NewEncoder(w).Encode(meta); err != nil {
+			http.Error(w, "failed to encode metadata", http.StatusInternalServerError)
+		}
+	}
+}

internal/authz/policy.go

@@ -0,0 +1,19 @@
+package authz
+
+import "net/http"
+
+type Decision int
+
+const (
+    DecisionAllow Decision = iota
+    DecisionDeny
+)
+
+type PolicyResult struct {
+    Decision Decision
+    Message  string
+}
+
+type PolicyEngine interface {
+    Evaluate(r *http.Request, claims *TokenClaims, requiredScope string) PolicyResult
+}

internal/authz/provider.go

@@ -7,4 +7,5 @@ import "net/http"
 type Provider interface {
 	WellKnownHandler() http.HandlerFunc
 	RegisterHandler() http.HandlerFunc
+	ProtectedResourceMetadataHandler() http.HandlerFunc
 }