From 1eeed3104025e5ad3f807bcb15ce9bc714b74f33 Mon Sep 17 00:00:00 2001
From: Ed_ <edwardgz@gmail.com>
Date: Mon, 2 Mar 2026 12:26:07 -0500
Subject: [PATCH] conductor(track): Initialize
 'architecture_boundary_hardening' track

---
 TASKS.md                                      | 12 ++++++++
 .../index.md                                  |  5 ++++
 .../metadata.json                             |  8 +++++
 .../plan.md                                   | 23 ++++++++++++++
 .../spec.md                                   | 30 +++++++++++++++++++
 5 files changed, 78 insertions(+)
 create mode 100644 conductor/tracks/architecture_boundary_hardening_20260302/index.md
 create mode 100644 conductor/tracks/architecture_boundary_hardening_20260302/metadata.json
 create mode 100644 conductor/tracks/architecture_boundary_hardening_20260302/plan.md
 create mode 100644 conductor/tracks/architecture_boundary_hardening_20260302/spec.md

diff --git a/TASKS.md b/TASKS.md
index b00684f..54cbc86 100644
--- a/TASKS.md
+++ b/TASKS.md
@@ -52,3 +52,15 @@
 
 **Scope:** Phase 1 (Update MMA Skill prompts) → Phase 2 (Update `workflow.md`).
 
+### `architecture_boundary_hardening_20260302` (initialized)
+**Priority:** High
+**Depends on:** None
+**Track dir:** `conductor/tracks/architecture_boundary_hardening_20260302/`
+
+**Audit-confirmed gaps:**
+- `ai_client.py` loops execute `set_file_slice` and `py_update_definition` instantly without checking `pre_tool_callback`, bypassing GUI approval.
+- `mma_exec.py` bypasses skeletonization for `mcp_client`, causing token bloat.
+- `dag_engine.py` does not cascade `blocked` states, causing orchestrator infinite loops.
+
+**Scope:** Phase 1 (Meta-tooling token fix) → Phase 2 (Seal GUI HITL bypass) → Phase 3 (Fix DAG Engine cascading blocks).
+
diff --git a/conductor/tracks/architecture_boundary_hardening_20260302/index.md b/conductor/tracks/architecture_boundary_hardening_20260302/index.md
new file mode 100644
index 0000000..c2dd1f2
--- /dev/null
+++ b/conductor/tracks/architecture_boundary_hardening_20260302/index.md
@@ -0,0 +1,5 @@
+# Track architecture_boundary_hardening_20260302 Context
+
+- [Specification](./spec.md)
+- [Implementation Plan](./plan.md)
+- [Metadata](./metadata.json)
\ No newline at end of file
diff --git a/conductor/tracks/architecture_boundary_hardening_20260302/metadata.json b/conductor/tracks/architecture_boundary_hardening_20260302/metadata.json
new file mode 100644
index 0000000..af92727
--- /dev/null
+++ b/conductor/tracks/architecture_boundary_hardening_20260302/metadata.json
@@ -0,0 +1,8 @@
+{
+  "track_id": "architecture_boundary_hardening_20260302",
+  "type": "fix",
+  "status": "new",
+  "created_at": "2026-03-02T00:00:00Z",
+  "updated_at": "2026-03-02T00:00:00Z",
+  "description": "Fix boundary leak where the native MCP file mutation tools bypass the manual_slop GUI approval dialog, and patch token leaks in the meta-tooling scripts."
+}
\ No newline at end of file
diff --git a/conductor/tracks/architecture_boundary_hardening_20260302/plan.md b/conductor/tracks/architecture_boundary_hardening_20260302/plan.md
new file mode 100644
index 0000000..699bb81
--- /dev/null
+++ b/conductor/tracks/architecture_boundary_hardening_20260302/plan.md
@@ -0,0 +1,23 @@
+# Implementation Plan: Architecture Boundary Hardening
+
+Architecture reference: [docs/guide_architecture.md](../../../docs/guide_architecture.md)
+
+---
+
+## Phase 1: Patch Context Amnesia Leak (Meta-Tooling)
+Focus: Stop `mma_exec.py` from injecting massive full-text dependencies.
+
+- [ ] Task 1.1: In `scripts/mma_exec.py`, completely remove the `UNFETTERED_MODULES` constant and its associated `if dep in UNFETTERED_MODULES:` check. Ensure all imported local dependencies strictly use `generate_skeleton()`.
+
+## Phase 2: Seal the HITL Bypass (Application Core)
+Focus: Ensure native MCP mutating tools cannot execute without user approval in the `manual_slop` application.
+
+- [ ] Task 2.1: In `mcp_client.py`, define a new constant set `MUTATING_TOOLS = {"set_file_slice", "py_update_definition", "py_set_signature", "py_set_var_declaration"}`. (Note: `write_file` is not currently in the tool list, but add it if it is).
+- [ ] Task 2.2: In `ai_client.py`'s provider loops (`_send_gemini`, `_send_gemini_cli`, `_send_anthropic`, `_send_deepseek`), update the tool execution logic. If `name in mcp_client.MUTATING_TOOLS`, it MUST trigger the `pre_tool_callback` (or a variation of it) to ask for user approval before calling `mcp_client.dispatch`.
+- [ ] Task 2.3: In `gui_2.py`, ensure the UI rendering for the pending tool approval handles the AST mutations gracefully (e.g. showing the `new_content` payload instead of a PowerShell script).
+
+## Phase 3: DAG Engine Cascading Blocks (Application Core)
+Focus: Prevent infinite deadlocks when Tier 3 workers fail repeatedly.
+
+- [ ] Task 3.1: In `dag_engine.py`, add a `cascade_blocks()` method to `TrackDAG`. This method should iterate through all `todo` tickets and if any of their dependencies are `blocked`, mark the ticket itself as `blocked`.
+- [ ] Task 3.2: In `multi_agent_conductor.py`, update `ConductorEngine.run()`. Before calling `self.engine.tick()`, call `self.track_dag.cascade_blocks()` (or equivalent) so that blocked states propagate cleanly, allowing the `all_done` or block detection logic to exit the while loop correctly.
\ No newline at end of file
diff --git a/conductor/tracks/architecture_boundary_hardening_20260302/spec.md b/conductor/tracks/architecture_boundary_hardening_20260302/spec.md
new file mode 100644
index 0000000..1b49f59
--- /dev/null
+++ b/conductor/tracks/architecture_boundary_hardening_20260302/spec.md
@@ -0,0 +1,30 @@
+# Track Specification: Architecture Boundary Hardening
+
+## Overview
+The `manual_slop` project serves dual roles: it is an end-user GUI application built around Human-In-The-Loop (HITL) AI orchestration, and it is the sandbox for the AI meta-tooling (`mma_exec.py`, `tool_call.py`) being used to develop it. 
+Because `mcp_client.py` is shared between both environments to provide robust code investigation tools, a critical HITL bypass has emerged. Additionally, the meta-tooling scripts are bleeding tokens.
+
+## Current State Audit
+
+1. **HITL Bypass in `manual_slop` Application**:
+   - Location: `ai_client.py` inside `_send_gemini`, `_send_gemini_cli`, `_send_anthropic`, and `_send_deepseek`.
+   - Issue: The `pre_tool_callback` is explicitly only checked if `name == TOOL_NAME` (which is `run_powershell`).
+   - If an AI agent running inside the GUI calls `set_file_slice` or `py_update_definition`, the code falls through to `elif name in mcp_client.TOOL_NAMES:` and dispatches it immediately, silently mutating the user's codebase without approval. 
+   - *Requirement*: The application strictly requires step-by-step deterministic user approval for *any* filesystem modification, whether by script or direct AST manipulation.
+
+2. **Token Firewall Leak in Meta-Tooling (`mma_exec.py`)**:
+   - Location: `scripts/mma_exec.py:101`.
+   - Issue: `UNFETTERED_MODULES` hardcodes `['mcp_client', 'project_manager', 'events', 'aggregate']`. If a worker targets a file that imports `mcp_client`, the script injects the full `mcp_client.py` (~450 lines) into the context instead of its skeleton, blowing out the token budget and destroying Context Amnesia.
+
+3. **DAG Engine Blocking Stalls (`dag_engine.py`)**:
+   - Location: `dag_engine.py` -> `get_ready_tasks()`
+   - Issue: `get_ready_tasks` requires all dependencies to be explicitly `completed`. If a task is marked `blocked` (e.g. after max retries in the ConductorEngine), its dependents stay `todo` forever. The `ConductorEngine.run()` loop has no logic to handle this cleanly, causing an infinite stall.
+
+## Desired State
+- Any mutating tool from `mcp_client.py` (`set_file_slice`, `py_update_definition`, `py_set_signature`, `py_set_var_declaration`, `write_file`) must trigger a user approval dialogue, just like `run_powershell`.
+- The `UNFETTERED_MODULES` list must be completely removed from `mma_exec.py` so all dependencies are reliably skeletonized.
+- The `dag_engine.py` must cascade `blocked` status to downstream tasks so the track halts cleanly instead of deadlocking.
+
+## Technical Constraints
+- The UI modal must be updated or a new `pre_mutation_callback` must be introduced to handle showing the proposed AST edit vs the proposed script.
+- Keep the boundary clear: changes in `ai_client.py` affect the user's `manual_slop` application experience. Changes in `mma_exec.py` affect *our* meta-tooling environment.
\ No newline at end of file