chore(conductor): Archive track 'architecture_boundary_hardening_20260302'

conductor/archive/architecture_boundary_hardening_20260302/index.md

@@ -0,0 +1,5 @@
+# Track architecture_boundary_hardening_20260302 Context
+
+- [Specification](./spec.md)
+- [Implementation Plan](./plan.md)
+- [Metadata](./metadata.json)

conductor/archive/architecture_boundary_hardening_20260302/metadata.json

@@ -0,0 +1,8 @@
+{
+  "track_id": "architecture_boundary_hardening_20260302",
+  "type": "fix",
+  "status": "new",
+  "created_at": "2026-03-02T00:00:00Z",
+  "updated_at": "2026-03-02T00:00:00Z",
+  "description": "Fix boundary leak where the native MCP file mutation tools bypass the manual_slop GUI approval dialog, and patch token leaks in the meta-tooling scripts."
+}

conductor/archive/architecture_boundary_hardening_20260302/plan.md

@@ -0,0 +1,25 @@
+# Implementation Plan: Architecture Boundary Hardening
+
+Architecture reference: [docs/guide_architecture.md](../../../docs/guide_architecture.md)
+
+---
+
+## Phase 1: Patch Context Amnesia Leak & Portability (Meta-Tooling) [checkpoint: 15536d7]
+Focus: Stop `mma_exec.py` from injecting massive full-text dependencies and remove hardcoded external paths.
+
+- [x] Task 1.1: In `scripts/mma_exec.py`, completely remove the `UNFETTERED_MODULES` constant and its associated `if dep in UNFETTERED_MODULES:` check. Ensure all imported local dependencies strictly use `generate_skeleton()`. 6875459
+- [x] Task 1.2: In `scripts/mma_exec.py` and `scripts/claude_mma_exec.py`, remove the hardcoded reference to `C:\projects\misc\setup_*.ps1`. Rely on the active environment's PATH to resolve `gemini` and `claude`, or provide an `.env` configurable override. b30f040
+
+## Phase 2: Complete MCP Tool Integration & Seal HITL Bypass (Application Core) [checkpoint: 1a65b11]
+Focus: Expose all native MCP tools in the config and GUI, and ensure mutating tools trigger user approval.
+
+- [x] Task 2.1: Update `manual_slop.toml` and `project_manager.py`'s `default_project()` to include all new tools (e.g., `set_file_slice`, `py_update_definition`, `py_set_signature`) under `[agent.tools]`. e4ccb06
+- [x] Task 2.2: Update `gui_2.py`'s settings/config panels to expose toggles for these new tools. 4b7338a
+- [x] Task 2.3: In `mcp_client.py`, define a `MUTATING_TOOLS` constant set. 1f92629
+- [x] Task 2.4: In `ai_client.py`'s provider loops (`_send_gemini`, `_send_gemini_cli`, `_send_anthropic`, `_send_deepseek`), update the tool execution logic: if `name in mcp_client.MUTATING_TOOLS`, it MUST trigger a GUI approval mechanism (like `pre_tool_callback`) before dispatching the tool. e5e35f7
+
+## Phase 3: DAG Engine Cascading Blocks (Application Core) [checkpoint: 80d79fe]
+Focus: Prevent infinite deadlocks when Tier 3 workers fail repeatedly.
+
+- [x] Task 3.1: In `dag_engine.py`, add a `cascade_blocks()` method to `TrackDAG`. This method should iterate through all `todo` tickets and if any of their dependencies are `blocked`, mark the ticket itself as `blocked`. 5b8a073
+- [x] Task 3.2: In `multi_agent_conductor.py`, update `ConductorEngine.run()`. Before calling `self.engine.tick()`, call `self.track_dag.cascade_blocks()` (or equivalent) so that blocked states propagate cleanly, allowing the `all_done` or block detection logic to exit the while loop correctly. 5b8a073

conductor/archive/architecture_boundary_hardening_20260302/spec.md

@@ -0,0 +1,28 @@
+# Track Specification: Architecture Boundary Hardening
+
+## Overview
+The `manual_slop` project sandbox provides AI meta-tooling (`mma_exec.py`, `tool_call.py`) to orchestrate its own development. When AI agents added advanced AST tools (like `set_file_slice`) to `mcp_client.py` for meta-tooling, they failed to fully integrate them into the application's GUI, config, or HITL (Human-In-The-Loop) safety models. Additionally, meta-tooling scripts are bleeding tokens and rely on non-portable hardcoded machine paths, while the internal application's state machine can deadlock.
+
+## Current State Audit
+
+1. **Incomplete MCP Tool Integration & HITL Bypass (`ai_client.py`, `gui_2.py`)**:
+   - Issue: New tools in `mcp_client.py` (e.g., `set_file_slice`, `py_update_definition`) are not exposed in the GUI or `manual_slop.toml` config `[agent.tools]`. If they were enabled, `ai_client.py` would execute them instantly without checking `pre_tool_callback`, bypassing GUI approval.
+   - *Requirement*: Expose all `mcp_client.py` tools as toggles in the GUI/Config. Ensure any mutating tool triggers a GUI approval modal before execution.
+
+2. **Token Firewall Leak in Meta-Tooling (`mma_exec.py`)**:
+   - Location: `scripts/mma_exec.py:101`.
+   - Issue: `UNFETTERED_MODULES` hardcodes `['mcp_client', 'project_manager', 'events', 'aggregate']`. If a worker targets a file that imports `mcp_client`, the script injects the full `mcp_client.py` (~450 lines) into the context instead of its skeleton, blowing out the token budget.
+
+3. **Portability Leak in Meta-Tooling Scripts**:
+   - Location: `scripts/mma_exec.py` and `scripts/claude_mma_exec.py`.
+   - Issue: Both scripts hardcode absolute external paths (`C:\projects\misc\setup_gemini.ps1` and `setup_claude.ps1`) to initialize the subprocess environment. This breaks repository portability.
+
+4. **DAG Engine Blocking Stalls (`dag_engine.py`)**:
+   - Location: `dag_engine.py` -> `get_ready_tasks()`
+   - Issue: `get_ready_tasks` requires all dependencies to be explicitly `completed`. If a task is marked `blocked`, its dependents stay `todo` forever, causing an infinite stall.
+
+## Desired State
+- All tools in `mcp_client.py` are configurable in `manual_slop.toml` and `gui_2.py`. Mutating tools must route through the GUI approval callback.
+- The `UNFETTERED_MODULES` list must be completely removed from `mma_exec.py`.
+- Meta-tooling scripts rely on standard PATH or local relative config files, not hardcoded absolute external paths.
+- The `dag_engine.py` must cascade `blocked` status to downstream tasks so the track halts cleanly.