# Human Inputs Checklist — GBP Dashboard > **📋 WHY THIS FILE EXISTS**: This is the ONLY file you need to fill in before Flash starts > building. It collects every piece of information that requires human knowledge (passwords, > emails, API keys). Flash reads this FIRST and uses the values here. Blank fields get sensible > defaults so the build never blocks. When you get Google credentials later, update this file > and tell Flash to continue — the values are absorbed seamlessly with zero code changes. > Everything marked `⬜ REQUIRED NOW` must be filled before Phase 0 can begin. > Everything marked `🟡 REQUIRED LATER` can be left blank — Flash will build with mock data and absorb these values when you provide them later. --- ## How This Works ```text ┌─────────────────────────────────────┐ │ YOU fill this file with values │ │ ↓ │ │ Flash reads this file FIRST │ │ ↓ │ │ Builds Phases 0–4 with mock data │ │ ↓ │ │ YOU provide Google credentials │ │ (update this file) │ │ ↓ │ │ Flash reads UPDATED file │ │ ↓ │ │ Builds Phase 5–6 with real data │ └─────────────────────────────────────┘ ``` ### Seamless Absorption Workflow When you provide values LATER (e.g., Google credentials after approval): 1. Open this file and fill in the blank fields 2. Copy the relevant values into `backend/.env` 3. Tell Flash: *"I've updated `human_inputs.md` with Google credentials. Proceed with Phase 5."* 4. Flash reads the updated values and continues building — no rework needed The system is designed so that **mock data → real data** is just a config toggle (`USE_MOCK_DATA=false`), not a code rewrite. --- ## SECTION 1: Database (⬜ REQUIRED NOW) These are needed before ANY code can run. | Field | Your Value | Notes | | --- | --- | --- | | PostgreSQL Host | `127.0.0.1` | Change if using remote DB | | PostgreSQL Port | `5432` | Default PostgreSQL port | | Database Name | `fenesta_db` | Already created? YES / NO | | DB Username | `postgres` | Your PostgreSQL username | | DB Password | `__________` | ⬜ **FILL THIS IN** | ### Action Required - Section 1 - [ ] Ensure PostgreSQL is installed and running - [ ] Create the database if it doesn't exist: ```sql CREATE DATABASE fenesta_db; ``` - [ ] Fill in DB Password above --- ## SECTION 2: Agency Admin Account (⬜ REQUIRED NOW) The first superuser account for Hashtag Orange. | Field | Your Value | Notes | | --- | --- | --- | | Admin Email | `admin@hashtagorang.in` | Change if needed | | Admin Full Name | `HO Admin` | Display name | | Temp Password | `Admin@123` | Will be forced to change on first login | ### Action Required - Section 2 - [ ] Confirm or change the admin email above - [ ] This account will be auto-seeded into the database --- ## SECTION 3: JWT Security (⬜ REQUIRED NOW) | Field | Your Value | Notes | | --- | --- | --- | | JWT Secret Key | `__________` | ⬜ **FILL THIS IN** — minimum 32 random characters | ### How to Generate a Good Secret Run this in Python: ```python import secrets print(secrets.token_urlsafe(48)) ``` Or just use a long random string like: `xK9mP2qL7vR4tY8wN3bJ6hF1cA5dG0eZ9sU2iO7pM4` ### Action Required - Section 3 - [ ] Generate and fill in the JWT Secret above --- ## SECTION 4: First Client — Fenesta (⬜ REQUIRED NOW) The first client you'll add through the agency dashboard. These details help Flash set up test data. | Field | Your Value | Notes | | --- | --- | --- | | Client Name | `Fenesta` | The brand name | | Client Contact Email | `__________` | ⬜ **FILL THIS IN** — email for the Fenesta admin user | | GBP Account ID | `__________` | 🟡 Can be added later (from Google Business Profile) | ### Action Required - Section 4 - [ ] Provide the email address that the Fenesta admin will use to log in --- ## SECTION 5: Dealer List (🟡 REQUIRED LATER — but helpful now) List all the dealers/locations that Fenesta manages. Flash will set up mock data for any dealers listed here, and connect them to real Google data once Section 7 is completed. | # | Dealer Name | City | State | Google Location ID | Contact Email | | --- | --- | --- | --- | --- | --- | | 1 | `__________` | `__________` | `__________` | `__________` | `__________` | | 2 | `__________` | `__________` | `__________` | `__________` | `__________` | | 3 | `__________` | `__________` | `__________` | `__________` | `__________` | | 4 | `__________` | `__________` | `__________` | `__________` | `__________` | | 5 | `__________` | `__________` | `__________` | `__________` | `__________` | > **Add more rows as needed.** ### Where to Find Google Location IDs 1. Go to `https://business.google.com` 2. Select the Fenesta account 3. Click on each location → the URL will contain something like `locations/12345678901234567` 4. The number after `locations/` is the Location ID ### What If I Don't Have These Yet? **No problem.** Flash will build the system with 3 dummy dealers. When you get real dealer info: 1. Fill in the table above 2. Tell Flash: *"I've added dealer details to `human_inputs.md`. Please seed them into the database."* 3. Flash will create the user accounts and dealer records --- ## SECTION 6: Google OAuth — User Login (🟡 REQUIRED LATER) This enables the "Sign in with Google" button. **Not needed for MVP** — email+password login works without this. | Field | Your Value | Notes | | --- | --- | --- | | Google Cloud Project ID | `__________` | From console.cloud.google.com | | OAuth Client ID | `__________` | From APIs & Services → Credentials | | OAuth Client Secret | `__________` | From APIs & Services → Credentials | | Authorized Redirect URI | `http://localhost:8000/api/auth/google/callback` | Pre-filled — change only if running on a different host/port | ### Steps to Get These Values 1. Go to `https://console.cloud.google.com` 2. Select or create a project 3. Go to **APIs & Services → OAuth consent screen** - App name: `GBP Dashboard` - User support email: your email - Add your email as a test user 4. Go to **APIs & Services → Credentials** - Click **Create Credentials → OAuth 2.0 Client ID** - Application type: **Web application** - Authorized redirect URI: `http://localhost:8000/api/auth/google/callback` 5. Copy Client ID and Client Secret into the table above ### What If I Skip This? **Nothing breaks.** The "Sign in with Google" button will show a friendly message: *"Google login not configured. Use email + password."* All users can still log in with their email and password. ### When Ready 1. Fill in the 3 fields above 2. Copy them into `backend/.env`: ```env GOOGLE_CLIENT_ID=your-client-id-here GOOGLE_CLIENT_SECRET=your-client-secret-here ``` 1. Tell Flash: *"I've added Google OAuth credentials. Enable the Google login flow."* --- ## SECTION 7: Google Business Profile API (🟡 REQUIRED LATER — LONGEST LEAD TIME) This is what connects the dashboard to REAL Google Business Profile data. **This has the longest lead time** — apply on Day 1 even if you're not ready for it yet. | Field | Your Value | Status | | --- | --- | --- | | GBP API Access Approved? | YES / NO | ⬜ Update when approved | | GCP Project Number | `__________` | From Google Cloud Console → Dashboard | | Service Account Email | `__________` | e.g., `gbp-dash@project.iam.gserviceaccount.com` | | Service Account JSON Key | `backend/service_account.json` | ⬜ Place the downloaded file here | | Fenesta GBP Manager Account | `__________` | The email that manages all Fenesta locations | ### Steps (DO STEP 1 ON DAY 1) #### Step 1 — Apply for API Access (DO THIS IMMEDIATELY) 1. Go to `https://developers.google.com/my-business/content/prerequisites` 2. You need a Google Business Profile that is verified and active for 60+ days 3. Submit the access request form with your GCP Project Number 4. **Wait for Google's approval email** (can take days to weeks) #### Step 2 — Enable APIs (after approval) Go to Google Cloud Console → APIs & Services → Library, and enable: - [ ] Business Profile Performance API - [ ] My Business Account Management API - [ ] My Business Business Information API - [ ] Google My Business API (for posts) #### Step 3 — Create Service Account 1. Go to **IAM & Admin → Service Accounts** 2. Create a service account (e.g., `gbp-dashboard`) 3. Create a key → Download JSON 4. Save as `backend/service_account.json` 5. Fill in the Service Account Email in the table above #### Step 4 — Grant Access 1. Go to `https://business.google.com` 2. Open the Fenesta organization settings 3. Add the Service Account email as a **Manager** 4. This gives the service account permission to read all location data ### Section 7.2: What If I Skip This? **The dashboard works perfectly with mock data.** All KPIs, charts, and views will show realistic simulated numbers. The only difference is the data isn't real. When ready: ### Section 7.3: Action Required - Section 7 - [ ] Complete Steps 1–4 above - [ ] Fill in the table - [ ] Place `service_account.json` in `backend/` - [ ] Tell Flash: *"Google API is approved. Service account is configured. Switch to real data."* - [ ] Flash will set `USE_MOCK_DATA=false` and run the first data sync --- ## SECTION 8: Deployment (🟡 FUTURE — Not Needed for Development) Only needed when you want to put this on a real server. | Field | Your Value | Notes | | --- | --- | --- | | Server IP / Domain | `__________` | Where you'll host this | | SSL Certificate | YES / NO | Needed for HTTPS | | Production DB Host | `__________` | If different from localhost | | Production DB Password | `__________` | Should be different from dev | | Allowed Frontend Origins | `__________` | For CORS config | --- ## Quick Reference: What Blocks What ```text ┌──────────────────────────────────────────────────────┐ │ BUILD PHASES │ ├──────────────────────────────────────────────────────┤ │ │ │ Section 1 (DB) ──────► Phase 0: Setup │ │ Section 2 (Admin) ──► Phase 0: Seed DB │ │ Section 3 (JWT) ─────► Phase 0: Config │ │ │ │ │ ▼ │ │ Phase 1: Auth System ◄── ALL ABOVE REQUIRED │ │ │ │ │ ▼ │ │ Section 4 (Client) ──► Phase 2: Agency Dashboard │ │ │ │ │ ▼ │ │ Section 5 (Dealers) ─► Phase 3: Client Dashboard │ │ │ Phase 4: Dealer Dashboard │ │ │ │ │ ─ ─ ─ ─ MOCK DATA LINE ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ │ │ │ │ │ Section 6 (OAuth) ───► "Sign in with Google" button │ │ (OPTIONAL — not blocking) │ │ │ │ │ Section 7 (GBP API) ─► Phase 5: Real Google Data │ │ (LONGEST WAIT — apply NOW) │ │ │ │ │ ▼ │ │ Section 8 (Deploy) ──► Phase 6: Production │ │ │ └──────────────────────────────────────────────────────┘ ``` --- ## Checklist Summary ### Fill These NOW (5 minutes) - [ ] Section 1: DB Password - [ ] Section 2: Confirm admin email (or change it) - [ ] Section 3: Generate and paste JWT Secret - [ ] Section 4: Fenesta contact email ### Do This TODAY (30 minutes) - [ ] Section 7, Step 1: Apply for Google GBP API access (longest wait) ### Fill These WHEN READY (no rush) - [ ] Section 5: Dealer names, cities, location IDs - [ ] Section 6: Google OAuth credentials - [ ] Section 7: Service account after API approval ### Fill These FOR PRODUCTION (future) - [ ] Section 8: Server details --- ## Instructions for Flash > **Dear Gemini Flash Agent:** > > 1. Read this file FIRST before starting any phase > 2. For fields marked `__________` — use the default/mock value and proceed > 3. For fields with actual values — use those exact values > 4. When the user says "I've updated human_inputs.md" — re-read this file and apply the new values > 5. NEVER ask the user for information that is already in this file > 6. If a value is blank AND there's no sensible default — tell the user which field in this file they need to fill > 7. Copy all filled values into `backend/.env` automatically > 8. All phases up to Phase 4 can proceed with blank Google sections (mock data) > 9. Phase 5 REQUIRES Section 7 to be complete — if blank, STOP and tell the user