Implementation Plan: Architecture Boundary Hardening

Phase 1: Patch Context Amnesia Leak (Meta-Tooling)

Focus: Stop mma_exec.py from injecting massive full-text dependencies.

Task 1.1: In scripts/mma_exec.py, completely remove the UNFETTERED_MODULES constant and its associated if dep in UNFETTERED_MODULES: check. Ensure all imported local dependencies strictly use generate_skeleton().

Focus: Ensure native MCP mutating tools cannot execute without user approval in the manual_slop application.

Task 2.1: In mcp_client.py, define a new constant set MUTATING_TOOLS = {"set_file_slice", "py_update_definition", "py_set_signature", "py_set_var_declaration"}. (Note: write_file is not currently in the tool list, but add it if it is).
Task 2.2: In ai_client.py's provider loops (_send_gemini, _send_gemini_cli, _send_anthropic, _send_deepseek), update the tool execution logic. If name in mcp_client.MUTATING_TOOLS, it MUST trigger the pre_tool_callback (or a variation of it) to ask for user approval before calling mcp_client.dispatch.
Task 2.3: In gui_2.py, ensure the UI rendering for the pending tool approval handles the AST mutations gracefully (e.g. showing the new_content payload instead of a PowerShell script).

Focus: Prevent infinite deadlocks when Tier 3 workers fail repeatedly.

Task 3.1: In dag_engine.py, add a cascade_blocks() method to TrackDAG. This method should iterate through all todo tickets and if any of their dependencies are blocked, mark the ticket itself as blocked.
Task 3.2: In multi_agent_conductor.py, update ConductorEngine.run(). Before calling self.engine.tick(), call self.track_dag.cascade_blocks() (or equivalent) so that blocked states propagate cleanly, allowing the all_done or block detection logic to exit the while loop correctly.