Status

BLOCKED-ENV (day 2 of identical credential failure). OAuth refresh token in vault.env returns invalid_grant: Token has been expired or revoked. from oauth2.googleapis.com/token. Vault was last modified 2026-04-25 01:19 UTC; no rotation has happened since yesterday's BLOCKED-ENV report. The dedicated SAIL_GOOGLE_ADS_REFRESH_TOKEN and SAIL_GOOGLE_ADS_DEVELOPER_TOKEN for the cloud cutover are still missing.

What changed since 2026-04-26

Only one positive change: yesterday's Q3 recommendation (3-second OAuth pre-flight self-test) was implemented inline in this run. BLOCKED-ENV is now caught in <1s instead of ~30s. The change has not been committed back to the shared campaign_health script in the repo — that promotion is in this run's QA pack as Q2.

Everything else is identical: same token, same vault mtime, same shared-credential outage across three daily tasks.

Required to unblock (Path A — recommended, ~10 min)

1. On the Mac, run python3 generate_user_credentials.py against the existing OAuth client.
2. Approve consent with the Google account that owns access to MCC 8676599345.
3. Replace GOOGLE_ADS_REFRESH_TOKEN in /Users/samaguiar/Documents/Projects/.credentials/vault.env. (Vault writes blocked for Claude by hook.)
4. Re-run this scheduled task. Also re-run gads-search-term-review and google-ads-neg-cleanup — same shared token.

QA Recommendations Pending Approval

• CH-Q1 Path A vs Path B vs both — recommend Path A today.
• CH-Q2 Promote OAuth self-test to google-ads/scripts/_oauth_preflight.py and import from all three daily Google Ads scripts.
• CH-Q3 Wire BLOCKED-ENV outcomes to a Slack DM via slack-by-salesforce MCP (today proves report+Notion+QA-queue is not enough escalation).
• CH-Q4 Set Friday 2026-05-01 as hard target for sail-automation OAuth client + sail-ads-runner cloud cutover.

Full report: /Users/samaguiar/Documents/Projects/Repos/sail-googleads/google-ads/outputs/reports/campaign-health-2026-04-27.md

Handoff: /Users/samaguiar/Documents/Projects/Repos/sail-googleads/handoffs/gads-campaign-health-2026-04-27.md

Codex QA queue: /Users/samaguiar/Documents/Codex/_qa-queue/2026-04-27.md

Run log (footer per Decision 9)

[11:17:28] start gads-campaign-health 2026-04-27
[11:17:28] customer=3813916687 login_customer_id=8676599345 (MCC override per Decision 8)
[11:17:28] window_last_7=2026-04-20..2026-04-26 prior_7=2026-04-13..2026-04-19
[11:17:28] whitelist=[23723841732, 23729092958, 23729092712]
[11:17:28] vault loaded; mtime 2026-04-25 01:19 UTC (unchanged since yesterday)
[11:17:28] OAuth pre-flight self-test (NEW today, per 2026-04-26 Q3): POST oauth2.googleapis.com/token
[11:17:29] OAuth pre-flight: FAIL invalid_grant
[11:17:29] decision: BLOCKED-ENV. abort before SDK init.
[11:17:29] adspirer: not used.