Case study · 2026

Strand

AI agent platform where users upload documents, chat with them via RAG, deploy agents publicly, embed them on websites via a floating widget, and track engagement through built-in analytics — with Stripe billing and 3-tier plans.

Year

2026

Type

Personal project

Timeline

3 days · 275 commits · AI agent SaaS

Status

Live

The problem

Teams and consultancies sit on valuable document libraries — internal wikis, legal contracts, research papers — but searching them is painful. Existing solutions are either too generic (ChatGPT file uploads) or too expensive (enterprise RAG platforms). There's no simple way to turn a document set into a shareable, embeddable AI agent with usage limits and billing built in.

What I built

I built a multi-tenant AI agent platform on Next.js 16, Supabase with pgvector, and OpenAI. Users create agents, upload documents (PDF/TXT), and the ingestion pipeline parses, chunks, embeds, and stores them. Chat uses cosine similarity retrieval + GPT-4o streaming with inline citations. Agents can be shared publicly or embedded via a widget script.

RAG chat with inline citations
Conversational interface with GPT-4o streaming responses. pgvector cosine similarity retrieves relevant document chunks, displayed as clickable citation badges with source popover. Speech-to-text input via Web Speech API.
Document ingestion pipeline
Upload PDF or TXT files with magic byte validation. Token-aware chunking (js-tiktoken, 100-token windows with overlap), OpenAI text-embedding-3-small for vectors, stored in pgvector. Real-time status polling: uploading → processing → ready.
Public agents and embeddable widget
Deploy agents at /a/:slug — no auth required for visitors. Embeddable floating chat bubble via a script tag (under 10 KB). Origin whitelist enforcement, compact iframe layout, plan-based Powered by Strand branding on free tier.
Agent customization
Custom system prompts, greeting messages, avatar upload. Color picker for widget bubble, message backgrounds, and accent colors. Public/private toggle and slug-based URLs for sharing.
Stripe billing with 3-tier plans
Free (1 agent, 50 msgs/mo), Pro $19/mo (5 agents, 2K msgs), Business $49/mo (20 agents, 10K msgs). Stripe Checkout, Customer Portal, webhook idempotency via processed_events table. Atomic usage tracking with TOCTOU prevention.
Analytics dashboard
Real-time event tracking — conversation starts, messages sent/received. Aggregate stats with messages-per-day chart, recent conversations list with message counts. Agent-level isolation via RLS.
Security hardening
RLS on every table, SECURITY DEFINER functions with search_path lock, prompt injection mitigations (XML delimiters, input caps), signed URLs for file access, magic byte validation, webhook idempotency for payments.

The result

The platform handles the full AI agent lifecycle — from document upload through embedding, retrieval, and streaming chat to public deployment, website embedding, and usage-metered billing. Every action is RLS-isolated, rate-limited, and audit-tracked.

275

commits

day build

API routes

DB migrations

Stack

Next.jsReactTypeScriptTailwind CSSSupabaseshadcn/uiTanStack QueryReact Hook FormZodOpenAIStripepgvectorunpdfjs-tiktoken

Build timeline

Day 1a

Auth (email/password, OAuth-ready), app shell with collapsible sidebar, knowledge bases CRUD, document upload with drag-drop zone, server-side file validation, and Supabase Storage integration.

Day 1b

Ingestion pipeline — PDF/TXT parsing with unpdf, token-aware chunking (js-tiktoken), OpenAI embeddings (text-embedding-3-small), pgvector storage. Status polling UI with processing indicators.

Day 1c

RAG chat — pgvector cosine similarity retrieval, GPT-4o streaming, inline citation badges with source popovers, conversation persistence, speech-to-text input, dark/light theme.

Day 1d

Stripe billing — 3-tier plans (Free/Pro/Business), Checkout sessions, Customer Portal, webhooks with idempotency, usage tracking, limit enforcement on chat and upload, upgrade CTAs.

Day 2a

Agent platform — rename knowledge_bases to agents, personality config (system prompt, greeting), public agent pages at /a/:slug, anonymous chat sessions, embeddable floating widget with origin validation.

Day 2b

Agent customization (color picker, avatar, design config), analytics dashboard with event tracking and charts, 3-tier plan restructure with agent limits, landing page rewrite, security audit and hardening.

Building something similar? I take on one SaaS or MVP project per month. Two-week scopes, weekly demos.

Start a conversation →

All projects← back to work