refactor(@angular/cli): integrate MCP roots into Host abstraction

Update the `Host` abstraction to be aware of allowed roots provided by the MCP client. A new `createRootRestrictedHost` wrapper enforces that file operations and command executions stay within these roots. The server is updated to initialize roots on connection and listen for changes.

Author: clydin

packages/angular/cli/src/commands/mcp/host.ts

@@ -19,7 +19,7 @@ import { Stats } from 'node:fs';
 import { glob as nodeGlob, readFile as nodeReadFile, stat } from 'node:fs/promises';
 import { createRequire } from 'node:module';
 import { createServer } from 'node:net';
-import { dirname, join, resolve } from 'node:path';
+import { dirname, isAbsolute, join, relative, resolve } from 'node:path';
 
 /**
  * An error thrown when a command fails to execute.
@@ -124,6 +124,11 @@ export interface Host {
    * Checks whether a TCP port is available on the system.
    */
   isPortAvailable(port: number): Promise<boolean>;
+
+  /**
+   * Sets the allowed roots for this host.
+   */
+  setRoots(roots: string[]): void;
 }
 
 function resolveCommand(
@@ -287,4 +292,65 @@ export const LocalWorkspaceHost: Host = {
       });
     });
   },
+
+  setRoots(roots: string[]) {
+    // LocalWorkspaceHost does not enforce roots, so this is a no-op.
+  },
 };
+
+export function createRootRestrictedHost(
+  baseHost: Host,
+  initialRoots: string[] = [process.cwd()],
+): Host {
+  let roots = initialRoots;
+
+  function checkPath(path: string) {
+    const resolvedPath = resolve(path);
+    const isAllowed = roots.some((root) => {
+      const rel = relative(root, resolvedPath);
+
+      return !rel.startsWith('..') && !isAbsolute(rel);
+    });
+
+    if (!isAllowed) {
+      throw new Error(`Access denied: path '${path}' is outside allowed roots.`);
+    }
+  }
+
+  return {
+    ...baseHost,
+    setRoots(newRoots: string[]) {
+      roots = newRoots;
+    },
+    stat(path: string) {
+      checkPath(path);
+
+      return baseHost.stat(path);
+    },
+    existsSync(path: string) {
+      checkPath(path);
+
+      return baseHost.existsSync(path);
+    },
+    readFile(path: string, encoding: 'utf-8') {
+      checkPath(path);
+
+      return baseHost.readFile(path, encoding);
+    },
+    glob(pattern: string, options: { cwd: string }) {
+      checkPath(options.cwd);
+
+      return baseHost.glob(pattern, options);
+    },
+    runCommand(command: string, args: readonly string[], options: { cwd?: string } = {}) {
+      checkPath(options.cwd ?? process.cwd());
+
+      return baseHost.runCommand(command, args, options);
+    },
+    spawn(command: string, args: readonly string[], options: { cwd?: string } = {}) {
+      checkPath(options.cwd ?? process.cwd());
+
+      return baseHost.spawn(command, args, options);
+    },
+  };
+}

packages/angular/cli/src/commands/mcp/mcp-server.ts

@@ -7,11 +7,13 @@
  */
 
 import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
-import { join } from 'node:path';
+import { RootsListChangedNotificationSchema } from '@modelcontextprotocol/sdk/types.js';
+import { join, normalize } from 'node:path';
+import { fileURLToPath } from 'node:url';
 import type { AngularWorkspace } from '../../utilities/config';
 import { VERSION } from '../../utilities/version';
 import type { Devserver } from './devserver';
-import { LocalWorkspaceHost } from './host';
+import { LocalWorkspaceHost, createRootRestrictedHost } from './host';
 import { registerInstructionsResource } from './resources/instructions';
 import { AI_TUTOR_TOOL } from './tools/ai-tutor';
 import { BEST_PRACTICES_TOOL } from './tools/best-practices';
@@ -124,14 +126,48 @@ equivalent actions.
     logger,
   });
 
+  const restrictedHost = createRootRestrictedHost(LocalWorkspaceHost);
+
+  server.server.oninitialized = () => {
+    void (async () => {
+      try {
+        const clientCapabilities = server.server.getClientCapabilities();
+        if (clientCapabilities?.roots) {
+          const { roots } = await server.server.listRoots();
+          const searchRoots = roots?.map((r) => normalize(fileURLToPath(r.uri))) ?? [];
+          restrictedHost.setRoots(searchRoots);
+
+          if (clientCapabilities.roots.listChanged) {
+            server.server.setNotificationHandler(RootsListChangedNotificationSchema, async () => {
+              try {
+                const { roots: updatedRoots } = await server.server.listRoots();
+                const updatedSearchRoots =
+                  updatedRoots?.map((r) => normalize(fileURLToPath(r.uri))) ?? [];
+                restrictedHost.setRoots(updatedSearchRoots);
+              } catch (e) {
+                logger.warn(
+                  `Failed to update roots on notification: ${e instanceof Error ? e.message : e}`,
+                );
+              }
+            });
+          }
+        }
+      } catch (e) {
+        logger.warn(
+          `Failed to initialize roots on connection: ${e instanceof Error ? e.message : e}`,
+        );
+      }
+    })();
+  };
+
   await registerTools(
     server,
     {
       workspace: options.workspace,
       logger,
       exampleDatabasePath: join(__dirname, '../../../lib/code-examples.db'),
       devservers: new Map<string, Devserver>(),
-      host: LocalWorkspaceHost,
+      host: restrictedHost,
     },
     toolDeclarations,
   );

packages/angular/cli/src/commands/mcp/testing/mock-host.ts

@@ -22,4 +22,5 @@ export class MockHost implements Host {
   spawn = jasmine.createSpy('spawn');
   getAvailablePort = jasmine.createSpy('getAvailablePort');
   isPortAvailable = jasmine.createSpy('isPortAvailable').and.resolveTo(true);
+  setRoots = jasmine.createSpy('setRoots');
 }