Turn any LinkedIn profile into a personalized outreach message. Research, hooks, and a ready-to-send DM — in one click.
Website · Install (Chrome Web Store) · Documentation · Security
Status: Public beta. The product is live at useicebreakr.com and the backend is in production on Fly.io. Self-hosting is supported but not yet documented for non-developers.
Icebreakr is a Chrome extension plus hosted API that helps job seekers, founders, and freelancers send cold outreach that actually gets replies. You open any LinkedIn profile, click the icon, and within seconds you get:
- a research brief explaining who this person is and why they're worth reaching out to,
- a match score showing how your background aligns with theirs,
- a ranked list of personalization hooks (shared employers, alumni, recent posts, GitHub activity, fresh company news),
- four ready-to-send messages: connection request, DM, cold email, and follow-up — each grounded in the research above.
No LinkedIn DOM scraping. No auto-sending. The extension only reads the URL of the active tab; all LinkedIn data flows through licensed third-party providers.
Cold outreach defaults to generic templates because real research takes 20+ minutes per person. That's why reply rates on LinkedIn DMs sit around 1–3%. Icebreakr collapses the research into one click and forces the AI to cite specific evidence — a particular post, a shared school, a company's funding round from last week — instead of inventing pleasantries.
Chrome Extension (LinkedIn tab)
│ POST /api/research { profileURL }
▼
Backend on Fly.io
├─ Provider LinkdAPI (primary) → Apify (fallback)
├─ Enrichment Google News + GitHub (best-effort, 10s budget each)
├─ Matcher skill / network / career / timing scores
├─ Generator Claude or OpenAI, prompt-injection hardened
└─ Postgres sessions, research history, message outcomes
Every external dependency is behind a Go interface — see docs/ARCHITECTURE.md. Swapping LinkdAPI for a different data source, or Claude for OpenAI, is a config change, not a rewrite.
- Sign in at useicebreakr.com with your email. We send a one-time code; no password.
- Paste your résumé into the onboarding form so the matcher knows who you are.
- Install the Icebreakr Chrome extension and click "Connect" — it picks up your session via a 30-second one-time handoff code.
- Visit any
linkedin.com/in/<profile>page and click the Icebreakr icon. Side panel opens with your research in 5–10 seconds.
| Layer | Stack |
|---|---|
| Backend | Go 1.26 · Gin · pgx/v5 · goose · slog |
| Database | PostgreSQL 17 — Neon (pooled) in prod, Docker locally |
| LLM | Anthropic Claude (default claude-sonnet-4-6) or OpenAI |
| Data | LinkdAPI (primary) · Apify (fallback) |
| Auth | WorkOS Magic Auth · HttpOnly session cookies · 30s handoff codes |
| Website | Next.js 16 (App Router, Turbopack) · Tailwind v4 |
| Extension | TypeScript · Vite CRX · Manifest V3 · closed Shadow DOM iframe overlay |
| Hosting | Fly.io (backend) · Vercel (website) · Chrome Web Store (extension) |
19 endpoints, all under /api. Auth is via the ib_session HttpOnly cookie (website) or Authorization: Bearer <token> (extension). Every response is shaped { "success": boolean, "data": object | null, "error": string | null }.
| Category | Endpoints |
|---|---|
| Public | GET /api/health, GET /api/auth/start, GET /api/auth/callback, POST /api/auth/handoff |
| Profile | GET/PATCH/DELETE /api/profile, PATCH /api/profile/complete-onboarding, POST /api/profile/scrape |
| Research | POST /api/research, POST /api/message |
| History | GET /api/history, GET /api/history/stats, GET /api/history/:id |
| Outcomes | POST /api/messages/:id/sent, POST /api/messages/:id/copied, POST /api/outcome |
| Session | POST /api/auth/logout, POST /api/auth/logout-all |
Rate limits (per authenticated user unless noted):
/api/research,/api/message— 5 requests/min, burst 5/api/profile/scrape— 3 requests/min, burst 3, hard cap 1000/day/api/history*— 60 requests/min, burst 30- All authenticated routes — 120 requests/min per IP
- Public onboarding — 10 requests/min per IP
Full per-endpoint reference will live in docs/API.md (TODO).
Self-hosting is supported but assumes you're comfortable with Go, Postgres, and Fly.io. You will need accounts with:
- Anthropic or OpenAI
- LinkdAPI and/or Apify
- WorkOS (free tier works)
- Neon (or any managed Postgres)
- Fly.io for the backend, Vercel for the website
A full local dev walkthrough lives in docs/DEVELOPMENT.md (TODO — for now, see the Local development section below).
git clone https://github.com/0xSamrat/icebreakr.git
cd icebreakr
# Backend
cp backend/.env.example backend/.env # fill in keys + secrets
make db-up # docker postgres on :5432
export DATABASE_URL='postgres://icebreakr:icebreakr@localhost:5432/icebreakr?sslmode=disable'
make db-migrate
make backend-run # :8080
# Website (separate terminal)
cd website && npm install && npm run dev # :3000
# Extension (separate terminal)
cp extension/.env.example extension/.env
cd extension && npm install
make ext-dev # writes to extension/dist/Then load extension/dist/ as an unpacked extension at chrome://extensions.
All required environment variables are documented inline in backend/.env.example and extension/.env.example.
Backend — from backend/:
fly deployFly runs /app/migrate in an ephemeral release machine before promoting any new image; a failed migration aborts the deploy.
Website — push to main; Vercel auto-deploys.
Extension — make ext-build produces a Web Store-ready extension/dist/; zip and upload via the Chrome Web Store Developer Dashboard.
- docs/ARCHITECTURE.md — system design, data models, interfaces
- docs/PLAN.md — phased build plan and acceptance criteria
- docs/PROVIDERS.md — integration notes for LinkdAPI and Apify
- docs/AI_MODELS.md — LLM selection, prompt structure, cost notes
- docs/runbooks/ — operational runbooks
- docs/plans/ — past implementation plans (security hardening, etc.)
- CLAUDE.md, backend/CLAUDE.md, extension/CLAUDE.md — coding conventions
- HttpOnly session cookies, HMAC-SHA256 token signatures, revocation on every request.
- Strict CSP with per-request nonces, HSTS preload (2-year max-age), full Permissions-Policy lockdown.
- Untrusted data (target profile, posts, custom anchors) wrapped in
<<<EXTERNAL_DATA>>>delimiters before reaching the LLM. - 200-byte truncation on external API response bodies before logging — no secret leakage in error paths.
- Parameterized queries via pgx throughout; ILIKE wildcards escaped on search inputs.
- Dependabot updates weekly across
gomod,npm, andgithub-actions.
Found a vulnerability? Email [email protected] with the details. Please do not open public GitHub issues for security reports. A SECURITY.md with the formal disclosure policy is TODO.
Pull requests are welcome. Before opening one:
- Fork and branch from
main:feat/your-thingorfix/your-thing. - Run the local checks:
cd backend && go test ./... -race && go vet ./... cd ../extension && npm run typecheck && npm run build cd ../website && npm run build
- Conventional Commits in the PR title (
feat:,fix:,refactor:,docs:,test:). - The extension build runs an overlay-safety gate (
make ext-safety) that blocks LinkedIn DOM scraping or auto-actions from sneaking in. Don't disable it.
A formal CONTRIBUTING.md with the full workflow is TODO.
Built on top of work from these teams:
- Anthropic and OpenAI — LLM APIs
- LinkdAPI and Apify — LinkedIn data
- WorkOS — magic-link authentication
- Neon — serverless Postgres
- Fly.io, Vercel — hosting
- Gin, pgx, goose, Next.js, Vite, Tailwind
No open-source license has been granted yet. The source is published for transparency and review only. Redistribution, modification, or commercial use without written permission is not authorized.
If you want to use Icebreakr commercially or fork it for your own product, reach out at [email protected].
Made by @0xSamrat.