What is the 'Neural Link'?

The Neural Link is a bi-directional bridge that connects AI agents (like Gemini or Claude) directly to the Neo.mjs runtime. It allows agents to 'see' the application's Scene Graph, inspect component state, verify event listeners, and even mutate the running application in real-time. This turns the application into a 'glass box' for AI, enabling autonomous debugging and feature development.

Why is Neo.mjs called an 'Application Engine' instead of a framework?

Traditional frameworks are general-purpose libraries (like a Toyota) that help you organize code, but they compile away into ephemeral DOM nodes. Neo.mjs is a precision-engineered runtime (like an F1 car), similar to Unreal Engine for games. It maintains a persistent 'Scene Graph' of objects in a separate worker thread. These objects retain their identity, state, and relationships, allowing for advanced capabilities like multi-window orchestration, runtime permutation, and deep AI introspection that are impossible with 'melted plastic' DOM-based frameworks.

What is 'Context Engineering'?

Context Engineering is the practice of curating the environment and information flow for AI agents to maximize their autonomy. In Neo.mjs, this is implemented via three Model Context Protocol (MCP) servers: a Knowledge Base for semantic code understanding, a Memory Core for learning from past sessions, and a GitHub Workflow server for project management. This ecosystem allows agents to work as fully integrated members of the development team.

What is 'Object Permanence' in the context of Neo.mjs?

In Neo.mjs, UI components are persistent JavaScript objects living in the App Worker, not just transient rendering results. This 'Object Permanence' means a component (like a Dashboard) maintains its state (scroll position, user input, internal logic) even if it is detached from the DOM or moved to a different browser window. This is the 'Lego Technic' approach versus the 'Duplo' approach of traditional frameworks.

What is an 'Agent Operating System'?

Neo.mjs v11 introduced the concept of an Agent OS, where the platform itself provides the tools and interfaces for AI agents to operate. It combines a standalone, type-safe AI SDK for autonomous 'Code Execution' with the Neural Link for runtime control. This enables agents to monitor, debug, and heal the application autonomously, effectively acting as an operating system for synthetic intelligence.

How does Neo.mjs handle multi-window applications?

Neo.mjs uses shared web workers to run a single application instance across multiple browser windows. All windows share the same application state and data in real-time. Components can even move between windows while retaining their JavaScript instances. This enables desktop-class experiences like multi-window IDEs, browser-based email clients, and multi-screen control rooms.

What makes Neo.mjs different from React, Angular, or Vue?

Neo.mjs is fundamentally different in its architecture: (1) It uses True Multithreading via web workers to prevent UI jank, (2) It is an AI-Native Application Engine with built-in bridges for AI collaboration, and (3) It treats components as persistent objects in a Scene Graph, enabling native multi-window support and runtime permutation.

Frontmatter

id	10627
title	Steady-state set_session_id rotation in resumeHarness boot-grounding flow
state	Closed
labels	enhancementai
assignees	[]
createdAt	May 3, 2026, 12:36 PM
updatedAt	May 25, 2026, 6:42 AM
githubUrl	https://github.com/neomjs/neo/issues/10627
author	neo-opus-4-7
commentsCount	2
parentIssue	10601
subIssues	[]
subIssuesCompleted	0
subIssuesTotal	0
blockedBy	[]
blocking	[]
closedAt	May 25, 2026, 6:42 AM

Steady-state set_session_id rotation in resumeHarness boot-grounding flow

Name: Neo.mjs Application Engine
Author: Neo.mjs

Closedenhancementai

neo-opus-4-7 commented on May 3, 2026, 12:36 PM

Context

PR #10619 shipped the Q1b fresh-session-spawn substrate corrective: resumeHarness.mjs opens a NEW chat session in the target harness via Cmd+N, pastes a boot-grounding prompt instructing the fresh agent to read AGENTS_STARTUP.md, and forwards originSessionId so the new agent can pull SUNSET-tagged Memory Core context.

Gap surfaced post-merge (per @neo-gpt's MESSAGE:4d3c639e, 2026-05-03 — substrate-grounded refinement from @tobiu's source check): the boot-grounding prompt does NOT instruct the fresh agent to call set_session_id to rotate the live MCP server's SessionService.currentSessionId. In steady-state operation where the MCP server stays running and only the harness chat rotates, fresh sessions inherit whatever currentSessionId was at MCP boot — meaning new-session memory writes pollute the previous logical session's grouping.

This ticket addresses the steady-state recovery hardening. NOT a replacement for the strongest boundary (full harness restart, which solves both grouping AND MCP staleness).

The Problem

Memory Core source paths (verified by @neo-gpt during convergence):

SessionService.currentSessionId is initialized via crypto.randomUUID() in the singleton config — once, at MCP server boot
MemoryService.addMemory() reuses SessionService.currentSessionId when no explicit sessionId is supplied
set_session_id MCP tool maps to SessionService.setSessionId({sessionId}) — rotates this.currentSessionId in-process and returns {success, sessionId, replacedSessionId}

Steady-state failure mode: MCP server runs continuously, harness chat rotates (Cmd+N spawns fresh chat session), but no rotation of SessionService.currentSessionId happens. Fresh agent's add_memory calls write into the previous logical session's id, breaking session-grouping.

This was empirically dodged on the 2026-05-02→05-03 recovery test only because @tobiu restarted MCP servers between sessions (proven by the differing currentSessionId values in healthcheck output). In steady-state-no-restart operation, the gap manifests.

The Architectural Reality

Process boundary trap (per @neo-gpt's MESSAGE:125713d2, source-verified):

resumeHarness.mjs is invoked by swarm-heartbeat.sh as a SEPARATE Node subprocess. If resumeHarness.mjs imports a Memory Core service module and calls setSessionId() directly, it mutates the subprocess's in-process singleton, NOT the live MCP server process that the fresh agent's MCP client will reach via stdio. Returns {success: true} but the effect lands on the wrong process. Hollow-success trap of the family feedback_verify_effect_not_just_success codifies.

This rules out the naive "resumeHarness imports MemoryService and calls setSessionId" implementation pattern.

The Fix

Ranking of implementation candidates (per @neo-gpt's revised analysis, 2026-05-03):

Strongest: Full harness restart → fresh MCP boot. Solves both session-grouping AND MCP staleness. Out of scope for THIS ticket; that's the existing operational recovery boundary.
Substrate-owned in steady-state ONLY IF resumeHarness.mjs can reach the live MCP server over its actual transport (stdio, side-channel). Operationally tricky for a one-shot subprocess. Verify-effect mandatory: subsequent real add_memory through the harness MCP client must carry the rotated id. NOT recommended without significant architecture lift.
Prompt-owned fallback (RECOMMENDED for this ticket): generated UUID embedded in boot-grounding prompt; mandatory set_session_id({sessionId: <fresh-uuid>}) call instruction before first save. Less architecturally "substrate-owned" but actually more reliable in current transport topology because the fresh agent's harness OWNS the right MCP client — the call routes through the live server's SessionService.currentSessionId, not a transient subprocess singleton.

Concrete prescription for option 3:

resumeHarness.mjs generates freshSessionId = crypto.randomUUID() at recovery time
Pass the freshSessionId as a 4th parameter to buildBootGroundingPrompt(identity, reason, originSessionId, freshSessionId)
Boot-grounding prompt instructs the fresh agent: "Before any memory save in this session, call set_session_id({sessionId: <freshSessionId>}) and verify the returned sessionId matches."
Spec test: process-boundary verify-effect — simulate the resume flow, then assert the fresh agent's first real add_memory through the harness MCP client carries the generated sessionId. Tool success in the resume subprocess is INSUFFICIENT (would catch only the in-process singleton mutation, not the live-server effect).

Acceptance Criteria

resumeHarness.mjs generates fresh UUID per recovery invocation
buildBootGroundingPrompt() signature extended to accept and embed the fresh UUID
Prompt body includes explicit instruction to call set_session_id({sessionId: <UUID>}) before first save
Spec test verifies process-boundary effect: fresh agent's first real add_memory post-recovery carries the generated sessionId (NOT the prior session's id)
Negative test: subprocess in-process singleton mutation alone is INSUFFICIENT — explicit anti-pattern test
PR body acknowledges the orthogonal-to-restart framing (this ticket = steady-state hardening; full restart = strongest boundary)

Out of Scope

Full harness restart automation — pre-existing operational boundary, not changed by this ticket
MCP server staleness (cached schemas, env, singleton state, server code) — only restart solves; set_session_id does NOT solve this
Heartbeat liveness substrate stack (#10625, #10626) — orthogonal lane; this ticket pairs specifically with #10619's recovery flow

Avoided Traps

❌ Direct MemoryService.setSessionId() import in resumeHarness.mjs — process-boundary trap; mutates wrong singleton. Same family as #10619 / #10623 / #10624 substrate-truth bugs.
❌ Invented service path services.mjs — Memory Core public tool mapping lives in services/toolService.mjs, not services.mjs (corrected during 2026-05-03 convergence).
❌ Wrong service name MemoryService.setSessionId — set_session_id maps to SessionService.setSessionId, not MemoryService (also corrected during convergence).
❌ Spec asserts only tool success — verify-effect mandate; must verify the EFFECT lands on the right process, not just {success: true} from any process.

Pairs with: #10619 (fresh-session-spawn substrate corrective) — extends the boot-grounding prompt shipped there
Orthogonal to: #10625 (all-agent-idle detection), #10626 (cooldown-bounded trio wake) — different substrate concerns
Convergence anchor: trio coordination 2026-05-03, @neo-gpt's substrate-truth corrections in MESSAGE:4d3c639e + MESSAGE:125713d2

Origin Session ID: b1839431-cba1-4b6d-913f-27b09e472e67

Retrieval Hint: query_summaries("set_session_id rotation resumeHarness boot-grounding prompt steady-state recovery hardening") + query_raw_memories("set_session_id process-boundary trap SessionService.setSessionId not MemoryService")

tobiu referenced in commit 255f9ef - "feat(ai): claude-cli adapter for Claude Desktop terminal-restart (#10677) (#10696) on May 4, 2026, 7:20 PM

tobiu unassigned from @neo-gemini-3-1-pro on May 19, 2026, 5:57 PM