refactor(mcp): compose origin allowlist as middleware, remove duplication

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

internal/mcp/server_test.go

@@ -17,9 +17,8 @@ func newServer(t *testing.T) *mcp.Server {
 	t.Helper()
 	reg := registry.New()
 	return mcp.NewServer(mcp.ServerOptions{
-		Registry:        reg,
-		OriginAllowlist: nil,
-		Sessions:        mcp.NewSessionStore(),
+		Registry: reg,
+		Sessions: mcp.NewSessionStore(),
 	})
 }
 
@@ -68,6 +67,22 @@ func TestPostWithoutSessionRejected(t *testing.T) {
 	require.Equal(t, http.StatusBadRequest, rr.Code)
 }
 
+func TestServerWithOriginAllowlistRejectsBadOrigin(t *testing.T) {
+	srv := mcp.OriginAllowlist([]string{"https://claude.ai"})(newServer(t))
+	body, _ := json.Marshal(map[string]any{
+		"jsonrpc": "2.0",
+		"id":      1,
+		"method":  "initialize",
+		"params":  map[string]any{"protocolVersion": "2025-06-18"},
+	})
+	req := httptest.NewRequest(http.MethodPost, "/", bytes.NewBuffer(body))
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("Origin", "https://evil.example")
+	rr := httptest.NewRecorder()
+	srv.ServeHTTP(rr, req)
+	assert.Equal(t, http.StatusForbidden, rr.Code)
+}
+
 func TestToolsListAfterInitialize(t *testing.T) {
 	srv := newServer(t)
 	init := postJSON(t, srv, map[string]any{