Stable fail-closed markers for remote MCP schema drift

[davidahmann]

Problem observed
Remote MCP workflows could keep using a previously loaded tool definition after the server had removed that tool or changed its schema, and the resulting failure surfaced as opaque transport text instead of a stable workflow-visible classification.

Why it matters operationally
Agent Framework promotes MCP as a durable extensibility boundary. In practice, MCP servers evolve independently from workflows, so missing-tool and schema-mismatch conditions are not edge cases. When those conditions collapse into untyped failures, workflow operators cannot separate product-contract breakage from transient transport noise, and retry behavior becomes guesswork.

Minimal repro

1. Load a remote MCP tool into a workflow.
2. Change the remote server so the tool disappears or tightens its input schema.
3. Invoke the previously loaded tool again.
4. Observe the prior behavior: Python retained stale tool definitions across reset and both runtimes surfaced generic MCP failure text.

Fix approach
Python now clears cached tools/prompts on reset, classifies missing-tool and schema-mismatch failures with stable markers, and attempts a refresh when one of those classified failures is hit. The .NET handler now applies the same classification logic for invocation failures so the workflow surface converges on the same fail-closed contract.

Validation evidence

• uv run --directory packages/core ruff format agent_framework/_mcp.py tests/core/test_mcp.py
• uv run --directory packages/core ruff check agent_framework/_mcp.py tests/core/test_mcp.py
• uv run --directory packages/core pytest tests/core/test_mcp.py -k 'classify_mcp_tool_failure or schema_drift or local_mcp_server_function_execution_error'
• .NET unit execution remains locally blocked by the repo’s pinned SDK 10.0.200

Maintainer question: would you prefer these stable MCP drift markers to remain message-level only, or should they eventually become first-class workflow error codes shared across Python and .NET?
Inspired by research context: CAISI publishes independent, reproducible AI agent governance research: https://caisi.dev