Case study · 2026

Scoped

AI-powered project scoping tool. Describe your idea with budget and timeline constraints, get a structured scope document in under 60 seconds — feature breakdown with hour estimates, opinionated stack picks, and industry-aware risk flags.

Year

2026

Type

Personal project

Timeline

1 day · 83 commits · AI-driven scoping

Status

Live

scoped-sigma.vercel.app

The problem

Non-technical founders and freelancers waste hours going back and forth with developers just to understand what building their idea actually involves. There's no quick way to get a structured, budget-aware breakdown of features, tech stack, estimates, and risks — without hiring a consultant or writing a 20-page brief.

What I built

I built a single-page AI scoping tool on Next.js 16 and Supabase that takes a plain-English project description with budget, timeline, and industry context, sends it to Claude with an engineered system prompt, and returns a structured scope document with prioritised features, hour estimates, stack recommendations, and risk flags.

AI scope generation
Users describe their project with budget range, timeline, project type, and optional industry. Claude returns structured JSON — prioritised features with hour estimates, opinionated stack picks, total estimate range, and 2–4 risk flags. All in under 60 seconds.
Industry-aware prompting
System prompt adapts to the selected industry — HIPAA flags for healthcare, PCI-DSS for fintech, FERPA for education, COPPA for children's apps. Budget and timeline constraints shape feature priorities and risk severity.
Section-level regeneration
Regenerate just the features, stack, or risks without losing the rest of the scope. Separate rate limits — 2 full generations and 4 section regens per user per 24 hours.
Branded PDF export
Download scope as a branded PDF with feature table, priority badges, stack recommendations, risk flags, and watermark. Lazy-loaded with @react-pdf/renderer — only renders on demand.
Scope history
Every generated scope is saved to Supabase with row-level security. Users can revisit, compare, and refine past scopes from a side sheet without re-generating.
Prompt injection defense
Regex patterns detect common injection attempts (ignore instructions, act as, system prompt). Input is validated with Zod on both client and server before reaching Claude.
Auth and rate limiting
Google OAuth and passwordless magic link via Supabase Auth. Per-user rate limits tracked in the database — separate quotas for full generations and section regens.

The result

The tool delivers a structured, actionable scope document from a single paragraph of input. Features are grouped by priority with hour estimates, the stack is opinionated to the project type and budget, and risk flags surface compliance and technical concerns upfront — all exportable as a branded PDF.

commits

day build

routes

feature files

Stack

Next.jsReactTypeScriptTailwind CSSSupabaseshadcn/uiTanStack QueryReact Hook FormZodAnthropic Claude API@react-pdf/renderer

Build timeline

Phase 1

Project scaffold with Next.js 16, Brief design system tokens (Paper, Ink, Vermillion), security headers (CSP, HSTS, X-Frame-Options), typography setup with Instrument Serif, IBM Plex Sans, and JetBrains Mono.

Phase 2

Scope input form with Zod validation — project type, budget range, timeline, and optional industry selector. Claude API route with structured JSON output, engineered system prompt, and IP-based rate limiting.

Phase 3

Output renderer — feature list with priority groups and inline risk pills, stack recommendations, estimate summary with stat cards, copy-to-clipboard, tabbed output view, loading skeletons, dark/light theme toggle.

Phase 4

Branded PDF export with @react-pdf/renderer — feature tables, priority badges, watermark, dynamic file naming. Client-side rate limit UI with usage counter and disabled states.

Phase 5

AI hardening — prompt injection defense with regex patterns, few-shot examples in system prompt for output quality, industry-aware scoping (HIPAA, PCI-DSS, FERPA), section-level regeneration with separate rate limits.

Phase 6

Supabase integration — Google OAuth and magic link auth, scope persistence with history sheet, per-user data isolation via RLS, proxy.ts auth guard, state refactoring (useReducer, custom hooks), code cleanup.

Building something similar? I take on one SaaS or MVP project per month. Two-week scopes, weekly demos.

Start a conversation →

All projects← back to work