Hardened AI toolchain. Sandboxed components, signed artifacts, full provenance — for AI agents in environments where "works on my machine" isn't enough.
ACT packages tools as WebAssembly components with declared capability ceilings, sandboxed by wasmtime, distributed as signed OCI artifacts, and served to agents over MCP, HTTP, or CLI from a single binary.
The pitch in three:
- Sandbox by default. Zero filesystem, zero outbound network unless declared by the component and granted by the operator.
- Capability ceiling. Components declare what they need at build time. Operators grant what they're willing to give. The host enforces the intersection — permissive operators can't escalate past the declaration, lazy authors can't reach past the grant.
- Verifiable lineage. GitHub attestation on every release. Source repo linked. Capability declarations packed into the artifact's
act:componentcustom section, readable without execution.
| Website | actcore.dev |
| Docs | actcore.dev/docs |
| Blog | actcore.dev/blog |
| Component registry | actpkg.dev |
| Discussions | act-spec/discussions |
| BlueSky | @actcore.dev |
- act-spec — Normative WIT packages (
act:core,act:tools,act:sessions) and protocol specs (ACT-SPEC, ACT-HTTP, ACT-MCP, ACT-AUTH, ACT-SESSIONS). - act-cli — The
acthost CLI (run components over MCP / HTTP / direct call) andact-build(component post-processor). - act-sdk-rs — Rust SDK:
#[act_component]/#[act_tool]/#[session_open]macros,SessionRegistry<T>,ActError. - act-sdk-py — Python SDK via
componentize-py:@component/@tooldecorators. - actcore.dev — Website source (Astro + Starlight).
- actpkg.dev — Registry website source. Crawls
ghcr.io/actpkg, surfaces metadata.
Components live under github.com/actpkg.
Pre-1.0, active development. Spec is on act:core@0.4.0 + act:tools@0.1.0 + opt-in act:sessions@0.1.0. Used in pilots; no production claims yet.
License: MIT-or-Apache-2.0 across all repos.