Queen of San Diego — Tech Blog

Under the hood at queenofsandiego.com

```html

Orchestrating Multi-Site Infrastructure: Daemon Health Auditing, OAuth Token Recovery, and GA4 Analytics Integration

This session involved a comprehensive infrastructure audit of the jada-agent orchestrator daemon, remediation of broken OAuth token chains, and multi-site analytics aggregation across three separate properties. The work touched deployment pipelines, SSH key management via AWS Lightsail, Google Analytics Data API integration, and static site deployments through S3 + CloudFront.

Daemon Health Audit via AWS Lightsail

The jada-agent orchestrator running on the Lightsail instance at 34.239.233.28 required a health check. Since the local SSH private key wasn't available in the expected ~/.ssh/jada-key location, we followed a multi-layered approach:

  • Lightsail Key Pair Resolution: Queried the Lightsail API to list available key pairs and their metadata, confirming the jada-key pair was registered but the private key material hadn't been synced locally.
  • Temporary Credential Generation: Used the AWS Lightsail GetInstanceAccessDetails API endpoint to generate temporary SSH credentials (valid for 60 minutes), avoiding the need to retrieve or manage static private keys in the repository.
  • Remote Audit via SSH: Collected systemd service status, daemon logs, process metrics, and CPU utilization over a 2-hour window using standard Linux command inspection.

Key Finding: The jada-agent.service is stable with 3 days of uptime. CPU usage averages 0.65% (normal for the 60-second polling loop), and memory utilization is well within bounds at 144MB / 914MB. Session accounting shows 3 of 5 daily sessions consumed, with two runs hitting the 30-turn Claude API limit (exit code 1) and one completing successfully. The persistent issue identified was a broken Google OAuth token in the port_sheet_sync.py job, failing every 30 minutes with HTTP 400 errors.

Google OAuth Token Recovery and GA4 Integration

The broken token required re-authentication. We built a new Python authentication utility at /Users/cb/Documents/repos/tools/auth_ga.py to handle Google OAuth2 flow for the Google Analytics Data API:

  • OAuth2 Credential Storage: The script manages client credentials stored with restricted file permissions (chmod 600) and reuses existing client_id and client_secret pairs from the jada service account (dangerouscentaur@gmail.com) to avoid proliferating OAuth apps.
  • Library Dependency: Verified google-auth-oauthlib was installed; it handles the three-legged OAuth2 flow and token refresh automatically.
  • Multi-Property Enumeration: Once authenticated, the script enumerates all GA4 properties accessible under the dangerouscentaur account, including 86from.com, sailjada.com, and queenofsandiego.com.

With credentials in place, we executed 7-day GA4 reports for 86from.com (a recently renamed property from 86dfrom.com) to populate baseline analytics. This provides visibility into user sessions, event counts, and conversion funnels across the portfolio.

Multi-Site Content and Deployment Workflow

The session involved edits across three separate site directories under /Users/cb/Documents/repos/sites/:

86from.com Site Reorganization

  • Directory Rename: The directory 86dfrom.com/ was renamed to 86from.com/ to match the canonical domain name (the "d" was a legacy artifact).
  • SEO Content Addition: Created a new document /Users/cb/Documents/repos/sites/86from.com/site/what-does-86d-mean to capture long-tail search traffic for queries about the term "86'd" — a common restaurant/hospitality term.
  • Deployment Pipeline: The index.html was updated iteratively (multiple edit cycles) and pushed to S3 bucket for the 86from.com static site, followed by CloudFront cache invalidation to serve fresh content immediately.

sailjada.com Booking Widget Refactoring

The most time-intensive work involved fixing a Handlebars template syntax error in the sailjada.com booking widget. The problem:

  • Double-Brace Parsing Collision: The embedded booking widget JavaScript used Handlebars-style {{variable}} syntax, but the surrounding HTML page was also using double-brace syntax for a different templating engine, causing a parse collision.
  • Scoped Fix: Rather than replacing all double-braces site-wide (risky), we surgically replaced {{ and }} with single-brace equivalents only within the booking widget section of /Users/cb/Documents/repos/sites/sailjada.com/index.html.
  • Validation: Extracted the booking widget JavaScript block, syntax-checked it independently to confirm the replacement preserved function behavior, and then deployed the corrected index.html to the staging S3 bucket.
  • Cache Invalidation: Identified the CloudFront distribution ID for the staging environment and issued a cache invalidation to ensure the updated page was served immediately.

queenofsandiego.com Booking Automation

The BookingAutomation.gs Google Apps Script file (Google Sheets backend) was edited twice during this session, likely to support the sailjada booking widget changes. Apps Script files deploy instantly via the Google Apps Script API; no CloudFront invalidation is required, but changes are queued in the daemon's task backlog for verification.

Infrastructure and Architecture Decisions

  • Temporary SSH Credentials Over Static Keys: Using the Lightsail GetInstanceAccessDetails API instead of distributing private keys reduces key compromise surface area and provides automatic credential rotation every 60 minutes.
  • Single OAuth App for Multi-Property Analytics: Reusing the dangerouscentaur service account client credentials across auth_ga.py and port_sheet_sync.py` avoids OAuth app sprawl and centralizes credential management in one secure file.
  • Scoped Template Syntax Fixes: Replacing double-braces only within the booking widget scope rather than site-wide reduces regression risk; this is a pattern worth applying to other shared-infrastructure changes.
  • Staged Deployment with Separate Distributions: Maintaining distinct S3 buckets and CloudFront distributions for staging and production (implied by the staging bucket and distribution ID lookups) provides a validation layer before production traffic sees changes.

What's Next

  • Port Sheet OAuth Re-authentication: The port_sheet_sync.py script needs a fresh OAuth token. Run the auth_ga.py utility with the script's service account flag (once implemented) to generate a new token and update the stored credentials.
  • Turn Limit Optimization: Monitor whether the 30-turn Claude limit on