// MCP TOOL REFERENCE

restart_lsp_server

ServerLSP MCP Server
CategoryExecute

WHAT RESTART_LSP_SERVER ON LSP MCP SERVER DOES

AI agents invoke restart_lsp_server to trigger actions in LSP MCP Server. What it does depends on the arguments the agent supplies, and its effects often reach beyond the immediate call — builds kicked off, notifications sent, workflows started.

THE RISK

High Risk

This tool executes a process restart operation that can trigger external side effects (reinitializing with different root directories, applying configuration changes). While it doesn't irreversibly destroy data (not Destructive) or persistently modify data (not Write), it actively initiates and controls a running process, making it Execute-category.

From the tool's definition Tool restarts an external process (LSP server) with capability to "reinitialize with a new root directory," which constitutes triggering an external operation whose effects depend on arguments and system state.

Risk signalsAdmin/system-level operation

Documented attack patterns abuse exactly the kind of access restart_lsp_server gives an agent:

HOW TO CONTROL RESTART_LSP_SERVER

PolicyLayer is an MCP gateway — it sits between your AI agents and LSP MCP Server, and nothing reaches the server without passing your rules. This is the rule we recommend for restart_lsp_server:

policy.json

{
  "version": "1",
  "default": "deny",
  "tools": {
    "restart_lsp_server": {
      "limits": [
        {
          "counter": "restart_lsp_server_rate",
          "window": "minute",
          "max": 10,
          "scope": "grant"
        }
      ]
    }
  }
}

restart_lsp_server stays usable, but rate-capped — a runaway agent can't fire it dozens of times a minute. Everything else on the server is denied unless you say otherwise.

Create a free account and register LSP MCP Server — nothing to install.
Add this policy — paste it, or build it visually.
Point your MCP client (Claude, Cursor, anything) at your gateway URL.

RATE-LIMIT THIS TOOL →

Free to start. No card required.

EXPLORE

More LSP MCP Server tools

Execute start_lsp Start the LSP server with a specified root directory. IMPORTANT: This tool must be called Write close_document Close a file in the LSP server. Use this tool when you Write set_log_level Set the server logging level. Use this tool to control the verbosity of logs generated by Read get_code_actions Get code actions for a specific range in a file. Use this tool to obtain available refacto Read get_completions Get completion suggestions at a specific location in a file. Use this tool to retrieve cod Read get_diagnostics Get diagnostic messages (errors, warnings) for files. Use this tool to identify problems i Read get_info_on_location Get information on a specific location in a file via LSP hover. Use this tool to retrieve Read open_document Open a file in the LSP server for analysis. Use this tool before performing operations lik

All 9 LSP MCP Server tools →

Execute tools on other servers

Frida Game Hacking MCP remove_breakpoint Procmon request_elevation WireMCP capture_packets Pentest Ai run_probe

Go deeper

High-risk tools in LSP MCP Server → Every high-risk tool this server exposes, in one view.
All high-risk MCP tools → Every high-risk tool across the catalogue, and the policy pattern that contains them.
The MCP Attack Database → Documented attack patterns against MCP deployments — and the policies that stop them.
Rate Limiting MCP Tool Calls: A Practical Guide →
MCP Security: Why Prompt Guardrails Aren't Enough →

FAQ

What does the restart_lsp_server tool do? +

Restart the LSP server process. Use this tool to reset the LSP server if it becomes unresponsive, has stale data, or when you need to apply configuration changes. Can optionally reinitialize with a new root directory. Useful for troubleshooting language server issues or when switching projects. It is categorised as a Execute tool in the LSP MCP Server MCP Server, which means it can trigger actions or run processes. Use rate limits and argument validation.

How do I enforce a policy on restart_lsp_server? +

Register the LSP MCP Server MCP server in PolicyLayer and add a rule for restart_lsp_server: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches LSP MCP Server. Nothing to install.

What risk level is restart_lsp_server? +

restart_lsp_server is a Execute tool with high risk. Execute tools should be rate-limited and have argument validation enabled.

Can I rate-limit restart_lsp_server? +

Yes. Add a rate_limit block to the restart_lsp_server rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.

How do I block restart_lsp_server completely? +

Set action: deny in the PolicyLayer policy for restart_lsp_server. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.

What MCP server provides restart_lsp_server? +

restart_lsp_server is provided by the LSP MCP Server MCP server (tritlo/lsp-mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.

Enforce policy on every LSP MCP Server tool call.

Deterministic rules across all 9 LSP MCP Server tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

GOVERN LSP →

Free to start. No card required.

9 LSP MCP Server tools catalogued and risk-classified — across an index of 42,500+ MCP servers.

restart_lsp_server

// WHAT RESTART_LSP_SERVER ON LSP MCP SERVER DOES

// THE RISK

// HOW TO CONTROL RESTART_LSP_SERVER

// EXPLORE