Queen of San Diego — Tech Blog

Under the hood at queenofsandiego.com

```html

Building a Multi-Stakeholder Reporting Framework: Executive Intelligence Across Four Charter & Services Entities

Over the past development cycle, we implemented a comprehensive executive reporting system designed to surface critical business intelligence across our four operating entities (JADA, QueenofSanDiego, QuickDumpNow, and DangerousCentaur) plus three supporting infrastructure projects. The challenge: create a structured assessment methodology that distills operational reality into actionable intelligence for five distinct C-suite personas, each with radically different priorities and blind spots.

What Was Built

A Python-based reporting pipeline (/Users/cb/Documents/repos/tools/send_exec_reports.py) that synthesizes data from multiple project handoff documents, environment configurations, and deployed Lambda functions to generate persona-specific executive summaries. Each report is authored from a specific viewpoint:

  • CEO Report: Asset inventory, revenue leaks, organizational risk vectors, KPI gaps, and 30-day priority cascade
  • CTO Report: Technology stack audit, security hardening gaps, cost optimization opportunities, developer experience friction, and CI/CD maturity assessment
  • CFO Report: Burn rate modeling, capital allocation framework, break-even sensitivity analysis, and revenue target mapping through Q4 2026
  • CMO Report: Channel capacity analysis, blast campaign ROI modeling, OTA sequencing strategy, and 30/60/90-day milestone structure
  • Accounting Officer Report: Revenue recognition gaps, chart of accounts audit, expense categorization, accounting system requirements, and Q1 2027 profitability roadmap

Three additional reports were generated for specialized stakeholder needs: a dedicated rental property assessment (3028 51st St), an Expert Yacht Delivery operational audit, and a DangerousCentaur client portfolio billing integrity review.

Technical Implementation

Data Collection Architecture

The reporting system reads from two primary sources:

  • Project handoff documents at /Users/cb/Documents/repos/agent_handoffs/projects/ — structured Markdown files containing current state, known gaps, dependencies, and resource inventory for each entity
  • Environment configuration from repos.env — verified SES sender addresses, AWS region targets, and deployment metadata
  • Deployed Lambda functions — inspected via AWS CLI to determine authentication patterns, environment variables (safe keys only), and endpoint structure
  • Frontend assets — parsed HTML templates to identify feature completeness, UX gaps, and integration points

The script validates SES configuration before attempting delivery:

aws ses list-verified-email-addresses --region us-west-2
# Confirms admin@queenofsandiego.com is a verified sender

Report Generation Pipeline

Rather than hard-coding report content, the system synthesizes findings from a structured analysis of each entity:

  • Asset mapping: What infrastructure, personnel, and intellectual property exists?
  • Process audit: What workflows are automated, manual, missing, or broken?
  • Gap identification: What capability or information is absent that creates business risk?
  • Persona synthesis: How would this specific stakeholder prioritize these gaps given their domain expertise?

For example, the CTO report identifies six security hardening priorities:

  • Hardcoded Stripe API keys in application code (requires environment variable extraction)
  • Plaintext repos.env in version control (requires secrets rotation and secure vaults)
  • Unauthenticated GAS endpoints (requires JWT validation layer)
  • Missing WAF configuration on CloudFront distributions (requires AWS WAF rule deployment)
  • No rate limiting on public Lambda endpoints (requires API Gateway throttling policies)
  • Plaintext password storage in DynamoDB (requires encryption-at-rest and field-level encryption)

Infrastructure Context

The reports reference specific AWS resources without exposing credentials:

  • Lambda functions: shipcaptaincrew (Ship Captain Crew events platform), with multiple revisions tracked across development iterations
  • S3 buckets: Frontend assets deployed to domain-specific buckets with CloudFront distribution invalidation
  • CloudFront distributions: Referenced by distribution ID for cache invalidation after frontend deploys
  • DynamoDB tables: Events, checklists, user profiles, and role assignments stored with proper indexing for query patterns
  • SES configuration: Email delivery for transactional (magic links, waivers) and marketing (executive reports) use cases
  • EventBridge rules: Cron-based nudge notifications (e.g., ptb_nudge rule for event reminders)
  • Route53: DNS configuration for queenofsandiego.com and subsidiary domains

Key Design Decisions

Why Persona-Driven Reports

A single "executive summary" fails because a CEO, CTO, CFO, and CMO operate on different data and optimization targets. The CEO wants asset utilization and revenue leaks. The CTO wants technical debt quantified in user-facing impact. The CFO wants cash flow timing and sensitivity models. By authoring each report from a specific viewpoint, we ensure each stakeholder receives intelligence they can act on immediately, rather than generic status information.

Why Multiple Data Sources

Handoff documents contain high-level strategic context. Environment configs reveal infrastructure decisions. Lambda inspection shows current implementation patterns. Frontend code shows what users actually see. No single source tells the complete story; triangulation across all four provides confidence in findings.

Why Email Delivery via SES

SES is already deployed for transactional emails (magic link authentication, waiver delivery). Reusing the verified sender infrastructure reduces operational overhead and ensures delivery reliability. The script validates sender verification before attempting sends, preventing silent delivery failures.

Execution & Validation

All eight reports were generated and delivered to c.b.ladd@gmail.com with admin@queenofsandiego.com in BCC. The sending process included:

  • SES variable validation from repos.env
  • Syntax check on Python script before execution
  • Verification of email address format and domain verification status
  • Delivery confirmation via SES response codes

Each report includes specific, actionable findings rather than abstract recommendations. For instance, the CMO report quantifies the opportunity: a 3,676-person email blast has modeled potential upside of $10K–50K in concert bookings if deployed to warm audience segments.

What's Next

These reports form the foundation for prioritization across the portfolio:

  • Security hardening: JWT validation on GAS endpoints, environment variable extraction for API keys, WAF deployment on CloudFront
  • Revenue infrastructure: OTA integration sequencing (Sailo → GetMyBoat → Viator/GYG), accounting system implementation, revenue tracking dashboard
  • Cost optimization: Reserved instance evaluation (~$25/month savings identified), Lambda memory right-sizing, CloudFront cache optimization
  • Developer