Skip to content

0xSamrat/icebreakr

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

122 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Icebreakr

Turn any LinkedIn profile into a personalized outreach message. Research, hooks, and a ready-to-send DM — in one click.

Website · Install (Chrome Web Store) · Documentation · Security


Status: Public beta. The product is live at useicebreakr.com and the backend is in production on Fly.io. Self-hosting is supported but not yet documented for non-developers.

What it is

Icebreakr is a Chrome extension plus hosted API that helps job seekers, founders, and freelancers send cold outreach that actually gets replies. You open any LinkedIn profile, click the icon, and within seconds you get:

  • a research brief explaining who this person is and why they're worth reaching out to,
  • a match score showing how your background aligns with theirs,
  • a ranked list of personalization hooks (shared employers, alumni, recent posts, GitHub activity, fresh company news),
  • four ready-to-send messages: connection request, DM, cold email, and follow-up — each grounded in the research above.

No LinkedIn DOM scraping. No auto-sending. The extension only reads the URL of the active tab; all LinkedIn data flows through licensed third-party providers.

Why this exists

Cold outreach defaults to generic templates because real research takes 20+ minutes per person. That's why reply rates on LinkedIn DMs sit around 1–3%. Icebreakr collapses the research into one click and forces the AI to cite specific evidence — a particular post, a shared school, a company's funding round from last week — instead of inventing pleasantries.

How it works

Chrome Extension (LinkedIn tab)
        │  POST /api/research { profileURL }
        ▼
Backend on Fly.io
        ├─ Provider     LinkdAPI (primary) → Apify (fallback)
        ├─ Enrichment   Google News + GitHub  (best-effort, 10s budget each)
        ├─ Matcher      skill / network / career / timing scores
        ├─ Generator    Claude or OpenAI, prompt-injection hardened
        └─ Postgres     sessions, research history, message outcomes

Every external dependency is behind a Go interface — see docs/ARCHITECTURE.md. Swapping LinkdAPI for a different data source, or Claude for OpenAI, is a config change, not a rewrite.

Get started (as a user)

  1. Sign in at useicebreakr.com with your email. We send a one-time code; no password.
  2. Paste your résumé into the onboarding form so the matcher knows who you are.
  3. Install the Icebreakr Chrome extension and click "Connect" — it picks up your session via a 30-second one-time handoff code.
  4. Visit any linkedin.com/in/<profile> page and click the Icebreakr icon. Side panel opens with your research in 5–10 seconds.

Tech stack

Layer Stack
Backend Go 1.26 · Gin · pgx/v5 · goose · slog
Database PostgreSQL 17 — Neon (pooled) in prod, Docker locally
LLM Anthropic Claude (default claude-sonnet-4-6) or OpenAI
Data LinkdAPI (primary) · Apify (fallback)
Auth WorkOS Magic Auth · HttpOnly session cookies · 30s handoff codes
Website Next.js 16 (App Router, Turbopack) · Tailwind v4
Extension TypeScript · Vite CRX · Manifest V3 · closed Shadow DOM iframe overlay
Hosting Fly.io (backend) · Vercel (website) · Chrome Web Store (extension)

API at a glance

19 endpoints, all under /api. Auth is via the ib_session HttpOnly cookie (website) or Authorization: Bearer <token> (extension). Every response is shaped { "success": boolean, "data": object | null, "error": string | null }.

Category Endpoints
Public GET /api/health, GET /api/auth/start, GET /api/auth/callback, POST /api/auth/handoff
Profile GET/PATCH/DELETE /api/profile, PATCH /api/profile/complete-onboarding, POST /api/profile/scrape
Research POST /api/research, POST /api/message
History GET /api/history, GET /api/history/stats, GET /api/history/:id
Outcomes POST /api/messages/:id/sent, POST /api/messages/:id/copied, POST /api/outcome
Session POST /api/auth/logout, POST /api/auth/logout-all

Rate limits (per authenticated user unless noted):

  • /api/research, /api/message — 5 requests/min, burst 5
  • /api/profile/scrape — 3 requests/min, burst 3, hard cap 1000/day
  • /api/history* — 60 requests/min, burst 30
  • All authenticated routes — 120 requests/min per IP
  • Public onboarding — 10 requests/min per IP

Full per-endpoint reference will live in docs/API.md (TODO).

Self-hosting

Self-hosting is supported but assumes you're comfortable with Go, Postgres, and Fly.io. You will need accounts with:

A full local dev walkthrough lives in docs/DEVELOPMENT.md (TODO — for now, see the Local development section below).

Local development

git clone https://github.com/0xSamrat/icebreakr.git
cd icebreakr

# Backend
cp backend/.env.example backend/.env       # fill in keys + secrets
make db-up                                  # docker postgres on :5432
export DATABASE_URL='postgres://icebreakr:icebreakr@localhost:5432/icebreakr?sslmode=disable'
make db-migrate
make backend-run                            # :8080

# Website (separate terminal)
cd website && npm install && npm run dev    # :3000

# Extension (separate terminal)
cp extension/.env.example extension/.env
cd extension && npm install
make ext-dev                                # writes to extension/dist/

Then load extension/dist/ as an unpacked extension at chrome://extensions.

All required environment variables are documented inline in backend/.env.example and extension/.env.example.

Deploying

Backend — from backend/:

fly deploy

Fly runs /app/migrate in an ephemeral release machine before promoting any new image; a failed migration aborts the deploy.

Website — push to main; Vercel auto-deploys.

Extensionmake ext-build produces a Web Store-ready extension/dist/; zip and upload via the Chrome Web Store Developer Dashboard.

Documentation

Security

  • HttpOnly session cookies, HMAC-SHA256 token signatures, revocation on every request.
  • Strict CSP with per-request nonces, HSTS preload (2-year max-age), full Permissions-Policy lockdown.
  • Untrusted data (target profile, posts, custom anchors) wrapped in <<<EXTERNAL_DATA>>> delimiters before reaching the LLM.
  • 200-byte truncation on external API response bodies before logging — no secret leakage in error paths.
  • Parameterized queries via pgx throughout; ILIKE wildcards escaped on search inputs.
  • Dependabot updates weekly across gomod, npm, and github-actions.

Found a vulnerability? Email [email protected] with the details. Please do not open public GitHub issues for security reports. A SECURITY.md with the formal disclosure policy is TODO.

Contributing

Pull requests are welcome. Before opening one:

  1. Fork and branch from main: feat/your-thing or fix/your-thing.
  2. Run the local checks:
    cd backend && go test ./... -race && go vet ./...
    cd ../extension && npm run typecheck && npm run build
    cd ../website && npm run build
  3. Conventional Commits in the PR title (feat:, fix:, refactor:, docs:, test:).
  4. The extension build runs an overlay-safety gate (make ext-safety) that blocks LinkedIn DOM scraping or auto-actions from sneaking in. Don't disable it.

A formal CONTRIBUTING.md with the full workflow is TODO.

Acknowledgements

Built on top of work from these teams:

License

No open-source license has been granted yet. The source is published for transparency and review only. Redistribution, modification, or commercial use without written permission is not authorized.

If you want to use Icebreakr commercially or fork it for your own product, reach out at [email protected].


Made by @0xSamrat.

About

turns any LinkedIn profile into a personalized outreach message: research, hooks, and a ready-to-send DM in one click.

Topics

Resources

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors