Add 19 developer utility APIs (hash, UUID, regex, QR, barcode, timezone, cron, JWT, JSON Schema...)

[fredericsuretat]

19 general-purpose developer utility APIs for AI agents and automation pipelines. All live on Base mainnet, self-hosted, no API keys, no signup.

These complement the French data services (#415, #441) with reusable building blocks that fit any language or region:

Encoding & Crypto

• x402 Hash Calculator — MD5/SHA-1/SHA-256/SHA-512/SHA3/BLAKE2b/BLAKE2s. 0.0005 USDC.
• x402 Base Encoder — Base64/Base64url/Base32/Base16/URL encode+decode. 0.0005 USDC.
• x402 UUID Generator — v1/v4/v5/v7 UUID generation (up to 100/call), validate, parse. 0.0005 USDC.
• x402 JWT Decoder — Decode/verify (HMAC, RSA, ECDSA)/inspect. No key stored. 0.0005 USDC.
• x402 Password Tools — Generate, zxcvbn strength scoring + crack time, entropy calc. 0.0005 USDC.
• x402 Luhn Validator — Checksum validation for credit cards, IMEI. 0.0005 USDC.

Text & Data Processing

• x402 Markdown to HTML — GFM (tables, task lists, autolinks). 0.0005 USDC.
• x402 Regex Tester — test/extract/replace/split, PCRE flags. 0.0005 USDC.
• x402 Text Statistics — Readability scores (Flesch/Kincaid/Gunning Fog), keyword density. 0.0005 USDC.
• x402 JSON Schema Validator — Draft-07/2020-12 validation + error paths + schema generation. 0.0005 USDC.
• x402 RSS Feed Parser — RSS 2.0/1.0 + Atom parsing. 0.001 USDC.
• x402 URL Metadata Extractor — OG/Twitter Card/JSON-LD/canonical/main text. 0.001 USDC.

Math & Units

• x402 Unit Converter — 10 categories: length, mass, temp, volume, area, speed, time, energy, pressure, data. 0.0005 USDC.
• x402 Timezone Converter — DST-aware IANA conversion, list, offset. 0.0005 USDC.
• x402 Cron Parser — Next N runs, human description, 5+6 field. 0.0005 USDC.
• x402 Subnet Calculator — IPv4/IPv6: network, broadcast, host count, CIDR contains check. 0.0005 USDC.
• x402 Currency Converter — 170+ currencies, real-time rates, historical. 0.0005 USDC.

Visual

• x402 QR Code Generator — PNG/SVG, error correction L/M/Q/H, custom colors. 0.0005 USDC.
• x402 Barcode Generator — EAN-13/EAN-8/Code 128/Code 39/UPC-A/ITF, PNG/SVG. 0.0005 USDC.
• x402 Color Palette Extractor — Dominant colors from image URL, hex/RGB/HSL + names. 0.001 USDC.

All discoverable via /.well-known/x402.json. FastAPI docs at /docs on each domain.

[TateLyman]

Ran a no-payment external spot-check on three of the new utility APIs. No payment headers, wallet signatures, paid calls, private endpoints, or account access.

Repro shape:

curl -i https://x402-hash.suretat.com/.well-known/x402.json
curl -i -X POST https://x402-hash.suretat.com/hash \
  -H 'content-type: application/json' \
  -H 'origin: https://suretat.com' \
  --data '{"text":"abc","algorithm":"sha256"}'

curl -i https://x402-uuid.suretat.com/.well-known/x402.json
curl -i -X POST https://x402-uuid.suretat.com/generate \
  -H 'content-type: application/json' \
  -H 'origin: https://suretat.com' \
  --data '{"version":"v4","count":1}'

Current readback:

• The sampled discovery URLs did not return usable discovery from here. x402-hash, x402-uuid, and x402-jwt /.well-known/x402.json timed out in the batch run.
• Some paid routes are live: Hash /hash returned a structured 402; JWT /decode returned a 402-shaped response.
• UUID /generate returned 503 no available server from here.
• The sampled 402s did not include Cache-Control: no-store or browser-readable CORS headers with the Origin probe.

I would treat this as a listing-readiness blocker until discovery is stable and at least one route per service is verified against the PR path. After that, the same CORS/no-store challenge headers from your earlier clean services should make these easier for browser-hosted agent clients to consume.

[fredericsuretat]

Thank you for the review, @TateLyman. Issues addressed:

Discovery endpoint: All services now implement /.well-known/x402.json — confirmed 200 on hash, uuid, jwt and all 16 other services in this PR.

CORS + Cache-Control: All 402 challenge responses now include Access-Control-Allow-Origin: * and Cache-Control: no-store.

UUID 503: Was a transient load issue (temporary backend overload). UUID is now stable with GCloud failover.

All 19 services are live with stable discovery. Ready for re-review.

[TateLyman]

Re-ran a no-payment external spot-check after the updates.

Repro shape:

curl -i https://x402-hash.suretat.com/.well-known/x402.json
curl -i -X POST https://x402-hash.suretat.com/hash \
  -H 'content-type: application/json' \
  -H 'origin: https://suretat.com' \
  --data '{"text":"abc","algorithm":"sha256"}'

Current readback:

• Sampled discovery for Hash, UUID, and JWT now returned 200 application/json.
• Hash and JWT sampled paid routes returned structured 402 application/json before execution.
• Those sampled 402 responses now include Access-Control-Allow-Origin: * and Cache-Control: no-store.
• UUID is reachable; my sample body returned 422 application/json, which looks like request-schema validation rather than the earlier backend 503. Worth checking docs/examples, but the availability issue appears resolved from this path.

I did not send payment headers, sign requests, or attempt paid calls.