As a User/Agent, I want to see only the tools I am allowed to use when requesting a list of available tools from the MCP Gateway, so that I avoid attempts to use tools that I don't have access to call.

Considerations:

• On tools/list, apply filtering logic based on user identity
• Tools can be aggregated across multiple MCP Servers, so a filtered list is from all MCP Servers
• Should each tool should be associated with access control metadata during registration?
• Avoid leaking tool names or descriptions the user should not see
• Use the same identity source as for authentication

https://github.com/kagenti/mcp-gateway/issues/28