Showing 100 of 100 loaded APIs
Code Mode Cloudflare Compressed 2500 Api Endpoints 1000 Tokens
codex.everygoodwork.io
Cloudflare's Code Mode turns 2,500 API endpoints into 1,000 tokens. The protocol designed to unlock capabilities had to be architecturally circumvented. Code Mode is a standard, auth, tool discovery pattern within MCP.
The Shared Key How One Oauth Client Id Nearly Made Revocation Impossible
codex.everygoodwork.io
The Shared Key is a key that lets you revoke tokens of a single OAuth session without deleting all the others. The key was hardcoded into a single, pre-seeded client called 'creator-cli' The key is a unique, unique, scoped, unique client named 'creator' Every browser session, every CLI login, every AI agent — they all shared this one `client_id'
How Four Parallel Ai Agents Red Teamed Oauth Found Eight Vulnerabilities
codex.everygoodwork.io
Four AI agents running parallel security audits found what sequential human review missed. Vulnerabilities included upload IDOR, EIP-55 case mismatch, optional PKCE, and unvalidated scopes. All fixed in +41/-22 lines.
Stop Wasting Ai Tokens On Deterministic Tasks Build Local Rust Tools Instead
codex.everygoodwork.io
The story of how a deterministic workload disguised itself as an AI task for five months. The AI that did the work wrote the prompt that built the Rust binary that made itself unnecessary. The real tool was waiting to be built.
Ai Caught Binary Docx In Git Commit Converted To Markdown Automatically
codex.everygoodwork.io
A commit workflow paused to think when a .docx file broke three project conventions. The AI flagged it, converted it to diffable markdown with zero dependencies, and the commit landed clean.
Oauth Empty Subject Privilege Escalation Bypass Cloudflare Workers Red Team Fix
codex.everygoodwork.io
Security fix broke agent authentication. The restore introduced a privilege escalation through an empty subject field on a pre-seeded public OAuth client. Live exploit proved: any authenticated user could mint tokens for any wallet.
Why Ai Agents Ignore Instructions And Adding More Rules Wont Fix It
codex.everygoodwork.io
The Infinite Instruction Loop: Why Your AI Agent Keeps Breaking The Same Rule. The problem is that an agent that ignores instruction N will also ignore instruction N+1. The solution is to add more instructions.
Refactoring Ai Generated Spaghetti Code Rust Cloudflare Workers Routing Structure
codex.everygoodwork.io
Every curl request with a Bearer token returned 302 to login. Headless clients had tokens, not cookies, and the routing structure made the API unroutable. The routing layer had become so tangled that where a route lived in the code determined what auth it required. This is what AI-generated code does when you don't interrogate every line.
Cloudflare Zero Trust Transient Auth 5000 Users 50 Seats Two Lines Rust
codex.everygoodwork.io
Cloudflare Zero Trust has a 50-seat limit. The fix: treat Zero Trust as a verification gateway, not a session manager. Occupy the seat for six seconds, not six months. 633 lines collapsed to 2 lines in the caller. Cost: zero dollars.
How To Merge Two Valuable Systems Without Losing Either Strategic Upgrade Pattern
codex.everygoodwork.io
Merging Truth: The Story Architect Upgrade is a new book by Peter Hammond and Claude Claude. The goal is to create a 600-line skill that can handle any storytelling input type while preserving specialized excellence.
Rust Macros Eliminate Sqlite Binding Friction Cloudflare Workers Zero Runtime Cost
codex.everygoodwork.io
Rust's SQLite binding required all parameters to be the same type due to a generic constraint. D1 (Cloudflare's distributed SQL) doesn't have this problem. Their `bind()` just works with mixed types. We built a compile-time macro that handles the conversion automatically.
Lending Liquidation Sentinel
httpay.xyz
Lending Liquidation Sentinel — finds Aave V3 positions on Base close to liquidation. Returns positions with health factor below threshold, with collateral/debt breakdown and estimated liquidation profit. Supports ?protocol=aave&chain=base&threshold=1.1&demo=true.
Check
undo.agentutil.net
Before deleting or modifying data on Gmail, Shopify, Stripe, and 17 other platforms -- check if the action can be undone, get recovery windows, and find safer alternatives
Input:
{"action":"delete","count":500,"platform":"gmail","resource":"email","scope":"batch"}Check
think.agentutil.net
Intent security — pre-flight safety checklist with severity-ranked checks, risk factors, and domain-specific considerations before any high-risk agent action
Input:
{"action":"delete_records","description":"Delete all customer records where last_login > 2 years ago...Check
norm.agentutil.net
Is this expense, salary, or other common metric normal? Sanity-check values against real-world benchmarks (BLS, IRS, GSA data) to flag anomalies before they become problems
Input:
{"category":"expense:travel:hotel_nightly","region":"US","unit":"USD","value":450}Check
context.agentutil.net
Should I take this action right now? Checks timezone, holidays, business calendar, and platform status across 11 countries before sending emails, deploying code, or running campaigns
Input:
{"action":"send_marketing_email","country":"US","date":"2026-12-25","description":"Send promotional ...So11111111111111111111111111111111111111112
pro-api.coingecko.com
Query onchain DEX token price & market data based on the provided token contract addresses on a network.
Input:
{"include_24hr_price_change":true,"include_24hr_vol":true,"include_inactive_source":true,"include_ma...🤖 For AI Agents
This page is machine-readable. Access the x402 Bazaar programmatically:
GET https://api.cdp.coinbase.com/platform/v2/x402/discovery/resourcesReturns JSON with discoverable APIs, their schemas, pricing, and payment info.