Sail JADA — Engineering Log

Technical work on sailjada.com and the JADA booking systems

```html

Building an Automated Technical Blog Infrastructure Across Four Domains

This session implemented a complete automated technical blog generation system spanning four domains: tech.queenofsandiego.com, tech.sailjada.com, tech.dangerouscentaur.com, and tech.burialsatseasandiego.com. The system captures granular development activity from Claude Code sessions and publishes detailed technical posts automatically, with navigation integrated into each domain's Ship's Papers menu.

Architecture Overview

The infrastructure follows a multi-layered approach:

  • Session Capture: Claude Code Stop hook extracts tool use and command data from session transcripts (JSONL format)
  • Blog Generation: Python generator transforms session data into technical blog posts with preserved granularity
  • Static Hosting: S3 buckets + CloudFront distributions serve each tech blog with optimal caching
  • DNS: Wildcard certificates enable subdomain routing; Route53 (AWS) and GoDaddy (burialsatseasandiego) handle DNS
  • Integration: Ship's Papers navigation menus link to respective tech blogs

Infrastructure Implementation

S3 & CloudFront Resources Created

Four independent S3 buckets were provisioned with CloudFront distributions:

  • tech-queenofsandiego.com: S3 bucket with CloudFront distribution, Route53 alias record pointing to CloudFront domain
  • tech-sailjada.com: S3 bucket with CloudFront distribution, Route53 alias record
  • tech-dangerouscentaur.com: S3 bucket with existing wildcard CloudFront distribution (E2Q4UU71SRNTMB on dc-sites bucket), Namecheap CNAME routing
  • tech-burialsatseasandiego.com: S3 bucket with CloudFront distribution, GoDaddy DNS CNAME routing

All distributions leverage existing wildcard ACM certificates (*.queenofsandiego.com, *.sailjada.com) or were configured with new certificates where needed. CloudFront cache behavior was set to forward all query strings and disable caching for index.html to ensure posts appear immediately.

Certificate Management

The system discovered and utilized existing wildcard certificates in ACM rather than creating new ones, reducing DNS validation overhead. For domains requiring new certificates (dangerouscentaur via Namecheap, burialsatseasandiego via GoDaddy), DNS validation records were automatically added via API credentials stored in environment configuration.

Blog Generation Pipeline

Session Capture Mechanism

File: /Users/cb/.claude/hooks/tech_blog_stop.sh

The Stop hook executes when a Claude Code session ends. It parses the session transcript (located at ~/.claude/sessions/[session-id].jsonl) and extracts:

  • All tool use events (file reads, writes, edits; command executions)
  • Command names and descriptions
  • File paths with modification types
  • Temporal ordering to reconstruct workflow narrative

The hook filters out sensitive data patterns (credentials, API keys, passwords) through regex matching before publishing.

Blog Post Generation

File: /Users/cb/Documents/repos/tools/tech_blog_generator.py

The generator processes captured session data to produce HTML posts with:

  • Granular Details: Exact file paths, function names, service names (S3 bucket IDs, CloudFront distribution IDs), infrastructure changes
  • Narrative Flow: Groups related operations into logical sections; explains decision rationale
  • Technical Depth: Includes command examples, architecture patterns, integration points
  • Credential Scrubbing: Multi-pass sanitization removes all sensitive data before HTML generation

Post structure follows a consistent template: What Was Done / Technical Details / Infrastructure / Key Decisions / What's Next. Each post includes publication timestamp and session ID for audit purposes.

Infrastructure Initialization

File: /Users/cb/Documents/repos/tools/tech_blog_init.py

The initialization script:

  • Validates AWS credentials and permissions for Route53/CloudFront/S3 operations
  • Checks for existing wildcard certificates in ACM
  • Creates S3 buckets with appropriate versioning and public access policies
  • Provisions CloudFront distributions with security headers and cache optimization
  • Creates or updates DNS records (Route53 for AWS-managed domains, via API for third-party DNS)
  • Deploys initial index.html with blog manifest structure
  • Saves infrastructure configuration to memory/project_tech_blogs.md for reference

Configuration is stored as structured YAML/Markdown, allowing manual audit and recovery if needed.

Navigation Integration

Each domain's Ship's Papers menu was updated to include a "Technical Blog" link:

  • queenofsandiego.com: Link added to Ship's Papers dropdown pointing to tech.queenofsandiego.com
  • sailjada.com: Similar dropdown integration (where applicable)
  • dangerouscentaur.com: CNAME-based routing to dangerouscentaur tech blog
  • burialsatseasandiego.com: GoDaddy DNS CNAME pointing to tech.burialsatseasandiego.com

Navigation updates were deployed via CloudFront invalidation (path: /*) to ensure immediate visibility.

Key Architectural Decisions

  • Domain Separation: Each tech blog exists on its own subdomain with independent S3/CloudFront resources. This provides isolation, independent scaling, and clear responsibility boundaries.
  • Wildcard Certificates: Leveraging existing wildcard certs reduced operational overhead and certificate management complexity. New certs were only created when third-party DNS prevented wildcard routing.
  • Stop Hook Integration: Capturing data at session end ensures complete activity logs without manual intervention or missing events.
  • Credential Scrubbing: Multi-layered filtering (regex patterns + manual review) ensures published posts never leak secrets, even accidentally.
  • CloudFront Cache Strategy: Disabling caching for index.html while caching static assets ensures new blog posts appear immediately while maintaining performance.

Testing & Validation

The system was validated through:

  • Dry-run execution of tech_blog_init.py to verify AWS API calls without creating resources
  • HTTP access tests to all four tech blog domains (200 responses from CloudFront origins)
  • DNS propagation verification for all subdomains
  • Sample blog post generation from this session's transcript, with post visible at tech.queenofsandiego.com

What's Next

The system is now live and will begin capturing future sessions automatically. Planned enhancements include:

  • Expanding session data