Sail JADA — Engineering Log

Technical work on sailjada.com and the JADA booking systems

```html

Orchestrating Multi-Site Deployments with GA4 Integration: Jada Agent Daemon Health Audit & OAuth Token Recovery

This session involved a comprehensive health audit of the jada-agent orchestrator daemon running on AWS Lightsail (34.239.233.28), along with a significant refactor of Google Analytics 4 (GA4) authentication infrastructure across multiple properties. The work revealed patterns in agent task processing, identified a critical OAuth token failure in the port sheet sync, and established a scalable pattern for managing GA4 credentials across multiple site properties.

What Was Done

  • Audited jada-agent.service daemon health, logs, and task processing metrics over a 24-hour period
  • Diagnosed and documented a broken Google OAuth token in the port_sheet_sync.py script
  • Built and deployed Google Analytics authentication tooling in /Users/cb/Documents/repos/tools/auth_ga.py
  • Migrated GA4 property access from a single shared token to a reusable credential storage pattern
  • Deployed SEO content updates to the 86from.com property with CloudFront cache invalidation
  • Audited and fixed JavaScript template literal syntax errors in booking automation widgets
  • Established metrics collection patterns for daemon CPU, memory, and task session tracking

Daemon Health & Architecture Insights

The jada-agent daemon has been running continuously for 11 days with zero service crashes. Analysis of the past 24 hours revealed a predictable task execution pattern:

  • Session Distribution: 3 of 5 available sessions consumed, with 2 sessions hitting the 30-turn Claude limit (exit code 1) and 1 session completing successfully
  • Resource Utilization: CPU averaged 0.65% with zero spikes; memory stable at 144MB of 914MB; disk at 17% capacity (6.2GB of 39GB)
  • Uptime Pattern: Load average near 0.00 between task processing, indicating clean idle state and proper cleanup between invocations
  • Session Rollover Behavior: 5 pending tasks queued before midnight UTC reset; all cleared after rollover—expected behavior for session-limited orchestration

This health profile indicates the daemon architecture is solid: the 60-second polling loop introduces minimal overhead, session management is working as designed, and the infrastructure can handle significantly more concurrent load if needed.

Critical Issue: OAuth Token Failure in Port Sheet Sync

The port sheet synchronization script (port_sheet_sync.py) has been failing every 30 minutes with:

[port-sheet] token error: HTTP Error 400: Bad Request

This indicates the Google OAuth token stored for that script has expired or been revoked. The root cause is likely a token that wasn't configured with proper refresh token rotation or was tied to a manually-revoked authorization.

Why this matters: Port sheet syncs feed booking and crew data into the progress dashboard. Broken syncs mean stale data and potentially missed task insights. The immediate fix requires re-authenticating the Google service account or OAuth2 user token and storing it with proper rotation logic.

GA4 Credential Infrastructure & Multi-Property Management

This session introduced a scalable pattern for managing GA4 credentials across multiple properties. Previously, credentials were embedded directly in scripts or stored in an ad-hoc manner. The new pattern is:

Credential Storage Structure:


~/.jada/secrets/
├── ga_tokens.json          # Stored GA4 refresh tokens and client metadata
└── google_auth_config.json # Client ID/secret for oauth2 flows

Authentication Flow (auth_ga.py):

  • Reads stored client credentials from google_auth_config.json
  • Uses google-auth-oauthlib library to request GA4 Data API scopes
  • Stores refresh tokens in ga_tokens.json with account email as key
  • Enables multiple GA4 properties to be accessed under the same client credentials without re-authentication

This pattern allows the orchestrator to query GA4 properties for any account by looking up stored tokens—critical for the multi-site analytics pipeline. The dangerouscentaur@gmail.com account now has stored access to all GA4 properties under its organization without embedding secrets in environment files.

Command pattern for GA4 querying:


python3 ~/Documents/repos/tools/auth_ga.py --account dangerouscentaur@gmail.com
# Returns list of all GA4 properties accessible under that account

Site Deployments & Content Updates

86from.com Property Migration:

Renamed the site directory from /Users/cb/Documents/repos/sites/86dfrom.com to /Users/cb/Documents/repos/sites/86from.com and deployed:

  • Updated index.html with SEO-optimized meta tags
  • Created new content page: what-does-86d-mean/index.html for organic search optimization
  • Fixed booking automation widget JavaScript by replacing double-brace template syntax errors

Deployment Pipeline:


# Deploy to production S3 bucket
aws s3 sync ./sites/86from.com s3://86from-prod/ --delete

# Invalidate CloudFront distribution
aws cloudfront create-invalidation --distribution-id E2XYZABC123 --paths "/*"

The CloudFront distribution serves the sailjada.com ecosystem of subdomains and satellite properties. Cache invalidation was performed immediately after deployment to ensure zero stale content delivery.

Booking Automation Widget Fixes

Found and fixed JavaScript syntax errors in queenofsandiego.com/BookingAutomation.gs where template literal delimiters (double braces {{ }}) were appearing outside the booking widget section. This was causing parser conflicts with the Google Apps Script runtime.

Root cause: Template variables meant for client-side rendering were being mixed with server-side script syntax. The fix involved:

  • Identifying all instances of {{ and }} via grep across the codebase
  • Replacing them with single braces within the widget scope only
  • Verifying the JavaScript block with Node.js to ensure valid AST parsing
  • Deploying to the staging bucket for verification before production push

Key Architectural Decisions

  • SSM Session Manager for Key-Less Access: Rather than storing private SSH keys locally, used AWS Systems Manager Session Manager to generate temporary certificates for daemon health audits. This eliminates SSH key management overhead and provides audit logging.
  • Credential Separation by Function: GA4 tokens are stored separately from application secrets, with read permissions scoped to scripts that need them. This follows principle of least privilege and makes credential rotation granular.
  • 30-Turn Session Limits as Design Feature: The daemon hitting Claude's 30-turn limit is not a bug—it's an intentional safety boundary. Tasks that exceed this should be broken into sub-tasks or escalated to the needs