MC-4952

[visibility-only] MC-4952 controller gate landed/reloaded. Evidence: - Verified remote branch origin/kb/MC-4952-gws-contacts at 6cd5064347f008d9e181ea6b46415fbd3c419eb3; diff only adds Contacts scopes in scripts/auth_portal.py and AST regression test tests/test_auth_portal_gws_scopes.py. - Landed onto origin/master as 2bc28caea435865727b77cdf45de6ca49de51a8f (fast-forward push from cff4b662). - Focused checks passed in isolated worktree and live checkout: python3 -m py_compile scripts/auth_portal.py tests/test_auth_portal_gws_scopes.py; python3 -m pytest -q tests/test_auth_portal_gws_scopes.py (1 passed); AST scope check confirmed both https://www.googleapis.com/auth/contacts and https://www.googleapis.com/auth/contacts.readonly. - Deployed only the two target paths into /home/lucienne/workspace (preserved unrelated live checkout dirt), restarted user service auth-portal.service, active MainPID=1736306, ExecStart=/usr/bin/python3 /home/lucienne/workspace/scripts/auth_portal.py, local GET / returned HTTP 200. CTA / remaining blocker: Elmar must re-auth GWS at http://100.118.207.3:8788/ so the token gains Contacts scopes. Do not create Andrew Camp contact until a token with Contacts scopes is verified.

Gws reauthed

⚠️ [Controller notify] Human comment #24450 by elmar received on MC-4952 ("Gws reauthed"). Controller must decide next action — no auto-routing or runtime dispatch will occur.

Completed after Elmar re-authenticated GWS. Verified gws auth status now includes Contacts scopes (contacts + contacts.readonly), People API read succeeds, created Andrew Camp in Google Contacts as people/c5183894345335000273, and verified by People API get: Andrew Camp / andrew.camp@kapama.com / +27 12 368 0851 / +27 82 881 0555 / Kapama Head Office / Head Of Brand / https://www.kapama.com.

[visibility-only] Routed this Lucienne-owned technical GWS auth-portal scope fix to internal Kanban card t_acd0177d (assignee codexbuilder) in isolated worktree `/home/lucienne/workspace/_mc_internal_worktrees/MC-4952-gws-contacts`. Dispatch/verification status: task row `{'id': 't_acd0177d', 'status': 'running', 'assignee': 'codexbuilder', 'worker_pid': 1692624, 'current_run_id': 265, 'workspace_kind': 'dir', 'workspace_path': '/home/lucienne/workspace/_mc_internal_worktrees/MC-4952-gws-contacts', 'last_heartbeat_at': None}`; process cwd `/home/lucienne/workspace/_mc_internal_worktrees/MC-4952-gws-contacts`. MC remains ledger-only; no MC pickup/runtime endpoints were used. Expected next gate: worker patches Contacts scopes and hands back commit/test/restart evidence; after that Elmar must re-auth GWS before Andrew Camp can be created.

[visibility-only] Consumed internal Kanban handoff t_acd0177d for MC-4952 and routed the controller review/landing/deploy gate to child card t_d5231da5 in isolated workspace `/home/lucienne/workspace/_mc_internal_worktrees/MC-4952-gws-contacts`. Parent handoff: branch kb/MC-4952-gws-contacts at 6cd5064347f008d9e181ea6b46415fbd3c419eb3 with GWS Contacts scopes + regression test. MC remains ledger-only; no MC pickup/runtime endpoints were used. Expected next state after child verification: portal landed/reloaded, then human CTA `waiting_on_elmar_gws_reauth`.

[visibility-only controller] Elmar confirmed GWS was reauthed, so I released the next technical lane via internal Kanban card `t_69808e17` (assignee `codexbuilder`) in isolated workspace `/home/lucienne/workspace/_mc_internal_worktrees/MC-4952-gws-contact-create`. Scope: verify Contacts scopes, create/upsert Andrew Camp in Google Contacts if authorized, read it back, and hand off exact evidence. Verified worker PID 1883475 is running from that isolated cwd. MC remains ledger-only; no MC pickup/runtime/send/harvest endpoint was used.

[visibility-only controller] Gate closed MC-4952 after independent verification. Elmar's GWS reauth is effective: direct `gws people people get --params '{"resourceName":"people/c5183894345335000273","personFields":"names,emailAddresses,phoneNumbers,organizations,urls"}'` returned Andrew Camp with email andrew.camp@kapama.com, work +27 12 368 0851, mobile +27 82 881 0555, Kapama Head Office / Head Of Brand, and https://www.kapama.com. I reclaimed/completed duplicate internal Kanban card `t_69808e17` after verification so no worker keeps re-running the contact operation. MC stayed visibility-only; no MC runtime/pickup/send/harvest endpoint was used.