Yeah, but MCP provides a convenient layer of indirection where I can sandbox my app, allowing only files within a given directory tree (i.e., project workspace) to be read from/written to using my tools. How do I accomplish this when allowing an agent to call my tools directly?