Bump org.atmosphere:atmosphere-runtime from 3.1.0 to 4.0.54

[dependabot]

Bumps org.atmosphere:atmosphere-runtime from 3.1.0 to 4.0.54.

Release notes

Sourced from org.atmosphere:atmosphere-runtime's releases.

Atmosphere 4.0.54

Added

• Rich human-in-the-loop approval payloads. A reviewer can now resolve a tool approval with more than approve/deny: approve-with-edited-arguments (the tool runs with the reviewer's arguments) or respond (the reviewer answers on the tool's behalf — structured JSON or free-form text — and the tool does not run). Wire protocol: /__approval/<id>/approve {"arguments":{…}} and /__approval/<id>/respond {…}. Fail-safe: a malformed edited-args payload denies. Session-scoped in-memory (not crash-durable). The legacy boolean resolution path is unchanged.
• Eval flywheel. JournalDatasetPromoter turns a recorded CoordinationJournal interaction into an EvalCase dataset row (trace→dataset), and SampledLiveScorer grades a configurable fraction of live turns into EvalRun verdicts (online scoring). Both are wired into EvalController with admin REST routes (/api/admin/evals/dataset, /dataset/promote, /score).
• OAuth on-behalf-of credential vault. OAuthOnBehalfOfCredentialStore is a concrete CredentialStore that performs an RFC 8693 token exchange — swapping a user's stored subject token for a short-lived access token scoped to a downstream tool, so an agent calls external APIs as the user. Fail-closed (no token → no fallback credential), token-cached until expiry. Opt in with atmosphere.ai.identity.oauth-obo.enabled=true.
• Realtime voice bridge. VoiceBridge + the RealtimeVoiceProvider SPI bridge client audio frames over the existing WebSocket broadcaster to a speech-to-speech provider, fanning synthesized audio (Content.Audio) and transcripts back to the client. A dependency-free LoopbackVoiceProvider ships as the runnable reference (echoes audio); OpenAI Realtime / Gemini Live providers implement the same SPI.
• Content-safety moderation guardrail. ModerationGuardrail blocks turns whose request and/or response is flagged for hate / harassment / self-harm / sexual / violence / illicit content, on the existing fail-closed guardrail pipeline. Pluggable detector: zero-dep RuleBasedModerationDetector (default) or cross-runtime LlmModerationDetector. Fail-closed by default (a detector outage blocks the turn; .failOpen() is the explicit opt-out). Opt in with atmosphere.ai.guardrails.moderation.enabled=true (...detector=llm for the model tier).
• Self-healing structured output. @AiEndpoint(structuredOutputRetries = N) (or the ai.structured.retry request-metadata key on the AiPipeline path) re-prompts the model with the schema-validation error as feedback when a typed response fails to parse, up to N extra attempts, then fails closed. Works identically on the websocket and channel-bridge paths.
• OpenAPI → governed tools. OpenApiToolImporter turns an OpenAPI 3.x spec (JSON or YAML, with local $ref resolution) into ToolDefinitions whose executor performs the HTTP call. The imported operations ride the same policy-admission and plan-and-verify path as hand-written @AiTool methods; approvalForWrites routes mutating verbs through the HITL gate.
• MCP client depth. McpClientOptions adds per-server tool filtering and display-only renaming (the executor still calls the server's original tool name), plus elicitation/sampling callback handlers advertised during initialize. McpServerRegistry aggregates several servers into one

... (truncated)

Changelog

Sourced from org.atmosphere:atmosphere-runtime's changelog.

[4.0.54] - 2026-06-13

Added

• Rich human-in-the-loop approval payloads. A reviewer can now resolve a tool approval with more than approve/deny: approve-with-edited-arguments (the tool runs with the reviewer's arguments) or respond (the reviewer answers on the tool's behalf — structured JSON or free-form text — and the tool does not run). Wire protocol: /__approval/<id>/approve {"arguments":{…}} and /__approval/<id>/respond {…}. Fail-safe: a malformed edited-args payload denies. Session-scoped in-memory (not crash-durable). The legacy boolean resolution path is unchanged.
• Eval flywheel. JournalDatasetPromoter turns a recorded CoordinationJournal interaction into an EvalCase dataset row (trace→dataset), and SampledLiveScorer grades a configurable fraction of live turns into EvalRun verdicts (online scoring). Both are wired into EvalController with admin REST routes (/api/admin/evals/dataset, /dataset/promote, /score).
• OAuth on-behalf-of credential vault. OAuthOnBehalfOfCredentialStore is a concrete CredentialStore that performs an RFC 8693 token exchange — swapping a user's stored subject token for a short-lived access token scoped to a downstream tool, so an agent calls external APIs as the user. Fail-closed (no token → no fallback credential), token-cached until expiry. Opt in with atmosphere.ai.identity.oauth-obo.enabled=true.
• Realtime voice bridge. VoiceBridge + the RealtimeVoiceProvider SPI bridge client audio frames over the existing WebSocket broadcaster to a speech-to-speech provider, fanning synthesized audio (Content.Audio) and transcripts back to the client. A dependency-free LoopbackVoiceProvider ships as the runnable reference (echoes audio); OpenAI Realtime / Gemini Live providers implement the same SPI.
• Content-safety moderation guardrail. ModerationGuardrail blocks turns whose request and/or response is flagged for hate / harassment / self-harm / sexual / violence / illicit content, on the existing fail-closed guardrail pipeline. Pluggable detector: zero-dep RuleBasedModerationDetector (default) or cross-runtime LlmModerationDetector. Fail-closed by default (a detector outage blocks the turn; .failOpen() is the explicit opt-out). Opt in with atmosphere.ai.guardrails.moderation.enabled=true (...detector=llm for the model tier).
• Self-healing structured output. @AiEndpoint(structuredOutputRetries = N) (or the ai.structured.retry request-metadata key on the AiPipeline path) re-prompts the model with the schema-validation error as feedback when a typed response fails to parse, up to N extra attempts, then fails closed. Works identically on the websocket and channel-bridge paths.
• OpenAPI → governed tools. OpenApiToolImporter turns an OpenAPI 3.x spec (JSON or YAML, with local $ref resolution) into ToolDefinitions whose executor performs the HTTP call. The imported operations ride the same policy-admission and plan-and-verify path as hand-written @AiTool methods; approvalForWrites routes mutating verbs through the HITL gate.
• MCP client depth. McpClientOptions adds per-server tool filtering and display-only renaming (the executor still calls the server's original tool name), plus elicitation/sampling callback handlers advertised during initialize. McpServerRegistry aggregates several servers into one

... (truncated)

Commits

• 123d5c9 release: Atmosphere 4.0.54
• 662655d fix(spring-boot): decouple transport auth from a TokenValidator bean
• e446e8e feat(sample): operator auth for the guarded-email Validation tab
• f1943a9 fix(spring-boot): authenticate console admin writes + preserve redirect query
• f844e80 chore(deps): upgrade Spring AI 2.0.0-M6 -> 2.0.0 GA
• 791eea8 ci(samples): run the multi-agent startup-team verifier tests in CI
• 43292b0 docs(samples): deepen multi-agent verifier README with plan AST, refusal mech...
• 79b1223 docs(harness): mark SMT-branch gap resolved (cc7f31f777) + doc broadened (55d...
• ddd453a feat(samples): add plan-and-verify guardrails to the multi-agent startup team
• 317b645 docs(harness): log verifier-doc fabrication caught pre-publish (+ concurrent-...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #3247.