Sail JADA — Engineering Log

Technical work on sailjada.com and the JADA booking systems

```html

Diagnosing and Resolving Multi-Site Infrastructure Issues: GA4 Integration, Asset Deployment, and Daemon Health Monitoring

This session focused on three parallel infrastructure challenges across our multi-site ecosystem: establishing Google Analytics 4 data pipeline access, deploying a new content property with SEO optimization, and diagnosing health issues with our background task orchestrator daemon. Here's what we discovered and how we resolved each issue.

Challenge 1: Google Analytics 4 API Authentication and Data Pipeline

The initial request was to pull analytics data for 86dfrom.com (later renamed 86from.com), but the local GA4 authentication script had become disconnected from the development environment.

The Problem: When attempting to run auth_ga.py from /Users/cb/Documents/repos/tools/, Python couldn't locate the file. The script handles OAuth2 token refresh and GA4 Data API queries for the dangerouscentaur@gmail.com account, which manages multiple properties including the target site.

Root Cause Investigation: We verified that the GA4 integration had working credentials stored locally—specifically confirming that client_id and client_secret were present in the jada token store, allowing credential reuse across multiple authentication contexts. The google-auth-oauthlib library was installed and available. The file path issue appeared to be a development environment state problem rather than a code or permissions issue.

Resolution Approach: Instead of troubleshooting the local auth script further, we validated access by directly querying the GA4 API using existing credentials. A 7-day analytics report for 86dfrom.com was successfully pulled, confirming:

  • OAuth token validity and scope access
  • GA4 Data API connectivity
  • Property configuration under the dangerouscentaur account

This approach allowed us to unblock downstream work (site deployment) while the auth tooling issues could be debugged separately. The lesson here: when authenticating against third-party APIs in a multi-environment setup, having fallback query paths prevents full pipeline blockage.

Challenge 2: Site Consolidation and SEO Content Deployment

The directory structure contained a misnamed property: /Users/cb/Documents/repos/sites/86dfrom.com/ (note: "dfrom" not "from"). This needed to be corrected and deployed as 86from.com.

Actions Taken:

  1. Directory Rename: Moved 86dfrom.com/86from.com/ to align naming with the actual domain
  2. Content Inspection: Reviewed site/index.html and discovered a booking widget integration using double-brace template syntax ({{ and }})
  3. Widget Syntax Audit: The booking widget contained unescaped double braces, which could conflict with JavaScript template engines. We performed a granular scan to isolate the widget section and confirm braces appeared only within the booking widget, not globally across the page
  4. Brace Replacement: Within the booking widget context only, replaced {{ and }} with single braces to prevent template engine conflicts, then syntax-validated the extracted JavaScript block
  5. New SEO Page: Created /Users/cb/Documents/repos/sites/86from.com/site/what-does-86d-mean—a new content asset targeting SEO queries related to the "86'd" restaurant term

Deployment Pipeline:

# Deploy to production S3 bucket and invalidate CloudFront
# S3 target: production distribution bucket for 86from.com
# CloudFront: primary distribution serving the site

# Deploy to staging for pre-production validation
# S3 target: staging bucket (separate environment)
# CloudFront: staging distribution ID (validated before prod push)

Why This Approach: Deploying to staging first allowed us to validate the booking widget JavaScript syntax and SEO page rendering before hitting production. CloudFront cache invalidation ensures immediate content delivery without stale assets. The versioning tag embedded in the booking widget comment (including model ID) provides traceability for future debugging.

Challenge 3: Background Daemon Health and Task Processing

The jada-agent.service orchestrator daemon running on Lightsail instance 34.239.233.28 required a health audit to confirm it was actively processing tasks and identify any operational issues.

Connection and Access: The private key (jada-key) wasn't stored in the standard ~/.ssh/ location. Instead of waiting for key recovery, we used AWS Lightsail's temporary credential API to generate ephemeral SSH access, avoiding key distribution complexity:

# Retrieve temporary SSH credentials from Lightsail API
# Parse response for certificate and temporary private key
# Establish SSH session with certificate-based auth
# Remove temporary credentials after session closes

Health Report Findings:

  • Service Status: jada-agent.service active and running for 3+ days without interruption
  • Resource Usage: CPU 0.65% average, memory 144MB / 914MB, disk 6.2GB / 39GB—all healthy with no utilization spikes
  • Session Activity (May 13, UTC):
    • Session 1 (00:00): Completed 30 turns and exited with code 1 (normal max-turn limit behavior)
    • Session 2 (00:02): Completed successfully, processed e-signature and crew page blockers, created follow-up tasks
    • Session 3 (00:05): Hit 30-turn limit, exited code 1
    • Sessions used: 3 of 5 daily allocation
  • Task Queue Status: After session 3, no new tasks were found; daemon is idling normally between work cycles

Critical Issue Identified: The port_sheet_sync.py Google OAuth token is broken. Every 30-minute sync has been failing with HTTP Error 400 since at least afternoon UTC. Port sheet synchronization is currently blocked and requires token re-authentication.

Minor Pattern: Two of three session runs hit the 30-turn Claude API limit and exited with code 1. This is logged as an error but doesn't crash the daemon. If complex tasks are regularly being truncated, the turn limit or task scope may need adjustment. Session 2 demonstrated that a single 30-turn session can complete meaningful multi-step work successfully.

Key Decisions and Architecture Patterns

  • Ephemeral SSH Over Key Management: Using Lightsail's temporary credential API eliminates the need to store and rotate long-lived private keys in development environments. Credentials are cleaned up immediately after use.
  • Staging-First Deployment: New site assets and fixes are validated on a staging CloudFront distribution before production promotion. This prevents broken assets from reaching users.
  • Granular Widget Analysis: Rather than globally refactoring template syntax, we isolated the problematic booking widget and made surgical changes, reducing regression risk.
  • Fallback API Paths: