The caskeycoding.com tech stack at a glance

This site is a Next.js static export on CloudFront, a small Python service on Lambda, a single DynamoDB table, an S3 content bucket, and two AI agents calling Anthropic directly. Everything is wired up with AWS CDK across four stacks split by deploy cadence — auth, agents, backend, frontend.

Here is the stack, layer by layer.

Frontend

• Next.js with static export, TypeScript, trailingSlash aligned with the edge rewrite
• Playwright for end-to-end tests
• Lighthouse CI for performance budgets

Edge / CDN

• CloudFront distribution fronting a private S3 site bucket via origin access, HTTPS-only
• CloudFront Functions at viewer-request for extensionless URI rewrites and one retired-slug 301
• Route53 hosted zone with apex / www aliases plus Google Workspace MX, SPF, and DMARC (p=quarantine)
• ACM for the TLS certificate

API & compute

• Amazon API Gateway for the dynamic surface
• AWS Lambda (Python) for the blog handler, the public demo handlers, the agent API, and the long-running orchestrator
• AWS WAF with regional, per-route rate rules on the unauthenticated /public/* endpoints

Data

• Amazon DynamoDB — single-table design, postId + type keys, post and agent_task items
• Amazon S3 — transparent content offload at 2KB so DynamoDB items stay small and read-cheap

Auth

• Amazon Cognito user pool, shared via cross-stack reference to the backend

AI / LLM

• Anthropic API (direct, official Python SDK) as the primary path
  • Sonnet 4.6 — workhorse: generation, polish, tool loops
  • Opus 4.7 — synthesis and multi-source reasoning
  • Haiku 4.5 — routing, classification, eval-judge
• Amazon Bedrock — fallback only, via a cross-region inference profile, with a Discord webhook alert when it engages
• Shared client (anthropic_client.py) owns retries, fallback, secrets, and cost accounting; agents stay thin

Secrets & config

• AWS Secrets Manager for the Anthropic API key — no env-var secrets in prod
• AWS Systems Manager / CDK context for non-secret config

Observability

• Amazon CloudWatch logs, metrics, and alarms (5xx on the static path → SNS topic)
• Amazon SNS for paging
• Discord webhooks for human-in-the-loop alerts (LLM fallback, eval drift)
• Structured llm_call JSON logs — full payloads only in non-prod; prod carries metadata plus a prompt_sha256

Testing & CI

• pytest for the Python service
• Replay / eval harness — YAML cases with cached completions, runs on every PR with no API spend; a --live mode for capturing new fixtures
• CI pricing check — fails the build if the in-repo per-model pricing table is older than 90 days

Infrastructure as code

• AWS CDK (TypeScript), four stacks split by blast radius:
  • AuthStack — Cognito
  • AgentStack — agent and orchestrator Lambdas, Bedrock IAM
  • BackendStack — API Gateway, blog Lambda, DynamoDB, S3 content bucket
  • FrontendStack — CloudFront, site bucket, Route53, ACM

The specs that drive this site — including the architecture decisions behind each of these choices — are public in the specs demo repo.