Problem

PR #2310 added three MCPShield components but none are wired into the agent bootstrap or MCP manager construction:

• DefaultMcpProber — McpManager::with_prober() exists but is never called in crates/zeph-core/src/bootstrap/mcp.rs; Phase 1 injection scan on connect never runs.
• TrustScoreStore — McpManager::with_trust_store() exists but is never called in bootstrap; trust scores are never persisted or applied to tool filtering.
• EmbeddingAnomalyGuard — [security.content_isolation.embedding_guard] enabled = true config parses cleanly but has no operational effect; the guard is never attached to McpToolExecutor or the manager.

Observed

Startup with [security.content_isolation.embedding_guard] enabled = true and [mcp.trust_calibration] config: no log lines related to prober probing, trust score loading, or embedding guard initialization. Config silently ignored.

Tool attestation (expected_tools) IS wired and works correctly — only the three above components are missing.

Expected

• On MCP server connect: prober scans resource/prompt descriptions for injection patterns (Phase 1)
• Trust scores loaded from SQLite and applied to server trust level at connect time (Phase 3)
• EmbeddingAnomalyGuard spawned per MCP server when embedding_guard.enabled = true; background cosine-distance checks run on tool outputs

Priority

P2 — features were merged as complete but do not activate. The config keys are user-visible and silently ignored.

Discovered in CI-243 (2026-03-28).