What is MCP roots?

Roots are a client-side capability in the Model Context Protocol that let the host declare the boundaries a server may work inside. A root is a URI, most often a file:// directory but it can be any URI, and the set of roots a client advertises describes the workspace the server should confine itself to: the folders of the currently open project, for instance, rather than the entire disk. During initialization the client signals that it supports roots; the server can then ask for the current list, and the client can notify the server whenever that list changes (for example when the user opens a new folder). Roots are advisory rather than a hard sandbox, the protocol expects well-behaved servers to respect them, so they pair naturally with host-level permission prompts and OS-level isolation. Their value is twofold: they keep a server's attention scoped to relevant locations so it does not wander across unrelated files, and they give the user a clear mental model of what an agent can reach. A filesystem server, for example, uses roots to limit reads and writes to the directories the user explicitly shared.