The core ACT spec is small: a tool-dispatch interface and a few CBOR
shapes on the wire, with stateful capabilities (sessions, events,
resources) layered on as separate opt-in packages. But a protocol is
only interesting if people actually write for it. Here's what's on
ghcr.io/actpkg today, grouped by kind.
Every component is MIT-or-Apache-2.0, published with signed
attestations, and runnable with:
npx @actcore/act info ghcr.io/actpkg/<name>:latest --tools
Data & storage
sqlite
A SQLite database as a component. Exposes query, exec,
batch-exec, schema. Uses rusqlite compiled to wasm32-wasip2
with the wasi-sdk toolchain; the database file is whatever path the
operator grants via --fs-allow.
npx @actcore/act run ghcr.io/actpkg/sqlite:latest --mcp \
--fs-policy allowlist --fs-allow /data/app.sqlite
Also ships a sqlite-vec variant with sqlite-vec linked in
for vector-index queries. Same interface, one extra build target.
filesystem
Generic read, write, list, stat, delete over the component's
filesystem capability grant. Good when an agent needs "edit a file" and
you don't want to ship a language-specific MCP server.
openwallet
OpenWallet-compatible local key
storage. Stores seed phrases and derived keys on the filesystem under
the operator-granted vault path.
Network bridges
http-client
GET, POST, PUT, DELETE with full header / body control. The
component declares wasi:http with whatever hosts the operator lets
it reach. Useful when you want a component (not the host) to do the
fetching — for example, from inside a bridge.
openapi-bridge
Point it at any OpenAPI 3.x spec. The spec URL travels through
open-session args (typed schema, validated host-side); the bridge
fetches and parses the spec, then exposes each operation as a tool.
One component fronts anything — Stripe, GitHub, your internal API,
the Petstore reference — with one capability grant per upstream:
act call ghcr.io/actpkg/openapi-bridge:latest find_pets_by_status \
--args '{"status":"sold"}' \
--session-args '{"spec_url":"https://api.example.com/openapi.json"}' \
--http-policy allowlist --http-allow host=api.example.com
mcp-bridge
Reverse adapter: wraps an upstream MCP server (Streamable HTTP
transport) and re-exposes its tools through the ACT protocol. Lets
you connect an existing MCP ecosystem to ACT-native clients, or put
an ACT policy layer in front of an unsandboxed MCP server you don't
fully trust.
act-http-bridge
Symmetric: wraps a remote ACT-HTTP server behind a local component.
Useful for fronting a team-hosted service as a local-looking tool.
All three bridges are session-based: the upstream URL and any
credentials live inside open-session.args rather than per-call
metadata. See the sessions and bridges
post for the architecture and
why authentication ended up there.
Utilities
crypto
SHA-256, SHA-512, BLAKE3, HMAC, Ed25519, X25519. All standard-lib
algorithms behind a clean tool surface. Useful when a script needs a
hash without pulling in a language-specific crypto package.
encoding
Base64, base64url, base32, hex, percent encoding, UUID parsing. The
one tool everyone writes a hundred times.
random
Cryptographically secure random strings, UUIDs (v4 and v7), and
integers in a range. LLMs cannot generate true randomness —
components can.
time
Clock access, timezone conversions, duration math. Pure wasip2, no
host dependencies.
Language embedders
python-eval
An entire CPython interpreter baked into a wasm component via componentize-py.
Takes a string of Python, runs it in a fresh namespace, returns
stdout + the last-expression value. Demonstrates that "running
untrusted code" is a fair thing to do under the ACT sandbox because
the ceiling is explicit.
Coming up:
-
js-eval— SpiderMonkey via componentize-js. Blocked on async-export support upstream.
Categorize the pattern
Looking across the catalog, three patterns stand out:
-
Data-plane components own state on disk under an operator
grant (
sqlite,filesystem,openwallet). The operator's filesystem allow-list is the total exposure. -
Bridge components translate an external protocol into ACT
(
openapi-bridge,mcp-bridge,act-http-bridge). One component covers a whole class of upstream — point it at a different URL viaopen-sessionand it fronts a different upstream. -
Pure functions do computation with no I/O beyond the call
boundary (
crypto,encoding,random,time). No capabilities declared at all — hard-deny on anything the operator tries to grant.
Bridges are where the compounding happens. One openapi-bridge
becomes stripe, github, linear, anything-that-ships-OpenAPI
— each as its own session against the same component, costing one
capability grant per upstream host.
Publishing your own
The workflow is small enough to describe in a paragraph:
- Scaffold from the Rust or Python template:
copier copy gh:actcore/act-template-rust my-component. - Write tools with
#[act_tool]/@tool. Declare capabilities inact.toml. -
just build && just test. - Push to
actcore/projects/my-componentor your own namespace. CI runsjust publishonmain, whichoras pushes toghcr.io/<ns>/my-component:<version>with a GitHub attestation.
Any OCI registry works. Any CI works. The artifact ends up
discoverable by act pull and usable by act run on every
platform.
What's missing
Plenty.
- JavaScript SDK (blocked upstream).
- MoonBit (blocked on a wit-bindgen-moonbit export bug).
- More bridges — A2A, AGNTCY, LSP over TCP are on the backlog.
- A proper
act-toolserverthat composes several components with a shared policy engine. That's the next large piece.
If any of the categories above are missing a component you'd reach
for, open an issue — or
publish it yourself.
Top comments (1)
really interesting breakdown of how the actpkg components are structured, especially the focus on stateful capabilities being layered on separately. at moonshift, we help you get a full next.js + postgres + auth app deployed in about 7 minutes, and you own the code on your github. if you're curious, I can set you up with a free build to see how it works.