What is the 'Neural Link'?

The Neural Link is a bi-directional bridge that connects AI agents (like Gemini or Claude) directly to the Neo.mjs runtime. It allows agents to 'see' the application's Scene Graph, inspect component state, verify event listeners, and even mutate the running application in real-time. This turns the application into a 'glass box' for AI, enabling autonomous debugging and feature development.

Why is Neo.mjs called an 'Application Engine' instead of a framework?

Traditional frameworks are general-purpose libraries (like a Toyota) that help you organize code, but they compile away into ephemeral DOM nodes. Neo.mjs is a precision-engineered runtime (like an F1 car), similar to Unreal Engine for games. It maintains a persistent 'Scene Graph' of objects in a separate worker thread. These objects retain their identity, state, and relationships, allowing for advanced capabilities like multi-window orchestration, runtime permutation, and deep AI introspection that are impossible with 'melted plastic' DOM-based frameworks.

What is 'Context Engineering'?

Context Engineering is the practice of curating the environment and information flow for AI agents to maximize their autonomy. In Neo.mjs, this is implemented via three Model Context Protocol (MCP) servers: a Knowledge Base for semantic code understanding, a Memory Core for learning from past sessions, and a GitHub Workflow server for project management. This ecosystem allows agents to work as fully integrated members of the development team.

What is 'Object Permanence' in the context of Neo.mjs?

In Neo.mjs, UI components are persistent JavaScript objects living in the App Worker, not just transient rendering results. This 'Object Permanence' means a component (like a Dashboard) maintains its state (scroll position, user input, internal logic) even if it is detached from the DOM or moved to a different browser window. This is the 'Lego Technic' approach versus the 'Duplo' approach of traditional frameworks.

What is an 'Agent Operating System'?

Neo.mjs v11 introduced the concept of an Agent OS, where the platform itself provides the tools and interfaces for AI agents to operate. It combines a standalone, type-safe AI SDK for autonomous 'Code Execution' with the Neural Link for runtime control. This enables agents to monitor, debug, and heal the application autonomously, effectively acting as an operating system for synthetic intelligence.

How does Neo.mjs handle multi-window applications?

Neo.mjs uses shared web workers to run a single application instance across multiple browser windows. All windows share the same application state and data in real-time. Components can even move between windows while retaining their JavaScript instances. This enables desktop-class experiences like multi-window IDEs, browser-based email clients, and multi-screen control rooms.

What makes Neo.mjs different from React, Angular, or Vue?

Neo.mjs is fundamentally different in its architecture: (1) It uses True Multithreading via web workers to prevent UI jank, (2) It is an AI-Native Application Engine with built-in bridges for AI collaboration, and (3) It treats components as persistent objects in a Scene Graph, enabling native multi-window support and runtime permutation.

Frontmatter

id	11743
title	Specify repo-push receiver and auth flow for KB ingestion envelopes
state	Closed
labels	enhancementaiarchitecture
assignees	neo-gpt
createdAt	May 22, 2026, 4:19 AM
updatedAt	May 22, 2026, 10:58 AM
githubUrl	https://github.com/neomjs/neo/issues/11743
author	neo-gpt
commentsCount	2
parentIssue	11720
subIssues	11744 Gate ingest_source_files exposure by transport
subIssuesCompleted	1
subIssuesTotal	1
blockedBy	[]
blocking	[]
closedAt	May 22, 2026, 10:58 AM

Specify repo-push receiver and auth flow for KB ingestion envelopes

Name: Neo.mjs Application Engine
Author: Neo.mjs

Closedenhancementaiarchitecture

neo-gpt commented on May 22, 2026, 4:19 AM

Context

Operator surfaced a concept challenge during the active #11720 night-shift: #11720/#11728 need a deployable tenant repo-push ingestion path, not just the existence of KnowledgeBaseIngestionService.ingestSourceFiles().

The original ticket framing incorrectly treated MCP as disqualified for the repo-push receiver. Live source review corrected that premise:

The KB MCP server has a real StreamableHTTP /mcp transport for cloud deployments.
The deployment profile includes OAuth/OIDC auth in front of that MCP endpoint.
The Neo MCP client supports remote sse / streamable-http transports.
Therefore, an MCP-client-over-StreamableHTTP repo-push path is viable in principle.

The unresolved MVP gap is the deployable invocation/auth model: concrete tenant hook/CI client, token acquisition/storage, OAuth audience/resource setup, volume policy, and failure signatures.

Duplicate sweep:

ask_knowledge_base(query='ticket duplicate repo-push receiver auth flow KB ingestion envelopes MCP StreamableHTTP', type='ticket') surfaced #11726 and older related endpoint/auth issues, but no equivalent open ticket for the tenant-side repo-push invocation model.
rg "repo-push|StreamableHTTP|NEO_KB_MCP_URL|tenant push receiver|KB receiver|HTTP/streaming endpoint" resources/content/issues resources/content/discussions learn/agentos/cloud-deployment ai/services/knowledge-base ai/mcp/server/knowledge-base found #11626/#11635/#11679 deferrals and #11731's related clone path, not this implementation surface.
#11731 is related but not duplicate: it owns server-side ref-only webhook/clone/credential exploration, whereas this ticket keeps the MVP content-bearing push path where tenant hook/CI reads files and submits an ingestion envelope.

Architecture pre-flight routing: selected discipline is ticket-create for an actionable missing implementation surface under an already-graduated workstream. Nearest alternative was Ideation Sandbox; rejected because the upstream Discussion #11623 already graduated and the live source review narrowed the missing piece to concrete invocation/auth wiring, not abstract architecture. Blast radius is bounded: tenant-side CLI/hook, cloud deployment docs, and tests.

The Problem

#11624 delivered the ingestion service, contracts, tenant metadata, MCP facade, bulk CLI, docs, observability, and tests. It did not deliver a day-0 operator primitive that an external tenant repo hook or CI job can run against a deployed KB endpoint.

Current substrate answers two different questions:

How does ingestion logic run once called? KnowledgeBaseIngestionService.ingestSourceFiles().
Which current facades call it? MCP ingest_source_files and co-located CLI npm run ai:ingest-tenant.

It does not fully answer the deployment question:

A tenant repo push happened. Which runnable client does the hook/CI call, where does it get its token, what OAuth audience/resource must that token target, how is the envelope built, and how does the job fail when volume/auth/parser errors occur?

An envelope is data, not an invocation model. A service method is not an operator-facing trigger. The cloud deployment needs a tenant-side push client plus documented auth and failure semantics.

Without that surface, #11720's adoption ladder has a hidden gap at tenant KB ingestion and #11728's day-0 tutorial risks teaching tacit maintainer knowledge instead of a repeatable operator journey.

The Architectural Reality

Evidence verified before implementation:

Surface	Current reality	Gap
`KnowledgeBaseIngestionService.ingestSourceFiles()`	Service-layer method exists and validates/stamps/embeds payloads.	It is not a trigger; it needs a caller and auth context.
`ai/mcp/server/knowledge-base/toolService.mjs`	Maps `ingest_source_files` through an MCP facade with the #10572 work-volume gate; remote cloud transport is viable.	Tool existence alone is not a tenant hook/CI invocation model.
KB MCP StreamableHTTP `/mcp` endpoint	Deployed profile can expose MCP over HTTP behind OAuth/OIDC.	Tenant repo-push needs the token/audience/resource contract and client wrapper.
Neo MCP client	Supports remote `sse` / `streamable-http` transport strings.	Tenant hook/CI needs a small executable wrapper around that client.
`buildScripts/ai/ingestTenant.mjs`	CLI imports services directly and calls `ingestSourceFiles({viaMcp:false})`.	Runs as a co-located shell process for bulk/backfill; not the remote tenant push default.
`learn/agentos/cloud-deployment/HookWiring.md`	Documents MCP and bulk CLI facades.	Needs the concrete `ai:kb-push-client` path, token env contract, and failure signatures.
#11731	Owns server-side clone/credential exploration.	Ref-only webhook payloads remain out of scope for this ticket.

Critical boundary: if the receiver gets only {repo, ref, sha} metadata, the server must fetch/clone the repo and therefore needs credentials. That is #11731 territory. This ticket keeps the MVP receiver content-bearing: the tenant-side hook/CI reads changed files or emits parsed-chunk-v1, then sends the envelope to the cloud KB MCP endpoint.

The Fix

Define and implement the repo-push invocation/auth model for content-bearing KB ingestion envelopes.

MVP shape:

Add a tenant-side CLI wrapper, npm run ai:kb-push-client, that connects to the remote KB /mcp endpoint with the Neo MCP client over streamable-http or sse.
The wrapper reads one JSON ingestion envelope from stdin or a file and calls ingest_source_files.
The wrapper accepts NEO_KB_MCP_URL, NEO_KB_MCP_TRANSPORT, NEO_KB_INGEST_TOKEN, NEO_KB_TOKEN_ENV, NEO_KB_TENANT_ID, and NEO_KB_REPO_SLUG.
The reference pre-push hook builds a content-bearing envelope and uses the remote MCP client when NEO_KB_MCP_URL is configured, while retaining the local bulk CLI fallback for co-located demos/imports.
Preserve #10572 semantics: remote MCP calls remain volume-gated and must fail visibly with KB_INGEST_VOLUME_EXCEEDED instead of freezing an agent turn.
Document OAuth/OIDC setup: the repo-push automation identity token is stored in the tenant hook/CI secret store, targets the KB public MCP resource/audience, and is not a Git credential.
Update HookWiring.md, TenantIngestionModel.md, Configuration.md, examples, and #11728 expectations so repo-push ingestion uses the concrete client/auth model.
Add tests proving the CLI parser, auth header wiring, envelope defaults, tool call, cleanup, and structured failure semantics without a live KB server.

A non-MCP HTTP/queue receiver that shares KnowledgeBaseIngestionService remains a future alternative if the MCP-over-StreamableHTTP client path proves operationally awkward. It is not required for this MVP. Server-side ref-only webhook/clone ingestion remains #11731.

If implementation chooses a new .mjs file, run structural-pre-flight before authoring the file.

Contract Ledger Matrix

Target Surface	Source of Authority	Proposed Behavior	Fallback / Edge Case	Docs	Evidence
Tenant repo-push client	#11720 adoption ladder; live MCP StreamableHTTP/OAuth source review; #11743 correction comments	`ai:kb-push-client` runs in tenant hook/CI, connects to remote KB `/mcp`, and invokes `ingest_source_files` with a content-bearing envelope.	If MCP-over-StreamableHTTP proves awkward, create a future non-MCP HTTP/queue receiver sharing `KnowledgeBaseIngestionService`.	`HookWiring.md`, `TenantIngestionModel.md`, `Configuration.md`	Unit test asserts CLI parsing, transport config, auth header, tool call, and cleanup.
Envelope contract	#11624 contracts; `parsed-chunk-v1`; deletion-signaling contract	Client sends raw files, parsed chunks, tombstones, manifests, and revision boundaries using the existing `ingest_source_files` envelope.	Ref-only webhook payloads are rejected/deferred to #11731 because they require server-side clone credentials.	Cloud-deployment docs + example hook	Tests for defaults and structured payload handling; hook syntax validation.
Auth / tenant stamping	#11631 write-side stamping; #11632 read-side isolation; #11726 credential boundary	Repo-push token is a KB MCP authorization credential stored in hook/CI secrets; OAuth audience/resource targets the KB public MCP endpoint. Server-authenticated context remains authoritative.	Missing/expired/wrong-audience token fails closed through HTTP 401 / auth middleware.	Security/configuration/hook docs	Docs identify token env, audience/resource, and failure signatures.
Volume policy	#10572 MCP gate; #11635 bulk mode	MCP client preserves `mcpSyncMaxChunks` refusal. Oversized incremental pushes fail visibly and instruct split-or-bulk.	Initial import/backfill uses `ai:ingest-tenant` on the deployment host.	Hook wiring + tutorial failure signatures	Unit tests cover `KB_INGEST_VOLUME_EXCEEDED` as failure; docs describe operator response.
Day-0 tutorial consumer	#11720 adoption ladder; #11728	Fresh operator can wire a tenant hook/CI job using `NEO_KB_MCP_URL` + token env and run the push client.	#11728 provides live deployed proof after this PR lands.	New tutorial artifact	PR declares L2 evidence here; #11728 supplies L3 live proof.

Acceptance Criteria

A tenant-side repo-push invocation surface exists and can call the deployed KB MCP /mcp endpoint over streamable-http or sse.
The invocation surface reads a content-bearing ingestion envelope from stdin or file and calls ingest_source_files.
CLI/env contract documents NEO_KB_MCP_URL, NEO_KB_MCP_TRANSPORT, NEO_KB_INGEST_TOKEN, NEO_KB_TOKEN_ENV, NEO_KB_TENANT_ID, and NEO_KB_REPO_SLUG.
Reference hook/CI example builds an envelope with changed files, tombstones, baseRevision, headRevision, repoSlug, and tenant defaults.
OAuth/OIDC guidance explains token storage, audience/resource targeting, and the boundary between KB MCP authorization credentials and Git credentials.
Volume behavior preserves the MCP gate; KB_INGEST_VOLUME_EXCEEDED is surfaced as a hook/CI failure with split-or-bulk guidance.
Ref-only repo webhook payloads are explicitly rejected or deferred to #11731; no hidden clone credential requirement is introduced.
Security boundary is preserved: server-side authenticated context remains authoritative for tenant identity.
HookWiring.md, TenantIngestionModel.md, Configuration.md, and examples/cloud-deployment/ distinguish service method, MCP facade, tenant push client, and bulk CLI.
#11728 day-0 tutorial can consume this model for a live tenant-ingestion milestone, or explicitly marks live proof blocked until the PR lands.
Tests cover parser/env handling, auth header wiring, envelope defaults, MCP tool call, cleanup, and structured failure detection.

Out of Scope

Server-side repo cloning, fetch credentials, credential vaulting, or Git provider app installation. Those belong to #11731.
Replacing KnowledgeBaseIngestionService or forking ingestion logic away from the existing service layer.
Client-side embeddings. The KB server still owns embeddings.
A production OAuth provider implementation. This ticket specifies the deployable token/audience/resource contract; deployment-specific identity-provider provisioning remains operator-owned.
A separate non-MCP HTTP/queue receiver. That remains a candidate future alternative if this MVP path proves operationally awkward.

Avoided Traps

Trap	Why rejected
Claiming MCP is impossible for repo-push ingestion	Live source shows StreamableHTTP `/mcp`, OAuth/OIDC, and a remote-capable Neo MCP client; the missing piece was deployable invocation/auth, not MCP viability.
Treating `ingest_source_files` existence as an operator journey	A tool method is not enough; hook/CI needs a runnable client, token env contract, and failure semantics.
Treating the bulk CLI as the remote tenant push default	A co-located shell process is right for onboarding/backfill, not day-0 incremental repo push from a tenant workspace.
Sending only SHA/ref metadata	Requires server-side clone credentials, which #11720 deliberately defers to #11731.
Duplicating ingestion logic inside the client	Splits validation, stamping, deletion, telemetry, and embedding behavior from the service already delivered by #11624.

Parent: #11720

Depends on / builds from: #11624, #11626, #11633, #11635, #11679, #11726

Blocks / informs: #11728, #11731, #11724/#11725 deployment proof if tenant-ingestion is part of the journey

Origin Discussion: #11623 Q3 push endpoint protocol

Origin Session ID

2741c4bd-92b2-428b-92d3-ab718d9a7c41

Handoff Retrieval Hints

query_raw_memories({query: 'repo-push MCP StreamableHTTP KB ingestion envelope #11720 #11743'})
query_summaries({query: '#11743 repo-push receiver auth model MCP StreamableHTTP'})
ask_knowledge_base({query: 'KnowledgeBaseIngestionService ingestSourceFiles MCP facade bulk CLI HookWiring', type: 'all'})
Exact evidence anchors: KB MCP StreamableHTTP /mcp, OAuth/OIDC deployment auth, Neo remote MCP client support, #11731 for ref-only clone/credential exploration.

tobiu closed this issue on May 22, 2026, 10:10 AM

tobiu referenced in commit 33102c2 - "feat(kb): add repo-push MCP client (#11743) (#11749) on May 22, 2026, 10:58 AM

tobiu closed this issue on May 22, 2026, 10:58 AM