Summary
The CF Worker dashboard and Vercel UI currently show connected accounts but give no indication of whether each account's OAuth token is valid, expired, or revoked. After the data-loss incident where app access was revoked, there was no visual signal of this state.
Desired Behaviour
Each account card in both the CF Worker dashboard (/) and the Vercel UI should show:
| State |
Display |
| ✅ Valid |
Green indicator, last-verified timestamp |
| ⚠️ Expiring soon (< 5 min) |
Yellow indicator |
| ❌ Expired/Revoked |
Red indicator + "Reconnect" button prominent |
| ❓ Unknown |
Grey indicator (token not yet tested) |
Implementation Notes
- CF Worker
/api/token?email=X already fetches/refreshes tokens — extend it with a /api/token/status?email=X endpoint that calls Gmail /profile and returns {valid: bool, email: string, checked_at: ISO} without returning the actual token
- Dashboard polls status on load and every ~5 min
- Reconnect button should be highlighted (not subtle) when status is red
- Status should be checked before ANY migration or cleanup job is dispatched from the UI — block dispatch with a clear error if source or any destination token is invalid
Priority
First priority for next sprint — prevents silent failures and gives users confidence before triggering jobs.
Summary
The CF Worker dashboard and Vercel UI currently show connected accounts but give no indication of whether each account's OAuth token is valid, expired, or revoked. After the data-loss incident where app access was revoked, there was no visual signal of this state.
Desired Behaviour
Each account card in both the CF Worker dashboard (
/) and the Vercel UI should show:Implementation Notes
/api/token?email=Xalready fetches/refreshes tokens — extend it with a/api/token/status?email=Xendpoint that calls Gmail/profileand returns{valid: bool, email: string, checked_at: ISO}without returning the actual tokenPriority
First priority for next sprint — prevents silent failures and gives users confidence before triggering jobs.