Settings

Settings is where Google account connection lives, where GSS confirms the OAuth scopes and Google API access it needs are present, and where project-level controls (rollback entry, developer tools) live. It is always available in the sidebar regardless of project state.

Page header

At the top: the "Settings" title with intro copy ("Connect your Google account and confirm the app has the exact prerequisites it needs.") and a small meta line showing the project domain.

Sections

  • Google Account — Connected / Not connected state (LED + badge). When connected, shows the account email. Two actions: Reconnect (refreshes the consent grant without removing access) and Remove access (confirms, then revokes credentials, signs you out, and requires re-granting on next sign-in). When not connected, shows a single "Connect Google Account →" call to action.
  • Google API access — verifies the connected account and the OAuth-client project used by the GSS app. Status badge: Ready / Needs check / Needs action. "Check API access" button + "Last checked" timestamp. When the existing check is stale (older than 24 hours) or absent, GSS auto-refreshes it on page load. The card then renders two tables:
    • Google account permissions — per-user OAuth scopes with a label and result. Hover the help indicator to see the raw OAuth scope.
    • App project APIs — the APIs enabled on the GCP project that owns the OAuth client. Failing rows offer per-row "Open in console" or "Reconnect Google" links depending on the error class.
  • Danger Zone — rollback entry. Post-cutover only (gated by show_rollback_entry). Use only when production is broken and you need to revert to the prior client-side configuration. The link goes to the rollback checklist at /go-live/rollback.
  • Developer — developer-only tools (gated by show_developer_tools): user revision row plus a debug link to the test error page.
  • Version footer — the GSS app version at the bottom of the page.

Sidebar attention triangle

When Google is not connected, or when API access verification has flagged a problem, the Settings entry in the sidebar shows a small amber attention triangle. Clicking through resolves the underlying issue.

Reconnect vs Remove access

  • Reconnect — what you usually want. Refreshes the OAuth consent grant and stored permissions without dropping the existing connection. Use after granting a new scope.
  • Remove access — nuclear option. Revokes the stored Google credentials, signs you out, and requires re-granting permissions on next sign-in. The button uses a muted-amber treatment to signal "thoughtful proceed" rather than "danger."

When to visit Settings

  • Initial Google account connection.
  • Resolving an attention triangle in the sidebar.
  • Refreshing scopes after granting new API access to GSS.
  • Initiating an emergency rollback (post-cutover only).