Queen of San Diego — Tech Blog

Under the hood at queenofsandiego.com

```html

Orchestrating Multi-Site Deployments and Daemon Health Monitoring Across Lightsail Infrastructure

This session involved coordinating deployments across three separate web properties, debugging a critical OAuth token issue in our background daemon, and establishing visibility into agent orchestration health. The work spanned infrastructure monitoring, content management, analytics pipeline repair, and automated deployment strategies.

What Was Done

  • Diagnosed and monitored the jada-agent.service daemon running on a Lightsail instance (34.239.233.28)
  • Identified and isolated a broken Google OAuth token affecting port_sheet_sync.py
  • Renamed and redeployed the 86dfrom.com property to 86from.com with SEO improvements
  • Fixed a critical booking widget template syntax error across multiple site deployments
  • Established metrics collection and health reporting for agent orchestration
  • Validated GA4 credentials and pulled analytics reports for 86dfrom/86from.com

Infrastructure and Daemon Health Monitoring

The jada-agent.service daemon on our Lightsail instance runs a 60-second polling loop to pick up orchestration tasks from a progress dashboard. Since we didn't have the private SSH key stored locally, we used the Lightsail API to retrieve temporary SSH credentials rather than re-storing the key on the development machine—a security best practice for ephemeral access.

Service Health Snapshot (2026-05-13):

  • Uptime: 3 days (since May 10), 11 days instance uptime overall
  • Resource utilization: 0.65% CPU average, 144MB / 914MB memory, 6.2GB / 39GB disk
  • Session quota: 3 of 5 sessions consumed; 2 sessions hit the 30-turn Claude limit (exit code 1)
  • Status checks: 0 failures over the last 2 hours

The daemon itself is healthy. The two max-turn exits occurred during complex task processing (e.g., session 1 and session 3), while session 2—which completed successfully—created actionable tasks for manual crew page and e-signature work. This pattern suggests that task complexity may exceed the 30-turn limit for some workflows; we should monitor whether this blocks downstream work.

Critical Issue: Broken OAuth Token in port_sheet_sync

Every 30-minute sync cycle for port_sheet_sync.py has been failing with HTTP 400 errors. The Google OAuth token stored for port sheet synchronization is expired or revoked. This broke the automated sync pipeline, preventing updates to whatever backend sheet this service maintains.

Root cause: Google OAuth tokens are short-lived and require refresh token rotation. If a token hasn't been refreshed within the validity window, the API rejects requests with a 400 Bad Request response.

Next step: Re-authenticate the Google OAuth credentials for port_sheet_sync.py using the same pattern as the GA4 auth flow (auth_ga.py), which stores refresh tokens and handles automatic token rotation.

Multi-Site Content and Deployment Strategy

Three web properties were updated during this session, each with different deployment targets:

86dfrom.com → 86from.com Rename and Redeploy

The directory structure at /Users/cb/Documents/repos/sites/86dfrom.com/ was renamed to 86from.com/. The rename itself is straightforward, but the deployment required:

  • S3 sync: Deploy the entire 86from.com site directory to the production S3 bucket
  • CloudFront invalidation: Invalidate the cache for all objects under 86from.com/* to ensure CDN edge locations serve fresh content
  • DNS verification: Confirmed the domain points to the correct CloudFront distribution via WHOIS, HTTP status checks, and TLS certificate validation

A new SEO page was created at /Users/cb/Documents/repos/sites/86from.com/site/what-does-86d-mean to capture long-tail search traffic. This file was then deployed together with the main index refresh.

Booking Widget Template Syntax Repair

Both sailjada.com/index.html and the staging version of 86from.com/index.html contained a critical booking widget bug: double curly braces {{ }} were used throughout the entire HTML document instead of only within the JavaScript widget section. This caused template engines or server-side rendering to incorrectly interpret booking data variables.

Fix strategy:

  1. Identified the exact line range containing the booking widget <script> tag
  2. Extracted only that JavaScript block and validated syntax via a linter
  3. Replaced double braces with single braces { } outside the widget section
  4. Left double braces intact only within the booking widget's JavaScript scope (where they belong)
  5. Deployed the corrected file to a staging S3 bucket
  6. Invalidated the staging CloudFront distribution to force cache refresh

This pattern prevents template escaping issues when booking widget data is interpolated server-side while allowing the client-side booking widget JavaScript to use its own variable syntax.

BookingAutomation.gs Updates

The Google Apps Script file at /Users/cb/Documents/repos/sites/queenofsandiego.com/BookingAutomation.gs was edited multiple times. This is likely a Google Forms integration or calendar booking script. The specific changes were redacted from the session log, but the file is version-controlled and can be deployed to Google Apps Script via the clasp CLI or the Apps Script editor directly.

Analytics and GA4 Token Management

We validated Google Analytics 4 credentials for the dangerouscentaur account and successfully pulled a 7-day report for 86dfrom.com (now 86from.com). The auth flow used auth_ga.py, which:

  • Stores client ID and client secret in a secure configuration file
  • Uses the OAuth2 authorization code flow with google-auth-oauthlib
  • Manages refresh tokens to avoid repeated authentication prompts
  • Provides programmatic access to GA4 Data API endpoints

File permissions on the GA credentials file were explicitly locked down to prevent accidental credential leakage.

Key Decisions and Architectural Patterns

  • Ephemeral SSH access via Lightsail API: Rather than storing private SSH keys on development machines, we retrieve temporary credentials from the AWS Lightsail API. This reduces key exposure surface and aligns with infrastructure-as-code security best practices.
  • Staging invalidation workflow: CloudFront distributions are invalidated immediately after deployment to ensure edge caches don't serve stale content. The distribution IDs are hardcoded in deployment scripts to avoid accidental deployments to the wrong distribution.
  • Scoped OAuth tokens: GA4 and Google Sheets OAuth tokens are stored separately and scoped to specific services. This means a comprom