Skip to content

Releases: actcore/act-cli

0.10.1

Choose a tag to compare

@github-actions github-actions released this 28 Jun 21:43

Added

  • Experimental WebAssembly GC support — the runtime now enables the
    function-references and GC proposals, so GC-backed guest languages
    (Kotlin/Wasm, and future JVM/Dart targets) can load. Experimental spike;
    additive for existing components.
  • WebAssembly exception-handling support — components carrying
    C++-exception extensions (e.g. numpy 2.x's pocketfft) now run. Additive:
    components without the exceptions proposal are unaffected.

Fixed

  • Fresh checkouts and git worktrees now build without manually copying WIT
    dependencies — act-cli's wit/deps are vendored into the repo.

0.10.0

Choose a tag to compare

@github-actions github-actions released this 26 Jun 11:07

Added

  • New act-policy crate — the capability decision core (PDP) extracted into
    a standalone, wasm-portable library: a pluggable CapabilityProvider
    framework with built-in wasi:filesystem / wasi:http / wasi:sockets
    providers plus a generic glob provider for semantic capability classes (e.g.
    db:*). act-cli now makes all of its capability decisions through it.
  • wasi:sockets capability grants may now omit ports to allow any port
    (previously a non-empty port list was required).

Changed

  • Migrated the host to act:tools@0.2.0 / act:sessions@0.2.0 (act:core
    unchanged at 0.4.0). Both packages split their function-free data model into
    a dedicated types interface: tool-definition, content-part, tool-event
    and list-tools-response now live in act:tools/types, and the session
    record in act:sessions/types, while tool-result (the only stream<>-bearing
    type) and the async provider functions stay in their provider interfaces. This
    lets sync-shim adapters use the data types without pulling in the async
    signatures. The 0.1.0 surface is dropped entirely — there is no dual-version
    support. Components must export the @0.2.0 interfaces to load.
  • act-build init templates (Rust, Python, JS) now scaffold against
    act:tools/tool-provider@0.2.0.
  • Filesystem read-only access is now enforced. A component that declares a
    path as ro can no longer write to it — previously the ro/rw mode was
    declared but not enforced. Components declaring rw are unaffected.
  • Upgraded wasmtime to 46 and wired the final WASI 0.3.0 interfaces.
  • WIT dependencies are now fetched with wkg instead of wit-deps.

0.9.0

Choose a tag to compare

@github-actions github-actions released this 22 Jun 13:33

This release reworks the capability/sandbox surface into one uniform grant model
and switches to ask-by-default. It is a breaking release — the flag, metadata,
and default-policy changes are called out below.

Added

  • act inspect subcommands. act inspect component-manifest --format json
    dumps the raw act:component manifest (used by actpkg.dev for capability
    extraction); act inspect tools dumps the raw list-tools output.
  • TOON output format (--format toon) for info, store list, and
    inspect — a compact, LLM-friendly encoding (~40% fewer tokens than JSON).
  • Declarative filesystem mounts. Typed bind/root mounts declared by a
    component are resolved into wasmtime preopens, converging the legacy
    mount-root onto the same path-rewriting model. act-build validates declared
    mounts and warns on drift/redundant sugar.

Changed

  • Uniform capability grant model (breaking). The per-class
    --fs-*/--http-*/--sockets-* flags are replaced by generic, id-keyed grants:
    --grant '<json>', --allow <id>, --deny <id>. Grants key on a capability
    id (wasi:filesystem, wasi:http, wasi:sockets, or a semantic class) with
    provider-defined constraints, resolving exact > longest *-prefix > default
    across the global/profile/CLI layers (default inherits across layers). HTTP
    CIDRs and socket port/protocol scoping are preserved. Built on the uniform
    act-types 0.11 capability model.
  • Ask-by-default (breaking). With no grant, a capability now resolves to
    ask (prompt-on-access, remembered per session) instead of a hard deny.
    Interactive runs prompt on the TTY; --mcp runs prompt the client over an MCP
    elicitation channel; headless runs with no prompt channel degrade to deny.
    Prompts are bounded by the component's declared ceiling — out-of-ceiling access
    is denied without prompting.
  • --metadata split (breaking). Repeatable -m key=value passes string
    metadata; --metadata-json '<obj>' passes a typed JSON object.

Removed

  • Per-class capability flags (--fs-policy/--fs-allow/--fs-deny and the http/
    sockets equivalents) and the ACT_FS_ALLOW/ACT_HTTP_ALLOW/
    ACT_SOCKETS_ALLOW env vars — superseded by the uniform grant flags and the
    [policy] config section.

0.8.3

Choose a tag to compare

@github-actions github-actions released this 16 Jun 20:38

Added

  • act-build pack --set <key>=<value> — override resolved component-metadata
    fields at pack time (e.g. --set std.name=sqlite-vec), for feature-conditional builds.

Changed

  • act-build init rust scaffolds components on act-sdk 0.9 (lean
    #[act_component], metadata embedded by act-build pack) with wit-bindgen 0.58.
  • Bundled act-types updated to 0.9 — the shared CBOR↔JSON $bytes envelope
    codec is now in the host (info / call output paths).

0.8.2

Choose a tag to compare

@github-actions github-actions released this 11 Jun 17:53

Added

  • --max-memory flag (on run / call / info) caps a component's
    WebAssembly linear memory. Accepts a byte count or a size with a unit —
    binary (512MiB) or decimal (512MB). When a component tries to grow memory
    past the cap, the growth fails inside the sandbox instead of ballooning the
    host process — useful when running untrusted components (e.g. metadata/tool
    extraction with act info --tools).

0.8.1

Choose a tag to compare

@github-actions github-actions released this 09 Jun 20:35

Changed

  • act-build now lowercases OCI repository names before pushing (tags are
    preserved), so pushes to registries that reject uppercase repositories
    succeed.
  • Updated dependencies, including swapping the unmaintained fs2 file-lock
    crate for fs4 in act-store.

Fixed

  • act-build validate no longer rejects valid components. The tool-provider
    interface moved from act:core to the act:tools package; validate now
    recognizes act:tools/tool-provider instead of the obsolete
    act:core/tool-provider.
  • act-build now reports the same manifest digest the registry stores. It
    previously hashed a non-canonical serialization while pushing canonical
    JSON, so digest-pinned pulls 404'd; it now hashes and pushes the identical
    canonical bytes, with a warn-only cross-check against the registry's
    returned digest.

0.8.0

Choose a tag to compare

@github-actions github-actions released this 02 Jun 18:15

Added

  • act-store workspace crate — a content-addressed OCI image-layout
    component store shared between act-cli and act-toolserver. Resolves remote
    refs read-through, preserves upstream OCI manifests verbatim (so signatures
    remain meaningful), and collects connected artifacts on pull (sigstore
    bundle, SBOM, SLSA provenance, ...) via the OCI 1.1 referrers API. Lives
    at <XDG_DATA_HOME>/act/store (~/.local/share/act/store on Linux).
    Published to crates.io as a standalone library for downstream consumers.
  • act store subcommand group for managing the local component store:
    • act store list [--format text|json] — list every stored component.
    • act store update [<ref>] — re-resolve stored refs and re-pull any
      whose upstream digest moved. Without an argument, updates every
      component; mutable tags (:latest, :0.1) advance, @sha256: pins
      never do.
    • act store gc — delete store blobs no longer referenced by any
      component.

Changed

  • Remote refs resolve through the shared store instead of the bespoke
    ~/.cache/act/components/<sha256(ref)>.wasm cache. act run/call/info
    read-through the store (pulling on first use, then serving from disk).
    Local files still run in place; the store is populated for them only when
    you explicitly act pull <file>.
  • act pull now populates the shared store (with referrer collection
    for OCI sources). -o/-O still optionally export a copy.
  • Component reference parsing is centralized in act-store::Ref so
    act-cli and act-toolserver agree on how oci://, https://, file://,
    and bare refs are normalized.
  • Release workflow publishes the entire workspace to crates.io
    (cargo publish --workspace), so new crates added anywhere in the
    workspace ship on the next tagged release without a workflow edit.

Removed

  • The legacy ~/.cache/act/components/<sha256(ref)>.wasm cache is no longer
    written or consulted. Existing cache files are harmless leftovers you can
    delete by hand; act-store starts fresh in its own data dir.

0.7.6

Choose a tag to compare

@github-actions github-actions released this 26 May 07:38

Added

  • act run --session-args '<json>': pre-open a single session at startup and
    serve the component as "session-of-1". Every call transparently uses the
    pre-opened session, the session machinery is hidden from clients (no MCP
    virtual open_session/close_session tools, no /sessions HTTP endpoints),
    and any client-supplied std:session-id is overridden. Requires a component
    that exports act:sessions/session-provider. (Previously --session-args
    was available only on act call for a single invocation.)

0.7.5

Choose a tag to compare

@github-actions github-actions released this 25 May 13:03

Fixed

  • cargo install act-cli now works without setting
    RUSTFLAGS='--cfg reqwest_unstable'. The unused reqwest http3 feature has
    been dropped (HTTP/2 support is unaffected).

0.7.4

Choose a tag to compare

@github-actions github-actions released this 24 May 20:25

Added

  • wasi:sockets sandboxing — restrict a component's outbound socket
    access with --sockets-policy, --sockets-allow, and --sockets-deny
    (host/CIDR + ports/protocols, e.g. db:5432/tcp), configurable via flags,
    the ACT_SOCKETS_ALLOW env var, or config profiles. Enforced as a
    capability ceiling in the wasmtime store.
  • act-build init <lang> — scaffold a new component for Rust, Python, or
    JavaScript in one command, with --output to choose the target directory
    and ready-to-run test targets.
  • MCP over Streamable HTTP — serve the MCP adapter over Streamable HTTP
    with act run <component> --mcp --http.
  • file:// component referencesact run file:///abs/path.wasm now
    resolves to a local file. An explicit URI scheme (file://, oci://,
    http(s)://) is now authoritative and selects the reference kind directly
    instead of going through path/OCI guessing.

Changed

  • Upgraded dependencies, most notably wasmtime 43 -> 45.
  • The MCP bridge now injects a _meta argument channel into tool schemas so
    LLM-driven MCP clients can pass std:session-id to session-provider
    components.