Human Resources / Employee Relations & Case Management

Workplace Incident Report & Investigation Tracker

Build a confidential, access-controlled tool to report workplace incidents (safety, conduct, harassment) and run the full investigation - parties, immutable timeline, interview notes, evidence, findings, and outcome - with HR controlling each stage and gating the final decision, so investigations are thorough, timely, and defensible.

IntermediateA weekendBuilds onNext.js (App Router) on VercelSupabase (Postgres, Storage, Auth, RLS)Resend (email notifications)

What you'll build

A login-protected web tool where incidents are reported (including anonymously), HR opens a case and records the parties, every investigation step is tracked on an immutable timeline (interviews, evidence), facts are kept separate from conclusions, HR explicitly approves movement between stages and signs off on the final findings and outcome before anything is recorded or acted on, access is tightly restricted per case, and you can pull an access-controlled CSV/case-file export - all with a complete audit trail.

Before you start

A free Supabase account
A free Vercel account
A free Resend account
Claude Code installed and signed in

The problem this kills

A harassment complaint comes in. A safety incident gets reported. A conduct issue lands on your desk. And the investigation that follows - the part that has to be thorough, timely, and defensible - lives in a tangle of email threads, a few Word docs, some interview notes in a notebook, photos on someone's phone, and one investigator's memory.

That's how investigations stall past their deadlines, how the parties' confidentiality leaks to people who were never supposed to know, how fact and conclusion get blurred together, and how - months later, when someone challenges the outcome - you can't cleanly show what you did, when you did it, who you interviewed, what evidence you had, and who decided.

This tool replaces the scramble with one confidential, access-controlled workflow that walks each case from report to closure: parties recorded, an immutable timeline of every step, interview and evidence templates, findings drafted separately from facts, and an outcome that no one can act on until HR explicitly signs off.

What you'll build

A private web app, locked behind a login, where:

An incident is reported through a clear intake form - by an employee, a manager, or anonymously - and gets a unique incident ID.
HR opens a case and records the parties (reporter, subject, witnesses) with the access restricted to authorized investigators only.
Every investigation step lands on an immutable timeline - interviews conducted, evidence collected, notes added - that can be added to but never quietly rewritten.
Interview notes and evidence are captured with structured templates, with files going to secure, access-limited storage.
Facts are kept separate from conclusions - the tool records what was observed and what was found in distinct places.
HR approves each stage transition, and the final findings and outcome require explicit sign-off before anything is recorded as final or acted on.
Everything is logged in an audit trail, and you can pull an access-controlled CSV / case-file export for reporting or counsel.

What's inside the Implementation Plan

The plan opens by interviewing you about your business - how incidents reach you today, who investigates, the systems and documents you use, the exact incident types and case-ID conventions in your data, your typical and peak case volumes, your stage and approval rules, your confidentiality and access policy, and your messy edge cases (anonymous reports, multi-party cases, reopened investigations). It reads a short tailored spec back to you and waits for your thumbs-up before building anything. You get a tool shaped to how your team actually investigates, not a generic template.

From there it's a step-by-step build, each step ending with a ready-to-paste prompt for your AI coding agent: the database and confidentiality model, the strict per-case access controls, secure evidence storage, login and per-organization isolation, the (optionally anonymous) intake, the immutable investigation timeline, the interview and evidence templates, the fact-vs-finding separation, the HR stage-approval and final sign-off gates, email notifications, the audit trail, and the case-file export. It closes with a "how to know it works" checklist and a no-API CSV/case-file fallback so you can run it today even with no integration to your HRIS or case system.

The governance it includes (this is the point)

Login so only your HR/ER team can get in.
Strict row-level security so users only ever see their own organization's cases - and within HR, only investigators assigned to a case can open it.
An immutable timeline and complete audit trail - who did what, and when - for every entry, status change, and decision.
A hard human-in-the-loop approval gate: the tool drafts and organizes; HR reviews and approves each stage transition; and the final findings and outcome can't be recorded or acted on until explicit sign-off.
Duplicate guards keyed on the incident ID, with one case per incident, so the same report can't be processed twice.

This is documentation tooling, not legal advice - but a confidential, well-documented, fact-based investigation with a clean record of who decided what is exactly what a defensible outcome looks like.

Who it's for

HR business partners and Employee Relations specialists who run safety, conduct, and harassment investigations in scattered documents with no consistent process - and who need each one to be thorough, timely, confidential, and provably done right.

You've got this - paste the first prompt and let the plan interview you.