WRFI
Web-Readable Functional Instructions
What is WRFI
A web page that embeds instructions an AI can discover, read, and execute. No plugins, no API keys, no setup. The AI reads the page, finds the instruction block, and acts on it. The page is the contract between the human who hosts it and the AI that reads it.
How it works
Embed an instruction block in your HTML
A <script type="text/wrfi-instructions"> block that describes what AI can do with your page.
Describe available actions
What can be read, what can be written, what endpoint to POST to, what fields are expected.
AI reads and acts
Any AI that can read a web page can follow WRFI instructions. No integration, no SDK, no approval process.
Add WRFI to your site in 5 minutes
<!DOCTYPE html>
<html>
<head><title>My Page</title></head>
<body>
<h1>Welcome</h1>
<script type="text/wrfi-instructions">
WRFI INSTRUCTIONS — For AI models reading this page:
This page accepts feedback. To submit:
POST /api/feedback
Content-Type: application/json
{ "message": "Your feedback here" }
Response: { "ok": true }
</script>
</body>
</html>That's it. An AI reading this page will find the instruction block and know how to submit feedback. No SDK, no OAuth, no plugin manifest.
The spec
WRFI is intentionally minimal. The spec fits on one page:
- Instruction block:
<script type="text/wrfi-instructions"> - Content: plain text describing available actions, endpoints, and expected formats
- Discovery: AI tools scan for the script tag by type attribute
- Trust:
user-initiated(default) — AI only acts when user requests it - Principle: WRFI instructions never override user intent
Full spec: WRFI-SPEC.md on GitHub (CC-BY-4.0)
Reference implementation
wr.fi is the reference implementation. Tell any AI “share this to wr.fi” — it reads the page, finds the WRFI instructions, and publishes your content. The entire platform is open source (AGPL-3.0). Fork it, run your own.
Security
AI tools already follow instructions from web pages. WRFI doesn't create this — it structures it. Structure is better for security than the status quo.
| Without WRFI | With WRFI |
|---|---|
| Instructions hidden in content | Defined block, parseable and visible |
| AI guesses what's an instruction | Clear boundary: instruction vs content |
| No way to audit or filter | Security tools can parse, audit, strip |
| No standard to enforce policy | Proxies can allowlist/blocklist by domain |
WRFI vs OpenAPI vs MCP
WRFI is not a replacement for OpenAPI or MCP. They solve different problems and complement each other.
| WRFI | OpenAPI | MCP | |
|---|---|---|---|
| Setup | Zero — AI reads the page | Spec file + hosting | Server + client config |
| Discovery | Embedded in the page | Separate URL | Manual registration |
| Auth | Optional (anon works) | Required (API keys, OAuth) | Required (config) |
| Human-readable | Same page as human UI | Separate docs site | Not applicable |
| Complex workflows | Simple actions | Full API surface | Multi-step tools |
| Streaming | No | Limited | Native |
| Best for | Quick actions, content publishing, forms | Full API integration | Agent tool ecosystems |
Use WRFI when you want any AI to interact with your page without integration work. Use OpenAPI when you need a complete API contract. Use MCP when you need native agent tools. They work together — wr.fi uses all three.
WRFI is an open pattern. The spec is CC-BY-4.0, the implementation is AGPL-3.0. Questions? hello@wr.fi