Releases: actcore/act-cli
Releases · actcore/act-cli
Release list
0.10.1
Added
- Experimental WebAssembly GC support — the runtime now enables the
function-references and GC proposals, so GC-backed guest languages
(Kotlin/Wasm, and future JVM/Dart targets) can load. Experimental spike;
additive for existing components. - WebAssembly exception-handling support — components carrying
C++-exception extensions (e.g. numpy 2.x's pocketfft) now run. Additive:
components without the exceptions proposal are unaffected.
Fixed
- Fresh checkouts and git worktrees now build without manually copying WIT
dependencies —act-cli'swit/depsare vendored into the repo.
0.10.0
Added
- New
act-policycrate — the capability decision core (PDP) extracted into
a standalone, wasm-portable library: a pluggableCapabilityProvider
framework with built-inwasi:filesystem/wasi:http/wasi:sockets
providers plus a generic glob provider for semantic capability classes (e.g.
db:*).act-clinow makes all of its capability decisions through it. wasi:socketscapability grants may now omitportsto allow any port
(previously a non-empty port list was required).
Changed
- Migrated the host to
act:tools@0.2.0/act:sessions@0.2.0(act:core
unchanged at0.4.0). Both packages split their function-free data model into
a dedicatedtypesinterface:tool-definition,content-part,tool-event
andlist-tools-responsenow live inact:tools/types, and thesession
record inact:sessions/types, whiletool-result(the onlystream<>-bearing
type) and the async provider functions stay in their provider interfaces. This
lets sync-shim adaptersusethe data types without pulling in the async
signatures. The 0.1.0 surface is dropped entirely — there is no dual-version
support. Components must export the@0.2.0interfaces to load. act-build inittemplates (Rust, Python, JS) now scaffold against
act:tools/tool-provider@0.2.0.- Filesystem read-only access is now enforced. A component that declares a
path asrocan no longer write to it — previously thero/rwmode was
declared but not enforced. Components declaringrware unaffected. - Upgraded wasmtime to 46 and wired the final WASI 0.3.0 interfaces.
- WIT dependencies are now fetched with
wkginstead ofwit-deps.
0.9.0
This release reworks the capability/sandbox surface into one uniform grant model
and switches to ask-by-default. It is a breaking release — the flag, metadata,
and default-policy changes are called out below.
Added
act inspectsubcommands.act inspect component-manifest --format json
dumps the rawact:componentmanifest (used by actpkg.dev for capability
extraction);act inspect toolsdumps the rawlist-toolsoutput.- TOON output format (
--format toon) forinfo,store list, and
inspect— a compact, LLM-friendly encoding (~40% fewer tokens than JSON). - Declarative filesystem mounts. Typed
bind/rootmounts declared by a
component are resolved into wasmtime preopens, converging the legacy
mount-rootonto the same path-rewriting model.act-buildvalidates declared
mounts and warns on drift/redundant sugar.
Changed
- Uniform capability grant model (breaking). The per-class
--fs-*/--http-*/--sockets-*flags are replaced by generic, id-keyed grants:
--grant '<json>',--allow <id>,--deny <id>. Grants key on a capability
id (wasi:filesystem,wasi:http,wasi:sockets, or a semantic class) with
provider-defined constraints, resolving exact > longest*-prefix > default
across the global/profile/CLI layers (default inherits across layers). HTTP
CIDRs and socket port/protocol scoping are preserved. Built on the uniform
act-types0.11 capability model. - Ask-by-default (breaking). With no grant, a capability now resolves to
ask(prompt-on-access, remembered per session) instead of a hard deny.
Interactive runs prompt on the TTY;--mcpruns prompt the client over an MCP
elicitation channel; headless runs with no prompt channel degrade to deny.
Prompts are bounded by the component's declared ceiling — out-of-ceiling access
is denied without prompting. --metadatasplit (breaking). Repeatable-m key=valuepasses string
metadata;--metadata-json '<obj>'passes a typed JSON object.
Removed
- Per-class capability flags (
--fs-policy/--fs-allow/--fs-denyand thehttp/
socketsequivalents) and theACT_FS_ALLOW/ACT_HTTP_ALLOW/
ACT_SOCKETS_ALLOWenv vars — superseded by the uniform grant flags and the
[policy]config section.
0.8.3
Added
act-build pack --set <key>=<value>— override resolved component-metadata
fields at pack time (e.g.--set std.name=sqlite-vec), for feature-conditional builds.
Changed
act-build init rustscaffolds components on act-sdk 0.9 (lean
#[act_component], metadata embedded byact-build pack) with wit-bindgen 0.58.- Bundled
act-typesupdated to 0.9 — the shared CBOR↔JSON$bytesenvelope
codec is now in the host (info/calloutput paths).
0.8.2
Added
--max-memoryflag (onrun/call/info) caps a component's
WebAssembly linear memory. Accepts a byte count or a size with a unit —
binary (512MiB) or decimal (512MB). When a component tries to grow memory
past the cap, the growth fails inside the sandbox instead of ballooning the
host process — useful when running untrusted components (e.g. metadata/tool
extraction withact info --tools).
0.8.1
Changed
act-buildnow lowercases OCI repository names before pushing (tags are
preserved), so pushes to registries that reject uppercase repositories
succeed.- Updated dependencies, including swapping the unmaintained
fs2file-lock
crate forfs4inact-store.
Fixed
act-build validateno longer rejects valid components. The tool-provider
interface moved fromact:coreto theact:toolspackage; validate now
recognizesact:tools/tool-providerinstead of the obsolete
act:core/tool-provider.act-buildnow reports the same manifest digest the registry stores. It
previously hashed a non-canonical serialization while pushing canonical
JSON, so digest-pinned pulls 404'd; it now hashes and pushes the identical
canonical bytes, with a warn-only cross-check against the registry's
returned digest.
0.8.0
Added
act-storeworkspace crate — a content-addressed OCI image-layout
component store shared between act-cli and act-toolserver. Resolves remote
refs read-through, preserves upstream OCI manifests verbatim (so signatures
remain meaningful), and collects connected artifacts on pull (sigstore
bundle, SBOM, SLSA provenance, ...) via the OCI 1.1 referrers API. Lives
at<XDG_DATA_HOME>/act/store(~/.local/share/act/storeon Linux).
Published to crates.io as a standalone library for downstream consumers.act storesubcommand group for managing the local component store:act store list [--format text|json]— list every stored component.act store update [<ref>]— re-resolve stored refs and re-pull any
whose upstream digest moved. Without an argument, updates every
component; mutable tags (:latest,:0.1) advance,@sha256:pins
never do.act store gc— delete store blobs no longer referenced by any
component.
Changed
- Remote refs resolve through the shared store instead of the bespoke
~/.cache/act/components/<sha256(ref)>.wasmcache.act run/call/info
read-through the store (pulling on first use, then serving from disk).
Local files still run in place; the store is populated for them only when
you explicitlyact pull <file>. act pullnow populates the shared store (with referrer collection
for OCI sources).-o/-Ostill optionally export a copy.- Component reference parsing is centralized in
act-store::Refso
act-cli and act-toolserver agree on howoci://,https://,file://,
and bare refs are normalized. - Release workflow publishes the entire workspace to crates.io
(cargo publish --workspace), so new crates added anywhere in the
workspace ship on the next tagged release without a workflow edit.
Removed
- The legacy
~/.cache/act/components/<sha256(ref)>.wasmcache is no longer
written or consulted. Existing cache files are harmless leftovers you can
delete by hand; act-store starts fresh in its own data dir.
0.7.6
Added
act run --session-args '<json>': pre-open a single session at startup and
serve the component as "session-of-1". Every call transparently uses the
pre-opened session, the session machinery is hidden from clients (no MCP
virtualopen_session/close_sessiontools, no/sessionsHTTP endpoints),
and any client-suppliedstd:session-idis overridden. Requires a component
that exportsact:sessions/session-provider. (Previously--session-args
was available only onact callfor a single invocation.)
0.7.5
Fixed
cargo install act-clinow works without setting
RUSTFLAGS='--cfg reqwest_unstable'. The unused reqwesthttp3feature has
been dropped (HTTP/2 support is unaffected).
0.7.4
Added
wasi:socketssandboxing — restrict a component's outbound socket
access with--sockets-policy,--sockets-allow, and--sockets-deny
(host/CIDR + ports/protocols, e.g.db:5432/tcp), configurable via flags,
theACT_SOCKETS_ALLOWenv var, or config profiles. Enforced as a
capability ceiling in the wasmtime store.act-build init <lang>— scaffold a new component for Rust, Python, or
JavaScript in one command, with--outputto choose the target directory
and ready-to-run test targets.- MCP over Streamable HTTP — serve the MCP adapter over Streamable HTTP
withact run <component> --mcp --http. file://component references —act run file:///abs/path.wasmnow
resolves to a local file. An explicit URI scheme (file://,oci://,
http(s)://) is now authoritative and selects the reference kind directly
instead of going through path/OCI guessing.
Changed
- Upgraded dependencies, most notably wasmtime 43 -> 45.
- The MCP bridge now injects a
_metaargument channel into tool schemas so
LLM-driven MCP clients can passstd:session-idto session-provider
components.