Serverless Edge Functions for Claude, Cursor & AI Agents on Aerostack

Generates a cryptographically random API key with a custom prefix using a base62 alphabet — no ambiguous characters, URL-safe.

Extracts all valid email addresses from free-form text using an RFC 5321 compliant pattern. Supports deduplication and preserves order of first appearance.

Converts HTML to Markdown text. Handles headings, bold, italic, links, code, lists, blockquotes, and horizontal rules. Strips all other HTML tags while preserving text content.

Converts Markdown text to HTML with optional sanitization. Supports all common Markdown syntax including headings, bold, italic, code blocks, lists, links, images, and blockquotes.

Serialize a parameters object to a URL query string with support for arrays, encoding, and null skipping.

Function backing the Daily Digest skill

Validates a request Origin against an allow list and returns the correct CORS response headers to set — supports wildcards and credentials.

Generates a Content-Security-Policy header value from a structured directives object — supports report-only mode and report-uri.

Decrypts an AES-256-GCM encrypted bundle produced by sec-encrypt-aes — key is derived via SHA-256, auth tag is verified automatically.

Encrypts a string with AES-256-GCM using Web Crypto — key is derived via SHA-256, output is a portable IV:ciphertext bundle.

Hashes a string using SHA-256 via the Web Crypto API. Supports hex and base64 output. Zero dependencies.

Signs a string payload with HMAC-SHA256 or HMAC-SHA512 using Web Crypto — outputs a hex-encoded signature.

Verifies an HMAC-SHA256 or HMAC-SHA512 signature using timing-safe Web Crypto comparison — never throws.

Signs a JWT token using HMAC-SHA256 or HMAC-SHA512 via Web Crypto — zero dependencies.

Verifies a JWT token signature and expiry using HMAC-SHA256 or HMAC-SHA512 via Web Crypto — zero dependencies.

Highlights keyword occurrences in text by wrapping them in configurable HTML tags. Handles case-insensitive matching, longest-match-first for overlapping keywords, and HTML entity escaping.

Sanitizes HTML by removing dangerous tags and attributes. Always strips script, style, iframe, form elements, and all event handlers. Keeps only whitelisted tags with whitelisted attributes.

Generates a URL-safe slug from any string. Handles Unicode, accents, and special characters. Zero dependencies.

Converts a space-separated, snake_case, kebab-case, or PascalCase string to camelCase. Zero dependencies.

Converts a camelCase, PascalCase, kebab-case, or space-separated string to snake_case. Zero dependencies.

Truncates text at character, word, or sentence boundaries. Appends a configurable suffix and never cuts mid-word or mid-sentence when using smart modes.

Counts words, unique words, characters, and sentences in a text string. Handles edge cases like empty text, whitespace, and punctuation.

Splits text into overlapping chunks with configurable size, overlap, and boundary snapping (char, word, sentence) for RAG and embedding pipelines.

Trims a conversation message array to fit within a model's context window using configurable strategies, without making any API calls.

Calculates the API cost for an LLM request given a model name, prompt token count, and completion token count, supporting multiple currencies.

Extracts the top N keywords from text using TF-IDF inspired scoring with built-in English stopword filtering, no external API calls required.

Scores text for common prompt injection attack patterns including role overrides, instruction leaking, and jailbreak attempts.

Detects the natural language of a text string using character trigram frequency analysis, supporting 13 languages with no external API calls.

Serialises a structured message array into a formatted prompt string for open-source LLMs, supporting ChatML, Llama 2, Alpaca, and plain text formats.

Extracts the first valid JSON object or array embedded in LLM free-text output, handling markdown code fences.

Validates and optionally repairs LLM output against a schema type (JSON, list, boolean, number, email, URL) without calling any external API.

Fills {{variable}} placeholders in a prompt template string, with optional strict mode to catch missing variables.

Computes descriptive statistics (count, sum, min, max, mean, median, stdDev, variance, percentiles) for an array of numbers.

Groups an array of objects into a map keyed by the value of a specified property. Zero dependencies.

Parses a CSV string into an array of row objects with headers, handling quoted fields, custom delimiters, and escaped characters.

Converts a CSV string to a typed JSON array, automatically inferring numbers, booleans, and null values from string fields.

Computes a structural deep diff between two JSON-serializable values, classifying each change as added, removed, or modified.

Sorts an array of objects by one or more fields with configurable direction, null handling, and nested field dot-notation support.

Add or subtract a duration from a date, supporting units from milliseconds to years with correct month-end handling.

Check if a datetime falls within business hours and return the next opening time.

Calculate the difference between two dates in specified units (ms, seconds, minutes, hours, days, weeks, months, years).

Format a duration in milliseconds to a human-readable string with long, short, or compact styles.

Format a date to a string using format tokens like YYYY-MM-DD HH:mm:ss with optional timezone support.

Parse a date string or unix timestamp to a normalised Unix millisecond timestamp and ISO string.

Format a date as a relative time string like '2 hours ago' or 'in 3 days' using Intl.RelativeTimeFormat.

Convert a datetime from one IANA timezone to another, returning the local time with UTC offset.

Parse a Content-Type header value into MIME type, subtype, charset, boundary, and convenience boolean flags.

Parse a raw HTTP header block string or object into a structured lowercase-keyed object with content-type and authorization extraction.

Extract the real client IP address from HTTP request headers, with proxy trust control and private IP detection.

Parse a URL query string into a typed object with support for arrays, number/boolean coercion, and bracket notation.