update from workm8/ag-ui-4j

Author: pascalwilbrink

.DS_Store

@@ -0,0 +1,83 @@
+# CLAUDE.md
+
+This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
+
+## Development Commands
+
+### Build Commands
+- **Full build**: `mvn clean compile` - Compiles all modules
+- **Run tests**: `mvn test` - Executes unit tests across all modules
+- **Full verification**:
+- `mvn clean verify` - Runs complete build with tests and quality checks
+- **Coverage analysis**: `mvn clean test -Pcoverage` - Runs tests with JaCoCo coverage reports
+- **Code quality**: `mvn sonar:sonar` - Runs SonarCloud analysis (requires configuration)
+
+### Testing Commands
+- **Unit tests only**: `mvn surefire:test` - Runs unit tests using Surefire plugin
+- **Integration tests**: `mvn failsafe:integration-test` - Runs integration tests using Failsafe plugin
+- **Test a specific module**: `mvn test -pl packages/core` - Tests only the core module
+
+### Package Management
+- **Package without tests**: `mvn package -DskipTests` - Fast packaging
+- **Deploy to GitHub Packages**: `mvn deploy` - Deploys artifacts to GitHub Packages repository
+
+## Project Architecture
+
+AG-UI-4J is an Agent User Interaction Protocol for Java that provides a framework for building AI agent interactions with streaming event-based communication.
+
+### Module Structure
+
+- **packages/core**: Core interfaces and models (`Agent`, `BaseMessage`, events)
+- **packages/client**: Client library for consuming agent services
+- **packages/http**: HTTP utilities and communication layer
+- **packages/server**: Server-side implementation components
+- **integrations/spring-ai**: Spring AI integration with `SpringAIAgent`
+- **integrations/langchain4j**: LangChain4j integration with `Langchain4jAgent`
+- **servers/spring**: Spring Boot server implementation
+- **clients/ok-http**: OkHttp client implementation
+- **utils/json**: JSON utilities with Jackson mixins
+- **examples/**: Working examples for Spring AI and LangChain4j
+
+### Core Architecture Patterns
+
+#### Agent Pattern
+The `Agent` interface (packages/core/src/main/java/com/agui/core/agent/Agent.java:49) defines the contract:
+```java
+CompletableFuture<Void> runAgent(RunAgentParameters parameters, AgentSubscriber subscriber);
+```
+
+All agents implement this interface for asynchronous execution with real-time event streaming.
+
+#### Event-Driven Communication
+The system uses streaming events for real-time updates:
+- **Text events**: `TextMessageStartEvent`, `TextMessageContentEvent`, `TextMessageEndEvent`
+- **Tool events**: `ToolCallStartEvent`, `ToolCallArgsEvent`, `ToolCallEndEvent`, `ToolCallResultEvent`
+- **Run lifecycle**: `RunStartedEvent`, `RunFinishedEvent`, `RunErrorEvent`
+- **Thinking events**: `ThinkingStartEvent`, `ThinkingEndEvent` with content events
+
+#### Integration Strategy
+- **SpringAIAgent**: Uses Spring AI's reactive streaming with `ChatClient` and `ToolCallback`
+- **Langchain4jAgent**: Integrates with `StreamingChatModel` and `StreamingChatResponseHandler`
+- Both agents extend `LocalAgent` base class for common functionality
+
+#### Message System
+Unified message types across all integrations:
+- `SystemMessage`, `UserMessage`, `AssistantMessage`, `DeveloperMessage`, `ToolMessage`
+- Message mappers convert between ag-ui-4j format and integration-specific formats
+
+### Build Profiles
+- **local** (default): Skips Javadoc and source generation for faster development
+- **github-actions**: Enables full documentation generation for CI/CD
+- **coverage**: Activates JaCoCo for code coverage analysis
+
+### Java Version
+- **Source/Target**: Java 17 (minimum)
+- **Recommended**: Java 21 LTS
+
+### Key Dependencies
+- **Spring AI**: Chat models, tools, and advisors integration
+- **LangChain4j**: Streaming chat models and tool execution
+- **Jackson**: JSON serialization with custom mixins
+- **JUnit 5**: Testing framework
+- **AssertJ**: Fluent assertions for tests
+- **Maven**: Build and dependency management

sdks/.DS_Store

@@ -172,11 +172,11 @@ Then create a pull request on GitHub with:
 
 ```java
 // Package structure example
-io.workm8.agui4j.core.*          // Core functionality
-io.workm8.agui4j.client.*        // Client libraries
-io.workm8.agui4j.http.*          // HTTP utilities
-io.workm8.agui4j.spring.*        // Spring integrations
-io.workm8.agui4j.util.*          // Utility classes
+com.ag-ui.core.*          // Core functionality
+com.ag-ui.client.*        // Client libraries
+com.ag-ui.http.*          // HTTP utilities
+com.ag-ui.spring.*        // Spring integrations
+com.ag-ui.util.*          // Utility classes
 ```
 
 ### Error Handling

sdks/community/.DS_Store

@@ -0,0 +1,206 @@
+# Security Policy
+
+## 🛡️ Our Commitment to Security
+
+The AG-UI-4J project takes security seriously. We appreciate the security research community's efforts in helping us maintain the security of our project and protecting our users.
+
+## 📋 Supported Versions
+
+We provide security updates for the following versions of AG-UI-4J:
+
+| Version | Supported          | Notes                    |
+| ------- | ------------------ | ------------------------ |
+| 1.0.x   | ✅ Yes             | Current stable release   |
+| < 1.0   | ❌ No              | Development versions     |
+
+**Note:** As this project is currently in development (pre-1.0), security updates will be applied to the main branch. Once we reach stable releases, this table will be updated with our long-term support policy.
+
+## 🚨 Reporting Security Vulnerabilities
+
+**Please DO NOT report security vulnerabilities through public GitHub issues, discussions, or pull requests.**
+
+Instead, please report security vulnerabilities responsibly through one of these methods:
+
+### Primary Method: GitHub Security Advisories (Recommended)
+1. Navigate to the [Security Advisories page](https://github.com/Work-m8/ag-ui-4j/security/advisories)
+2. Click "Report a vulnerability"
+3. Fill out the vulnerability report form
+4. Submit the report
+
+### Alternative Method: Direct Email
+If you cannot use GitHub Security Advisories, email us directly:
+- **Email:** [[email protected]](mailto:[email protected])
+- **Subject:** `[SECURITY] AG-UI-4J Vulnerability Report`
+
+## 📝 What to Include in Your Report
+
+To help us understand and resolve the issue quickly, please include as much of the following information as possible:
+
+### Required Information
+- **Description** of the vulnerability
+- **Steps to reproduce** the issue
+- **Affected versions** of AG-UI-4J
+- **Impact assessment** (what an attacker could achieve)
+
+### Additional Helpful Information
+- **Proof of concept** code or screenshots
+- **Suggested fix** if you have one
+- **CVSS score** if you've calculated one
+- **Related CVE numbers** if applicable
+- **Your preferred contact method** for follow-up
+
+### Example Report Template
+```
+**Vulnerability Type:** [e.g., SQL Injection, XSS, Authentication Bypass]
+**Affected Component:** [e.g., packages/http, packages/client]
+**Affected Versions:** [e.g., All versions, 1.0.0-1.0.5]
+**Severity:** [e.g., Critical, High, Medium, Low]
+
+**Description:**
+[Detailed description of the vulnerability]
+
+**Steps to Reproduce:**
+1. [Step 1]
+2. [Step 2]
+3. [Step 3]
+
+**Impact:**
+[What an attacker could achieve]
+
+**Proof of Concept:**
+[Code snippet, screenshots, or detailed explanation]
+
+**Suggested Fix:**
+[If you have suggestions for fixing the issue]
+```
+
+## ⏱️ Response Timeline
+
+We are committed to responding to security reports promptly:
+
+| Timeline | Action |
+|----------|--------|
+| **Within 24 hours** | Initial acknowledgment of your report |
+| **Within 72 hours** | Preliminary assessment and triage |
+| **Within 7 days** | Detailed response with our findings |
+| **Within 30 days** | Resolution or detailed timeline for complex issues |
+
+## 🔒 Security Update Process
+
+### Our Process
+1. **Validation** - We verify and reproduce the reported vulnerability
+2. **Assessment** - We assess the impact and assign a severity level
+3. **Development** - We develop and test a fix
+4. **Review** - Internal security review of the fix
+5. **Release** - We release the security update
+6. **Disclosure** - We publish details after users have had time to update
+
+### Severity Levels
+We use the following severity classification:
+
+- **Critical** - Immediate threat to data integrity or system security
+- **High** - Significant security risk that should be addressed quickly
+- **Medium** - Moderate security risk with limited impact
+- **Low** - Minor security improvement or hardening opportunity
+
+## 📢 Security Announcements
+
+Security updates and announcements will be published through:
+
+- **GitHub Security Advisories** - Primary announcement method
+- **GitHub Releases** - Security releases will be clearly marked
+- **CHANGELOG.md** - Security fixes will be documented
+- **Repository README** - Critical security notices when applicable
+
+## 🛠️ Security Best Practices for Users
+
+### For Developers Using AG-UI-4J
+
+1. **Keep Dependencies Updated**
+   ```bash
+   mvn dependency:display-plugin-updates
+   mvn versions:display-dependency-updates
+   ```
+
+2. **Use Dependency Scanning**
+   ```bash
+   mvn org.owasp:dependency-check-maven:check
+   ```
+
+3. **Follow Secure Coding Practices**
+   - Validate all inputs
+   - Use parameterized queries
+   - Implement proper authentication and authorization
+   - Handle errors securely (don't expose sensitive information)
+
+4. **Regular Security Audits**
+   - Review your application's security posture regularly
+   - Keep AG-UI-4J updated to the latest version
+   - Monitor security advisories
+
+### For AG-UI-4J Contributors
+
+1. **Code Review Requirements**
+   - All code changes require review by at least one maintainer
+   - Security-sensitive changes require additional security review
+
+2. **Dependency Management**
+   - New dependencies must be justified and reviewed
+   - Dependencies should be kept to minimum necessary versions
+   - Regular dependency updates via Dependabot
+
+3. **Testing Requirements**
+   - Security-related changes require comprehensive tests
+   - Include negative test cases (invalid inputs, edge cases)
+
+## 🔍 Known Security Considerations
+
+### Current Security Features
+- **Input Validation** - [Describe current validation mechanisms]
+- **Authentication** - [Describe authentication methods if applicable]
+- **Authorization** - [Describe authorization controls if applicable]
+- **Data Protection** - [Describe data protection measures]
+
+### Security Roadmap
+As the project evolves, we plan to implement:
+- Comprehensive input validation framework
+- Security testing automation
+- Regular security audits
+- Penetration testing for major releases
+
+## 🏆 Security Hall of Fame
+
+We recognize and thank security researchers who have responsibly disclosed vulnerabilities:
+
+<!-- This section will be populated as we receive and resolve security reports -->
+*No security reports have been received yet. Be the first to help us improve our security!*
+
+## 📚 Additional Resources
+
+### Security Tools and Standards
+- [OWASP Top 10](https://owasp.org/www-project-top-ten/)
+- [OWASP Java Security Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Java_Security_Cheat_Sheet.html)
+- [CWE (Common Weakness Enumeration)](https://cwe.mitre.org/)
+- [CVSS Calculator](https://www.first.org/cvss/calculator/3.1)
+
+### Related Documentation
+- [Contributing Guidelines](CONTRIBUTING.md)
+- [Code of Conduct](CODE_OF_CONDUCT.md)
+- [Project Documentation](docs/)
+
+## 📞 Contact Information
+
+### Security Team
+- **Primary Contact:** Pascal Wilbrink ([[email protected]](mailto:[email protected]))
+- **GitHub:** [@pascalwilbrink](https://github.com/pascalwilbrink)
+
+### General Questions
+For general security questions (not vulnerability reports):
+- **GitHub Discussions:** [AG-UI-4J Discussions](https://github.com/Work-m8/ag-ui-4j/discussions)
+- **GitHub Issues:** [Create a question issue](https://github.com/Work-m8/ag-ui-4j/issues/new?template=question.yml)
+
+---
+
+**Thank you for helping keep AG-UI-4J and our community safe!** 🙏
+
+*Last updated: August 9 2025*

sdks/community/java/.DS_Store

@@ -5,13 +5,13 @@
 
 ---
 
-This package contains the [Abstract Agent](./src/main/java/io/workm8/agui4j/client/agent/AbstractAgent.java).
+This package contains the [Abstract Agent](./src/main/java/com/agui/client/agent/AbstractAgent.java).
 
 ### Dependency
 
 ```xml
 <dependency>
-    <groupId>io.workm8.agui4j</groupId>
+    <groupId>com.ag-ui</groupId>
     <artifactId>client</artifactId>
     <version>4.12.0</version>
 </dependency>

sdks/community/java/CLAUDE.md

@@ -4,7 +4,7 @@
          xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
     <modelVersion>4.0.0</modelVersion>
     <parent>
-        <groupId>io.workm8.agui4j</groupId>
+        <groupId>com.ag-ui</groupId>
         <artifactId>ag-ui</artifactId>
         <version>0.0.1</version>
         <relativePath>../../pom.xml</relativePath>
@@ -13,8 +13,8 @@
     <artifactId>ok-http</artifactId>
     <version>${okhttp.version}</version>
 
-    <name>AG-UI-4J Ok-http</name>
-    <description>AG-UI-4J Ok-http Client</description>
+    <name>AG-UI Ok-http</name>
+    <description>AG-UI Ok-http Client</description>
 
     <properties>
         <okhttp.version>4.12.0</okhttp.version>
@@ -24,12 +24,12 @@
 
     <dependencies>
         <dependency>
-            <groupId>io.workm8.agui4j</groupId>
+            <groupId>com.ag-ui</groupId>
             <artifactId>http</artifactId>
             <version>${ag-ui.version}</version>
         </dependency>
         <dependency>
-            <groupId>io.workm8.agui4j</groupId>
+            <groupId>com.ag-ui</groupId>
             <artifactId>json</artifactId>
             <version>${ag-ui.version}</version>
         </dependency>

sdks/community/java/CONTRIBUTING.md

@@ -1,11 +1,10 @@
-package io.workm8.agui4j.okhttp;
+package com.agui.okhttp;
 
+import com.agui.core.agent.RunAgentInput;
+import com.agui.core.event.BaseEvent;
+import com.agui.json.ObjectMapperFactory;
 import com.fasterxml.jackson.databind.ObjectMapper;
-
-import io.workm8.agui4j.core.agent.RunAgentInput;
-import io.workm8.agui4j.core.event.BaseEvent;
-import io.workm8.agui4j.http.BaseHttpClient;
-import io.workm8.agui4j.json.ObjectMapperFactory;
+import com.agui.http.BaseHttpClient;
 import okhttp3.*;
 
 import java.io.BufferedReader;
@@ -27,7 +26,7 @@
  * Key features:
  * <ul>
  * <li>Server-Sent Events (SSE) support for real-time event streaming</li>
- * <li>JSON serialization/deserialization using Jackson with agui4j mixins</li>
+ * <li>JSON serialization/deserialization using Jackson with agui mixins</li>
  * <li>Cancellation support through both CompletableFuture and AtomicBoolean tokens</li>
  * <li>Infinite read timeout for long-lived streaming connections</li>
  * <li>Automatic HTTP connection management and cleanup</li>
@@ -78,7 +77,7 @@ public class HttpClient implements BaseHttpClient {
      * <p>
      * This constructor initializes the OkHttp client with optimized settings
      * for streaming connections and configures Jackson ObjectMapper with
-     * agui4j-specific mixins for proper event serialization.
+     * agui-specific mixins for proper event serialization.
      * <p>
      * The OkHttp client is configured with:
      * <ul>