Why architecture matters here

Roots fail on path traversal + missing user consent. Architecture matters because scope + validation + consent all combine.

Advertisement

The architecture: every piece explained

The top strip is the flow. Client defines roots. roots/list. Root scope. Change notify.

The middle row is safety. Permission model. Path validation. Multi-root support. User consent.

The lower rows are ops. Audit. Observability. Ops — governance + tests + updates.

MCP roots — workspace scoping + permission + discovery + safetywhat the server is allowed to seeClient defines rootsURIs it exposesroots/listserver queriesRoot scopeworkspace boundaryChange notifyroots updatedPermission modelserver can't escapePath validationno traversalMulti-root supportmultiple projectsUser consentadd / remove rootsAuditserver ops loggedObservabilityroot usageOps — governance + tests + updatesenforcevalidatecomposeconsentlogwatchwatchoperateoperate
MCP roots + permission + user consent.
Advertisement

End-to-end flow

End-to-end: user opens project. Client declares root = /home/me/project. Server calls roots/list. Server operates only within root. User adds second project; change notify updates server. Path traversal attempts rejected at client boundary.