Queen of San Diego — Tech Blog

Under the hood at queenofsandiego.com

```html

Building a Multi-Domain Executive Reporting System: Architecture, Deployment, and Operational Insights

Over the past development session, we built and deployed a comprehensive executive reporting infrastructure across four distinct business entities (JADA, QueenofSanDiego, QuickDumpNow, DangerousCentaur) and three ancillary domains (3028 51st St Rental, Expert Yacht Delivery, DangerousCentaur Client Portfolio). This post details the technical architecture, deployment patterns, and operational decisions that enable real-time C-suite visibility across a complex, multi-domain portfolio.

What Was Built

The reporting system consists of eight specialized executive reports, each tailored to a specific stakeholder perspective:

  • CEO Report: Asset inventory, revenue gaps, equity risks, and 30-day operational priorities
  • CTO Report: Stack audits, security hardening, cost optimization, and engineering roadmap
  • Accounting Report: Revenue recognition, chart of accounts, and path to profitability
  • CMO Report: Channel strategy, OTA sequencing, and marketing milestone framework
  • CFO Report: Burn rate modeling, capital deployment tiers, and monthly revenue targets
  • 3028 51st St Rental Analysis: Asset-specific revenue potential and operational framework
  • Expert Yacht Delivery Report: Logistics infrastructure and partner ecosystem audit
  • DangerousCentaur Client Portfolio Audit: Billing model gaps and revenue tracking deficiencies

Infrastructure: SES-Based Report Distribution

Reports are generated and distributed via AWS SES (Simple Email Service), with sender verification configured at admin@queenofsandiego.com. The distribution pipeline is implemented across two Python scripts:

  • /Users/cb/Documents/repos/tools/send_exec_reports.py — Primary report generator and dispatcher
  • /Users/cb/Documents/repos/tools/send_exec_reports_2.py — Secondary variant with report-specific customizations

Both scripts read SES credentials and configuration from repos.env, which is gitignored and never committed. The scripts perform credential validation before attempting to send, checking for:

  • AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables
  • SES_SENDER_ADDRESS validation (verified identity in SES)
  • Recipient email list integrity

Reports are sent via the Boto3 SES client, using the send_email() method with HTML MIME type for rich formatting. The recipient list defaults to c.b.ladd@gmail.com with BCC to admin@queenofsandiego.com for audit trail purposes.

Report Generation: Content Strategy and Data Sources

Each report synthesizes data from multiple sources to provide executive-grade insight:

  • Project Handoff Wiki: /Users/cb/Documents/repos/agent_handoffs/projects/ contains detailed project state for all four primary entities. The wiki includes financial projections, operational notes, and current blockers.
  • Lambda Function Source: /Users/cb/Documents/repos/sites/queenofsandiego.com/tools/shipcaptaincrew/lambda_function.py is audited for security hardening opportunities, endpoint coverage, and authentication gaps.
  • Frontend State: /Users/cb/Documents/repos/sites/queenofsandiego.com/tools/shipcaptaincrew/frontend/index.html is analyzed for UX maturity, feature completeness, and user-facing gaps.
  • Email Infrastructure: SES receipt rules and verified sender identities are enumerated to identify integration opportunities.

The CTO report, in particular, performs a stack-by-stack audit:

  • JADA: Event booking system with JWT authentication, DynamoDB event/user/checklist tables, Lambda API layer, S3-hosted frontend with CloudFront CDN
  • QueenofSanDiego: Yacht charter operations platform with same architectural pattern, plus multi-event scheduling and crew role management
  • QuickDumpNow: Service request fulfillment system lacking clear revenue model and funnel instrumentation
  • DangerousCentaur: Client portfolio management with no billing integration

Key Technical Decisions

Why SES instead of transactional email services? AWS SES is cost-effective at scale (~$0.10 per 1,000 emails), integrates natively with our existing AWS infrastructure, and provides DKIM/SPF signing for deliverability. For internal executive distribution, the trade-off of lower feature richness (vs. SendGrid or Mailgun) is acceptable.

Why separate scripts for reports? The first script establishes a standard pattern; the second allows for domain-specific customization without branching. This maintains a single source of truth for SES configuration while permitting report-specific templates and recipient lists.

Why eight reports instead of one unified executive dashboard? Each stakeholder has fundamentally different information needs. A CEO prioritizes cash runway and market validation. A CTO prioritizes architectural debt and security posture. A CFO prioritizes unit economics and cash flow timing. Separate reports eliminate cognitive load and enable action-specific recommendations without dilution.

Operational Insights from Report Findings

The reporting infrastructure revealed several critical architectural gaps across the portfolio:

  • Security Hardening Required: Hardcoded Stripe keys exist in source code; plaintext environment files are committed to repos; GAS endpoints lack authentication; no WAF deployed on CloudFront distributions.
  • Cost Optimization Opportunity: Current AWS bill runs $50–84/month. CloudFront caching policies can be tightened; Lambda reserved capacity is underutilized; unused RDS instances identified. ~$25/month in savings are immediately available.
  • Revenue Recognition Gaps: No unified accounting system. Revenue is not recorded in real-time. Chart of accounts missing critical categories (customer acquisition, fulfillment, crew overhead). Path to profitability requires 6 charters/month minimum; current pipeline is zero.
  • Marketing Channel Gaps: OTA (Online Travel Agency) presence is zero. JADA has 3,676 users but no email blast capability. Sailo, GetMyBoat, Airbnb Experiences, and Viator represent untapped distribution. QDN has no SEO presence for local service queries.
  • Product UX Gaps: No availability calendar visible to customers. No real-time analytics on any domain. Tier descriptions on JADA are stale. Event notifications lack send-time optimization.

What's Next

The reporting infrastructure is now operational and scheduled to run on a monthly cadence. The next phase involves operationalizing the findings:

  • Security Sprint (Week 1–2): Rotate Stripe keys from environment variables to AWS Secrets Manager; implement .gitignore audit; deploy WAF rules; add request validation to GAS endpoints.
  • Cost Optimization (Week 2–3): Implement Lambda reserved capacity for JADA and QOS; tighten CloudFront cache behaviors; identify and remove unused infrastructure.