Sail JADA — Engineering Log

Technical work on sailjada.com and the JADA booking systems

```html

Building an Automated Technical Blog System Across Four Domains with Session-Based Content Generation

What Was Done

Implemented a fully automated technical blog infrastructure that captures development work in real-time across four separate properties (queenofsandiego.com, sailjada.com, dangerouscentaur.com, and burialsatseasandiego.com) and generates granular technical posts. The system monitors Claude Code sessions, extracts work details, and publishes detailed technical content to dedicated tech subdomains without exposing credentials or sensitive data.

Architecture Overview

The solution consists of three main components:

  • Session Capture Hook: A stop hook that executes when Claude Code sessions end, extracting session metadata and work performed
  • Blog Generator: Python script that parses session transcripts, filters sensitive data, and generates HTML blog posts
  • Infrastructure Layer: S3 + CloudFront + DNS configuration for each tech blog subdomain with proper SSL certificates

Infrastructure Setup

Each tech blog required provisioning in AWS:

  • S3 Buckets: Created separate buckets for each domain (tech-qos-blog, tech-jada-blog, tech-dc-blog, tech-bats-blog) with static website hosting enabled and public read access for CloudFront origin
  • CloudFront Distributions: Configured with origin domain set to S3 bucket website endpoints, default root object set to index.html, cache TTL of 3600 seconds, and HTTP → HTTPS redirect
  • SSL Certificates: Leveraged existing wildcard ACM certificates (*.queenofsandiego.com, *.sailjada.com) for tech subdomains; for dangerouscentaur.com, utilized existing wildcard CloudFront distribution on dc-sites bucket; for burialsatseasandiego.com, requested new ACM cert via Route53 DNS validation through GoDaddy API
  • DNS Configuration: Updated Route53 for sailjada.com and queenofsandiego.com with CNAME records pointing to CloudFront distribution domain names; configured dangerouscentaur via Namecheap CNAME; burialsatseasandiego.com managed through GoDaddy DNS with CNAME delegation

The infrastructure init script (`/Users/cb/Documents/repos/tools/tech_blog_init.py`) automates this entire provisioning process and stores configuration in a persistent JSON file for reference and future updates.

Session Capture Mechanism

The stop hook script (`/Users/cb/.claude/hooks/tech_blog_stop.sh`) executes automatically when a Claude Code session ends. It:

  • Captures the session ID and transcript location from Claude Code environment variables
  • Extracts session metadata (start time, end time, project context)
  • Identifies which site the session worked on by analyzing file paths in the transcript
  • Invokes the blog generator with the session transcript path
  • Uploads the generated post to the appropriate tech blog S3 bucket
  • Invalidates the CloudFront distribution cache to serve fresh content immediately

The hook is registered in Claude Code settings at `/Users/cb/.claude/settings.json` under the `hooks.stop` configuration, ensuring it runs automatically without manual intervention.

Blog Generator Implementation

The generator (`/Users/cb/Documents/repos/tools/tech_blog_generator.py`) processes session transcripts with these safety and quality features:

  • Credential Filtering: Regex patterns detect and redact AWS keys, API tokens, passwords, database credentials, and personal identifying information before publishing
  • Granular Work Extraction: Parses Claude Code tool uses to identify exact files modified, commands executed, and infrastructure changes made — providing readers with detailed technical specifics rather than summaries
  • Context Preservation: Maintains the logical flow of work by grouping related actions (e.g., all DNS changes together, all S3 operations together)
  • HTML Generation: Produces semantic HTML with proper heading hierarchy, code blocks with syntax highlighting, and structured lists for readability
  • Unique Slugs: Generates URL-friendly slugs from timestamps and work descriptions, preventing collisions and enabling easy linking

The generator outputs posts in the format `/YYYY/MM/slug/index.html` for compatibility with static site best practices and archive browsing.

Navigation Integration

Updated the Ship's Papers menu on each primary domain to include a "Technical Documentation" or "Tech Blog" link pointing to the respective tech subdomain. This ensures project stakeholders (like Sergio) can easily discover and review the detailed technical work being performed.

For example, on queenofsandiego.com, added a nav item linking to tech.queenofsandiego.com with a brief description: "Detailed technical documentation of development and infrastructure work."

Key Design Decisions

Why Session-Based Generation Instead of Manual Blogging: Manual blog posts create friction and are often forgotten. By automating capture at session end, every meaningful work session automatically becomes a post. This ensures comprehensive coverage and removes the burden of documentation overhead.

Why Granular Details Instead of Summaries: High-level summaries hide important context. Technical stakeholders need to understand exactly which files changed, what commands ran, and why decisions were made. The granular approach enables verification and understanding of architectural decisions.

Why Separate Tech Domains Instead of Single Blog: Each property has distinct audiences and concerns. Keeping technical documentation separate from marketing content prevents confusion and allows each site's engineers to focus on relevant technical details for their specific codebase.

Why CloudFront + S3 Instead of Traditional CMS: Static file serving is extremely reliable, scales infinitely with zero operational overhead, and has minimal cost. CloudFront's global CDN ensures fast access regardless of where Sergio is working.

Data Safety Implementation

Before any post is published, the generator applies multiple layers of credential detection:

  • AWS Access Key ID patterns (AKIA + 16 alphanumeric)
  • AWS Secret Access Key patterns
  • Database connection strings with passwords
  • API tokens and Bearer authentication headers
  • GoDaddy API keys and OAuth tokens
  • Personal information patterns (SSN format, credit card formats)

Any detected credential is replaced with `[REDACTED: credential_type]` before publishing, ensuring the technical blog remains informative while protecting sensitive data.

Current State and Verification

All four tech blogs are live and responding to HTTPS requests:

  • tech.queenofsandiego.com — CloudFront Distribution: EXXXXXXXXXX (Route53)
  • tech.sailjada.com — CloudFront Distribution: EXXXXXXXXXX (Route53)
  • tech.dangerouscentaur.com — CloudFront Distribution: E2Q4UU71SRNTMB (Namecheap DNS)
  • tech.burialsatseasandiego.com — CloudFront Distribution: EXXXXXXXXXX (GoDaddy DNS with validation via Route53)

The first post (this session's work) has