refactor(@angular/cli): integrate MCP roots into Host abstraction

Update the `Host` abstraction to be aware of allowed roots provided by the MCP client. A new `createRootRestrictedHost` wrapper enforces that file operations and command executions stay within these roots. The server is updated to initialize roots on connection and listen for changes.

Author: clydin

packages/angular/cli/src/commands/mcp/host.ts

@@ -19,7 +19,7 @@ import { Stats } from 'node:fs';
 import { glob as nodeGlob, readFile as nodeReadFile, stat } from 'node:fs/promises';
 import { createRequire } from 'node:module';
 import { createServer } from 'node:net';
-import { dirname, join, resolve } from 'node:path';
+import { dirname, isAbsolute, join, relative, resolve } from 'node:path';
 
 /**
  * An error thrown when a command fails to execute.
@@ -124,6 +124,11 @@ export interface Host {
    * Checks whether a TCP port is available on the system.
    */
   isPortAvailable(port: number): Promise<boolean>;
+
+  /**
+   * Sets the allowed roots for this host.
+   */
+  setRoots(roots: string[]): void;
 }
 
 function resolveCommand(
@@ -287,4 +292,55 @@ export const LocalWorkspaceHost: Host = {
       });
     });
   },
+
+  setRoots(roots: string[]) {
+    // LocalWorkspaceHost does not enforce roots, so this is a no-op.
+  },
 };
+
+export function createRootRestrictedHost(baseHost: Host, initialRoots: string[] = [process.cwd()]): Host {
+  let roots = initialRoots;
+
+  function checkPath(path: string) {
+    const resolvedPath = resolve(path);
+    const isAllowed = roots.some((root) => {
+      const rel = relative(root, resolvedPath);
+      return !rel.startsWith('..') && !isAbsolute(rel);
+    });
+    
+    if (!isAllowed) {
+      throw new Error(`Access denied: path '${path}' is outside allowed roots.`);
+    }
+  }
+
+  return {
+    ...baseHost,
+    setRoots(newRoots: string[]) {
+      roots = newRoots;
+    },
+    stat(path: string) {
+      checkPath(path);
+      return baseHost.stat(path);
+    },
+    existsSync(path: string) {
+      checkPath(path);
+      return baseHost.existsSync(path);
+    },
+    readFile(path: string, encoding: 'utf-8') {
+      checkPath(path);
+      return baseHost.readFile(path, encoding);
+    },
+    glob(pattern: string, options: { cwd: string }) {
+      checkPath(options.cwd);
+      return baseHost.glob(pattern, options);
+    },
+    runCommand(command: string, args: readonly string[], options: { cwd?: string } = {}) {
+      checkPath(options.cwd ?? process.cwd());
+      return baseHost.runCommand(command, args, options);
+    },
+    spawn(command: string, args: readonly string[], options: { cwd?: string } = {}) {
+      checkPath(options.cwd ?? process.cwd());
+      return baseHost.spawn(command, args, options);
+    },
+  };
+}

packages/angular/cli/src/commands/mcp/mcp-server.ts

@@ -7,11 +7,12 @@
  */
 
 import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
-import { join } from 'node:path';
+import { join, normalize } from 'node:path';
+import { fileURLToPath } from 'node:url';
 import type { AngularWorkspace } from '../../utilities/config';
 import { VERSION } from '../../utilities/version';
 import type { Devserver } from './devserver';
-import { LocalWorkspaceHost } from './host';
+import { LocalWorkspaceHost, createRootRestrictedHost } from './host';
 import { registerInstructionsResource } from './resources/instructions';
 import { AI_TUTOR_TOOL } from './tools/ai-tutor';
 import { BEST_PRACTICES_TOOL } from './tools/best-practices';
@@ -26,6 +27,7 @@ import { ZONELESS_MIGRATION_TOOL } from './tools/onpush-zoneless-migration/zonel
 import { LIST_PROJECTS_TOOL } from './tools/projects';
 import { TEST_TOOL } from './tools/test';
 import { type AnyMcpToolDeclaration, registerTools } from './tools/tool-registry';
+import { RootsListChangedNotificationSchema } from '@modelcontextprotocol/sdk/types';
 
 /**
  * Tools to manage devservers. Should be bundled together, then added to experimental or stable as a group.
@@ -124,14 +126,41 @@ equivalent actions.
     logger,
   });
 
+  const restrictedHost = createRootRestrictedHost(LocalWorkspaceHost);
+
+  server.server.oninitialized = async () => {
+    try {
+      const clientCapabilities = server.server.getClientCapabilities();
+      if (clientCapabilities?.roots) {
+        const { roots } = await server.server.listRoots();
+        const searchRoots = roots?.map((r) => normalize(fileURLToPath(r.uri))) ?? [];
+        restrictedHost.setRoots(searchRoots);
+
+        if (clientCapabilities.roots.listChanged) {
+          server.server.setNotificationHandler(RootsListChangedNotificationSchema, async () => {
+            try {
+              const { roots: updatedRoots } = await server.server.listRoots();
+              const updatedSearchRoots = updatedRoots?.map((r) => normalize(fileURLToPath(r.uri))) ?? [];
+              restrictedHost.setRoots(updatedSearchRoots);
+            } catch (e) {
+              logger.warn(`Failed to update roots on notification: ${e instanceof Error ? e.message : e}`);
+            }
+          });
+        }
+      }
+    } catch (e) {
+      logger.warn(`Failed to initialize roots on connection: ${e instanceof Error ? e.message : e}`);
+    }
+  };
+
   await registerTools(
     server,
     {
       workspace: options.workspace,
       logger,
       exampleDatabasePath: join(__dirname, '../../../lib/code-examples.db'),
       devservers: new Map<string, Devserver>(),
-      host: LocalWorkspaceHost,
+      host: restrictedHost,
     },
     toolDeclarations,
   );