{"id":15014281,"url":"https://github.com/atmosphere/atmosphere","last_synced_at":"2026-05-13T02:15:10.747Z","repository":{"id":41398000,"uuid":"749137","full_name":"Atmosphere/atmosphere","owner":"Atmosphere","description":"The transport-agnostic real-time framework for the JVM. WebSocket, SSE, Long-Polling, gRPC, MCP — one API, any transport.","archived":false,"fork":false,"pushed_at":"2026-03-27T03:19:22.000Z","size":174808,"stargazers_count":3745,"open_issues_count":46,"forks_count":755,"subscribers_count":230,"default_branch":"main","last_synced_at":"2026-03-27T07:46:42.424Z","etag":null,"topics":["agentic-ai","event-driven","java","mcp","quarkus","spring-boot","sse","streaming","websocket"],"latest_commit_sha":null,"homepage":"https://async-io.org/","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Atmosphere.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null},"funding":{"github":["atmosphere"]}},"created_at":"2010-06-30T14:26:23.000Z","updated_at":"2026-03-27T03:19:26.000Z","dependencies_parsed_at":"2024-02-06T10:50:56.832Z","dependency_job_id":"ec1184b9-e401-4fbf-a13a-54cdce1c45f3","html_url":"https://github.com/Atmosphere/atmosphere","commit_stats":{"total_commits":5785,"total_committers":175,"mean_commits":33.05714285714286,"dds":"0.12411408815903202","last_synced_commit":"d867b1cc88b75a21362183664b1a1143abf3fd67"},"previous_names":[],"tags_count":292,"template":false,"template_full_name":null,"purl":"pkg:github/Atmosphere/atmosphere","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Atmosphere%2Fatmosphere","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Atmosphere%2Fatmosphere/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Atmosphere%2Fatmosphere/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Atmosphere%2Fatmosphere/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Atmosphere","download_url":"https://codeload.github.com/Atmosphere/atmosphere/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Atmosphere%2Fatmosphere/sbom","scorecard":{"id":17380,"data":{"date":"2025-08-11","repo":{"name":"github.com/Atmosphere/atmosphere","commit":"a6aef78171d49b1eb42a4c2d3bc89df7cefa532a"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.7,"checks":[{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Code-Review","score":2,"reason":"Found 6/25 approved changesets -- score normalized to 2","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":0,"reason":"1 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1","Warn: no topLevel permission defined: .github/workflows/maven.yml:1","Warn: no topLevel permission defined: .github/workflows/mavenpublish.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/Atmosphere/atmosphere/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/Atmosphere/atmosphere/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/Atmosphere/atmosphere/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/Atmosphere/atmosphere/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/maven.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/Atmosphere/atmosphere/maven.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/maven.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/Atmosphere/atmosphere/maven.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/mavenpublish.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/Atmosphere/atmosphere/mavenpublish.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/mavenpublish.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/Atmosphere/atmosphere/mavenpublish.yml/main?enable=pin","Info:   0 out of   8 GitHub-owned GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: license/LICENSE-2.0.txt:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":7,"reason":"SAST tool detected but not run on all commits","details":["Info: SAST configuration detected: CodeQL","Warn: 0 commits out of 11 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-14T16:05:28.739Z","repository_id":41398000,"created_at":"2025-08-14T16:05:28.739Z","updated_at":"2025-08-14T16:05:28.739Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31291354,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-01T13:12:26.723Z","status":"ssl_error","status_checked_at":"2026-04-01T13:12:25.102Z","response_time":53,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["agentic-ai","event-driven","java","mcp","quarkus","spring-boot","sse","streaming","websocket"],"created_at":"2024-09-24T19:45:24.822Z","updated_at":"2026-05-13T02:15:10.732Z","avatar_url":"https://github.com/Atmosphere.png","language":"Java","funding_links":["https://github.com/sponsors/atmosphere"],"categories":["The latest additions 🎉"],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n  \u003cimg src=\"logo.png\" alt=\"Atmosphere\" width=\"120\"/\u003e\n\u003c/p\u003e\n\n\u003ch1 align=\"center\"\u003eAtmosphere\u003c/h1\u003e\n\n\u003cp align=\"center\"\u003e\n  A framework for building streaming AI agents on the JVM. Atmosphere owns the transport layer — tokens flow from the LLM runtime to the client through a broadcaster you can filter, gate, and observe. \u003ccode\u003e@Agent\u003c/code\u003e declares the behavior; the framework handles streaming, tool calling, memory, reconnect, authorization, and cost accounting.\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://central.sonatype.com/artifact/org.atmosphere/atmosphere-runtime\"\u003e\u003cimg src=\"https://img.shields.io/maven-central/v/org.atmosphere/atmosphere-runtime?label=Maven%20Central\u0026color=blue\" alt=\"Maven Central\"/\u003e\u003c/a\u003e\n  \u003ca href=\"https://www.npmjs.com/package/atmosphere.js\"\u003e\u003cimg src=\"https://img.shields.io/npm/v/atmosphere.js?label=atmosphere.js\u0026color=blue\" alt=\"npm\"/\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/Atmosphere/atmosphere/actions/workflows/ci.yml\"\u003e\u003cimg src=\"https://github.com/Atmosphere/atmosphere/actions/workflows/ci.yml/badge.svg?branch=main\" alt=\"CI: Core\"/\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/Atmosphere/atmosphere/actions/workflows/e2e.yml\"\u003e\u003cimg src=\"https://github.com/Atmosphere/atmosphere/actions/workflows/e2e.yml/badge.svg?branch=main\" alt=\"CI: E2E\"/\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/Atmosphere/atmosphere/actions/workflows/ci-js.yml\"\u003e\u003cimg src=\"https://github.com/Atmosphere/atmosphere/actions/workflows/ci-js.yml/badge.svg?branch=main\" alt=\"CI: atmosphere.js\"/\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n---\n\nA `@Agent` class runs on one of nine `AgentRuntime` adapters — a built-in OpenAI-compatible client plus framework integrations for Spring AI, LangChain4j, Google ADK, JetBrains Koog, Microsoft Semantic Kernel, and Alibaba AgentScope on Spring Boot 4, with Embabel and Spring AI Alibaba pinned to Spring Boot 3.5 (see the [adapter table](#ai-runtimes)). The same `@Agent` is served over five transports (WebTransport over HTTP/3, WebSocket, SSE, long-polling, gRPC), three agent protocols (MCP, A2A v1.0.0, AG-UI), and five external messaging channels (Slack, Telegram, Discord, WhatsApp, Messenger) in addition to the default browser endpoint. Runtime, transport, and channel are swapped by changing a Maven dependency.\n\nAtmosphere owns the broadcaster, which enables capabilities a pure orchestration library cannot provide: per-token PII rewriting in flight, per-tenant cost ceilings that block dispatch at the gateway, durable reconnect that replays mid-stream events after a client drop, triple-gate authorization on the admin control plane.\n\n## Quick Start\n\n```bash\nbrew install Atmosphere/tap/atmosphere\n\n# or\n\ncurl -fsSL https://raw.githubusercontent.com/Atmosphere/atmosphere/main/cli/install.sh | sh\n\n# Run a built-in agent sample\natmosphere run spring-boot-multi-agent-startup-team\n\n# Or scaffold your own project from a sample\natmosphere new my-agent --template ai-chat\n\n# Swap the AI runtime by injecting the matching adapter (`builtin` is the default).\n# Add `--force` to strip pre-pinned adapters first — useful on samples like ai-tools\n# that already ship with one provider wired up.\natmosphere new my-agent --template ai-chat --runtime spring-ai\n\n# Import a skill from an allowed skills repo\natmosphere import https://github.com/anthropics/skills/blob/main/skills/frontend-design/SKILL.md\ncd frontend-design \u0026\u0026 LLM_API_KEY=your-key ./mvnw spring-boot:run\n```\n\n## `@Agent`\n\nOne annotation. The framework wires everything based on what's in the class and what's on the classpath.\n\n```java\n// Registers this class as an agent — auto-discovered at startup.\n// Endpoints are created based on which modules are on the classpath:\n// WebSocket, MCP, A2A, AG-UI, Slack, Telegram, etc.\n@Agent(name = \"my-agent\", description = \"What this agent does\")\npublic class MyAgent {\n\n    // Handles user messages. The message is forwarded to whichever AI runtime\n    // is on the classpath (Spring AI, LangChain4j, ADK, etc.) and the LLM\n    // response is streamed back token-by-token through the session.\n    @Prompt\n    public void onMessage(String message, StreamingSession session) {\n        session.stream(message);\n    }\n\n    // Slash command — executed directly, no LLM call.\n    // Auto-listed in /help. Works on every channel (web, Slack, Telegram…).\n    @Command(value = \"/status\", description = \"Show status\")\n    public String status() {\n        return \"All systems operational\";\n    }\n\n    // confirm = \"...\" enables human-in-the-loop: the client must approve\n    // before the method body runs. The virtual thread parks until approval.\n    @Command(value = \"/reset\", description = \"Reset data\",\n             confirm = \"This will delete all data. Are you sure?\")\n    public String reset() {\n        return dataService.resetAll();\n    }\n\n    // Registered as a tool the LLM can invoke during inference.\n    // Also exposed as an MCP tool if atmosphere-mcp is on the classpath.\n    @AiTool(name = \"lookup\", description = \"Look up data\")\n    public String lookup(@Param(\"query\") String query) {\n        return dataService.find(query);\n    }\n}\n```\n\nWhat this registers depends on which modules are on the classpath:\n\n| Module on classpath | What gets registered |\n|---|---|\n| `atmosphere-agent` (required) | WebSocket endpoint at `/atmosphere/agent/my-agent` with streaming AI, conversation memory, `/help` auto-generation |\n| `atmosphere-mcp` | MCP endpoint at `/atmosphere/agent/my-agent/mcp` |\n| `atmosphere-a2a` | A2A endpoint at `/atmosphere/agent/my-agent/a2a` with Agent Card discovery |\n| `atmosphere-agui` | AG-UI endpoint at `/atmosphere/agent/my-agent/agui` |\n| `atmosphere-channels` + bot token | Same agent responds on Slack, Telegram, Discord, WhatsApp, Messenger |\n| `atmosphere-admin` | Admin dashboard at `/atmosphere/admin/` with live event stream |\n| (built-in) | Console UI at `/atmosphere/console/` |\n\n## Modules\n\n### Real-time core\n\n| Capability | Module | Key types |\n|---|---|---|\n| Streaming transports | `atmosphere-runtime` | WebTransport/HTTP3, WebSocket, SSE, long-polling, gRPC — negotiated via `AsyncSupport`; Jetty 12 QUIC native or Reactor Netty HTTP/3 sidecar |\n| Authentication | `atmosphere-runtime` | `TokenValidator`, `TokenRefresher`, `AuthInterceptor` — rejects at WebSocket / HTTP upgrade |\n| Observability | `atmosphere-runtime`, `atmosphere-ai` | OpenTelemetry spans, Micrometer metrics, token usage; `BusinessMdcBenchmark` pins the MDC hot-path cost |\n| Business tags | `atmosphere-ai` | `BusinessMetadata` → SLF4J MDC (tenant, customer, session, event kind) |\n\n### Agents\n\n| Capability | Module | Key types |\n|---|---|---|\n| Agent declaration | `atmosphere-agent` | `@Agent`, `@Prompt`, `@Command`, `@AiTool`, `@RequiresApproval` |\n| Skill files | `atmosphere-agent` | Markdown system prompts with tool / guardrail / channel sections; classpath-discovered |\n| Memory | `atmosphere-ai` | sliding window, LLM summarization; durable via `atmosphere-durable-sessions` (SQLite / Redis) |\n| Checkpoints | `atmosphere-checkpoint` | `CheckpointStore` — parent-chained snapshots, fork, resume by REST |\n| Reconnect \u0026 replay | `atmosphere-durable-sessions` + `RunRegistry` | clients reconnect with `X-Atmosphere-Run-Id`; `AiEndpointHandler` replays the mid-stream buffer to the new resource |\n| Grounded facts | `atmosphere-ai` | `FactResolver` SPI, per-turn; values escaped before prompt injection |\n| Permission modes | `atmosphere-ai` | `PermissionMode.DEFAULT` / `PLAN` / `ACCEPT_EDITS` / `BYPASS` / `DENY_ALL` — runtime config, not redeploy |\n\n### AI runtimes\n\n`atmosphere-ai` ships the `AgentRuntime` SPI plus the **Built-in** OpenAI-compatible adapter (works against OpenAI / Anthropic / Ollama / any OpenAI-compatible endpoint). Eight framework adapters live in their own modules — drop one on the classpath and `@Agent` dispatches through it. Each adapter's capability flags are pinned by a contract test in `AbstractAgentRuntimeContractTest.expectedCapabilities()`, so the rows below cannot drift from the running code.\n\n| Module | Backing framework | Spring Boot | Capability highlights | Notes |\n|---|---|---|---|---|\n| `atmosphere-ai` (Built-in) | OpenAI-compatible HTTP client | 3.5 / 4.0 | tool calling (5 rounds), JSON mode, vision, audio, prompt caching, token usage, native retry, tool-call deltas | Default. No third-party SDK on the classpath required. |\n| `atmosphere-spring-ai` | Spring AI 2.0.0-M6 | 4.0 | tool calling, structured output, vision, audio, prompt caching, token usage | |\n| `atmosphere-langchain4j` | LangChain4j 1.14.0 | 4.0 | tool calling, structured output, vision, audio, prompt caching, token usage | |\n| `atmosphere-adk` | Google ADK 1.2.0 | 4.0 | agent orchestration, tool calling, multi-modal, prompt caching | Multi-agent runtime — exposes `AGENT_ORCHESTRATION`. |\n| `atmosphere-koog` | JetBrains Koog 0.8.0 | 4.0 | agent orchestration, tool calling, multi-modal, prompt caching (Bedrock cache control), cancellation | Multi-agent runtime. |\n| `atmosphere-semantic-kernel` | Microsoft Semantic Kernel 1.5.0 | 4.0 | tool calling, structured output, token usage | No vision / audio path through the SK Java SDK today. |\n| `atmosphere-agentscope` | Alibaba AgentScope 1.0.12 | 4.0 | structured output, conversation memory, token usage, cancellation | No native tool-call dispatch in the SDK; tools must be invoked manually. |\n| `atmosphere-embabel` | Embabel 0.3.5 | **3.5 only** | agent orchestration, tool calling, vision, conversation memory | Embabel does not yet support Spring Boot 4. Use `atmosphere-spring-boot3-starter` and the `-Pspring-boot3` profile. |\n| `atmosphere-spring-ai-alibaba` | Spring AI Alibaba 1.1.2.2 (transitively pins Spring AI 1.1.2) | **3.5 only** | structured output, conversation memory | LLM round-trip is buffered by `ReactAgent.call()` — no token deltas; Atmosphere still streams the final reply chunk over WebSocket / SSE. For token-by-token streaming, use `atmosphere-spring-ai`. SB4 path blocked on Alibaba publishing a Spring AI 2.x agent-framework. |\n\nThe full capability matrix (text streaming, tool calling, structured output, system prompt, agent orchestration, conversation memory, tool approval, vision, audio, multi-modal, prompt caching, token usage, per-request retry, tool-call deltas) lives in [`modules/ai/README.md`](modules/ai/README.md#capability-matrix); contract tests fail the build if any runtime drifts from its declared row.\n\n### Multi-agent, protocols, channels\n\n| Capability | Module | Key types |\n|---|---|---|\n| Multi-agent coordination | `atmosphere-coordinator` | `@Coordinator`, `@Fleet`, `@AgentRef`; `LocalAgentTransport` (in-JVM) and `A2aAgentTransport` (HTTP JSON-RPC); parallel / sequential / conditional routing; coordination journal |\n| Agent protocols | `atmosphere-mcp`, `atmosphere-a2a`, `atmosphere-agui` | auto-registered endpoint per `@Agent` per protocol; A2A v1.0.0 with pre-1.0 method aliases |\n| Messaging channels | `atmosphere-channels` | Five `MessagingChannel` implementations: Slack, Telegram, Discord, WhatsApp, Messenger — one `@Command` dispatched to all, plus the default browser endpoint via WebSocket / SSE |\n| Evaluation | `atmosphere-ai-test` | `LlmJudge` (`meetsIntent`, `isGroundedIn`, `hasQuality`); `AbstractAgentRuntimeContractTest` for runtime contract pinning |\n\n### Governance \u0026 compliance\n\n| Capability | Module | Key types |\n|---|---|---|\n| Guardrails | `atmosphere-ai` | `PiiRedactionGuardrail`, `OutputLengthZScoreGuardrail` (tenant-partitioned), `CostCeilingGuardrail` |\n| Governance policy plane | `atmosphere-ai` | `GovernancePolicy` SPI; YAML `PolicyParser` auto-detects Atmosphere-native + [Microsoft Agent Governance Toolkit](https://github.com/microsoft/agent-governance-toolkit) schema; MS-compatible `POST /api/admin/governance/check` |\n| Policy admission primitives | `atmosphere-ai` | `AllowListPolicy`, `DenyListPolicy`, `MessageLengthPolicy`, `RateLimitPolicy`, `ConcurrencyLimitPolicy`, `TimeWindowPolicy`, `MetadataPresencePolicy`, `AuthorizationPolicy`, `ConfidenceThresholdGuardrail` — composable via `PolicyRing` |\n| Ops primitives | `atmosphere-ai` | `KillSwitchPolicy` break-glass; `DryRunPolicy` shadow rollouts; `SwappablePolicy` hot-reload; `SloTracker` burn-rate; `PolicyHashDigest` drift detection |\n| Multi-agent governance | `atmosphere-coordinator` | `FleetInterceptor` SPI for per-dispatch gating; `GovernanceFleetInterceptor` bridges `FleetInterceptor` → `GovernancePolicy` at the coord→specialist edge |\n| Commitment records | `atmosphere-coordinator` | W3C Verifiable-Credential-subtype records signed Ed25519; `CommitmentRecordsFlag` flag-off default; admin Commitments tab |\n| Plan-and-verify | `atmosphere-verifier` | Static verification of LLM-emitted tool-call workflows ([Meijer, *Guardians of the Agents*, CACM Jan 2026](https://cacm.acm.org/research/guardians-of-the-agents/)); sealed `Workflow` AST; six `PlanVerifier` SPIs (Allowlist / WellFormedness / Capability / Taint / Automaton / Smt); `@Sink` + `@RequiresCapability` co-located policy; `verify` CLI |\n| Stream-level PII rewrite | `atmosphere-ai` | `PiiRedactionFilter` — `BroadcasterFilter` auto-installed; rewrites tokens before bytes flush to the client |\n| Cost enforcement | `atmosphere-ai` | `CostCeilingAccountant` bridges `TokenUsage` → `CostCeilingGuardrail.addCost` keyed by `business.tenant.id`; per-tenant budgets block dispatch |\n| Compliance evidence | `atmosphere-ai` | OWASP Agentic Top 10 + EU AI Act / HIPAA / SOC 2 matrices; CI-enforced via `OwaspMatrixPinTest`, `ComplianceMatrixPinTest`, `EvidenceConsumerGrepPinTest` |\n\n### Admin \u0026 sandbox\n\n| Capability | Module | Key types |\n|---|---|---|\n| Admin control plane | `atmosphere-admin` | `/atmosphere/admin/` UI, `/api/admin/*` REST, MCP tools; triple-gate (feature flag → Principal → `ControlAuthorizer`) |\n| Flow viewer | `atmosphere-admin` | `GET /api/admin/flow` — JSON graph keyed by `coordinationId` (nodes, edges, success / failure / avg duration) |\n| Admin governance surface | `atmosphere-admin` + starter | `GET /governance/{policies,health,decisions,owasp,compliance,agt-verify}`; `POST /governance/{check,reload,kill-switch/arm,kill-switch/disarm}` |\n| Sandbox | `atmosphere-sandbox` | `Sandbox` / `SandboxProvider` SPI; two providers ship in-tree — `DockerSandboxProvider` (default; `--network none`, argv-form exec, strict mount validation) and `InProcessSandboxProvider` (tests). The `ServiceLoader` is open for third-party Firecracker / Kata / Vercel Sandbox / E2B / Modal / Blaxel providers; none ship in-tree. |\n\n## Governance\n\nDrop `atmosphere-policies.yaml` on the classpath and every `@Prompt` and `@AiTool` dispatch flows through it. No code changes, no redeploy on policy edits.\n\n```yaml\n# atmosphere-policies.yaml\nversion: \"1.0\"\npolicies:\n  - name: deny-destructive-sql\n    type: deny-list\n    config:\n      phrases: [\"DROP TABLE\", \"TRUNCATE\", \"DELETE FROM\"]\n  - name: tenant-cost-ceiling\n    type: cost-ceiling\n    config:\n      ceilingDollars: 50.0\n```\n\nOr annotate an endpoint with `@AgentScope` so a customer-support bot stops answering Python questions:\n\n```java\n@AiEndpoint(\"/support\")\n@AgentScope(\n    purpose = \"Customer support — orders, billing, store hours\",\n    forbiddenTopics = {\"code\", \"programming\", \"medical advice\"},\n    onBreach = AgentScope.Breach.POLITE_REDIRECT)\npublic class SupportAgent { /* @Prompt method */ }\n```\n\nYAML auto-detects either Atmosphere-native shape or [Microsoft Agent Governance Toolkit](https://github.com/microsoft/agent-governance-toolkit) schema; an MS rule like `{field: tool_name, operator: eq, value: drop_database, action: deny}` fires before the tool's executor runs. Decisions are surfaced at `GET /api/admin/governance/decisions`, mapped to OWASP Agentic Top 10 + EU AI Act / HIPAA / SOC2 evidence at `GET /api/admin/governance/agt-verify` (the same shape MS's `agt verify` CLI consumes), and a Vue admin tab renders the live state.\n\nOptional sinks ship in separate modules: `atmosphere-ai-audit-kafka`, `atmosphere-ai-audit-postgres`, `atmosphere-ai-policy-rego` (OPA), `atmosphere-ai-policy-cedar` (AWS).\n\n[Governance policy plane reference](docs/governance-policy-plane.md) · [tutorial site](https://atmosphere.github.io/docs/reference/governance/) · [`ms-governance-chat` sample](samples/spring-boot-ms-governance-chat/)\n\n## Client — atmosphere.js\n\n```bash\nnpm install atmosphere.js\n```\n\n```tsx\nimport { useStreaming } from 'atmosphere.js/react';\n\nfunction Chat() {\n  const { fullText, isStreaming, send } = useStreaming({\n    request: {\n      url: '/atmosphere/agent/my-agent',\n      transport: 'webtransport',         // HTTP/3 over QUIC\n      fallbackTransport: 'websocket',    // auto-fallback\n    },\n  });\n  return \u003cp\u003e{fullText}\u003c/p\u003e;\n}\n```\n\nReact, [Vue](atmosphere.js/README.md#vue), [Svelte](atmosphere.js/README.md#svelte), and [React Native](atmosphere.js/README.md#react-native) bindings available. For Java/Kotlin clients, see [wAsync](modules/wasync/) — async WebSocket, SSE, long-polling, and gRPC client, shipped in-tree.\n\n## Samples\n\n| Sample | Description |\n|--------|-------------|\n| [startup team](samples/spring-boot-multi-agent-startup-team/) | `@Coordinator` with 4 A2A specialist agents |\n| [dentist agent](samples/spring-boot-dentist-agent/) | Commands, tools, skill file, Slack + Telegram |\n| [ai-tools](samples/spring-boot-ai-tools/) | Framework-agnostic tool calling + approval gates |\n| [orchestration-demo](samples/spring-boot-orchestration-demo/) | Agent handoffs and approval gates |\n| [chat](samples/spring-boot-chat/) | Room protocol, presence, WebTransport/HTTP3 |\n| [ai-chat](samples/spring-boot-ai-chat/) | AI chat with auth, WebTransport, caching |\n| [mcp-server](samples/spring-boot-mcp-server/) | MCP tools, resources, prompts |\n| [rag-chat](samples/spring-boot-rag-chat/) | RAG with knowledge base search tools |\n| [a2a-agent](samples/spring-boot-a2a-agent/) | A2A assistant with weather/time tools |\n| [agui-chat](samples/spring-boot-agui-chat/) | AG-UI framework integration |\n| [durable-sessions](samples/spring-boot-durable-sessions/) | SQLite/Redis session persistence |\n| [checkpoint-agent](samples/spring-boot-checkpoint-agent/) | Durable HITL workflow — @Coordinator + CheckpointStore + REST approval |\n| [ai-classroom](samples/spring-boot-ai-classroom/) | Multi-room collaborative AI |\n| [ms-governance-chat](samples/spring-boot-ms-governance-chat/) | Chat gated by [Microsoft Agent Governance Toolkit](https://github.com/microsoft/agent-governance-toolkit) YAML (MS schema, verbatim) |\n| [channels-chat](samples/spring-boot-channels-chat/) | Slack, Telegram, Discord, WhatsApp, Messenger |\n| [personal-assistant](samples/spring-boot-personal-assistant/) | `@Coordinator` + `AgentFleet` over `InMemoryProtocolBridge`, `@AiTool` → crew dispatch, OpenClaw workspace |\n| [coding-agent](samples/spring-boot-coding-agent/) | Docker `Sandbox` provider — clone, read, stream real file bytes to the client |\n| [guarded-email-agent](samples/spring-boot-guarded-email-agent/) | Plan-and-verify demo — LLM-emitted workflow refused by `TaintVerifier` before any tool fires (Meijer \"Guardians of the Agents\" pattern) |\n\n[All samples](samples/) \u0026middot; `atmosphere install` for interactive picker \u0026middot; `atmosphere compose` to scaffold multi-agent projects \u0026middot; [CLI reference](cli/README.md)\n\n## Getting Started\n\n```xml\n\u003c!-- Spring Boot 4.0 starter --\u003e\n\u003cdependency\u003e\n    \u003cgroupId\u003eorg.atmosphere\u003c/groupId\u003e\n    \u003cartifactId\u003eatmosphere-spring-boot-starter\u003c/artifactId\u003e\n    \u003cversion\u003e${atmosphere.version}\u003c/version\u003e\n\u003c/dependency\u003e\n\n\u003c!-- Agent module (required for @Agent, @Coordinator) --\u003e\n\u003cdependency\u003e\n    \u003cgroupId\u003eorg.atmosphere\u003c/groupId\u003e\n    \u003cartifactId\u003eatmosphere-agent\u003c/artifactId\u003e\n    \u003cversion\u003e${atmosphere.version}\u003c/version\u003e\n\u003c/dependency\u003e\n```\n\nAdd only what you need — every module below is opt-in and auto-registers when on the classpath:\n\n- **AI runtime** — `atmosphere-ai` (Built-in), or one of the framework adapters listed in the [adapter table](#ai-runtimes)\n- **Protocols** — `atmosphere-mcp`, `atmosphere-a2a`, `atmosphere-agui`\n- **External channels** — `atmosphere-channels` (Slack, Telegram, Discord, WhatsApp, Messenger)\n- **Multi-agent** — `atmosphere-coordinator`\n- **Admin / control plane** — `atmosphere-admin`\n- **Plan-and-verify** — `atmosphere-verifier`\n- **Sandbox** — `atmosphere-sandbox` (Docker by default)\n- **Durable sessions / replay** — `atmosphere-durable-sessions` plus `atmosphere-durable-sessions-sqlite` or `atmosphere-durable-sessions-redis`\n- **Checkpoints** — `atmosphere-checkpoint`\n- **Audit sinks** — `atmosphere-ai-audit-kafka`, `atmosphere-ai-audit-postgres`\n- **Policy engines** — `atmosphere-ai-policy-rego` (OPA), `atmosphere-ai-policy-cedar` (AWS Cedar)\n\nFor Spring Boot 3.5 deployments (required if you use Embabel or Spring AI Alibaba), substitute `atmosphere-spring-boot3-starter` and build with the `-Pspring-boot3` profile.\n\n**Requirements:** Java 21+ \u0026middot; Spring Boot 4.0.5 (or 3.5 via the `-Pspring-boot3` profile) or Quarkus 3.35.2+ \u0026middot; Current release: see the Maven Central badge above\n\n## Documentation\n\n[Tutorial](https://atmosphere.github.io/docs/tutorial/01-introduction/) \u0026middot; [Full docs](https://atmosphere.github.io/docs/) \u0026middot; [CLI](cli/README.md) \u0026middot; [Javadoc](https://atmosphere.github.io/apidocs/) \u0026middot; [Samples](samples/)\n\n## Commercial Support\n\nProduction support tiers (Bronze / Silver / Gold / Platinum), compliance attestation (OWASP Agentic Top 10, EU AI Act, HIPAA, SOC 2), [Microsoft Agent Governance Toolkit](https://github.com/microsoft/agent-governance-toolkit) interop, [plan-and-verify](https://atmosphere.github.io/docs/tutorial/33-plan-and-verify/) (`atmosphere-verifier`), A2A v1.0.0 alignment, and legacy Atmosphere 2.x / 3.x long-term support are available from [Async-IO](https://async-io.live/#support). Book a 30-min architecture call: [async-io.live/contact](https://async-io.live/contact/).\n\n## Companion Projects\n\n| Project | Description |\n|---------|-------------|\n| [atmosphere-skills](https://github.com/Atmosphere/atmosphere-skills) | Curated agent skill files — personality, tools, guardrails |\n| [homebrew-tap](https://github.com/Atmosphere/homebrew-tap) | Homebrew formulae for the Atmosphere CLI |\n\n## License\n\nApache 2.0 — @Copyright 2008-2026 [Async-IO.org](https://async-io.live)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fatmosphere%2Fatmosphere","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fatmosphere%2Fatmosphere","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fatmosphere%2Fatmosphere/lists"}