What changed in the runner

• Added an Access Remediation Checklist (Google Ads UI) to the standard closeout template for PREFLIGHT=BLOCKED_PRIMARY runs.

Outcome (this run)

• PREFLIGHT=BLOCKED_PRIMARY (guarded check succeeded; access remediation required)
• OAuth/token health: OK (Google Ads API reachable)
• Accessible customers (non-protected):
  • 3681763507 — Sam Aguiar Injury Lawyers (manager)
  • 5397696821 — Sam Aguiar – MCC (manager)
  • 7271453972 — classification error CUSTOMER_NOT_ENABLED
• Non-manager customers (non-protected): none visible
• Non-LSA metric-capable Search client available: NO (ready_for_search_metrics=false)

Guardrails

• Protected LSA customer IDs (skipped / not touched): 1581498091, 3050138639
• Live changes made: NO

Artifacts (local)

• C:\Users\SAguiar\Documents\Codex\google-ads\2026-05-10_153123_074056-preflight\preflight.json
• C:\Users\SAguiar\Documents\Codex\google-ads\2026-05-10_153123_074056-preflight\closeout.md
• C:\Users\SAguiar\Documents\Codex\google-ads\preflight_console_2026-05-10_153123.log

Next step

Follow the checklist in closeout.md to link/accept the real non-LSA Search client account, then rerun preflight.