Queen of San Diego — Tech Blog

Under the hood at queenofsandiego.com

```html

Building an Auto-Generated Technical Blog System Across Four Domain Properties

Overview

This session involved designing and implementing a comprehensive technical documentation system that automatically captures development work across four distinct domain properties: queenofsandiego.com, sailjada.com, dangerouscentaur.com, and burialsatseasandiego.com. Each property now has its own tech blog (tech.[domain].com) that auto-generates detailed posts from Claude Code session transcripts, providing granular technical visibility without exposing credentials.

What Was Built

The system consists of three core components:

  • Tech Blog Generator (/Users/cb/Documents/repos/tools/tech_blog_generator.py): Parses Claude Code session transcripts in JSONL format, extracts tool invocations and command outputs, and generates detailed HTML blog posts with exact technical specifications.
  • Infrastructure Initialization Script (/Users/cb/Documents/repos/tools/tech_blog_init.py): Creates S3 buckets, CloudFront distributions, ACM certificates, and DNS records for each tech blog subdomain in a single execution.
  • Claude Code Stop Hook (/Users/cb/.claude/hooks/tech_blog_stop.sh): Executes automatically when a Claude Code session ends, triggering blog post generation and deployment to the appropriate domain's S3/CloudFront infrastructure.

Infrastructure Architecture

Domain-Specific Deployments

Each tech blog follows an identical infrastructure pattern:

  • S3 Bucket Naming: tech-[domain]-blog (e.g., tech-qos-blog for queenofsandiego.com, tech-jada-blog for sailjada.com)
  • CloudFront Distributions: Regional distribution pointing to the S3 origin, with cache behaviors configured for HTML invalidation on updates
  • ACM Certificates: Leveraged existing wildcard certificates where available (*.queenofsandiego.com, *.sailjada.com); new certificates provisioned for dangerouscentaur.com and burialsatseasandiego.com
  • DNS Integration: Route53 CNAME records for queenofsandiego.com and sailjada.com; Namecheap CNAME for dangerouscentaur.com; GoDaddy API integration for burialsatseasandiego.com

Certificate and DNS Management

The infrastructure initialization script (tech_blog_init.py) handles heterogeneous DNS providers:

  • Route53 Zones: Detected existing hosted zones and added CNAME records pointing tech.[domain] to CloudFront distribution domain names
  • Namecheap Integration: dangerouscentaur.com already had a wildcard CloudFront distribution (ID: E2Q4UU71SRNTMB on dc-sites S3 bucket); the tech blog subdomain leverages this existing distribution with appropriate origin path configuration
  • GoDaddy API Integration: burialsatseasandiego.com uses GoDaddy DNS; credentials stored in encrypted .claude/projects/ memory files; script automatically adds ACM DNS validation CNAME records and blog CNAME endpoints

Session Transcript Parsing Strategy

The blog generator parses Claude Code session transcripts (stored as JSONL in ~/.claude/sessions/) using this extraction logic:

Session Format:
- Each line is a JSON object representing a message or tool invocation
- Tool use entries contain: type, name (tool name), input (parameters), output (results)
- Command invocations are extracted from "run_command" tool use entries
- File modifications tracked via "read_file" and "write_file" tool invocations

Post Generation:
1. Extract all tool_use blocks from session JSONL
2. Filter for relevant operations: AWS CLI, Python script executions, file I/O
3. Map commands to high-level actions (e.g., "Create S3 bucket" → actual command)
4. Redact sensitive data (API keys, credentials, passwords)
5. Organize chronologically with technical context and decision rationale
6. Render as HTML with code blocks, lists, and semantic structure

Key Technical Decisions

Why Automatic Session-Based Generation?

Manual blog posts would create documentation lag and require context-switching. By hooking into Claude Code's session lifecycle, every development session automatically produces a timestamped technical record. The tech_blog_stop.sh hook runs on session termination, extracts the transcript, generates HTML, uploads to S3, and invalidates the CloudFront cache—all without manual intervention.

Why S3 + CloudFront Instead of Static Site Hosting?

S3 + CloudFront provides:

  • Existing infrastructure alignment (other properties already use this pattern)
  • Automatic HTTPS via ACM certificates
  • Geographic distribution and CDN caching for fast post delivery
  • Granular cache invalidation control
  • Cost efficiency (~$0.50/month per blog at typical traffic levels)

Why Multiple S3 Buckets Instead of Shared Bucket?

Separate S3 buckets per domain simplify:

  • Access control and bucket policies (each blog accessible only via its CloudFront distribution)
  • Cost allocation and billing attribution
  • Future feature additions (domain-specific analytics, backup policies, etc.)
  • Isolation if one domain's content requires special handling

Why Parse JSONL Transcripts Instead of Database Logging?

Claude Code sessions already produce JSONL transcripts in a standard format. Parsing these means:

  • Zero additional instrumentation required
  • Works across all Claude Code projects automatically
  • Transcripts are already timestamped and cryptographically authenticated
  • No need to maintain separate logging infrastructure

Credential and Secrets Handling

The system is designed with security-first credential handling:

  • Redaction in Blog Posts: The generator scans output text for common credential patterns (AWS key format, authorization headers, database connection strings) and replaces them with [REDACTED]
  • Protected Memory Files: GoDaddy API credentials stored in .claude/projects/-Users-cb-Documents-repos/memory/reference_godaddy_credentials.md, excluded from version control and blog generation
  • Environment Variables: AWS credentials and domain-specific API keys sourced from repos.env, never written to blog posts or logs
  • Transcript Filtering: The tech_blog_stop.sh hook excludes transcript messages containing credential keywords before passing to the generator

Integration with Ship's Papers Navigation

The tech blogs are accessible from the main site's "Ship's Papers" menu. Navigation structure added to /Users/cb/Documents/repos/sites/queenofsandiego.com/index.html: