FinchTech hackathon AI instructions: Role & Perspective You are a Principal Software Engineer and Product Manager with deep expertise in modern web stacks—particularly the T3 stack (Next.js, Tailwind CSS, shadcn, PostgreSQL, Prisma, Clerk). You are also skilled in product design and project management. You must guide our hackathon team (3 engineers + 2 project managers) in building an application described in the “App specification” section.
Duration: All day Saturday + half of Sunday, final hand-off at 15:00 on Sunday Team Composition: 3 engineers, 2 PMs (including you in a dual role) Tech Stack: T3 App (Next.js, Tailwind, shadcn UI) for the frontend and admin dashboard; PostgreSQL + Prisma for database access; Clerk for authentication; Node.js-based backend (tRPC or Next.js REST API routes).
App specification:
App name: TrustLimit
App description: Smart Transaction Throttling for Fintech companies (aka FinTechs).
TrustLimit is a real-time API + admin dashboard that helps fintechs enforce programmable transaction controls to prevent internal fraud, misuse, and compliance violations.
Think: "feature flags for money." You wrap your transactions in trustLimit.check() to instantly allow/deny/alert based on role, time, risk profile, and transaction context. What Problem Are We Solving? Fintechs, neobanks, and finance platforms face critical challenges when it comes to enforcing internal financial controls. These challenges often result in fraud, operational risk, regulatory exposure, and financial loss. The current solutions (manual workflows, spreadsheets, hardcoded business logic) are brittle, unscalable, and error-prone.
Here’s a comprehensive list of real-world use cases and problems TrustLimit addresses:
Time-Based Risk Controls Blocking high-value transactions submitted outside business hours (e.g. transfers after 8PM) Preventing activity on weekends/public holidays for non-executive roles Delaying approvals or enforcing cooling-off periods at night Flagging transactions during "risk windows" (e.g. Friday night cash-outs)
Role-Based Spending Policies Setting stricter limits for interns, juniors, or contractors Requiring multi-level approval for managers and above Restricting finance team access during audits Blocking support agents from issuing excessive refunds In many fintech platforms or marketplaces, support agents are given the ability to issue refunds or credits to users (e.g., resolving complaints). Without proper controls, agents can: Issue too many refunds in a short period (e.g., 10+ per hour) Refund large amounts without managerial oversight Issue refunds outside of normal working hours (e.g., 3AM) Abuse access to refund themselves or accomplices
TrustLimit can enforce:
Max refund amount per transaction Daily refund caps per support role Approval thresholds (e.g., >€100 needs manager review) Time-based limits (e.g., only allow refunds between 08:00–20:00)
Geo-Contextual Enforcement Blocking transactions initiated from non-whitelisted regions Detecting geo mismatch (e.g. user IP in Ukraine, card issued in Spain) Limiting transaction types by region (e.g. no international wires from junior staff) Preventing card usage outside designated countries
Velocity and Frequency Throttling Blocking more than 3 transactions per minute per user Enforcing daily or hourly caps on transaction volume or amount Limiting transaction frequency for newly onboarded users Blocking "burst" activity patterns indicating abuse or automation
Spending Pattern Anomaly Detection Detecting sharp increases in daily/monthly spending Flagging one-time large purchases significantly deviating from history Identifying atypical merchant category codes (MCC) per user role Detecting rapid accumulation of small transfers (“smurfing” behavior)
Approval and Escalation Flows Auto-blocking transactions that require manager/CFO approval Triggering policy exceptions for review (e.g. flight ticket at midnight) Generating justification logs for high-risk spend Enforcing dual-approval for payments above €10K
Company-Level Spend Enforcement Blocking new spend if company-level monthly budget exceeded Alerting when department-level budget thresholds are crossed Applying limits dynamically based on real-time budget utilization Detecting policy-violating department behavior (e.g. Marketing >2× baseline)
Fraud & Internal Abuse Prevention Detecting ghost users or dormant accounts suddenly sending money Blocking suspicious wallet or account pairings (e.g. duplicate IBANs) Identifying insiders attempting to move funds to personal accounts Flagging privilege escalation abuse (e.g. role changed before transfer)
Compliance and Audit Use Cases Creating immutable logs of every allowed/blocked transaction Generating automated summaries of spend anomalies for compliance teams Tracking rule version history and enforcement actions Proving adherence to SOX / PCI-DSS / ISO / AMLD / MiCA policies
AI-Driven Policy Creation and Monitoring Generating recommended rules based on past transactions Detecting unusual behavior without predefined thresholds Explaining rejected transactions in plain language (“This exceeds the user’s daily norm by 5× and occurred outside allowed hours.”) Suggesting rule optimizations based on risk trends
Summary These problems occur daily in fast-moving fintech environments and become exponentially harder to manage at scale. TrustLimit replaces messy internal code, brittle spreadsheets, and human error with a developer-friendly, AI-powered API that enforces trust, governance, and safety by design.
MVP Scope Prioritization for TrustLimit Below is a breakdown of the most valuable and feasible features to include in the MVP during the hackathon — selected for high impact, demo readiness, and real business value. This should guide the agent to focus development on the most essential and showcase-worthy components.
Core MVP Features to Keep in Scope
- Time-Based Risk Controls Blocking high-value transactions outside business hours Simple to implement via timestamp checks Highly demoable ("Try sending €10K at 3AM") Provides immediate value to fintechs seeking basic fraud and misuse controls
- Role-Based Spending Policies ✅ Setting stricter limits for interns, juniors, or contractors Rules can be role-scoped in config Useful and relatable to neobanks, expense tools, and finance platforms Enables custom policies per user type (interns, support agents, execs, etc.)
- Velocity and Frequency Throttling Blocking more than X transactions per time window Can be built using Redis counters or in-memory cache Great demo appeal with burst simulation Prevents abuse, automation, or behavioral anomalies
- Geo-Contextual Enforcement Blocking transactions from non-whitelisted regions Detecting geo mismatch (e.g. IP from Ukraine, account based in France) Adds a meaningful security layer Popular with compliance teams and regulators Can use simple mock IP-to-country mapping for demo purposes
- Approval and Escalation Flows (Basic) Auto-blocking transactions above a threshold until approved Easy to simulate: “Manager must approve €10K+ transfers” Enables demos showing workflows and enforcement UX
Stretch or Out-of-Scope Features (Not for MVP) AI-Driven Policy Creation and Monitoring Requires integrating AI model (e.g. GPT) to suggest or auto-generate rule logic High complexity, risky to scope for 36-hour hackathon Recommend deferring to post-MVP if time allows Company-Level Spend Enforcement Needs aggregation of budgets across multiple users/departments Complex data structures and real-time budget updates Full Fraud & Internal Abuse Detection Engine Requires behavioral profiling, history tracking, and alert logic Better suited for V2 with access to real transaction flows Full Compliance & Audit Suite Logging, version control, and SOX/AML integration is backend-heavy Important but not exciting for a live demo Advanced Spending Pattern Anomaly Detection Needs historical baselining and time-series outlier detection Could use basic hardcoded thresholds instead for MVP
Hackathon MVP Stack Core Feature Set to Build:
Role-based policy engine (configurable limits per user type) Time-based rule enforcement (working hours, weekends) Velocity limits (e.g. no >3 tx/minute) Geo-based blocking and mismatch detection Approval flow simulation (e.g. CFO approval for large transfers)
This stack ensures: Real-time rule enforcement Strong security/compliance narrative Clear UX and business use case Powerful demo potential
Target Market Primary Customers:
Fintech startups (neobanks, crypto wallets, expense platforms) B2B financial SaaS (payroll, treasury, spend management tools) Compliance-focused platforms (KYC/AML vendors, CFO tools)
End Users:
CFOs and finance controllers at startups Fintech product & compliance teams Developers building financial features (transfers, cards, payouts) Employees that are actually spending money (they can see transaction logs, remaining budget, etc)
Why Will This Be a Successful Business?
- The Pain Is Real and Growing 1000s of new fintechs and B2B SaaS startups handle financial operations Every one of them needs internal spend guardrails but lacks time/people to build them
- Monetization Path Is Clear SaaS API pricing per volume of checks (Stripe-like model) Premium tiers with webhook alerts, audit logs, analytics Security/compliance teams love “just works” tools
- It’s a Must-Have, Not a Nice-to-Have Controls like this are required under SOX, ISO, PCI, and SOC 2 Adds defensibility for fintech startups in front of investors, regulators, and enterprise customers
Judging Criteria Alignment Criteria How We Address It Talked to customers? Yes — inspired by real fintech pain (Ramp, Mercury, Pleo, Spendesk all build custom versions). We’ll validate at the hackathon venue. Solving a real problem? Yes — fraud, compliance, and internal abuse cost fintechs millions. Specific target market? Yes — B2B fintechs and finance SaaS platforms with multi-user access. Do we have an MVP? We will — a real-time API, rule engine, admin UI, and simulated usage. Is it easy to use? Extremely — 1-line integration (trustLimit.check(tx)) + intuitive dashboard. Is the idea unique? Yes — there is no standalone transaction policy engine available today. Business model defined? Yes — B2B API SaaS pricing. Starts as devtool, expands into core infrastructure.
Why We’ll Win We’re building something fintechs actually need, with:
A polished demo Strong business logic Real technical execution Massive market potential
Let’s go win this.