You wired your AI agent to a dozen MCP tools — Slack, GitHub, Jira — tested it, shipped it, moved on. MCP (Model Context Protocol) is the universal plug standard for AI tools: think USB-C, but for connecting your AI to external services. You wrote your prompts, the agent called its tools, life was good.
Then one of those tools updated its schema — the contract that defines what parameters a tool accepts and what it returns — renamed a field from query to search_query, and your agent started silently failing on every third request. No error. No notification. The AI just hallucinated around the broken input like nothing happened. As developer Mike documented in a DEV Community case study on March 18: "The model's helpfulness is the amplifier that turns a minor integration bug into an invisible failure."
This isn't a hypothetical edge case. It's the default state of the entire ecosystem.
The scale of the unversioned mess
As of April 2026, MCP has hit 97 million monthly SDK downloads, with over 17,000 public servers and 300+ clients. That's 2,250% growth in seven months. And across all of it — zero versioning standard.
Every other dependency in your stack has version management. npm has lockfiles — files that pin exact dependency versions so nothing changes without your say-so. Docker has image digests. APIs have OpenAPI specs with deprecation notices. But MCP tool schemas? A server author can rename parameters, change return types, or drop endpoints at any time with zero ecosystem signal. No semver (the "1.2.3" numbering system that tells you if a change will break your code). No lockfile. No changelog.
The only proposal to fix this — SEP-1575 on GitHub, which would add a version field to tool definitions — has been stuck in draft since September 2025. Server-level vs. tool-level versioning? Still debating. Eighteen months after MCP launched.
Meanwhile, according to KushoAI research, 41% of APIs experience undocumented schema changes within 30 days. Now apply that to 17,000 MCP servers.
Model drift got headlines. Tool drift doesn't even register.
On April 16, Anthropic swapped the floating opus model alias to resolve to Claude Opus 4.7 — meaning every tool using that alias silently got a different model with a tokenizer that can increase per-token costs up to 35%. That made headlines. People noticed because models are visible.
Tool schemas? Nobody monitors those. No platform tracks changes across 17,000 servers. Your agent breaks, you blame your prompt, you blame the model, you spend three days debugging — and the actual cause was a renamed parameter in a tool you haven't touched in weeks.
AWS takes the first swing
On April 17, AWS launched Agent Registry in preview as part of Amazon Bedrock AgentCore. It's a centralized catalog for AI agents, tools, and MCP servers with — finally — version tracking. Records follow a draft → pending approval → discoverable lifecycle. Any update resets status to draft, forcing re-review.
It's the first major cloud provider shipping anything resembling version awareness for MCP tools. Justin Bundick, VP of AI at Southwest Airlines, called it a solution to "the critical discoverability challenge."
But here's the gap: it's a catalog, not a lockfile. It tracks that versions exist — it doesn't prevent breaking changes from reaching your agent. You still can't pin a tool to a specific schema snapshot the way you'd pin [email protected] in package.json. And Google's ADK 1.0 — which shipped stable MCP support on March 30 — doesn't even mention tool versioning in its docs.
What you can actually do today
If your agent broke this week and you can't find the bug in your prompt or your model, check whether a tool changed its schema. You have no automated way to know — but at least now you know where to look.
The practical options are ugly: fork and self-host your MCP servers (defeats the point), build a proxy layer that snapshots schemas (complexity nobody budgets for), or use community tools like mcpdiff to manually diff tool definitions between runs. None of these scale. All of them are duct tape.
The agent stack now has two unversioned shadow dependencies — models and tools. Anthropic at least lets you pin model versions with full identifiers like claude-opus-4-7. Tool schemas have no equivalent. The first platform to ship real breaking-change detection — not a catalog, but an actual lockfile with CI integration — captures the package-manager layer of the agent era.
Until then, you're deploying production agents on top of dependencies that can change under your feet at any moment, with no notification, no diff, and no rollback. npm without a lockfile. In 2026. For production AI.
Sleep well.
