MCP and Protocols
MCP Client Roots
When your Model Context Protocol (MCP) client connects to a server, it declares roots: the specific filesystem paths or resource boundaries the server is allowed to operate within. Without roots, a server has no authoritative scope, and different server implementations resolve this ambiguity differently — some default to the working directory, some attempt to infer scope from the first tool call, and some operate on the full filesystem until explicitly constrained. The consequence of getting scoping wrong is not just a security exposure; it is an agent that silently reads or modifies files outside your project, producing changes you did not intend and cannot easily trace back to a misconfigured boundary.
connected to
resources
MCP: Rootsmodelcontextprotocol.ioOfficial specification for the Roots mechanism in MCP (modelcontextprotocol.io)MCP: Architecturemodelcontextprotocol.ioHow roots fit into the overall MCP client-server architecture (modelcontextprotocol.io)MCP TypeScript SDKgithub.comReference implementation showing how roots are declared and consumed (github.com)MCP Security Considerationsmodelcontextprotocol.ioSecurity implications of root declarations in MCP (modelcontextprotocol.io)