v0.8.0: always-on — systemd/launchd/Windows templates + /healthz

[dfrostar]

Summary

v0.8 "Always-On" — first beat. Ships the four service templates + the /healthz endpoint + the cross-platform walkthrough. Marketing rollout (LinkedIn, NotebookLM, screencast, cross-doc callouts) deferred per "ship code + minimum docs" scope.

The user-facing claim: neuralmind watch and neuralmind serve now survive reboots and crashes on Linux (systemd), macOS (launchd), and Windows (Task Scheduler). The synapse store accumulates 24/7; the graph view canvas is always at http://127.0.0.1:8765/.

Changes

File	What
neuralmind/server.py	/healthz route registered before the session-token gate so Docker HEALTHCHECK and systemd ExecStartPost can probe without auth. Returns 200 + {"status": "ok", "version": __version__}.
tests/test_server.py	3 new tests — status+version shape, no-auth, no-Set-Cookie.
scripts/systemd/neuralmind-{watch,serve}.service	User-scope units. Restart-on-failure, SIGTERM-clean shutdown, basic hardening. The serve unit's ExecStartPost polls /healthz for up to 5s.
scripts/launchd/com.neuralmind.{watch,serve}.plist	macOS user agents. RunAtLoad + KeepAlive + ThrottleInterval.
docs/use-cases/always-on.md	New page — per-platform install/verify/uninstall/troubleshooting + Docker HEALTHCHECK snippet.
docs/wiki/Scheduling-Guide.md	New "Always-on" section above the existing recurring-audit instructions — two PowerShell Register-ScheduledTask blocks + the /healthz verification snippet.
RELEASE_NOTES_v0.8.0.md	Minimal release notes. Marketing arc explicitly deferred.

Deferred

• Aider integration block in README. Investigated 2026-05-17: current Aider stable has no MCP-client support. Will add when upstream lands it.
• Cross-doc marketing rollout. README hero callout, wiki Home "What's New" entry, GitHub Pages, LinkedIn drafts, NotebookLM pack, screencast script — all deferred so this release ships code + minimum docs.

Test plan

• python -m pytest tests/ — 391 passed (3 new), 4 environmental skips
• ruff check clean on changed files
• black --check clean on changed files
• Maintainer to verify: systemctl --user enable --now neuralmind-{watch,serve} works on a real Linux machine
• Maintainer to verify: launchctl load -w works on a real macOS machine (if you have one)
• Maintainer to verify: the Windows Register-ScheduledTask blocks land cleanly on a Windows host

Order vs the rename PR (#124)

This PR doesn't depend on #124 merging first. It branched off the same main as #124 and only touches code + new scripts/docs. Merge either order. When #124 lands, this branch can rebase to pick up the v0.7.0 naming in shared docs (LinkedIn drafts, etc.), but nothing here breaks.

Versioning

Two feat(...) commits (the /healthz + templates landing). Per the project's 0.x feat = minor rule (PR #114), this should propose a clean v0.8.0 from release-please once it merges.

Issues

Closes part of #119 — the code + minimum docs. Full close once the marketing pass lands as a v0.8.1 or rolled into v0.8.x.

https://claude.ai/code/session_01SH6iHNAqeMJHXdq7ubVcuJ

---

Generated by Claude Code

[github-actions]

NeuralMind self-benchmark

Status: PASS — floor 4×, measured 5.9×.

Phase 1 — Reduction on committed fixture

• Average reduction: 5.9×
• Top-k retrieval hit rate: 71.7%
• Naive baseline: 47,360 tokens (all fixture files concatenated)
• NeuralMind total: 8,149 tokens across 10 queries
• Estimated monthly savings @ 100 queries/day on Claude 3.5 Sonnet: ~$35.30

#	Query	Shape	Naive	NeuralMind	Ratio	Hit
1	auth-flow	cross-file	4,736	815	5.8×	33.3%
2	api-endpoints	focused	4,736	809	5.9×	100.0%
3	billing-flow	cross-file	4,736	846	5.6×	33.3%
4	user-storage	cross-file	4,736	672	7.0×	50.0%
5	jwt-verify	focused	4,736	681	7.0×	100.0%
6	stripe-webhook	focused	4,736	838	5.7×	100.0%
7	create-user	cross-file	4,736	794	6.0×	50.0%
8	refund	focused	4,736	827	5.7×	100.0%
9	db-choice	identity	4,736	899	5.3×	100.0%
10	invoice-send	cross-file	4,736	968	4.9×	50.0%

Phase 2 — Learning uplift

• Memory events logged: 20
• Learned patterns: 20
• Reduction ratio after neuralmind learn: 5.9× (Δ +0.00× vs. cold)
• Top-k hit rate after learning: 71.7% (Δ +0.0 points vs. cold)

Note: uplift numbers on a 500-line fixture are intentionally modest — the point is to
verify the learning mechanism persists and applies. On real production repos the lift
is larger; this test only catches regressions in persistence.

Assumptions

• Baseline: every .py file in tests/fixtures/sample_project/ concatenated.
• Tokenizer: tiktoken GPT-4o encoding (per-model breakdown in multi_model.json if generated).
• Pricing: Claude 3.5 Sonnet input @ $3.0/MTok.
• Regression floor: 4× — well below NeuralMind's typical 40–70× on real repos.

Per-model token reduction

Model	Tokenizer	Naive	NeuralMind	Ratio	Source
GPT-4o / GPT-4o-mini	tiktoken o200k_base	4,739	927	5.1×	measured
GPT-4 / GPT-3.5-turbo	tiktoken cl100k_base	4,710	918	5.1×	measured
Claude 3.5 Sonnet	estimated: GPT-4o × 1.08 — install anthropic for an exact count	5,118	1,001	5.1×	estimated
Llama 3 (70B)	estimated: GPT-4o × 1.22 — Llama tokenizer requires model weights; estimate based on published vocab ratios	5,781	1,130	5.1×	estimated

Rows marked measured use the provider's real tokenizer. Rows marked
estimated apply a published vocab-size correction to the GPT-4o count —
honest approximations, not hardcoded claims.

---

Automated by .github/workflows/ci-benchmark.yml — regenerate locally with python -m tests.benchmark.run.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 3f22efecff

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Use a valid ProtectHome value in systemd templates

ProtectHome=read-write is not a valid systemd value, so the hardening line is ignored; systemd-analyze verify scripts/systemd/neuralmind-watch.service (and the same check on neuralmind-serve.service) reports Failed to parse protect home value, ignoring: read-write. This leaves the unit with ProtectSystem=strict but without the intended home-directory override, which can break always-on operation when the service needs to write under the project directory (the default WorkingDirectory is in %h).

Useful? React with 👍 / 👎.

[Copilot]

Pull request overview

Adds the v0.8 always-on foundation for running NeuralMind’s watcher and graph-view server as background services, plus an unauthenticated /healthz endpoint for readiness/monitoring probes.

Changes:

• Adds /healthz to neuralmind serve and tests its response/auth behavior.
• Adds systemd and launchd service templates for watch and serve.
• Adds always-on user docs, Windows Task Scheduler examples, and v0.8.0 release notes.

Reviewed changes

Copilot reviewed 9 out of 9 changed files in this pull request and generated 16 comments.

Show a summary per file

File	Description
neuralmind/server.py	Registers unauthenticated /healthz before auth gating.
tests/test_server.py	Adds server tests for /healthz.
scripts/systemd/neuralmind-watch.service	Adds Linux user service template for neuralmind watch.
scripts/systemd/neuralmind-serve.service	Adds Linux user service template for neuralmind serve.
scripts/launchd/com.neuralmind.watch.plist	Adds macOS launchd template for watch.
scripts/launchd/com.neuralmind.serve.plist	Adds macOS launchd template for serve.
docs/use-cases/always-on.md	Adds cross-platform always-on walkthrough.
docs/wiki/Scheduling-Guide.md	Adds Windows Task Scheduler always-on examples.
RELEASE_NOTES_v0.8.0.md	Adds v0.8.0 release notes.

Comments suppressed due to low confidence (13)

scripts/systemd/neuralmind-watch.service:45

• ProtectHome=read-write is not a supported ProtectHome value on systemd; the directive will be rejected or ignored, so this template may not load with the intended hardening. Use a supported value and explicitly allow the project write path if needed.

# here so $HOME stays writable; the explicit ReadWritePaths is what

scripts/systemd/neuralmind-serve.service:45

• ProtectHome=read-write is not a supported ProtectHome value on systemd; the directive will be rejected or ignored, so this template may not load with the intended hardening. Use a supported value and explicitly allow the project write path if needed.

PrivateTmp=true

scripts/systemd/neuralmind-serve.service:34

• This service starts neuralmind serve without --no-browser, and the CLI opens a browser by default. As a daemon this can spawn a browser or xdg-open attempt on every boot/restart instead of running quietly in the background.

ExecStart=/usr/local/bin/neuralmind serve . --port 8765

scripts/launchd/com.neuralmind.serve.plist:40

• The launchd service runs neuralmind serve without --no-browser, but the CLI opens a browser by default. A user agent will therefore try to launch a browser on every login/restart instead of running quietly as a background service.

    <string>serve</string>
    <string>.</string>
    <string>--port</string>
    <string>8765</string>

docs/wiki/Scheduling-Guide.md:109

• Windows scheduled tasks have a default execution time limit (commonly 72 hours). Because this graph-view task is meant to run continuously, the settings should disable the time limit; otherwise serve can be stopped after a few days despite being described as always-on.

  -Settings (New-ScheduledTaskSettingsSet -StartWhenAvailable `
    -RestartCount 3 -RestartInterval (New-TimeSpan -Minutes 1))

docs/use-cases/always-on.md:138

• Windows scheduled tasks have a default execution time limit (commonly 72 hours). Because this graph-view task is meant to run continuously, the settings should disable the time limit; otherwise serve can be stopped after a few days despite being described as always-on.

  -Settings (New-ScheduledTaskSettingsSet -StartWhenAvailable `
    -RestartCount 3 -RestartInterval (New-TimeSpan -Minutes 1))

docs/use-cases/always-on.md:154

• The repo-root runtime image is based on python:*-slim and does not install curl, so this HEALTHCHECK will fail in the image the paragraph tells users to use unless they also add curl. Use a stdlib Python probe or document the extra package installation.

HEALTHCHECK --interval=30s --timeout=3s --start-period=10s --retries=3 \
  CMD curl -fsS http://127.0.0.1:8765/healthz || exit 1

scripts/systemd/neuralmind-watch.service:24

• The instructions suggest using this as an instanced @.service, but the unit does not use %i/%I or an environment file in WorkingDirectory or ExecStart. Multiple instances would still point at the same placeholder project unless each copied unit is edited separately.

# This is a TEMPLATE — change WorkingDirectory and ExecStart to point
# at your project. Multiple projects? Copy the file with a suffix:
#   cp neuralmind-watch.service ~/.config/systemd/user/neuralmind-watch@.service
# and use the @<project> instance form.

scripts/systemd/neuralmind-serve.service:35

• neuralmind serve builds the index before it starts listening, so this 5-second ExecStartPost can fail and restart the unit on first run or larger projects even though the server is healthy once the build completes. The readiness probe needs a much longer startup window or should be removed from the template.

ExecStartPost=/bin/sh -c 'for i in $(seq 1 20); do curl -fsS http://127.0.0.1:8765/healthz >/dev/null && exit 0; sleep 0.25; done; exit 1'

scripts/systemd/neuralmind-serve.service:38

• neuralmind serve only handles KeyboardInterrupt; it does not install the SIGTERM handler that watch uses. With this systemd stop signal, the process can terminate without running the server cleanup path for the watcher/event-log bridge, so the template's “clean shutdown” expectation is not actually met.

KillSignal=SIGTERM

RELEASE_NOTES_v0.8.0.md:119

• These macOS verification steps also assume a repository checkout. A user who just upgraded the package will not have scripts/launchd/ installed from the wheel, so the instructions need a download path or an explicit checkout prerequisite.

# macOS: install + verify launchd plists
cp scripts/launchd/com.neuralmind.{watch,serve}.plist ~/Library/LaunchAgents/
# edit WorkingDirectory + log paths, then:

docs/use-cases/always-on.md:29

• These commands only work from a source checkout. Since the package wheel does not install top-level scripts/, PyPI/pipx users following the walkthrough need an explicit raw GitHub download command or a note to clone the repository first.

```bash
# 1. Copy the templates
mkdir -p ~/.config/systemd/user
cp scripts/systemd/neuralmind-watch.service ~/.config/systemd/user/
cp scripts/systemd/neuralmind-serve.service ~/.config/systemd/user/

docs/use-cases/always-on.md:76

• These copy commands only work from a source checkout. Since the package wheel does not install top-level scripts/, PyPI/pipx users following the walkthrough need an explicit raw GitHub download command or a note to clone the repository first.

```bash
# 1. Copy the templates
cp scripts/launchd/com.neuralmind.watch.plist ~/Library/LaunchAgents/
cp scripts/launchd/com.neuralmind.serve.plist ~/Library/LaunchAgents/

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.