cloudflare/mcp-server-cloudflare

[email protected] scope: workers-observability Breaking

This release includes 3 breaking changes for platform teams planning a safe upgrade.

Published 1d MCP Developer Tools

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Affected surfaces

auth

ReleasePort's take

Light signal

editorial:auto 1d

The release removes the `accounts_list` and `set_active_account` tools. It also upgrades several core dependencies, including a major bump of zod from version 3 to version 4.

Why it matters: Removal of `accounts_list` and `set_active_account` breaks any code relying on those APIs; the upgrade of zod (v3 → v4) introduces breaking changes that require immediate review for affected projects.

Summary

AI summary

Updates Patch Changes, Minor Changes, and f625075 across a mixed release.

Changes in this release

Type	Severity	Summary	CVE
Breaking	High	Removes `accounts_list` and `set_active_account` tools. Removes `accounts_list` and `set_active_account` tools. Source: llm_adapter@2026-06-02 Confidence: high	—
Feature
Feature	Low	Introduces `AccountManager` for automatic Cloudflare account resolution. Introduces `AccountManager` for automatic Cloudflare account resolution. Source: granite4.1:30b@2026-06-02-audit Confidence: low	—
Feature	Low	Adds `server.accountTool()` registration to resolve accounts via priority order. Adds `server.accountTool()` registration to resolve accounts via priority order. Source: granite4.1:30b@2026-06-02-audit Confidence: low	—
Feature	Low	Supports auth-pinned account selection from API or OAuth tokens. Supports auth-pinned account selection from API or OAuth tokens. Source: granite4.1:30b@2026-06-02-audit Confidence: low	—
Feature	Low	Allows explicit account selection using `cf-account-id` request header for multi-account tokens. Allows explicit account selection using `cf-account-id` request header for multi-account tokens. Source: granite4.1:30b@2026-06-02-audit Confidence: low	—
Feature	Low	Provides optional `account_id` parameter on multi-account tools, with error listing available accounts when omitted. Provides optional `account_id` parameter on multi-account tools, with error listing available accounts when omitted. Source: granite4.1:30b@2026-06-02-audit Confidence: low	—
Dependency	Low	Upgrades `@cloudflare/workers-oauth-provider` from 0.4.0 to 0.7.0. Upgrades `@cloudflare/workers-oauth-provider` from 0.4.0 to 0.7.0. Source: llm_adapter@2026-06-02 Confidence: high	—
Dependency	Low	Upgrades core dependencies: `agents` 0.2.19 → 0.13.3, `@modelcontextprotocol/sdk` 1.20.2 → 1.29.0, `zod` 3 → 4, and `ai` 4 → 6. Upgrades core dependencies: `agents` 0.2.19 → 0.13.3, `@modelcontextprotocol/sdk` 1.20.2 → 1.29.0, `zod` 3 → 4, and `ai` 4 → 6. Source: llm_adapter@2026-06-02 Confidence: high	—
Bugfix	Low	Flattens tool `annotations` hints in MCP SDK 1.29 to prevent ignored nested hints. Flattens tool `annotations` hints in MCP SDK 1.29 to prevent ignored nested hints. Source: granite4.1:30b@2026-06-02-audit Confidence: low	—
Refactor
Refactor	Low	Standardizes tool error responses to set `isError: true`. Standardizes tool error responses to set `isError: true`. Source: granite4.1:30b@2026-06-02-audit Confidence: low	—
Refactor	Low	Adapts code for `zod` 4 changes: explicit key schema in `z.record`, replaces `z.string().ip()` with `z.ipv4()/z.ipv6()`, removes `objectOutputType`. Adapts code for `zod` 4 changes: explicit key schema in `z.record`, replaces `z.string().ip()` with `z.ipv4()/z.ipv6()`, removes `objectOutputType`. Source: granite4.1:30b@2026-06-02-audit Confidence: low	—
Refactor	Low	Constrains `McpAgent` env generic to `Cloudflare.Env` in `agents` 0.13. Constrains `McpAgent` env generic to `Cloudflare.Env` in `agents` 0.13. Source: granite4.1:30b@2026-06-02-audit Confidence: low	—
Refactor	Low	Updates eval tooling in `ai` 6 with `LanguageModel`, `inputSchema`, `stopWhen`, `stepCountIs`, and structured `tool-call` input. Updates eval tooling in `ai` 6 with `LanguageModel`, `inputSchema`, `stopWhen`, `stepCountIs`, and structured `tool-call` input. Source: granite4.1:30b@2026-06-02-audit Confidence: low	—

Full changelog

Minor Changes

f625075: Centralize Cloudflare account resolution and remove the account-management tools.

The accounts_list and set_active_account tools are removed. Account scoping is now
resolved automatically by an AccountManager (via the new server.accountTool()
registration), in priority order:
1. Auth-pinned account — an account-scoped API token's account, or an OAuth token with a
  single account, is used automatically (no account_id parameter is exposed).
2. cf-account-id request header — for tokens that can access multiple accounts, set this
  header in your MCP client config to pick an account.
3. account_id tool argument — for multi-account tokens, account-scoped tools expose an
  optional account_id parameter; when omitted (and no header is set) the tool returns an
  error listing the accounts you can use. Multi-account credentials also list their accounts
  in the server's initialize instructions.
All tool error responses now set isError: true so clients can distinguish failures.

Patch Changes

a358e69: Upgrade @cloudflare/workers-oauth-provider 0.4.0 → 0.7.0.

No tool or behavior changes. The only API change affecting this repo is that
TokenExchangeCallbackOptions now carries a required grantId field, which only
touched a test fixture (the provider supplies it at runtime).
f625075: Upgrade core dependencies: agents 0.2.19 → 0.13.3, @modelcontextprotocol/sdk 1.20.2 →
1.29.0, zod 3 → 4, and ai 4 → 6.

No user-facing tool or behavior changes. Internal adjustments for the new versions:
- zod 4: z.record(...) now takes an explicit key schema; z.string().ip() replaced with
  z.ipv4()/z.ipv6() validation; dropped the removed objectOutputType helper.
- agents 0.13: McpAgent env generic is constrained to Cloudflare.Env.
- MCP SDK 1.29: tool annotations hints must be flat ({ title, readOnlyHint, ... }) — fixes a
  latent bug where nested hints were silently ignored.
- ai 6: eval tooling updated (LanguageModel, inputSchema, stopWhen/stepCountIs, tool-call input).

Breaking Changes

Removed `accounts_list` and `set_active_account` tools; account scoping now resolved automatically by `AccountManager` via `server.accountTool()` registration.
Minimum version bump: `@cloudflare/workers-oauth-provider` upgraded to 0.7.0 (requires `TokenExchangeCallbackOptions` to include required `grantId`).
Dependency upgrades with breaking changes: `zod` 3 → 4 (changes to record schema and validation helpers), `agents` 0.2.19 → 0.13.3 (constrains `McpAgent` env generic to `Cloudflare.Env`), `@modelcontextprotocol/sdk` 1.20.2 → 1.29.0 (requires flat `annotations` hints), `ai` 4 → 6 (updates eval tooling).

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track cloudflare/mcp-server-cloudflare

Get notified when new releases ship.

About cloudflare/mcp-server-cloudflare

Integration with Cloudflare services including Workers, KV, R2, and D1

All releases →

Related context

Related tools

Earlier breaking changes

[email protected] Adds delete-class migration for UserDetails Durable Object in graphql server.
[email protected] Removes `accounts_list` and `set_active_account` tools.
[email protected] Removes `accounts_list` and `set_active_account` tools.
[email protected] Removes `accounts_list` and `set_active_account` tools.
[email protected] Removes `accounts_list` and `set_active_account` tools.