Deviation & Concession Request Tracker: Bound Every Exception
Capture out-of-spec deviation, concession, and waiver requests with the item, the spec affected, the limits, and a hard expiry — route them to the required quality and engineering approvers, and only then let production proceed under a bounded, documented exception.
An internal web tool where a quality engineer or supervisor submits a deviation/concession request, it routes to the required approvers, they approve or reject with conditions and a hard expiry and quantity cap, production sees only the active, in-bounds deviations, and you export a complete deviation log.
Before you start
- A Supabase account (free)
- A Vercel account (free)
- A Resend account (free) for approval emails
- Your approval rules: who must sign off (quality + engineering) and any dollar/quantity threshold for a second approver
- Your deviation-number format and a sample of the fields you record today
- Claude Code or any AI coding agent
The problem this kills
A lot of product comes out a hair off spec. The coating is a shade light, the bar stock is from a substitute heat, the tolerance is 0.002 over. It's almost certainly fine for this customer, this order, this once — and the line is stopped while everyone waits for a decision. So someone walks over to the boss, gets a verbal "yeah, ship it," and the parts move.
That informal "the boss said okay" is exactly what an auditor lives to find. There's no record of what was waived, no limit on how much product it covers, no date it stops being valid, and no proof the right people — quality and engineering — actually signed off. Six months later the same deviation is quietly still in use because nobody ever wrote down that it was temporary. A one-time concession has silently become the new normal, and your spec means nothing.
A controlled deviation/concession/waiver fixes this: it says what is out of spec, why it's acceptable this time, how much product it covers, when it expires, and who approved it. You can build the tool that enforces all of that this afternoon.
What you'll build
An internal web tool your quality and production team logs into. A quality engineer, design engineer, or production supervisor opens a request and fills in the essentials: the item and its drawing/revision, the exact spec or characteristic affected, the deviation being requested, the quantity or lot it covers, the duration, and the justification. The tool stamps it with a unique deviation number and routes it to the approvers your rules require.
The approvers — quality and engineering, plus a second signer above whatever threshold you set — review the request and either reject it or approve it with conditions, a quantity cap, and a hard expiry date. Only then does the deviation go active. Production gets a clean screen of exactly the deviations that are live right now, in bounds, against each part. The moment the cap is hit or the expiry passes, the deviation drops off the active list automatically — so a temporary exception physically cannot drift into permanent. At any point you export the full deviation log for your auditor.
What's inside the Implementation Plan
The downloadable plan is a single markdown file you paste into an AI coding agent. It opens by interviewing you about your own quality process — what you call a deviation vs. a concession vs. a waiver, your deviation-number format, the exact fields you record, who must approve and at what threshold, how you cap quantity and set expiry, and your messiest edge cases — and then it reads a short spec back for your thumbs-up before it builds anything. That's the difference between a tool shaped to your QMS and a generic form you'd have to fight.
From there it walks the agent through the data model (requests, approvals, the active-deviation view, and the audit trail), the submission form, the duplicate guard on deviation number, the multi-approver routing and the human approval gate, the quantity-cap and expiry enforcement, the production-facing active list, and the log export. Every step ends with a ready-to-copy prompt. There's a full "No API yet?" path: capture requests via the form (or import a CSV), and export a clean deviation-log CSV in the exact columns your QMS expects — so it's fully buildable today with no integration.
The governance it includes (this is the point)
This is the control — it's the whole product. The plan builds in: a login so only your team can use it; row-level security so each site or organization only ever sees its own deviations; a complete audit trail of who submitted, approved, rejected, and exported, and when; a hard human-approval gate so no product can proceed under a deviation until the required approvers sign off; and a duplicate guard on the deviation number so the same request can't be entered twice. Above all, it enforces the limits — a quantity cap and a mandatory expiry date — so a deviation is bounded by design and can never quietly become permanent. That's the audit story your quality manager wants.
Who it's for
Quality engineers, design and manufacturing engineers, and production supervisors who own nonconformance and concessions and are tired of "the boss said okay" with no paper behind it. If you can explain to a new hire what makes a deviation acceptable and who has to sign it, you can build this — no developer required.
You've got this — open the plan, paste the first prompt, answer a few questions about how your quality process actually runs, and you'll watch your first deviation route itself to the right approvers.