chore: add error return for RequiresClientAuthorization()

[Yuan325]

Description

Add error to return of RequiresClientAuthorization() function. The function will run resourceMgr.GetSource(t.SourceName) before checking for source's oauth setting. With this, it will return an error if the retrieval is not successful. In that case, we would want to return an error from RequiresClientAuthorization().

PR Checklist

Thank you for opening a Pull Request! Before submitting your PR, there are a
few things you can do to make sure it goes smoothly:

• Make sure you reviewed
  CONTRIBUTING.md
• Make sure to open an issue as a
  bug/issue
  before writing your code! That way we can discuss the change, evaluate
  designs, and agree on the general idea
• Ensure the tests and linter pass
• Code coverage does not decrease (if any source code was changed)
• Appropriate docs were updated (if necessary)
• Make sure to add ! if this involve a breaking change

🛠️ Fixes #<issue_number_goes_here>

[gemini-code-assist]

Summary of Changes

Hello @Yuan325, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request enhances the error handling mechanism for tool authorization checks. By modifying the RequiresClientAuthorization function to return an error, the system can now gracefully manage scenarios where retrieving source information fails before evaluating OAuth settings. This prevents potential issues and ensures that authorization failures due to underlying resource retrieval problems are properly reported and handled.

Highlights

• Function Signature Change: The RequiresClientAuthorization() function has been updated to return an error in addition to a boolean, allowing for more robust error handling.
• Error Handling Propagation: All call sites for RequiresClientAuthorization() across various API and MCP versions have been modified to properly handle the newly introduced error return.
• Interface Update: The Tool interface in internal/tools/tools.go has been updated to reflect the new signature of the RequiresClientAuthorization() method.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request correctly adds error handling to the RequiresClientAuthorization function by changing its signature to return an error. This is a good improvement for robustness, and the changes are applied consistently across the Tool interface, mock implementations, and API handlers.

My main feedback concerns code duplication that has been introduced with these changes:

• In internal/server/api.go, the toolInvokeHandler function now contains duplicated logic for checking client authorization.
• A similar pattern of duplication is present within the toolsCallHandler function across multiple versioned MCP files (v20241105, v20250326, v20250618).

I've added specific comments with suggestions to address this. Resolving the duplication will improve code maintainability. I also found a minor issue with the choice of a JSON-RPC error code, for which I've also left a comment.