What is the 'Neural Link'?

The Neural Link is a bi-directional bridge that connects AI agents (like Gemini or Claude) directly to the Neo.mjs runtime. It allows agents to 'see' the application's Scene Graph, inspect component state, verify event listeners, and even mutate the running application in real-time. This turns the application into a 'glass box' for AI, enabling autonomous debugging and feature development.

Why is Neo.mjs called an 'Application Engine' instead of a framework?

Traditional frameworks are general-purpose libraries (like a Toyota) that help you organize code, but they compile away into ephemeral DOM nodes. Neo.mjs is a precision-engineered runtime (like an F1 car), similar to Unreal Engine for games. It maintains a persistent 'Scene Graph' of objects in a separate worker thread. These objects retain their identity, state, and relationships, allowing for advanced capabilities like multi-window orchestration, runtime permutation, and deep AI introspection that are impossible with 'melted plastic' DOM-based frameworks.

What is 'Context Engineering'?

Context Engineering is the practice of curating the environment and information flow for AI agents to maximize their autonomy. In Neo.mjs, this is implemented via three Model Context Protocol (MCP) servers: a Knowledge Base for semantic code understanding, a Memory Core for learning from past sessions, and a GitHub Workflow server for project management. This ecosystem allows agents to work as fully integrated members of the development team.

What is 'Object Permanence' in the context of Neo.mjs?

In Neo.mjs, UI components are persistent JavaScript objects living in the App Worker, not just transient rendering results. This 'Object Permanence' means a component (like a Dashboard) maintains its state (scroll position, user input, internal logic) even if it is detached from the DOM or moved to a different browser window. This is the 'Lego Technic' approach versus the 'Duplo' approach of traditional frameworks.

What is an 'Agent Operating System'?

Neo.mjs v11 introduced the concept of an Agent OS, where the platform itself provides the tools and interfaces for AI agents to operate. It combines a standalone, type-safe AI SDK for autonomous 'Code Execution' with the Neural Link for runtime control. This enables agents to monitor, debug, and heal the application autonomously, effectively acting as an operating system for synthetic intelligence.

How does Neo.mjs handle multi-window applications?

Neo.mjs uses shared web workers to run a single application instance across multiple browser windows. All windows share the same application state and data in real-time. Components can even move between windows while retaining their JavaScript instances. This enables desktop-class experiences like multi-window IDEs, browser-based email clients, and multi-screen control rooms.

What makes Neo.mjs different from React, Angular, or Vue?

Neo.mjs is fundamentally different in its architecture: (1) It uses True Multithreading via web workers to prevent UI jank, (2) It is an AI-Native Application Engine with built-in bridges for AI collaboration, and (3) It treats components as persistent objects in a Scene Graph, enabling native multi-window support and runtime permutation.

Backlog

9868 R&D: Grid Multi-Body Selection Architecture Redesign
9872 Grid Multi-Body: 3-Tier Component Orchestration and Architecture Refactoring
9869 Unified Data Sync Pipeline (DevIndex, Portal Indexes, and SEO)
9866 Enforce Retrospective 9492 Guardrails & Self-Evolving Systems
9865 Multi-Body: Centralize Selection Model Orchestration in GridContainer
9864 Autonomous PR Format Auditing via DreamService
9862 Enforce Iterative Scope Change Comments for Pull Requests
9851 feat: Implement Retrospective Analysis Agent (Session Performance Evaluator)
9859 Enforce Resolves keyword for automatic PR closure
9855 Implement PR-Driven Workflow Protocol
9857 PR Review Skill: Standardized Architecture for Retrospective Analysis Feedback
9854 Blog Post: Multi-Window Web Apps in 2026 — SharedWorkers, Not PostMessage Chains
9853 Blog Post: The Cyborg Factor — How One Developer Resolved 650 Tickets in 30 Days
9852 feat: Migrate high-signal Medium blog posts to learn/blog/ Markdown (SSG+ indexing)
9850 Blog Post: Off the Main Thread — A 2026 Status Report
9849 Blog Post: Neural Link — Why AI Agents Need Runtime Introspection
9848 feat: Implement Neural Link Transaction/Undo Stack for Agent-Driven UI Mutations
9847 feat: Implement `remove_component` Neural Link Tool
9846 feat: Implement `create_component` Neural Link Tool
9845 R&D: Evaluate and Configure Linter for Neo.mjs Custom Code Style
9844 feat: Implement Safe Commit Pipeline for Autonomous Agent Execution
9843 feat: Implement Quantitative Reward Signal for Golden Path Edge Reinforcement
9842 feat: Implement Autonomous Agent Orchestrator with Golden Path Directive Injection
9492 Grid Multi-Body: Adapt Selection Models for Split Rows
9841 Multi-Body: Peer State Adoption for Cell Selection Synchronization
9840 Multi-Body: Peer State Adoption for Column Selection Synchronization
9839 Multi-Body: Peer State Adoption for Row Selection Synchronization
9838 E2E: Expose Full Neural Link MCP API in Playwright Fixtures & Update Guide
9837 MCP Server: Support nested array schemas in OpenApiValidator
9836 E2E: Fix Neural Link InteractionService Fixtures and Zod Validation
9835 Testing: Implement Baseline Neural Link Fixture E2E Verification
9834 Testing: Expand Neural Link Fixture to Expose Layout and Interaction SDK
9833 Refactor InferenceLifecycleService: Abstract spawn logic and integrate headless LM Studio auto-boot
9832 fix(ai): Resolve autonomous runSandman startup sequence race condition
9831 fix: Explicitly import Observable mixin to prevent static evaluation crashes in MCP servers
9830 Synchronize Multi-Body Selection State in GridContainer
9829 Documentation: Add Neural Link Fixture to Whitebox E2E Guide
9828 Documentation: Create Whitebox E2E Testing Guide (Neural Link)
9827 Neural Link Baseline Validation for Grid Big Data
9819 R&D: Identify Ideal Candidates for Whitebox E2E Testing
9826 Implement Baseline Neural Link Validation (Button Example)
9825 Knowledge Base Infrastructure & Provider Stabilization
9687 Epic: Agent OS Subconscious Layer
9824 Feat: DreamService Structural Gap Prioritization
9822 Fix Regression in DreamService Golden Path Inference Tests
9816 [Epic] Agent OS Architecture: Decouple DreamService & Implement Guide Gap Inference
9818 Implement Vector Fast-Fail Guide Gap Analysis in DreamService
9821 Enhancement: Neural Link VDOM Sync Primitives
9820 R&D: Grid Component Mutability & Column Synchronization
9817 Extract DreamService to standalone background daemon
9815 Sanitize DreamService Handoff Formatting and Filter Config Lifecycle Gaps
9814 Fix "undefined" Agent OS Graph Nodes in DreamService Gap Analysis
9811 Epic: Enforce Strict Ticket Hygiene & Active Swarm Ingestion
9813 Refactor Knowledge Base Ingestion to Target Active Swarm State
9812 Enforce Meta Gates and Cascade Definitions in Agent Manuals
9807 Enforce Type-Aware Gap Targeting Constraints
9806 Enforce TTL Pruning for Graph Topology Gap Tracking
9805 Centralize sandman_handoff.md generation in DreamService
9804 Implement Deterministic Edge Mapping for Document Gaps
9803 Hybrid GraphRAG Phase 2: Pipeline Tuning & Deterministic Topology
9809 Ensure GitHub Discussions Surface Natively in the Golden Path
9673 Technical Awareness: Hybrid GraphRAG (Native Edge Graph & App Mapping)
8410 Agent OS: Implement 'Janitor' capability for automated Ticket Sync
9736 Hebbian Memory Integration (Hybrid GraphRAG Upgrade)
9797 Stabilize Memory Core Inference Config & SQLite Vector Dimensions
9802 Dynamic Gravity Weighting for External and Bug Tickets in Hybrid GraphRAG
9801 [MCP] GitHub Workflow: Fix Discussion File Naming and Formatting
9800 [MCP] GitHub Workflow: Autonomous Swarm Synchronization & Post-Sync Auto-Push
9799 Clarify A2A Schema: Exposing False Industry 'Gold Standards'
9798 Native Memory Core Graph Topology Export
9796 Implement MD5 Hash Deltas for Autonomous Ingestion Pipeline
9795 [Memory Core] Normalize REM Pipeline Telemetry Log Output
9794 [Memory Core] Fix UUID Graph Corruption and Stream Truncation Bug in REM Pipeline
9793 perf: Optimize FileSystemIngestor via SQLite mtimeMs Precache
9792 Optimize OpenAiCompatible Provider by Natively Wrapping LLM Streaming API
9791 feat(ai): Nativize memory core ingestion and standardize AST graph logic
9790 Swarm Network: Implement Bootstrapping Handoffs via Fat Tickets
9789 Add Playwright verification for Sandman Strategic Drift detection
9778 Integrate Real-Time Turn-by-Turn Memory Parsing
9783 Implement NeuralLink Playwright Test Fixture
9782 Neural Link Playwright SDK Integration
8851 Exploration: Neural Link Driven Playwright Tests (Deep E2E)
9784 [Epic] Strategic Intelligence Engine: Graph Drift & Gravity Detection
9787 Implement Strategic Drift Detection (Sandman)
9786 Graph Schema: Gravity Wells & Strategic Weights
9785 Implement Topological Gravity Detection in GraphService
9777 [Epic] Graph Structural Integrity & Golden Path Alignment
9781 Sandman Analysis Routine Overhaul
9780 Redesign Native-Graph Edge Semantic Relationships
9779 Redesign Native-Graph Node Metadata Schema
9768 Refactor memory-core Database Lifecycle & Vector Managers
9774 Refactor AI SDK and Build Scripts for Memory Core Module Decoupling
9773 Refactor Operational Mandates to Remove Colloquial AI Terminology
9772 Strengthen Anti-Slop / Quality Pre-Commit Gate in Agent Operational Mandates
9771 Add missing config JSDoc to Memory Core Lifecycle Services
9770 Add missing semantic JSDoc to Memory Core Lifecycle Services
9769 Fix zombie ollama inference daemon processes
9767 Investigate 'Viewer has null permission' bug in manage_issue_assignees MCP tool
9766 Implement complete openAiCompatible provider architecture (Settings, Docs, Embeddings)
9765 Enforce modern ES6+ coding standards via AGENTS.md and refactor OpenAiCompatible
9764 Update config template and modernize ES6 syntax for AI providers
9763 Migrate DreamService to MLX-Native OpenAI-Compatible Server
9762 Stabilize Sandman Inference Pipeline & Fix SQLite Race Conditions
9761 Stabilize AI Provider Networking and Add Database Export Utility
9760 Resolve Undici HeadersTimeout in Session Summarization
9759 Extract Graph Decay Factor into MCP Configuration
9758 Fix: Centralize Hebbian Decay Physics and implement 24h Algorithmic Lock
9757 [AI] Accelerate Vector DB Migration & Recreate Topology Wipe
9756 Config: Inject missing modelProvider tracking
9755 Test: Correct embeddingModel to qwen3-embedding in SessionSummarization
9754 Fix: Correct relative import paths for memory-core tests
9753 Refactor: Move memory-core tests to accurate server path
9752 Native Agent Skills: Fix Progressive Disclosure Tool Mapping
9751 Semantic Translation of the Golden Path via Gemma4
9750 Fix Prio 0 swarm boot sequence & plan file-system MCP server
9749 Add QA Subagent Profile leveraging Local Gemma4 Swarm
9748 Update ROADMAP.md and VISION.md for Immediate Autonomous Development Epics
9747 Enhance Golden Path with issue titles in sandman_handoff
9746 Isolate AI unit test artifacts to local tmp directory
9745 Add Playwright unit test coverage for DreamService Gap Inference
9744 Fix SQLite schema mismatch in Rem sleep filesystem extraction
9743 Enforce path traversal boundaries for autonomous filesystem reads (DreamService)
9742 Add Config Flag for Differential Graph Sync (FileSystem Ingestor)
9741 Feature: DreamService Codebase Gap Analysis (Automated Doc Alerting)
9740 Feature: Vector Apoptosis (True Algorithmic Forgetting) in Memory Core
9724 Stabilize GraphService Initialization Race conditions and Memory bounds
9738 Implement Passive Artifact Ingestion from Antigravity Brain
9737 Implement Topological Ingestion for Memories & Summaries in Edge Graph
9735 AI Infrastructure: Update Artifact Pipelines to use .neo-ai-data
9734 Docs: Upgrade AI Quick Start with M-Series Structural Pathing & Env Defenses
9733 AI Infrastructure: Add SQLite Vector Migration Utility Script
9732 AI Infrastructure: Stabilize SQLite Graph Environment Configs
9731 Stabilize Memory Core Backend Initialization
9730 Intermittent `TypeError: Cannot read properties of undefined` in GraphService Test Suite
9729 Templatize MCP Server Configuration Files
9727 Semantic Refactoring of Memory Core Configuration
9726 Architectural Consolidation of AI Database Paths
9725 Switch Memory Core embedding provider to Gemini and optimize RAG migration
9723 Execution: Add Discovery Mandate to AGENTS_STARTUP.md
9714 [Sandman] Hybrid GraphRAG Scoring Algorithm
9721 [Memory Core] GraphRAG Storage Synchronization and Index Stabilization
9720 Fix Memory Core MCP Initialization Error ('N' character parsing)
9713 SQLite Memory Core Directory Decoupling & Maintenance
9719 Hybrid Vector DB: Decouple TextEmbeddingService and Eliminate Provider Fallbacks
9718 Stabilize Hybrid Vector Database Embedding Generation
9717 Hybrid DB Refactoring & Vector Decoupling
9716 Disable SQLiteVectorManager boot when Engine is Chroma
9715 Disable Memory Core Hybrid Engine Temporarily
9707 [Handoff Protocol] Agent Startup Reconciliation & Graph Mutation
9712 Implement Hybrid Memory Core Architecture & Migration Subsystem
9708 [Topographical Extraction] Sandman REM Actionable Alert Generation
9710 [SQLite VSS Migration] 100% Offline Markdown Tensor Chunking
9711 [Unit Tests] Verify queryNodeTopology and query_hybrid_graph
9709 [Vector Bridge] Stitching Chroma Semantics to SQLite Edge Nodes
9706 Epic: Autonomous Priority Graph Engine
9704 Feat: Sandman Graph Physics (Hebbian Reinforcement & Global Ambient Decay)
9705 Fix: Sandman REM Context Ghosts & Ollama Hardening
9693 [Epic] AI Agent Phase 3: Ideation Sandbox via GitHub Discussions
9690 Agent Skill: Ideation Sandbox
9686 Add Graph Database Inspector Script
9685 Implement Neural Pruning and Graph GC
9700 Initialize Default Context Frontier Node on Database Boot
9672 Workflow Enablement: Implement Anthropic Agent Skills Standard
9703 Implement "Skill Creation" Meta-Skill
9702 Implement Neural Link Tactical Skill (Tool Chaining)
9701 Implement Progressive Disclosure for Agent Skills Context Assembly
9699 Test: GraphService SQLite Lazy-Loading Coverage
9698 Feature: Agent Skill Loader & Ideation Sandbox
9697 Fix: GraphService direct lookups fail on Lazy Loading cache misses
9696 Tri-Vector REM Synthesis (Sandman Upgrade)
9695 Implement Offline Synchronization for Ideation Sandbox (Discussions)
9688 Agent Skill: Hybrid Roadmap Planner
9689 Agent Skill: Contextual Pre-Briefer
9674 Strategic Consciousness: The Sandman/REM Prototype
9684 Epic: AI - The "Strategic Co-Founder" Orchestrator (Sub-Epic of #9671)
9683 Epic Sub: Session Amnesia & The Context Priming Engine
8288 Neo Agent OS: Orchestration & Swarm Architecture
9680 Native Edge Graph: Distributed Caching & Lazy Loading
9681 Native Edge Graph: ACID Transaction Control Pipeline
9682 Native Edge Graph: Traversal Query Engine & Aggregations
9679 Optimize V8 graph array operations via native slice topologies
9678 Native Graph Database SQLite Persistence Adapter
9677 Epic Sub: Enhance Neo.collection.Base with Secondary Lookup Indices
9676 Implement Native Edge Graph Database Engine
9671 Neo AI Architecture Masterplan (Antigravity & Agent SDK)
9638 Epic: Architecture - Neo.mjs Dream Mode & GraphRAG Swarm
9662 Dream Mode Phase 3: GraphRAG Topology & REM Mode Orchestration
9670 Fix MCP server path resolution dependencies on process.cwd()
9666 Epic: Migrate Knowledge Graph to Memory Core
9669 Phase 3: Unleash DreamService Graph Extraction
9668 Phase 2: Migrate Graph Service and OpenAPI to memory-core
9667 Phase 1: Cleanse knowledge-base of Graph Logic
9665 Stabilize MCP Server Infrastructure & Fix Memory/Graph Regression
9663 Fix MCP Servers CWD Resolution for Antigravity Compatibility
9664 Fix MCP server CWD resolution in Antigravity Sandbox
9661 Phase 2: Autonomous Sub-Agent Delegation (Dream Mode)
9660 Native MCP Tool Execution inside Loop.mjs
9643 "Librarian" Sub-Agent Orchestration
9659 Enhance Memory Core with Agent and Model Traceability
9658 Enhance Memory-Core for explicit Gemma4 offline session summarization
9656 Sub-Epic 5B: Define Cross-Agent Delegation Architecture
9655 Sub-Epic 5A: Create Librarian Agent Profile
9657 Sub-Epic 5C: Build E2E Agent GraphRAG Synthesis Test
9642 Unified GraphRAG MCP Interface
9654 Sub-Epic 4C: Register Graph Tools in MCP Server Handler
9653 Sub-Epic 4B: Expose Graph Endpoints in OpenAPI Spec
9652 Sub-Epic 4A: Implement Graph Reading/Traversal API
9641 The "Night Shift" REM Pipeline (Hippocampus)
9651 Sub-Epic 3C: Bridge DreamService to knowledge-base GraphService
9650 Sub-Epic 3B: Implement Graph Node Extraction Prompt via local Gemma-4
9649 Sub-Epic 3A: Create DreamService.mjs in memory-core
9640 Knowledge Graph Database Backend (Neocortex)
9639 Local LLM Provider Adapter (Ollama + Gemma-4)
9647 Create GraphService.mjs mapped to ChromaManager
9646 Add better-sqlite3 Graph Storage to knowledge-base
9645 Configure Agent.mjs to orchestrate mixed providers
9644 Add Neo.ai.provider.Ollama base adapter
9637 Grid Multi-Body: E2E Telemetry Adjustments for Dual-Pipeline Scrolling
9636 Grid Multi-Body: Simplify GridDragScroll Scrollbar Hit Detection
9635 Grid Multi-Body: Restoring Vertical Scrollbar for Dual-Pipeline GPU Thumb Pinning
9626 Epic: Grid Unified Scrolling & VDOM Orchestration
9632 Grid: Restore Row Scroll Pinning and Update Drag E2E Tests
9634 Grid Container: Remove redundent grid wrapper node
9633 Grid: Rename bodyWrapper to view
9631 Grid: Enable Horizontal Scrolling via Locked Regions
9630 Grid: Implement Main-Thread Addon Hover Synchronization
9629 Grid Multi-Body: Implement Atomic VDOM Orchestration Layer
9628 Grid Multi-Body: Map Physical Heights and Transfer Vertical Scrolling
9627 Grid Multi-Body: Introduce `grid.View` and Flatten `grid.Body` DOM
9625 Multi-Body Grid: Visually delegate native vertical scrollbar UX with CSS
8167 Harden Return Trip Logic for Detached Items
9614 Grid Multi-Body: Fix Horizontal Row Clipping & Scrollbar SCSS
9622 Grid Multi-Body: Resolve duplicate cell rendering and phantom nodes
9624 [Multi-Body Grid] Resolve Border Overlap, Header Sync, and Scroll Propagation
9623 Grid Multi-Body: Fix .neo-last-column border styling logic across multiple bodies
9621 Grid Multi-Body: Fix Header Scrolling, Flex Layout, and Single-Column Constraints
9620 Grid Multi-Body: Fix Null Data Store and Consolidate Loading Mask
9619 Grid Multi-Body: Implement and Test Locked Columns in DevIndex
9616 Grid Multi-Body: Implement Two-Tier Horizontal Cell Pooling and Scroll Sync
9618 DevIndex High-Velocity Grid Thumb Drag Scroll Jitter
9617 Grid Multi-Body: Fix Row Scroll Pinning for Thumb Dragging
9535 Invitation to collaborate with AI Village - 13 AI agents interested in AI-native runtime interoperability
9615 Sub-Epic: Grid Multi-Body Stabilization (Header Sync & Pinning)
9449 Epic: Unified Data Pipeline Architecture (Pipeline -> Connection -> Parser -> Normalizer)
9489 Grid Multi-Body: Decoupled Horizontal Scroller & Main Thread Sync
9613 Grid Multi-Body: Fix horizontal DragScroll and Mousewheel translation
9612 Grid Multi-Body: Scrollbar Refactoring and Vertical Restoration
9611 Grid Multi-Body: Native Vertical Scrollbar & Alignment Spacer
9490 Grid Multi-Body: Remove Obsolete GridColumnScrollPinning Addon & CSS Vars
9488 Grid Multi-Body: SubGrid Row Pooling & Vertical Sync Refactoring
9610 Add a 24-hour grace period to `prevent-reopen` workflow
9486 Epic: Grid Multi-Body Architecture for Zero-Jitter Locked Columns
9609 Epic: Grid Multi-Body Architecture for Zero-Jitter Locked Columns (reopened from #9486)
9608 Fix Event Resolution and Parent Hierarchy Regressions in Nested Sub-Grids
9607 GridContainer: `this.items is not iterable` crash on initialization
9487 Grid Multi-Body: Refactor Layout Engine & SubGrid Partitioning
9497 Grid Multi-Body: Split Column Collections and Orchestration
9606 docs: Refactor README & Intro as an AI-native Application Engine Manifesto
9604 docs: Create High-Level Summary for JSON First UIs
9603 docs: Create High-Level Summary for Object Permanence
9602 Restructure Learn Portal (tree.json) for AI-Native Onboarding and Engine Positioning
9601 Enhance SSR Proxy to Serve Raw Markdown for llms.txt Optimization
8160 Decouple and Configure Window Detachment Thresholds in SortZone
9591 Fix strict SSR parsing issues for CubeLayoutButton and highlighting
9600 Upgrade GitHub Actions to latest major versions for Node 24 support
9599 Webpack path resolution bug for Data worker dynamic imports in workspaces
9598 Force Node 24 for GitHub Actions to resolve deprecation warnings
9597 Update GitHub Actions to v4 to resolve Node 20 deprecation warnings
9596 Fix SSG Pipeline Concurrency Hanging and Suppress Component Error Noise
9595 Fix TypeError in Portal Ticket Component when Markdown frontmatter labels is a string
9594 [Bug] SSG Renderer Crash and Empty Folders for Recently Moved Tickets
9593 Fix Deep Route Human Redirection for Paths Containing Periods (Version Numbers)
9592 Include Release Notes in SEO Sitemap Generation
9589 Implement OIDC/OAuth Authorization for KB and Memory MCP Servers (Restoration of #9558)
8166 Implement Cross-Window Drop Validation and Topology Rules
8165 Implement Configurable Theme Inheritance for Dragged Items
8163 Cross-Window Drag & Drop Refinement & Topology
8162 Fix Layout Corruption in Target Dashboard on Remote Drag Exit
8152 Combine DomAccess.addScript and loadScript into a unified API
9587 Update `updateNeoVersion.mjs` to preserve framework magic comments
9554 Enhancement: Add Data Pipeline Telemetry & Performance Metrics
9555 Feature: Implementation of Data-Worker Side Caching
9553 Feature: Implement Pipeline Interceptor System (Middleware)
9556 Exploration: Worker-Side Data Sanitization vs. Lazy Record Hydration
9366 Chrome Windows Color app
9559 Design and Implement Authorization for Neural Link MCP Server
9491 Grid Multi-Body: Overhaul Column Drag & Drop (SortZone) across Split Headers
9499 Grid Multi-Body: Test Suite Refactoring & Expansion
9498 Grid Multi-Body: Infinite Canvas Cross-Window Column Drag & Drop
9496 Grid Multi-Body: Adapt Keyboard Navigation for Split Bodies
9495 Grid Multi-Body: Implement Data-Driven Variable Row Height Architecture
9494 Grid Multi-Body: Implement Direct Main-Thread Scroll Sync via MessageChannel
9493 Grid Multi-Body: Enable Cross-Window SubGrid Detachment (Pop-out)
9409 CSS Animations for TreeGrid Expand/Collapse
9404 [Epic] Tree Grid & Hierarchical Data Support
9421 Refactor: Move grid column components into `src/grid/column/component/`
9397 R&D: Explore "Fixed Glass Overlay" Strategy for Optical Pinning
9380 [Epic] Resolve Grid Scroll Thrashing via E2E Benchmarking
9296 Create Docker Sandbox for Autonomous Agents
9299 Implement Agent Self-Discovery via Neural Link Introspection
9295 [Epic] Autonomous Neo Agent Demo (Moltbook Integration)
9298 Implement Moltbook Demo Agent using Chrome DevTools MCP
9297 Implement Programmatic Email Identity for Agents
9208 Investigate Playwright OffscreenCanvas Performance on Desktop
9209 Benchmark Grid Scroll-to-Update Latency
9185 Implement Telemetry Probe for Worker Saturation Monitoring
9160 test: Implement Computational Budget assertion in Grid Pooling tests
9159 regression: Component Columns trigger insertNode operations during scrolling
9075 refactor: Optimize Grid Selection Models Architecture
8925 Epic: Implement Specialized Agent Workflows (.agent/workflows/)
8922 Feat: Implement Neo.container.Spatial (Pan/Zoom Whiteboard)
8921 Feat: Implement Neo.ai.Chat (Reference UI)
8920 Feat: Implement Neo.component.markdown.VDom (VDOM-Native Parsing)
6984 Refactor - Store Composition with Collection
8892 Create Component Test for Grid Teleportation Artifacts
8891 Restore Buffered Grid Stability
8890 Fix VDOM Update Collision Logic for Sparse Trees (Teleportation)
8874 Investigate addVnodeComponentReferences Data Loss & TreeBuilder Symmetry
8873 Refactor: Standardize VNodeUtil and VDomUtil getChildIds to include components
8869 Fix: VDomUpdate merged updates do not support recursion
8867 feat: Implement incremental updates for Card Layouts
8861 Fix Worker Paths for Production and Bump Version
8755 Enhance LivePreview to Support Mermaid Diagrams
8621 Investigation: FocusManager Stability during Atomic Moves
8580 Fix Portal Tickets 404 in production by adjusting path resolution
8541 Feature: Canvas-based "Neural" TreeList Animation
8540 Implement Store-Driven VDOM Ticket Component (V2)
8539 Update Ticket Index Scripts for JSON Generation
8538 Configure MCP Server for Multi-Target Ticket Export (JSON/MD)
8537 GitHub Ticket Viewer V2: JSON-First Data Architecture
8020 Enhance container.SortZone for Complex Layouts (reopened from #7207)
7206 Initial Dashboard Drag & Drop
7205 Phase 4: Framework-Level Dashboard Abstraction
7203 Phase 2: Live In-Page Proxy
7202 Phase 1: Foundational Sorting
7201 Dashboard Drag & Drop
3789 cross reference: import maps for the worker scope
7266 Explore and Implement Test File Indexing in Knowledge Base
7047 Task: Create Example for Deeply Nested Components
5700 Guides => Custom Components needs more content
6932 Enhance StateProvider for Direct Record Property Binding
6921 Collections for Filters & Sorters in `Neo.collection.Base`
7091 Optimize `core.Observable#afterSetListeners` to perform a diff-based update
6992 Functional Components
6997 Implement Effect Memoization
6983 StateProvider Store SourceId Reference
6972 Enhance `createHierarchicalDataProxy` to Support Reactive Non-Leaf Nodes
6941 Implement Class-Aware Merging for Nested Configs via Dynamic `Neo.mergeConfig` Replacement
6858 grid.plugin.AnimateRows: updateView() => row ids
7224 Create Learning Guide: Using data.Store
6610 main.addon.OpenStreetMaps
6823 component.Base: vdom documentation
6116 component.Base: vdom => flag => ref
6781 Learning Content: TabContainers
6780 Learning Content: Grids
6779 Learning Content: Tables
6777 Learning Content: workspace vs repo fork
6468 component.Base: vdom => add a scroll attribute
6327 grid.Row: Create a PoC
6129 manager.Focus: tree walking
6600 apps/email: create a multi-window email client demo
6565 grid.plugin.AnimateRows: component based columns & cycling
6564 grid.plugin.AnimateRows: store listeners improvement
6563 grid.plugin.AnimateRows: add rows => check the store
6038 Portal.view.home.parts.MainNeo: github button states broken
6032 button.Base: editRoute config => change the default value to false
6033 examples/button/Base: opening the menu list does no longer allow using the arrow keys to navigate right away

v12.1.0

9586 Analysis: Robust Multi-Window LivePreview Routing & Base Path Resolution
9585 Bug: LivePreview popout windowUrl generates incorrectly in dist environments
9584 Bug: Data worker broadly bundles non-data framework classes (Main.mjs) causing Webpack build failure
9582 Bug: Webpack fails due to unanchored `webpackInclude` picking up Node modules
9581 Bug: Webpack fails to resolve Task, Canvas, and Data worker dynamic chunks due to strict magic comments
9583 Bug: Webpack matches absolute paths, invalidating the ^\.\/ magic comment anchor
9580 Bug: Webpack fails to resolve internal app.mjs chunks due to strict magic comment regex
9579 Fix ChromaDB defrag crash on ghost entries
9578 Portal: Add TreeGrid Big Data Example
9577 Draft Release Notes: Storytelling & Narrative Arc
9575 Draft Release Notes: Gather Visual Assets
9576 Draft Release Notes: MCP Infrastructure & Security
9569 Epic: Neo.mjs v12.1 Release Notes
9574 Draft Release Notes: Generate Full Changelog
9573 Draft Release Notes: Learning Guides & Minor Features
9572 Draft Release Notes: ScrollSync & Performance
9571 Draft Release Notes: Locked Columns & Value Banding
9570 Draft Release Notes: TreeGrid & Data Pipeline Architecture
9568 Fix code examples in DataPipelines.md guide
9567 Update AI_QUICK_START.md to include Antigravity configuration
9539 Add TreeStore override for updateKey()
9566 Enhance `agent` parameter formatting in GitHub Workflow MCP Server
9538 Enhance Collection.updateKey() to support filtered collections (allItems map)
9565 Regression: Store.load({url}) fails when Store has no initial URL config
9552 Docs: Create Learning Guide for the Unified Data Pipeline Architecture
9564 Finalize Data Pipeline Push Integration & UI Reactivity
9563 Modularize MCP Server Architecture and Extract Shared Services
9562 Implement Generic OIDC Discovery and Google OAuth Hands-on Guide
9561 Add Functional Tests for MCP Authorization and Refine Error Handling
9560 Create Comprehensive Guide for MCP Server Authorization
9558 Implement OIDC/OAuth Authorization for KB and Memory MCP Servers
9551 Examples: Implement unified Data Pipeline showcases
9550 Refactor(data): Implement Store-to-Pipeline Legacy Bridge
9502 Migrate existing Stores to the new Pipeline architecture
9549 Remove `console.log` statements causing noise in unit tests
9548 `calcValueBands` broken state initialization on `splice` (StoreValueBanding test failure)
9454 Implement Push-Based WebSocket Integration in Data Pipeline
9455 Integrate RPC API into Pipeline Architecture (Connection.Rpc)
9547 Fix RemoteMethodAccess for Main Thread Addons and Instance-to-Instance ID collision
9546 Refactor Pipeline IPC to use Declarative Remote Configs (Instance Proxies)
9453 Implement Pipeline IPC and Remote Execution Routing
9545 Fix Knowledge Base Tool Argument Routing (x-pass-as-object)
9544 Enhance RemoteMethodAccess to Support Instance-to-Instance Routing
9543 Store Pipeline Instantiation and Legacy Parser Compatibility
9452 Connection Foundation and Parser Refactoring
9456 Epic: Buffered Grid - High-Performance Locked Columns (`locked: 'start' | 'end'`)
9542 Update Code of Conduct to include AI Entities & Autonomous Agents
9541 Remove outdated and redundant .github/CONCEPT.md
9540 Update CONTRIBUTING.md to include AI Agents & Autonomous Entities
9196 Feature: Add Collection.updateKey() method
9534 Rename mcp-stdio.mjs to mcp-server.mjs
9533 Migrate MCP servers from SSEServerTransport to StreamableHTTPServerTransport
9532 Support SSE transport for knowledge-base and memory-core MCP servers
9531 Grid SortZone incorrectly intercepts column resize drag events, causing VDOM corruption and layout thrash
9530 Grid cells vanish during column resize after a drag-and-drop column reorder
9529 Add lightweight cell resizing method to grid.Body
9528 Real-time cell resizing during grid column drag:move
9527 Grid cells do not shrink on column resize drop due to minWidth constraint
9526 Add visual focus styling during grid column resizing
9525 Fix header resize proxy visibility and prevent unwanted absolute styles on drop
9524 Prevent column sort toggle when clicking/dragging resize handles
9523 Resolve drag&drop collision between grid column resorting and resizing
9522 Grid Column Resizing: Header Logic and Update on Drop
9521 Tree Grid: Optional Helper Lines for Tree Structures
9520 LivePreview: Propagate active theme to popout child window
9519 SharedWorker: Fix theme resolution for child windows
9518 Fix LivePreview incorrect popout URL for subsequent windows (SharedWorkers)
9517 Workers: Standardize and optimize dynamic imports
7918 Epic: Neo Command Center (Agent OS UI)
8022 Refactor AgentOS Viewport: Modularize Components
8025 Create Custom Theme: Neo Cyberpunk
9516 Portal HomeCanvas: Enhance spark contrast in dark theme
9515 [Epic Sub] Value Banding styling conflicts with row selection
9514 [Epic Sub] TreeStore Value Banding Support
9513 Optimize Grid Value Banding (startIndex Support)
9512 Dynamic Value Banding Updates
9511 [Epic] Grid Value Banding
9510 Tooltip regression: dynamic domListeners bypassed reactivity and bubbling fixes
9509 Docs: Align core engine guides to use "engine" terminology instead of "framework"
9508 Docs: Explain Main Thread Addons and Lazy Loading in Lifecycle guide
9507 Docs: Clarify Two-Tier Reactivity Architecture and core.Config role
9506 Improve inline code styling within h1 tags in Markdown component
9505 Portal: Missing scrollbar contrast in learning section markdown component
9504 List: Fix vertical scrollbar visibility and contrast
9451 Create Pipeline Cornerstone and Refactor Store Implementation
8019 Bug: isWindowDragging flag stuck after external drop
9503 TimelineCanvas regression: Canvas not showing due to SharedCanvas getCanvasId() mismatch with componentId
9500 Epic: The Core Engine Learning Guides & Workshop
9485 Grid: Horizontal Scroll Performance & Jitter for Locked Columns
9484 Grid: Add Unit Tests for Locked Columns Feature
9460 Grid: Column Drag & Drop Integration & State Transitions
9459 Grid: Implement Reactive locked Config and Cell Pooling Bypass
9458 Grid: Create Main Thread Addon for Column Pinning (CSS Variables)
9483 Grid: Implement Reactive locked Config and Run-Time Column Reordering
9457 Grid: Implement Mathematical Column Layout Engine
9356 Chrome Windows: Multi Window Drag & Drop
9359 Google Windows Covid 19 Helix
9365 Chrome Window Neo mjs home
9482 Firefox Nightly: Scroll wheel stuck on Portal home page due to scroll-snap-type mandatory
9481 Auto-detect `isTreeGrid` config based on the Store instance
9479 Firefox Nightly R&D: OffscreenCanvas Worker-to-Worker Transfer Failure
9478 Grid ScrollManager: Support dynamic windowId changes for Main Thread Addon registration
9363 Chrome Window Learn funktionale Komponenten
9364 Chrome Window Calendar Basic
7957 Epic: WebSocket RMA Infrastructure
7958 Epic: Telemetry & Observability
7959 Epic: Agent Security & Capabilities
9476 DevIndex: Add Contextual Rank Column to Grid
9475 Grid: Remove `#initialChunkSize` DOM pooling bypass & fix pool shrink bug
9474 Grid: Optimize row pooling for small datasets
9473 Add File Editing Tool Protocol to AGENTS.md
9472 Add Testing Protocol to AGENTS.md
9471 Add Anti-Corruption Protocol to AGENTS.md
9470 Fix Grid Drag Scrolling Regression
7914 Epic: Foundation for Ticket-Driven Agent Orchestration
7919 Epic: Decouple AI Tooling for Public Ecosystem
7922 Feat: 'Derailment' Intervention Interface
7923 Refactor: Extract Memory Core to @neomjs/ai-memory-server
7924 Refactor: Extract GitHub Workflow to @neomjs/ai-github-server
7925 Feat: Create VisualService (Sighted Agent SDK)
7926 Feat: Add Cross-Repo Capabilities to GitHub Workflow MCP
9461 Epic: TreeGrid Big Data Demo
9469 TreeStore: internalIdMap desyncs after bulk operations (expandAll), breaking selection
9468 Fix memory leak in TreeStore.#rebuildKeysAndCount()
9466 TreeGrid Big Data Demo: Create E2E Tests
9467 Fix TreeStore.collapse() failing after expandAll() due to out-of-sync Collection map
9465 TreeGrid Big Data Demo: Styling, Logging, and Final Integration
9464 TreeGrid Big Data Demo: Implement Controls and Grid Wiring
9463 TreeGrid Big Data Demo: Implement Organic Data Generation Algorithm
9462 TreeGrid Big Data Demo: Scaffold Base Directory and Files
9420 Migrate Data Pipeline to Connection -> Parser -> Normalizer flow
9450 Enhance Data Worker to Instantiate Dynamically Loaded Modules
9419 Implement Dynamic Module Loading in `Neo.worker.Data`
9418 Create Data Normalizer Architecture (`Neo.data.normalizer.Base` & `Tree`)
9412 TreeGrid Component Tests (UI & Interactions)
9448 TreeGrid Component pooling accumulates `is-leaf` class leading to visual bugs
9447 TreeGrid: Fix 7-click expand/collapse bug and redundant change events
9446 Fix ComboBox test failure due to internalId changes
9445 TreeGrid Documentation: Create high-level architectural guide for TreeStore
9444 Clean up redundant `Neo.isDestroyed` catch blocks
9443 Stabilize Playwright Unit Tests by Centralizing Global Mocks
9442 Fix Grid Pooling DOM thrashing and Collection internalId lookup
9440 AI Workflow: Integrate Anchor & Echo strategy into Pre-Flight Commit check
9439 TreeStore: Apply "Anchor & Echo" JSDoc strategy for AI discoverability
9438 TreeStore: Reduce GC pressure and redundant iterations
9437 TreeStore: Optimize #allRecordsMap iteration loops
9433 TreeStore: Implement bulk expandAll() and collapseAll() methods
9435 TreeStore: Fix visible projection for dynamic child additions to expanded parents
9434 TreeStore: Decouple clearFilters() from legacy allItems pattern
9432 TreeStore: Override clear() to prevent memory leaks and split-brain states
9431 TreeStore: Fix ARIA desync (siblingIndex and siblingCount) after sort and filter
9429 TreeStore: Implement ancestor-aware filtering for filter override
9428 TreeStore: Implement hierarchical sorting for doSort override
9430 TreeModel: Introduce childCount to decouple isLeaf state from emptiness
9411 TreeGrid Unit Tests (Data & Logic)
9427 Fix TreeStore projection mutations and Row VDOM recycling
9426 Refactor Tree column and component reactivity
9425 Refactor Tree cell component architecture for performance
9424 Optimize `cellPoolSize` calculation in `grid.Body` to prevent DOM waste
9410 TreeGrid Documentation & Examples
9423 TreeStore Full CRUD Support & Structural Mutations
9422 Update TreeStore to manage ARIA sibling fields on mutations
9408 Grid Core Integration & TreeGrid Accessibility
9407 Create `Neo.grid.column.Tree` & Cell Component
9417 Optimize `TreeStore` Hot Paths (Performance)
9416 Add Error State & Events for Async Tree Loading
9413 Create Async Subtree Loading for `Neo.data.TreeStore`
9415 Support "Turbo Mode" in `Neo.data.TreeStore`
9414 Refactor `Neo.data.Store` to unify Record Hydration
9406 Create `Neo.data.TreeStore`
9405 Create `Neo.data.TreeModel`
9403 Performance: Eliminate Path scrollTop Layout Thrashing in getTargetData
9402 Performance: Eliminate Main Thread Layout Thrashing in getTargetData
9401 Performance: Proxy Getter Hoisting in Grid Row & Array Slice Optimization
9400 Performance: O(1) Fast Paths for onScrollCapture getById Traversal
9398 Performance: Eliminate O(N²) App Worker VDOM Traversal (syncVnodeTree)
9396 E2E: Implement Synthetic Thumb Drag Profiles for Optical Pinning Validation
9395 E2E: Refine GridRowScrollPinning to Target Explicit Thumb Drags
9394 E2E: Validate GridRowScrollPinning against DevIndex Canvas Worker Latency
9393 E2E: Implement GridRowScrollPinning via CSS Variables
9392 E2E: Implement GridRowScrollPinning Automated Test and Sync Refinement
9391 E2E: Refactor GridRowScrollPinning to Hybrid rAF Engine
9390 E2E: Fix GridRowScrollPinning Registration and DOM Lookup Flaws
9389 E2E: Remove Legacy Scroll Prediction Heuristics from Grid ScrollManager
9387 E2E: Implement Main Thread Optical Pinning for Grid Scrolling
9388 E2E: Enhance VDOM Update Pipeline with Meta Payload Support
7834 [Test] Button click event not firing on mobile
9386 E2E: Add min velocity threshold to Grid Predictive Scrolling
9385 E2E: Expose Performance tracker metrics via Remote Methods
9383 E2E: Implement Predictive Delta Injection (Velocity & Acceleration)
9382 E2E: Implement Dynamic RTT Measurement for VDOM Updates
9384 Implement generic Neo.util.Performance tracker
9381 E2E: Create Deterministic Grid Thumb Drag Benchmark
9379 Mobile Scrollbar UX: Increase touch width to 40px and theme thumb colors
9378 Extract desktop grid scrollbar width into a CSS variable
9377 Define `--grid-scrollbar-touch-width` variable across all themes
9369 [Epic] Upgrade ScrollSync for Loop-Free Two-Way Binding (Mobile & Desktop)
9376 Add .neo-has-touch capability class and enhance Mobile Grid Scrollbar
9374 Mobile UX Enhancements for Grid VerticalScrollbar (SCSS)
9373 Enable Mobile Two-Way ScrollSync for Grid VerticalScrollbar
9372 Refactor GridDragScroll to use ScrollSync API
9375 Improve ScrollSync Lock Release Mechanism (rAF vs setTimeout)
9371 API for Programmatic Scrolling in ScrollSync
9370 Upgrade ScrollSync Locking Mechanism
9361 Chrome Windows Johannes DevIndex
9362 Chrome Windows DevIndex
9360 scroll to bottom bug on main page
9368 Enhance Helix to rotate to initial selection on mount
9367 Fix Helix & Gallery selection models keynav and record resolution
9357 Chrome Windows Covid App
9358 Google Windows Covid 19 Helix
7847 Enhance WindowPosition Addon with Adaptive Tracking
9349 build: Fix dirent.path resolution and OS-agnostic pathing in esmodules.mjs
7756 Enhance `create_comment` tool to enforce reading related tickets

v12.0.0
v11.24.0
v11.23.1
v11.23.0
v11.22.0
v11.21.0
v11.20.0
v11.19.1
v11.19.0
v11.18.0
v11.17.1
v11.17.0
v11.16.0
v11.15.0
v11.14.0
v11.13.0
v11.12.0
v11.11.0
v11.10.0
v11.9.0
v11.8.0
v11.7.0
v11.6.1
v11.6.0
v11.5.0
v11.4.0
v11.3.0
v11.2.0
v11.1.0
v11.0.1
v11.0.0
v10.9.0
v10.8.0
v10.7.0
v10.6.0
v10.5.4
v10.5.3
v10.5.2
v10.5.1
v10.5.0
v10.4.1
v10.4.0
v10.3.5
v10.3.4
v10.3.3
v10.3.2
v10.3.1
v10.3.0
v10.2.1
v10.2.0
v10.1.1
v10.1.0
v10.0.2
v10.0.1
v10.0.0
v10.0.0-beta.6
v10.0.0-beta.5
v10.0.0-beta.4
v10.0.0-beta.3
v10.0.0-beta.2
v10.0.0-beta.1
v10.0.0-alpha.5
v10.0.0-alpha.4
v10.0.0-alpha.3
v10.0.0-alpha.2
v10.0.0-alpha.1
v9.16.0
v9.15.0
v9.14.0
v9.13.1
v9.13.0
v9.12.0
v9.11.1
v9.11.0
v9.10.5
v9.10.4
v9.10.2
v9.10.1
v9.10.0
v9.9.0
v9.8.0
v9.7.1
v9.7.0
v9.6.1
v9.6.0
v9.5.0
v9.3.0
v9.2.0
v9.1.0
v9.0.2
v9.0.1
v9.0.0
v8.43.1
v8.43.0
v8.42.0
v8.41.2
v8.41.1
v8.41.0
v8.40.0
v8.39.1
v8.39.0
v8.38.0
v8.37.0
v8.36.0
v8.35.1
v8.35.0
v8.34.0
v8.33.0
v8.32.0
v8.31.1
v8.31.0
v8.30.0
v8.29.0
v8.28.1
v8.28.0
v8.27.1
v8.27.0
v8.26.1
v8.26.0
v8.25.0
v8.24.0
v8.23.0
v8.22.0
v8.21.2
v8.21.1
v8.21.0
v8.20.2
v8.20.1
v8.20.0
v8.19.1
v8.19.0
v8.18.1
v8.18.0
v8.17.1
v8.17.0
v8.16.0
v8.15.0
v8.14.3
v8.14.2
v8.14.1
v8.14.0
v8.13.0
v8.12.0
v8.11.0
v8.10.1
v8.10.0
v8.9.1
v8.9.0
v8.8.0
v8.7.1
v8.7.0
v8.6.2
v8.6.1
v8.6.0
v8.5.0
v8.4.2
v8.4.1
v8.4.0
v8.3.0
v8.2.0
v8.1.3
v8.1.2
v8.1.1
v8.1.0

Frontmatter

id	9743
title	Enforce path traversal boundaries for autonomous filesystem reads (DreamService)
state	Closed
labels	enhancementai
assignees	tobiu
createdAt	Apr 6, 2026, 9:07 PM
updatedAt	Apr 6, 2026, 9:08 PM
githubUrl	https://github.com/neomjs/neo/issues/9743
author	tobiu
commentsCount	1
parentIssue	null
subIssues	[]
subIssuesCompleted	0
subIssuesTotal	0
blockedBy	[]
blocking	[]
closedAt	Apr 6, 2026, 9:08 PM

Enforce path traversal boundaries for autonomous filesystem reads (DreamService)

Name: Neo.mjs Application Engine
Author: Neo.mjs

Closedenhancementai

tobiu commented on Apr 6, 2026, 9:07 PM

Description

The ReAct loop in DreamService natively loads raw files based on autonomous agent payloads via fs.readFileSync. To prevent capabilities from triggering unintended out-of-bounds reads (path traversal attacks like ../../../etc/passwd via hallucination), we must enforce a strict resolution boundary.

Implementation Overview

Apply path.relative against the designated neoRootDir and the payload's targetPath.
Intercept and reject any path that attempts to resolve outside the directory scope.
Return a "Security Error" to the model loop for self-correction instead of failing silently.

tobiu added the enhancement label on Apr 6, 2026, 9:07 PM

tobiu added the ai label on Apr 6, 2026, 9:07 PM

tobiu referenced in commit a2694ce - "feat: Enforce path traversal boundaries for autonomous filesystem reads (#9743)" on Apr 6, 2026, 9:08 PM

tobiu assigned to @tobiu on Apr 6, 2026, 9:08 PM

tobiu Apr 6, 2026, 9:08 PM

Successfully added strict path traversal checks using path.relative to enforce boundary limits during autonomous filesystem reads. Verified and pushed to dev.

tobiu closed this issue on Apr 6, 2026, 9:08 PM