Vibefed detect-webfinger
git clone https://github.com/reiver/vibefed
T=$(mktemp -d) && git clone --depth=1 https://github.com/reiver/vibefed "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/detect-webfinger" ~/.claude/skills/reiver-vibefed-detect-webfinger && rm -rf "$T"
skills/detect-webfinger/SKILL.mdDetect WebFinger Endpoint
WebFinger (RFC 7033) is a protocol that allows discovery of information about people or resources using a standard URL pattern:
/.well-known/webfingerStep 1 — Fast Signal Search
Search the codebase for the string
webfingerSearch query: webfinger Case: insensitive Scope: all source files (exclude: node_modules, vendor, .git, dist, build)
If no matches are found, proceed to Step 2 (fallback search). If matches are found, proceed to Step 3 (classify results).
Step 2 — Fallback Search (if Step 1 found nothing)
Some implementations register WebFinger indirectly under a generic well-known handler. Search for:
(route registration)/.well-known/
(snake_case variant common in Python/Ruby)well_known
(the WebFinger response MIME type — very specific signal)jrd+json
(the URI scheme WebFinger uses for user lookups)acct:
If any of these match, include the files in Step 3 classification. If still nothing — report: WebFinger not detected.
Step 3 — Classify Each Match
For each file containing a match, determine which category it falls into:
Category A — Implementation (confirmed)
The file contains executable code that:
- Registers a route or handler at
/.well-known/webfinger - Processes a
query parameterresource - Returns a JSON response (JRD format) with a
fieldsubject
Category B — Library/Framework delegation
The file imports or references a WebFinger library (e.g.
node-webfingerostatusactivitypubwebfinger-rackgo-webfingerCategory C — Reference only (not an implementation)
The match appears in:
- Comments or documentation strings
- Test fixtures or mock data
- Configuration files referencing an external WebFinger server
- README or markdown files
Category D — Ambiguous
The file handles
/.well-known/Step 4 — Check for Framework-Specific Patterns
If the codebase language/framework is identifiable, also look for these common patterns:
| Framework | Pattern to look for |
|---|---|
| Express / Node | |
| Rails | |
| Django | |
| Spring Boot | |
| Mastodon / ActivityPub | Check for |
| PHP | |
Step 5 — Report Results
Provide a clear summary with:
- Verdict: WebFinger detected / Not detected / Possibly delegated to library
- Evidence: List the specific files and line numbers (if available) that contain the implementation
- Implementation style: Direct route handler / Library delegation / Framework built-in
- Completeness notes (if applicable): e.g. "Handler found but no
parameter filtering detected" or "Missingrel
content type header"application/jrd+json - Caveats: e.g. "WebFinger may be handled upstream by a reverse proxy (nginx/caddy) and never reach the application code"
What a Complete WebFinger Implementation Looks Like
For reference, a complete implementation handles:
- Route:
GET /.well-known/webfinger - Required query param:
(e.g.resource
)acct:user@example.com - Optional query param:
(filters which link types to return)rel - Response Content-Type:
application/jrd+json - Response body: JSON with at minimum a
field, typically alsosubject
and/orlinksaliases - HTTP 404 if the resource is not found
- HTTP 400 if the
param is missingresource