act-cli 0.7.1__tar.gz → 0.7.3__tar.gz

{act_cli-0.7.1 → act_cli-0.7.3}/Cargo.lock

@@ -4,18 +4,23 @@ version = 4
 
 [[package]]
 name = "act-build"
-version = "0.7.1"
+version = "0.7.3"
 dependencies = [
  "act-types",
  "anyhow",
+ "base64",
  "ciborium",
  "clap",
+ "dirs",
  "globset",
  "json-patch",
+ "oci-client",
  "serde",
  "serde_json",
+ "sha2 0.11.0",
  "tar",
  "tempfile",
+ "tokio",
  "toml 1.1.2+spec-1.1.0",
  "tracing",
  "tracing-subscriber",
@@ -25,7 +30,7 @@ dependencies = [
 
 [[package]]
 name = "act-cli"
-version = "0.7.1"
+version = "0.7.3"
 dependencies = [
  "act-types",
  "anyhow",

{act_cli-0.7.1 → act_cli-0.7.3}/Cargo.toml

@@ -3,7 +3,7 @@ members = ["act-cli"]
 resolver = "3"
 
 [workspace.package]
-version = "0.7.1"
+version = "0.7.3"
 edition = "2024"
 license = "MIT OR Apache-2.0"
 repository = "https://github.com/actcore/act-cli"

{act_cli-0.7.1 → act_cli-0.7.3}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: act-cli
-Version: 0.7.1
+Version: 0.7.3
 Classifier: Development Status :: 4 - Beta
 Classifier: Environment :: Console
 Classifier: Intended Audience :: Developers
@@ -92,6 +92,12 @@ act-build pack target/wasm32-wasip2/release/my_component.wasm
 
 # Validate without modifying
 act-build validate target/wasm32-wasip2/release/my_component.wasm
+
+# Publish as a CNCF Wasm OCI Artifact
+act-build push my_component.wasm ghcr.io/actpkg/my-component:0.1.0 \
+  --also-tag latest \
+  --source https://github.com/actpkg/my-component \
+  --skip-if-identical
 ```
 
 Metadata is resolved via merge-patch from project manifests:
@@ -100,6 +106,17 @@ Metadata is resolved via merge-patch from project manifests:
 2. **Inline patch** from the same manifest (`[package.metadata.act-component]`, `[tool.act-component]`, or `actComponent`)
 3. **`act.toml`** — highest priority, applied last
 
+`act-build push` produces artifacts conformant with the [CNCF
+TAG-Runtime Wasm OCI Artifact spec](https://tag-runtime.cncf.io/wgs/wasm/deliverables/wasm-oci-artifact/):
+manifest config has media type `application/vnd.wasm.config.v0+json`
+(with `architecture`, `os`, `layerDigests`, and
+`component.{exports,imports}` derived from the component's exports
+and imports), and the layer is `application/wasm`.
+
+Authentication is resolved in order: `OCI_USERNAME`/`OCI_PASSWORD`
+env, then `GITHUB_TOKEN` for `ghcr.io`, then `~/.docker/config.json`
+(or `$DOCKER_CONFIG/config.json`), then anonymous.
+
 ## Platform Support
 
 | Architecture | Linux (GNU) | Linux (musl) | macOS | Windows | Docker |

{act_cli-0.7.1/act-cli → act_cli-0.7.3}/README.md

@@ -75,6 +75,12 @@ act-build pack target/wasm32-wasip2/release/my_component.wasm
 
 # Validate without modifying
 act-build validate target/wasm32-wasip2/release/my_component.wasm
+
+# Publish as a CNCF Wasm OCI Artifact
+act-build push my_component.wasm ghcr.io/actpkg/my-component:0.1.0 \
+  --also-tag latest \
+  --source https://github.com/actpkg/my-component \
+  --skip-if-identical
 ```
 
 Metadata is resolved via merge-patch from project manifests:
@@ -83,6 +89,17 @@ Metadata is resolved via merge-patch from project manifests:
 2. **Inline patch** from the same manifest (`[package.metadata.act-component]`, `[tool.act-component]`, or `actComponent`)
 3. **`act.toml`** — highest priority, applied last
 
+`act-build push` produces artifacts conformant with the [CNCF
+TAG-Runtime Wasm OCI Artifact spec](https://tag-runtime.cncf.io/wgs/wasm/deliverables/wasm-oci-artifact/):
+manifest config has media type `application/vnd.wasm.config.v0+json`
+(with `architecture`, `os`, `layerDigests`, and
+`component.{exports,imports}` derived from the component's exports
+and imports), and the layer is `application/wasm`.
+
+Authentication is resolved in order: `OCI_USERNAME`/`OCI_PASSWORD`
+env, then `GITHUB_TOKEN` for `ghcr.io`, then `~/.docker/config.json`
+(or `$DOCKER_CONFIG/config.json`), then anonymous.
+
 ## Platform Support
 
 | Architecture | Linux (GNU) | Linux (musl) | macOS | Windows | Docker |

{act_cli-0.7.1 → act_cli-0.7.3/act-cli}/README.md

@@ -75,6 +75,12 @@ act-build pack target/wasm32-wasip2/release/my_component.wasm
 
 # Validate without modifying
 act-build validate target/wasm32-wasip2/release/my_component.wasm
+
+# Publish as a CNCF Wasm OCI Artifact
+act-build push my_component.wasm ghcr.io/actpkg/my-component:0.1.0 \
+  --also-tag latest \
+  --source https://github.com/actpkg/my-component \
+  --skip-if-identical
 ```
 
 Metadata is resolved via merge-patch from project manifests:
@@ -83,6 +89,17 @@ Metadata is resolved via merge-patch from project manifests:
 2. **Inline patch** from the same manifest (`[package.metadata.act-component]`, `[tool.act-component]`, or `actComponent`)
 3. **`act.toml`** — highest priority, applied last
 
+`act-build push` produces artifacts conformant with the [CNCF
+TAG-Runtime Wasm OCI Artifact spec](https://tag-runtime.cncf.io/wgs/wasm/deliverables/wasm-oci-artifact/):
+manifest config has media type `application/vnd.wasm.config.v0+json`
+(with `architecture`, `os`, `layerDigests`, and
+`component.{exports,imports}` derived from the component's exports
+and imports), and the layer is `application/wasm`.
+
+Authentication is resolved in order: `OCI_USERNAME`/`OCI_PASSWORD`
+env, then `GITHUB_TOKEN` for `ghcr.io`, then `~/.docker/config.json`
+(or `$DOCKER_CONFIG/config.json`), then anonymous.
+
 ## Platform Support
 
 | Architecture | Linux (GNU) | Linux (musl) | macOS | Windows | Docker |

{act_cli-0.7.1 → act_cli-0.7.3}/act-cli/src/main.rs

@@ -104,6 +104,16 @@ enum Command {
         #[arg(long, default_value = "{}")]
         args: String,
 
+        /// Session args as a JSON object. When set, the host opens a
+        /// session before the call (`open-session(args, metadata)`),
+        /// injects the returned id as `std:session-id` metadata for
+        /// the tool call, and closes the session before exit. Use
+        /// this when the component requires a session — bridges,
+        /// stateful components — and you want the whole open/call/
+        /// close cycle in one process.
+        #[arg(long)]
+        session_args: Option<String>,
+
         #[command(flatten)]
         opts: CommonOpts,
     },
@@ -217,8 +227,9 @@ async fn main() -> Result<()> {
             component,
             tool,
             args,
+            session_args,
             opts,
-        } => cmd_call(component, tool, args, opts).await,
+        } => cmd_call(component, tool, args, session_args, opts).await,
         Command::Info {
             component,
             tools,
@@ -419,6 +430,7 @@ async fn cmd_call(
     component: ComponentRef,
     tool: String,
     args: String,
+    session_args: Option<String>,
     opts: CommonOpts,
 ) -> Result<()> {
     let pc = prepare_component(&component, &opts).await?;
@@ -427,64 +439,154 @@ async fn cmd_call(
         serde_json::from_str(&args).context("invalid --args JSON")?;
     let cbor_args = cbor::json_to_cbor(&arguments).context("encoding args as CBOR")?;
 
+    // If --session-args is set, open a session before the call and
+    // close it on the way out. session-id is injected into the call's
+    // metadata under `std:session-id`.
+    let session_id = match session_args {
+        Some(json) => {
+            if !pc.has_sessions {
+                anyhow::bail!(
+                    "--session-args was set, but the component does not export \
+                     act:sessions/session-provider"
+                );
+            }
+            Some(open_session_for_call(&pc, &json).await?)
+        }
+        None => None,
+    };
+
+    let mut metadata = pc.metadata.clone();
+    if let Some(ref id) = session_id {
+        metadata.insert(
+            act_types::constants::META_SESSION_ID,
+            serde_json::Value::String(id.clone()),
+        );
+    }
+
     let (reply_tx, reply_rx) = tokio::sync::oneshot::channel();
     let request = runtime::ComponentRequest::CallTool {
         name: tool,
         arguments: cbor_args,
-        metadata: pc.metadata.clone().into(),
+        metadata: metadata.into(),
         reply: reply_tx,
     };
 
-    pc.handle
-        .send(request)
-        .await
-        .map_err(|_| anyhow::anyhow!("component actor unavailable"))?;
+    let send_result = pc.handle.send(request).await;
+    let call_result = match send_result {
+        Err(_) => Err(anyhow::anyhow!("component actor unavailable")),
+        Ok(()) => match reply_rx.await {
+            Err(_) => Err(anyhow::anyhow!("component actor dropped reply")),
+            Ok(r) => Ok(r),
+        },
+    };
 
-    match reply_rx.await? {
-        Ok(result) => {
-            for event in &result.events {
-                match event {
-                    runtime::exports::act::tools::tool_provider::ToolEvent::Content(part) => {
-                        let mime = part.mime_type.as_deref().unwrap_or("application/cbor");
-                        if mime.starts_with("text/")
-                            || mime == "application/json"
-                            || mime == "application/xml"
-                        {
-                            let text = String::from_utf8_lossy(&part.data);
-                            println!("{text}");
-                        } else if mime == "application/cbor" {
-                            let json_val = act_types::cbor::cbor_to_json(&part.data)
-                                .unwrap_or_else(|_| {
-                                    serde_json::Value::String(format!(
-                                        "[binary: {}, {} bytes]",
-                                        mime,
-                                        part.data.len()
-                                    ))
-                                });
-                            match json_val {
-                                serde_json::Value::String(s) => println!("{s}"),
-                                other => println!("{}", serde_json::to_string_pretty(&other)?),
-                            }
-                        } else if std::io::IsTerminal::is_terminal(&std::io::stdout()) {
-                            println!("[binary: {}, {} bytes]", mime, part.data.len());
-                        } else {
-                            use std::io::Write;
-                            std::io::stdout().write_all(&part.data)?;
-                        }
-                    }
-                    runtime::exports::act::tools::tool_provider::ToolEvent::Error(err) => {
-                        let ls = act_types::types::LocalizedString::from(&err.message);
-                        anyhow::bail!("{}: {}", err.kind, ls.any_text());
+    // Best-effort close before returning the call result, so the
+    // session is closed even if the call errored.
+    if let Some(id) = session_id {
+        close_session_best_effort(&pc, id).await;
+    }
+
+    let result = call_result?.map_err(|e| match e {
+        runtime::ComponentError::Tool(te) => {
+            let ls = act_types::types::LocalizedString::from(&te.message);
+            anyhow::anyhow!("{}: {}", te.kind, ls.any_text())
+        }
+        runtime::ComponentError::Internal(e) => e,
+    })?;
+
+    for event in &result.events {
+        match event {
+            runtime::exports::act::tools::tool_provider::ToolEvent::Content(part) => {
+                let mime = part.mime_type.as_deref().unwrap_or("application/cbor");
+                if mime.starts_with("text/")
+                    || mime == "application/json"
+                    || mime == "application/xml"
+                {
+                    let text = String::from_utf8_lossy(&part.data);
+                    println!("{text}");
+                } else if mime == "application/cbor" {
+                    let json_val = act_types::cbor::cbor_to_json(&part.data).unwrap_or_else(|_| {
+                        serde_json::Value::String(format!(
+                            "[binary: {}, {} bytes]",
+                            mime,
+                            part.data.len()
+                        ))
+                    });
+                    match json_val {
+                        serde_json::Value::String(s) => println!("{s}"),
+                        other => println!("{}", serde_json::to_string_pretty(&other)?),
                     }
+                } else if std::io::IsTerminal::is_terminal(&std::io::stdout()) {
+                    println!("[binary: {}, {} bytes]", mime, part.data.len());
+                } else {
+                    use std::io::Write;
+                    std::io::stdout().write_all(&part.data)?;
                 }
             }
-            Ok(())
+            runtime::exports::act::tools::tool_provider::ToolEvent::Error(err) => {
+                let ls = act_types::types::LocalizedString::from(&err.message);
+                anyhow::bail!("{}: {}", err.kind, ls.any_text());
+            }
         }
+    }
+    Ok(())
+}
+
+/// Marshal a JSON object of session args into the WIT shape and call
+/// `open-session` against the prepared component. Returns the
+/// allocated session-id.
+async fn open_session_for_call(pc: &PreparedComponent, json: &str) -> Result<String> {
+    let value: serde_json::Value =
+        serde_json::from_str(json).context("invalid --session-args JSON")?;
+    let serde_json::Value::Object(args_obj) = value else {
+        anyhow::bail!("--session-args must be a JSON object");
+    };
+    let mut wit_args: Vec<(String, Vec<u8>)> = Vec::with_capacity(args_obj.len());
+    for (key, value) in args_obj {
+        let bytes =
+            act_types::cbor::json_to_cbor(&value).context("encoding session arg as CBOR")?;
+        wit_args.push((key, bytes));
+    }
+
+    let (reply_tx, reply_rx) = tokio::sync::oneshot::channel();
+    pc.handle
+        .send(runtime::ComponentRequest::OpenSession {
+            args: wit_args,
+            metadata: pc.metadata.clone().into(),
+            reply: reply_tx,
+        })
+        .await
+        .map_err(|_| anyhow::anyhow!("component actor unavailable"))?;
+
+    match reply_rx.await? {
+        Ok(session) => Ok(session.id),
         Err(runtime::ComponentError::Tool(te)) => {
             let ls = act_types::types::LocalizedString::from(&te.message);
-            anyhow::bail!("{}: {}", te.kind, ls.any_text());
+            anyhow::bail!("open-session failed: {}: {}", te.kind, ls.any_text());
         }
-        Err(runtime::ComponentError::Internal(e)) => Err(e),
+        Err(runtime::ComponentError::Internal(e)) => Err(e.context("open-session failed")),
+    }
+}
+
+/// Best-effort close. Logs failures at debug; never propagates errors,
+/// because the call result is what the user asked for and a failed
+/// close should not surface as the command's exit code.
+async fn close_session_best_effort(pc: &PreparedComponent, session_id: String) {
+    let (reply_tx, reply_rx) = tokio::sync::oneshot::channel();
+    if pc
+        .handle
+        .send(runtime::ComponentRequest::CloseSession {
+            session_id: session_id.clone(),
+            reply: reply_tx,
+        })
+        .await
+        .is_err()
+    {
+        tracing::debug!(%session_id, "actor unavailable for close-session");
+        return;
+    }
+    if let Err(e) = reply_rx.await {
+        tracing::debug!(%session_id, error = %e, "close-session reply dropped");
     }
 }
 

{act_cli-0.7.1 → act_cli-0.7.3}/act-cli/src/resolve.rs

@@ -224,6 +224,17 @@ async fn resolve_oci(reference: &str, fresh: bool) -> Result<PathBuf> {
         .first()
         .context("no layers in OCI manifest")?;
 
+    // Per the CNCF Wasm OCI Artifact spec, the layer media type must be
+    // `application/wasm`. We tolerate the empty/legacy case for backwards
+    // compatibility but log a warning — anything else is rejected.
+    match layer.media_type.as_str() {
+        "application/wasm" => {}
+        "" => tracing::warn!(%reference, "OCI layer has no media type (legacy artifact)"),
+        other => anyhow::bail!(
+            "unexpected layer media type for {reference}: '{other}' (expected 'application/wasm')"
+        ),
+    }
+
     let total = if layer.size > 0 {
         Some(layer.size as u64)
     } else {