Bump org.atmosphere:atmosphere-runtime from 3.1.0 to 4.0.55

[dependabot]

Bumps org.atmosphere:atmosphere-runtime from 3.1.0 to 4.0.55.

Release notes

Sourced from org.atmosphere:atmosphere-runtime's releases.

Atmosphere 4.0.55

Added

• Static verifier over MCP. The plan-and-verify ("Guardians") stack is reachable as read-only MCP tools when atmosphere-verifier is on the classpath: atmosphere_verifier_summary, atmosphere_verifier_examples, and atmosphere_verifier_check. The check tool plans a goal and runs every verifier over the resulting plan without executing it (status verified/refused with the per-verifier violations); the mutating verify-then-execute path stays behind the admin write gate.

Fixed

• wasync: a user close() is no longer resurrected by a late OPEN event — a close requested before the transport finished opening is now honored when the OPEN arrives, instead of reviving the connection.
• Documentation accuracy sweep — corrected the Z3 binding version (4.14.0) and SmtChecker priority (200); aligned ADK / Semantic Kernel / Alibaba versions, crewai test counts, and the ms-governance policy name; fixed the embedded-jetty client type, the admin-bundle default authorizer, and runtime-truth claims in the embabel / agentscope / coding-agent docs; corrected third-party dependency versions and citations.

Changed

• CI doc-drift gates — fact/enumeration checks, link-rot detection, and sibling-site (atmosphere.github.io) verification, plus an atmosphere-skills link-checker allowlist.

Atmosphere 4.0.54

Added

• Rich human-in-the-loop approval payloads. A reviewer can now resolve a tool approval with more than approve/deny: approve-with-edited-arguments (the tool runs with the reviewer's arguments) or respond (the reviewer answers on the tool's behalf — structured JSON or free-form text — and the tool does not run). Wire protocol: /__approval/<id>/approve {"arguments":{…}} and /__approval/<id>/respond {…}. Fail-safe: a malformed edited-args payload denies. Session-scoped in-memory (not crash-durable). The legacy boolean resolution path is unchanged.
• Eval flywheel. JournalDatasetPromoter turns a recorded CoordinationJournal interaction into an EvalCase dataset row (trace→dataset), and SampledLiveScorer grades a configurable fraction of live turns into EvalRun verdicts (online scoring). Both are wired into EvalController with admin REST routes (/api/admin/evals/dataset, /dataset/promote, /score).
• OAuth on-behalf-of credential vault. OAuthOnBehalfOfCredentialStore is a concrete CredentialStore that performs an RFC 8693 token exchange — swapping a user's stored subject token for a short-lived access token scoped to a downstream

... (truncated)

Changelog

Sourced from org.atmosphere:atmosphere-runtime's changelog.

[4.0.55] - 2026-06-17

Added

• Static verifier over MCP. The plan-and-verify ("Guardians") stack is reachable as read-only MCP tools when atmosphere-verifier is on the classpath: atmosphere_verifier_summary, atmosphere_verifier_examples, and atmosphere_verifier_check. The check tool plans a goal and runs every verifier over the resulting plan without executing it (status verified/refused with the per-verifier violations); the mutating verify-then-execute path stays behind the admin write gate.

Fixed

• wasync: a user close() is no longer resurrected by a late OPEN event — a close requested before the transport finished opening is now honored when the OPEN arrives, instead of reviving the connection.
• Documentation accuracy sweep — corrected the Z3 binding version (4.14.0) and SmtChecker priority (200); aligned ADK / Semantic Kernel / Alibaba versions, crewai test counts, and the ms-governance policy name; fixed the embedded-jetty client type, the admin-bundle default authorizer, and runtime-truth claims in the embabel / agentscope / coding-agent docs; corrected third-party dependency versions and citations.

Changed

• CI doc-drift gates — fact/enumeration checks, link-rot detection, and sibling-site (atmosphere.github.io) verification, plus an atmosphere-skills link-checker allowlist.

[4.0.54] - 2026-06-13

Added

• Rich human-in-the-loop approval payloads. A reviewer can now resolve a tool approval with more than approve/deny: approve-with-edited-arguments (the tool runs with the reviewer's arguments) or respond (the reviewer answers on the tool's behalf — structured JSON or free-form text — and the tool does not run). Wire protocol: /__approval/<id>/approve {"arguments":{…}} and /__approval/<id>/respond {…}. Fail-safe: a malformed edited-args payload denies. Session-scoped in-memory (not crash-durable). The legacy boolean resolution path is unchanged.
• Eval flywheel. JournalDatasetPromoter turns a recorded CoordinationJournal interaction into an EvalCase dataset row (trace→dataset), and SampledLiveScorer grades a configurable fraction of live turns into EvalRun verdicts (online scoring). Both are wired into EvalController with admin REST routes (/api/admin/evals/dataset, /dataset/promote, /score).
• OAuth on-behalf-of credential vault. OAuthOnBehalfOfCredentialStore is a concrete CredentialStore that performs an RFC 8693 token exchange — swapping a user's stored subject token for a short-lived access token scoped to a downstream

... (truncated)

Commits

• 0dcd38b release: Atmosphere 4.0.55
• 516b53a docs(changelog): record 4.0.55 entries (verifier-over-MCP, wasync close, doc ...
• 7f57b8a feat(admin): expose static verifier over MCP as read-only tools
• 535027c fix(docs): close residual doc drift from agent verification + fix auditor fal...
• 9b55809 fix(docs): sweep stale ADK/SK/alibaba versions, crewai test counts, ms-govern...
• 94134d8 fix(docs): align alibaba caps, crewai overlay, ms-governance policy, admin fl...
• 6ebd370 fix(docs): correct embedded-jetty client type and admin-bundle default author...
• 8cf8e47 fix(docs): correct stale runtime-truth claims in embabel, agentscope, coding-...
• cad473e fix(docs): correct stale capability, count, and version claims (doc-drift audit)
• bb3c9f0 fix(docs): correct third-party dep versions and stale citations (doc-drift au...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)