MCP server-card auth check

MCP Server-Card Auth Check

Auth metadata is the difference between a discoverable MCP endpoint and one that agents can integrate safely without guessing.

Review steps

Confirm auth.required and authentication.required are true when paid access is used.
Check the bearer header format and token claim language.
Reject vague access phrases that do not name a scheme or header.
Record missing auth metadata as a launch blocker before distribution.