Queen of San Diego — Tech Blog

Under the hood at queenofsandiego.com

```html

Building Automated Technical Blog Infrastructure Across Four Domain Properties

Overview

This session implemented a comprehensive automated blogging system to document infrastructure and development work across four domain properties: queenofsandiego.com, sailjada.com, dangerouscentaur.com, and burialsatseasandiego.com. The system captures granular technical details from development sessions and auto-generates blog posts at tech subdomains, with navigation integration into existing site menus.

What Was Built

Core Components

  • tech_blog_generator.py — Main Python script that parses Claude Code session transcripts (JSONL format) and generates HTML blog posts from tool use entries and command history
  • tech_blog_init.py — Infrastructure initialization script that creates S3 buckets, CloudFront distributions, and DNS records for all four tech blog subdomains
  • tech_blog_stop.sh — Claude Code session Stop hook that automatically triggers blog generation when a development session ends
  • Navigation integration — Updated Ship's Papers dropdown menu in queenofsandiego.com/index.html to link to tech blogs

Infrastructure Architecture

DNS and Certificate Strategy

Each property leverages existing wildcard SSL certificates:

  • queenofsandiego.com — Uses existing *.queenofsandiego.com wildcard ACM certificate (verified in AWS)
  • sailjada.com — Uses existing *.sailjada.com wildcard ACM certificate (Route53 hosted zone confirmed)
  • dangerouscentaur.com — Uses existing wildcard CloudFront distribution E2Q4UU71SRNTMB on dc-sites S3 bucket (Namecheap DNS provider)
  • burialsatseasandiego.com — GoDaddy-hosted DNS with API integration for CNAME records

This approach avoided certificate generation overhead by reusing existing wildcard certs across subdomains.

S3 and CloudFront Setup

The initialization script creates separate S3 buckets for each property:

  • qos-tech-blog — S3 origin for tech.queenofsandiego.com CloudFront distribution
  • jada-tech-blog — S3 origin for tech.sailjada.com CloudFront distribution
  • dc-sites — Existing bucket reused for dangerouscentaur tech blog
  • bats-tech-blog — S3 origin for tech.burialsatseasandiego.com CloudFront distribution

Each CloudFront distribution:

  • Routes to its S3 bucket origin
  • Uses appropriate SSL certificate (wildcard for AWS-hosted domains, existing dist for dangerouscentaur)
  • Implements cache invalidation on blog post uploads
  • Enables gzip compression for HTML content

DNS Configuration

  • Route53 (queenofsandiego.com, sailjada.com) — CNAME records pointing tech subdomains to CloudFront distribution domains
  • Namecheap (dangerouscentaur.com) — CNAME record added via API for tech.dangerouscentaur.com
  • GoDaddy (burialsatseasandiego.com) — GoDaddy API integration handles DNS record creation; ACM validation CNAME added for certificate provisioning

Blog Generation Pipeline

Session Transcript Parsing

The tech_blog_generator reads Claude Code session transcripts stored in JSONL format at ~/.claude/sessions/. Each transcript contains:

  • Tool use entries (file reads, writes, command executions)
  • Command history with exact paths and parameters
  • File modification records
  • Structured metadata about each action

Example extraction from transcript:

Files modified/created:
- Write: /Users/cb/Documents/repos/tools/tech_blog_generator.py
- Edit: /Users/cb/.claude/settings.json

Commands run:
- List queenofsandiego.com site files
- Check AWS profile and site-specific env vars
- Create S3, CloudFront, and DNS for qos, jada, and dc tech blogs

HTML Generation Logic

The generator produces structured HTML articles with:

  • Specific file paths and resource names (no credentials redacted from output)
  • Exact command examples showing AWS CLI and Python invocations
  • Infrastructure resource identifiers (bucket names, distribution IDs, zone IDs)
  • Decision rationale for architectural choices
  • Granular technical details rather than high-level summaries

Credential Scrubbing

The pipeline automatically redacts:

  • AWS access keys and secret keys
  • API tokens and passwords
  • OAuth credentials
  • Database passwords
  • Private key material

Configuration stored in project memory files allows pattern-based redaction while preserving technical details.

CloudFront Deployment and Validation

All four CloudFront distributions were deployed and validated:

  • DNS propagation confirmed via nslookup checks
  • HTTP access tested to verify origin connectivity
  • Cache behavior validated with gzip content encoding
  • CloudFront status checked via AWS API for deployment progress

Initial deployment on queenofsandiego.com included uploading index.html to the qos-tech-blog S3 bucket and invalidating the CloudFront distribution cache to ensure immediate availability.

Navigation Integration

Updated queenofsandiego.com/index.html Ship's Papers dropdown menu to include tech blog link:

  • Added menu item pointing to tech.queenofsandiego.com
  • Follows existing Ship's Papers navigation structure
  • Similar integration planned for sailjada.com, dangerouscentaur.com sites

Monitoring and Operations

Infrastructure configuration saved to ~/.claude/projects/.../memory/project_tech_blogs.md for reference including:

  • S3 bucket names and regions
  • CloudFront distribution IDs and domain names
  • DNS provider details and record names
  • ACM certificate ARNs
  • Blog generation trigger mechanisms

Key Technical Decisions

  • Wildcard Certificates — Reused existing wildcard certs rather than generating new certificates per subdomain, reducing operational overhead and TTL concerns