0.8.0

Added

• act-store workspace crate — a content-addressed OCI image-layout
  component store shared between act-cli and act-toolserver. Resolves remote
  refs read-through, preserves upstream OCI manifests verbatim (so signatures
  remain meaningful), and collects connected artifacts on pull (sigstore
  bundle, SBOM, SLSA provenance, ...) via the OCI 1.1 referrers API. Lives
  at <XDG_DATA_HOME>/act/store (~/.local/share/act/store on Linux).
  Published to crates.io as a standalone library for downstream consumers.
• act store subcommand group for managing the local component store:
  • act store list [--format text|json] — list every stored component.
  • act store update [<ref>] — re-resolve stored refs and re-pull any
    whose upstream digest moved. Without an argument, updates every
    component; mutable tags (:latest, :0.1) advance, @sha256: pins
    never do.
  • act store gc — delete store blobs no longer referenced by any
    component.

Changed

• Remote refs resolve through the shared store instead of the bespoke
  ~/.cache/act/components/<sha256(ref)>.wasm cache. act run/call/info
  read-through the store (pulling on first use, then serving from disk).
  Local files still run in place; the store is populated for them only when
  you explicitly act pull <file>.
• act pull now populates the shared store (with referrer collection
  for OCI sources). -o/-O still optionally export a copy.
• Component reference parsing is centralized in act-store::Ref so
  act-cli and act-toolserver agree on how oci://, https://, file://,
  and bare refs are normalized.
• Release workflow publishes the entire workspace to crates.io
  (cargo publish --workspace), so new crates added anywhere in the
  workspace ship on the next tagged release without a workflow edit.

Removed

• The legacy ~/.cache/act/components/<sha256(ref)>.wasm cache is no longer
  written or consulted. Existing cache files are harmless leftovers you can
  delete by hand; act-store starts fresh in its own data dir.

0.7.6

Added

• act run --session-args '<json>': pre-open a single session at startup and
  serve the component as "session-of-1". Every call transparently uses the
  pre-opened session, the session machinery is hidden from clients (no MCP
  virtual open_session/close_session tools, no /sessions HTTP endpoints),
  and any client-supplied std:session-id is overridden. Requires a component
  that exports act:sessions/session-provider. (Previously --session-args
  was available only on act call for a single invocation.)

0.7.5

Fixed

• cargo install act-cli now works without setting
  RUSTFLAGS='--cfg reqwest_unstable'. The unused reqwest http3 feature has
  been dropped (HTTP/2 support is unaffected).

0.7.4

Added

• wasi:sockets sandboxing — restrict a component's outbound socket
  access with --sockets-policy, --sockets-allow, and --sockets-deny
  (host/CIDR + ports/protocols, e.g. db:5432/tcp), configurable via flags,
  the ACT_SOCKETS_ALLOW env var, or config profiles. Enforced as a
  capability ceiling in the wasmtime store.
• act-build init <lang> — scaffold a new component for Rust, Python, or
  JavaScript in one command, with --output to choose the target directory
  and ready-to-run test targets.
• MCP over Streamable HTTP — serve the MCP adapter over Streamable HTTP
  with act run <component> --mcp --http.
• file:// component references — act run file:///abs/path.wasm now
  resolves to a local file. An explicit URI scheme (file://, oci://,
  http(s)://) is now authoritative and selects the reference kind directly
  instead of going through path/OCI guessing.

Changed

• Upgraded dependencies, most notably wasmtime 43 -> 45.
• The MCP bridge now injects a _meta argument channel into tool schemas so
  LLM-driven MCP clients can pass std:session-id to session-provider
  components.

0.7.3

Added

• act-build push <wasm> <ref> — publish a WASM component as a CNCF
  Wasm OCI Artifact. The manifest carries an
  application/vnd.wasm.config.v0+json config blob (with
  architecture, os, layerDigests, and component.{exports, imports} derived from the component's exports/imports) per the
  CNCF TAG-Runtime Wasm OCI Artifact spec,
  and the layer is application/wasm. Replaces inline oras push
  shell blocks in component justfiles.

  Flags: --also-tag, --annotation key=value, --source,
  --description, --skip-if-identical (matching-content skip /
  drift error), --skip-if-exists (unconditional skip for
  non-reproducible builds), --dry-run. Output ends with an
  oras-compatible Digest: sha256:... line so existing scripts that
  grep for it keep working.

  Auth resolution: OCI_USERNAME/OCI_PASSWORD env →
  GITHUB_TOKEN for ghcr.io → ~/.docker/config.json
  (DOCKER_CONFIG honored) → anonymous.

Changed

• act (host): resolve_oci now validates that the OCI layer media
  type is application/wasm. Empty/legacy media types log a
  warning; anything else is rejected.

0.7.2

Added

• act call --session-args '{...}'. When set, the host opens a
  session against the component before the call (open-session(args, metadata)), injects the returned id as std:session-id metadata
  for the tool call, prints the result, and closes the session
  before exit. The whole open / call / close cycle runs in one
  process, so the wasm instance stays alive for the full sequence.
  This makes session-aware components (bridges, stateful components)
  usable as ordinary one-shot CLI invocations:

  act call ghcr.io/actpkg/openapi-bridge:0.2.0 find_pets_by_status \
    --args '{"status":"sold"}' \
    --session-args '{"spec_url":"https://petstore3.swagger.io/api/v3/openapi.json"}' \
    --http-policy open

  If the component doesn't export act:sessions/session-provider,
  using --session-args is a clear error rather than a silent no-op.

0.7.1

Removed

• act session open and act session close CLI subcommands. They
  inherently can't deliver the primary use case for sessions
  (component-side ephemeral state) — each invocation is a one-shot
  process whose wasm instance dies on exit, so a session opened in
  one act session open is unusable from a subsequent act call.
  For real session work, use act run --http or act run --mcp,
  where the host process holds the wasm instance and the session
  lives as long as the host. act session open-args-schema stays
  — it's a useful smoke test that doesn't depend on persistent state.

0.7.0

Adds first-class support for act:sessions/session-provider. Stateful
components (database connections, browser automation, REPLs, the new
act-http-bridge / mcp-bridge / openapi-bridge) can now expose
typed open-session args, and agents address per-session state via
std:session-id metadata.

Added

• act session open-args-schema | open | close CLI subcommands.
• ACT-HTTP /sessions/open-args-schema, POST /sessions, and
  DELETE /sessions/{id} endpoints (per ACT-SESSIONS §6.2). Mapped
  to std:session-not-found → 404 via the bumped act-types.
• MCP transport: synthetic open_session / close_session tools
  in tools/list for components that export session-provider, with
  _meta.std:session-op annotations (per ACT-SESSIONS §6.1).
• MCP _meta.std:session-id (and any other request-level meta keys)
  is now forwarded into the WIT call metadata so components see the
  agent's session-id.
• Host runtime tracks open session-ids per actor and auto-closes
  them on shutdown (ACT-SESSIONS §2.5).
• tests/fixtures/sessions-canary.wasm — hand-rolled canary
  exercising session-provider for host-side integration tests.

Changed

• Bumped act-types 0.5 → 0.7. Drops the inline session HTTP wire
  types from src/http.rs in favour of the canonical
  act_types::http::OpenSessionRequest / OpenSessionResponse.

0.6.0

Breaking — WIT package layout

• World now imports act:tools/tool-provider@0.1.0 instead of
  act:core/tool-provider@0.3.0. Components built against the old WIT
  will not load — rebuild with act-sdk 0.6.x (Rust) or act-sdk-py
  0.2.x.
• call-tool takes flat (name, arguments, metadata) instead of a
  tool-call record.
• Error replaces ToolError (the type lives in act:core/types now
  and is shared by non-tool providers).

Added

• -v / -vv verbosity flag — opt-in plumbing logs (default level
  demoted to info).

Changed

• MCP transport rewritten on rmcp 1.5: hand-rolled src/mcp.rs
  replaced with a thin ActRmcpBridge over the official Anthropic
  crate. Tool discovery, calls, content mapping, and error mapping
  go through rmcp::model types. Includes a stdio round-trip
  integration test.
• act info text output restyled with terminal colors (yellow
  component name, dimmed version, cyan tool names, green annotations).
  Output evaporates to plain text when stdout isn't a TTY or
  NO_COLOR is set. Tool parameters show (optional) markers; the
  Option<T> wrapper is stripped from rendered types.

Removed

• The --schema flag on act info, the /metadata-schema HTTP
  route, the metadata_schema field on act info JSON output, and
  the rmcp bridge's metadata-schema fetch/inject path. The WIT
  function is gone in act:tools@0.1.0; a discovery mechanism is
  planned for a future minor version.

Fixed

• act info --tools --format text now extracts the real inner type
  from schemars' Option<T> JSON Schema instead of rendering the
  union.

0.5.1

Fixed

• --fs-allow now implicitly grants traversal of ancestor directories
  on the path to any allowed target. WASI's path-resolver stats every
  intermediate directory when opening nested files; without this, users
  had to list each parent explicitly (--fs-allow /tmp --fs-allow "$DB/**" just to reach a file under $DB). An allow entry for
  /tmp/work/db.sqlite now implicitly permits /tmp/work and /tmp
  for directory traversal — sibling files in those directories remain
  denied.