Legal-protection incident documentation system that guides small business owners through compliant HR reporting to prevent wrongful termination lawsuits
Built for: Small business owners with 5-20 employees, no dedicated HR staff, in high-turnover or high-risk industries (retail, restaurants, construction, trades)
π Live Demo β’ π¦ GitHub β’ π Report Bug β’ π‘ Request Feature
This MVP was autonomously generated by MVP Factory v11 using a free-tier AI API (NVIDIA / Kimi K2.5). Simple logic runs for real. Complex external dependencies are stubbed so the app always works.
| Layer | What it does |
|---|---|
| β Frontend UI | Fully interactive β forms submit, responses render, auth guard works |
| β Input validation | Every API route checks required fields, returns 400 on bad input |
| β Calculations & scoring | Algorithms (risk scores, percentages, rankings, text analysis) run in pure TypeScript |
| β Rule-based logic | Classification, tier detection, flag rules β all real code |
| β Auth flow | Email+password client validation β localStorage token β dashboard guard |
| Feature | Current State | Why it's stubbed | How to fix it |
|---|---|---|---|
| ποΈ Database persistence | In-memory arrays (resets on restart) | No DB provisioned in free tier | See Step 1 below |
| π€ AI/LLM responses | Hardcoded plausible strings | NVIDIA free API has strict rate limits during bulk builds | See Step 2 below |
| π Real authentication | localStorage demo token | No JWT/session infra provisioned | See Step 3 below |
| π§ Email / notifications | Logged + returns {sent: true} |
No email service configured | See Step 4 below |
| π³ Payments | Returns demo status | Stripe not configured | See Step 5 below |
# Option A: Supabase (Postgres, free tier)
npm install @supabase/supabase-js
# In each route: import { createClient } from '@supabase/supabase-js'
# Replace the mock array with: const { data } = await supabase.from('table').select()
# Option B: PlanetScale (MySQL, free tier)
npm install @planetscale/databaseLook for
// TODO: replace with DBcomments insrc/app/api/**/route.ts
// In any API route, replace the hardcoded AI string with:
const res = await fetch('https://integrate.api.nvidia.com/v1/chat/completions', {
method: 'POST',
headers: { 'Authorization': `Bearer ${process.env.NVIDIA_API_KEY}`,
'Content-Type': 'application/json' },
body: JSON.stringify({
model: 'moonshotai/kimi-k2.5',
messages: [{ role: 'user', content: yourPrompt }],
max_tokens: 1024
})
});
const { choices } = await res.json();
return NextResponse.json({ result: choices[0].message.content });Add
NVIDIA_API_KEY=your_keyto.env.local
npm install next-auth
# 1. Create src/app/api/auth/[...nextauth]/route.ts with your provider
# 2. Replace localStorage.setItem("auth_token",...) in auth/page.tsx with signIn()
# 3. Replace localStorage.getItem("auth_token") in dashboard/page.tsx with useSession()npm install resend
# Replace the { sent: true } mock in notification routes with:
# await resend.emails.send({ from: 'you@domain.com', to: email, subject, html })npm install stripe @stripe/stripe-js
# Replace demo payment routes with real Stripe checkout sessionsAll the UI is already wired up. Every form already calls the right API route. You only need to swap the stubbed returns for real implementations.
Small business owners lack HR infrastructure and legal knowledge to properly document employee misconduct, theft, or safety violations, exposing them to expensive wrongful termination litigation and regulatory penalties
- β Fear of wrongful termination lawsuits costing $50k+
- β Uncertainty about what legally constitutes 'documentation'
- β No budget for HR consultant ($150-300/hr)
- β Previous bad experiences with problem employees they couldn't fire properly
- β Anxiety about unemployment claims and regulatory audits
Jurisdiction-aware incident wizard with conditional branching logic that adapts questions based on incident type (theft/misconduct/safety) and state-specific legal requirements
Legally-compliant PDF report generator with embedded digital signatures, witness statement attachments, and tamper-evident audit trails
Compliance validation engine that scans documentation for missing legal elements (dates, witnesses, prior warnings) before allowing report finalization
Corrective action plan builder with severity-based disciplinary templates and progressive discipline tracking linked to incident history
Secure evidence portal with time-stamped photo/video uploads and chain-of-custody documentation for theft or safety incidents
Attorney-ready export formatter that packages incidents into legal-standard documentation bundles for outside counsel review
Employee history dashboard showing prior incidents, warnings, and performance patterns to establish documentation patterns for termination decisions
A step-by-step breakdown of how each feature is built. Use this as your dev roadmap.
π₯ 1. Jurisdiction-aware incident wizard with conditional branching logic that adapts questions based on incident type
What it does: Jurisdiction-aware incident wizard with conditional branching logic that adapts questions based on incident type (theft/misconduct/safety) and state-specific legal requirements
How to implement:
| Step | What to do |
|---|---|
| 1. API Route | Create src/app/api/jurisdiction-aware-incident-wizard-with-conditional-branching-logic-that-adapts-questions-based-on-incident-type/route.ts with a POST handler |
| 2. Input Schema | Accept { userId?, ...featureParams } in the request body |
| 3. Server Logic | Process the request, call external APIs if needed, return JSON |
| 4. UI Component | Create src/components/JurisdictionawareincidentwizardwithconditionalbranchinglogicthatadaptsquestionsbasedonincidenttypeSection.tsx |
| 5. Wire up | Call /api/jurisdiction-aware-incident-wizard-with-conditional-branching-logic-that-adapts-questions-based-on-incident-type from the component using fetch on form submit |
Potential enhancements:
- β‘ Cache repeated lookups with
unstable_cacheor Redis - π Add rate limiting to
/api/jurisdiction-aware-incident-wizard-with-conditional-branching-logic-that-adapts-questions-based-on-incident-type(e.g. Upstash Ratelimit) - π± Make the UI section responsive-first (mobile breakpoints)
- π Log feature usage to analytics (Plausible / PostHog)
- π§ͺ Add an integration test for the API route
β‘ 2. Legally-compliant PDF report generator with embedded digital signatures, witness statement attachments, and tamper-evident audit trails
What it does: Legally-compliant PDF report generator with embedded digital signatures, witness statement attachments, and tamper-evident audit trails
How to implement:
| Step | What to do |
|---|---|
| 1. API Route | Create src/app/api/legally-compliant-pdf-report-generator-with-embedded-digital-signatures-witness-statement-attachments-and-tamper-evident-audit-trails/route.ts with a POST handler |
| 2. Input Schema | Accept { userId?, ...featureParams } in the request body |
| 3. Server Logic | Process the request, call external APIs if needed, return JSON |
| 4. UI Component | Create src/components/LegallycompliantPDFreportgeneratorwithembeddeddigitalsignatureswitnessstatementattachmentsandtamperevidentaudittrailsSection.tsx |
| 5. Wire up | Call /api/legally-compliant-pdf-report-generator-with-embedded-digital-signatures-witness-statement-attachments-and-tamper-evident-audit-trails from the component using fetch on form submit |
Potential enhancements:
- β‘ Cache repeated lookups with
unstable_cacheor Redis - π Add rate limiting to
/api/legally-compliant-pdf-report-generator-with-embedded-digital-signatures-witness-statement-attachments-and-tamper-evident-audit-trails(e.g. Upstash Ratelimit) - π± Make the UI section responsive-first (mobile breakpoints)
- π Log feature usage to analytics (Plausible / PostHog)
- π§ͺ Add an integration test for the API route
What it does: Compliance validation engine that scans documentation for missing legal elements (dates, witnesses, prior warnings) before allowing report finalization
How to implement:
| Step | What to do |
|---|---|
| 1. API Route | Create src/app/api/compliance-validation-engine-that-scans-documentation-for-missing-legal-elements/route.ts with a POST handler |
| 2. Input Schema | Accept { userId?, ...featureParams } in the request body |
| 3. Server Logic | Process the request, call external APIs if needed, return JSON |
| 4. UI Component | Create src/components/CompliancevalidationenginethatscansdocumentationformissinglegalelementsSection.tsx |
| 5. Wire up | Call /api/compliance-validation-engine-that-scans-documentation-for-missing-legal-elements from the component using fetch on form submit |
Potential enhancements:
- β‘ Cache repeated lookups with
unstable_cacheor Redis - π Add rate limiting to
/api/compliance-validation-engine-that-scans-documentation-for-missing-legal-elements(e.g. Upstash Ratelimit) - π± Make the UI section responsive-first (mobile breakpoints)
- π Log feature usage to analytics (Plausible / PostHog)
- π§ͺ Add an integration test for the API route
π 4. Corrective action plan builder with severity-based disciplinary templates and progressive discipline tracking linked to incident history
What it does: Corrective action plan builder with severity-based disciplinary templates and progressive discipline tracking linked to incident history
How to implement:
| Step | What to do |
|---|---|
| 1. API Route | Create src/app/api/corrective-action-plan-builder-with-severity-based-disciplinary-templates-and-progressive-discipline-tracking-linked-to-incident-history/route.ts with a POST handler |
| 2. Input Schema | Accept { userId?, ...featureParams } in the request body |
| 3. Server Logic | Process the request, call external APIs if needed, return JSON |
| 4. UI Component | Create src/components/CorrectiveactionplanbuilderwithseveritybaseddisciplinarytemplatesandprogressivedisciplinetrackinglinkedtoincidenthistorySection.tsx |
| 5. Wire up | Call /api/corrective-action-plan-builder-with-severity-based-disciplinary-templates-and-progressive-discipline-tracking-linked-to-incident-history from the component using fetch on form submit |
Potential enhancements:
- β‘ Cache repeated lookups with
unstable_cacheor Redis - π Add rate limiting to
/api/corrective-action-plan-builder-with-severity-based-disciplinary-templates-and-progressive-discipline-tracking-linked-to-incident-history(e.g. Upstash Ratelimit) - π± Make the UI section responsive-first (mobile breakpoints)
- π Log feature usage to analytics (Plausible / PostHog)
- π§ͺ Add an integration test for the API route
π 5. Secure evidence portal with time-stamped photo/video uploads and chain-of-custody documentation for theft or safety incidents
What it does: Secure evidence portal with time-stamped photo/video uploads and chain-of-custody documentation for theft or safety incidents
How to implement:
| Step | What to do |
|---|---|
| 1. API Route | Create src/app/api/secure-evidence-portal-with-time-stamped-photo-video-uploads-and-chain-of-custody-documentation-for-theft-or-safety-incidents/route.ts with a POST handler |
| 2. Input Schema | Accept { userId?, ...featureParams } in the request body |
| 3. Server Logic | Process the request, call external APIs if needed, return JSON |
| 4. UI Component | Create src/components/SecureevidenceportalwithtimestampedphotovideouploadsandchainofcustodydocumentationfortheftorsafetyincidentsSection.tsx |
| 5. Wire up | Call /api/secure-evidence-portal-with-time-stamped-photo-video-uploads-and-chain-of-custody-documentation-for-theft-or-safety-incidents from the component using fetch on form submit |
Potential enhancements:
- β‘ Cache repeated lookups with
unstable_cacheor Redis - π Add rate limiting to
/api/secure-evidence-portal-with-time-stamped-photo-video-uploads-and-chain-of-custody-documentation-for-theft-or-safety-incidents(e.g. Upstash Ratelimit) - π± Make the UI section responsive-first (mobile breakpoints)
- π Log feature usage to analytics (Plausible / PostHog)
- π§ͺ Add an integration test for the API route
π€ 6. Attorney-ready export formatter that packages incidents into legal-standard documentation bundles for outside counsel review
What it does: Attorney-ready export formatter that packages incidents into legal-standard documentation bundles for outside counsel review
How to implement:
| Step | What to do |
|---|---|
| 1. API Route | Create src/app/api/attorney-ready-export-formatter-that-packages-incidents-into-legal-standard-documentation-bundles-for-outside-counsel-review/route.ts with a POST handler |
| 2. Input Schema | Accept { userId?, ...featureParams } in the request body |
| 3. Server Logic | Process the request, call external APIs if needed, return JSON |
| 4. UI Component | Create src/components/AttorneyreadyexportformatterthatpackagesincidentsintolegalstandarddocumentationbundlesforoutsidecounselreviewSection.tsx |
| 5. Wire up | Call /api/attorney-ready-export-formatter-that-packages-incidents-into-legal-standard-documentation-bundles-for-outside-counsel-review from the component using fetch on form submit |
Potential enhancements:
- β‘ Cache repeated lookups with
unstable_cacheor Redis - π Add rate limiting to
/api/attorney-ready-export-formatter-that-packages-incidents-into-legal-standard-documentation-bundles-for-outside-counsel-review(e.g. Upstash Ratelimit) - π± Make the UI section responsive-first (mobile breakpoints)
- π Log feature usage to analytics (Plausible / PostHog)
- π§ͺ Add an integration test for the API route
π 7. Employee history dashboard showing prior incidents, warnings, and performance patterns to establish documentation patterns for termination decisions
What it does: Employee history dashboard showing prior incidents, warnings, and performance patterns to establish documentation patterns for termination decisions
How to implement:
| Step | What to do |
|---|---|
| 1. API Route | Create src/app/api/employee-history-dashboard-showing-prior-incidents-warnings-and-performance-patterns-to-establish-documentation-patterns-for-termination-decisions/route.ts with a POST handler |
| 2. Input Schema | Accept { userId?, ...featureParams } in the request body |
| 3. Server Logic | Process the request, call external APIs if needed, return JSON |
| 4. UI Component | Create src/components/EmployeehistorydashboardshowingpriorincidentswarningsandperformancepatternstoestablishdocumentationpatternsforterminationdecisionsSection.tsx |
| 5. Wire up | Call /api/employee-history-dashboard-showing-prior-incidents-warnings-and-performance-patterns-to-establish-documentation-patterns-for-termination-decisions from the component using fetch on form submit |
Potential enhancements:
- β‘ Cache repeated lookups with
unstable_cacheor Redis - π Add rate limiting to
/api/employee-history-dashboard-showing-prior-incidents-warnings-and-performance-patterns-to-establish-documentation-patterns-for-termination-decisions(e.g. Upstash Ratelimit) - π± Make the UI section responsive-first (mobile breakpoints)
- π Log feature usage to analytics (Plausible / PostHog)
- π§ͺ Add an integration test for the API route
User Request
β
βΌ
Next.js Edge βββΊ API Route βββΊ Business Logic βββΊ Data Store
β β
React UI βββββββββββββββββββ Response / JSON
β
Real-time UI Update
| Attribute | Details |
|---|---|
| Audience | Small business owners with 5-20 employees, no dedicated HR staff, in high-turnover or high-risk industries (retail, restaurants, construction, trades) |
| Tech Level | π‘ Medium |
| Pain Level | High |
| Motivations | Protect personal/business assets from litigation β’ Create legally defensible paper trails |
| Price Willingness | medium |
MVP Factory Validation Report β 2026-03-04
βββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β
PASS Market Demand ββββββββββ 8/10
β
PASS Competition Gap ββββββββββ 8/10
β
PASS Technical Feasibility ββββββββββ 9/10
β
PASS Monetization Potential ββββββββββ 7/10
β
PASS Audience Fit ββββββββββ 9/10
βββββββββββββββββββββββββββββββββββββββββββββββββββββ
OVERALL SCORE ββββββββββ 8.2/10
VERDICT π’ BUILD β Strong market opportunity
TESTS PASSED 5/5
βββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Why this works: Strong Reddit validation (732 upvotes, 678 comments) proves acute demand. Clear blue ocean: existing HR tools target enterprise or are generic templates without legal guardrails. High-stakes B2B problem justifies SaaS pricing ($39-49/month) as 'legal insurance.' Technical implementation straightforward with document generation libraries. Main risk is sporadic usage (incidents are rare), but retention solved by positioning as 'always-ready compliance vault' and adding employee record-keeping features for ongoing use.
Unique angle: π‘ Legal guardrails approach: Unlike template libraries, this actively prevents legal mistakes by enforcing documentation standards in real-time during emotional/stressful incidents, specifically designed for non-HR small business owners
Competitors analyzed: BambooHR (expensive, complex enterprise features, not incident-focused), LegalZoom (static templates only, no guidance or validation), HRdirect/SmartBiz (compliance forms without interactive guidance or state-specific logic)
Next.js 14 App Router + TypeScript + TailwindCSS + Lucide-react
| Layer | Technology | Purpose |
|---|---|---|
| π₯οΈ Frontend | Next.js 14 App Router | React framework |
| π¨ Styling | TailwindCSS | Utility-first CSS |
| π Backend | Next.js API Routes | Serverless endpoints |
| πΎ Data | Server-side logic | Business processing |
| π Deploy | Vercel | Edge deployment |
# Clone & install
git clone https://github.com/guyromb/shieldhr.git
cd shieldhr
npm install
# Start development
npm run dev
# β http://localhost:3000
# Build for production
npm run build
npm start# Add your keys here
NEXT_PUBLIC_APP_NAME=ShieldHR| Signal | Data |
|---|---|
| π΄ Problem Severity | High |
| π Market Demand | 8/10 |
| π Competition Gap | 8/10 β Blue ocean π |
| π° Monetization | 7/10 |
| π― Model | π³ Paid Subscription |
| π£ Source | reddit community signal |
Contributions are welcome! Here's how:
- Fork the repo
- Create your branch:
git checkout -b feature/amazing-feature - Commit:
git commit -m 'Add amazing feature' - Push:
git push origin feature/amazing-feature - Open a Pull Request
MIT License β see LICENSE for details.
Discovered from reddit Β· Built 2026-03-04 Β· Powered by MVP Factory v11
Autonomously researched, validated & generated β zero human code written