Sail JADA — Engineering Log

Technical work on sailjada.com and the JADA booking systems

Building an Automated Technical Blog Pipeline Across Four Domains

This session focused on creating an automated, session-driven technical blog generation system that publishes granular engineering documentation across four separate domains: tech.queenofsandiego.com, tech.sailjada.com, tech.dangerouscentaur.com, and tech.burialsatseasandiego.com. The goal was to provide transparent, detailed engineering visibility into development work without exposing credentials or sensitive data.

Architecture Overview

The system consists of three core components:

  • Claude Code Stop Hook (/Users/cb/.claude/hooks/tech_blog_stop.sh) — Executes at session end to trigger blog generation
  • Blog Generator (/Users/cb/Documents/repos/tools/tech_blog_generator.py) — Python script that parses Claude session transcripts and generates HTML blog posts
  • Infrastructure Init Script (/Users/cb/Documents/repos/tools/tech_blog_init.py) — Provisions S3 buckets, CloudFront distributions, DNS records, and ACM certificates for each tech blog domain

Infrastructure Setup

Each tech blog required identical AWS infrastructure patterns:

S3 Buckets

Created four S3 buckets for static blog hosting:

  • tech-queenofsandiego-com (us-west-1)
  • tech-sailjada-com (us-west-1)
  • tech-dangerouscentaur-com (us-west-1)
  • tech-burialsatseasandiego-com (us-west-1)

Each bucket was configured with:

  • Static website hosting enabled with index.html as the index document
  • Block Public Access settings disabled to allow CloudFront access
  • Bucket policies restricting access to specific CloudFront origin access identities

CloudFront Distributions

Created CloudFront distributions for each tech blog with the following configuration:

  • S3Origin pointing to respective bucket as origin
  • Origin Access Identity (OAI) for secure S3 access without public bucket policies
  • Custom SSL/TLS certificates for HTTPS
  • Cache behaviors configured with reasonable TTLs (3600 seconds for HTML, longer for static assets)
  • Distribution IDs:
    • queenofsandiego: E28WC7JKRF9UDH
    • sailjada: E2FAPJ2G4M9XUP
    • dangerouscentaur: Reused existing wildcard distribution E2Q4UU71SRNTMB on dc-sites bucket
    • burialsatseasandiego: E3KXLPQ2N8BVTZ

SSL/TLS Certificates

Leveraged existing wildcard certificates where available:

  • *.queenofsandiego.com wildcard cert (existing in ACM)
  • *.sailjada.com wildcard cert (existing in ACM)
  • dangerouscentaur.com wildcard cert (existing CloudFront dist)
  • Provisioned new *.burialsatseasandiego.com cert via ACM with DNS validation through GoDaddy

DNS Configuration

Set up DNS records across multiple providers:

  • Route53 (queenofsandiego.com & sailjada.com): Created ALIAS records pointing to CloudFront distribution domain names in hosted zones
  • Namecheap (dangerouscentaur.com): Added CNAME record for tech.dangerouscentaur.com pointing to the shared wildcard CF distribution
  • GoDaddy (burialsatseasandiego.com): Added CNAME record for ACM DNS validation, then CNAME record for tech.burialsatseasandiego.com pointing to CloudFront

Blog Generation Pipeline

Session Transcript Processing

The blog generator reads Claude session transcripts in JSONL format from ~/.claude/sessions/, which contain:

  • User messages and assistant responses
  • Tool use entries (file operations, command executions) with exact file paths and parameters
  • Metadata including timestamps and execution context

The Python script parses this structure to extract:

  • File paths modified (Write/Edit operations)
  • Commands executed
  • Tool results and outputs
  • High-level work summary from user request context

Content Sanitization

Critical security filtering removes:

  • API keys, tokens, and credentials from all content
  • Passwords and secrets from command output
  • AWS access key IDs and secret access keys
  • Database connection strings
  • SSH keys and certificates
  • Personal identifiable information beyond project context

Uses regex patterns and keyword-based detection to identify and redact sensitive data before publishing.

HTML Generation

Produces semantic HTML5 output including:

  • Structured article with <h2> title, <h3> sections
  • Code blocks with <pre><code> for exact file paths and commands
  • Bulleted lists for granular details
  • Metadata footer with timestamp and session ID for traceability

Claude Code Integration

Modified /Users/cb/.claude/settings.json to register the Stop hook:

  • Hook path: /Users/cb/.claude/hooks/tech_blog_stop.sh
  • Executes at session termination to automatically generate blog post
  • Determines target blog domain from session context/tags
  • Uploads generated HTML to appropriate S3 bucket
  • Invalidates CloudFront cache to immediately publish changes

Navigation Integration

Updated queenofsandiego.com's ship's papers navigation menu in /Users/cb/Documents/repos/sites/queenofsandiego.com/index.html to include a link to the technical blog, making engineering work visible to stakeholders like Sergio.

Key Design Decisions

  • Wildcard Certificates: Reused existing wildcard certs to simplify management and reduce certificate provisioning overhead