refactor: Add Tool method to check client authorization (#1217)

Add `RequiresClientAuthorization()` method to the `Tool` interface.
Currently returning false for all tools.
Supports: https://github.com/googleapis/genai-toolbox/pull/1067

internal/server/common_test.go

@@ -63,6 +63,10 @@ func (t MockTool) Authorized(verifiedAuthServices []string) bool {
 	return true
 }
 
+func (t MockTool) RequiresClientAuthorization() bool {
+	return false
+}
+
 func (t MockTool) McpManifest() tools.McpManifest {
 	properties := make(map[string]tools.ParameterMcpManifest)
 	required := make([]string, 0)

internal/tools/alloydbainl/alloydbainl.go

@@ -203,3 +203,7 @@ func (t Tool) McpManifest() tools.McpManifest {
 func (t Tool) Authorized(verifiedAuthServices []string) bool {
 	return tools.IsAuthorized(t.AuthRequired, verifiedAuthServices)
 }
+
+func (t Tool) RequiresClientAuthorization() bool {
+	return false
+}

internal/tools/bigquery/bigqueryexecutesql/bigqueryexecutesql.go

@@ -222,6 +222,10 @@ func (t Tool) Authorized(verifiedAuthServices []string) bool {
 	return tools.IsAuthorized(t.AuthRequired, verifiedAuthServices)
 }
 
+func (t Tool) RequiresClientAuthorization() bool {
+	return false
+}
+
 // dryRunQuery performs a dry run of the SQL query to validate it and get metadata.
 func dryRunQuery(ctx context.Context, restService *bigqueryrestapi.Service, projectID string, location string, sql string) (*bigqueryrestapi.Job, error) {
 	useLegacySql := false

internal/tools/bigquery/bigqueryforecast/bigqueryforecast.go

@@ -245,3 +245,7 @@ func (t Tool) McpManifest() tools.McpManifest {
 func (t Tool) Authorized(verifiedAuthServices []string) bool {
 	return tools.IsAuthorized(t.AuthRequired, verifiedAuthServices)
 }
+
+func (t Tool) RequiresClientAuthorization() bool {
+	return false
+}

internal/tools/bigquery/bigquerygetdatasetinfo/bigquerygetdatasetinfo.go

@@ -155,3 +155,7 @@ func (t Tool) McpManifest() tools.McpManifest {
 func (t Tool) Authorized(verifiedAuthServices []string) bool {
 	return tools.IsAuthorized(t.AuthRequired, verifiedAuthServices)
 }
+
+func (t Tool) RequiresClientAuthorization() bool {
+	return false
+}

internal/tools/bigquery/bigquerygettableinfo/bigquerygettableinfo.go

@@ -163,3 +163,7 @@ func (t Tool) McpManifest() tools.McpManifest {
 func (t Tool) Authorized(verifiedAuthServices []string) bool {
 	return tools.IsAuthorized(t.AuthRequired, verifiedAuthServices)
 }
+
+func (t Tool) RequiresClientAuthorization() bool {
+	return false
+}

internal/tools/bigquery/bigquerylistdatasetids/bigquerylistdatasetids.go

@@ -163,3 +163,7 @@ func (t Tool) McpManifest() tools.McpManifest {
 func (t Tool) Authorized(verifiedAuthServices []string) bool {
 	return tools.IsAuthorized(t.AuthRequired, verifiedAuthServices)
 }
+
+func (t Tool) RequiresClientAuthorization() bool {
+	return false
+}

internal/tools/bigquery/bigquerylisttableids/bigquerylisttableids.go

@@ -170,3 +170,7 @@ func (t Tool) McpManifest() tools.McpManifest {
 func (t Tool) Authorized(verifiedAuthServices []string) bool {
 	return tools.IsAuthorized(t.AuthRequired, verifiedAuthServices)
 }
+
+func (t Tool) RequiresClientAuthorization() bool {
+	return false
+}

internal/tools/bigquery/bigquerysql/bigquerysql.go

@@ -276,6 +276,9 @@ func (t Tool) Authorized(verifiedAuthServices []string) bool {
 	return tools.IsAuthorized(t.AuthRequired, verifiedAuthServices)
 }
 
+func (t Tool) RequiresClientAuthorization() bool {
+	return false
+}
 func BQTypeStringFromToolType(toolType string) (string, error) {
 	switch toolType {
 	case "string":

internal/tools/bigtable/bigtable.go

@@ -232,3 +232,7 @@ func (t Tool) McpManifest() tools.McpManifest {
 func (t Tool) Authorized(verifiedAuthServices []string) bool {
 	return tools.IsAuthorized(t.AuthRequired, verifiedAuthServices)
 }
+
+func (t Tool) RequiresClientAuthorization() bool {
+	return false
+}

internal/tools/couchbase/couchbase.go

@@ -174,3 +174,7 @@ func (t Tool) McpManifest() tools.McpManifest {
 func (t Tool) Authorized(verifiedAuthSources []string) bool {
 	return tools.IsAuthorized(t.AuthRequired, verifiedAuthSources)
 }
+
+func (t Tool) RequiresClientAuthorization() bool {
+	return false
+}

internal/tools/dataplex/dataplexlookupentry/dataplexlookupentry.go

@@ -181,3 +181,7 @@ func (t Tool) McpManifest() tools.McpManifest {
 func (t Tool) Authorized(verifiedAuthServices []string) bool {
 	return tools.IsAuthorized(t.AuthRequired, verifiedAuthServices)
 }
+
+func (t Tool) RequiresClientAuthorization() bool {
+	return false
+}

internal/tools/dataplex/dataplexsearchaspecttypes/dataplexsearchaspecttypes.go

@@ -194,3 +194,7 @@ func (t Tool) McpManifest() tools.McpManifest {
 func (t Tool) Authorized(verifiedAuthServices []string) bool {
 	return tools.IsAuthorized(t.AuthRequired, verifiedAuthServices)
 }
+
+func (t Tool) RequiresClientAuthorization() bool {
+	return false
+}

internal/tools/dataplex/dataplexsearchentries/dataplexsearchentries.go

@@ -165,3 +165,7 @@ func (t Tool) McpManifest() tools.McpManifest {
 func (t Tool) Authorized(verifiedAuthServices []string) bool {
 	return tools.IsAuthorized(t.AuthRequired, verifiedAuthServices)
 }
+
+func (t Tool) RequiresClientAuthorization() bool {
+	return false
+}

internal/tools/dgraph/dgraph.go

@@ -158,3 +158,7 @@ func (t Tool) McpManifest() tools.McpManifest {
 func (t Tool) Authorized(verifiedAuthServices []string) bool {
 	return tools.IsAuthorized(t.AuthRequired, verifiedAuthServices)
 }
+
+func (t Tool) RequiresClientAuthorization() bool {
+	return false
+}

internal/tools/firebird/firebirdexecutesql/firebirdexecutesql.go

@@ -186,3 +186,7 @@ func (t *Tool) McpManifest() tools.McpManifest {
 func (t *Tool) Authorized(verifiedAuthServices []string) bool {
 	return tools.IsAuthorized(t.AuthRequired, verifiedAuthServices)
 }
+
+func (t Tool) RequiresClientAuthorization() bool {
+	return false
+}

internal/tools/firebird/firebirdsql/firebirdsql.go

@@ -212,3 +212,7 @@ func (t *Tool) McpManifest() tools.McpManifest {
 func (t *Tool) Authorized(verifiedAuthServices []string) bool {
 	return tools.IsAuthorized(t.AuthRequired, verifiedAuthServices)
 }
+
+func (t Tool) RequiresClientAuthorization() bool {
+	return false
+}

internal/tools/firestore/firestoreadddocuments/firestoreadddocuments.go

@@ -218,3 +218,7 @@ func (t Tool) McpManifest() tools.McpManifest {
 func (t Tool) Authorized(verifiedAuthServices []string) bool {
 	return tools.IsAuthorized(t.AuthRequired, verifiedAuthServices)
 }
+
+func (t Tool) RequiresClientAuthorization() bool {
+	return false
+}

internal/tools/firestore/firestoredeletedocuments/firestoredeletedocuments.go

@@ -192,3 +192,7 @@ func (t Tool) McpManifest() tools.McpManifest {
 func (t Tool) Authorized(verifiedAuthServices []string) bool {
 	return tools.IsAuthorized(t.AuthRequired, verifiedAuthServices)
 }
+
+func (t Tool) RequiresClientAuthorization() bool {
+	return false
+}

internal/tools/firestore/firestoregetdocuments/firestoregetdocuments.go

@@ -184,3 +184,7 @@ func (t Tool) McpManifest() tools.McpManifest {
 func (t Tool) Authorized(verifiedAuthServices []string) bool {
 	return tools.IsAuthorized(t.AuthRequired, verifiedAuthServices)
 }
+
+func (t Tool) RequiresClientAuthorization() bool {
+	return false
+}

internal/tools/firestore/firestoregetrules/firestoregetrules.go

@@ -157,3 +157,7 @@ func (t Tool) McpManifest() tools.McpManifest {
 func (t Tool) Authorized(verifiedAuthServices []string) bool {
 	return tools.IsAuthorized(t.AuthRequired, verifiedAuthServices)
 }
+
+func (t Tool) RequiresClientAuthorization() bool {
+	return false
+}

internal/tools/firestore/firestorelistcollections/firestorelistcollections.go

@@ -173,3 +173,7 @@ func (t Tool) McpManifest() tools.McpManifest {
 func (t Tool) Authorized(verifiedAuthServices []string) bool {
 	return tools.IsAuthorized(t.AuthRequired, verifiedAuthServices)
 }
+
+func (t Tool) RequiresClientAuthorization() bool {
+	return false
+}

internal/tools/firestore/firestorequerycollection/firestorequerycollection.go

@@ -527,3 +527,7 @@ func (t Tool) McpManifest() tools.McpManifest {
 func (t Tool) Authorized(verifiedAuthServices []string) bool {
 	return tools.IsAuthorized(t.AuthRequired, verifiedAuthServices)
 }
+
+func (t Tool) RequiresClientAuthorization() bool {
+	return false
+}

internal/tools/firestore/firestoreupdatedocument/firestoreupdatedocument.go

@@ -270,7 +270,6 @@ func (t Tool) Invoke(ctx context.Context, params tools.ParamValues, accessToken
 	return response, nil
 }
 
-
 // getFieldValue retrieves a value from a nested map using a dot-separated path
 func getFieldValue(data map[string]interface{}, path string) (interface{}, bool) {
 	// Split the path by dots for nested field access
@@ -312,3 +311,7 @@ func (t Tool) McpManifest() tools.McpManifest {
 func (t Tool) Authorized(verifiedAuthServices []string) bool {
 	return tools.IsAuthorized(t.AuthRequired, verifiedAuthServices)
 }
+
+func (t Tool) RequiresClientAuthorization() bool {
+	return false
+}

internal/tools/firestore/firestorevalidaterules/firestorevalidaterules.go

@@ -290,3 +290,7 @@ func (t Tool) McpManifest() tools.McpManifest {
 func (t Tool) Authorized(verifiedAuthServices []string) bool {
 	return tools.IsAuthorized(t.AuthRequired, verifiedAuthServices)
 }
+
+func (t Tool) RequiresClientAuthorization() bool {
+	return false
+}

internal/tools/http/http.go

@@ -308,3 +308,7 @@ func (t Tool) McpManifest() tools.McpManifest {
 func (t Tool) Authorized(verifiedAuthServices []string) bool {
 	return tools.IsAuthorized(t.AuthRequired, verifiedAuthServices)
 }
+
+func (t Tool) RequiresClientAuthorization() bool {
+	return false
+}

internal/tools/looker/lookeradddashboardelement/lookeradddashboardelement.go

@@ -198,3 +198,7 @@ func (t Tool) McpManifest() tools.McpManifest {
 func (t Tool) Authorized(verifiedAuthServices []string) bool {
 	return tools.IsAuthorized(t.AuthRequired, verifiedAuthServices)
 }
+
+func (t Tool) RequiresClientAuthorization() bool {
+	return false
+}

internal/tools/looker/lookergetdashboards/lookergetdashboards.go

@@ -186,3 +186,7 @@ func (t Tool) McpManifest() tools.McpManifest {
 func (t Tool) Authorized(verifiedAuthServices []string) bool {
 	return true
 }
+
+func (t Tool) RequiresClientAuthorization() bool {
+	return false
+}

internal/tools/looker/lookergetdimensions/lookergetdimensions.go

@@ -160,3 +160,7 @@ func (t Tool) McpManifest() tools.McpManifest {
 func (t Tool) Authorized(verifiedAuthServices []string) bool {
 	return tools.IsAuthorized(t.AuthRequired, verifiedAuthServices)
 }
+
+func (t Tool) RequiresClientAuthorization() bool {
+	return false
+}

internal/tools/looker/lookergetexplores/lookergetexplores.go

@@ -163,3 +163,7 @@ func (t Tool) McpManifest() tools.McpManifest {
 func (t Tool) Authorized(verifiedAuthServices []string) bool {
 	return tools.IsAuthorized(t.AuthRequired, verifiedAuthServices)
 }
+
+func (t Tool) RequiresClientAuthorization() bool {
+	return false
+}

internal/tools/looker/lookergetfilters/lookergetfilters.go

@@ -160,3 +160,7 @@ func (t Tool) McpManifest() tools.McpManifest {
 func (t Tool) Authorized(verifiedAuthServices []string) bool {
 	return tools.IsAuthorized(t.AuthRequired, verifiedAuthServices)
 }
+
+func (t Tool) RequiresClientAuthorization() bool {
+	return false
+}

internal/tools/looker/lookergetlooks/lookergetlooks.go

@@ -186,3 +186,7 @@ func (t Tool) McpManifest() tools.McpManifest {
 func (t Tool) Authorized(verifiedAuthServices []string) bool {
 	return tools.IsAuthorized(t.AuthRequired, verifiedAuthServices)
 }
+
+func (t Tool) RequiresClientAuthorization() bool {
+	return false
+}

internal/tools/looker/lookergetmeasures/lookergetmeasures.go

@@ -160,3 +160,7 @@ func (t Tool) McpManifest() tools.McpManifest {
 func (t Tool) Authorized(verifiedAuthServices []string) bool {
 	return tools.IsAuthorized(t.AuthRequired, verifiedAuthServices)
 }
+
+func (t Tool) RequiresClientAuthorization() bool {
+	return false
+}

internal/tools/looker/lookergetmodels/lookergetmodels.go

@@ -160,3 +160,7 @@ func (t Tool) McpManifest() tools.McpManifest {
 func (t Tool) Authorized(verifiedAuthServices []string) bool {
 	return tools.IsAuthorized(t.AuthRequired, verifiedAuthServices)
 }
+
+func (t Tool) RequiresClientAuthorization() bool {
+	return false
+}

internal/tools/looker/lookergetparameters/lookergetparameters.go

@@ -160,3 +160,7 @@ func (t Tool) McpManifest() tools.McpManifest {
 func (t Tool) Authorized(verifiedAuthServices []string) bool {
 	return tools.IsAuthorized(t.AuthRequired, verifiedAuthServices)
 }
+
+func (t Tool) RequiresClientAuthorization() bool {
+	return false
+}

internal/tools/looker/lookermakedashboard/lookermakedashboard.go

@@ -199,3 +199,7 @@ func (t Tool) McpManifest() tools.McpManifest {
 func (t Tool) Authorized(verifiedAuthServices []string) bool {
 	return tools.IsAuthorized(t.AuthRequired, verifiedAuthServices)
 }
+
+func (t Tool) RequiresClientAuthorization() bool {
+	return false
+}

internal/tools/looker/lookermakelook/lookermakelook.go

@@ -217,3 +217,7 @@ func (t Tool) McpManifest() tools.McpManifest {
 func (t Tool) Authorized(verifiedAuthServices []string) bool {
 	return tools.IsAuthorized(t.AuthRequired, verifiedAuthServices)
 }
+
+func (t Tool) RequiresClientAuthorization() bool {
+	return false
+}

internal/tools/looker/lookerquery/lookerquery.go

@@ -157,3 +157,7 @@ func (t Tool) McpManifest() tools.McpManifest {
 func (t Tool) Authorized(verifiedAuthServices []string) bool {
 	return tools.IsAuthorized(t.AuthRequired, verifiedAuthServices)
 }
+
+func (t Tool) RequiresClientAuthorization() bool {
+	return false
+}

internal/tools/looker/lookerquerysql/lookerquerysql.go

@@ -148,3 +148,7 @@ func (t Tool) McpManifest() tools.McpManifest {
 func (t Tool) Authorized(verifiedAuthServices []string) bool {
 	return tools.IsAuthorized(t.AuthRequired, verifiedAuthServices)
 }
+
+func (t Tool) RequiresClientAuthorization() bool {
+	return false
+}

internal/tools/looker/lookerqueryurl/lookerqueryurl.go

@@ -173,3 +173,7 @@ func (t Tool) McpManifest() tools.McpManifest {
 func (t Tool) Authorized(verifiedAuthServices []string) bool {
 	return tools.IsAuthorized(t.AuthRequired, verifiedAuthServices)
 }
+
+func (t Tool) RequiresClientAuthorization() bool {
+	return false
+}

internal/tools/looker/lookerrunlook/lookerrunlook.go

@@ -165,3 +165,7 @@ func (t Tool) McpManifest() tools.McpManifest {
 func (t Tool) Authorized(verifiedAuthServices []string) bool {
 	return tools.IsAuthorized(t.AuthRequired, verifiedAuthServices)
 }
+
+func (t Tool) RequiresClientAuthorization() bool {
+	return false
+}

internal/tools/mongodb/mongodbaggregate/mongodbaggregate.go

@@ -202,3 +202,7 @@ func (t Tool) McpManifest() tools.McpManifest {
 func (t Tool) Authorized(verifiedAuthServices []string) bool {
 	return tools.IsAuthorized(t.AuthRequired, verifiedAuthServices)
 }
+
+func (t Tool) RequiresClientAuthorization() bool {
+	return false
+}

internal/tools/mongodb/mongodbdeletemany/mongodbdeletemany.go

@@ -177,3 +177,7 @@ func (t Tool) McpManifest() tools.McpManifest {
 func (t Tool) Authorized(verifiedAuthServices []string) bool {
 	return tools.IsAuthorized(t.AuthRequired, verifiedAuthServices)
 }
+
+func (t Tool) RequiresClientAuthorization() bool {
+	return false
+}

internal/tools/mongodb/mongodbdeleteone/mongodbdeleteone.go

@@ -172,3 +172,7 @@ func (t Tool) McpManifest() tools.McpManifest {
 func (t Tool) Authorized(verifiedAuthServices []string) bool {
 	return tools.IsAuthorized(t.AuthRequired, verifiedAuthServices)
 }
+
+func (t Tool) RequiresClientAuthorization() bool {
+	return false
+}

internal/tools/mongodb/mongodbfind/mongodbfind.go

@@ -242,3 +242,7 @@ func (t Tool) McpManifest() tools.McpManifest {
 func (t Tool) Authorized(verifiedAuthServices []string) bool {
 	return tools.IsAuthorized(t.AuthRequired, verifiedAuthServices)
 }
+
+func (t Tool) RequiresClientAuthorization() bool {
+	return false
+}

internal/tools/mongodb/mongodbfindone/mongodbfindone.go

@@ -231,3 +231,7 @@ func (t Tool) McpManifest() tools.McpManifest {
 func (t Tool) Authorized(verifiedAuthServices []string) bool {
 	return tools.IsAuthorized(t.AuthRequired, verifiedAuthServices)
 }
+
+func (t Tool) RequiresClientAuthorization() bool {
+	return false
+}

internal/tools/mongodb/mongodbinsertmany/mongodbinsertmany.go

@@ -165,3 +165,7 @@ func (t Tool) McpManifest() tools.McpManifest {
 func (t Tool) Authorized(verifiedAuthServices []string) bool {
 	return tools.IsAuthorized(t.AuthRequired, verifiedAuthServices)
 }
+
+func (t Tool) RequiresClientAuthorization() bool {
+	return false
+}

internal/tools/mongodb/mongodbinsertone/mongodbinsertone.go

@@ -164,3 +164,7 @@ func (t Tool) McpManifest() tools.McpManifest {
 func (t Tool) Authorized(verifiedAuthServices []string) bool {
 	return tools.IsAuthorized(t.AuthRequired, verifiedAuthServices)
 }
+
+func (t Tool) RequiresClientAuthorization() bool {
+	return false
+}

internal/tools/mongodb/mongodbupdatemany/mongodbupdatemany.go

@@ -191,3 +191,7 @@ func (t Tool) McpManifest() tools.McpManifest {
 func (t Tool) Authorized(verifiedAuthServices []string) bool {
 	return tools.IsAuthorized(t.AuthRequired, verifiedAuthServices)
 }
+
+func (t Tool) RequiresClientAuthorization() bool {
+	return false
+}

internal/tools/mongodb/mongodbupdateone/mongodbupdateone.go

@@ -192,3 +192,7 @@ func (t Tool) McpManifest() tools.McpManifest {
 func (t Tool) Authorized(verifiedAuthServices []string) bool {
 	return tools.IsAuthorized(t.AuthRequired, verifiedAuthServices)
 }
+
+func (t Tool) RequiresClientAuthorization() bool {
+	return false
+}

internal/tools/mssql/mssqlexecutesql/mssqlexecutesql.go

@@ -188,3 +188,7 @@ func (t Tool) McpManifest() tools.McpManifest {
 func (t Tool) Authorized(verifiedAuthServices []string) bool {
 	return tools.IsAuthorized(t.AuthRequired, verifiedAuthServices)
 }
+
+func (t Tool) RequiresClientAuthorization() bool {
+	return false
+}

internal/tools/mssql/mssqlsql/mssqlsql.go

@@ -210,3 +210,7 @@ func (t Tool) McpManifest() tools.McpManifest {
 func (t Tool) Authorized(verifiedAuthServices []string) bool {
 	return tools.IsAuthorized(t.AuthRequired, verifiedAuthServices)
 }
+
+func (t Tool) RequiresClientAuthorization() bool {
+	return false
+}

internal/tools/mysql/mysqlexecutesql/mysqlexecutesql.go

@@ -202,3 +202,7 @@ func (t Tool) McpManifest() tools.McpManifest {
 func (t Tool) Authorized(verifiedAuthServices []string) bool {
 	return tools.IsAuthorized(t.AuthRequired, verifiedAuthServices)
 }
+
+func (t Tool) RequiresClientAuthorization() bool {
+	return false
+}

internal/tools/mysql/mysqlsql/mysqlsql.go

@@ -220,3 +220,7 @@ func (t Tool) McpManifest() tools.McpManifest {
 func (t Tool) Authorized(verifiedAuthServices []string) bool {
 	return tools.IsAuthorized(t.AuthRequired, verifiedAuthServices)
 }
+
+func (t Tool) RequiresClientAuthorization() bool {
+	return false
+}

internal/tools/neo4j/neo4jcypher/neo4jcypher.go

@@ -158,3 +158,7 @@ func (t Tool) McpManifest() tools.McpManifest {
 func (t Tool) Authorized(verifiedAuthServices []string) bool {
 	return tools.IsAuthorized(t.AuthRequired, verifiedAuthServices)
 }
+
+func (t Tool) RequiresClientAuthorization() bool {
+	return false
+}

internal/tools/neo4j/neo4jexecutecypher/neo4jexecutecypher.go

@@ -180,3 +180,7 @@ func (t Tool) McpManifest() tools.McpManifest {
 func (t Tool) Authorized(verifiedAuthServices []string) bool {
 	return tools.IsAuthorized(t.AuthRequired, verifiedAuthServices)
 }
+
+func (t Tool) RequiresClientAuthorization() bool {
+	return false
+}

internal/tools/neo4j/neo4jschema/neo4jschema.go

@@ -184,6 +184,10 @@ func (t Tool) Authorized(verifiedAuthServices []string) bool {
 	return tools.IsAuthorized(t.AuthRequired, verifiedAuthServices)
 }
 
+func (t Tool) RequiresClientAuthorization() bool {
+	return false
+}
+
 // checkAPOCProcedures verifies if essential APOC procedures are available in the database.
 // It returns true only if all required procedures are found.
 func (t Tool) checkAPOCProcedures(ctx context.Context) (bool, error) {

internal/tools/oceanbase/oceanbaseexecutesql/oceanbaseexecutesql.go

@@ -197,3 +197,7 @@ func (t Tool) McpManifest() tools.McpManifest {
 func (t Tool) Authorized(verifiedAuthServices []string) bool {
 	return tools.IsAuthorized(t.AuthRequired, verifiedAuthServices)
 }
+
+func (t Tool) RequiresClientAuthorization() bool {
+	return false
+}

internal/tools/oceanbase/oceanbasesql/oceanbasesql.go

@@ -214,3 +214,7 @@ func (t Tool) McpManifest() tools.McpManifest {
 func (t Tool) Authorized(verifiedAuthServices []string) bool {
 	return tools.IsAuthorized(t.AuthRequired, verifiedAuthServices)
 }
+
+func (t Tool) RequiresClientAuthorization() bool {
+	return false
+}

internal/tools/postgres/postgresexecutesql/postgresexecutesql.go

@@ -170,3 +170,7 @@ func (t Tool) McpManifest() tools.McpManifest {
 func (t Tool) Authorized(verifiedAuthServices []string) bool {
 	return tools.IsAuthorized(t.AuthRequired, verifiedAuthServices)
 }
+
+func (t Tool) RequiresClientAuthorization() bool {
+	return false
+}

internal/tools/postgres/postgressql/postgressql.go

@@ -179,3 +179,7 @@ func (t Tool) McpManifest() tools.McpManifest {
 func (t Tool) Authorized(verifiedAuthServices []string) bool {
 	return tools.IsAuthorized(t.AuthRequired, verifiedAuthServices)
 }
+
+func (t Tool) RequiresClientAuthorization() bool {
+	return false
+}

internal/tools/redis/redis.go

@@ -176,6 +176,10 @@ func (t Tool) Authorized(verifiedAuthServices []string) bool {
 	return tools.IsAuthorized(t.AuthRequired, verifiedAuthServices)
 }
 
+func (t Tool) RequiresClientAuthorization() bool {
+	return false
+}
+
 // replaceCommandsParams is a helper function to replace parameters in the commands
 
 func replaceCommandsParams(commands [][]string, params tools.Parameters, paramValues tools.ParamValues) ([][]any, error) {

internal/tools/spanner/spannerexecutesql/spannerexecutesql.go

@@ -200,3 +200,7 @@ func (t Tool) McpManifest() tools.McpManifest {
 func (t Tool) Authorized(verifiedAuthServices []string) bool {
 	return tools.IsAuthorized(t.AuthRequired, verifiedAuthServices)
 }
+
+func (t Tool) RequiresClientAuthorization() bool {
+	return false
+}

internal/tools/spanner/spannersql/spannersql.go

@@ -250,3 +250,7 @@ func (t Tool) McpManifest() tools.McpManifest {
 func (t Tool) Authorized(verifiedAuthServices []string) bool {
 	return tools.IsAuthorized(t.AuthRequired, verifiedAuthServices)
 }
+
+func (t Tool) RequiresClientAuthorization() bool {
+	return false
+}

internal/tools/sqlitesql/sqlitesql.go

@@ -206,3 +206,7 @@ func (t Tool) McpManifest() tools.McpManifest {
 func (t Tool) Authorized(verifiedAuthServices []string) bool {
 	return tools.IsAuthorized(t.AuthRequired, verifiedAuthServices)
 }
+
+func (t Tool) RequiresClientAuthorization() bool {
+	return false
+}

internal/tools/tidb/tidbexecutesql/tidbexecutesql.go

@@ -200,3 +200,7 @@ func (t Tool) McpManifest() tools.McpManifest {
 func (t Tool) Authorized(verifiedAuthServices []string) bool {
 	return tools.IsAuthorized(t.AuthRequired, verifiedAuthServices)
 }
+
+func (t Tool) RequiresClientAuthorization() bool {
+	return false
+}

internal/tools/tidb/tidbsql/tidbsql.go

@@ -218,3 +218,7 @@ func (t Tool) McpManifest() tools.McpManifest {
 func (t Tool) Authorized(verifiedAuthServices []string) bool {
 	return tools.IsAuthorized(t.AuthRequired, verifiedAuthServices)
 }
+
+func (t Tool) RequiresClientAuthorization() bool {
+	return false
+}

internal/tools/tools.go

@@ -71,6 +71,7 @@ type Tool interface {
 	Manifest() Manifest
 	McpManifest() McpManifest
 	Authorized([]string) bool
+	RequiresClientAuthorization() bool
 }
 
 // Manifest is the representation of tools sent to Client SDKs.

internal/tools/trino/trinoexecutesql/trinoexecutesql.go

@@ -185,3 +185,7 @@ func (t Tool) McpManifest() tools.McpManifest {
 func (t Tool) Authorized(verifiedAuthServices []string) bool {
 	return tools.IsAuthorized(t.AuthRequired, verifiedAuthServices)
 }
+
+func (t Tool) RequiresClientAuthorization() bool {
+	return false
+}

internal/tools/trino/trinosql/trinosql.go

@@ -200,3 +200,7 @@ func (t Tool) McpManifest() tools.McpManifest {
 func (t Tool) Authorized(verifiedAuthServices []string) bool {
 	return tools.IsAuthorized(t.AuthRequired, verifiedAuthServices)
 }
+
+func (t Tool) RequiresClientAuthorization() bool {
+	return false
+}

internal/tools/utility/alloydbwaitforoperation/alloydbwaitforoperation.go

@@ -373,3 +373,7 @@ func (t Tool) McpManifest() tools.McpManifest {
 func (t Tool) Authorized(verifiedAuthServices []string) bool {
 	return true
 }
+
+func (t Tool) RequiresClientAuthorization() bool {
+	return false
+}

internal/tools/utility/wait/wait.go

@@ -118,3 +118,7 @@ func (t Tool) McpManifest() tools.McpManifest {
 func (t Tool) Authorized(verifiedAuthServices []string) bool {
 	return true
 }
+
+func (t Tool) RequiresClientAuthorization() bool {
+	return false
+}

internal/tools/valkey/valkey.go

@@ -203,3 +203,7 @@ func (t Tool) McpManifest() tools.McpManifest {
 func (t Tool) Authorized(verifiedAuthServices []string) bool {
 	return tools.IsAuthorized(t.AuthRequired, verifiedAuthServices)
 }
+
+func (t Tool) RequiresClientAuthorization() bool {
+	return false
+}