Show HN: VetRx Ledger — DEA-Aligned C-II Logbook for Veterinary Hospitals

Post Text (copy-paste ready)

Show HN: VetRx Ledger — DEA-Aligned Controlled Substance Logbook for Vet Hospitals

Live: https://grantshelf.com
Source + research: https://github.com/limalabs-eng/openclaw-workspace/tree/main/startup-109-vetrx-ledger-hbs-style-customer-discovery-validati

---

After 50+ interviews with veterinary practice managers, lead technicians, and corporate ops directors, I found a consistent problem: multi-DVM hospitals are recording C-II controlled substances on paper binders or in EMR modules that technically exist but don't actually enforce DEA requirements.

The specific failures I kept hearing:
- No dual-witness enforcement on waste events
- No running balance between month-end reconciliation cycles
- No chain-of-custody that would hold up in a DEA audit
- Paper logs scanned and filed 2-3 hours after the fact

The DEA requires (21 CFR §1304.04) that all dispensing events for Schedule II-V substances be recorded at time of transaction with the administering practitioner's name, drug, dose, and patient. Multi-DVM hospitals with high C-II throughput (ketamine, butorphanol, hydromorphone, etc.) are exposed.

What I built:
- Under 20-second event entry for DRAW/WASTE/REVERSAL/BLIND COUNT
- Dual-witness enforcement: waste events require a cryptographically-signed one-time witness token (distinct user, 10-minute expiry)
- GS1 barcode + Tesseract OCR lot/NDC/expiry capture, client-side WASM, works offline
- SHA-256 hash-chained audit trail with exportable chain-of-custody JSON/CSV
- Monthly reconciliation + DEA-106 draft PDF with AI-generated anomaly narrative
- EMR-agnostic CSV import (AVImark, Cornerstone, ezyVet, Shepherd)
- Offline-first PWA (Service Worker + IndexedDB) — network outages don't stop recording
- 465 E2E Playwright tests, all passing

Stack: Next.js 15 App Router, TypeScript, Vercel, Supabase, Stripe, pdf-lib (pure JS), Anthropic Claude via Vercel AI Gateway, WebAuthn hardware e-sign.

Pricing: Solo $49/mo, Multi-Location $149/mo, Enterprise $499/mo.

Happy to discuss the technical choices — especially the decision to use pdf-lib over pdfkit (pdfkit breaks Turbopack builds on Vercel even with serverExternalPackages), and the dual-witness token design.

Maker Comment (top comment after submission)

A few things that surprised me during customer discovery:

1. The "good enough" trap: Every practice I talked to had something. AVImark has a C-II log module. Cornerstone has one too. But they all said the same thing: "It doesn't enforce anything." The module accepts the entry, but there's no system check that a second person actually witnessed the waste. That's a DEA audit liability.

2. Offline is table stakes, not a feature: Vet hospitals have spotty wifi in treatment rooms. I had initially planned a simple SaaS with no offline mode. Every tech I interviewed immediately asked "what happens when the internet goes down?" The PWA + IndexedDB queue became non-negotiable.

3. The DEA-106 is the pain point, not the daily log: Day-to-day, techs don't think about compliance. Month-end, when someone has to produce a DEA-106 for a theft/loss, is when the paper system completely falls apart. The reconciliation PDF + pre-filled DEA-106 draft is what gets practice managers excited.

4. Corporate groups are the real buyer: Solo practices are pain-tolerant. Multi-location groups ($149/mo) and corporate chains ($499/mo) with compliance officers who've been through a DEA audit — those are the ones with actual budget and urgency.

I'm happy to share the full research corpus (coded interview quotes, journey map, persona hierarchy, competitor matrix) if anyone wants to dig in.

Key facts for discussion

Related Links