Skip to content

L-ubu/exploit-bot

BranchesTags

Repository files navigation

Exploit Bot

AI-powered policy analyzer that finds legal "exploits" in your company's time-off policies — bridge days, holiday stacking, sick leave conversions, and policy loopholes to maximize your days off.

Next.js Supabase Claude AI Stripe

How It Works

  1. Upload your company policy document (PDF, DOCX, TXT, or screenshot)
  2. AI scans the document to extract time-off rules and restrictions
  3. Exploits detected — bridge days, holiday stacks, policy loopholes with ROI calculations
  4. Calendar optimizer shows optimal dates to maximize consecutive days off

Features

  • Document parsing — PDF, DOCX, TXT, and image OCR via Claude Vision
  • Two-tier AI analysis — Free basic scan (Haiku) or Pro deep analysis (Sonnet) for $4
  • Country-aware holidays — Integrates public holidays via Nager.Date API
  • Exploit detection — Bridge days, holiday stacking, sick conversions, policy loopholes
  • ROI calculations — Shows days off gained per PTO day spent
  • Calendar view — Visual planner with color-coded days
  • Activity history — Track applied/dismissed exploits

Tech Stack

Layer Technology
Framework Next.js 16 (App Router, Turbopack)
Database Supabase (Postgres + RLS)
Auth Supabase Auth (Email + Google OAuth)
Storage Supabase Storage (policy files)
AI Anthropic Claude (Haiku free / Sonnet pro)
Payments Stripe (one-time $4 per Pro scan)
Styling Tailwind CSS 4
Deployment Vercel

Getting Started

# Install dependencies
npm install

# Copy env template and fill in your keys
cp .env.local.example .env.local

# Run Supabase migrations (if using local Supabase)
npx supabase db push

# Start dev server
npm run dev

Open http://localhost:3000.

Environment Variables

NEXT_PUBLIC_SUPABASE_URL=        # Supabase project URL
NEXT_PUBLIC_SUPABASE_ANON_KEY=   # Supabase anon/public key
SUPABASE_SERVICE_ROLE_KEY=       # Supabase service role key
ANTHROPIC_API_KEY=               # Anthropic API key
STRIPE_SECRET_KEY=               # Stripe secret key
STRIPE_WEBHOOK_SECRET=           # Stripe webhook signing secret
NEXT_PUBLIC_APP_URL=             # Your app URL (http://localhost:3000 for dev)

Database Schema

  • users — Profile with country, PTO balance, plan tier
  • policies — Uploaded documents with scan status
  • exploits — Detected exploits linked to policies
  • calendar_events — User's planned time-off events
  • activity_log — Audit trail of all actions

All tables use Row-Level Security — users can only access their own data.

AI Pipeline

Document → Parse (PDF/DOCX/TXT/OCR)
         → Stage 1: Extract policy rules (Haiku)
         → Stage 2: Detect exploits against holidays + PTO (Haiku or Sonnet)
         → Store results

License

MIT

About

AI-powered policy analyzer that finds legal exploits in company time-off policies — bridge days, holiday stacking, sick conversions & loopholes to maximize days off

exploit-bot.vercel.app

Topics

automation typescript ai stripe nextjs policy-analysis time-off claude tailwindcss supabase

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages