act-cli 0.3.0__tar.gz → 0.3.2__tar.gz

{act_cli-0.3.0 → act_cli-0.3.2}/CHANGELOG.md

@@ -5,6 +5,36 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [0.3.2] - 2026-03-29
+
+### Added
+
+- `--http` flag for `act run` — explicit HTTP transport selection, `--listen` now accepts port number or full address
+- Universal agent skill (`skills/act/SKILL.md`) — works with Claude Code, Cursor, OpenCode, Codex, OpenClaw via `npx skills add actcore/act-cli`
+- SECURITY.md with trusted publishing, SBOM, and sandbox policies
+- Snap packaging (experimental)
+
+### Changed
+
+- npm root package moved to `@actcore/act`
+- README rewritten with current CLI commands and platform support matrix
+
+### Fixed
+
+- OCI refs with numeric tags (e.g. `ghcr.io/actpkg/sqlite:0.1.0`) now resolved correctly
+- Tracing filter uses `act=info` instead of `act_cli=info` to match binary name
+
+## [0.3.1] - 2026-03-26
+
+### Changed
+
+- Publish workflow uses crates.io trusted publishing (OIDC) instead of long-lived API token
+
+### Fixed
+
+- SBOM artifact path in release workflow
+- npm publish no longer misinterprets tarball paths as git URLs
+
 ## [0.3.0] - 2026-03-26
 
 ### Added

{act_cli-0.3.0 → act_cli-0.3.2}/Cargo.lock

@@ -4,7 +4,7 @@ version = 4
 
 [[package]]
 name = "act-cli"
-version = "0.3.0"
+version = "0.3.2"
 dependencies = [
  "act-types",
  "anyhow",

{act_cli-0.3.0 → act_cli-0.3.2}/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "act-cli"
-version = "0.3.0"
+version = "0.3.2"
 edition = "2024"
 description = "CLI host for ACT (Agent Component Tools) WebAssembly components"
 license = "MIT OR Apache-2.0"

act_cli-0.3.2/PKG-INFO

@@ -0,0 +1,100 @@
+Metadata-Version: 2.4
+Name: act-cli
+Version: 0.3.2
+Classifier: Development Status :: 4 - Beta
+Classifier: Environment :: Console
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: License :: OSI Approved :: Apache Software License
+Classifier: Topic :: Software Development :: Libraries
+License-File: LICENSE-APACHE
+License-File: LICENSE-MIT
+Summary: CLI host for ACT (Agent Component Tools) WebAssembly components
+Keywords: act,wasm,component-model,mcp,agent
+Home-Page: https://actcore.dev
+License: MIT OR Apache-2.0
+Requires-Python: >=3.8
+Description-Content-Type: text/markdown; charset=UTF-8; variant=GFM
+Project-URL: Homepage, https://actcore.dev
+Project-URL: Repository, https://github.com/actcore/act-cli
+
+# ACT CLI
+
+CLI host for [ACT](https://actcore.dev) (Agent Component Tools) — run WebAssembly component tools from local files, HTTP URLs, or OCI registries.
+
+## Install
+
+```bash
+npm i -g @actcore/act        # npm
+pip install act-cli           # PyPI
+cargo install act-cli         # crates.io
+```
+
+Pre-built binaries available on [GitHub Releases](https://github.com/actcore/act-cli/releases) and Docker (`ghcr.io/actcore/act`).
+
+## Quick Start
+
+```bash
+# Discover tools in a component
+act info --tools ghcr.io/actpkg/sqlite:0.1.0
+
+# Call a tool
+act call ghcr.io/actpkg/sqlite:0.1.0 query \
+  --args '{"sql":"SELECT sqlite_version()"}' \
+  --metadata '{"database_path":"/data/app.db"}' \
+  --allow-dir /data:./data
+
+# Serve over HTTP
+act run -l ghcr.io/actpkg/sqlite:0.1.0
+
+# Serve over MCP stdio
+act run --mcp ghcr.io/actpkg/sqlite:0.1.0
+```
+
+Components can be referenced as:
+- **OCI refs:** `ghcr.io/actpkg/sqlite:0.1.0`
+- **HTTP URLs:** `https://example.com/component.wasm`
+- **Local paths:** `./component.wasm`
+
+Remote components are cached in `~/.cache/act/components/`.
+
+## Commands
+
+| Command | Description |
+|---------|-------------|
+| `run`   | Serve a component over ACT-HTTP (`-l`) or MCP stdio (`--mcp`) |
+| `call`  | Call a tool directly, print result to stdout |
+| `info`  | Show component metadata, tools, and schemas (`--tools`, `--format text\|json`) |
+| `pull`  | Download a component from OCI or HTTP to local file |
+
+## HTTP Endpoints (`run -l`)
+
+| Method | Path | Description |
+|--------|------|-------------|
+| `GET` | `/info` | Component metadata |
+| `POST` | `/metadata-schema` | JSON Schema for metadata |
+| `POST/QUERY` | `/tools` | List tools |
+| `POST/QUERY` | `/tools/{name}` | Call a tool (SSE with `Accept: text/event-stream`) |
+
+## Platform Support
+
+| Architecture | Linux (GNU) | Linux (musl) | macOS | Windows | Docker |
+|-------------|:-----------:|:------------:|:-----:|:-------:|:------:|
+| x86_64      | ✓           | ✓            | ✓     | ✓       | ✓      |
+| aarch64     | ✓           | ✓            | ✓     | ✓       | ✓      |
+| riscv64     | ✓           | ✓            | —     | —       | ✓      |
+
+RISC-V (`riscv64`) is a first-class target. Regressions on RISC-V are release-blocking.
+
+## Building
+
+```bash
+cargo build --release
+```
+
+Set `RUST_LOG=act=debug` for verbose output.
+
+## License
+
+MIT OR Apache-2.0
+

act_cli-0.3.2/README.md

@@ -0,0 +1,79 @@
+# ACT CLI
+
+CLI host for [ACT](https://actcore.dev) (Agent Component Tools) — run WebAssembly component tools from local files, HTTP URLs, or OCI registries.
+
+## Install
+
+```bash
+npm i -g @actcore/act        # npm
+pip install act-cli           # PyPI
+cargo install act-cli         # crates.io
+```
+
+Pre-built binaries available on [GitHub Releases](https://github.com/actcore/act-cli/releases) and Docker (`ghcr.io/actcore/act`).
+
+## Quick Start
+
+```bash
+# Discover tools in a component
+act info --tools ghcr.io/actpkg/sqlite:0.1.0
+
+# Call a tool
+act call ghcr.io/actpkg/sqlite:0.1.0 query \
+  --args '{"sql":"SELECT sqlite_version()"}' \
+  --metadata '{"database_path":"/data/app.db"}' \
+  --allow-dir /data:./data
+
+# Serve over HTTP
+act run -l ghcr.io/actpkg/sqlite:0.1.0
+
+# Serve over MCP stdio
+act run --mcp ghcr.io/actpkg/sqlite:0.1.0
+```
+
+Components can be referenced as:
+- **OCI refs:** `ghcr.io/actpkg/sqlite:0.1.0`
+- **HTTP URLs:** `https://example.com/component.wasm`
+- **Local paths:** `./component.wasm`
+
+Remote components are cached in `~/.cache/act/components/`.
+
+## Commands
+
+| Command | Description |
+|---------|-------------|
+| `run`   | Serve a component over ACT-HTTP (`-l`) or MCP stdio (`--mcp`) |
+| `call`  | Call a tool directly, print result to stdout |
+| `info`  | Show component metadata, tools, and schemas (`--tools`, `--format text\|json`) |
+| `pull`  | Download a component from OCI or HTTP to local file |
+
+## HTTP Endpoints (`run -l`)
+
+| Method | Path | Description |
+|--------|------|-------------|
+| `GET` | `/info` | Component metadata |
+| `POST` | `/metadata-schema` | JSON Schema for metadata |
+| `POST/QUERY` | `/tools` | List tools |
+| `POST/QUERY` | `/tools/{name}` | Call a tool (SSE with `Accept: text/event-stream`) |
+
+## Platform Support
+
+| Architecture | Linux (GNU) | Linux (musl) | macOS | Windows | Docker |
+|-------------|:-----------:|:------------:|:-----:|:-------:|:------:|
+| x86_64      | ✓           | ✓            | ✓     | ✓       | ✓      |
+| aarch64     | ✓           | ✓            | ✓     | ✓       | ✓      |
+| riscv64     | ✓           | ✓            | —     | —       | ✓      |
+
+RISC-V (`riscv64`) is a first-class target. Regressions on RISC-V are release-blocking.
+
+## Building
+
+```bash
+cargo build --release
+```
+
+Set `RUST_LOG=act=debug` for verbose output.
+
+## License
+
+MIT OR Apache-2.0

{act_cli-0.3.0 → act_cli-0.3.2}/src/main.rs

@@ -50,13 +50,17 @@ enum Cli {
         /// Component reference (path, URL, OCI ref, or name)
         component: String,
 
-        /// Serve over MCP stdio instead of HTTP
+        /// Serve over MCP stdio
         #[arg(long)]
         mcp: bool,
 
-        /// Address to listen on (host:port). Default: [::1]:3000
-        #[arg(short, long, num_args = 0..=1, default_missing_value = "[::1]:3000")]
-        listen: Option<SocketAddr>,
+        /// Serve over ACT-HTTP
+        #[arg(long)]
+        http: bool,
+
+        /// Listen address: [host]:port or just port (default: [::1]:3000)
+        #[arg(short, long)]
+        listen: Option<String>,
 
         #[command(flatten)]
         opts: CommonOpts,
@@ -127,8 +131,8 @@ async fn main() -> Result<()> {
             .ok()
             .and_then(|c| c.log_level);
         let directive = match log_level.as_deref() {
-            Some(level) => format!("act_cli={level}"),
-            None => "act_cli=info".to_string(),
+            Some(level) => format!("act={level}"),
+            None => "act=info".to_string(),
         };
         directive.parse().expect("valid log filter")
     };
@@ -142,9 +146,10 @@ async fn main() -> Result<()> {
         Cli::Run {
             component,
             mcp,
+            http,
             listen,
             opts,
-        } => cmd_run(component, mcp, listen, opts).await,
+        } => cmd_run(component, mcp, http, listen, opts).await,
         Cli::Call {
             component,
             tool,
@@ -242,6 +247,13 @@ async fn prepare_component(component: &str, opts: &CommonOpts) -> Result<Prepare
         .map(|v| runtime::Metadata::from(v.clone()))
         .unwrap_or_default();
 
+    tracing::info!(
+        name = %info.name,
+        version = %info.version,
+        path = %component_path.display(),
+        "Loading component"
+    );
+
     let engine = runtime::create_engine()?;
     let wasm = runtime::load_component(&engine, &component_path)?;
     let linker = runtime::create_linker(&engine)?;
@@ -249,7 +261,7 @@ async fn prepare_component(component: &str, opts: &CommonOpts) -> Result<Prepare
         runtime::instantiate_component(&engine, &wasm, &linker, &fs_config).await?;
     let handle = runtime::spawn_component_actor(instance, store);
 
-    tracing::info!(name = %info.name, version = %info.version, "Loaded component");
+    tracing::info!(name = %info.name, version = %info.version, "Component ready");
 
     Ok(PreparedComponent {
         info,
@@ -260,14 +272,28 @@ async fn prepare_component(component: &str, opts: &CommonOpts) -> Result<Prepare
 
 // ── Commands ─────────────────────────────────────────────────────────────────
 
+/// Parse a listen address: either `[host]:port` or just a port number.
+fn parse_listen_addr(s: &str) -> Result<SocketAddr> {
+    // Try as full socket address first
+    if let Ok(addr) = s.parse::<SocketAddr>() {
+        return Ok(addr);
+    }
+    // Try as port number
+    if let Ok(port) = s.parse::<u16>() {
+        return Ok(SocketAddr::from(([0, 0, 0, 0, 0, 0, 0, 1], port)));
+    }
+    anyhow::bail!("invalid listen address: {s} (expected [host]:port or port number)")
+}
+
 async fn cmd_run(
     component: String,
     mcp: bool,
-    listen: Option<SocketAddr>,
+    http: bool,
+    listen: Option<String>,
     opts: CommonOpts,
 ) -> Result<()> {
-    if mcp && listen.is_some() {
-        anyhow::bail!("MCP over HTTP not yet supported");
+    if mcp && http {
+        anyhow::bail!("--mcp and --http are mutually exclusive");
     }
 
     if mcp {
@@ -275,7 +301,12 @@ async fn cmd_run(
         return mcp::run_stdio(pc.info, pc.handle, pc.metadata).await;
     }
 
-    if let Some(addr) = listen {
+    if http || listen.is_some() {
+        let addr = match &listen {
+            Some(s) => parse_listen_addr(s)?,
+            None => "[::1]:3000".parse().unwrap(),
+        };
+
         let pc = prepare_component(&component, &opts).await?;
 
         let state = Arc::new(http::AppState {
@@ -293,9 +324,7 @@ async fn cmd_run(
         return Ok(());
     }
 
-    anyhow::bail!(
-        "ACT stdio not yet implemented. Use --listen to serve over HTTP or --mcp for MCP stdio."
-    )
+    anyhow::bail!("Specify a transport: --http (ACT-HTTP server) or --mcp (MCP stdio)")
 }
 
 async fn cmd_call(component: String, tool: String, args: String, opts: CommonOpts) -> Result<()> {

{act_cli-0.3.0 → act_cli-0.3.2}/src/resolve.rs

@@ -31,7 +31,7 @@ pub enum ComponentRef {
 /// Registry host must contain a dot or be `localhost`.
 static OCI_RE: LazyLock<Regex> = LazyLock::new(|| {
     Regex::new(
-        r"^(?:localhost(?::\d+)?|[a-zA-Z0-9][\w.-]*\.[a-zA-Z]{2,}(?::\d+)?)/[a-zA-Z0-9][\w./-]*(?::[a-zA-Z][\w.-]*|@sha256:[a-fA-F0-9]+)?$"
+        r"^(?:localhost(?::\d+)?|[a-zA-Z0-9][\w.-]*\.[a-zA-Z]{2,}(?::\d+)?)/[a-zA-Z0-9][\w./-]*(?::[\w][\w.-]*|@sha256:[a-fA-F0-9]+)?$"
     ).unwrap()
 });
 
@@ -112,6 +112,7 @@ async fn cache_path(input: &str) -> Result<PathBuf> {
 /// If `fresh` is true, bypass cache and re-download.
 /// Returns the path to the .wasm file.
 pub async fn resolve(component_ref: &ComponentRef, fresh: bool) -> Result<PathBuf> {
+    tracing::info!(ref = %component_ref, "Resolving component");
     match component_ref {
         ComponentRef::Local(path) => {
             anyhow::ensure!(
@@ -119,6 +120,7 @@ pub async fn resolve(component_ref: &ComponentRef, fresh: bool) -> Result<PathBu
                 "component not found: {}",
                 path.display()
             );
+            tracing::debug!(path = %path.display(), "Using local component");
             Ok(path.clone())
         }
         ComponentRef::Http(url) => resolve_http(url.as_str(), fresh).await,
@@ -162,7 +164,7 @@ fn make_progress_bar(total: Option<u64>, message: &str) -> ProgressBar {
 async fn resolve_http(url: &str, fresh: bool) -> Result<PathBuf> {
     let cached = cache_path(url).await?;
     if !fresh && tokio::fs::try_exists(&cached).await.unwrap_or(false) {
-        tracing::debug!(%url, path = %cached.display(), "Using cached component");
+        tracing::info!(%url, path = %cached.display(), "Using cached component");
         return Ok(cached);
     }
 
@@ -196,7 +198,7 @@ async fn resolve_http(url: &str, fresh: bool) -> Result<PathBuf> {
 async fn resolve_oci(reference: &str, fresh: bool) -> Result<PathBuf> {
     let cached = cache_path(reference).await?;
     if !fresh && tokio::fs::try_exists(&cached).await.unwrap_or(false) {
-        tracing::debug!(%reference, path = %cached.display(), "Using cached component");
+        tracing::info!(%reference, path = %cached.display(), "Using cached component");
         return Ok(cached);
     }
 
@@ -309,6 +311,14 @@ mod tests {
         ));
     }
 
+    #[test]
+    fn parse_oci_semver_tag() {
+        assert!(matches!(
+            parse("ghcr.io/actpkg/sqlite:0.1.0"),
+            ComponentRef::Oci(_)
+        ));
+    }
+
     #[test]
     fn parse_local_relative() {
         assert!(matches!(parse("./component.wasm"), ComponentRef::Local(_)));

act_cli-0.3.0/PKG-INFO

@@ -1,72 +0,0 @@
-Metadata-Version: 2.4
-Name: act-cli
-Version: 0.3.0
-Classifier: Development Status :: 4 - Beta
-Classifier: Environment :: Console
-Classifier: Intended Audience :: Developers
-Classifier: License :: OSI Approved :: MIT License
-Classifier: License :: OSI Approved :: Apache Software License
-Classifier: Topic :: Software Development :: Libraries
-License-File: LICENSE-APACHE
-License-File: LICENSE-MIT
-Summary: CLI host for ACT (Agent Component Tools) WebAssembly components
-Keywords: act,wasm,component-model,mcp,agent
-Home-Page: https://actcore.dev
-License: MIT OR Apache-2.0
-Requires-Python: >=3.8
-Description-Content-Type: text/markdown; charset=UTF-8; variant=GFM
-Project-URL: Homepage, https://actcore.dev
-Project-URL: Repository, https://github.com/actcore/act-cli
-
-# act-cli
-
-CLI and reference host for [ACT](../act-spec/) — loads `.wasm` ACT components and serves them over HTTP or MCP (stdio).
-
-## Usage
-
-```
-act serve <component.wasm> [-l [::1]:3000]
-act call <component.wasm> <tool-name> [--args '{}'] [-c '{}']
-act mcp <component.wasm> [-c '{}'] [--config-file config.json]
-act info <component.wasm>
-act tools <component.wasm> [-c '{}']
-```
-
-Set `RUST_LOG=act_cli=debug` for verbose output.
-
-## Commands
-
-| Command | Description |
-|---------|-------------|
-| `serve` | Start ACT-HTTP server for a component |
-| `call`  | Call a tool directly, print result to stdout |
-| `mcp`   | Serve component as MCP server over stdio |
-| `info`  | Show component name, version, description, capabilities |
-| `tools` | List tools exposed by a component |
-
-## HTTP Endpoints (`serve`)
-
-| Method | Path | Description |
-|--------|------|-------------|
-| `GET` | `/info` | Component metadata |
-| `GET` | `/config-schema` | JSON Schema for config (204 if none) |
-| `GET` | `/tools` | List tools |
-| `POST` | `/tools/{name}` | Call a tool |
-
-## Building
-
-```
-cargo build --release
-```
-
-## Architecture
-
-```
-main.rs     CLI (clap) → subcommands (serve, call, mcp, info, tools)
-runtime.rs  wasmtime engine, component instantiation, actor pattern
-http.rs     axum routes, ACT-HTTP request/response handling
-mcp.rs      MCP JSON-RPC over stdio
-```
-
-The host uses an actor pattern: a single tokio task owns the wasmtime `Store` and component instance, receiving requests over an mpsc channel. This ensures single-threaded access to the Wasm component while allowing concurrent HTTP handling.
-

act_cli-0.3.0/README.md

@@ -1,51 +0,0 @@
-# act-cli
-
-CLI and reference host for [ACT](../act-spec/) — loads `.wasm` ACT components and serves them over HTTP or MCP (stdio).
-
-## Usage
-
-```
-act serve <component.wasm> [-l [::1]:3000]
-act call <component.wasm> <tool-name> [--args '{}'] [-c '{}']
-act mcp <component.wasm> [-c '{}'] [--config-file config.json]
-act info <component.wasm>
-act tools <component.wasm> [-c '{}']
-```
-
-Set `RUST_LOG=act_cli=debug` for verbose output.
-
-## Commands
-
-| Command | Description |
-|---------|-------------|
-| `serve` | Start ACT-HTTP server for a component |
-| `call`  | Call a tool directly, print result to stdout |
-| `mcp`   | Serve component as MCP server over stdio |
-| `info`  | Show component name, version, description, capabilities |
-| `tools` | List tools exposed by a component |
-
-## HTTP Endpoints (`serve`)
-
-| Method | Path | Description |
-|--------|------|-------------|
-| `GET` | `/info` | Component metadata |
-| `GET` | `/config-schema` | JSON Schema for config (204 if none) |
-| `GET` | `/tools` | List tools |
-| `POST` | `/tools/{name}` | Call a tool |
-
-## Building
-
-```
-cargo build --release
-```
-
-## Architecture
-
-```
-main.rs     CLI (clap) → subcommands (serve, call, mcp, info, tools)
-runtime.rs  wasmtime engine, component instantiation, actor pattern
-http.rs     axum routes, ACT-HTTP request/response handling
-mcp.rs      MCP JSON-RPC over stdio
-```
-
-The host uses an actor pattern: a single tokio task owns the wasmtime `Store` and component instance, receiving requests over an mpsc channel. This ensures single-threaded access to the Wasm component while allowing concurrent HTTP handling.