dependabot[bot] opened a new pull request, #3070: URL: https://github.com/apache/cxf/pull/3070
Bumps [org.atmosphere:atmosphere-runtime](https://github.com/Atmosphere/atmosphere) from 3.1.0 to 4.0.40. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/Atmosphere/atmosphere/releases";>org.atmosphere:atmosphere-runtime's releases</a>.</em></p> <blockquote> <h2>Atmosphere 4.0.40</h2> <h2>✨ Added</h2> <ul> <li><strong>policy plane, multi-agent governance, sample retrofit</strong></li> <li><strong>render tokens / elapsed / tok/s footer on stream complete</strong></li> <li><strong>approve/deny widget for <a href="https://github.com/RequiresApproval";><code>@RequiresApproval</code></a> tools</strong></li> <li><strong>route demo mode through the pipeline via DemoAgentRuntime</strong></li> </ul> <h2>🐛 Fixed</h2> <ul> <li>isolate coordinator types from CommitmentRecordView AOT walk</li> <li>native-image AOT + CLI E2E SNAPSHOT compat</li> <li>survive recycled async request during streaming disconnect</li> <li>ship classic chat SPA at / (was hanging silently)</li> <li>emit tool-start/tool-result at shared execution seam</li> <li>parse nested LLM error envelopes into a compact error card</li> <li>ship atmosphere-admin transitively for /atmosphere/admin/</li> <li>accept both type and kind as Part discriminator on parse</li> <li>redirect / to /atmosphere/console/ when no root UI ships</li> <li>rewrite URL so SK 1.4.0 works against non-OpenAI endpoints</li> <li>correct README endpoint + broadcaster path</li> <li>disable auth by default in sample, document toggle</li> <li>always set ToolCallBehavior to avoid SK 1.4.0 NPE</li> <li>gate prompt_cache_key by provider hostname for Gemini compat</li> <li>return 404 for unmapped /atmosphere/* paths instead of 500</li> </ul> <h2>🔧 Changed</h2> <ul> <li>correct AgentWorkspace adapter list — drop fabricated SWE-bench</li> <li>drop (v0.5) suffix from Foundation E2E workflow name</li> <li>add .mvn/** + workflow_dispatch to all maven-build workflows</li> <li>use modern <!-- raw HTML omitted --> attribute in remaining logback configs</li> <li>document LLM provider choices + Gemini free-tier cap</li> <li>bind ResourceFactory to server + fix logback config</li> <li>re-enable auth in spring-boot-ai-chat fixture for auth specs</li> <li>bump version to 4.0.39</li> <li>prepare for next development iteration 4.0.40-SNAPSHOT</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/Atmosphere/atmosphere/compare/atmosphere-4.0.39...atmosphere-4.0.40";>https://github.com/Atmosphere/atmosphere/compare/atmosphere-4.0.39...atmosphere-4.0.40</a></p> <h2>Atmosphere 4.0.39</h2> <h2>✨ Added</h2> <ul> <li><strong>serve /favicon.ico from both starters to kill the default 404 AtmosphereFaviconAutoConfiguration returns the Atmosphere logo PNG on /favicon.ico and /favicon.png for every app using the starter; opt out with atmosphere.favicon.enabled=false.</strong></li> <li><strong>reattach e2e — harness sample + direct-writer replay + CI job RunReattachSupport now writes the joined buffer straight to response.getWriter() (U+001E between events); broadcaster routing fed the payload back into the <a href="https://github.com/Prompt";><code>@Prompt</code></a> dispatcher. New spring-boot-reattach-harness plus a SyntheticRunController give Playwright a deterministic HTTP surface — foundation-e2e.yml runs the spec on every push so the reattach wire is proven end-to-end, not just in unit tests.</strong></li> <li><strong>TokenUsage → CostCeilingGuardrail.addCost bridge + ownership fix CostAccountingSession wraps every <a href="https://github.com/Prompt";><code>@Prompt</code></a> session when a CostAccountant is installed; built-in CostCeilingAccountant(guardrail, pricing) closes the observability→enforcement loop. Spring Boot auto-configuration installs it and a DisposableBean resets the holder on shutdown, which also fixes broadcaster listener ownership symmetry on the PII installer.</strong></li> <li><strong>cpr-core moat — broadcaster PII, tenant drift, cost ceiling, reattach test PiiRedactionFilter auto-installs on every broadcaster (present + future) so response-path PII is rewritten in-flight — framework owns the transport. OutputLengthZScoreGuardrail partitions its rolling window by business.tenant.id MDC so one tenant cannot poison another's baseline. New CostCeilingGuardrail blocks outbound <a href="https://github.com/Prompt";><code>@Prompt</code></a> per tenant once cumulative cost hits budget (observability→enforcement). writeEnabled resolved per-call in both starters for runtime lockdown. RunReattachSupport extracts the replay-on-reconnect path with 5 regression tests. Operator docs split Spring + Quarkus setup with principal-chain paragraphs.</strong></li> <li><strong>wire Flow tab into the admin console — SVG graph over /api/admin/flow New tab renders the coordination journal as a circle-layout SVG: nodes = agents, edges = dispatch count + success/failure/avg-duration, red on failure, arrowheads for direction. Optional coordination-id drilldown and lookback-minutes filter. Zero external graph library — plain SVG, adequate for fleet sizes Atmosphere runs. Mirrored across spring-boot-starter and spring-boot3-starter admin assets.</strong></li> <li><strong>observability + guardrails + admin auth + flow viewer Observability layer (BusinessMetadata → SLF4J MDC, FactResolver), default guardrails (PII redaction, drift z-score), admin-write auth triple-gate (feature flag → Principal → ControlAuthorizer), agent-to-agent flow viewer (/api/admin/flow), run reattach consumer, gateway admission on handle-based paths, framework-scoped resolution for all v0.8 primitives. Samples boot via spring-boot:run + actuator health; foundation-e2e gates merges including Docker sandbox.</strong></li> <li><strong>foundation hardening — primitive wire-in, Sandbox gate, PermissionMode</strong></li> <li><strong>AI Agent Foundation — 8 primitives, 2 proof samples, strict OpenAI-compat tool round-trip</strong></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/Atmosphere/atmosphere/blob/main/CHANGELOG.md";>org.atmosphere:atmosphere-runtime's changelog</a>.</em></p> <blockquote> <h2>[4.0.40] - 2026-04-24</h2> <h3>Added — Tool-call admission, per-request scope, audit sinks</h3> <ul> <li><strong>Tool-call admission seam</strong> (<code>1def61ddf0</code>) — <code>PolicyAdmissionGate.admitToolCall</code> builds a synthetic <code>AiRequest</code> whose metadata carries <code>tool_name</code>, <code>action</code>, and an argument preview so MS-schema rules over <code>tool_name</code> fire before the tool's executor runs. <code>ToolExecutionHelper</code> consults the gate on every <code>@AiTool</code> dispatch; the canonical MS example <code>{field: tool_name, operator: eq, value: delete_database, action: deny}</code> fires without operator plumbing. OWASP A02 upgraded from PARTIAL to COVERED.</li> <li><strong><code>@AgentScope.postResponseCheck</code></strong> (<code>2913da1b81</code>) — when enabled on a high-stakes scope, <code>ScopePolicy</code> re-classifies the streamed response text against the declared purpose. OUT_OF_SCOPE responses become Deny with a <code>post-response:</code> prefix; errors fail-open on the response path (bytes already on the wire). <code>POLITE_REDIRECT</code> breaches downgrade to Deny because Transform can't rewind a stream.</li> <li><strong>Cross-provider governance contract</strong> (<code>613d216019</code>) — <code>AbstractAgentRuntimeContractTest.policyDenyBlocksRuntimeExecute</code> is inherited by all seven runtime adapters (Built-in, Spring AI, LangChain4j, ADK, Embabel, Koog, Semantic Kernel); the "deny before runtime" guarantee is now a build-time invariant for each provider.</li> <li><strong>Per-request <code>ScopePolicy</code> install</strong> (<code>334bde4969</code>) — an interceptor can write a <code>ScopeConfig</code> under <code>ScopePolicy.REQUEST_SCOPE_METADATA_KEY</code> and the pipeline / streaming session / admission gate install a transient <code>ScopePolicy</code> ahead of endpoint-level policies for that one turn. Classroom sample uses this for per-room scope (math / code / science / general) — one <code>@AiEndpoint</code> hosts four personas, each with its own purpose and forbidden-topic set. <code>perRequestScopeBlocksRuntimeExecute</code> extends the cross-provider contract to the per-request path.</li> <li><strong>Admin console governance views</strong> — three Vue views under the existing Atmosphere Console (<code>/atmosphere/console/</code>) poll <code>/api/admin/governance/{policies,decisions,owasp}</code> on live intervals. Tabs auto-hide when governance is not installed. Verified end-to-end against the classroom sample via chrome-devtools (tabs render, OWASP matrix shows 7 Covered / 1 Partial / 1 Design / 1 Not-addressed, zero console errors).</li> <li><strong>Persistent <code>AuditSink</code> SPI</strong> — <code>GovernanceDecisionLog.addSink(AuditSink)</code> fans every admission decision out to registered sinks while keeping the ring buffer authoritative for the admin console. Sink failures are isolated: one unreachable Kafka broker does not take down the pipeline. <code>AsyncAuditSink</code> wraps a blocking delegate with a bounded drop-on-full queue so the admission thread never blocks on IO (Backpressure invariant <a href="https://redirect.github.com/Atmosphere/atmosphere/issues/3";>#3</a>). Two reference modules ship: <code>atmosphere-ai-audit-kafka</code> (<code>KafkaAuditSink</code> → JSON to any topic) and <code>atmosphere-ai-audit-postgres</code> (<code>JdbcAuditSink</code> → JDBC upsert with schema auto-create, works against any JSR-221 <code>DataSource</code>; tests exercise H2 in-memory). The JSON shape matches MS Agent Governance Toolkit's <code>audit_entry</code> so downstream SIEM consumers of either system can read both.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/Atmosphere/atmosphere/commit/4e6676140ce3e2bd7f39b09f2f0b41a86ee3e406";><code>4e66761</code></a> release: Atmosphere 4.0.40</li> <li><a href="https://github.com/Atmosphere/atmosphere/commit/633d57ead9e592fe832b743955ab97208505d578";><code>633d57e</code></a> fix(admin): isolate coordinator types from CommitmentRecordView AOT walk</li> <li><a href="https://github.com/Atmosphere/atmosphere/commit/f66270b218755d4482ebc9fc8aa9762f2c74333a";><code>f66270b</code></a> fix(admin,cli): native-image AOT + CLI E2E SNAPSHOT compat</li> <li><a href="https://github.com/Atmosphere/atmosphere/commit/b6cdced49e565d1f27f99fe56f98eb693ad3aec8";><code>b6cdced</code></a> feat(governance): policy plane, multi-agent governance, sample retrofit</li> <li><a href="https://github.com/Atmosphere/atmosphere/commit/17d404d8557c6316520a79fefb2ff8ec5f1a7d0b";><code>17d404d</code></a> docs(agent): correct AgentWorkspace adapter list — drop fabricated SWE-bench</li> <li><a href="https://github.com/Atmosphere/atmosphere/commit/1ad0dd740f664fe837302d225d3ca88c8b83104f";><code>1ad0dd7</code></a> ci: drop (v0.5) suffix from Foundation E2E workflow name</li> <li><a href="https://github.com/Atmosphere/atmosphere/commit/bf671c32a65732e4de31ec8002f9faf739bab507";><code>bf671c3</code></a> ci: add .mvn/** + workflow_dispatch to all maven-build workflows</li> <li><a href="https://github.com/Atmosphere/atmosphere/commit/ee4c90dff9228fc969e0be480f26f49b71075dda";><code>ee4c90d</code></a> build: force GIB off by default via .mvn/maven.config</li> <li><a href="https://github.com/Atmosphere/atmosphere/commit/99e2e0263a412bec961f7883dfe0f935cd148134";><code>99e2e02</code></a> fix(ai,cpr): survive recycled async request during streaming disconnect</li> <li><a href="https://github.com/Atmosphere/atmosphere/commit/db05bbec5a17a4516e00ada8a46eeaf2371b9a92";><code>db05bbe</code></a> build: diff-aware pre-push via Gitflow Incremental Builder</li> <li>Additional commits viewable in <a href="https://github.com/Atmosphere/atmosphere/compare/atmosphere-project-3.1.0...atmosphere-4.0.40";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
