Built in public

What we're waiting on.

The same list that lives at the top of our repo. Every blocker has a priority, what it unblocks, and what we need to clear it. When it's done, it moves to the "Done" section at the bottom.

Canonical source: BLOCKERS.md in the repo.

Open

Google Places API key High

A Google Cloud project with Places API (New) enabled and an API key restricted to *.franchisefrontline.com/*.

Goes in Cloudflare Pages env as GOOGLE_PLACES_API_KEY. Unblocks /api/franchise-discover and the pre-sale "show me your locations" pitch moment.

Google OAuth client (Business Profile) High

OAuth 2.0 client ID + secret on the same Google Cloud project, with business.manage scope and the consent screen verified for the franchisefrontline.com domain.

Goes in env as GOOGLE_OAUTH_CLIENT_ID and GOOGLE_OAUTH_CLIENT_SECRET. Unblocks the real per-operator review backfill via Business Profile API.

SendGrid High

SendGrid account with a Mail Send API key and a verified franchisefrontline.com sender domain.

Goes in env as SENDGRID_API_KEY, LEAD_TO, LEAD_FROM, LEAD_FROM_NAME. Unblocks the lead form, passwordless email OTP, escalation alerts, weekly recap.

Twilio (with A2P 10DLC) Medium

Twilio account, auth token, and a US long code registered for A2P 10DLC. Brand + two campaigns (OTP, alerts) submitted for carrier vetting.

Goes in env as TWILIO_ACCOUNT_SID, TWILIO_AUTH_TOKEN, TWILIO_FROM_NUMBER. Email is the fallback for SMS-dependent flows in the meantime.

Cloudflare KV namespace `AUTH_CODES` Medium

A KV namespace bound to the Pages project for passwordless OTP storage (10-minute TTL per code).

Bind under Cloudflare Pages -> Settings -> Functions -> KV namespace bindings, variable name AUTH_CODES.

Cloudflare D1 database `FF_DB` Medium

A D1 database bound to the project. Schema in migrations/0001_init.sql.

Run the migration via wrangler d1 execute franchisefrontline --file=./migrations/0001_init.sql. Bind variable name FF_DB. Unblocks every persistence feature (real reviews, escalations, OAuth tokens, settings).

`SESSION_SECRET` and `DEV_BYPASS_KEY` Low

Two 32+ character random strings. SESSION_SECRET goes everywhere; DEV_BYPASS_KEY only on the preview / staging environment.

Generate with openssl rand -base64 48. Paste into env. Done.

Stripe Later

Stripe account + Pricing catalog matching the three SKUs in /pricing.html + webhook secret.

Deferred until the first real customer is ready to enter a card.

RMCF reference permission Process

Written OK from Rocky Mountain Chocolate Factory to (a) name them privately on sales calls, (b) eventually appear as a public customer.

Asked during the pilot review. Currently cited anonymously as "a 200-location specialty retail chain."

Done

When something comes off the list, it lands here with a date.

(empty for now)

Why this is public.

If a vendor can't articulate what they're stuck on, they're not being honest with you about progress. This is what we're stuck on. Want to help one of these along, or you have a question about an item? Email us.