Context

PR #1745 added sanitization of MCP tool definitions at registration time in connect_all() and add_server(). However, MCP servers can push updated tool lists via the tools/list_changed notification. This path is not yet implemented in zeph-mcp, but when it is, it must call sanitize_tools() before storing refreshed tools.

Action Required

When implementing tools/list_changed notification handling in McpManager, ensure sanitize::sanitize_tools(&mut tools, &server_id) is called before storing/updating the tool registry. A code comment in manager.rs already marks this location.

Severity

Medium — affects future code, not current functionality.