Sail JADA — Engineering Log

Technical work on sailjada.com and the JADA booking systems

```html

Implementing Auto-Generated Technical Blog Infrastructure Across Four Domain Properties

Overview

This session established a comprehensive technical blogging system that automatically generates granular documentation of all development work across four properties: queenofsandiego.com, sailjada.com, dangerouscentaur.com, and burialsatseasandiego.com. The system captures detailed session transcripts, extracts technical activities, and publishes them to dedicated tech subdomains within minutes of work completion.

What Was Done

Core Infrastructure

  • Tech Blog Generator Pipeline: Created `/Users/cb/Documents/repos/tools/tech_blog_generator.py` to parse Claude session transcripts in JSONL format, extract tool-use entries, filter sensitive data (credentials, API keys, tokens), and generate detailed HTML blog posts
  • Infrastructure Initialization Script: Built `/Users/cb/Documents/repos/tools/tech_blog_init.py` to provision S3 buckets, CloudFront distributions, Route53 DNS records, and ACM certificates for each tech subdomain
  • Automation Hook: Wrote `/Users/cb/.claude/hooks/tech_blog_stop.sh` to trigger blog generation at the end of each Claude session, capturing the session transcript and publishing to the appropriate tech property
  • Post-Processing Validation: Created `/Users/cb/Documents/repos/tools/email_template_validator.py` and `/Users/cb/Documents/repos/tools/jada_unsubscribe_monitor.py` for related development work during the session

Domain-Specific Setup

  • tech.queenofsandiego.com: Deployed to S3 bucket with CloudFront distribution, leveraging existing wildcard certificate for `*.queenofsandiego.com` (Route53 hosted zone)
  • tech.sailjada.com: Deployed with separate S3 bucket and CloudFront distribution, using wildcard certificate for `*.sailjada.com` (Route53 hosted zone)
  • tech.dangerouscentaur.com: Integrated with existing wildcard CloudFront distribution (ID: E2Q4UU71SRNTMB) pointing to `dc-sites` S3 bucket, configured via Namecheap DNS
  • tech.burialsatseasandiego.com: Created dedicated S3 bucket and CloudFront distribution with new ACM certificate validation via GoDaddy DNS (existing nameserver for burialsatseasandiego.com)

Technical Architecture

Session Capture & Processing

Claude Code stores session transcripts in JSONL format at `~/.claude/projects/[project-path]/sessions/`. Each line represents a discrete event (user message, assistant response, or tool invocation). The tech blog generator:

  • Reads the session transcript from the hook's environment variable (`$CLAUDE_SESSION_FILE`)
  • Parses JSONL entries filtering for `tool_use` type entries
  • Extracts command invocations, file operations (reads/writes/edits), and API calls
  • Applies regex-based scrubbing to remove credentials: AWS access keys, secret keys, API tokens, passwords, email addresses in sensitive contexts, and database connection strings
  • Structures output into semantic sections: files modified, commands executed, infrastructure changes, architecture decisions

Static Site Deployment

Each tech subdomain follows identical infrastructure pattern:

  • Storage: S3 bucket with versioning enabled, static website hosting configured
  • Distribution: CloudFront distribution with Origin Access Identity (OAI) for secure S3 access, index.html default root object, .html and application/json cache behaviors
  • TLS: ACM certificates with DNS validation (CNAME records added to respective DNS providers)
  • DNS: Route53 CNAME records (for queenofsandiego.com and sailjada.com) or Namecheap/GoDaddy CNAME records (for dangerouscentaur and burialsatseasandiego)

Navigation Integration

Updated `/Users/cb/Documents/repos/sites/queenofsandiego.com/index.html` to add "Tech Blog" link in the Ship's Papers navigation dropdown menu. Similar updates applied to other site index files, ensuring users can discover technical documentation without leaving the main site.

Key Technical Decisions

Why Static Site Generation Over Database-Backed Blog

Static HTML generation provides several advantages: no server runtime required (CloudFront + S3 only), automatic versioning via S3 object versions, instant publishing without build processes, and zero operational overhead. Each blog post is an immutable artifact tied to a specific session transcript.

Why JSONL Session Format Over Manual Logging

Claude Code's native JSONL transcript format captures every interaction automatically—no manual log writing required. By hooking into the session lifecycle (via the `tech_blog_stop.sh` script), we eliminate the possibility of forgetting to document work. The granularity is automatic and comprehensive.

Why Separate S3 Buckets for Each Property

While dangerouscentaur reuses an existing wildcard CloudFront distribution for cost efficiency, queenofsandiego.com and sailjada.com each have dedicated buckets for cleaner separation of concerns, independent access logging, and potential future per-property analytics.

Credential Scrubbing Strategy

Rather than relying on developers to self-censor, the generator applies aggressive regex patterns to identify and redact:

  • AWS patterns: `AKIA*` (access keys), 40-char hex strings (secret keys)
  • Common API key patterns: `sk-*`, `pk-*`, tokens prefixed with provider names
  • Email addresses in credential contexts (password reset links, auth endpoints)
  • Full file paths containing credential filenames (e.g., `.aws/credentials`)

Infrastructure Details

Commands Executed

# Dry run validation
python3 /Users/cb/Documents/repos/tools/tech_blog_init.py --dry-run

# Production deployment for three sites
python3 /Users/cb/Documents/repos/tools/tech_blog_init.py

# Test blog generation on current session
python3 /Users/cb/Documents/repos/tools/tech_blog_generator.py \
  --session-file ~/.claude/projects/[project]/sessions/[transcript].jsonl \
  --output /tmp/test_post.html

# CloudFront cache invalidation after updates
aws cloudfront create-invalidation \
  --distribution-id E1ABCDEF2GHIJ \
  --paths "/*"

S3 Bucket Configuration

  • Versioning: Enabled on all tech blog buckets for post history
  • Block Public Access: Enabled; all access via CloudFront OAI
  • Lifecycle: Posts older than 180 days transitioned to GLACIER (optional cost optimization)
  • CORS: Not required (CloudFront handles cross-origin requests)

CloudFront Distributions

  • Origin: S3 bucket with Origin Access Identity
  • Default TTL: 300 seconds (5 minutes) for rapid iteration during development