runbookify
← All plans
Compliance, Quality & Risk / Incident & Near-miss Reporting

Incident & Near-miss Intake with QR Codes

Post a QR code around your site so any worker can report an incident or near-miss from their phone in under a minute - then your EHS coordinator triages each one and logs it to the official register with a reference number.

IntermediateA weekendBuilds onNext.js (App Router) on VercelSupabase (Postgres, Storage, Auth, RLS)Resend (email)
What you'll build

A mobile-first intake form reachable by per-location QR codes, optional anonymous reporting, a gated triage queue where the EHS coordinator confirms category and severity before anything is logged, automatic reference numbers, Resend acknowledgments and severity-routed manager alerts, and a CSV export in your incident-log format.

Gated download

Enter your email — the plan downloads instantly and a copy lands in your inbox.

By submitting your email you'll also receive the weekly runbookify newsletter. You can unsubscribe at any time.

Before you start

  • A free Vercel account
  • A free Supabase account
  • A free Resend account (for acknowledgments and manager alerts)
  • A CSV or Google Sheet of your site locations/areas and your incident types/categories
  • The exact column layout your current incident log expects (for the CSV export)

The problem this kills

Near-misses are the cheapest safety data you'll ever get - and most of it never reaches you. Your frontline crew sees the loose guardrail, the spill, the forklift that nearly clipped someone, and then says nothing. Not because they don't care, but because reporting means finding a supervisor, filling out a paper form, or logging into a clunky system they don't have access to. By the time anyone writes it down, the moment - and the detail - is gone.

So your incident register looks suspiciously quiet, right up until the day it isn't. And when an auditor asks "show me your near-miss reporting trend," you've got a thin, lagging trickle that nobody believes.

The fix is friction removal: make reporting take less time than walking to find a supervisor. A QR code on the wall, a phone, sixty seconds, done - with an option to stay anonymous so people actually speak up. Then a human (your EHS coordinator) decides what's real and what it's called before it ever hits the official log.

What you'll build

A two-sided tool:

  • The public intake side - a fast, mobile-first form behind a QR code. No login. A worker scans the code posted in their area, the form already knows where they are, and they tap through: what happened, when, how bad, a photo, and an optional "report anonymously" toggle. Submit. Done in under a minute.
  • The gated staff side - a private, login-only triage queue. Your EHS coordinator reviews each raw report, confirms or corrects the category and severity, and approves it. Only on approval does it become an official logged incident with a reference number. Raw reports never auto-post to the register.

When an incident is logged, the reporter (if they left contact info) gets a Resend acknowledgment, and managers get an alert - with high-severity incidents routed louder and faster than minor ones. At any time you can export the register as a CSV in exactly the columns your existing incident log expects.

What's inside the Implementation Plan

A complete, paste-and-go runbook written for a non-coder. You drop the whole thing into Claude Code and it builds the tool with you, step by step.

It starts by interviewing you about your business. This is the part that makes it yours and not a generic template. Before writing a line of code, the plan has the AI ask about your actual sites and areas, your real incident categories, how you grade severity, who needs to be alerted at each level, what your reference numbers look like, and the exact shape of the incident log you export to. It reads a short tailored spec back to you, you confirm it, and only then does it build - so the dropdowns, the severity scale, the routing rules, and the export columns all match how you already work.

Also inside:

  • Generating a printable QR code per location, each one pre-tagged with its area.
  • The mobile intake form with photo capture and the anonymous toggle.
  • The Supabase data model, file storage for photos, and row-level security.
  • The triage queue with the human approval gate and reference-number assignment.
  • Resend acknowledgments plus severity-based manager alert routing.
  • Duplicate guards for a short window of identical submissions.
  • The CSV export in your incident-log format, and a "No API yet?" fallback so the whole thing works today with just a Sheet.

The governance it includes (this is the point)

This isn't a toy form - it's an auditable system, and the controls are baked in:

  • Login for the team. The intake form is open (that's the point of a QR on a wall), but the triage queue, the register, and exports are all behind authentication.
  • Row-level security. People only ever see their own organization's data - the database enforces it, not just the screen.
  • A complete audit trail. Who triaged what, who changed a severity, who approved it, and exactly when.
  • A hard human-in-the-loop gate. The AI can suggest a category, but a person reviews, edits, and approves before anything lands on the official register.
  • Duplicate guards. The same report fired twice (double-tap, flaky signal) won't create two incidents.

Who it's for

EHS managers, safety coordinators, and supervisors who want frontline staff to actually report instead of staying silent - and who need the resulting log to stand up to an audit. If you run a plant, a warehouse, a construction site, a clinic, or any multi-area operation where near-misses go unreported, this is for you. No developer required.

You've got this - paste the first prompt and let the interview tailor it to your site.

Gated download

Enter your email — the plan downloads instantly and a copy lands in your inbox.

By submitting your email you'll also receive the weekly runbookify newsletter. You can unsubscribe at any time.