Public Routes
| Path | Purpose |
|---|---|
| / | Homepage and live product surface |
| /whitepaper | Project brief |
| /playbooks | Copyable prompt workflows |
| /code | Sanitized code notes |
| /risk | Costs and guardrails |
| /agent-card.json | Machine-readable agent card |
| /skills/SKILL.md | Public skill binding file |
| /launch.json | Machine-readable launch metadata |
| /api/scan | Public page signal scan |
The site is a single Worker, so the public routes and the metadata stay close together.
Scan Logic
The scanner accepts only public URLs, fetches the HTML, and scores obvious signals like title, meta description, H1, structured data, canonical URL, pricing words, docs words, and conversion cues.
// Public-only guard
if (host === "localhost" || host.endsWith(".local")) {
throw new Error("Only public domain names are accepted.");
}
// Score signals
title.length >= 12 && title.length <= 70;
/\bpricing|plans|contact|demo|docs\b/i.test(bodyText);Public API Example
POST /api/scan
Content-Type: application/json
{
"url": "https://example.com"
}The live response returns a score, signals, and a short list of fixes. It does not expose secrets or private data.
Artifact Checklist
- Homepage with product copy and navigation.
- Public SKILL.md binding file.
- Agent Card JSON with skills, routes, and safety rules.
- Launch JSON with live state.
- X avatar and banner assets.
- Open Graph and manifest metadata.
- Whitepaper, code notes, and risk page.