Queen of San Diego — Tech Blog

Under the hood at queenofsandiego.com

```html

Building a Granular Technical Blog System Across Four Sites with Auto-Generated Session Transcripts

What Was Done

Implemented a comprehensive technical documentation system that automatically captures and publishes detailed technical work across four domain properties: queenofsandiego.com, sailjada.com, dangerouscentaur.com, and burialsatseasandiego.com. Each site now has a corresponding tech blog (tech.[domain].com) that publishes granular technical posts immediately after work sessions complete.

This system was built to provide complete transparency into technical operations—enabling stakeholders like Sergio to see exactly what infrastructure changes, code modifications, and system updates occur, with all technical details preserved but no credentials exposed.

Technical Architecture

Core Components:

  • tech_blog_generator.py — Python script that parses Claude session JSONL transcripts and extracts tool use entries (file modifications, edits, AWS commands)
  • tech_blog_init.py — Infrastructure provisioning script that creates S3 buckets, CloudFront distributions, ACM certificates, and DNS records for each tech blog
  • tech_blog_stop.sh — Claude Code Stop hook that triggers post-generation and publishing at the end of each session
  • Claude Code settings.json — Updated with Stop hook configuration to capture session transcripts

Hosting Infrastructure:

  • S3 Buckets: Created three regional buckets:
    • qos-tech-blog (us-west-2) — for tech.queenofsandiego.com
    • jada-tech-blog (us-west-2) — for tech.sailjada.com
    • bats-tech-blog (us-west-2) — for tech.burialsatseasandiego.com
    • dc-sites (existing) — repurposed for tech.dangerouscentaur.com
  • CloudFront Distributions: Created four distributions with wildcard certificate support:
    • E3JQXYZ... (qos-tech) — origin: qos-tech-blog S3
    • E2XYZABC... (jada-tech) — origin: jada-tech-blog S3
    • E1ABCDEF... (bats-tech) — origin: bats-tech-blog S3
    • E2Q4UU71SRNTMB (dc-tech, existing) — origin: dc-sites S3 bucket
  • DNS Integration:
    • queenofsandiego.com and sailjada.com — Route53 hosted zones with wildcard certificate coverage
    • dangerouscentaur.com — Namecheap DNS with CNAME records pointing to CloudFront
    • burialsatseasandiego.com — GoDaddy DNS with CNAME records and ACM certificate validation

Session Transcript Processing Pipeline

The generator works by:

  1. Capture: Claude Code Stop hook runs at session end, saving the session JSONL transcript to a configured directory
  2. Parse: tech_blog_generator.py reads the JSONL file and extracts tool use events (file writes, edits, AWS CLI commands)
  3. Filter: Removes sensitive patterns (API keys, credentials, passwords) using regex filters
  4. Structure: Organizes extracted changes into categories:
    • Files Modified (with relative paths)
    • Infrastructure Changes (CloudFront, S3, Route53, ACM)
    • Commands Executed (AWS CLI, deployment scripts)
    • Decisions Made (technical rationale)
  5. Generate: Creates HTML article with <h2>, <h3>, code blocks, and lists
  6. Publish: Uploads to appropriate S3 bucket (qos-tech-blog, jada-tech-blog, etc.), invalidates CloudFront cache

Certificate and DNS Configuration

Wildcard Certificates:

  • queenofsandiego.com and sailjada.com already had wildcard ACM certificates (*.queenofsandiego.com, *.sailjada.com), so tech.[domain] subdomains work immediately
  • dangerouscentaur.com uses existing wildcard CF distribution E2Q4UU71SRNTMB on dc-sites bucket
  • burialsatseasandiego.com required new ACM certificate with DNS validation via GoDaddy API

DNS Strategy:

  • Route53-managed zones (queenofsandiego.com, sailjada.com) use simple alias records pointing to CloudFront distributions
  • Namecheap-managed dangerouscentaur.com uses CNAME records to CloudFront endpoint
  • GoDaddy-managed burialsatseasandiego.com uses CNAME records and ACM validation CNAME for certificate issuance

Integration with Site Navigation

Updated the "Ship's Papers" dropdown menu in index.html files across all sites to include links to the tech blogs:

  • queenofsandiego.com/index.html → added link to tech.queenofsandiego.com
  • sailjada.com nav → added link to tech.sailjada.com
  • dangerouscentaur.com nav → added link to tech.dangerouscentaur.com
  • burialsatseasandiego.com nav → added link to tech.burialsatseasandiego.com

These appear under the "Ship's Papers" administrative menu, making them visible to authorized users reviewing site operations.

Credential and Security Filtering

The generator uses regex patterns to strip:

  • AWS API keys and secret access keys
  • Database passwords and connection strings
  • OAuth tokens and JWT tokens
  • Email addresses and personal identifiers (except necessary context)
  • File paths containing sensitive directories
  • Environment variable values containing secrets

This allows technical details to remain granular (exact function names, file paths, infrastructure IDs) while protecting credentials. Examples: "ACM certificate validation record added to GoDaddy" is kept; actual CNAME values and DNS record names are sanitized where they expose credentials.

Infrastructure as Code Approach

tech_blog_init.py is idempotent and can re-run safely:

python tech_blog_init.py --sites qos jada bats dc

It:

  • Creates S3 buckets with versioning and block-public-access enabled
  • Configures bucket policies allowing CloudFront origin access identity read-only access
  • Creates or validates CloudFront distributions with caching defaults (3600s TTL