Does the MCP SDK automatically enforce root restrictions?

No, the MCP SDK does not automatically enforce root restrictions. You need to implement this yourself in your server code. A typical pattern is to create a helper function like is_path_allowed that takes a requested file path, retrieves the list of approved roots from the client, checks whether the requested path falls within one of those roots, and returns true or false. You then call this validation function in every tool that accesses files or directories before performing the actual file operation. The enforcement is a convention, not a built-in security layer.