Internal · Recovery Roadmap

Mi Local Trades — Recovery Roadmap

A staged plan to recover ownership and editability of the platform — delivered as three sequential contracts: Web, then Android, then iPhone.

Date 1 June 2026 Status Backup complete · recovery viable

What stays, what we recover, what we rebuild

The databases, backend functions, and services are live and working — they stay exactly where they run. This is not a migration. The previous developer's source code sits in a private GitHub account no one but he can release, so the realistic plan assumes we never get it: we recover what we can ourselves, and rebuild what's locked away.

Piece	Situation	Plan
Website	Source is readable in Vercel — we can reconstruct it ourselves	Recover from Vercel (no developer needed)
Lead & Job app	Only the compiled build exists; editable source is locked in the private repo	Rebuild to parity from the running app + recovered backend
Background services	Small; private repo, but behavior + data are known	Rebuild from behavior; payment proxy already recovered
Database, functions, media	Live and fully backed up	Keep running; change ownership + keys only

The three contracts

Contract 1Web + Web App

$600–1,200~$300–600 if dev releases app source

Goal: Website recovered and owned, web Lead & Job app rebuilt to parity and editable — both running on the existing live backend.

Recover the website from Vercel into a new repo the client owns; redeploy
Rebuild the web app to functional parity (its source is in a private repo we can't access)
Take ownership of the existing Supabase, Vercel, and Render accounts
Rotate the third-party keys (payments, SMS, email, push) in place — only the client holds them
Rebuild the background link/redirect service from behavior + recovered data
Remove the previous developer's access; handoff with docs, access inventory, walkthrough

Timeline ~3–6 weeks

Delivers Site recovered, app rebuilt & owned

Needs Owner sign-off

Contract 2Android

$250–500

Goal: Republish the Android app under the client's own Google Play account, built from the rebuilt shared codebase (Contract 1). Runs on the same backend.

Confirm the Android build runs against the existing live backend (no backend change)
Reset the Google Play upload key under the client's account (Play App Signing is enabled)
Build, sign, and republish the current app (build 107 / v2.4.2) under the client's account
Verify update flow, Google in-app purchases, and push notifications
Transfer Play Console ownership to the client

Timeline ~1 week

Delivers Android app, owned & updatable

Depends on Contract 1

Contract 3iPhone (iOS)

$300–600

Goal: An iOS version published under the client's Apple account, built from the same rebuilt codebase, on the same backend.

Build the iOS target from the recovered Flutter codebase
Set up the client's Apple Developer account + App Store Connect
Configure signing, provisioning, and Apple in-app purchases (backend handler already exists)
Submit and shepherd through App Store review; transfer ownership to the client

Timeline ~1–2 weeks

Delivers iOS app on the App Store

Depends on Contract 1 · client wants iOS

No iOS app exists today. Once the app is rebuilt in Contract 1, iOS is an additive target — the backend already handles Apple in-app purchases.

Why sequential

Each contract ends owned	The client owns a running, editable piece before committing to the next — lower risk, faster trust.
Web is the foundation	Backend, database, auth, and payments all sit behind the web layer — recover it first.
Mobile reuses the codebase	Android and iPhone come from the same Flutter codebase rebuilt in Contract 1, so they cost far less per platform than starting fresh.

Across all contracts

No migration — infrastructure stays where it runs; we recover/rebuild the code and change ownership + keys.
We can't access the developer's private GitHub — the app and the background worker are rebuilds, not transfers. The website is recovered from Vercel.
Ongoing infrastructure — ~$25–40/month, already on the client's accounts.
Optional retainer — $200/month for monitoring and changes after handoff.
Security hardening (add-on, any contract) — fix the open database access rules and hardcoded admin salt found during recovery: +$500–800.

Why the app is a rebuild, not a copy

The website's source is readable in Vercel, so we recover it ourselves. The app's editable source is not — it lives only as a compiled build, with the real source locked in the previous developer's private GitHub account that no one but he can release. So the app is rebuilt to parity from the running version and the recovered backend. If he ever volunteers that repository, the app becomes a recovery and the cost drops — but the plan does not depend on it.