Subcategory: Laravel
Subcategory
A subcategory is a narrower topic lane. These pages share subcategory: laravel.
CodeCanyon
- Laravel/CodeCanyon collection
Everything for running a CodeCanyon Laravel app — five workflows from first setup to emergency hotfix, plus concepts, cheat sheets, templates, and kits.
- 1 · Concepts & admin model playbook
Separate the in-app superadmin from the three-tier ops model, adopt the inspect-then-configure pattern that makes this phase work on any CodeCanyon app, and learn the Playwright + Livewire traps before you touch a single form.
- 1 · Create the project & bring in the code playbook
Start here — create the project folder, stage the CodeCanyon download in _source/, bootstrap an anchored .gitignore + git init, promote the Laravel app to the root, prove nothing was missed with a filesystem completeness gate, commit the pristine vendor baseline on author/v* + tag, then write .vscode/ for the AI layer (committed at C2 · machine setup).
- 1 · Dependencies & assets playbook
Authenticate Composer to dodge the rate limit, install PHP and JS dependencies without clobbering vendor patches, audit .env.example for fail-loud placeholders, then build and commit frontend assets.
- 1 · Deployer (zero-downtime) playbook
Install Deployer and author deploy.php for atomic releases — symlinked current → timestamped releases, shared storage and .env, retention, hooks, server binary paths, and an SSH-verified dry run.
- 1 · Harden first playbook
Treat every shipped secret as compromised — rotate vendor defaults, lock down file permissions, throttle sensitive endpoints, and audit mass assignment + session cookies before anything watches the app.
- 1 · MUST path playbook
The non-negotiable critical path — brand & core settings, transactional mail with DNS auth, a payment gateway with verified webhooks, plans & feature flags, then a full seed + verify pass before launch.
- 1 · Pre-flight & provision host playbook
Run the canonical pre-flight (Deployer plan preview + PHP triple-check), prepare and push the staging branch, then scaffold the server — deploy tree, .user.ini limits, and the shared .env with APP_KEY left empty.
- 1 · Pre-flight security hygiene (P0) playbook
Never skip this — rotate every test-mode key and staging password that touched a chat or log, migrate plaintext credentials into a secrets manager, re-scope over-privileged service accounts, and record the audit.
- 1 · Prerequisites playbook
Verify the local toolchain, then create the private GitHub repo, hosting sites, and databases — and wire passwordless SSH to both servers — before anything depends on them.
- 1 · SEO (9A · do first) playbook
SEO needs a reachable URL, so it leads — sitemap + robots, per-page meta + schema + titles, then Search Console verification and a PageSpeed pass.
- 1 · Static audit — code, dependencies, git playbook
Fast, deterministic checks that need no browser — project structure, Composer security audit, git hygiene, code-quality/secrets scan — plus migration analysis and FVDUT storage classification.
- 1 · Technical readiness (MUST) playbook
The seven MUST gates that verify the deployed system against reality — git/deploy verification, codebase + security scan, database confidence, env audit, end-to-end testing, monitoring, and final signoff.
- 2 · Branch strategy playbook
Choose Option A (solo/small team — one setup branch, one commit per phase) or Option B (a branch per phase, merged via PR), then learn the branch model the rest of the playbook commits against.
- 2 · Brand kit playbook
Build the single source of truth for visual identity — brand name, logo variations, a WCAG-checked color palette, typography (including bilingual RTL), reference files committed to the repo, and marketing assets.
- 2 · DNS + SSL playbook
Confirm the staging subdomain resolves to the server and serves a valid TLS chain before the first release lands — a deploy onto an unresolved or untrusted host wastes a round-trip.
- 2 · Engagement (9B) playbook
Onboarding, a public changelog, a feedback collection channel, and an optional blog — the streams that keep new users reaching value and existing users informed.
- 2 · Launch signoff — tiered go/no-go playbook
The tiered launch decision — Tier 1 blockers must be 13/13, Tier 2 important items launch with documented exceptions, Tier 3 nice-to-haves can defer.
- 2 · Local database playbook
Start the local MySQL/MariaDB service, create an empty utf8mb4 schema for the installer, and point .env at it with every secret double-quoted.
- 2 · Machine setup (once per machine) playbook
Authenticate the GitHub CLI, register MCP servers, and install the permission-mode switcher and deploy orchestrator — once per machine (your user account), reused by every project.
- 2 · Release & first production deploy (P1–P2) playbook
Cut the changelog and version before deploying, then promote staging → production, stage the production .env, deploy dry-run then real, run the installer (first deploy only), and verify it's live.
- 2 · Security audit playbook
The full security pass — header grading, ownership-aware vulnerability decisions, blocked sensitive files, admin + storage hardening, and a vulnerability register.
- 2 · Security headers & packages playbook
Enforce HTTPS with HSTS + the standard header set in .htaccess, back it with a SecurityHeaders middleware, force HTTPS in production, encrypt high-risk PII fields, and require strong passwords — for Grade A at securityheaders.com (unsafe-inline caps at A until CSP nonces/hashes).
- 2 · Subdomains + SSL playbook
Plan the subdomain map, add A/CNAME records, provision SSL/TLS certificates, force HTTP→HTTPS, and confirm everything with a five-check CLI verification (dig, HEAD, redirect, proxy, cert details).
- 2 · Survey & brand profile playbook
Run the up-front discovery that every later task depends on — a vendor capabilities inventory (what's admin-editable vs hardcoded, what's tier-gated), a vendor-docs digest with the APP_ENV gotcha scan, and a one-page brand profile that answers every "what colour / name / plan?" question before it's asked.
- 3 · Activity logging playbook
Give security-relevant events a durable audit trail — install Spatie Activity Log, capture model changes, log auth and GDPR actions, and auto-prune old records so an incident always has a paper trail.
- 3 · Business & legal readiness playbook
A customer needs something to land on, a way to pay, and the legal pages that make billing legitimate — landing page, legal pages, transactional email, pricing & payment, analytics & social meta.
- 3 · Credentials & branding playbook
Lock the admin account first (default superadmin@example.com / 123456 is publicly known), generate and upload a coherent brand asset kit, resolve the correct PHP binary for every SSH command, then audit and replace the vendor's seeded demo content before any public URL goes live.
- 3 · Extract & snapshot the vendor playbook
Extract the CodeCanyon ZIP into a verified Laravel root, capture vendor docs, back up a pristine copy, and identify any author patches inside vendor/ — before a single file is touched.
- 3 · First release playbook
Run the atomic first deploy, confirm APP_KEY and clear caches with the versioned PHP binary, verify the Deployer directory tree and the .env symlink (a 5-second check that prevents a 90-minute outage), confirm demo content, then loosen permissions for the installer.
- 3 · Harden, verify & sync (P3–P4) playbook
Lock down installer-friendly permissions, verify schema parity against staging, then sync all branches back to a shared base and tag the release as your rollback and audit anchor.
- 3 · Payments & billing playbook
Choose a payment approach from the gateway matrix (Stripe built-in vs from-scratch, PayPal, Tap for MENA, LemonSqueezy as Merchant of Record), then add the production billing depth — model, plans, verified webhooks, tax, dunning, and lifecycle documentation.
- 3 · Performance, database & SEO playbook
Measure Core Web Vitals (inspect before changing), audit the live database for index coverage and N+1 queries, and fix anything that blocks Google from indexing public pages.
- 3 · Production .env playbook
Assemble a safe production .env — bidirectional drift check against .env.example, a Git-history secret scan, production flags and caches, directory permissions, and a verification pass. The .env lives server-side and is shared by Deployer.
- 3 · Project constitution playbook
Write the cross-tool contract (AGENTS.md), the thin CLAUDE.md pointer, and the gitignored CLAUDE.local.md — the persistent project knowledge every agent loads at session start.
- 3 · Storage, symlinks & SSL playbook
Create the storage symlink, detect and wire your app's addon system (Modules vs packages vs addons), then link the project to Herd over HTTPS and prove the installer route is reachable.
- 3 · Support (9C) playbook
Two customer-facing systems with several alternatives each — a live chat widget and a help center / knowledge base. Pick one tool per row and record the choice.
- 4 · Accessibility & cookie compliance playbook
WCAG 2.1 AA checks (automated scanners + manual verification) and GDPR/CCPA cookie inventory with consent gating that actually blocks non-essential cookies.
- 4 · CI + ServerSync playbook
Wire GitHub Actions for deploys and ServerSync — author the workflow, set the GitHub Secrets (PAT, SSH key), keep clear_paths ↔ GIT_ONLY_PATHS symmetric, validate with actionlint, and confirm the run.
- 4 · Claude config — settings, modes, hooks playbook
Write the project-wide settings.json, pick a permission mode (strict/medium/yolo), set personal model/thinking/compact defaults in settings.local.json, and wire the hard-block + vendor-edit guard hooks that no mode can override.
- 4 · Email (SMTP) playbook
Wire transactional email through the admin panel, and learn the Froiden-family trap where a CustomConfigProvider loads SMTP from the database regardless of APP_ENV — meaning the panel's "APP_ENV changed" warning banner lies and .env MAIL_* values are ignored at runtime.
- 4 · Email infrastructure playbook
Confirm and test the transactional mail path, choose a provider from the deliverability matrix, customize the core template set, and (optionally) add drip campaigns and a newsletter — all with SPF/DKIM/DMARC passing.
- 4 · Initialize the repository playbook
Set session variables, write .gitignore BEFORE git init so secrets and installed dependencies never enter history, then initialize git on develop and lock down per-directory storage ignores.
- 4 · Installer + harden playbook
Temporarily unblock /install, run the CodeCanyon web installer wizard, verify the app loads, then immediately re-block /install + /update and re-harden storage and .env permissions from the installer's insecure 777 state.
- 4 · Off-server backups playbook
The one MUST of observability — assess what already exists, wire Spatie Laravel Backup to run daily, and ship to an S3-compatible off-site destination (S3 / Spaces / B2 / R2) under one BACKUP_AWS_* env prefix with the 3-2-1 rule.
- 4 · Post-deploy monitoring & day-2 (P9) playbook
Watch closely through the first 24–48h — smoke tests, integration checks, performance/security spot-checks, log triage, and baselines — with rollback always one command away, then the abbreviated subsequent-deploy cycle.
- 4 · Run the installer playbook
Raise the PHP-FPM and nginx timeouts so big migration runs don't 504, pre-flight four preconditions, complete the web installer wizard, then capture the admin credentials safely.
- 4 · Support & onboarding playbook
Make the path to value short and the path to help obvious — a support surface, a five-minute time-to-first-value flow, and activation funnel tracking.
- 5 · DNS email records playbook
Make transactional email deliverable — verify the email provider, add SPF, DKIM, and DMARC records (plus MX), defer CAA to Phase 7, and confirm everything with dig.
- 5 · Functional QA & debugger review playbook
Drive every critical journey and role (automate with Playwright MCP), run live security tests, triage by severity, then mine Telescope/Sentry/logs and check for unmerged fixes.
- 5 · Observability playbook
Extend the basic Sentry DSN into cron monitors, performance, and release health; add rotated + structured logs; expose a health endpoint with external uptime monitoring; and define alert escalation backed by a quarterly restore drill.
- 5 · Payments & plans playbook
Stand up the payment gateway and subscription plans — pick a Stripe account strategy, discover the REAL webhook URL and event list (never assume /stripe/webhook), grab sandbox keys with the three-actor model, paste them into the admin panel (verifying columns with DESCRIBE first), and create plans only after market research unblocks the pricing.
- 5 · Performance pass playbook
Capture a Lighthouse baseline, then layer .htaccess browser caching + compression, tune the PHP runtime (OpCache, memory, extensions), verify Redis, enable Cloudflare, and apply accessibility/CSP quick wins — with realistic targets for a vendor-bundled app.
- 5 · Rules & skills playbook
Seed .claude/rules/ with the universal behavioral + reference rule set, install the stack skills and deploy orchestrator into .claude/skills/, then restart so the new context loads.
- 5 · Schedule, migrations + schema playbook
Install and verify the every-minute schedule:run cron (catching the hPanel "once per minute" preset trap that silently inserts 0 * * * *), then verify migrations and export + diff the staging schema against your local baseline.
- 5 · Verify migrations & schema playbook
Confirm every migration ran (modules included), troubleshoot pending ones the right way, capture a normalized schema baseline for cross-environment diffs, then run the 11-point gate that proves the app actually works.
- 5 · Wire .env templates playbook
Back up the vendor's env into the project vault, lay down local/staging/production templates, activate local and generate the app key, then verify the per-environment values that differ.
- 6 · Cloudflare CDN playbook
Front the app with Cloudflare on the Free plan — nameserver cutover, API-driven DNS, Full (Strict) SSL + HSTS, WAF and rate limiting, cache rules, DNSSEC, and a final API verification probe. Rocket Loader stays OFF for Laravel.
- 6 · Commit & freeze the vendor playbook
Verify the pristine vendor baseline from AI System setup, push develop + author/vX + tag to the private remote, cut your working branch, and prove the seam is clean — without recreating the vendor import.
- 6 · Commit & secure playbook
Commit the installer's output (especially the storage/installed marker), document any author patches in the shipped vendor tree, verify deploy symlinks and shared_files, then lock down /install and /update with layered defense.
- 6 · Cursor & other IDEs playbook
Wire the project MCP servers (.mcp.json with Laravel Boost) and make Cursor, Gemini, and Codex read the same constitution via a boot rule and thin mirrors.
- 6 · Legal & consent playbook
Stand up the three legal essentials — a cookie/GDPR consent banner, a Privacy Policy, and Terms of Service — using the check-first pattern. Each is either an admin-panel field to fill or a deferral to the security/compliance phase, and the consent banner has a hard dependency on the analytics tag from the next page.
- 6 · Legal, privacy & GDPR playbook
Decide which legal pages you need, generate and host Privacy + Terms via one generator (GetTerms / Termly / Iubenda), wire a cookie-consent banner, build GDPR data export + deletion-with-grace-period, and finalize with ROPA + DPAs.
- 6 · Optional integrations playbook
Surface (don't silently skip) the optional integrations — Slack notifications for errors/deploys/backups, GitHub project management (labels, issue forms, project board, PR template), and privacy-first Rybbit analytics.
- 6 · Pre-launch sign-off playbook
The final gate — walk the pre-launch checklist across blockers, infra, security, monitoring, payments, comms, legal, content, and team readiness, then execute the launch sequence.
- 6 · Rollback + monitor playbook
Prove a one-command rollback restores the previous release, then run the full post-deploy monitoring sweep — auth, features, integrations, mobile, performance, DB integrity, logs, security, and three end-to-end journeys — across a 24–48h window, log findings, and clear the Phase 5 gate.
- 7 · Compliance tracks (SOC 2 · HIPAA) playbook
Reference for when SOC 2 and HIPAA enter the picture — applicability tests, cost and timeline, what each involves, and the platforms that automate evidence collection. Most CodeCanyon SaaS launches skip both.
- 7 · Optional enhancements playbook
Project-structure scaffolding (Admin-Local vault + docs), commit & documentation standards with the Zaj customization strategy, and version management (SemVer + CHANGELOG) — SHOULD, not skip-by-default.
- 7 · Optional tooling playbook
Optional power-ups for the local environment — Atlas schema management, a database GUI (Bytebase), Redis caching via Herd Pro, and a right-sized debug-tools stack. None block launch; each has a free fallback.
- 7 · Post-launch identity & changelog playbook
Two post-launch tasks — claim social-media handles early (even before you post) and wire the dual changelog (internal + public) so every stable release ships with an announcement.
- 7 · Release + incident response playbook
Close the phase — bootstrap or update the changelog and version, tag the release, then stand up an incident-response runbook (Sentry, uptime, SSL expiry, severities, contacts) wired into the repo as dev-only.
- 7 · ServerSync capture playbook
Capture server-side changes the web installer made (config, storage markers, generated files) back into Git via the ServerSync GitHub Actions workflow — verifying workflow availability and version parity, re-auditing clear_paths ↔ GIT_ONLY_PATHS, triggering the run, and reviewing the resulting PR file-by-file.
- 7 · Theme & system pages playbook
Apply your brand colours through the admin panel (or defer to code), confirm the error pages (404/500/503) are branded rather than raw Laravel defaults, and prepare a branded maintenance-mode page you can flip on safely with a bypass token.
- 7 · Verify & gate playbook
Run the AI System verification checklist, confirm the gate condition, and hand off to Code & repository setup with the AI System fully wired.
- 8 · Deep codebase audit playbook
A staging-time deep audit of the codebase — project structure, composer security audit, Git hygiene, FVDUT storage persistence, secret + debug-code scans (with the word-boundary fix for dd()), storage-tracked-file triage, CodeCanyon frontend anti-patterns, and an optional schema audit.
- 8 · Engagement & SEO playbook
Wire the growth surfaces — GA4 analytics via the universal 3-file Safe Vendor Deviation Pattern (the canonical example), plus the lighter check-first tasks for a chat widget, social login, the blog system, and the sitemap. Most CodeCanyon scripts ship zero built-in analytics, so the deviation path is the common case.
- 9 · Atlas Cloud (optional) playbook
Optionally register your schema with Atlas Cloud for versioned migration tracking — open the SSH tunnel, build a baseline migration from the staging schema, push it to Atlas Cloud, apply the baseline to staging, and wire up GitHub CI. Requires an active Atlas Cloud license; free alternatives noted.
- Full roadmap & checklist playbook
The entire setup-new playbook on one page — 12 phases, every step, every gate. Read the workflow top to bottom or tick progress as you go.
- Phase 1 · Set up the AI System playbook
Stand up the agent operating system for a CodeCanyon Laravel app — the constitution, permission modes, rules, skills, and IDE wiring that every later phase relies on.
- Phase 10 · Audit & QA playbook
The full pre-launch audit — static code & dependency checks, a security re-check, performance/DB/SEO/accessibility audits, functional QA across roles, debugger review, and a pre-launch sign-off gate.
- Phase 11 · Pre-customer checklist playbook
The final go/no-go gate before the first real customer — technical verification, business and legal readiness, support and docs, then a tiered launch signoff.
- Phase 12 · Deploy to production playbook
Go live safely — pre-flight security hygiene, the first production release and installer, schema and branch verification, version tagging, and 24–48h post-deploy monitoring with a rollback always ready.
- Phase 2 · Code & repository setup playbook
Extract the CodeCanyon vendor ZIP cleanly, initialize git with a frozen vendor snapshot and branch strategy, and wire .env templates — so every later vendor update diffs cleanly.
- Phase 3 · Local development playbook
Install dependencies, build assets locally, run the CodeCanyon installer, and get the app booting at a local HTTPS domain with login working — the first time you see it run.
- Phase 4 · Deploy pipeline playbook
Stand up everything that makes deployment possible — Deployer for zero-downtime releases, subdomains + SSL, production .env, and (recommended) CI, DNS email records, and a CDN — so `dep deploy staging` just works.
- Phase 5 · Staging deploy playbook
Take the app from "runs locally" to "runs on a real server" — provision the staging host, point DNS, ship the first atomic release, run the web installer, verify the schema, and prove rollback before a 24–48h monitoring window.
- Phase 6 · SuperAdmin setup playbook
Log in as the superadmin and configure everything the vendor exposes in the admin panel — branding, theme, email, payments, plans, legal pages, and analytics — using a check-first pattern that adapts to any CodeCanyon app.
- Phase 7 · Security & monitoring playbook
Harden the deployed app (rotate vendor defaults, TLS/HSTS, security headers, rate limits, session/mass-assignment audit), add an audit trail, then make it observable — off-server backups, Sentry, uptime, logs — and close out the legal layer (GDPR, cookie consent) and compliance tracks (SOC 2 / HIPAA).
- Phase 8 · Configure the app playbook
Wire the live product end-to-end — branding, mail, payment gateways, integrations, and plan/feature flags — then seed and verify every flow before launch.
- Phase 9 · Growth & polish playbook
The pass that makes the product feel finished — SEO (sitemap, meta, schema, Search Console), onboarding/changelog/feedback/blog, and customer-facing chat + help center. Mostly SHOULD with many alternatives.
- Set up a New CodeCanyon App playbook
Deploy a CodeCanyon Laravel application from ZIP to production, step by step — AI-assisted, 12 phases.
- CodeCanyon workflows playbook
Command router for a CodeCanyon Laravel app across its whole lifecycle — from first-time setup through daily operations like ship, vendor updates, hotfix, rollback, server sync, security, modules, and docs.
- 1 · Ship — code → test → deploy playbook
The everyday deploy loop (WF-SHIP) — decide small vs big, work on develop, clear the pre-deploy database safety gate (Atlas lint — STOP on DS102/DS103), then run the develop → staging → production sequence and tag the release.
- 2 · Server sync — capture server changes playbook
Capture untracked server / admin-panel changes (uploads, installer output, config) back into git with WF-SYNC before a deploy overwrites them — reviewing the file list first and never staging secrets.
- Continuous Develop & Deploy playbook
The everyday loop for a live CodeCanyon Laravel app — code, test locally, ship to staging then production behind a database safety gate, and sync server-side changes back into git.
- 1 · The decision rule playbook
Three questions that route any change to the right update-safe home — a ZajModule package, the vendor-customizations overlay, or a _zaj migration that adds marked columns to a vendor table — so nothing you build is lost on the next vendor update.
- 2 · Build a ZajModule playbook
Build new functionality as a self-contained ZajModule package under packages/ZajModules/ — directory structure, namespace and naming conventions, and the event-driven pattern that keeps it isolated from vendor code and safe across updates.
- 3 · Vendor customizations playbook
When a vendor file must be edited, store the edited copy in the resources/vendor-customizations/ overlay that mirrors vendor paths, mark your changes with ZAJ:BEGIN/END markers, and re-apply the overlay after every composer install overwrites vendor/.
- 4 · Track and restore playbook
Keep a MOD-NNN tracking log and a _CUSTOMIZATIONS file documenting every vendor patch, and run restore-vendor-customizations.php to re-apply your overlay automatically after composer install or a vendor update overwrites vendor/.
- Implement Customizations playbook
Add custom features to a CodeCanyon Laravel app without losing them on the next vendor update — the ZajModules + vendor-customizations system.
- 1 · Compare the schema playbook
Diff the new vendor release against your frozen author-vX.X.X snapshot — list pending migrations, preview the SQL, run an Atlas schema diff, and classify every change by risk so a destructive operation never reaches the database by surprise.
- 2 · Apply the update playbook
Tag a backup, branch the frozen author baseline to author/vY.Y.Y, drop in the new vendor files, then merge to develop and run migrations safely — every step reversible until the update is proven.
- 3 · Restore customizations playbook
Re-apply your vendor-customizations overlay with the restore script after composer install reverts vendor/, confirm every ZajModule, zajm_ table, and _zaj column survived untouched, verify the patches behaviourally, then deploy staging-first.
- Implement Vendor Updates playbook
Apply a new CodeCanyon vendor release without losing your customizations or breaking the database — compare the schema, apply the update on a branch, then restore your overlay.
- 1 · Hotfix forward playbook
Branch from production state, make the minimal scoped fix, fast-track straight to production skipping staging, then back-merge so the fix survives the next release.
- 2 · Roll back playbook
Restore the last good release via the deployer symlink or a known-good tag — when to roll back versus fix forward, the database-migration caveat, and post-incident steps.
- Emergency Hotfix playbook
Production is broken — the fast, safe path to patch a live CodeCanyon Laravel app and roll back if needed.
- Laravel/CodeCanyon — Handbook handbook
The mental models behind running a CodeCanyon Laravel app — when a change is a module vs a customization, where admin files live, how to extend the schema safely, and how to version your fork.
- Schema management handbook
Extending a vendor's database safely — additive _zaj migrations that add marked columns to vendor tables, zajm_ module tables, soft references, and never editing a vendor migration.
- The three-tier admin model handbook
Where your ops files live — Admin-Local in the project repo, Admin-Domain as per-domain runtime state, and Admin-Server shared across the whole hosting account.
- Version management handbook
Two version lines that never get confused — SemVer for your own fork versus the vendor's author-vX.X.X snapshots — plus CHANGELOG discipline that keeps upgrades calm.
- ZajModules vs customizations handbook
The core mental model — deciding whether a change is a new ZajModule, a vendor customization, or a schema extension, and why that split keeps your app update-safe.
- Laravel/CodeCanyon — Guides guide
Focused, read-once Learn guides for the theory behind the CodeCanyon Laravel workflows — deployment, security, database, version control, architecture, dev environment, monitoring, and SaaS planning.
- Customization decision cheatsheet
The one-screen routing for any change to a CodeCanyon Laravel app — vendor file edit → vendor-customizations overlay, new functionality → ZajModule, vendor-table column → additive _zaj migration — so nothing is lost on the next vendor update.
- Deploy commands cheatsheet
Ship, server-sync, and rollback command sequences at a glance — develop → staging → production behind the Atlas pre-deploy gate (STOP on DS102/DS103), plus the three rollback options.
- Gotchas cheatsheet
The CodeCanyon Laravel traps that bite — per-environment APP_KEY, APP_DEBUG off the box, the utf8mb4 schema, the vendor overlay that composer install reverts, secrets in server sync, and Cloudflare Full (Strict) SSL — each with the one-line fix.
- Laravel/CodeCanyon — Cheat sheets cheatsheet
Glanceable command and decision references distilled from the five CodeCanyon Laravel playbooks — deploy commands, the customization decision, and common gotchas.
- Deployer — deploy.php template
The zero-downtime Deployer config for a CodeCanyon Laravel app — project block to fill in, smoke test, health check, and rollback baked in.
- Environments — .env templates template
Three Laravel .env templates — local, staging, production — with the keys that change between stages and a per-env safety checklist.
- Laravel/CodeCanyon — Templates template
Copy-and-fill starter files for CodeCanyon Laravel deployment — deployer, environment, web server, and git ignore.
- Web server & git template
Root + public .htaccess for an Apache-hosted CodeCanyon Laravel app — routing, HTTPS, security headers, caching — plus a CodeCanyon-ready .gitignore.
- Laravel/CodeCanyon — Kits kit
Reusable, copy-paste bundles for CodeCanyon Laravel work — like the vendor-customization restore script that re-applies your overlay after composer install.
- Vendor-customization restore kit kit
The restore-vendor-customizations.php script — re-applies your resources/vendor-customizations/ overlay after composer install or a vendor update reverts vendor/ to vanilla, honoring your ZAJ:BEGIN/END markers.
- Authoring docs checklist runbook
Pick the doc type (playbook step, module devdocs, concept guide, micro-workflow) and run the right template checklist before publishing. Peeled from MWF4 — meta for authors and agents.
- Code → test → ship runbook
Terse deploy loop — local verify, pick Pattern A/B/C, run dep deploy or staging→production, post-deploy checks. Peeled from MWF1; teaching lives in the Ship playbook step.
- Incident response setup checklist
Sentry, uptime/SSL monitoring, severity levels, emergency contacts, and incident runbook before scale.
- Laravel/CodeCanyon — Checklists checklist
Tick-box verification for Laravel/CodeCanyon — setup gates peeled from inbox checklists, plus playbook phase sign-offs.
- Laravel/CodeCanyon — Runbooks runbook
Terse one-operation command cards for Laravel/CodeCanyon — exact commands and checks, no teaching. Peeled from Mini-Workflows and playbook phases for when you already know the drill.
- Launch announcement checklist
Publish release docs, GitHub Release, roadmap updates, and user/team announcements after stable production.
- Local development checklist
Dependencies, assets, database, Herd/SSL, installer, migrations, and pre-deploy checks on your machine.
- Ops & analytics setup checklist
Sitemap, Search Console, Slack notifications, project management, brand kit, social identity, and analytics tooling.
- Post-deploy monitoring checklist
Immediate and 24–48h smoke tests, monitoring, user feedback, and post-mortem after production launch.
- Production launch checklist
First production deploy, hardening, ServerSync, v1.0.0 tag, and return to develop branch.
- Repository & version setup checklist
ZIP extract, Git init, vendor T1 commit, author branch/tag, semver, and changelog — gates before local dev.
- Security package update runbook
composer/npm audit fix loop — backup, isolated branch, rigorous artisan checks, merge or rollback. Peeled from MWF5.
- Server sync capture runbook
Reverse-git — capture admin uploads, installer output, and server-side files back into develop before the next deploy wipes them. Peeled from MWF3.
- Staging first deploy checklist
First staging release — branch prep, installer, hardening, migration verification, and ProjectLog update.
- Technical prerequisites checklist
Verify local toolchain and provision GitHub, staging/production sites, databases, and SSH before repository init.
- Zaj module deploy runbook
Deploy or update a ZajModules package — autoload dump, config publish, provider check, instant disable rollback. Peeled from MWF2.
- Architecture & systems guide
The bird's-eye view of how a Zajaly-style CodeCanyon Laravel app fits together — the four pillars, the event-driven flow, and where each piece is executed.
- Content marketing guide
Content strategy, keyword research, editorial calendar, and distribution for a CodeCanyon SaaS after launch.
- Database & migrations guide
How Laravel decides which migrations run, why additive-only discipline keeps vendor updates safe, and how schema-diff tools verify the database actually matches your intent.
- Deployment concepts guide
How zero-downtime Deployer releases, symlinks, shared paths, and CI/CD safety nets actually work — the mental model before you run a single deploy.
- Dev environment & tooling guide
Version managers, server PHP/Node, fast CLI config updates, and the AI editor setup that keep a CodeCanyon Laravel project consistent across your machine and the server.
- Enterprise readiness guide
Enterprise assessment, SSO, SOC2 posture, admin RBAC, and enterprise sales motion for a CodeCanyon Laravel SaaS.
- Growth & scale guide
Product analytics, interactive demos, onboarding optimization, A/B testing, and infrastructure scaling after your Laravel SaaS is live.
- Localization guide
Localization assessment, Laravel i18n setup, translation workflow, regional SEO, and local payment methods.
- Monitoring & analytics guide
The mental model behind error monitoring (Sentry) and web analytics on a CodeCanyon Laravel app — what each watches, how sampling and privacy work, and which one answers which question.
- Paid acquisition guide
Advertising strategy, conversion tracking, and channel playbooks for Google, LinkedIn, Facebook, and retargeting.
- Post-launch growth guide
Read-once guides for marketing, growth, localization, and enterprise readiness after your CodeCanyon app is live — not a sixth workflow, satellites to the five playbooks.
- Product Hunt launch guide
Strategy, launch assets, launch-day execution, directory submissions, and post-launch follow-up for a Product Hunt ship.
- Referrals & affiliates guide
Referral program design, implementation, affiliate programs, partnerships, and payout tracking for SaaS growth.
- SaaS planning & launch guide
The five phases of a SaaS product, the docs each one needs, and how to plan, document releases, and run a launch from a purchased CodeCanyon script.
- Security & compliance guide
How a CodeCanyon Laravel app stays safe — secrets management, defense-in-depth, SSL/HSTS/headers, and what SOC 2, GDPR, and HIPAA actually require.
- Thought leadership guide
Personal brand, guest posting, podcasts, speaking, media/PR, and community building for founder-led SaaS growth.
- Version control & git workflow guide
How small commits, a vendor-safe branch model, and a reverse-capture loop keep a CodeCanyon Laravel project recoverable and upgrade-safe.
- CodeCanyon AI System kit kit
A standalone copy-paste kit that stands up the Phase 1 AI System for a fresh CodeCanyon Laravel app — constitution, Claude config + permission modes + safety hooks, universal rules, and other-IDE wiring.
general
- Laravel - Tech Stack collection
Browse ZajLibrary pages for Tech Stack / Laravel.