macOS AI Agent State Memory: Why macos-use Hands The LLM A File Path, Not The AX Tree

No. It is orthogonal to LangGraph, Mem0, LangMem, and vector-DB memory. Those store the agent's reasoning: message history, the AgentState dict, tool-call traces, long-term facts. macos-use stores the agent's view of the screen. After every click, type, press, scroll, open, or refresh, the MCP server writes the current accessibility tree (or a diff of it) to /tmp/macos-use/<ms_timestamp>_<tool>.txt as line-per-element flat text, captures a PNG of the target window at the same timestamp, and returns a ~15-line summary plus both file paths to the model. The LLM's short-term memory of 'what is on screen right now' is therefore a file path, not a tokenized tree. The LLM's long-term memory of 'what the screen looked like earlier' is `ls /tmp/macos-use/ | grep -i slack | tail -5`. This is the memory layer; LangGraph is a layer above it.

It is baked into the MCP handshake itself. main.swift:1411-1437 constructs `Server(name: "SwiftMacOSServerDirect", version: "1.6.0", instructions: ...)` and the instructions literal contains the sentence `Use Grep/Read on the file to find specific elements.` That string is sent to every MCP client during the initialize request and becomes part of the model's system context for this server. You do not need to tell the LLM how to recall UI state; the server tells it on connect. Most MCP servers either omit the instructions field or use it for ad-hoc tips. macos-use uses it to define the agent's memory-recall strategy.

formatElementLine at main.swift:972-989 emits one AX element as one line: `[AXButton (button)] "Send" x:820 y:612 w:60 h:28 visible`. Role in brackets, truncated text in quotes, integer coordinates prefixed by x:, y:, w:, h:, then `visible` when the element is inside the window viewport. buildFlatTextResponse at main.swift:992-1048 concatenates those lines and prepends headers like `# Slack — 471 elements (0.42s)` and `# diff: +2 added, -1 removed, ~3 modified`. The shape is a deliberate grep target. `grep -n 'AXButton' <file>.txt` returns every button with its coordinates. `grep '^+' <file>.txt` returns only the added elements from the last action. The agent never reads the whole file into its context; it greps for the subsection it needs.

Small enough to fit a dozen of them in a single context window. The MCP response text contains: one status line, the PID, the app name, the full file path, the screenshot path, a visible_elements sample (up to 20 interactive plus 10 static-text lines on full traversals, up to 30 on diffs), and a one-line diff summary when applicable. Compare that against a full traversal, which for a busy app like Slack or Gmail can easily be 40 to 80 KB of text, sometimes more. The delta matters because the LLM's attention is a scarce resource. Keeping the on-wire summary short lets the model stay on the task it is actually doing and pull specific elements on demand via a second tool call (Read or Grep on the file path the summary already named).

They map to added, removed, and modified AX elements since the last traversal. buildFlatTextResponse at main.swift:1012-1027 writes them exactly once per element. `+ [AXStaticText] "Sending…"` means the element appeared after the action. `- [AXButton] "Send"` means it disappeared. `~ [AXTextField] | AXValue: 'Hey are you free Friday' -> ''` means the value transitioned from the old string to the new one, with the attribute name and both values inline. The agent recalls 'what changed' by running `grep '^[+-~]' <latest>.txt`. It never has to reason from two full trees subtracted in-context.

It persists for the life of /tmp/macos-use/, which macOS clears on reboot and sometimes earlier. Each file is named <millisecond_timestamp>_<tool_name>.txt so the directory is an append-only chronological log of every tool call the agent made, sorted lexically by name. Equivalent to a flat-file commit log. A thousand tool calls produces a thousand .txt + .png pairs, timestamped to the millisecond. The agent can walk back in time with `ls /tmp/macos-use/ | tail -N`. For durable memory across reboots, pair it with a checkpointer on top (LangGraph, Postgres, whatever) that records file paths alongside conversation state — the filesystem holds the snapshot, the checkpointer holds the pointer.

Because the accessibility tree lies sometimes. An agent reading only the .txt can be fooled by a stale label, a misidentified role, or a sheet whose AXSheet ancestor was not walked. The .png is captured at the same millisecond timestamp from the same window (with a red crosshair drawn at the click point when relevant) so the agent can visually confirm the state. The convention is reinforced in the server instructions at main.swift:1417-1420: `IMPORTANT: Use the Read tool on this .png file to visually verify the screen state — the accessibility tree alone can be misleading`. Two views, same moment, same filename stem. The agent's memory of the screen is text + image, not text alone.

Naive approach: every turn, the agent receives the full AX tree as a tool result, fills its context with thousands of AX lines, pays the token cost, and usually re-reads elements it has already seen. macos-use approach: every turn, the agent receives a summary + path. It pulls specific elements with Grep when it needs them and leaves the rest on disk. If the user says 'click the second send button' the agent runs `grep -n 'Send' <file>.txt | head -5`, picks the row with the matching coordinates, and passes them to click_and_traverse. The tree stays on disk. The model's working memory holds only the decision, not the input to the decision.

Yes. Build the binary with `xcrun --toolchain com.apple.dt.toolchain.XcodeDefault swift build`, run it with an MCP-capable client like Claude Desktop, and open a Terminal window tailing `ls -lt /tmp/macos-use/ | head`. Trigger any tool call and watch the .txt + .png pair appear within milliseconds. Run `head -1 <file>.txt` for the tree header (app name, element count, processing time), `grep '^# diff' <file>.txt` for the diff summary, and `grep -E '\[AX(Button|TextField|Link)\]' <file>.txt` for interactive elements. This is the same path the agent's own Grep tool follows; you are just running it by hand.

Only if it decides to, and only for tiny apps. The server never inlines the full tree in the tool response. If the agent chooses to Read the file, that is a deliberate tool call with its own cost. In practice Claude and similar agents default to Grep first (`grep -n 'keyword' <file>.txt`) and only Read as a fallback, which the server instructions reinforce. For common interactive apps (Slack, Gmail, Notion, Xcode) the full .txt is larger than most models would prefer to hold in scratchpad memory, so grep-first is the sustainable pattern.

The opposite: because memory is external and addressable by timestamp, the agent can always re-derive state by rereading the latest file. There is no drift between the agent's internal model and the true state of the machine, because the agent's model is the file, plus what the last tool call added to its summary. If the agent's context gets compressed or evicted, the screen memory does not evaporate — it is still on disk at the same paths. The loop can resume from any tool-call boundary by pointing at the newest file in /tmp/macos-use/.

Stack them. LangGraph checkpoints the graph state (which node is next, what messages have been exchanged) into SQLite or Postgres. Mem0 or LangMem store long-term semantic memory (facts about the user, preferences, summaries). macos-use stores the per-action OS state. A full deployment looks like: Postgres holds conversation history, Mem0 holds learned facts about the user, /tmp/macos-use/ holds the physical screen snapshots. Each layer solves a different problem and does not contend for the same bytes. The macos-use layer is the one nobody else is solving because nobody else is driving the macOS UI at the AX level.