chughtapan
diff --git a/‎#SEP-Non-File-URI-Roots.md#‎
Lines changed: 84 additions & 0 deletions b/‎#SEP-Non-File-URI-Roots.md#‎
Lines changed: 84 additions & 0 deletions
diff --git a/‎#SEP-Resource-List-Prefix-Filter.md#‎
Lines changed: 166 additions & 0 deletions b/‎#SEP-Resource-List-Prefix-Filter.md#‎
Lines changed: 166 additions & 0 deletions
diff --git a/‎.LICENSE.~undo-tree~‎
Lines changed: 4 additions & 0 deletions b/‎.LICENSE.~undo-tree~‎
Lines changed: 4 additions & 0 deletions
@@ -0,0 +1,84 @@
+# SEP: Allow Non-File URI Schemes for Roots
+
+## Preamble
+
+**Title:** Allow Non-File URI Schemes for Roots
+**Status:** Proposal
+**Authors:** Tapan Chugh (@chughtapan), (original proposal by @noctonic in [PR #507](https://github.com/modelcontextprotocol/modelcontextprotocol/pull/507))
+**Type:** Standards Track
+**Created:** 2025-09-23
+
+## Abstract
+
+This SEP proposes removing the restriction that root URIs must begin with `file://`, allowing servers to work with remote resources through any URI scheme. 
+
+## Motivation
+
+Consider the following MCP servers, where scoping access to specific resources using roots is highly desirable: 
+
+1. **Cloud Storage**: Restricting access to specific S3 buckets or prefixes using `s3://bucket-name/prefix/` roots allows operating only within designated storage areas while preventing access to other buckets or sensitive data paths.
+
+2. **Version Control Repository**: Limiting operations to specific repositories using `https://github.com/owner/repo/` roots limits actions within the current project context without inadvertently affecting other repositories.
+
+3. **Databases**: Restricting databases to `postgres://host/database/schema/` roots enables fine-grained control over which schemas, tables, or collections a server can query or modify. No more accidentally deleting the production database.
+
+
+## Specification
+
+This change was originally proposed in [PR #507](https://github.com/modelcontextprotocol/modelcontextprotocol/pull/507). 
+
+### Schema Changes
+
+Update the `Root` interface in all schema versions to remove the file:// restriction:
+
+```typescript
+export interface Root {
+  /**
+   * The URI identifying the root. This can be any valid URI scheme.
+   * Common schemes include file://, https://, github://, s3://, etc.
+   * Servers should document which URI schemes they support.
+   *
+   * @format uri
+   */
+  uri: string;
+  
+  /**
+   * An optional human-readable name for this root.
+   */
+  name?: string;
+  
+  /**
+   * Optional metadata for this root.
+   */
+  _meta?: { [key: string]: unknown };
+}
+```
+
+The specification should include guidance that servers must document their supported URI schemes and validate them. Clients may provide roots with any URI scheme, and servers must gracefully handle unsupported schemes by returning clear error messages rather than failing silently. 
+
+## Rationale
+
+The decision to simply remove the file:// restriction rather than creating a more complex schema stems from several considerations. The URI field in the current schema already accepts any valid URI as a string; the file:// requirement is purely a documentation constraint rather than a technical limitation. Resources in MCP already support any URI scheme, and maintaining consistency between resources and roots simplifies the mental model for developers.
+
+Alternative approaches were considered but rejected for adding unnecessary complexity: creating separate mechanisms for local and remote servers does not provide any clear benefits and fragmenents the ecosystem. A more flexible configuration scheme beyond URIs might be helpful, but we defer backward incompatible changes to the future, depending upon if there is any demand in the community. 
+
+Thr simple approach of allowing any URI maintains complete backward compatibility. Existing clients continue sending file:// roots unchanged, existing servers continue accepting them, and the ecosystem can gradually adopt support for additional schemes as needed. This evolutionary approach allows the community to discover optimal patterns through real-world usage rather than attempting to predict all future needs upfront.
+
+## Backward Compatibility
+
+This change is fully backward compatible with existing implementations. 
+
+## Reference Implementation
+
+A complete reference implementation is available in [github.com/chughtapan/wags](https://github.com/chughtapan/wags/blob/main/src/wags/middleware/roots.py), demonstrating root validation across multiple URI schemes with practical examples of enforcement patterns. 
+
+The library provides a helpful decorator for server tools to declare which roots they would consume:
+```python
+@mcp.tool
+@requires_root("https://github.com/{owner}/{repo}")
+async def create_issue(self, owner: str, repo: str, title: str, body: str):
+    # Proceed with search operation
+```
+and the `call_tool` tool handlers check that provides a root which satisfies this requirement before proceeding.
+
+**Python SDK Changes:** https://github.com/modelcontextprotocol/python-sdk/pull/1390
@@ -0,0 +1,166 @@
+# SEP: Resource List Prefix Filter
+
+## Preamble
+
+**Title:** Resource List Prefix Filter
+**Status:** Proposal
+**Author:** Tapan Chugh (@chughtapan)
+**Type:** Standards Track
+**Created:** 2025-07-31
+
+## Abstract
+
+This SEP proposes adding an optional `prefix` parameter to the `resources/list` and `resources/templates/list` requests to enable servers to efficiently filter resources and resource templates by URI prefix, to improve discoverability of resources for clients when servers expose thousands of resources (or more).
+
+## Motivation
+
+While the protocol already supports pagination for handling large resource lists, this alone is insufficient when servers expose thousands of resources. Clients must retrieve multiple pages and implement local filtering to find specific resources, which becomes complex when combined with pagination as they must track filtered results across page boundaries. This leads to inefficiency as the same filtering logic is reimplemented in every client, with redundant data transfer for resources that will be discarded. Since resources already use URI format, prefix-based filtering is a natural solution that offloads this common operation to the server.
+
+## Specification
+
+### Schema Changes
+
+Update `ListResourcesRequest` and `ListResourceTemplatesRequest` interfaces to include an optional `prefix` parameter:
+
+```typescript
+export interface ListResourcesRequest extends PaginatedRequest {
+  method: "resources/list";
+  params?: {
+    /**
+     * Optional URI prefix to filter resources.
+     * Only resources whose URI starts with this prefix will be returned.
+     */
+    prefix?: string;
+  } & PaginatedRequest["params"];
+}
+
+export interface ListResourceTemplatesRequest extends PaginatedRequest {
+  method: "resources/templates/list";
+  params?: {
+    /**
+     * Optional URI prefix to filter resource templates.
+     * Only templates whose URI template starts with this prefix will be returned.
+     */
+    prefix?: string;
+  } & PaginatedRequest["params"];
+}
+```
+
+### Behavior
+
+1. **Prefix matching**: The server returns only resources whose URI (or URI template) starts with the prefix
+2. **Pagination compatibility**: Prefix filtering works with pagination - the cursor represents position within the filtered results
+
+### Examples
+
+Request with prefix filter:
+
+```json
+{
+  "jsonrpc": "2.0",
+  "id": 1,
+  "method": "resources/list",
+  "params": {
+    "prefix": "file:///project/src/"
+  }
+}
+```
+
+Response:
+
+```json
+{
+  "jsonrpc": "2.0",
+  "id": 1,
+  "result": {
+    "resources": [
+      {
+        "uri": "file:///project/src/main.py",
+        "name": "main.py"
+      },
+      {
+        "uri": "file:///project/src/config.json",
+        "name": "config.json"
+      }
+    ]
+  }
+}
+```
+
+Combining with pagination:
+
+```json
+{
+  "jsonrpc": "2.0",
+  "id": 2,
+  "method": "resources/list",
+  "params": {
+    "prefix": "https://api.example.com/users/",
+    "cursor": "cursor-123"
+  }
+}
+```
+
+Resource templates with prefix filter:
+
+```json
+{
+  "jsonrpc": "2.0",
+  "id": 3,
+  "method": "resources/templates/list",
+  "params": {
+    "prefix": "https://api.example.com/"
+  }
+}
+```
+
+Response:
+
+```json
+{
+  "jsonrpc": "2.0",
+  "id": 3,
+  "result": {
+    "resourceTemplates": [
+      {
+        "uriTemplate": "https://api.example.com/users/{id}",
+        "name": "User Details"
+      },
+      {
+        "uriTemplate": "https://api.example.com/posts/{postId}",
+        "name": "Blog Post"
+      }
+    ]
+  }
+}
+```
+
+## Rationale
+
+Resources are a powerful abstraction in MCP that limit the scope of information available to LLMs. Efficient discoverability of these resources is crucial for effective context management. As the number of resources exposed by servers increases into thousands or millions, naively returning all resources becomes inefficient and convoluted for clients to handle. Given the hierarchical structure inherent in URIs, prefix-based filtering provides the simplest approach to improve resource discoverability.
+
+### Alternatives Considered
+
+1. **Glob patterns**: Although more flexible than simple prefixes, the value from the additional implementation complexity does not seem clear given the hierarchical nature of URIs.
+
+2. **Client-side filtering**: Implementation complexity with pagination; inefficient for large resource sets.
+
+3. **Separate method**: Adds unnecessary protocol complexity and duplicates logic.
+
+## Backward Compatibility
+
+While the `prefix` parameter is optional in the schema, this feature requires updates to SDKs to expose the prefix parameter. Existing clients continue to work as it is since the parameter is optional.
+
+## Reference Implementation
+
+TBD
+
+## Security Implications
+
+Prefix filtering doesn't grant access to resources that wouldn't already be accessible through pagination. It only provides a more efficient way to retrieve subsets of already-accessible resources.
+
+## Open Questions
+
+1. Should we consider path-based prefix matching versus string-based prefix matching? For example, should the prefix `uri://a` match `uri://abc/def` or not? Assuming the prefix to be path prefix seems like the easiest to implement especially with templates in mix.
+
+2. For resource templates with embedded variables (e.g., `https://api.example.com/users/{id}/operations/{action}`), should we resolve partial parameters and try to match them against templates? This seems a little tricky to get right: While resolving template parameters makes sense from an improving discoverability perspective, it's unclear if returning something like: `https://api.example.com/users/123/operations/{action}` is in line with semantics that we want list_templates to offer.
@@ -0,0 +1,4 @@
+(undo-tree-save-format-version . 1)
+"62ea415015c2b81baec7e7383d2723c15d2d2fb5"
+[nil current nil nil (27010 22883 841971 0) 0 nil]
+nil