Skip to content

Roots

The MCP roots feature enables clients to limit which resources a server can access. The wags middleware allows methods to be annotated with what resources must be enabled before a tool call be accessed.

Example

The required root for a function can be configured using the requires_root decorator:

Python
from wags.middleware import requires_root, RootsMiddleware

class GithubHandlers:
    @requires_root("https://github.com/{owner}/{repo}")
    async def create_issue(self, owner: str, repo: str...):
        pass

and the RootsMiddleware can be enabled in the wags proxy:

Python
handlers = GitHubHandlers()
mcp.add_middleware(RootsMiddleware(handlers=handlers))

Once enabled, agent can only create issues in repositories which the client provides in the roots.

API Documentation

Mark a method as requiring root validation.

Parameters:

Name Type Description Default
template str

URI template with placeholders, e.g. "https://github.com/{owner}/{repo}"

 required

Raises:

Type Description
NameError

If template variables are not function parameters
ValueError

If different template applied to already decorated function

Validates tool calls against client-configured roots.

Blocks decorated methods unless the resource URI starts with an allowed root prefix. Skips validation if client lacks roots capability.

Examples: - "https://github.com/myorg/" allows all repos in myorg - "https://github.com/myorg/specific-repo" allows only that repo