Run: 2026-05-08 (originally scheduled 2026-05-01; first eligible execution)

Status: baseline established — no prior month to diff against

Executive summary

First scheduled run of mcp-drift-audit. The drift-detection sections (schema breakers, removed, renamed, added) are intentionally empty — this run establishes the baseline against which future runs produce real drift signal.

Per-server snapshot

Server Transport Status Tool count Notes
callrail stdio ok 50 pipx install at ~/.local/bin/callrail-mcp
cloudflare-dns-analytics http auth-required OAuth bearer token required
cloudflare-docs http ok 2 Public, no-auth (search + migrate-pages-to-workers guide)
cloudflare-observability http auth-required OAuth bearer token required
cloudways http ok 61 API-key headers; healthy
google-ads stdio ok 3 FastMCP 3.2.3 — upgrade to 3.2.4 available
ringcentral stdio ok 48 Local build in sail-infrastructure/mcp-servers/
sentry http auth-required OAuth bearer token required

Routine impact

Server Dependent routines
callrail callrail-daily-summary
cloudways infra-daily-pulse
google-ads gads-leverage-weekly, google-ads-daily-negatives, google-ads-mcp
ringcentral ringcentral-call-quality

Auth-required servers (sentry, cloudflare-*) have zero** routines referencing them — leverage candidates Sam has not yet exploited.

Recommendations

  1. Upgrade google-ads MCP FastMCP 3.2.3 → 3.2.4 next maintenance window.
  2. Stand up OAuth-refresh path for sentry / cloudflare-dns-analytics / cloudflare-observability so future drift audits see the full tool surface.
  3. Stand up usage telemetry at Codex/mcp-drift-audit/usage/last30d.json so the idle-server flag becomes meaningful.
  4. Add a Cowork connectors drift companion task. Many MCP servers (Slack, Notion, Asana, Figma, Hubspot, Google Drive, Salesforce, Microsoft Teams, ElevenLabs, OpenAI, etc.) are injected by the Cowork runtime, not configured in ~/.claude.json — this audit can't see them.