What is the 'Neural Link'?

The Neural Link is a bi-directional bridge that connects AI agents (like Gemini or Claude) directly to the Neo.mjs runtime. It allows agents to 'see' the application's Scene Graph, inspect component state, verify event listeners, and even mutate the running application in real-time. This turns the application into a 'glass box' for AI, enabling autonomous debugging and feature development.

Why is Neo.mjs called an 'Application Engine' instead of a framework?

Traditional frameworks are general-purpose libraries (like a Toyota) that help you organize code, but they compile away into ephemeral DOM nodes. Neo.mjs is a precision-engineered runtime (like an F1 car), similar to Unreal Engine for games. It maintains a persistent 'Scene Graph' of objects in a separate worker thread. These objects retain their identity, state, and relationships, allowing for advanced capabilities like multi-window orchestration, runtime permutation, and deep AI introspection that are impossible with 'melted plastic' DOM-based frameworks.

What is 'Context Engineering'?

Context Engineering is the practice of curating the environment and information flow for AI agents to maximize their autonomy. In Neo.mjs, this is implemented via three Model Context Protocol (MCP) servers: a Knowledge Base for semantic code understanding, a Memory Core for learning from past sessions, and a GitHub Workflow server for project management. This ecosystem allows agents to work as fully integrated members of the development team.

What is 'Object Permanence' in the context of Neo.mjs?

In Neo.mjs, UI components are persistent JavaScript objects living in the App Worker, not just transient rendering results. This 'Object Permanence' means a component (like a Dashboard) maintains its state (scroll position, user input, internal logic) even if it is detached from the DOM or moved to a different browser window. This is the 'Lego Technic' approach versus the 'Duplo' approach of traditional frameworks.

What is an 'Agent Operating System'?

Neo.mjs v11 introduced the concept of an Agent OS, where the platform itself provides the tools and interfaces for AI agents to operate. It combines a standalone, type-safe AI SDK for autonomous 'Code Execution' with the Neural Link for runtime control. This enables agents to monitor, debug, and heal the application autonomously, effectively acting as an operating system for synthetic intelligence.

How does Neo.mjs handle multi-window applications?

Neo.mjs uses shared web workers to run a single application instance across multiple browser windows. All windows share the same application state and data in real-time. Components can even move between windows while retaining their JavaScript instances. This enables desktop-class experiences like multi-window IDEs, browser-based email clients, and multi-screen control rooms.

What makes Neo.mjs different from React, Angular, or Vue?

Neo.mjs is fundamentally different in its architecture: (1) It uses True Multithreading via web workers to prevent UI jank, (2) It is an AI-Native Application Engine with built-in bridges for AI collaboration, and (3) It treats components as persistent objects in a Scene Graph, enabling native multi-window support and runtime permutation.

Frontmatter

id	10902
title	Dockerfile npm ci fails: prepare lifecycle needs buildScripts before COPY
state	Closed
labels	bugaiarchitecturebuild
assignees	neo-opus-4-7
createdAt	May 7, 2026, 3:22 PM
updatedAt	May 9, 2026, 11:16 PM
githubUrl	https://github.com/neomjs/neo/issues/10902
author	neo-opus-4-7
commentsCount	0
parentIssue	null
subIssues	[]
subIssuesCompleted	0
subIssuesTotal	0
blockedBy	[]
blocking	[]
closedAt	May 7, 2026, 3:43 PM

Dockerfile npm ci fails: prepare lifecycle needs buildScripts before COPY

Name: Neo.mjs Application Engine
Author: Neo.mjs

Closedbugaiarchitecturebuild

neo-opus-4-7 commented on May 7, 2026, 3:22 PM

Context

Surfaced 2026-05-07 by #10897 Lane C CI workflow (PR #10899) on first integration-job run. The Dockerfile in ai/deploy/Dockerfile (shipped via #10880) fails to build in any clean CI environment.

The Problem

The Dockerfile's COPY/RUN ordering creates a hard dependency cycle:

WORKDIR /app
COPY package*.json ./       # Step 4: only package.json + package-lock.json
RUN npm ci --omit=dev       # Step 5: triggers `prepare` lifecycle
COPY . .                    # Step 7: brings buildScripts/ but TOO LATE

The prepare script in package.json:57 is:

"prepare": "node ./buildScripts/ai/initServerConfigs.mjs && node ./buildScripts/ai/downloadKnowledgeBase.mjs"

npm ci automatically invokes prepare after install. At that step in the Dockerfile, only package*.json exists in /app — buildScripts/ hasn't been COPY'd yet. The script fails with:

Error: Cannot find module '/app/buildScripts/ai/initServerConfigs.mjs'
    at Function._resolveFilename (node:internal/modules/cjs/loader:1383:15)
    ...
npm error code 1
target mc-server: failed to solve: process "/bin/sh -c npm ci --omit=dev" did not complete successfully: exit code: 1

Empirical anchor: Lane C CI run 25497549380 — both kb-server and mc-server Docker builds fail at the same step.

Why this wasn't caught earlier

#10880 (Docker artifacts) and #10893 (Lane A integration test using these artifacts) both passed local verification because:

Local Docker has cached layers — when the developer ran docker compose -f ai/deploy/docker-compose.test.yml up --build after a prior successful build, the RUN npm ci layer was cached from a state when buildScripts/ had been previously available (e.g., during local dev with full repo).
Local .neo-ai-data/ exists — the second prepare step (downloadKnowledgeBase) short-circuits via existing-dir guard, so even if the first step were to succeed locally, the failure mode is masked.
No CI gate existed — until #10899, no automated environment was building from a truly clean state. Local builds from scratch would have surfaced this immediately.

This is a classic "works on my machine" pattern hidden by Docker layer caching. The fix prevents future regressions and makes the Docker artifacts genuinely reproducible across all environments.

The Architectural Reality

ai/deploy/Dockerfile — 21 lines, multi-stage build (builder → runtime).
The Docker images are for production deployment of MCP servers (KB / MC). They do NOT need:
- initServerConfigs.mjs — copies template configs to gitignored config.mjs. Production deployment provides config via env vars + the template defaults; the gitignored copy is for local-dev override only.
- downloadKnowledgeBase.mjs — downloads release-artifact KB zip into .neo-ai-data/. Production KB MCP server provides KB via mounted Chroma volume + sync APIs, not bundled artifacts.
Both prepare-lifecycle scripts exist for local-dev convenience, not production deployment. They should not run inside the Docker build.

The Fix

Single-line change to ai/deploy/Dockerfile:5:

- RUN npm ci --omit=dev
+ RUN npm ci --omit=dev --ignore-scripts

--ignore-scripts instructs npm to skip lifecycle hooks (prepare, postinstall, etc.) during install. Aligns with Docker production semantics — the runtime image carries already-installed deps and has no need to run dev-time bootstrap.

Why not "move COPY . . before RUN npm ci"? That alternative works but defeats Docker layer-caching: every source change invalidates the npm-install layer. The --ignore-scripts fix preserves layer caching while skipping the dev-only hooks.

Why not "split prepare into prepare:dev + prepare:prod"? Larger surgery; introduces npm-script proliferation. The --ignore-scripts flag is the standard idiomatic move in Dockerfile contexts.

Contract Ledger (T3)

Target Surface	Source of Authority	Proposed Behavior	Fallback / Edge Case	Docs	Evidence
`ai/deploy/Dockerfile` line 5	This ticket; surfaced by #10897 Lane C CI run	Add `--ignore-scripts` flag to `npm ci --omit=dev`. Both `kb-server` and `mc-server` builds inherit the fix (same Dockerfile, parameterized via `TARGET_SERVER` build-arg).	Future Dockerfile evolution that genuinely needs a lifecycle script in production: re-introduce explicit step (e.g., `RUN node ./buildScripts/specific-prod-step.mjs`) with COPY of the needed files first. The `--ignore-scripts` is the production-ergonomic default; explicit scripting is the escape hatch.	Inline comment in Dockerfile linking to this ticket; possibly cookbook (`learn/agentos/DeploymentCookbook.md`) Section 3 (Container Setup) reference.	L3 — Lane C CI (#10899) `integration` job runs green on the very PR fixing this; documented in PR body with run URL.

Acceptance Criteria

ai/deploy/Dockerfile:5 contains RUN npm ci --omit=dev --ignore-scripts.
Inline Dockerfile comment cross-links this ticket as the rationale.
Lane C CI (#10899) integration matrix row passes after this fix lands (verified by re-running CI).
Local Docker build smoke verification: docker compose -f ai/deploy/docker-compose.test.yml build --no-cache kb-server mc-server completes successfully on a clean checkout (no cached layers).

Out of Scope

Multi-stage refactor of the Dockerfile — current 2-stage shape (builder → runtime) is fine; only the npm ci step needs the flag.
Removing prepare lifecycle from package.json — script remains valuable for local-dev workflow; only Docker context needs to opt out.
Audit of other Docker contexts — only ai/deploy/Dockerfile exists in the repo today; cross-project Docker context audit isn't needed.
Splitting prepare into prepare:dev + prepare:prod — see Avoided Traps.

Avoided Traps / Gold Standards Rejected

Rejected: split prepare into prepare:dev + prepare:prod scripts. Larger surgery; introduces npm-script proliferation and downstream version-management debt. The --ignore-scripts flag is the idiomatic Dockerfile pattern for the same goal.
Rejected: move COPY . . before RUN npm ci. Defeats Docker layer caching — every source-file change invalidates the (slow) npm install layer. Only acceptable if cache-bust is desired (it's not here).
Rejected: explicit COPY buildScripts/ai/initServerConfigs.mjs ./buildScripts/ai/initServerConfigs.mjs before RUN npm ci. Adds path-coupling fragility (file moves break the Dockerfile silently) for no production-side benefit, since the script itself doesn't need to run in production.
Rejected: defer to a follow-up PR after Lane C lands with unit-only matrix. Lane C's whole point is gating PRs on test failures; landing the workflow without ability to gate integration undermines it. The 1-line fix is the elegant unblock.

Surfacing context: Lane C CI workflow PR #10899 (closes #10897) — first PR to run a clean-environment Docker build.
Original substrate: #10801 → PR #10880 (Docker artifacts, KB+MC compose, ai/deploy/ namespace).
Downstream consumer: #10805 → PR #10893 (Lane A integration test using the broken Dockerfile — passed locally via cached layers).
Sibling lane impact: #10896 (Lane B sustained-liveness PR #10898) is also blocked from L2/L3 verification by this same Dockerfile bug.

Origin Session ID: 7e897a0b-33ce-4d6c-b1a9-a1ff93e4e571

Retrieval Hint: query_raw_memories(query="Dockerfile npm ci prepare lifecycle initServerConfigs Lane C CI substrate fix")

tobiu referenced in commit 2721678 - "fix(deploy): add --ignore-scripts to npm ci in Dockerfile (#10902) (#10904) on May 7, 2026, 3:43 PM

tobiu closed this issue on May 7, 2026, 3:43 PM

tobiu referenced in commit 3f94362 - "fix(deploy): use python urllib for Chroma healthcheck (curl missing) (#10908) (#10909) on May 7, 2026, 5:59 PM