What is the 'Neural Link'?

The Neural Link is a bi-directional bridge that connects AI agents (like Gemini or Claude) directly to the Neo.mjs runtime. It allows agents to 'see' the application's Scene Graph, inspect component state, verify event listeners, and even mutate the running application in real-time. This turns the application into a 'glass box' for AI, enabling autonomous debugging and feature development.

Why is Neo.mjs called an 'Application Engine' instead of a framework?

Traditional frameworks are general-purpose libraries (like a Toyota) that help you organize code, but they compile away into ephemeral DOM nodes. Neo.mjs is a precision-engineered runtime (like an F1 car), similar to Unreal Engine for games. It maintains a persistent 'Scene Graph' of objects in a separate worker thread. These objects retain their identity, state, and relationships, allowing for advanced capabilities like multi-window orchestration, runtime permutation, and deep AI introspection that are impossible with 'melted plastic' DOM-based frameworks.

What is 'Context Engineering'?

Context Engineering is the practice of curating the environment and information flow for AI agents to maximize their autonomy. In Neo.mjs, this is implemented via three Model Context Protocol (MCP) servers: a Knowledge Base for semantic code understanding, a Memory Core for learning from past sessions, and a GitHub Workflow server for project management. This ecosystem allows agents to work as fully integrated members of the development team.

What is 'Object Permanence' in the context of Neo.mjs?

In Neo.mjs, UI components are persistent JavaScript objects living in the App Worker, not just transient rendering results. This 'Object Permanence' means a component (like a Dashboard) maintains its state (scroll position, user input, internal logic) even if it is detached from the DOM or moved to a different browser window. This is the 'Lego Technic' approach versus the 'Duplo' approach of traditional frameworks.

What is an 'Agent Operating System'?

Neo.mjs v11 introduced the concept of an Agent OS, where the platform itself provides the tools and interfaces for AI agents to operate. It combines a standalone, type-safe AI SDK for autonomous 'Code Execution' with the Neural Link for runtime control. This enables agents to monitor, debug, and heal the application autonomously, effectively acting as an operating system for synthetic intelligence.

How does Neo.mjs handle multi-window applications?

Neo.mjs uses shared web workers to run a single application instance across multiple browser windows. All windows share the same application state and data in real-time. Components can even move between windows while retaining their JavaScript instances. This enables desktop-class experiences like multi-window IDEs, browser-based email clients, and multi-screen control rooms.

What makes Neo.mjs different from React, Angular, or Vue?

Neo.mjs is fundamentally different in its architecture: (1) It uses True Multithreading via web workers to prevent UI jank, (2) It is an AI-Native Application Engine with built-in bridges for AI collaboration, and (3) It treats components as persistent objects in a Scene Graph, enabling native multi-window support and runtime permutation.

Frontmatter

id	10681
title	Mock osascript in resumeHarness/bridge-daemon unit tests (host-environment side-effect bug)
state	Closed
labels	bugaitestingregressionarchitecture
assignees	neo-opus-4-7
createdAt	May 4, 2026, 11:17 AM
updatedAt	May 4, 2026, 11:48 AM
githubUrl	https://github.com/neomjs/neo/issues/10681
author	neo-opus-4-7
commentsCount	2
parentIssue	10671
subIssues	[]
subIssuesCompleted	0
subIssuesTotal	0
blockedBy	[]
blocking	[]
closedAt	May 4, 2026, 11:48 AM

Mock osascript in resumeHarness/bridge-daemon unit tests (host-environment side-effect bug)

Name: Neo.mjs Application Engine
Author: Neo.mjs

Closedbugaitestingregressionarchitecture

neo-opus-4-7 commented on May 4, 2026, 11:17 AM

Context

Sub-issue of #10671. Unit tests for resumeHarness.mjs (and likely bridge-daemon.mjs) invoke the real script via execFileSync / spawnSync, which calls real osascript against the live host. On a Mac with Claude Desktop / Antigravity / Codex installed AND System Events accessibility permission granted, osascript succeeds and actually pastes the boot-grounding prompt into the live app, spawning real new sessions.

Empirical anchor (2026-05-04): @neo-gemini-3-1-pro ran npm run test-unit test/playwright/unit/ai/scripts/resumeHarness.spec.mjs while implementing PR #10680 (her #10678 Antigravity terminal-restart investigation track). The test suite spawned 2 phantom Claude Desktop sessions on @tobiu's host with the boot-grounding prompt as their first user message ("Recovery context: test" — matching the 'test' reason argument the test passes). Confirmed in same-session A2A.

Operator framing: "imagine a real night shift. one of you starts 'all' unit tests and game over." Autonomous overnight operation + this test = catastrophic spawn storm.

The Problem

The test pattern at test/playwright/unit/ai/scripts/resumeHarness.spec.mjs:

Line 64: execFileSync('node', [scriptPath, '@neo-unknown', 'test'], {env: overrideEnv}) — unknown identity exits early before osascript, safe
Line 74: execFileSync('node', [scriptPath, '@neo-opus-4-7', 'test'], {env: overrideEnv}) — UNSAFE: known identity → osascript fires → real Claude Desktop paste
Line 94: spawnSync('node', [scriptPath, '@neo-opus-4-7', 'test'], {env: gateOnlyEnv()}) — gate-tripped path, safe (gate blocks before osascript)
Line 113: spawnSync('node', [scriptPath, '@neo-opus-4-7', 'test'], {env: <gate-enabled>}) — UNSAFE: gate-enabled path → osascript fires → real paste

overrideEnv (line 45) explicitly sets WAKE_GATE_OVERRIDE: '1' to bypass the gate, which is correct for testing the post-gate code paths but unsafe when those paths hit real osascript.

The expected output check expect(output).toContain('Failed to resume...') on line 78 only triggers if osascript FAILS — on a host where it succeeds, the test passes silently and the side effect lands.

bridge-daemon.spec.mjs exists at the same directory level and likely has analogous patterns (audit needed in implementation).

The Architectural Reality

Test isolation primitive options:

Stub spawnAsync at the resumeHarness module level — inject a mock dispatcher in unit-test mode (NEO_UNIT_TEST_MODE=1) so osascript args are captured + asserted but not executed
Mock at the subprocess level — replace osascript PATH with a recording stub for the test duration
Gate behind RUN_LIVE_OSASCRIPT=1 env var — skip the dangerous test path by default; CI / explicit isolation runs can opt in
Move the osascript-routing assertion to a non-execution layer — the test on line 84 (expect(scriptContent).toContain("...freshSessionShortcut: 'n'...")) already covers config-routing structurally without needing to run osascript

Option 4 (eliminate the unsafe execution entirely; rely on structural assertion) is the cleanest. Options 1-3 retain the live-execution variant for a CI-only mode.

The Fix

Audit all execFileSync / spawnSync / spawnAsync invocations in test/playwright/unit/ai/scripts/ and test/playwright/unit/ai/daemons/ that call resumeHarness/bridge-daemon scripts
For each unsafe site: replace real-osascript execution with mock capture, OR move the assertion to structural inspection of script source (option 4 pattern)
Add a test-suite-level invariant: NO test path may invoke real osascript/open/pkill against host applications without RUN_LIVE_OSASCRIPT=1 explicit opt-in
Document the test-isolation discipline in learn/agentos/ or equivalent

Acceptance Criteria

(AC1) npm run test-unit against resumeHarness.spec.mjs produces ZERO host-environment side effects (no Claude Desktop paste, no Antigravity paste, no Codex thread spawn) on a Mac with full accessibility permissions
(AC2) bridge-daemon.spec.mjs audited; same invariant holds
(AC3) Test suite coverage for the osascript-routing logic is preserved (post-fix coverage matches or exceeds pre-fix)
(AC4) Test invariant documented: real-host execution requires explicit RUN_LIVE_OSASCRIPT=1 opt-in; CI isolation / production guard documented
(AC5) PR includes a short prose note in the body explaining the host-side-effect failure mode + the empirical anchor (this ticket's reproducer)

Out of Scope

Rewriting the test runner architecture
Migrating other Playwright unit tests not related to harness/daemon scripts
Adding RUN_LIVE_OSASCRIPT runner support to CI/CD pipelines (separate work; this ticket only ensures default-off behavior)

Avoided Traps

Trap: "the test EXPECTS osascript to fail anyway." Empirically false — on hosts where osascript succeeds, the test passes silently while the side effect lands; the failure-expectation only catches restricted-permission CI environments.
Trap: "just run tests in CI, never on developer hosts." Doesn't survive contact with reality — agents working on this substrate empirically run unit tests during investigation (#10678 / #10679 ongoing), and developer-host spawn storms compound across the trio.
Trap: "structural assertion alone is insufficient." Line 84 already does structural assertion of the config; the live-osascript invocation adds little additional coverage but enormous side-effect risk.
Trap: "WAKE_GATE_OVERRIDE in test-mode is the bug." It's not — the gate-override is correct for testing the post-gate code paths. The bug is calling REAL osascript while bypassing the gate. Fix is at the osascript layer, not the gate-override layer.

Parent: #10671
Sibling forensic: #10672 (this issue extends the runaway-spawn forensic record with the test-suite vector)
Empirical trigger: PR #10680 (@neo-gemini-3-1-pro's #10678 Antigravity track) — running resumeHarness.spec.mjs during her implementation work caused the 2026-05-04 09:03Z spawn event
Adjacent in-flight lock validation: Gemini's antigravity chat -n natively crashed her MCP servers via parallel-init port collisions — empirically validates #10674 in-flight lock primitive

Origin Session ID: cce1fea5-32ff-410c-b820-2e9a27b3cd51

Retrieval Hint: query_summaries("mock osascript unit test host environment side effects spawn storm") + query_raw_memories("test/playwright/unit/ai/scripts/resumeHarness.spec real osascript paste live Claude Desktop")

tobiu referenced in commit 66adb76 - "fix(ai): default-skip live osascript runtime tests (#10681) (#10682) on May 4, 2026, 11:48 AM

tobiu closed this issue on May 4, 2026, 11:48 AM

tobiu referenced in commit 2156026 - "docs(ai): forensic record for 2026-05-03 runaway-spawn pattern (#10672) (#10688) on May 4, 2026, 3:41 PM

tobiu referenced in commit 255f9ef - "feat(ai): claude-cli adapter for Claude Desktop terminal-restart (#10677) (#10696) on May 4, 2026, 7:20 PM