# obfus.link — Utility Grid for Developers & Agents > 31 deterministic developer tools served on three surfaces: a web UI, > an MCP server (Model Context Protocol, JSON-RPC over HTTP), and a > machine-readable MAIO crawler view. All tools are pure functions — > same input always produces the same output. Pay-per-call via Stripe > ($0.008 to $0.025 by tier), first 50 calls free per IP across the grid. MCP endpoint: https://obfus.link/mcp MCP manifest: https://obfus.link/.well-known/mcp HTTP API doc: https://obfus.link/docs/api Pricing: https://obfus.link/pricing ## Tools Each tool has three surfaces: - HTML page: https://obfus.link/tool/[slug] - JSON descriptor: https://obfus.link/tool/[slug]/json - Markdown descriptor: https://obfus.link/tool/[slug]/md - [base64_codec](https://obfus.link/tool/base64-codec): Encode, decode, and identify base64 with auto-detection - [cron_humanizer](https://obfus.link/tool/cron-humanizer): Parse cron expressions, compute next runs, and detect schedule conflicts - [css_effect_generator](https://obfus.link/tool/css-effect-generator): Generate glassmorphism, neumorphism, aurora, noise, and mesh-gradient CSS - [curl_to_fetch](https://obfus.link/tool/curl-to-fetch): Convert curl commands to fetch, axios, got, ky, or node-fetch - [dev_unit_converter](https://obfus.link/tool/dev-unit-converter): Convert data, tokens, CSS, and time units with LLM tokenizer ratios - [diff_checker](https://obfus.link/tool/diff-checker): Structural diff for text, JSON, YAML, and code - [env_validator](https://obfus.link/tool/env-validator): Audit .env files and diff against .env.example — the Pre-Deploy Gate - [epoch_converter](https://obfus.link/tool/epoch-converter): Convert any date format to all others with multi-timezone output - [hash_generator](https://obfus.link/tool/hash-generator): Generate MD5, SHA-256, SHA-512, BLAKE3 and more in one call - [header_inspector](https://obfus.link/tool/header-inspector): OWASP-graded HTTP security headers scorecard with CORS issue detection - [hmac_gen](https://obfus.link/tool/hmac-gen): Generate and verify HMAC signatures with Stripe, GitHub, Twilio, Shopify, Slack templates - [html_encoder](https://obfus.link/tool/html-encoder): Encode and decode HTML entities with context-aware mode - [image_to_base64](https://obfus.link/tool/image-to-base64): Encode images for LLM vision APIs with resize and format conversion - [json_path_evaluator](https://obfus.link/tool/json-path-evaluator): Extract values from JSON with dual JSONPath + jq syntax and path suggestions - [json_to_zod](https://obfus.link/tool/json-to-zod): Generate Zod schemas with JSDoc and branded types from any JSON - [jwt_hardener](https://obfus.link/tool/jwt-hardener): Audit and harden JWT tokens with security scoring and diff output - [link_obfuscator](https://obfus.link/tool/link-obfuscator): AES-256-GCM encrypted short URLs with double-hop and self-destruct - [llm_to_json_cleaner](https://obfus.link/tool/llm-to-json-cleaner): Repair malformed JSON from LLM responses with confidence scoring - [markdown_table](https://obfus.link/tool/markdown-table): Generate, import, and export markdown tables - [password_entropy](https://obfus.link/tool/password-entropy): Score password strength and audit policy compliance against NIST 800-63B - [regex_verifier](https://obfus.link/tool/regex-verifier): Verify, generate, explain, and translate regular expressions - [robots_txt_gen](https://obfus.link/tool/robots-txt-gen): Generate robots.txt with SEO Impact Simulator and pre-deploy URL testing - [sitemap_validator](https://obfus.link/tool/sitemap-validator): Validate XML sitemaps with a crawl budget analyzer for SEO health - [sql_prettifier](https://obfus.link/tool/sql-prettifier): Format SQL and translate between PostgreSQL, MySQL, SQLite, and MSSQL - [string_escaper](https://obfus.link/tool/string-escaper): Escape strings for JSON, SQL, HTML, regex, shell, URI, CSV, XML - [tree_shaking_analyzer](https://obfus.link/tool/tree-shaking-analyzer): Find dead exports, estimate bundle savings, generate sideEffects field - [url_parser](https://obfus.link/tool/url-parser): Parse any URL into components with deep query decoding and security analysis - [uuid_generator](https://obfus.link/tool/uuid-generator): Generate, decode, and analyze UUIDs with collision analysis and DDL - [var_name_mangler](https://obfus.link/tool/var-name-mangler): Obfuscate variable names in JS, TS, and Python with Devcore mode - [xml_to_json](https://obfus.link/tool/xml-to-json): Bidirectional XML ↔ JSON with attribute, namespace, and CDATA preservation - [yaml_to_env](https://obfus.link/tool/yaml-to-env): Convert YAML config to .env format with secret scanning ## Articles Long-form developer guides on individual tools and their differentiators. - [hash-generator](https://obfus.link/articles/hash-generator): Generate hashes across MD5, SHA-1, SHA-256, SHA-384, SHA-512, SHA-3 variants, BLAKE2b, and BLAKE3 from one input. Verify mode accepts a known hash and auto-detects the algorithm from the hash length. - [dev-unit-converter](https://obfus.link/articles/dev-unit-converter): Convert data sizes (with IEC vs SI base toggle), CSS units (with configurable base font and viewport), LLM tokens (with per-model tokenizer ratios for GPT-4, Claude, Llama 3, Gemini), time, and frequency. - [string-escaper](https://obfus.link/articles/string-escaper): Escape strings for safe embedding in JSON, SQL, HTML, regex, shell, URI, CSV, or XML. Chain multiple contexts in order for nested destinations — the only way to safely escape a SQL value inside a JSON payload inside a URL parameter. - [epoch-converter](https://obfus.link/articles/epoch-converter): Convert any timestamp between epoch seconds, epoch milliseconds, ISO 8601, RFC 2822, human-readable, and relative formats. Auto-detect from any input format; render the same instant in multiple timezones simultaneously with DST awareness. - [base64-codec](https://obfus.link/articles/base64-codec): Encode and decode base64 in standard, URL-safe, or MIME variants. Identify mode auto-detects the variant, classifies the decoded content type (JSON, JWT, PEM, image, plain text), and returns parsed JWT segments when applicable. - [html-encoder](https://obfus.link/articles/html-encoder): Encode HTML content for safe embedding in HTML bodies, JSON strings, XML attributes, or URL parameters. Auto-detects the destination context, eliminating the double-encoding bugs that come from applying the wrong escape rule. - [url-parser](https://obfus.link/articles/url-parser): Parse any URL with optional recursive decoding of query parameter values — base64, URL-encoded, JWT, nested JSON, and inner URLs all unpacked. Security flags surface credentials in query strings, open-redirect patterns, and other leakage risks. - [markdown-table](https://obfus.link/articles/markdown-table): Import CSV, TSV, JSON arrays, or HTML tables into properly-aligned markdown tables. Or reverse: export a markdown table to CSV, TSV, or JSON for downstream processing. Lossless round-trip for the structural data. - [sitemap-validator](https://obfus.link/articles/sitemap-validator): Validate XML sitemaps against the sitemaps.org schema with per-line error reporting, plus crawl-budget analysis that surfaces priority dilution, lastmod staleness, and the 50,000-URL cap. Catches structural issues before Google does. - [robots-txt-gen](https://obfus.link/articles/robots-txt-gen): Generate a robots.txt from structured rules and simulate the result against an array of URLs. Catches the false positives (overly broad disallow, accidentally blocked CSS/JS) before deploy. - [xml-to-json](https://obfus.link/articles/xml-to-json): Convert XML to JSON while preserving attributes, namespaces, and CDATA sections as structured metadata — or use simple mode for lossy one-way consumption. Reverse direction (JSON to XML) for round-trip workflows. XXE-safe by default. - [cron-humanizer](https://obfus.link/articles/cron-humanizer): Translate any cron expression to plain English with next-run computation, and detect collisions and resource-contention windows across an array of cron expressions. Catches scheduling conflicts before they hit production. - [password-entropy](https://obfus.link/articles/password-entropy): Evaluate individual passwords for entropy and crack-time, OR evaluate an entire password policy against NIST SP 800-63B recommendations. Returns letter grades, severity-ranked findings, and a remediation plan. - [env-validator](https://obfus.link/articles/env-validator): Validate any .env content against syntax rules or diff it against a canonical .env.example. Surfaces missing keys, extra keys, type mismatches, and credential-looking values before deploy. Catches config errors before the container crashes. - [json-path-evaluator](https://obfus.link/articles/json-path-evaluator): Query any JSON with JSONPath or jq syntax through one API. Suggestion mode recommends extraction expressions when the schema is unknown; tree-overview metadata surfaces the JSON's shape before querying. - [css-effect-generator](https://obfus.link/articles/css-effect-generator): Generate glassmorphism, neumorphism, aurora gradients, noise overlays, or mesh gradients with one tool call. Outputs raw CSS, Tailwind utility classes, and React inline style objects simultaneously for the same parameters. - [header-inspector](https://obfus.link/articles/header-inspector): Paste any HTTP response headers and get a security grade A+ through F against the OWASP Secure Headers Project recommendations. Per-category breakdown for HSTS, CSP, CORS, X-Frame, and Permissions-Policy plus a structured CORS analyser. - [uuid-generator](https://obfus.link/articles/uuid-generator): Generate UUID v7 or v8 with optional monotonic sequence, decode any UUID to recover its version, embedded timestamp, and variant, and run a collision analysis with database migration recommendations. - [regex-verifier](https://obfus.link/articles/regex-verifier): Verify a regex against test cases with anti-pattern detection, generate a regex from positive and negative examples, or translate between five regex dialects with per-feature warnings for incompatibilities. - [json-to-zod](https://obfus.link/articles/json-to-zod): Convert any JSON payload into a production-grade Zod schema with optional branded ID types, JSDoc generation, and configurable date handling — replace a 400-line hand-written schema with one tool call. - [diff-checker](https://obfus.link/articles/diff-checker): Compare two text inputs as JSON structure (ignore key order), YAML structure (ignore comments and reordering), or AST (ignore formatting in JavaScript, TypeScript, Python). Surface only the changes that matter. - [sql-prettifier](https://obfus.link/articles/sql-prettifier): Format any SQL query with configurable indent and keyword casing, and optionally translate dialect-specific syntax between PostgreSQL, MySQL, SQLite, and MSSQL with per-change documentation and unsupported-feature warnings. - [yaml-to-env](https://obfus.link/articles/yaml-to-env): Convert any YAML configuration into a flattened .env file with secret-credential scanning and platform-specific formatters for Vercel, Railway, Fly.io, and Docker Compose. Generic .env output also supported. - [var-name-mangler](https://obfus.link/articles/var-name-mangler): Obfuscate variable, function, and class identifiers in JavaScript, TypeScript, or Python with scope-targeted partial mangling, reversible mappings for round-trip workflows, and themed Devcore vocabularies for CTF and code-as-art. - [hmac-gen](https://obfus.link/articles/hmac-gen): Verify incoming webhook signatures with provider-specific templates that encode each service's exact signing scheme. Generate HMAC signatures for outbound HMAC-authenticated calls in one tool call per provider. - [curl-to-fetch](https://obfus.link/articles/curl-to-fetch): Translate any curl command to fetch, axios, node-fetch, got, or ky. Optional env-var extraction hoists credentials to process.env; optional retry wrapper produces production-ready code with exponential or linear backoff. - [image-to-base64](https://obfus.link/articles/image-to-base64): Convert any image format to base64 with provider-optimal resize, EXIF stripping, and ready-to-paste vision message blocks for Claude, GPT-4V, or Gemini. Replaces five manual steps with one tool call. - [tree-shaking-analyzer](https://obfus.link/articles/tree-shaking-analyzer): Static AST analysis of any ESM or CJS module identifies dead exports, side-effecting top-level code, and the bundle-size impact of each finding. Generates a slim replacement barrel file and the correct package.json sideEffects field. - [jwt-hardener](https://obfus.link/articles/jwt-hardener): Decode any JWT (no signing key required) and surface its security posture against RFC 7519, RFC 8725, and OWASP guidance. Hardened-spec mode generates a recommended replacement structure with a unified diff to guide code fixes. - [llm-to-json-cleaner](https://obfus.link/articles/llm-to-json-cleaner): Repair markdown-wrapped, comma-laden, smart-quoted, or truncated LLM output without a retry round-trip. Optional schema validation pass and a confidence score that tells you when to trust the result and when to escalate. - [link-obfuscator](https://obfus.link/articles/link-obfuscator): AES-256-GCM encrypted link shortening with single or double-hop redirect chains, click-limited self-destructing links, and zero-knowledge passphrase gates — for sharing internal URLs without leaking them. ## Search The MCP `search_utility_grid` tool is unconditionally free (no auth, no rate limit) and returns ranked matches across the full tool inventory by natural-language query. Use it for discovery before calling priced tools.