Date: 2026-04-07 | Status: Ready for Phase 0 + MVP Launch
✅ Complete AI Accounting Engine
- Next.js 15 + React 19 + Prisma + PostgreSQL
- 4 LLM providers (Gemini, OpenAI, Mistral, OpenRouter) with failover
- Indian GST features: GSTR-1, GSTR-3B, GST calculator, GSTIN/PAN validation
- Receipt-to-database: Upload photo/PDF → AI extraction → structured DB
- Agent API: 9 REST endpoints for external integration
- pgvector embeddings for semantic search + duplicate detection
- Docker deployment on OVH VPS
Maturity: ~85% complete. Phase 3 (market readiness) done. All core features working.
🔴 Immutable Audit Trail — Required by Companies Act 2023. Penalty: ₹5L + imprisonment 🔴 Encryption at Rest — Required by DPDP Act 2023. Penalty: ₹250Cr + prosecution 🔴 Privacy Policy + Consent — Required by DPDP Act 2023. Penalty: ₹200Cr
Time to fix: 4-5 days
🟡 Data Localization — Move VPS to India (RBI mandate) 🟡 Incident Response Plan — CERT-In 6-hour reporting requirement 🟡 Security Hardening — Rate limits, CSRF, XSS prevention
Time to fix: 3-4 days
⚪ GSTR-3B automation (complex but not required for MVP) ⚪ Tally XML export (users want it, not essential) ⚪ Multi-currency (INR only for Phase 1) ⚪ Dashboards (CSV exports are fine for now)
Vision: TaxHacker Claw Edition — "Always-On AI Accountant"
Phase 1 (Weeks 1-4): Lodhi Realty internal use → ₹5K/mo service revenue
Phase 2 (Months 2-3): WhatsApp/Telegram conversational wrapper (nano-Claw)
Phase 3 (Months 4-6): Publish @taxhacker/india-tax npm package (B2B)
Phase 4 (Months 6+): Enterprise Claw wrapper for CA firms (multi-tenant)
Business Model:
- Service-first: Hire bookkeeper (₹15K/mo) → serve 5 customers at ₹5K each → ₹10K margin per customer
- Scale to ₹1L/month revenue by month 4 (20 customers × ₹5K)
- Then productize the Claw layer for 100X impact
- Day 1-2: Add immutable audit trail
- Day 2-3: Add encryption at rest (API keys, bank details)
- Day 4: Privacy policy + consent modal
- Day 5: Incident response plan + data retention policy
- Day 1-2: Rate limiting on all endpoints
- Day 3: CSRF token validation + XSS hardening
- Monday: Deploy to Lodhi Realty, begin service
- By Friday: First ₹5K invoice sent
- Week 1: Design Claw integration (WhatsApp/Telegram)
- Week 2: Implement conversational interface
- Week 3: Deploy, test with Lodhi
MVP for First Customer (Lodhi Realty):
✅ Receipt upload → AI extraction → structured DB
✅ GSTR-1 report generation + export
✅ Manual CSV export for CA
✅ Single-user hardcoded login
❌ Custom fields (ship later)
❌ Multi-currency (INR only)
❌ GSTR-3B automation (Phase 2)
❌ Dashboards (use Excel instead)
❌ Multi-tenant support
MVP Time: 2 weeks (Phase 0: 1 week, Deploy: 1 week)
MVP Revenue: ₹5K/month from Lodhi
| Item | Time | Effort | Revenue | Blocker? |
|---|---|---|---|---|
| Phase 0 (Legal) | 1 week | 4-5 days | No | YES |
| Phase 1 (Security) | 0.5 week | 3-4 days | No | No |
| Deploy MVP | 0.5 week | 2-3 days | ₹5K/mo | No |
| Phase 2 (Claw) | 1 week | 5-7 days | 10X UX | No |
| Phase 3 (npm package) | 0.5 week | 2-3 days | B2B moat | No |
| Total to ₹1L/mo | 3-4 months | ~6-7 weeks of work | ₹1L | No |
- No audit trail: ₹50K-₹5L fine + imprisonment ← MUST FIX BEFORE REAL USERS
- No encryption: ₹250Cr fine + criminal prosecution ← MUST FIX BEFORE REAL USERS
- No privacy policy: ₹200Cr fine ← SHOULD FIX BEFORE REAL USERS
- Rate limiting: DDoS attacks possible (mitigated by single-user MVP)
- SQL injection: Prisma ORM prevents most, but audit needed
- XSS: React auto-escapes by default, but review needed
- Bookkeeper not available: Hire freelancer instead (higher cost, less sticky)
- Lodhi says no: Pivot to accountants or freelancers (same service, different customer)
- Market doesn't care: You still own working software. Shelve + try next idea.
- Week 1: Fix audit trail + encryption + privacy (4-5 days)
- Week 2: Security hardening (3-4 days)
- Week 3: Deploy to Lodhi, begin service
- Result: Fully compliant, ₹5K/mo revenue, low legal risk
Timeline: 3 weeks to revenue
- Monday: Ship MVP to Lodhi (skip Phase 0)
- Week 2: Add audit trail + encryption (catch up)
- Week 3: Lodhi paying, issues fixed
- Result: Revenue faster, but legal liability until Phase 0 complete
Timeline: 1 week to revenue, then 1 week to compliance
- Mon-Wed: Add audit trail + encryption (2-3 days)
- Thu-Fri: Deploy MVP to Lodhi
- Week 2: Add privacy + security hardening
- Result: Core compliance done, some polish deferred
Timeline: 2 weeks to revenue
→ Option C (Hybrid): Spend 2-3 days on audit trail + encryption, then ship.
→ Option A (Safe): Spend 1 week fixing everything, ship complete & compliant.
→ Option A (Safe): This is the professional move.
→ Option B (Fast): Ship Monday, fix compliance by Friday.
COMPLIANCE_AUDIT.md— What's broken legally, how to fix it, timelineREVENUE_ROADMAP.md— How to get to ₹1L/month, customer acquisition, pricingCLAW_INTEGRATION_ARCHITECTURE.md— How WhatsApp/Telegram wrapper works (Phase 2)
TaxHacker is 85% done and ready to make money. You're not building anymore; you're hardening + shipping.
The missing 15% is:
- 5% compliance work (audit trail, encryption)
- 5% security review (rate limits, CSRF)
- 5% polish (tests, edge cases)
Do the compliance work first. It's non-negotiable. Then deploy and start getting paid.
- ✅ Read COMPLIANCE_AUDIT.md (understand what's blocking)
- ✅ Read REVENUE_ROADMAP.md (understand the money path)
- 🔜 Call Adi today (confirm Lodhi is anchor customer + deadline)
- 🔜 Choose Option A/B/C above (timeline decision)
- 🔜 Create pull request with Phase 0 fixes (audit trail + encryption)
- 🔜 Deploy Monday to taxhacker-lodhi.lodhirealestatebuildwell.in
- 🔜 Invoice Friday for ₹5,000/month service
That's it. Execution mode.
Generated by multi-agent analysis | All supporting docs at /TaxHacker/