project superhuman revoked apr22

What happened

On 2026-04-22 Joseph noticed the Andy Hadank email thread (Snowblaze B-32 active deal) had been moved to Trash. He moved it back manually when sending a reply and asked me to audit what could have caused it.

Root cause

Superhuman had an active OAuth grant on the Joseph.Bowens@SkyRun.com Google account with these permissions:

Read, compose, send, and permanently delete all email from Gmail
See, edit, create, or change email settings and filters
Plus Calendar, Contacts, Drive, profile access

Joseph stated he isn't using Superhuman. Superhuman's keyboard shortcuts include E (archive) and # (trash) — a single misfired keystroke at any point would trash a thread in Gmail permanently.

Audit results (all three checks clean)

Gmail Filters: 8 filters total, all Star / Apply-label / Skip-Inbox. Zero "Delete" actions. No blocked addresses. NOT the cause.
Forwarding & POP/IMAP: No forwarding. POP disabled. IMAP defaults to Archive on delete (not Trash). NOT the cause.
Third-party apps: Superhuman found with full delete permissions. Confirmed cause.

Resolution

Joseph revoked Superhuman's access via https://myaccount.google.com/connections on 2026-04-22. Verified gone — connection count 12 → 11.

Remaining approved connections (11 total, 2026-04-22)

Claude (main)
Claude for Google Calendar
Claude for Google Drive
Cloudflare Dashboard (added 2026-04-21 for Pages PWA)
Contacts Sync
Fantastical
Fantastical for iOS
HubSpot
macOS
Microsoft apps & services
Otter

Skill hardening done same day (2026-04-22)

All three Gmail-touching scheduled tasks received explicit "GMAIL READ-ONLY LOCK — NEVER VIOLATE" sections:

transcript-scan
gmail-deep-scan
historical-gmail-backfill

Plus a new Section D3 was added to nightly-consolidation: audits Trash daily for any messages from active-deal contacts, SoT leads, or the 3 realtor intros — RED flags them in the morning brief within 24h.

Important context for future decisions

Scheduled tasks literally cannot trash Gmail content — the Gmail MCP connector only exposes read tools + create_draft/create_label. No modify-thread, trash, delete, or label-modify tools are available to scheduled tasks. This is by connector design.
If a Gmail state-modification issue happens again, the first place to look is NOT the scheduled tasks — it's third-party OAuth grants. Check https://myaccount.google.com/connections first.
Trash-audit scheduled task catches future events within 24h via nightly-consolidation D3.

How to apply

If Joseph asks "why did X email get trashed/archived/moved?" in the future: 1. First check https://myaccount.google.com/connections for any newly-granted OAuth apps 2. Check his mobile Gmail swipe settings (often defaults to Archive, but users change to Trash) 3. Only after those come up clean, look at filters + scheduled tasks 4. Scheduled tasks can be ruled out structurally — they don't have the tools to modify Gmail state