Skip to content

Releases: Atmosphere/atmosphere

Atmosphere 4.0.59

Choose a tag to compare

@github-actions github-actions released this 27 Jun 21:13
Immutable release. Only release title and notes can be modified.

Added

  • screen long-term-memory writes for injection by default harden coverage evidence gate; relabel opt-in OWASP/compliance rows honestly

Changed

  • bump Spring Boot, LangChain4j, Embabel, ADK, Spring AI Alibaba Embabel 0.5.0 adds EmbeddingService.pricingModel; test stub reports ALL_YOU_CAN_EAT.
  • record coverage-overstatement drift + self-referential-gate rule
  • add obsidian skills + atmosphere-vault docs routing
  • align capability comment, sample runtime defaults, and XSS skip note with reality
  • add workflow_dispatch to Core and Doc Version Guard
  • bump version to 4.0.58
  • prepare for next development iteration 4.0.59-SNAPSHOT

Atmosphere 4.0.58

Choose a tag to compare

@github-actions github-actions released this 26 Jun 23:36
Immutable release. Only release title and notes can be modified.

Added

  • default-on RAG injection-safety wiring across runtimes Screens retrieved RAG documents for indirect prompt injection before the LLM (fail-closed RULE_BASED/DROP); wired for @aiendpoint, Spring Boot 3/4, and Quarkus with console runtime-truth and a poisoned-doc sample.

Fixed

  • pin rag-chat getting-started to released 4.0.57

Changed

  • stage doc sweep and fail-fast on doc-version drift before publish
  • bump version to 4.0.57
  • prepare next development version 5.0.35
  • prepare for next development iteration 4.0.58-SNAPSHOT

Atmosphere 4.0.57

Choose a tag to compare

@github-actions github-actions released this 26 Jun 14:12
Immutable release. Only release title and notes can be modified.

Added

  • provider-native structured output across 9 runtimes

Fixed

  • guard expo stats render against undefined token metrics
  • unblock MCP Apps sandbox CSP and stop optional-tab 404 probes
  • expose analyzer as @AgentSkill so approve happy path works

Changed

  • expect analyzer's headless A2A registration
  • note path-scoped native structured output for Spring AI, Koog, ADK
  • enforce Atmosphere doc matches the released version
  • retry fetch+rebase+push so a lost race can't red a green release
  • apt-get update before installing libxml2-utils so the delisted stale version isn't fetched
  • rebase before pushing JS dev-bump so it can't lose the race to the Maven job
  • prepare next development version 5.0.34
  • bump version to 4.0.56
  • prepare for next development iteration 4.0.57-SNAPSHOT

Atmosphere 4.0.56

Choose a tag to compare

@github-actions github-actions released this 23 Jun 00:44
Immutable release. Only release title and notes can be modified.

Added

  • guardrails + OBO + cost + run-registry AI bean parity with SB4
  • config-driven AI routing parity with the SB4 starter
  • install governance decision log out-of-box for the queryable audit trail
  • warn on unauthenticated A2A endpoint + advertise declared security scheme
  • make spring-boot-agui-chat a real AG-UI agent via the native bridge @agent + @prompt + real @aitool through session.stream() (demo fallback when no key); AiEvent->AgUiEvent over /atmosphere/agent/{name}/agui; replaces the scripted controller
  • config-driven cost/latency/model routing rules in atmosphere.ai.routing extends F3a (content-only); compose order content->model->cost->latency; off-by-default + content behavior byte-identical
  • emit experimental OTel GenAI semconv span attributes via GenAiTracer gen_ai.usage./request+response.model/operation/provider on the live span; fixes provider Runtime-Truth bug (real runtime name, not hardcoded atmosphere); legacy ai.tokens. byte-identical
  • add --routing flag to 'atmosphere new' for routing config scaffolding injects a commented atmosphere.ai.routing.* block into AI-template application.yml; off by default, rejected for non-AI templates
  • wire real LongTermMemory cross-session recall into personal-assistant InMemoryLongTermMemory + LongTermMemoryInterceptor on the UpstreamMcpAgent @aiendpoint (no-arg interceptor + static holder pattern); makes the memory-bearing claim true
  • opt-in RoutingLlmClient via atmosphere.ai.routing.enabled autoconfig wraps the resolved client with content-based routing rules; adds AiConfig.installClient seam; default-off byte-identical
  • wire ApiKeyResolver into anthropic/cohere with provider env-var support renamed from CredentialResolver (clashed with AiGateway.CredentialResolver); per-provider precedence reads ANTHROPIC_API_KEY/COHERE_API_KEY, no cross-provider key leak
  • add generation params (temperature/maxTokens/topP/stop) to LlmSettings wired to the wire for built-in/anthropic/spring-ai/langchain4j; honest per-runtime matrix in README; empty=byte-identical
  • explicit prompt-cache-key tri-state replaces base-URL sniffing PromptCacheKeyMode AUTO/ENABLED/DISABLED on LlmSettings; AUTO preserves current per-path heuristics byte-for-byte
  • store resolved apiKey on LlmSettings so apiKey() works for any client removes the OpenAiCompatibleClient-only instanceof; 4-arg constructor preserves old behavior; adds CredentialResolver precedence primitive
  • provider-neutral model tier aliases (fast/frontier/reasoning) ModelTier resolves tier tokens to a concrete model by active provider; raw model strings pass through unchanged
  • add provider-neutral configureNativeClient(Object) to AbstractAgentRuntime type-checked against nativeClientClassName(); provider-typed static setters remain the primary wiring path

Fixed

  • reachable agent bridge + keep response open during AG-UI streaming AgUiAgentBridge made public (cross-module reflective invoke from agui handler); handlePost joins the run thread so virtual-thread SSE writes don't hit a recycled response — fixes the agui-chat demo+UI e2e (only RUN_STARTED was reaching the wire)
  • converge AUTO prompt-cache-key to one default-deny allow-list built-in and framework runtimes share CacheHint.endpointAcceptsPromptCacheKey; framework no longer emits on unknown hosts under AUTO (force via PromptCacheKeyMode.ENABLED)
  • honor per-request ToolLoopPolicy in anthropic/cohere/langchain4j tool loops they hardcoded a 5-round cap and ignored maxIterations/onMaxIterations; now route through the shared ToolLoopGuard like the built-in (default behavior unchanged)
  • make default model configurable, default claude-sonnet-4-6 adds anthropic.model system property; per-request and AiConfig models still win over the fallback
  • version-bump touches only Atmosphere deps; regen SKILLCARDs
  • repair rag-chat/mcp-server/browser-agent + SB3 Tomcat + stream errors
  • restore real third-party dep versions clobbered by 4.0.x bump

Changed

  • pin deny-policy refusal on A2A and AG-UI bridges
  • fail-closed Maven Central pre-check guards against version burn
  • e2e proving config-driven routing is consumed on the wire
  • attribute GenAI "experimental" to the OpenTelemetry spec, not the emitter GenAiTracer/MetricsCapturingSession Javadoc + README make clear the implementation is production code; only the upstream OTel GenAI convention is experimental
  • document atmosphere new --routing flag and correct agui-chat sample row agui-chat is now a real @agent (LLM + @aitool over the AG-UI native bridge), not scripted
  • consolidate per-model-call observability into ModelCallScope replaces duplicated fireModelStart/End/Error + timing across 9 adapters and 2 Kotlin runtimes; event count/ordering unchanged (ADK start-time aligned to dispatch)
  • unify tool-call accumulator across built-in, anthropic, cohere shared ToolCallAccumulator gains argumentsAsMap(); deletes the two private copies; built-in parse path unchanged
  • extract AbstractSseLlmClient shared by Anthropic and Cohere clients collapses ~268 lines of duplicated HTTP/SSE plumbing (header filter, snippet read, data: loop, tool-schema) into one base; wire behavior byte-identical (black-box suites unchanged)
  • add TokenUsage.fromCounts and migrate adapter usage translation collapses 11 hand-rolled null-guard/total-fallback sites; 2 sites now compute total=input+output instead of 0 when the provider omits total (regression-tested)
  • hoist models() default into AbstractAgentRuntime removes 9 byte-identical adapter overrides; koog (distinct logic) and the interface default unchanged
  • fix cancel-test race by awaiting worker interrupt observation worker records the interrupt asynchronously; wait on a latch instead of reading the flag right after whenDone()
  • correct AI doc/sample drift vs verified runtime capabilities embeddings 5->7 runtimes, TOOL_CALL_DELTA Built-in+Cohere, ai.md classpath table, agui relabel, samples.json reattach
  • bound playwright install with timeout to prevent multi-hour hangs
  • both-layer regressions for the sweep failures (JUnit + Playwright)
  • sync version stamp to 4.0.56-SNAPSHOT
  • deep-link concept tables to docs site; fix verifier count
  • bump version to 4.0.55
  • prepare next development version 5.0.33
  • prepare for next development iteration 4.0.56-SNAPSHOT

Atmosphere 4.0.55

Choose a tag to compare

@github-actions github-actions released this 18 Jun 00:18
Immutable release. Only release title and notes can be modified.

Added

  • Static verifier over MCP. The plan-and-verify ("Guardians") stack is
    reachable as read-only MCP tools when atmosphere-verifier is on the
    classpath: atmosphere_verifier_summary, atmosphere_verifier_examples, and
    atmosphere_verifier_check. The check tool plans a goal and runs every
    verifier over the resulting plan without executing it (status
    verified/refused with the per-verifier violations); the mutating
    verify-then-execute path stays behind the admin write gate.

Fixed

  • wasync: a user close() is no longer resurrected by a late OPEN event
    a close requested before the transport finished opening is now honored when
    the OPEN arrives, instead of reviving the connection.
  • Documentation accuracy sweep — corrected the Z3 binding version (4.14.0)
    and SmtChecker priority (200); aligned ADK / Semantic Kernel / Alibaba
    versions, crewai test counts, and the ms-governance policy name; fixed the
    embedded-jetty client type, the admin-bundle default authorizer, and
    runtime-truth claims in the embabel / agentscope / coding-agent docs;
    corrected third-party dependency versions and citations.

Changed

  • CI doc-drift gates — fact/enumeration checks, link-rot detection, and
    sibling-site (atmosphere.github.io) verification, plus an atmosphere-skills
    link-checker allowlist.

Atmosphere 4.0.54

Choose a tag to compare

@github-actions github-actions released this 13 Jun 14:43
Immutable release. Only release title and notes can be modified.

Added

  • Rich human-in-the-loop approval payloads. A reviewer can now resolve a tool
    approval with more than approve/deny: approve-with-edited-arguments (the
    tool runs with the reviewer's arguments) or respond (the reviewer answers on
    the tool's behalf — structured JSON or free-form text — and the tool does not
    run). Wire protocol: /__approval/<id>/approve {"arguments":{…}} and
    /__approval/<id>/respond {…}. Fail-safe: a malformed edited-args payload denies.
    Session-scoped in-memory (not crash-durable). The legacy boolean resolution path
    is unchanged.
  • Eval flywheel. JournalDatasetPromoter turns a recorded CoordinationJournal
    interaction into an EvalCase dataset row (trace→dataset), and SampledLiveScorer
    grades a configurable fraction of live turns into EvalRun verdicts (online
    scoring). Both are wired into EvalController with admin REST routes
    (/api/admin/evals/dataset, /dataset/promote, /score).
  • OAuth on-behalf-of credential vault. OAuthOnBehalfOfCredentialStore is a
    concrete CredentialStore that performs an RFC 8693 token exchange — swapping a
    user's stored subject token for a short-lived access token scoped to a downstream
    tool, so an agent calls external APIs as the user. Fail-closed (no token →
    no fallback credential), token-cached until expiry. Opt in with
    atmosphere.ai.identity.oauth-obo.enabled=true.
  • Realtime voice bridge. VoiceBridge + the RealtimeVoiceProvider SPI bridge
    client audio frames over the existing WebSocket broadcaster to a speech-to-speech
    provider, fanning synthesized audio (Content.Audio) and transcripts back to the
    client. A dependency-free LoopbackVoiceProvider ships as the runnable reference
    (echoes audio); OpenAI Realtime / Gemini Live providers implement the same SPI.
  • Content-safety moderation guardrail. ModerationGuardrail blocks turns
    whose request and/or response is flagged for hate / harassment / self-harm /
    sexual / violence / illicit content, on the existing fail-closed guardrail
    pipeline. Pluggable detector: zero-dep RuleBasedModerationDetector (default)
    or cross-runtime LlmModerationDetector. Fail-closed by default (a detector
    outage blocks the turn; .failOpen() is the explicit opt-out). Opt in with
    atmosphere.ai.guardrails.moderation.enabled=true
    (...detector=llm for the model tier).
  • Self-healing structured output. @AiEndpoint(structuredOutputRetries = N)
    (or the ai.structured.retry request-metadata key on the AiPipeline path)
    re-prompts the model with the schema-validation error as feedback when a typed
    response fails to parse, up to N extra attempts, then fails closed. Works
    identically on the websocket and channel-bridge paths.
  • OpenAPI → governed tools. OpenApiToolImporter turns an OpenAPI 3.x spec
    (JSON or YAML, with local $ref resolution) into ToolDefinitions whose
    executor performs the HTTP call. The imported operations ride the same
    policy-admission and plan-and-verify path as hand-written @AiTool methods;
    approvalForWrites routes mutating verbs through the HITL gate.
  • MCP client depth. McpClientOptions adds per-server tool filtering and
    display-only renaming (the executor still calls the server's original tool
    name), plus elicitation/sampling callback handlers advertised during
    initialize. McpServerRegistry aggregates several servers into one
    collision-free tool list (first-wins) and owns their lifecycle.

Atmosphere 4.0.52

Choose a tag to compare

@jfarcand jfarcand released this 08 Jun 21:41
Immutable release. Only release title and notes can be modified.

Added

  • MCP authorization now validates bearer tokens end-to-end. A request is authenticated
    when either a servlet resource-server filter set the request principal (e.g. Spring
    Security oauth2ResourceServer) or a configured TokenValidator accepts the
    Authorization: Bearer token (loaded from org.atmosphere.auth.tokenValidator, validated
    by atmosphere-mcp itself — no framework-specific wiring). The RFC 9728 metadata is now
    served on the agent registration path too. Proven end-to-end on the embedded server,
    Spring Boot, and Quarkus (JVM). The spring-boot-mcp-server sample gains an opt-in auth
    profile (default off) demonstrating it.
  • MCP runs on Quarkus. @Agent-based MCP endpoints now register under the Quarkus
    extension (the build scan recognizes @Agent and indexes the optional
    atmosphere-agent / atmosphere-mcp jars when an @Agent class is present). JVM mode;
    native image is not yet supported for @Agent-based MCP.

Tested

  • Added a stateless 2026-07-28 round-robin end-to-end test (two tools/call with no
    session header both succeed, plus server/discover and Mcp-Method mismatch) in
    modules/integration-tests, proving the no-session-affinity claim over live HTTP.

Atmosphere 4.0.51

Choose a tag to compare

@github-actions github-actions released this 06 Jun 18:54
Immutable release. Only release title and notes can be modified.

Added

  • MCP 2026-07-28 release candidate — the largest MCP revision since launch,
    implemented as a stateless dialect that coexists with the session-based protocol
    (2024-11-05 through 2025-11-25). The dialect is selected per request (the client
    carries the protocol version in params._meta or calls server/discover), so existing
    clients are unaffected. Stateless core has no Mcp-Session-Id and no initialize
    handshake, so the server runs behind a plain round-robin load balancer with no session
    affinity.
  • MCP operabilityMcp-Method / Mcp-Name routing headers (validated against the
    body), ttlMs + cacheScope cache metadata on tools/list / resources/list /
    resources/read, and W3C Trace Context (traceparent / tracestate / baggage) read
    from _meta and bridged into the OpenTelemetry span.
  • MCP Tasks extension (io.modelcontextprotocol/tasks) and multi-round-trip input —
    @McpTool(longRunning = true) returns a task handle polled via tasks/get, and the
    stateless dialect can return InputRequiredResult with a base64 requestState to
    request more input mid-call and resume on any instance.
  • JSON Schema 2020-12 dialect ($schema) on generated tool input schemas, and a
    standardized resource-not-found error (-32602) on the stateless dialect.
  • MCP Apps (SEP-1865)@McpTool(uiResource = "ui://…") plus a
    text/html;profile=mcp-app resource makes a tool an MCP App. The Atmosphere console is a
    working host: it renders the app in a sandboxed iframe, runs a bidirectional App
    Bridge
    (apps call server tools through the host under the policy gateway; the host
    lists and calls the app's own appCapabilities.tools), and uses a separate-origin
    sandbox proxy
    for isolation (atmosphere.mcp-sandbox-origin, with a localhost
    127.0.0.1 dev fallback, otherwise an opaque-origin direct sandbox).
  • MCP authorization — the server acts as an OAuth 2.0 Resource Server: RFC 9728
    protected-resource metadata at /.well-known/oauth-protected-resource and a 401 +
    WWW-Authenticate challenge for unauthenticated requests. Token validation is delegated
    to the host framework (Spring Security resource server / quarkus-oidc); opt in via the
    org.atmosphere.mcp.auth.* init parameters.

Atmosphere 4.0.50

Choose a tag to compare

@github-actions github-actions released this 05 Jun 12:58
Immutable release. Only release title and notes can be modified.

Removed

  • Pruned dead/unwired internal classes found during a release-readiness audit —
    none was documented, advertised, or reachable from a user code path:
    McpWebSocketHandler (superseded by McpHandler's direct WebSocket-frame
    handling), AgUiSession (superseded by ResourceAgUiStreamingSession),
    AiCoalescingBroadcasterCache (a delegate-only BroadcasterCache that the
    no-arg reflective cache-wiring path cannot instantiate), AdkArtifactBridge,
    AdkCompactionBridge, AtmosphereRequestBridge, AtmosphereResponseBridge,
    the channels AuditLoggingFilter (never registered as a bean, so it never
    reached the filter chain), the unwired GrpcProtocolBridge, and the A2A
    ListTaskPushNotificationConfigsResponse DTO (the
    ListTaskPushNotificationConfigs method returns ERROR_PUSH_NOT_SUPPORTED,
    so the response type was never constructed).

Fixed

  • ToolBridgeUtils.findUnescapedQuote no longer advances the scan index past
    the end of the string when malformed tool-call JSON ends in a lone backslash
    — the escaped-character skip is now bounds-checked (boundary safety,
    Correctness Invariant #4). Regression test added.

Added

  • Interactions API (org.atmosphere.interactions, artifact atmosphere-interactions)
    — a stateful agent-turn resource layered above the AgentRuntime SPI, so it
    works for every adapter with no per-runtime code. An Interaction carries a
    stable id, a durable steps[] event log, and chains turns via
    previousInteractionId (the server holds history; the client does not resend
    it). Turns run synchronously or in the background (background=true
    returns a RUNNING record immediately and is retrievable after a disconnect),
    and store=false streams without persisting. The starter exposes the resource
    over POST /api/interactions, POST /api/interactions/{id}/continue,
    GET /api/interactions/{id}, GET /api/interactions,
    POST /api/interactions/{id}/cancel, and DELETE /api/interactions/{id}
    every mutating route is default-deny behind atmosphere.interactions.http-write-enabled
    plus an authenticated principal (Correctness Invariant #6). Two InteractionStore
    backends ship: InMemoryInteractionStore (default) and SqliteInteractionStore;
    the SPI is pluggable for others. atmosphere.js gains a typed InteractionsClient
    (atmosphere.js/interactions) covering the REST surface plus pollUntilTerminal
    / watch helpers.

  • Interactions live streaming — a background interaction now streams its
    durable steps[] to a subscribed browser as they are produced, over the
    Atmosphere transport (/atmosphere/interactions-stream?id=<id>, WebSocket/SSE).
    On connect the handler replays the steps captured so far (late-joiner catch-up,
    deduped client-side by sequence), then pushes each new step live and a terminal
    frame on completion; ownership is enforced per-interaction, same scope as the
    REST read. InteractionsClient.subscribe(id, handlers) bridges it on the client
    and the Atmosphere Console's Interactions tab renders the live step timeline.
    An AtmosphereInterceptor resolves the principal for the stream socket so
    ownership holds across all transports (a servlet filter's request attribute does
    not survive the WebSocket upgrade). Demonstrated in spring-boot-coding-agent
    and spring-boot-multi-agent-startup-team.

  • ToolKind + @AiTool(kind = …) — tools declare a behavioural category
    (EDIT, READ, EXECUTE, NETWORK, DELETE, OTHER; default OTHER).
    This makes PermissionMode.ACCEPT_EDITS a real behaviour instead of a
    DEFAULT alias: it now auto-approves a tool's own @RequiresApproval
    prompt when kind == EDIT, while every other tool still routes through the
    per-tool approval gate. The classification is compile-time author metadata
    (not runtime caller-asserted intent), the default OTHER keeps the approval
    posture exactly as restrictive as before, and the relaxation never overrides
    an operator-configured ToolPermissionPolicy DENY/CONFIRM or a DenyAll
    policy. ToolExecutionHelperAcceptEditsTest pins all four cases.

  • Code-as-action sandbox (org.atmosphere.ai.code) — a code_exec tool that
    lets a model accomplish tasks by writing a block of code (bash / JavaScript /
    Python) instead of negotiating many fine-grained tool calls. Each session gets
    an isolated, ephemeral container (CodeSandbox SPI, ContainerCodeSandbox over
    Docker/Podman) with hardening applied — --network none by default, non-root,
    --cap-drop ALL, --security-opt no-new-privileges, read-only rootfs + a bounded
    writable workspace, and memory/cpu/pid caps — provisioned lazily on first use and
    torn down on every terminal path via the new StreamingSession.onTerminate(AutoCloseable)
    primitive. Default-deny: code execution is off unless
    org.atmosphere.ai.code.enabled=true and a container engine is confirmed present
    at runtime (Correctness Invariant #5); the tool is registered into @AiEndpoint
    dispatch only then, with the tool-loop ceiling lifted to 25 write→run→observe
    rounds. Each round streams an AiEvent.AgentStep plus any screenshots the code
    produced, rendered inline in the Console as markdown data-URI images. New
    samples/spring-boot-browser-agent demonstrates it (Cohere-backed, requires
    Docker): the agent drives a headless browser with Playwright and you watch the
    screenshots arrive live.

Changed

  • ai-policy-rego and ai-policy-cedar now ship a
    META-INF/services/org.atmosphere.ai.governance.PolicyParser registration,
    so Rego and Cedar policy artifacts are auto-discovered by ServiceLoader
    the same way YAML always has been — no programmatic parser wiring required.
    Safe because both parsers have lazy no-arg constructors (the opa / cedar
    binary is only touched at evaluation, and parse failure is already
    fail-closed). The Kafka/Postgres audit sinks are deliberately left on
    programmatic GovernanceDecisionLog.addSink() wiring: they need a live
    broker / JDBC connection, so auto-activating them on classpath presence
    would advertise capability that cannot run (Runtime-Truth, Correctness
    Invariant #5). RegoPolicyParserTest / CedarPolicyParserTest pin the
    discovery.
  • Four new pre-push drift-prevention gates, each closing a class the
    .harness/drift-log.md had recorded but left un-automated, wired into
    scripts/pre-push-validate.sh Tier-1:
    validate-runtime-overlay-coverage.sh (every snapshot runtime must have a
    CLI overlay and a bom/pom.xml artifact — drift #59);
    validate-dangling-doc-comments.sh (parse-only javac -Xlint:dangling-doc-comments
    under a JDK ≥ 23 to catch detached Javadoc locally, not only on the Native
    Image lane — drift #80);
    validate-doc-version-alignment.sh (third-party dependency versions in
    Markdown must match the pinned pom.xml/package.json — drift #12/#18/#75);
    and validate-doc-symbols.sh (annotation references in Markdown must resolve
    to an in-tree declaration or a curated external allowlist — drift #72). Two of the
    gates caught a pre-existing drift on first run: atmosphere-semantic-kernel
    was missing from bom/pom.xml (now added), and modules/langchain4j/README.md
    named LangChain4j 1.12.2 while the pom pins 1.15.0 (now corrected). CLI overlay
    coverage was also extended to the three native runtimes (anthropic, cohere,
    crewai) in cli-e2e.yml path filters and the test-cli.sh scaffold+compile
    matrix.

Atmosphere 4.0.49

Choose a tag to compare

@github-actions github-actions released this 28 May 23:06
Immutable release. Only release title and notes can be modified.

Added

  • atmosphere-crewaiAgentRuntime for the
    CrewAI multi-agent framework via an
    out-of-process Python sidecar. First non-Java runtime adapter in the
    project; the boundary is HTTP + SSE for the request stream plus a
    loopback ToolCallbackServer for Java→Python tool RPC. Pins 9
    capabilities (TEXT_STREAMING, TOKEN_USAGE, AGENT_ORCHESTRATION,
    CANCELLATION, TOOL_CALLING, SYSTEM_PROMPT,
    STRUCTURED_OUTPUT, TOOL_APPROVAL, PER_REQUEST_RETRY) via
    CrewAiRuntimeContractTest + the capability snapshot (which now
    enumerates 12 runtimes). Like every other runtime, isAvailable()
    is config-gated — requires ATMOSPHERE_CREWAI_SIDECAR_URL pointing
    at a running sidecar that responds OK to GET /health.

  • modules/crewai/sidecar/ — companion Python package
    atmosphere-crewai-bridge (FastAPI + uvicorn + crewai 1.14)
    speaking the documented wire protocol. Materialises Java
    ToolDefinitions as crewai.tools.BaseTool subclasses via
    pydantic.create_model, injects them into agents, and threads
    context.systemPrompt() into each agent's backstory inside a
    delimited block. Ships with a working examples/ollama_crew.py
    factory that targets qwen2.5:0.5b (no API key required).

  • CLI runtime overlay (cli/runtime-overlays.json) for crewai, so
    atmosphere new my-app --template ai-chat --runtime crewai
    scaffolds with the dependency wired and the sidecar setup
    documented inline.

  • End-to-end validation captured at
    .harness/crewai-e2e-success.png: chrome-devtools drove
    /atmosphere/console/ against a real Ollama-backed crew; the
    browser rendered 25 tokens at 46.8 tok/s through the full chain
    WebSocket → @AiEndpoint(runtime=crewai) → HttpSseSidecarClient → atmosphere-crewai-bridge → crewai 1.14 → litellm → Ollama. Console
    zero errors, sidecar log confirms POST /v1/chat/completions HTTP/1.1 200 OK against the local Ollama instance.

  • modules/coordinator/journalevent-sourced execution log for
    the coordinator. Layers four additive pieces onto the existing
    CoordinationJournal SPI without breaking any of the 94 existing
    new CoordinationEvent.* call sites across coordinator / admin /
    checkpoint / integration-tests / samples:

    1. EventEnvelope(eventId, parentEventId, event) + default-method
      recordEnveloped / retrieveEnveloped on CoordinationJournal.
      JournalingAgentFleet threads parent IDs through every dispatch
      path (parallel / pipeline / route / proxy.call /
      callAsync / stream): CoordinationStartedAgentDispatched
      AgentCompleted/AgentFailedAgentEvaluated. Legacy
      record(event) callers continue working — events are wrapped as
      root envelopes with no parent.
    2. CoordinationProjection.from(journal, coordinationId) — pure
      read-only causal DAG built from retrieveEnveloped. Exposes
      roots(), children(eventId), walk(visitor), agents(),
      failedDispatches(), evaluations(). No execution, no LLM, no
      side effects.
    3. FileCoordinationJournal(Path) — append-only NDJSON file backend,
      one JSON object per line. Replays on start() into an in-memory
      index for queries; tolerates a truncated final line from a JVM
      kill mid-append (logs and skips). Single-writer locked appends;
      polymorphic ser/deser of the sealed CoordinationEvent hierarchy
      via a Jackson 3 mix-in so the event records stay annotation-free.
    4. CoordinationFork + new ForkCreated event variant — what-if
      branching primitive. fork.from(coordId, eventId).reason(...).with(altCall).execute(fleet)
      creates a new coordination id (or accepts an explicit one),
      records a ForkCreated envelope linking back to the parent event,
      and runs the alternate dispatch via
      JournalingAgentFleet.withCoordinationId(...). The parent
      coordination is immutable; the fork is a peer with its own future.
      Pre-flight check rejects unknown parentEventId with a fast
      IllegalArgumentException.

    Backed by 38 tests in modules/coordinator/src/test/java/.../journal/
    including a three-process integration test that runs a parallel
    coordination, restart-replays from disk, projects the DAG, forks an
    alternate, restart-replays again, and verifies both the original and
    the forked branch survive across two simulated JVM kills.
    modules/coordinator/README.md documents the new surface.

  • Cohere TOOL_CALL_DELTA streaming capability (3327425d50).
    CohereChatClient.handleToolCallDelta surfaces incremental tool-call
    argument fragments as they arrive, and CohereAgentRuntime
    (line 269) now declares TOOL_CALL_DELTA. The same honesty pass
    removed PROMPT_CACHING from Cohere — the v2 API exposes no
    prompt-cache control, so advertising it was Runtime-Truth drift; the
    capability snapshot was re-pinned accordingly.

  • Quarkus extension integration parity: five optional surfaces, each
    gated on classpath presence and covered by a dedicated build-step
    test (3327425d50). AtmosphereProcessor registers Cache, Health
    (HealthBuildItem), Micrometer metrics
    (AtmosphereMetricsProducer), OpenTelemetry tracing
    (AtmosphereTracingProducer), and governance metrics
    (AtmosphereGovernanceMetricsProducer) producers — see
    AtmosphereProcessor.java:432-510 and the
    Atmosphere{Cache,Health,Metrics,Tracing,GovernanceMetrics}BuildStepTest
    suite.

  • modules/quarkus-grpc — Quarkus gRPC bridge extension (runtime +
    deployment submodules) (3327425d50).

  • scripts/validate-no-beta-on-main.sh — push-time gate enforcing the
    release-frequency rule: pre-GA escape-hatch framing (beta annotations,
    hourglass deferral markers, phased planning labels, or roadmap-deferral
    prose) introduced relative to origin/main fails the build, so main
    stays release-ready (3327425d50).

Changed

  • Bumped JetBrains Koog 0.8.0 → 1.0.0 (4685a844bb, root pom
    koog.version) — Koog's first GA. The adapter configures via
    Koog 1.0's stable OpenAILLMClient / MultiLLMPromptExecutor
    (AtmosphereKoogAutoConfiguration.kt); the full Koog capability set
    (VISION, AUDIO, MULTI_MODAL, PROMPT_CACHING, TOOL_CALLING,
    TOOL_APPROVAL, …) is unchanged and re-pinned by
    KoogRuntimeContractTest + the capability snapshot.
  • Bumped langchain4j.version 1.14.0 → 1.15.0 (abd774f68d),
    logback-version 1.5.25 → 1.5.32 (58f2e6d373), and
    commons-lang3 3.18.0 → 3.20.0 (8dea5788ac).

Fixed

  • HttpSseSidecarClient now pins HttpClient.Version.HTTP_1_1. The
    JDK's java.net.http.HttpClient defaults to HTTP/2 for plain HTTP
    and attempts an Upgrade: h2c negotiation; uvicorn (the FastAPI
    host for the CrewAI sidecar) does not implement the h2c upgrade and
    the resulting request lands with an empty body, which FastAPI
    rejects as 422 Field required, loc=["body"], input=null. The
    bridge-test FakeSidecar (a
    com.sun.net.httpserver.HttpServer) tolerated the upgrade preamble
    and parsed the body anyway, so the bug only surfaced under real
    uvicorn — exactly the gap feedback_chrome_devtools_only.md warns
    about. Added a regression test
    (CrewAiAgentRuntimeBridgeTest.httpClient_pinnedToHttp11) that
    reflects into the client and asserts the version, so a future "just
    use the default HttpClient" refactor breaks the build before it
    breaks production. Drift recorded as .harness/drift-log.md #64.
  • Koog runtime reaches Gemini via Google's OpenAI-compatible base
    URL
    (87aa2cc824). Koog 1.0's native Google client ships only on a
    JVM-incompatible path, so AtmosphereKoogAutoConfiguration points the
    stable OpenAILLMClient at any OpenAI-compatible endpoint when
    atmosphere.koog.base-url / LLM_BASE_URL is set (e.g.
    https://generativelanguage.googleapis.com/v1beta/openai for
    gemini-2.5-flash). Regression-gated by
    AtmosphereKoogAutoConfigurationTest. Drift recorded as
    .harness/drift-log.md #77 — the 0.8.0 → 1.0.0 bump had been
    reported done on CI alone, which hid the dropped-Gemini regression.
  • Spring Boot JDK 26 long-term-memory disconnect hang resolved via
    an idle-reaper fallback (b2e9e09e71).
    LongTermMemoryHttpE2eTest's disconnect path intermittently hung on
    the JDK 26 lane because the WebSocket-close → onDisconnect lifecycle
    could be dropped under fork contention; an
    IdleResourceInterceptor-based reaper (platform-thread scheduler,
    maxInactiveActivity=5000) now fires the disconnect lifecycle
    independently, so suspended resources are reaped and facts persisted
    even when the close frame is lost. Drift recorded as
    .harness/drift-log.md #78#79 — an earlier 60s → 120s await bump was
    ineffective (a timeout cannot fix a hang).

Security

  • Bumped tomcat-embed-core 11.0.21 → 11.0.22 (root pom
    tomcat-version property) to close 7 Dependabot advisories — 3
    critical (security-constraint bypass GHSA-5m62-pw8w-7w9f,
    digest-auth bypass GHSA-h6fc-48rj-7qqh, HTTP/2 header validation
    GHSA-r29c-68gh-xp6x), 3 high (LockOutRealm case-sensitivity
    GHSA-5mp6-jrq3-r938, WebSocket auth-header exposure
    GHSA-fv25-8xcx-gqjc, WebDAV LOCK/PROPFIND unbounded read
    GHSA-gx5v-xp9w-j4cg), and 1 low (AJP secret non-constant-time
    compare GHSA-9m89-8frq-c98c). The pin stays scoped to
    tomcat-embed-core; tomcat-embed-el and tomcat-embed-websocket
    continue to follow each Spring Boot BOM (3.5.x keeps the 10.1.x
    line, 4.0.x stays on 11.0.x).
  • Bumped protobufjs 7.5.6 → 7.5.8 in
    modules/integration-tests/package.json + lockfile to close
    GHSA-jggg-4jg4-v7c6.
  • Dismissed 3 remaining open Dependabot alerts that have no in-tree
    fix path. Two org.json:json alerts (GHSA-3vqj-43w4-2q58,
    GHSA-4jq9-2xhw-jpx7) cited modules/runtime/pom.xml — a manifest
    that no longer exists; org.json:json was removed reactor-wide in
    commit `...
Read more