All client SEO dataSites, providers, approvals, and reports are workspace scoped.
Auth requiredmicro_seo:paid pending
Support checklist

Backend-core OAuth

Integrations

Connect Google, WordPress, WooCommerce, GitHub, Vercel, DataForSEO, and BacklinkBase through workspace-scoped backend-core OAuth and credential routing.

Live backend disconnectedConfigure MICRO_SEO_BACKEND_URL

Set MICRO_SEO_BACKEND_URL to enable live session, billing, provider, site, and job state branches.

OAuth Providers5Google, GitHub, Vercel, WordPress, WooCommerce
Workspace ScopeAllClient workspace isolation enforced
Credential OwnerCoreTokens stay in backend-core, not frontend
Connectors Ready11SEO providers mapped for V1
Auth sessionAuthenticated workspace

Backend-core session context is required before site, opportunity, approval, or report data is shown.

Verify /api/seo/v1/onboarding
Site connectionSetup required

AudioVideoNation has CMS data online, but GitHub execution mode still needs a connected repository grant.

Connect GitHub or continue plugin-only
Paid entitlementRevenue gate active

Recommendation generation, report exports, and backlink previews require micro_seo:paid entitlement.

Keep upgrade CTA visible for free users

Production UI states

Readiness states to preserve when live APIs are connected

Design contract

These shared states document the user-facing contract for loading, empty, error, auth, provider, plan, sandbox, verification, and rollback paths before static scaffold screens are wired to live data.

Data lifecycle states

Every route should show users whether data is loading, absent, unavailable, or blocked by access.

loadingLoading

Skeleton cards and tables while provider, workspace, or report data is syncing.

All dashboard and module routes
emptyEmpty

First-run workspace guidance when no sites, providers, opportunities, approvals, backlinks, or reports exist.

Sites, integrations, opportunities, approvals, BacklinkBase, AI visibility, reports
errorError + retry

Recoverable provider/API failures with retry copy and support-safe diagnostics.

All provider-backed routes
unauthorizedUnauthorized

Backend-core session, workspace membership, and role denial states before showing SEO data.

All workspace-scoped routes

Commercial and provider states

Provider health, plan gates, sandbox boundaries, and entitlement limits must be visible before users can act.

disconnected_providerDisconnected provider

Google, WordPress, GitHub, Vercel, DataForSEO, and BacklinkBase disconnect/expired/rate-limited states.

Integrations plus dependent module routes
plan_limitPlan limit

Starter/Pro/Agency gates for sites, reports, provider syncs, users, credits, and automation rules.

Sites, reports, BacklinkBase, approvals, integrations
sandboxSandbox

BacklinkBase and destructive writes must identify sandbox versus production execution before approval.

BacklinkBase, approval queue, technical execution

Execution safety states

Approval, verification, and rollback states should stay visible through the full SEO change lifecycle.

verification_failedVerification failed

Applied changes that did not verify on preview/live HTML need retry and rollback affordances.

Approval queue, technical SEO, schema, WooCommerce SEO, reports
rollback_availableRollback available

WordPress snapshots, GitHub PR reversions, and backlink audit trails must stay tied to an approved action.

Approval queue, WordPress plugin actions, reports

Integrations queue

Current work

PriorityEntitySignalExecutorImpact
ReadyGoogle Search ConsoleQuery, page, sitemap, and indexability dataBackend-core OAuthOrganic performance sync
ReadyGA4Sessions, events, ecommerce revenue, and landing pagesBackend-core OAuthRevenue attribution
ReadyMerchant CenterProducts, product issues, visibility, and feed healthBackend-core OAuthCommerce SEO evidence
ReadyGoogle Business ProfileLocations, reviews, services, categories, and postsBackend-core OAuthLocal SEO execution
SetupWordPress ConnectorHMAC plugin connection for CMS reads and writesSite secretSafe content execution
SetupGitHub + VercelRepository PRs and deployment verificationBackend-core OAuthHeadless SEO changes

Isolation

Client workspace boundary

The selected workspace in the top bar controls which site, provider accounts, recommendations, reports, and approvals are visible.

  • All view is for owners only
  • Client users remain scoped to assigned workspaces
  • Provider credentials are never exposed to the browser

OAuth model

Use backend-core for provider auth

Micro SEO should call backend-core connect routes for Google and developer providers, then store only provider status and scopes in SEO-facing records.

  • Google OAuth powers GSC, GA4, GBP, Merchant, and Ads data
  • GitHub and Vercel connect through approved workspace grants
  • WordPress plugin uses signed site secrets instead of browser tokens