Queen of San Diego — Tech Blog

Under the hood at queenofsandiego.com

```html

Diagnosing and Remediating the JADA Agent Daemon: OAuth Token Expiration, Turn Limits, and Task Queue Management

During a routine health check of the JADA orchestrator daemon running on our Lightsail instance (34.239.233.28), we discovered a critical OAuth token failure in the port sheet sync pipeline and identified architectural patterns that need refinement to handle complex agent workloads. This post details the diagnostic methodology, findings, and remediation strategy.

Executive Summary: What We Found

  • Primary Issue: The Google OAuth token used by port_sheet_sync.py has expired or been revoked, causing all sync operations to fail with HTTP 400 errors every 30 minutes.
  • Secondary Pattern: Two of three agent sessions today hit the 30-turn Claude API limit, causing incomplete task processing (exit code 1) rather than graceful degradation.
  • Good News: The daemon itself is stable: 3 days uptime, healthy resource utilization, and no infrastructure failures.

Diagnostic Approach: Infrastructure Access Without Keys

The initial challenge: we needed SSH access to the Lightsail instance, but the private key wasn't available in the standard ~/.ssh directory. Rather than manually searching for key files, we used the AWS Lightsail API to request temporary SSH credentials.

aws lightsail get-instance-access-details \
  --instance-name jada-agent-prod \
  --region us-east-1

Why this approach? Temporary, ephemeral credentials are more secure than managing long-lived SSH key files. The Lightsail API generates time-limited certificates that can be used once, then discarded. We wrote the temporary key to a secure file, connected via SSH, ran diagnostics, and immediately removed the temporary credentials afterward.

Once connected, we pulled data from multiple sources to build a complete health picture:

  • systemctl status jada-agent.service — service uptime and current state
  • journalctl -u jada-agent.service -n 200 — last 200 log entries
  • AWS Lightsail CloudWatch metrics (CPU, memory, disk, status checks) via the API
  • Process-level details from /proc and system utilities

Finding 1: Port Sheet Sync OAuth Failure

The daemon logs showed a repeating error pattern every 30 minutes:

[port-sheet] token error: HTTP Error 400: Bad Request
sync_failed=true timestamp=2026-05-13T15:30:00Z

This error originates in port_sheet_sync.py, which is responsible for pushing booking data to a Google Sheet. The script uses stored Google OAuth credentials (client_id + client_secret + refresh_token) to authenticate with the Google Sheets API.

Root Cause: The refresh token has either expired or been revoked. Google's OAuth 2.0 refresh tokens have a 6-month default lifetime and are invalidated if:

  • The user revokes the grant in Google Account Settings
  • The client (our app) is revoked by the user
  • The token hasn't been used for 6 months (implicit expiration)
  • The user changes their password

To confirm, we checked the token structure in the secrets directory and verified that client_id and client_secret exist and appear valid, but the refresh flow is failing at Google's endpoint.

Impact: Booking confirmations and scheduling data are not being synced to the port sheet. This is a data integrity issue with downstream consequences for crew visibility and booking management.

Finding 2: Agent Sessions Hitting Turn Limits

Of three agent sessions that ran today, two exited with code 1 after hitting the maximum 30-turn limit in the Claude API interaction loop:

Session 1 (2026-05-13 00:00:00 UTC): exit_code=1, reason=max_turns_reached
Session 2 (2026-05-13 00:02:15 UTC): exit_code=0, reason=completed
Session 3 (2026-05-13 00:05:30 UTC): exit_code=1, reason=max_turns_reached

Session 2, which completed successfully, processed two high-priority tasks related to e-signature link generation and crew page blockers, and created a "needs-you" task escalation in the progress dashboard. Sessions 1 and 3 did not complete their assigned work.

Why This Happens: The JADA agent uses an agentic loop: Claude iterates through plan → execute → observe → reflect cycles until the task is complete or the turn budget is exhausted. Complex tasks (those requiring multiple API calls, conditional branching, or error recovery) can easily consume 30 turns. When the limit is hit, the agent saves its state but exits without finishing, leaving tasks in a pending state.

Architectural Observation: The 30-turn limit is appropriate for preventing runaway costs and infinite loops, but it's too restrictive for the multi-step tasks we're assigning to the daemon. We need to either:

  • Increase the turn budget (with cost/safety tradeoffs)
  • Decompose complex tasks into smaller, sequential subtasks
  • Implement task checkpointing so the agent can resume from its last observation

Infrastructure Health: The Good News

The Lightsail instance itself is rock solid:

  • Uptime: 11 days since last reboot
  • Service uptime: 3 days (last restart was 2026-05-10)
  • CPU: 0.65% average utilization, no spikes detected in the last 2 hours
  • Memory: 144MB of 914MB used (~16% utilization)
  • Disk: 6.2GB of 39GB used (~17%)
  • Load Average: 0.00 — the instance is idle between scheduled task runs
  • Status Checks: 0 failures in the last 2 hours

This tells us that the daemon itself is stable and not consuming excessive resources. The issue is purely in the OAuth token refresh pipeline and the logical constraints of the agent loop.

Remediation Plan

Immediate (24 hours):

  • Re-authenticate the Google OAuth flow for port_sheet_sync.py` by running the auth script with the service account credentials and storing a fresh refresh token in the secrets directory.
  • Verify that the next scheduled port sheet sync (every 30 minutes) succeeds without HTTP 400 errors.

Short-term (this sprint):

  • Review the 30-turn limit against real-world task complexity by logging Claude API turn usage across completed and failed sessions.
  • Implement task decomposition guidance in the agent's system prompt to encourage breaking complex work into subtasks.
  • Consider increasing the turn limit to 50 and monitoring cost impact.

Medium-term (next quarter):

  • Implement task checkpointing: store agent state (