Summary
Implement the Cloudflare Agent Skills Discovery RFC for terraphim-skills. This would allow our skills to be discoverable via a standardised .well-known/skills/ endpoint, replacing manual configuration.
Background
Cloudflare published a draft RFC defining a mechanism for discovering AI agent skills using .well-known URIs (RFC 8615). The spec addresses the fragmentation problem where skills are scattered across repositories with no unified discovery.
Our terraphim-skills already align closely with this spec:
- We use
SKILL.md files with YAML frontmatter
- We have scripts, references, and assets per skill
- Our naming convention (lowercase, hyphens) matches the RFC naming requirements
What This Enables
- Web-native skill discovery: Agents fetch
https://zestic.ai/.well-known/skills/index.json to discover all published skills
- Progressive disclosure: Three-level loading (index -> SKILL.md -> resources) reduces token waste
- Cross-organisation sharing: Clients could auto-discover our skills without manual
.claude/settings.json configuration
- Standard compliance: Aligns with an emerging industry standard backed by Cloudflare
Proposed Implementation
Phase 1: Generate discovery index
- Add a
derive-skills-index.py script that generates index.json from existing skill directories
- Each skill entry includes:
name, description (from SKILL.md frontmatter), files (list of all files in skill directory)
Phase 2: Serve via static hosting
- Publish generated
index.json and skill files at /.well-known/skills/ path
- Could be a static site on Cloudflare Pages, GitHub Pages, or any web server
Phase 3: Progressive disclosure in client
- Update skill loading to use three-level pattern:
- Level 1: Load only index (name + description) at startup (~100 tokens/skill)
- Level 2: Load SKILL.md when task matches description (<5k tokens)
- Level 3: Load scripts/references/assets only when task requires them
Phase 4: Client-side discovery
- Add
--discover <url> flag or config option to fetch skills from any .well-known/skills/ endpoint
- Cache aggressively per session
Security Considerations
- Sandbox script execution from discovered skills
- Require user confirmation before running scripts from external origins
- Trust boundaries for skills fetched from non-local origins
References
Summary
Implement the Cloudflare Agent Skills Discovery RFC for terraphim-skills. This would allow our skills to be discoverable via a standardised
.well-known/skills/endpoint, replacing manual configuration.Background
Cloudflare published a draft RFC defining a mechanism for discovering AI agent skills using
.well-knownURIs (RFC 8615). The spec addresses the fragmentation problem where skills are scattered across repositories with no unified discovery.Our terraphim-skills already align closely with this spec:
SKILL.mdfiles with YAML frontmatterWhat This Enables
https://zestic.ai/.well-known/skills/index.jsonto discover all published skills.claude/settings.jsonconfigurationProposed Implementation
Phase 1: Generate discovery index
derive-skills-index.pyscript that generatesindex.jsonfrom existing skill directoriesname,description(from SKILL.md frontmatter),files(list of all files in skill directory)Phase 2: Serve via static hosting
index.jsonand skill files at/.well-known/skills/pathPhase 3: Progressive disclosure in client
Phase 4: Client-side discovery
--discover <url>flag or config option to fetch skills from any.well-known/skills/endpointSecurity Considerations
References
knowledge/cloudflare-agent-skills-discovery-rfc.md