Bump org.atmosphere:atmosphere-runtime from 3.1.0 to 4.0.34

[dependabot]

Bumps org.atmosphere:atmosphere-runtime from 3.1.0 to 4.0.34.

Release notes

Sourced from org.atmosphere:atmosphere-runtime's releases.

Atmosphere 4.0.34

✨ Added

• add validation gates for unchecked returns + no-op tests Architectural validation now fails on unchecked offer() and expect(true).toBe(true). Fixed 4 offer() calls (use add() or check return). Replaced 4 no-op specs with test.skip().
• bundle atmosphere-skills as classpath JAR for CI reliability
• migrate all skills to atmosphere-skills registry, remove local prompts
• SkillFileLoader with GitHub fallback + SHA-256 integrity, AgentRuntime.generate() PromptLoader.loadSkill() searches classpath -> disk cache -> GitHub with registry.json hash verification. skill: prefix in @Agent/@​Coordinator skillFile. CollectingSession + generate() eliminate 4 duplicated sync adapters.
• add LlmResultEvaluator, rename QualityEvaluator to SanityCheck LLM judge uses active AgentRuntime; prompt from META-INF/skills/llm-judge/SKILL.md. Hardcoded evaluator renamed to SanityCheckEvaluator.
• configurable A2A timeouts, SqliteCheckpointStore, QualityResultEvaluator A2aAgentTransport.Timeouts record replaces magic numbers; CO_LOCATED preset for same-host agents. SqliteCheckpointStore persists checkpoints to SQLite. QualityResultEvaluator scores on length/structure/errors.
• add SqliteCheckpointStore and QualityResultEvaluator Persistent checkpoint store backed by SQLite (reuses durable-sessions pattern); built-in ResultEvaluator scoring on length, error indicators, and structure — no LLM required
• enable real A2A transport in multi-agent team, fix subtitle
• URL override forces A2A transport, enable in multi-agent sample
• extract pluggable RetryPolicy from hardcoded backoff Sealed RetryPolicy hierarchy (ExponentialBackoff, LinearBackoff, NoRetry) replaces hardcoded backoff in DefaultAgentProxy; backward-compatible via fromMaxRetries()
• add OpenAI Responses API support with previous_response_id continuation
• add per-agent resource limits and cancellable execution handles AgentLimits(timeout, maxTurns) via @​AgentRef(timeoutMs=N), AgentExecution sealed interface with cancel()/join(), parallelCancellable() for non-blocking fan-out
• add agent activity model with real-time streaming AgentActivity sealed interface + StreamingActivityListener bridges fleet state to AiEvent.AgentStep over WebSocket; also adds remark-gfm for markdown table rendering

🐛 Fixed

• cli-runtime tests use pre-built JARs, not atmosphere run
• switch to auth-free sample, scope admin agents tab selector
• protocol mismatch fixes, selector ambiguities, skip incompatible tests
• improved WebTransport and admin test resilience
• inject auth token for admin event stream WebSocket connection
• WebTransport tests tolerate missing QUIC, admin timeout increase
• update 6 test specs for console UI migration
• correct CLI path resolution in cli-runtime.spec.ts
• move path collision check into hasUserDefinedAiEndpoint
• prevent default AI endpoint from overriding @​ManagedService handlers
• add console-endpoint property, fix spring-boot-chat CI failure
• add tool-card/tool-activity test IDs, unskip demo-compatible tests
• skip LLM-dependent agui-chat UI tests to prevent CI failures
• add test IDs to console Vue components, fix E2E tests for console migration
• console endpoint detection for @​ManagedService samples
• add atmosphere-ai dep for console-migrated samples
• add logback runtime deps to channels-chat sample
• auth guards on spring-boot3 admin, ThreadLocal leak, swallowed exceptions
• move field above method javadoc to fix JDK 26 unattached doc warning JDK 26 treats javadoc between a field and its method as unattached; -Werror promotes to error
• QUIC token handler warning, configurable draft negotiation P2: InsecureQuicTokenHandler logged with awareness message. P3: draft setting and response header configurable via system properties; response mirrors client draft header.

🔧 Changed

• skip XSS and admin agents-tab tests pending #2598 selector fix
• add CLI runtime Playwright tests for console WebSocket verification
• wire CLI runtime E2E tests into CI workflow
• migrate 5 samples from custom UI to Atmosphere Console
• regression test for SlidingWindowCompaction all-system-messages hard cap Verifies compaction enforces maxMessages even when all messages are system role (Window 9 P2)
• add 6 regression tests for WebTransport review findings UTF-8 multibyte across chunks, findNewline byte scanner, AltSvc header gated on server running state
• update multi-agent README with all new features Activity streaming, SanityCheck/LlmResultEvaluator, SqliteCheckpointStore, skill: prefix, WebTransport discovery, remark-gfm journal tables
• bump version to 4.0.33
• prepare for next development iteration 4.0.34-SNAPSHOT

... (truncated)

Commits

• 1611e8b release: Atmosphere 4.0.34
• b8f1fe6 test(e2e): skip XSS and admin agents-tab tests pending #2598 selector fix
• 9a45751 fix(e2e): cli-runtime tests use pre-built JARs, not atmosphere run
• d5cb231 fix(e2e): switch to auth-free sample, scope admin agents tab selector
• c828ae3 fix(e2e): protocol mismatch fixes, selector ambiguities, skip incompatible tests
• 8b84516 fix(e2e): improved WebTransport and admin test resilience
• dd98f92 fix(e2e): inject auth token for admin event stream WebSocket connection
• aab1106 fix(e2e): WebTransport tests tolerate missing QUIC, admin timeout increase
• de77c46 fix(e2e): update 6 test specs for console UI migration
• b3a193f fix(e2e): correct CLI path resolution in cli-runtime.spec.ts
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)