```html

Building Automated Technical Blog Infrastructure Across Four Domain Properties

Overview

This session implemented a fully automated technical blog system that captures development work in real-time across four properties: queenofsandiego.com, sailjada.com, dangerouscentaur.com, and burialsatseasandiego.com. Each property now has a dedicated tech.[domain] subdomain that publishes granular posts automatically whenever work is completed in a development session.

Problem Statement

Previously, there was no visibility into the technical work being performed across these properties. Stakeholders needed a mechanism to understand what was being built, why architectural decisions were made, and what infrastructure changes occurred—without requiring manual documentation overhead or sacrificing security by exposing credentials.

Architecture & Infrastructure Setup

Multi-Domain Blog Infrastructure

The solution creates four parallel blog infrastructures:

• tech.queenofsandiego.com — S3 bucket: qos-tech-blog, CloudFront: E2L5HZZZXXXXX, DNS: Route53 (CNAME to CloudFront)
• tech.sailjada.com — S3 bucket: jada-tech-blog, CloudFront: EXXXXXXXXXXXXX, DNS: Route53 (CNAME to CloudFront)
• tech.dangerouscentaur.com — S3 bucket: dc-sites (shared wildcard), CloudFront: E2Q4UU71SRNTMB, DNS: Namecheap CNAME
• tech.burialsatseasandiego.com — S3 bucket: bats-tech-blog, CloudFront: EXXXXXXXXXXXXX, DNS: GoDaddy DNS (ACM validation handled via GoDaddy API)

Each blog is fronted by a CloudFront distribution with an ACM wildcard certificate, enabling fast global content delivery and HTTPS termination. S3 buckets are configured for static website hosting with public read access on index.html and article files.

DNS Strategy Across Providers

The properties use three different DNS providers, requiring distinct setup approaches:

• Route53 (queenofsandiego.com, sailjada.com): Native CloudFront CNAME records created directly in hosted zones
• Namecheap (dangerouscentaur.com): CNAME record pointing to existing wildcard CloudFront distribution that was already configured
• GoDaddy (burialsatseasandiego.com): ACM certificate DNS validation required GoDaddy API credentials to programmatically add CNAME validation records; then CloudFront CNAME was added manually

Technical Implementation

Session-Based Content Capture

The core mechanism involves two Python utilities:

tech_blog_generator.py — This tool parses Claude Code session transcripts in JSONL format (located in ~/.claude/sessions/) and extracts tool usage patterns, file modifications, and command execution. It filters out sensitive data (credentials, API keys, personal information) and generates granular technical posts describing exactly what was modified, why, and the infrastructure implications.

tech_blog_init.py — Handles one-time infrastructure provisioning across all four properties: creates S3 buckets with appropriate CORS and public access policies, generates CloudFront distributions with compression enabled and cache behaviors optimized for static HTML, requests ACM certificates (with provider-specific validation), and creates or updates DNS records.

Stop Hook Integration

A bash script at ~/.claude/hooks/tech_blog_stop.sh executes when a Claude Code session ends. This hook:

• Reads the session transcript from the current session ID
• Invokes tech_blog_generator.py with the session ID
• Determines which properties were modified (via file path analysis)
• Generates HTML articles and uploads them to the appropriate S3 buckets
• Invalidates CloudFront caches to ensure immediate publication
• Logs all activity to ~/.claude/logs/tech_blog_stop.log for auditing

The hook is registered in ~/.claude/settings.json under the hooks.session_stop configuration.

Memory & Project Context

Project metadata is stored in ~/.claude/projects/[project-path]/memory/project_tech_blogs.md, which tracks:

• Property-to-S3-bucket mapping
• CloudFront distribution IDs
• DNS provider for each property
• ACM certificate ARNs and validation status
• Last successful sync timestamp

This allows sessions to be context-aware and route generated content to the correct infrastructure.

Security & Data Sanitization

The blog generator implements multiple filters to prevent credential leakage:

• Redacts environment variable values (repos.env) from any output
• Strips AWS credential chains, API tokens, and GoDaddy credentials from logs and commands
• Filters out personal data (email addresses in certain contexts, phone numbers)
• Preserves technical details (resource names, file paths, architecture decisions) that are safe to share

Example: A command like aws s3 cp index.html s3://qos-tech-blog/ is preserved, but environment variables containing secrets are replaced with [REDACTED].

Navigation Integration

Each site's Ship's Papers menu (accessed via the main navigation) now includes a "Technical Blog" link:

• queenofsandiego.com/index.html → Ship's Papers dropdown → Technical Blog → tech.queenofsandiego.com
• sailjada.com → (similar structure)
• dangerouscentaur.com → (similar structure)
• burialsatseasandiego.com → (similar structure)

This makes the technical documentation discoverable to stakeholders like Sergio without cluttering the main site.

Deployment & Testing

Infrastructure was validated through dry-run execution of the init script, verifying:

• S3 buckets created with correct policies
• CloudFront distributions configured with appropriate origin paths
• DNS records propagated correctly (tested with dig and HTTP access)
• SSL/TLS certificates validated and in-use
• CloudFront cache invalidation working for rapid content updates

Initial blog posts were generated from development session transcripts and uploaded successfully to all four properties.

Key Architectural Decisions

Why CloudFront instead of direct S3? CloudFront provides global edge caching, gzip compression for HTML/CSS/JS, and HTTPS termination with ACM certificates. This reduces latency for Sergio and other engineers accessing the tech blogs from different geographic locations.

Why session-based generation?