ByTheHour

ByTheHour is a time blocking app with a natural language interface. Instead of clicking dropdowns and date pickers to schedule events, you just type. "Add a team meeting tomorrow at 2pm for an hour." "Move my 3pm to 4:30." "Clear Thursday afternoon." The app parses the intent and handles the edit.

bythehour.lovable.app →Sign up and try itByTheHour app screenshot

It's live and working — hosted on Lovable, anyone can sign up and use it. I use it myself. But it's also an intentionally experimental project. The primary reason I built it was to get deep reps working with LLMs inside a real product: integrating the API, debugging model outputs, figuring out what features are actually achievable with natural language as the interface.

Stack

The Interesting Problem: Prompt Injection

The app uses Gemini's API, and I constrained the output to JSON to keep things structured. The model reliably returns valid JSON. But valid JSON doesn't mean safe content — the values inside the JSON can be arbitrary text, and a user can craft a query that gets hostile content into those values. It's a classic prompt injection vector that structured output alone doesn't close.

The fix I have in mind is using a second LLM as an injection-policing layer that evaluates the query before it ever reaches the scheduling model. For a time blocking app specifically, the inputs are inherently open-ended — you can't just whitelist patterns — so you need something that can reason about whether a query is trying to do something it shouldn't. That's on the roadmap, just not implemented yet.

Status

Working demo. Known bugs exist. I haven't migrated it off Lovable to my own hosting yet, and I'm focused on other projects right now. The editing features and natural language interface are solid for personal use. Security hardening and a proper deployment are the next steps when I come back to it.