// MCP TOOL REFERENCE
High Risk →

start_lsp

Start the LSP server with a specified root directory. IMPORTANT: This tool must be called before using any other LSP functionality. The root directory should point to the project

How to control start_lsp ↓

WHAT START_LSP ON LSP MCP SERVER DOES

AI agents invoke start_lsp to trigger actions in LSP MCP Server. What it does depends on the arguments the agent supplies, and its effects often reach beyond the immediate call — builds kicked off, notifications sent, workflows started.

THE RISK

High Risk

Starting a Language Server Protocol server is an operational execution that initiates a background service and affects the runtime environment. While not destructive or financial, it modifies the execution state and enables downstream operations. This qualifies as Execute rather than Write because it activates a service whose effects depend on subsequent argument-driven actions (the root directory parameter).

From the tool's definition Tool description states 'Start the LSP server' and 'must be called before using any other LSP functionality', indicating it triggers an external service startup operation.

Risk signalsAdmin/system-level operation

Documented attack patterns abuse exactly the kind of access start_lsp gives an agent:

HOW TO CONTROL START_LSP

PolicyLayer is an MCP gateway — it sits between your AI agents and LSP MCP Server, and nothing reaches the server without passing your rules. This is the rule we recommend for start_lsp:

policy.json 
{
  "version": "1",
  "default": "deny",
  "tools": {
    "start_lsp": {
      "limits": [
        {
          "counter": "start_lsp_rate",
          "window": "minute",
          "max": 10,
          "scope": "grant"
        }
      ]
    }
  }
}

start_lsp stays usable, but rate-capped — a runaway agent can't fire it dozens of times a minute. Everything else on the server is denied unless you say otherwise.

  1. Create a free account and register LSP MCP Server — nothing to install.
  2. Add this policy — paste it, or build it visually.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
RATE-LIMIT THIS TOOL →

Free to start. No card required.

EXPLORE

More LSP MCP Server tools

Execute restart_lsp_server Restart the LSP server process. Use this tool to reset the LSP server if it becomes unresp Write close_document Close a file in the LSP server. Use this tool when you Write set_log_level Set the server logging level. Use this tool to control the verbosity of logs generated by Read get_code_actions Get code actions for a specific range in a file. Use this tool to obtain available refacto Read get_completions Get completion suggestions at a specific location in a file. Use this tool to retrieve cod Read get_diagnostics Get diagnostic messages (errors, warnings) for files. Use this tool to identify problems i Read get_info_on_location Get information on a specific location in a file via LSP hover. Use this tool to retrieve Read open_document Open a file in the LSP server for analysis. Use this tool before performing operations lik

All 9 LSP MCP Server tools →

Execute tools on other servers

Frida Game Hacking MCP remove_breakpoint Procmon request_elevation WireMCP capture_packets Pentest Ai run_probe

Go deeper

FAQ

What does the start_lsp tool do? +

Start the LSP server with a specified root directory. IMPORTANT: This tool must be called before using any other LSP functionality. The root directory should point to the project. It is categorised as a Execute tool in the LSP MCP Server MCP Server, which means it can trigger actions or run processes. Use rate limits and argument validation.

How do I enforce a policy on start_lsp? +

Register the LSP MCP Server MCP server in PolicyLayer and add a rule for start_lsp: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches LSP MCP Server. Nothing to install.

What risk level is start_lsp? +

start_lsp is a Execute tool with high risk. Execute tools should be rate-limited and have argument validation enabled.

Can I rate-limit start_lsp? +

Yes. Add a rate_limit block to the start_lsp rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.

How do I block start_lsp completely? +

Set action: deny in the PolicyLayer policy for start_lsp. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.

What MCP server provides start_lsp? +

start_lsp is provided by the LSP MCP Server MCP server (tritlo/lsp-mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.

Enforce policy on every LSP MCP Server tool call.

Deterministic rules across all 9 LSP MCP Server tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

GOVERN LSP →

Free to start. No card required.

9 LSP MCP Server tools catalogued and risk-classified — across an index of 42,500+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.