conductor(track): Expand scope of architecture track to fully integrate MCP tools

TASKS.md

@@ -59,10 +59,11 @@
 
 **Audit-confirmed gaps:**
 - `ai_client.py` loops execute `set_file_slice` and `py_update_definition` instantly without checking `pre_tool_callback`, bypassing GUI approval.
+- New `mcp_client.py` tools are not exposed in the GUI or `manual_slop.toml` config for user control.
 - `mma_exec.py` bypasses skeletonization for `mcp_client`, causing token bloat.
 - `dag_engine.py` does not cascade `blocked` states, causing orchestrator infinite loops.
 
-**Scope:** Phase 1 (Meta-tooling token fix) → Phase 2 (Seal GUI HITL bypass) → Phase 3 (Fix DAG Engine cascading blocks).
+**Scope:** Phase 1 (Meta-tooling token fix) → Phase 2 (Complete MCP Tool Integration & Seal GUI HITL bypass) → Phase 3 (Fix DAG Engine cascading blocks).
 
 ### `testing_consolidation_20260302` (initialized)
 **Priority:** Medium

conductor/tracks/architecture_boundary_hardening_20260302/plan.md

@@ -9,12 +9,13 @@ Focus: Stop `mma_exec.py` from injecting massive full-text dependencies.
 
 - [ ] Task 1.1: In `scripts/mma_exec.py`, completely remove the `UNFETTERED_MODULES` constant and its associated `if dep in UNFETTERED_MODULES:` check. Ensure all imported local dependencies strictly use `generate_skeleton()`.
 
-## Phase 2: Seal the HITL Bypass (Application Core)
-Focus: Ensure native MCP mutating tools cannot execute without user approval in the `manual_slop` application.
+## Phase 2: Complete MCP Tool Integration & Seal HITL Bypass (Application Core)
+Focus: Expose all native MCP tools in the config and GUI, and ensure mutating tools trigger user approval.
 
-- [ ] Task 2.1: In `mcp_client.py`, define a new constant set `MUTATING_TOOLS = {"set_file_slice", "py_update_definition", "py_set_signature", "py_set_var_declaration"}`. (Note: `write_file` is not currently in the tool list, but add it if it is).
-- [ ] Task 2.2: In `ai_client.py`'s provider loops (`_send_gemini`, `_send_gemini_cli`, `_send_anthropic`, `_send_deepseek`), update the tool execution logic. If `name in mcp_client.MUTATING_TOOLS`, it MUST trigger the `pre_tool_callback` (or a variation of it) to ask for user approval before calling `mcp_client.dispatch`.
-- [ ] Task 2.3: In `gui_2.py`, ensure the UI rendering for the pending tool approval handles the AST mutations gracefully (e.g. showing the `new_content` payload instead of a PowerShell script).
+- [ ] Task 2.1: Update `manual_slop.toml` and `project_manager.py`'s `default_project()` to include all new tools (e.g., `set_file_slice`, `py_update_definition`, `py_set_signature`) under `[agent.tools]`.
+- [ ] Task 2.2: Update `gui_2.py`'s settings/config panels to expose toggles for these new tools.
+- [ ] Task 2.3: In `mcp_client.py`, define a `MUTATING_TOOLS` constant set.
+- [ ] Task 2.4: In `ai_client.py`'s provider loops (`_send_gemini`, `_send_gemini_cli`, `_send_anthropic`, `_send_deepseek`), update the tool execution logic: if `name in mcp_client.MUTATING_TOOLS`, it MUST trigger a GUI approval mechanism (like `pre_tool_callback`) before dispatching the tool. 
 
 ## Phase 3: DAG Engine Cascading Blocks (Application Core)
 Focus: Prevent infinite deadlocks when Tier 3 workers fail repeatedly.

conductor/tracks/architecture_boundary_hardening_20260302/spec.md

@@ -1,30 +1,23 @@
 # Track Specification: Architecture Boundary Hardening
 
 ## Overview
-The `manual_slop` project serves dual roles: it is an end-user GUI application built around Human-In-The-Loop (HITL) AI orchestration, and it is the sandbox for the AI meta-tooling (`mma_exec.py`, `tool_call.py`) being used to develop it. 
-Because `mcp_client.py` is shared between both environments to provide robust code investigation tools, a critical HITL bypass has emerged. Additionally, the meta-tooling scripts are bleeding tokens.
+The `manual_slop` project sandbox provides AI meta-tooling (`mma_exec.py`, `tool_call.py`) to orchestrate its own development. When AI agents added advanced AST tools (like `set_file_slice`) to `mcp_client.py` for meta-tooling, they failed to fully integrate them into the application's GUI, config, or HITL (Human-In-The-Loop) safety models. Additionally, meta-tooling scripts are bleeding tokens, and the internal application's state machine can deadlock.
 
 ## Current State Audit
 
-1. **HITL Bypass in `manual_slop` Application**:
-   - Location: `ai_client.py` inside `_send_gemini`, `_send_gemini_cli`, `_send_anthropic`, and `_send_deepseek`.
-   - Issue: The `pre_tool_callback` is explicitly only checked if `name == TOOL_NAME` (which is `run_powershell`).
-   - If an AI agent running inside the GUI calls `set_file_slice` or `py_update_definition`, the code falls through to `elif name in mcp_client.TOOL_NAMES:` and dispatches it immediately, silently mutating the user's codebase without approval. 
-   - *Requirement*: The application strictly requires step-by-step deterministic user approval for *any* filesystem modification, whether by script or direct AST manipulation.
+1. **Incomplete MCP Tool Integration & HITL Bypass (`ai_client.py`, `gui_2.py`)**:
+   - Issue: New tools in `mcp_client.py` (e.g., `set_file_slice`, `py_update_definition`) are not exposed in the GUI or `manual_slop.toml` config `[agent.tools]`. If they were enabled, `ai_client.py` would execute them instantly without checking `pre_tool_callback`, bypassing GUI approval.
+   - *Requirement*: Expose all `mcp_client.py` tools as toggles in the GUI/Config. Ensure any mutating tool triggers a GUI approval modal before execution.
 
 2. **Token Firewall Leak in Meta-Tooling (`mma_exec.py`)**:
    - Location: `scripts/mma_exec.py:101`.
-   - Issue: `UNFETTERED_MODULES` hardcodes `['mcp_client', 'project_manager', 'events', 'aggregate']`. If a worker targets a file that imports `mcp_client`, the script injects the full `mcp_client.py` (~450 lines) into the context instead of its skeleton, blowing out the token budget and destroying Context Amnesia.
+   - Issue: `UNFETTERED_MODULES` hardcodes `['mcp_client', 'project_manager', 'events', 'aggregate']`. If a worker targets a file that imports `mcp_client`, the script injects the full `mcp_client.py` (~450 lines) into the context instead of its skeleton, blowing out the token budget.
 
 3. **DAG Engine Blocking Stalls (`dag_engine.py`)**:
    - Location: `dag_engine.py` -> `get_ready_tasks()`
-   - Issue: `get_ready_tasks` requires all dependencies to be explicitly `completed`. If a task is marked `blocked` (e.g. after max retries in the ConductorEngine), its dependents stay `todo` forever. The `ConductorEngine.run()` loop has no logic to handle this cleanly, causing an infinite stall.
+   - Issue: `get_ready_tasks` requires all dependencies to be explicitly `completed`. If a task is marked `blocked`, its dependents stay `todo` forever, causing an infinite stall.
 
 ## Desired State
-- Any mutating tool from `mcp_client.py` (`set_file_slice`, `py_update_definition`, `py_set_signature`, `py_set_var_declaration`, `write_file`) must trigger a user approval dialogue, just like `run_powershell`.
-- The `UNFETTERED_MODULES` list must be completely removed from `mma_exec.py` so all dependencies are reliably skeletonized.
-- The `dag_engine.py` must cascade `blocked` status to downstream tasks so the track halts cleanly instead of deadlocking.
-
-## Technical Constraints
-- The UI modal must be updated or a new `pre_mutation_callback` must be introduced to handle showing the proposed AST edit vs the proposed script.
-- Keep the boundary clear: changes in `ai_client.py` affect the user's `manual_slop` application experience. Changes in `mma_exec.py` affect *our* meta-tooling environment.
+- All tools in `mcp_client.py` are configurable in `manual_slop.toml` and `gui_2.py`. Mutating tools must route through the GUI approval callback.
+- The `UNFETTERED_MODULES` list must be completely removed from `mma_exec.py`.
+- The `dag_engine.py` must cascade `blocked` status to downstream tasks so the track halts cleanly.