Integration & Authorization Audit + God Mode

Live-probed every connection · 2026-05-17 ~10:30 PM ET · ran on my own, as you asked

TL;DR: I actively probed every integration. 11 of 12 are GREEN and authed right now. One is genuinely broken (Cursor CLI — not installed on Apex). The TP3 brain had a real multi-hour outage tonight — found and fixed (it's recovering). And research nailed why auth keeps dying weekly: a Google OAuth setting, one-time fixable.

1 · Connection scorecard (live-probed, not assumed)

Integration	Status	Evidence (just now)
Google Calendar (5 calendars)	GREEN	Pulled events from primary + school + thebarnetts; full read.
Gmail — breezybarnett16	GREEN	993 inbox / 62 unread, searchable.
Gmail — Mark@thebarnetts.info	GREEN	2098 inbox / 0 unread, searchable.
Google Drive	GREEN	File search returns results.
GitHub (MrB-Ed)	GREEN	gh authed; scopes gist/read:org/repo; bidet-ai reachable.
Cloudflare	GREEN	Account list OK (Breezybarnett16's account).
Hugging Face	GREEN	Authed as BreezyB16.
Slack	GREEN	Channel search OK (#general).
Apex (SSH / Docker)	GREEN	SSH + docker working all session.
TP3 / OMI memory (twin-memory)	GREEN	61,978 rows; this week's report written in as memory #167.
workspace-mcp (Apex, thebarnetts)	GREEN	Container up 28 h.
chrome-devtools (real signed-in Chrome)	GREEN	Drove Kaggle + YouTube + DEV.to all session.
Cursor CLI (Apex)	BROKEN	`cursor-agent: command not found` — not installed. The "share the load with Cursor" path is dead until reinstalled.
gemma3:4b (TP3 extraction model)	IN PROGRESS	Re-pulling (~3 GB) in the background; embeddings model already restored.

2 · TP3 incident tonight — found & fixed

While auditing I caught an active, silent outage: tp3_ollama had lost both its models, so tp3_ingest and tp3_embed were in a multi-hour crash loop (autoheal restarting tp3_embed every ~90 s since ~01:30 ET) and OMI memory extraction was failing. Fix applied: re-pulled the embedding model (nomic-embed-text, done) → both containers went from crash-looping to healthy. The extraction model (gemma3:4b) is still downloading. Root cause to harden: the ollama model store isn't persisting across restarts — tracked.

3 · Claude / Claude Code — what's new & worth adopting

Claude Code is on v2.1.143 (released 2026-05-15) and is now a multi-agent platform: isolated background sub-agents + git worktrees (safe parallelism — I'm using this now), /goal persistent autonomy, an Agent dashboard, /loop scheduled tasks, deterministic hooks, MCP Tool Search (lets us run 20+ integrations cheaply), HTTP-MCP auto-reconnect.
Models: Opus 4.7 (claude-opus-4-7, 1M-token context) for orchestration; Sonnet 4.6 (1M) for the bulk of agent work; Haiku 4.5 for cheap high-volume jobs. (Sonnet 4 / Opus 4 retire 2026-06-15.)
Worth adopting: /goal (autonomy that actually finishes), background sub-agents (I ran 3 in parallel tonight), and a hooks-based "fail-loud" health/alert layer so a dead integration screams instead of failing silently — directly addresses your standing complaint.

4 · Why your auth keeps dying weekly — root cause found

This is the big one. The recurring "re-authorize everything" treadmill has a specific cause: a Google Cloud OAuth consent screen left in "Testing" publishing status expires every refresh token after 7 days. Move it to "In production" (or Internal) and Google issues long-lived refresh tokens — the weekly Gmail/Calendar/Drive death largely stops. Secondary: stdio MCP servers never auto-reconnect and fail silently; long runs die on a mid-session 401 because no MCP client fully auto-refreshes OAuth yet.

5 · God Mode — the durable architecture

Maximum reliable reach, least manual re-auth, in priority order:

CLI-first for anything with a good CLI — GitHub (gh + PAT), Cloudflare (API token), SSH (key), Cursor (cursor-agent). Long-lived tokens, no browser flow, never expires weekly.
Self-hosted Google Workspace MCP with a Production OAuth screen — kills the 7-day treadmill for Gmail/Calendar/Drive.
Hosted connectors only where there's no good CLI/self-host (Slack, HF), least-privilege scopes.
Browser God Mode (chrome-devtools on your real signed-in Chrome) for the no-API long tail — uploads, signed-in consoles. Durable while the browser stays signed in.
Health + instant-alert layer — a probe per integration that pushes the moment anything 401s/dies, plus --fallback-model so autonomy never halts.

6 · Punch list — ranked. ★ = needs your OK

★ Move Google OAuth consent screen Testing → Production — single highest-leverage fix; ends the weekly re-auth. (Needs you in the Google Cloud console with me guiding, ~10 min.)
★ Reinstall the Cursor CLI on Apex — restore the share-the-load path. (Needs your OK on the install method.)
★ Apply the CLAUDE.md v2 operating brief — you asked; I'll locate the draft, finalize, and apply it (it governs every agent, so you eyeball it first).
Add a fail-loud health-probe + instant-alert hook per integration — a dead pipe screams instead of rotting for days (like tonight's TP3 outage would have).
Swap unattended OAuth MCP servers → API-key/PAT/app-password (no expiry).
Harden the TP3 ollama model store so models survive restarts (root cause of tonight's outage).
Consolidate MCP onto one always-on host; stop fanning OAuth across terminals.
Adopt /goal + the Agent dashboard for long autonomous runs.
Pin the Claude Code version; read the changelog before upgrading.
Keep browser God Mode for the no-API long tail (YouTube, consoles).

What I need from you (one sitting, ~20 min total): green-light items ★1–★3. Everything else I can do myself with your standing authorization. Full technical research is saved (research_claude_godmode_2026-05-17.md) and a separate YouTube power report is being finalized — both will land on this reports page.

Method: every "GREEN" above was a live tool/SSH call tonight, not memory. Research web-verified 2026-05-17 (Claude Code changelog, Anthropic model docs, MCP auth spec, Google Workspace MCP docs). Stable URL, overwritten in place on update.