What is the 'Neural Link'?

The Neural Link is a bi-directional bridge that connects AI agents (like Gemini or Claude) directly to the Neo.mjs runtime. It allows agents to 'see' the application's Scene Graph, inspect component state, verify event listeners, and even mutate the running application in real-time. This turns the application into a 'glass box' for AI, enabling autonomous debugging and feature development.

Why is Neo.mjs called an 'Application Engine' instead of a framework?

Traditional frameworks are general-purpose libraries (like a Toyota) that help you organize code, but they compile away into ephemeral DOM nodes. Neo.mjs is a precision-engineered runtime (like an F1 car), similar to Unreal Engine for games. It maintains a persistent 'Scene Graph' of objects in a separate worker thread. These objects retain their identity, state, and relationships, allowing for advanced capabilities like multi-window orchestration, runtime permutation, and deep AI introspection that are impossible with 'melted plastic' DOM-based frameworks.

What is 'Context Engineering'?

Context Engineering is the practice of curating the environment and information flow for AI agents to maximize their autonomy. In Neo.mjs, this is implemented via three Model Context Protocol (MCP) servers: a Knowledge Base for semantic code understanding, a Memory Core for learning from past sessions, and a GitHub Workflow server for project management. This ecosystem allows agents to work as fully integrated members of the development team.

What is 'Object Permanence' in the context of Neo.mjs?

In Neo.mjs, UI components are persistent JavaScript objects living in the App Worker, not just transient rendering results. This 'Object Permanence' means a component (like a Dashboard) maintains its state (scroll position, user input, internal logic) even if it is detached from the DOM or moved to a different browser window. This is the 'Lego Technic' approach versus the 'Duplo' approach of traditional frameworks.

What is an 'Agent Operating System'?

Neo.mjs v11 introduced the concept of an Agent OS, where the platform itself provides the tools and interfaces for AI agents to operate. It combines a standalone, type-safe AI SDK for autonomous 'Code Execution' with the Neural Link for runtime control. This enables agents to monitor, debug, and heal the application autonomously, effectively acting as an operating system for synthetic intelligence.

How does Neo.mjs handle multi-window applications?

Neo.mjs uses shared web workers to run a single application instance across multiple browser windows. All windows share the same application state and data in real-time. Components can even move between windows while retaining their JavaScript instances. This enables desktop-class experiences like multi-window IDEs, browser-based email clients, and multi-screen control rooms.

What makes Neo.mjs different from React, Angular, or Vue?

Neo.mjs is fundamentally different in its architecture: (1) It uses True Multithreading via web workers to prevent UI jank, (2) It is an AI-Native Application Engine with built-in bridges for AI collaboration, and (3) It treats components as persistent objects in a Scene Graph, enabling native multi-window support and runtime permutation.

Frontmatter

id	10721
title	Shared deployment MVP completeness gaps (post-#10691)
state	Closed
labels	enhancementepicaiarchitecture
assignees	neo-opus-4-7
createdAt	May 5, 2026, 12:04 AM
updatedAt	May 9, 2026, 11:23 PM
githubUrl	https://github.com/neomjs/neo/issues/10721
author	neo-opus-4-7
commentsCount	5
parentIssue	9999
subIssues	10722 Per-session purge MCP tool 10723 Local embedding provider validation 10724 Local chat-API summary provider validation 10725 Resume tool / session-handoff surface 10726 Disconnect-triggered summarization wiring 10727 Deployment-target OAuth2.1 / X-PREFERRED-USERNAME integration 10774 Document trustProxyIdentity threat model + operator config in SharedDeployment.md 10770 Healthcheck observability: providers.auth block (symmetric to providers.embedding) 10772 Unit test coverage for proxy-identity injection in TransportService 10773 Healthcheck observability: providers.neoEmbedding (SQLite-side, symmetric to providers.embedding)
subIssuesCompleted	10
subIssuesTotal	10
blockedBy	[]
blocking	[]
closedAt	May 7, 2026, 2:36 AM

Shared deployment MVP completeness gaps (post-#10691)

Name: Neo.mjs Application Engine
Author: Neo.mjs

Closedenhancementepicaiarchitecture

neo-opus-4-7 commented on May 5, 2026, 12:04 AM

Context

#10691 (Shared KB/MC Team Deployment MVP) shipped the substrate primitive layer for shared-team deployment topology: one Chroma process, separate collections, two MCP servers, client-scoped session contract via RequestContextService, summarization concurrency coordinator (TTL-lease + atomic SQLite transaction), operator-facing deployment profile in learn/agentos/SharedDeployment.md. Verdict closed via epic-resolution review (5/6 ACs at L1 closed; AC5's L3 residual tracked under #10008).

The substrate is a foundation, not a complete MVP for any specific team-shared-deployment use case. Productionization against the substrate (initial requirements gathered against a team-shared-deployment partner MVP — not naming the partner per repo discipline) surfaced 6 distinct completeness gaps between substrate-shipped state and end-to-end deployable state. This sub-epic is the explicit follow-up tracking surface.

The Problem

Substrate-complete vs MVP-complete are different states:

Substrate (#10691): primitive contracts, lifecycle plumbing, deployment profile docs.
MVP (this sub-epic): per-session admin tooling, validated local-model provider configurations, end-to-end disconnect-triggered summarization, resume/handoff tool surface, auth integration.

Without the additional work, agents picking up "deploy our shared MC/KB for a team" cannot run a complete team workflow end-to-end. The gap is not architectural — the substrate is correctly shaped — it's delivery-completeness against a real-world MVP requirement set.

The Architectural Reality

learn/agentos/SharedDeployment.md — operator-facing deployment profile (#10694, just shipped).
MemoryCore.md §Healthcheck Response Shape — already documents per-server topology diagnostics; new validations should extend it rather than introduce parallel healthcheck surfaces.
OpenAiCompatible.generate provider abstraction — present but local-model-specific paths (Qwen3 family) unvalidated.
ai/mcp/server/memory-core/services/SessionService.mjs#claimSummarizationJob — coordinator primitive (#10693), needs disconnect-trigger wiring + a "session completion" marker concept.
v12.1 OIDC ships in repo — auth track exists separately; deployment-target-specific OAuth provider integration (e.g., GitLab + X-PREFERRED-USERNAME header) needs additional work.

The Fix

File 6 sub-issues covering the gaps. Each sub picks up via the ticket-create skill at owner-time, with full Contract Ledger matrix populated per the Contract Completeness Gate.

Per-session purge MCP tool — surface a purge_session({session_id}) tool on Memory Core. Removes raw memories + summary for one session without disturbing global state. Operator-controlled via tool description / permission gating. Counterpart to existing delete_all_summaries (full clear) at finer granularity.
Local embedding provider validation — empirically validate the existing OpenAiCompatible abstraction against the Qwen3-1.8b embedding model at 4k dimensions; document the operator config path; surface healthcheck verification of the active embedding provider; flag any interface gaps the abstraction reveals.
Local chat-API summary provider validation — same shape for summarization (currently Gemini 2.5 Flash by default); validate Qwen3-8b chat-API path; document operator config; surface in healthcheck.
Resume tool / session-handoff surface — design-and-implement decision: how does an agent reconnecting after disconnect resume an existing session vs starting fresh? Builds on RequestContextService (#10692) substrate. May surface as a new MCP tool or a parameter on existing connect surface.
Disconnect-triggered summarization wiring — bridge between MCP client-disconnect events and the claimSummarizationJob coordinator (#10693). Requires a "session completion" marker concept (data shape + writer + detector). The coordinator handles concurrency once triggered; the trigger itself is the gap.
Deployment-target OAuth2.1 / X-PREFERRED-USERNAME integration — auth surface for team-shared deployments using GitLab (or equivalent) as the identity provider. Either ship under this sub-epic or formally retire with a pointer to a sibling auth-track epic.

Acceptance Criteria

AC1: native sub-issues filed for each of the 6 gaps; parent-child links established via update_issue_relationship.
AC2: each sub has a Contract Ledger matrix populated at creation time (per the post-#10704 Contract Completeness Gate).
AC3: sub #1 (per-session purge tool) ships with Playwright unit test coverage demonstrating session-scoped purge does not affect other sessions.
AC4: sub #2 + #3 (local-model provider validations) document operator config paths in SharedDeployment.md (or a sibling guide) AND surface the active provider via healthcheck.
AC5: sub #4 + #5 (resume + disconnect-trigger) coordinate cleanly with RequestContextService + SummarizationJobs primitives without re-architecting them.
AC6: sub #6 (auth) either ships under this sub-epic with a working OAuth2.1 flow OR is explicitly retired with a pointer to a sibling auth-track epic and rationale.
AC7, post-merge: end-to-end deployment dry-run successfully runs all 6 closed gaps in a representative shared-deployment configuration.

Stage 3.1 Closeout Matrix (entry-seeded per `epic-review` workflow)

Parent AC	Required evidence	Owning sub(s)	Delivered PR(s)	Achieved evidence	Residual state
AC1 (subs filed + parent-child links)	L1	n/a (epic body)	n/a	(pending)	(pending)
AC2 (Contract Ledger per sub)	L1	each sub	(pending)	(pending)	(pending)
AC3 (purge tool + tests)	L2	sub #1	(pending)	(pending)	(pending)
AC4 (provider validations + docs)	L3	sub #2, #3	(pending)	(pending)	(pending)
AC5 (resume + disconnect-trigger)	L3	sub #4, #5	(pending)	(pending)	(pending)
AC6 (auth integration or retire)	L3 (live OIDC flow)	sub #6	(pending)	(pending)	(pending)
AC7 (end-to-end dry-run)	L4 (operator-gated multi-host probe)	spans all subs	(pending)	(pending)	(pending)

Cross-reference: learn/agentos/evidence-ladder.md.

Out of Scope

Per the partner's own MVP roadmap, the following are explicitly tagged "post-MVP" by them and excluded from this sub-epic:

Tool review (which subset of MC/KB tools the partner ultimately needs in their deployment) — separate audit, partner-driven, not a Neo platform concern.
Graph processing in partner's own infrastructure — operator-side concern; runs against shipped substrate.
Prompt-injection security — explicitly tagged "risky" by partner; deserves its own epic with security review.
Multi-tenant identity (agents getting own MC accounts) — overlaps with #10011 future direction; out of MVP scope.
Additional Memory Core query options — discovery/extension; separate scoping.

Also excluded from this sub-epic:

End-to-end performance benchmarking under team load — separate non-functional concern.
Cloud infrastructure provisioning (Chroma cluster setup, OAuth provider config) — operator-side, not in repo scope. The repo ships the contracts; operators provision the cloud.

Avoided Traps

Rejected: bundle all 6 gaps into one mega-PR. Each gap has independent technical surface; per-sub PR boundary lets each merge on its own evidence (Contract Ledger gate per sub) without coupling unrelated concerns.
Rejected: defer auth (sub #6) entirely as out-of-scope. Auth is a partner-MVP-blocking concern; either ship under this sub-epic or formally retire with sibling-epic pointer. Silently dropping it would orphan the gap and surprise the next agent picking up the lifecycle.
Rejected: reuse #10691's AC structure. #10691 was the substrate-primitive sub-epic; this is the MVP-completeness sub-epic. Different concern, different ACs. Avoid the trap of conflating substrate-shipped with MVP-deployable.
Rejected: name the partner publicly. Per repo discipline, no customer-specific naming in tickets, PR bodies, comments, or docs. Generic framing ("team-shared-deployment use case", "deployment-target") only.

Parent cloud epic: #9999 — Cloud-Native Knowledge & Multi-Tenant Memory Core
Predecessor sub-epic: #10691 — Shared KB/MC Team Deployment MVP (substrate primitives, just closed via epic-resolution review)
Validation track: #10008 — Playwright Test Coverage: Unified Monolithic Topology (OPEN; AC7's L4 dry-run lands in this lineage)
Demoted: #10009 — Federated topology (per #10691 disposition: non-default diagnostic)
Retrieval policy layer: #10010 — Team vs Private Context Retrieval (sibling concern)
Future direction: #10011 — Native Edge Graph tenant isolation
Reference doc: learn/agentos/SharedDeployment.md

Origin Session ID: 7e52099b-9632-4c67-a2a1-4e1a1ad1c414

Retrieval Hint: query_raw_memories(query="shared deployment MVP completeness gaps post-#10691 team partner per-session purge Qwen3 embedding summary OAuth2.1 GitLab X-PREFERRED-USERNAME disconnect-triggered summarization resume tool")