Skip to content

Bump org.atmosphere:atmosphere-runtime from 3.1.0 to 4.0.55#3247

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/maven/org.atmosphere-atmosphere-runtime-4.0.55
Closed

Bump org.atmosphere:atmosphere-runtime from 3.1.0 to 4.0.55#3247
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/maven/org.atmosphere-atmosphere-runtime-4.0.55

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 23, 2026

Copy link
Copy Markdown
Contributor

Bumps org.atmosphere:atmosphere-runtime from 3.1.0 to 4.0.55.

Release notes

Sourced from org.atmosphere:atmosphere-runtime's releases.

Atmosphere 4.0.55

Added

  • Static verifier over MCP. The plan-and-verify ("Guardians") stack is reachable as read-only MCP tools when atmosphere-verifier is on the classpath: atmosphere_verifier_summary, atmosphere_verifier_examples, and atmosphere_verifier_check. The check tool plans a goal and runs every verifier over the resulting plan without executing it (status verified/refused with the per-verifier violations); the mutating verify-then-execute path stays behind the admin write gate.

Fixed

  • wasync: a user close() is no longer resurrected by a late OPEN event — a close requested before the transport finished opening is now honored when the OPEN arrives, instead of reviving the connection.
  • Documentation accuracy sweep — corrected the Z3 binding version (4.14.0) and SmtChecker priority (200); aligned ADK / Semantic Kernel / Alibaba versions, crewai test counts, and the ms-governance policy name; fixed the embedded-jetty client type, the admin-bundle default authorizer, and runtime-truth claims in the embabel / agentscope / coding-agent docs; corrected third-party dependency versions and citations.

Changed

  • CI doc-drift gates — fact/enumeration checks, link-rot detection, and sibling-site (atmosphere.github.io) verification, plus an atmosphere-skills link-checker allowlist.

Atmosphere 4.0.54

Added

  • Rich human-in-the-loop approval payloads. A reviewer can now resolve a tool approval with more than approve/deny: approve-with-edited-arguments (the tool runs with the reviewer's arguments) or respond (the reviewer answers on the tool's behalf — structured JSON or free-form text — and the tool does not run). Wire protocol: /__approval/<id>/approve {"arguments":{…}} and /__approval/<id>/respond {…}. Fail-safe: a malformed edited-args payload denies. Session-scoped in-memory (not crash-durable). The legacy boolean resolution path is unchanged.
  • Eval flywheel. JournalDatasetPromoter turns a recorded CoordinationJournal interaction into an EvalCase dataset row (trace→dataset), and SampledLiveScorer grades a configurable fraction of live turns into EvalRun verdicts (online scoring). Both are wired into EvalController with admin REST routes (/api/admin/evals/dataset, /dataset/promote, /score).
  • OAuth on-behalf-of credential vault. OAuthOnBehalfOfCredentialStore is a concrete CredentialStore that performs an RFC 8693 token exchange — swapping a user's stored subject token for a short-lived access token scoped to a downstream

... (truncated)

Changelog

Sourced from org.atmosphere:atmosphere-runtime's changelog.

[4.0.55] - 2026-06-17

Added

  • Static verifier over MCP. The plan-and-verify ("Guardians") stack is reachable as read-only MCP tools when atmosphere-verifier is on the classpath: atmosphere_verifier_summary, atmosphere_verifier_examples, and atmosphere_verifier_check. The check tool plans a goal and runs every verifier over the resulting plan without executing it (status verified/refused with the per-verifier violations); the mutating verify-then-execute path stays behind the admin write gate.

Fixed

  • wasync: a user close() is no longer resurrected by a late OPEN event — a close requested before the transport finished opening is now honored when the OPEN arrives, instead of reviving the connection.
  • Documentation accuracy sweep — corrected the Z3 binding version (4.14.0) and SmtChecker priority (200); aligned ADK / Semantic Kernel / Alibaba versions, crewai test counts, and the ms-governance policy name; fixed the embedded-jetty client type, the admin-bundle default authorizer, and runtime-truth claims in the embabel / agentscope / coding-agent docs; corrected third-party dependency versions and citations.

Changed

  • CI doc-drift gates — fact/enumeration checks, link-rot detection, and sibling-site (atmosphere.github.io) verification, plus an atmosphere-skills link-checker allowlist.

[4.0.54] - 2026-06-13

Added

  • Rich human-in-the-loop approval payloads. A reviewer can now resolve a tool approval with more than approve/deny: approve-with-edited-arguments (the tool runs with the reviewer's arguments) or respond (the reviewer answers on the tool's behalf — structured JSON or free-form text — and the tool does not run). Wire protocol: /__approval/<id>/approve {"arguments":{…}} and /__approval/<id>/respond {…}. Fail-safe: a malformed edited-args payload denies. Session-scoped in-memory (not crash-durable). The legacy boolean resolution path is unchanged.
  • Eval flywheel. JournalDatasetPromoter turns a recorded CoordinationJournal interaction into an EvalCase dataset row (trace→dataset), and SampledLiveScorer grades a configurable fraction of live turns into EvalRun verdicts (online scoring). Both are wired into EvalController with admin REST routes (/api/admin/evals/dataset, /dataset/promote, /score).
  • OAuth on-behalf-of credential vault. OAuthOnBehalfOfCredentialStore is a concrete CredentialStore that performs an RFC 8693 token exchange — swapping a user's stored subject token for a short-lived access token scoped to a downstream

... (truncated)

Commits
  • 0dcd38b release: Atmosphere 4.0.55
  • 516b53a docs(changelog): record 4.0.55 entries (verifier-over-MCP, wasync close, doc ...
  • 7f57b8a feat(admin): expose static verifier over MCP as read-only tools
  • 535027c fix(docs): close residual doc drift from agent verification + fix auditor fal...
  • 9b55809 fix(docs): sweep stale ADK/SK/alibaba versions, crewai test counts, ms-govern...
  • 94134d8 fix(docs): align alibaba caps, crewai overlay, ms-governance policy, admin fl...
  • 6ebd370 fix(docs): correct embedded-jetty client type and admin-bundle default author...
  • 8cf8e47 fix(docs): correct stale runtime-truth claims in embabel, agentscope, coding-...
  • cad473e fix(docs): correct stale capability, count, and version claims (doc-drift audit)
  • bb3c9f0 fix(docs): correct third-party dep versions and stale citations (doc-drift au...
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [org.atmosphere:atmosphere-runtime](https://github.com/Atmosphere/atmosphere) from 3.1.0 to 4.0.55.
- [Release notes](https://github.com/Atmosphere/atmosphere/releases)
- [Changelog](https://github.com/Atmosphere/atmosphere/blob/main/CHANGELOG.md)
- [Commits](Atmosphere/atmosphere@atmosphere-project-3.1.0...atmosphere-4.0.55)

---
updated-dependencies:
- dependency-name: org.atmosphere:atmosphere-runtime
  dependency-version: 4.0.55
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Jun 23, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor Author

Superseded by #3260.

@dependabot dependabot Bot closed this Jun 29, 2026
@dependabot dependabot Bot deleted the dependabot/maven/org.atmosphere-atmosphere-runtime-4.0.55 branch June 29, 2026 02:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file java Pull requests that update Java code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants