[31588f42] feat: implement SuperOffice Sales API prototype and fix auth docs

GEMINI.md

@@ -249,6 +249,29 @@ The full list of 25 verticals with their internal SuperOffice IDs (List `udlist3
 ### 4. Campaign Trigger Logic
 The `worker.py` (v1.8) now extracts the `campaign_tag` from `SuperOffice:23:DisplayText`. This tag is passed to the Company Explorer's provisioning API. If a matching entry exists in the `MarketingMatrix` for that tag, specific texts are used; otherwise, it falls back to the "standard" Kaltakquise texts.
 
+### 5. SuperOffice Authentication (Critical Update Feb 28, 2026)
+
+**Problem:** Authentication failures ("Invalid refresh token" or "Invalid client_id") occurred because standard `load_dotenv()` did not override stale environment variables present in the shell process.
+
+**Solution:** Always use `load_dotenv(override=True)` in Python scripts to force loading the actual values from the `.env` file.
+
+**Correct Authentication Pattern (Python):**
+```python
+from dotenv import load_dotenv
+import os
+
+# CRITICAL: override=True ensures we read from .env even if env vars are already set
+load_dotenv(override=True)
+
+client_id = os.getenv("SO_CLIENT_ID")
+# ...
+```
+
+**Known Working Config (Production):**
+*   **Environment:** `online3`
+*   **Tenant:** `Cust26720`
+*   **Token Logic:** The `AuthHandler` implementation in `health_check_so.py` is the reference standard. Avoid using legacy `superoffice_client.py` without verifying it uses `override=True`.
+
 ---
 Here are the available functions: 
 [