Probe
TL;DR. Probe inspects any public site and reports the agent-ready surfaces it exposes — whether agents can discover it, read it as Markdown, call it over MCP, find its skills, read its API, see how to authenticate, and learn what actions cost. It fetches and parses public discovery files only; it never calls, authenticates to, or transacts with anything it finds. Same input, same output; no model in the loop; zero tokens per scan.
What Probe does
An agent arriving at a site cold has to answer a few questions before it can do anything useful. Is there a map of the site it can read? Can it get the content as Markdown instead of scraping HTML? Are there tools it can call? An API it can read? A way to authenticate? Probe asks those questions for you and lays the answers out on a seven-point board.
Probe runs server-side in a Cloudflare Pages Function: you hand it a URL, it fetches that site's well-known discovery files, parses each one, and returns a coverage report. Every site — whether it exposes all seven surfaces or none — comes back in the same shape, so you can compare a richly instrumented site against a bare one at a glance.
It is strictly read-only. Probe issues GET requests to standard discovery paths (/llms.txt, /.well-known/api-catalog, /openapi.json, and so on), reads what is published there, and stops. It does not invoke a discovered tool, complete an OpenID flow, or send anything to a priced endpoint. Nothing about a scan is stored or logged.
Inspect a site
5/7 agent-ready surfaces on agentreadypoc.com (example result — enable JavaScript to inspect any site)
-
✓ Present Discoverable
An
llms.txtmaps every page with a one-line description, in three sections. -
✓ Present Readable
Requesting any page with
Accept: text/markdownreturns clean Markdown; a concatenatedllms-full.txtis also published. -
✓ Present MCP
A server-card advertises two tools:
get_organization_infoandsubmit_contact. -
✓ Present Skills
An agent-skills index lists the same two capabilities as discrete, callable skills.
-
✓ Present API
An OpenAPI document describes
GET /api/agent-infoandPOST /api/contact; an api-catalog points to it. -
✗ Absent Auth
No
/.well-known/openid-configuration. Publishing one lets agents discover how to authenticate. -
✗ Absent Pricing
No
/pricing.md. Publishing one tells agents what an action costs before they take it.
Read-only inspection: Probe fetched these public discovery files and parsed them. It did not call, authenticate to, or transact with any endpoint.
The seven surfaces
Each surface is one standard way a site can make itself legible to agents. None is required; together they describe how far a site has gone.
- Discoverable — a
/llms.txtmap (or arobots.txtsitemap) so an agent can find the site's pages without crawling blind. - Readable — content available as Markdown, via
Accept: text/markdownnegotiation or.mdalternates, so an agent reads structure instead of parsing HTML. - MCP — a Model Context Protocol server-card at
/.well-known/mcp/server-card.jsonadvertising callable tools. - Skills — an agent-skills index at
/.well-known/agent-skills/index.jsonlisting discrete, named capabilities. - API — an OpenAPI document or an api-catalog describing the site's HTTP operations.
- Auth — an
/.well-known/openid-configuration, which tells an agent how to authenticate. Probe notes its presence only; it never starts a flow. - Pricing — a
/pricing.md(or priced API) stating what actions cost.
Robust by design
Surfaces in the wild disagree with each other. An api-catalog might use the RFC 9264 linkset shape or a plain endpoint array. An MCP card might put tools at the top level or nest them under a server entry. A skill might key its URL as url or as path. A catalog might advertise an OpenAPI document that returns a 404. Probe's parsers tolerate all of this: a malformed or missing surface degrades to "absent" or to an honest note, and never crashes the report. The parsers are pure functions with no network and no clock, tested against captured fixtures from real sites — same input, same output.
Live MCP session (consented)
When a site exposes an MCP server, discovery only reads its published card. You can go one step further and open a live JSON-RPC session: Probe runs initialize then tools/list to show the live tools and compares them against the card — a mismatch (drift) is a trust signal worth knowing.
Running a tool is separate and deliberate. Probe will call a tool only when you click Run, and only if the server annotates it read-only and non-destructive and it needs no arguments. Everything else — unannotated, mutating, authenticated, or argument-requiring tools like a contact-form submit — is listed with the reason it was held back, and never called. The safety check runs on the server on every call, so the page cannot be coaxed into invoking something unsafe. Sessions are https-only, blocked from private and metadata addresses, time-limited, and forward no credentials; no response is stored.
Optional: explain with AI
The scan is deterministic and costs nothing. After a result renders, an optional Explain with AI button sends the finished report to a hosted model (NVIDIA Nemotron, via NVIDIA's OpenAI-compatible inference) and shows a short plain-English readiness assessment. This is the one path that uses a model and costs tokens, so it runs only when you click it — never automatically. The model narrates facts the deterministic scan already collected; it does not decide what to fetch and never touches the inspected site. The button appears only where an inference key is configured for the deployment.
What read-only means here
Probe is an inspector first. Discovery only reads the public files a site publishes for agents — that path has no code that calls a discovered endpoint. The optional live MCP session can invoke tools, but only the ones the server itself marks read-only and argument-free, only after you explicitly consent and click Run, and never anything that mutates, authenticates, or transacts. The optional AI narration is the only model in the loop, and it only ever sees the report Probe already produced. Every boundary here is enforced in server-side code, not just in the UI.