```html

Building Auto-Generated Technical Blog Infrastructure Across Four Sailing Company Domains

What Was Done

Created a fully automated technical blog generation system that captures detailed development work across four domains (queenofsandiego.com, sailjada.com, dangerouscentaur.com, and burialsatseasandiego.com) and publishes it to dedicated tech subdomains. The system automatically parses Claude Code development session transcripts, generates granular technical posts, and deploys them via CloudFront CDN with zero manual intervention.

Technical Details: Architecture Overview

The system consists of three core components:

• Session Capture Hook: Placed at /Users/cb/.claude/hooks/tech_blog_stop.sh, executes when a Claude Code session ends
• Blog Generator: Python script at /Users/cb/Documents/repos/tools/tech_blog_generator.py parses session transcripts and creates HTML posts
• Infrastructure Init: Python script at /Users/cb/Documents/repos/tools/tech_blog_init.py provisions S3 buckets, CloudFront distributions, ACM certificates, and DNS records

Infrastructure Provisioning

The initialization script created infrastructure for all four tech blogs:

• S3 Buckets: Created four regional S3 buckets named tech-qos-blog, tech-jada-blog, tech-dc-blog, and tech-bats-blog with versioning and public read-only ACL on HTML objects
• CloudFront Distributions: Deployed four CloudFront distributions pointing to respective S3 origins, with HTTP-to-HTTPS redirect and index.html as default root object
• ACM Certificates: For subdomains under queenofsandiego.com and sailjada.com, leveraged existing wildcard certificates (*.queenofsandiego.com and *.sailjada.com)
• DNS Configuration: For queenofsandiego.com and sailjada.com, created Route53 aliases pointing CloudFront distributions to subdomain CNAME records. For dangerouscentaur.com, updated Namecheap DNS with CloudFront CNAME. For burialsatseasandiego.com (GoDaddy-hosted), added DNS validation CNAME for new ACM certificate and configured domain CNAME record

Session Transcript Parsing

The blog generator processes Claude Code session transcripts (stored as JSONL files in /Users/cb/.claude/projects) by:

• Extracting file modifications and tool commands from session entries
• Categorizing changes by domain (identifying which site was worked on)
• Building granular narrative from file paths, command names, and reasoning notes
• Generating HTML post with specific technical details: exact file paths, S3 bucket names, CloudFront distribution IDs, Route53 hosted zone IDs
• Sanitizing all credentials, API keys, tokens, and passwords from output

Content Filtering and Credential Sanitization

The generator implements multi-layer sanitization to prevent credential leakage:

• Pattern-based redaction for AWS access keys, API tokens, secret keys, and private keys
• Removal of sensitive file paths (e.g., paths containing "credentials", "secrets", ".env" files with values)
• Exclusion of specific files: reference_godaddy_credentials.md, repos.env, and any files in ~/.aws/
• Command argument sanitization for tools requiring credentials
• Personal data filtering: email addresses, phone numbers, and names not relevant to technical context

Navigation Integration

Updated the "Ship's Papers" menu on queenofsandiego.com's main navigation to include a "Tech Blog" link. This menu dropdown is defined in the site's main index.html and now provides easy access to the technical blog for stakeholders like Sergio who want visibility into development work.

Deployment Pipeline

When a session ends:

1. Stop hook script executes automatically
2. Blog generator reads the session transcript from Claude's local storage
3. Generator parses file modifications, commands, and reasoning
4. HTML post is generated with granular technical detail
5. Post is uploaded to appropriate S3 bucket with unique timestamp-based filename
6. CloudFront cache is invalidated via distribution ID
7. Post becomes visible at tech.[domain].com within seconds (CloudFront TTL ~60 seconds)

Key Decisions and Rationale

Why S3 + CloudFront instead of traditional blog platform: The sites are already deployed via CloudFront from S3, so this approach maintains architectural consistency, leverages existing wildcard certificates, and provides sub-second performance. No additional infrastructure to maintain.

Why automatic session hooks instead of manual logging: Manual documentation gets skipped or loses detail. By hooking into the development workflow itself, every session automatically generates a post. The granularity comes from the session transcript itself, which already contains file paths, command names, and reasoning notes.

Why redirect sensitive files in sanitization: Rather than attempt to identify every possible credential format (which would be error-prone), the generator excludes known sensitive paths entirely. This prevents accidental leakage of files like reference_godaddy_credentials.md that might contain structured secrets.

Why domain-specific blogs instead of a single tech blog: Each domain (Queen of San Diego, Sail Jada, Dangerous Centaur, Burials at Sea) serves different audiences. Sergio may want to see Queen of San Diego development specifically. Domain-specific blogs allow targeted visibility.

Infrastructure Resource Summary

• S3 Buckets: 4 total across us-east-1 and us-west-2 (depending on domain primary region)
• CloudFront Distributions: 4 distributions with minimum cache TTL 60 seconds, HTTP-to-HTTPS redirect enabled
• ACM Certificates: Leveraged existing *.queenofsandiego.com and *.sailjada.com wildcards; created new certificates for tech.dangerouscentaur.com and tech.burialsatseasandiego.com
• Route53 Hosted Zones: Updated zones for queenofsandiego.com (Z2O4QNAD3IBKKH) and sailjada.com (Z0K0FBPM2WDGDL5H3KB3) with new A record aliases
• External DNS (Namecheap, GoDaddy): dangerouscentaur.com and burialsatseasandiego.com CNAME records configured

What's Next

• Monitor initial post generation from real sessions to validate sanitization effectiveness
• Add CSS styling to match main domain themes