1 · Hotfix forward

# ZajLibrary — implementation playbook

You are a **senior implementation assistant** working inside the user’s real development environment (terminal, editor, git repo). You are **not** a documentation writer, tutor, or library editor.

**Mission:** Execute the procedure described below in the user’s real project workspace — create or modify the files and run the commands it specifies. Do not just summarize it.

## Metadata
- title: 1 · Hotfix forward
- url: https://library.zajapps.com/tech-stack/laravel/codecanyon/build/playbooks/hotfix/01-hotfix/
- shelf: Build & Create
- doc_type: implementation playbook
- status: current
- kind: playbook
- category: tech-stack
- subcategory: laravel
- topic: codecanyon
- phase: 5
- step_number: 1
- est_time: ~15 min – 1 hr
- description: Branch from production state, make the minimal scoped fix, fast-track straight to production skipping staging, then back-merge so the fix survives the next release.
- tags: codecanyon, laravel, hotfix, incident, deployer, migrations

## Execution rules (binding)
- This is step 1 of phase 5 (~15 min – 1 hr) — do only this step, then stop at its `## Checklist`.
- Follow `## Steps` in order. Do not skip steps or declare the work complete early.
- Respect `:::note[Who does this]`: 👤 **User** steps (browser, downloads, OAuth, moving files) need the human — wait for or instruct them; 🤖 **Agent** steps you run in the shell.
- After every command, compare its output to the `# Expected:` comment or ✅ bullet beneath it. If it differs, **stop, show what you got, and ask how to proceed** — do not guess or rewrite the procedure.
- Honor `:::caution` / `:::note` callouts as hard gates (a step may forbid a command at this stage).
- Do not mark the step done until every `## Checklist` item is genuinely satisfied.
- Scope: implement only what this page describes — no refactors, added features, or later-phase work unless the page says so.
- When reporting progress, cite the `##` / `###` headings you completed or got blocked on.
- Secrets: never put API keys, passwords, or `.env` values in frontend code, commits, or chat logs — use server-side `.env` / config only, and keep `.env` gitignored.

---

# 1 · Hotfix forward

## TL;DR

**Objective** — patch a live, broken app the fast-but-safe way: branch from the **production** state (not `develop`), make the smallest possible fix, deploy straight to production skipping staging, then back-merge so the fix isn't lost on the next release.

:::note[User part + done-when]
**👤 User part** — two human checkpoints: confirm the production fix actually works in the browser, and approve before the hotfix branch is deleted. Everything else (branch, commit, merge, deploy, tag, back-merge) an agent can drive.

**Done when** production works again, the fix is tagged, and it's been merged into `main`, `develop`, and `staging` so the next release keeps it. &nbsp;·&nbsp; **⏱ ~15 min – 1 hr** &nbsp;·&nbsp; 🔀 mixed (🤖 git/deploy, 👤 verify).
:::

## Background

The thing that makes a hotfix different from a normal deploy is **where you branch from**. A normal change starts on `develop` and flows `develop → staging → production`. A hotfix can't wait for that — production is already broken, and `develop` may contain half-finished work you don't want live. So you branch straight from `production`, fix only the one thing, and deploy directly.

That speed has a cost: the fix now lives only on the production line, not in `develop`. If you stop there, the **next** normal release silently overwrites your fix and the bug comes back. That's why Phase 3 (back-merge) is not optional — it's the step that makes the fix permanent.

```mermaid
flowchart LR
  P[production] -->|branch from| H[Hotfix/fix-description]
  H -->|deploy direct| P2[production live]
  H -->|back-merge| D[develop]
  D --> S[staging]
  P2 -->|merge| M[main]
```

## Steps

### 1. Assess before you touch anything

Spend two minutes confirming it's a true emergency and that you understand the bug. A wrong fix deployed in a panic is worse than the original break.

<Steps>

1. **Read the production error log and recent deploys.** Find the actual error before writing any fix.

   ```bash
   ssh [SSH_PRODUCTION_ALIAS] "tail -50 [DEPLOY_PATH]/storage/logs/laravel.log"
   git log --oneline production -5
   # Expected: a stack trace / error message, and the last 5 production commits
   ```

   - ✅ You can name what's broken and, if a deploy caused it, which one.

2. **Decide: hotfix or roll back.** If you can fix it in under an hour, continue here. If not — or if the last deploy is the culprit — switch to [Roll back](/tech-stack/laravel/codecanyon/build/playbooks/hotfix/02-rollback/) and restore the last good release first.

   - ✅ You've chosen to fix forward, and you know the fix.

</Steps>

:::caution[Don't panic-deploy]
If you can't clearly explain the bug yet, you're not ready to hotfix. Roll back to buy time, then diagnose calmly — a broken fix on top of a broken app doubles the damage.
:::

### 2. Branch from production and fix

Branch from `production` itself — **not** `develop` — so your fix sits on exactly the code that's live, with nothing extra coming along for the ride.

<Steps>

1. **Branch from the live production state.**

   ```bash
   git checkout production && git pull origin production
   git checkout -b Hotfix/fix-description
   # Expected: now on Hotfix/fix-description, branched off current production
   ```

   - ✅ `git branch --show-current` prints `Hotfix/fix-description`.

2. **Make the minimal fix, test locally, and commit.** Change only what's needed to stop the bleeding — no refactors, no extras.

   ```bash
   # find and fix the bug, then a quick local test
   git commit -am "🔧 🟦 T2 Fix-Bug: Fix [description]"
   git push origin Hotfix/fix-description
   # Expected: one small commit pushed to the hotfix branch
   ```

   - ✅ The fix is a small, scoped diff and is pushed to the remote.

</Steps>

A hotfix that touches twenty files isn't a hotfix — it's a feature in disguise. Keep the diff small enough to review at a glance under pressure.

### 3. Deploy straight to production

This is the one workflow where you **skip staging on purpose**. Production is already broken, so the normal staged path would only extend the outage. Merge the hotfix into `production` and deploy.

<Steps>

1. **Merge and deploy to production.**

   ```bash
   git checkout production
   git merge Hotfix/fix-description
   git push origin production
   dep deploy production
   # Expected: deployer publishes a new release and switches the live symlink
   ```

   - ✅ The deploy completes without errors and the new release is live.

</Steps>

Now hand off to a person for the one check an agent can't truly make — does it actually work for a real user?

:::note[Who does this]
👤 **User** opens the live site and confirms the broken thing is fixed — and that nothing obvious else broke. Only a human can judge "the app works now."
:::

Open production in a browser, reproduce the original failing action, and confirm it now succeeds before moving on.

### 4. Make the fix permanent (back-merge)

The fix is live but fragile — it exists only on the production line. Tag it, then fold it back into every branch so the next normal release can't undo it.

<Steps>

1. **Tag the fix and propagate it to `main`, `develop`, and `staging`.**

   ```bash
   git tag v[VERSION]-[next letter]   # e.g. v1.0.0-a → v1.0.0-b
   git push origin v[VERSION]-[next letter]

   git checkout main && git merge production && git push origin main
   git checkout develop && git merge Hotfix/fix-description && git push origin develop
   git checkout staging && git merge develop && git push origin staging
   # Expected: the fix now exists on main, develop, and staging
   ```

   - ✅ `git branch --contains Hotfix/fix-description` lists `develop` (and the fix is on `main`/`staging`).

</Steps>

This back-merge is the difference between fixing the bug once and fixing it forever. Skip it and the bug reappears on the next deploy from `develop`.

:::note[Who does this]
👤 **User** confirms the incident is fully resolved before the throwaway branch is removed — the branch is the only record of the isolated fix until it's safely merged everywhere.
:::

Once a person has confirmed everything is merged and stable, clean up:

```bash
git checkout develop
# then delete the hotfix branch (local + remote) once 👤 confirms it's safe
```

## Checklist

Do not mark this step done until **every** box below is checked.

- [ ] **🤖 Assessed** — production error read; confirmed it's a true emergency and the fix is understood.
- [ ] **🤖 Branched from production** — on `Hotfix/fix-description`, off the live state (not `develop`).
- [ ] **🤖 Minimal fix shipped** — small scoped diff, merged to `production`, `dep deploy production` succeeded.
- [ ] **👤 Verified live** — the original failure is reproduced and confirmed fixed in a browser on production.
- [ ] **🤖 Tagged + back-merged** — `v[VERSION]-[next letter]` pushed; fix merged into `main`, `develop`, and `staging`.
- [ ] **👤 Cleanup approved** — incident confirmed resolved before the hotfix branch is deleted.

:::next[Next step]
[Roll back](/tech-stack/laravel/codecanyon/build/playbooks/hotfix/02-rollback/)
:::

# 1 · Hotfix forward

> Source: https://library.zajapps.com/tech-stack/laravel/codecanyon/build/playbooks/hotfix/01-hotfix/

## TL;DR

**Objective** — patch a live, broken app the fast-but-safe way: branch from the **production** state (not `develop`), make the smallest possible fix, deploy straight to production skipping staging, then back-merge so the fix isn't lost on the next release.

:::note[User part + done-when]
**👤 User part** — two human checkpoints: confirm the production fix actually works in the browser, and approve before the hotfix branch is deleted. Everything else (branch, commit, merge, deploy, tag, back-merge) an agent can drive.

**Done when** production works again, the fix is tagged, and it's been merged into `main`, `develop`, and `staging` so the next release keeps it. &nbsp;·&nbsp; **⏱ ~15 min – 1 hr** &nbsp;·&nbsp; 🔀 mixed (🤖 git/deploy, 👤 verify).
:::

## Background

The thing that makes a hotfix different from a normal deploy is **where you branch from**. A normal change starts on `develop` and flows `develop → staging → production`. A hotfix can't wait for that — production is already broken, and `develop` may contain half-finished work you don't want live. So you branch straight from `production`, fix only the one thing, and deploy directly.

That speed has a cost: the fix now lives only on the production line, not in `develop`. If you stop there, the **next** normal release silently overwrites your fix and the bug comes back. That's why Phase 3 (back-merge) is not optional — it's the step that makes the fix permanent.

```mermaid
flowchart LR
  P[production] -->|branch from| H[Hotfix/fix-description]
  H -->|deploy direct| P2[production live]
  H -->|back-merge| D[develop]
  D --> S[staging]
  P2 -->|merge| M[main]
```

## Steps

### 1. Assess before you touch anything

Spend two minutes confirming it's a true emergency and that you understand the bug. A wrong fix deployed in a panic is worse than the original break.

<Steps>

1. **Read the production error log and recent deploys.** Find the actual error before writing any fix.

   ```bash
   ssh [SSH_PRODUCTION_ALIAS] "tail -50 [DEPLOY_PATH]/storage/logs/laravel.log"
   git log --oneline production -5
   # Expected: a stack trace / error message, and the last 5 production commits
   ```

   - ✅ You can name what's broken and, if a deploy caused it, which one.

2. **Decide: hotfix or roll back.** If you can fix it in under an hour, continue here. If not — or if the last deploy is the culprit — switch to [Roll back](/tech-stack/laravel/codecanyon/build/playbooks/hotfix/02-rollback/) and restore the last good release first.

   - ✅ You've chosen to fix forward, and you know the fix.

</Steps>

:::caution[Don't panic-deploy]
If you can't clearly explain the bug yet, you're not ready to hotfix. Roll back to buy time, then diagnose calmly — a broken fix on top of a broken app doubles the damage.
:::

### 2. Branch from production and fix

Branch from `production` itself — **not** `develop` — so your fix sits on exactly the code that's live, with nothing extra coming along for the ride.

<Steps>

1. **Branch from the live production state.**

   ```bash
   git checkout production && git pull origin production
   git checkout -b Hotfix/fix-description
   # Expected: now on Hotfix/fix-description, branched off current production
   ```

   - ✅ `git branch --show-current` prints `Hotfix/fix-description`.

2. **Make the minimal fix, test locally, and commit.** Change only what's needed to stop the bleeding — no refactors, no extras.

   ```bash
   # find and fix the bug, then a quick local test
   git commit -am "🔧 🟦 T2 Fix-Bug: Fix [description]"
   git push origin Hotfix/fix-description
   # Expected: one small commit pushed to the hotfix branch
   ```

   - ✅ The fix is a small, scoped diff and is pushed to the remote.

</Steps>

A hotfix that touches twenty files isn't a hotfix — it's a feature in disguise. Keep the diff small enough to review at a glance under pressure.

### 3. Deploy straight to production

This is the one workflow where you **skip staging on purpose**. Production is already broken, so the normal staged path would only extend the outage. Merge the hotfix into `production` and deploy.

<Steps>

1. **Merge and deploy to production.**

   ```bash
   git checkout production
   git merge Hotfix/fix-description
   git push origin production
   dep deploy production
   # Expected: deployer publishes a new release and switches the live symlink
   ```

   - ✅ The deploy completes without errors and the new release is live.

</Steps>

Now hand off to a person for the one check an agent can't truly make — does it actually work for a real user?

:::note[Who does this]
👤 **User** opens the live site and confirms the broken thing is fixed — and that nothing obvious else broke. Only a human can judge "the app works now."
:::

Open production in a browser, reproduce the original failing action, and confirm it now succeeds before moving on.

### 4. Make the fix permanent (back-merge)

The fix is live but fragile — it exists only on the production line. Tag it, then fold it back into every branch so the next normal release can't undo it.

<Steps>

1. **Tag the fix and propagate it to `main`, `develop`, and `staging`.**

   ```bash
   git tag v[VERSION]-[next letter]   # e.g. v1.0.0-a → v1.0.0-b
   git push origin v[VERSION]-[next letter]

   git checkout main && git merge production && git push origin main
   git checkout develop && git merge Hotfix/fix-description && git push origin develop
   git checkout staging && git merge develop && git push origin staging
   # Expected: the fix now exists on main, develop, and staging
   ```

   - ✅ `git branch --contains Hotfix/fix-description` lists `develop` (and the fix is on `main`/`staging`).

</Steps>

This back-merge is the difference between fixing the bug once and fixing it forever. Skip it and the bug reappears on the next deploy from `develop`.

:::note[Who does this]
👤 **User** confirms the incident is fully resolved before the throwaway branch is removed — the branch is the only record of the isolated fix until it's safely merged everywhere.
:::

Once a person has confirmed everything is merged and stable, clean up:

```bash
git checkout develop
# then delete the hotfix branch (local + remote) once 👤 confirms it's safe
```

## Checklist

Do not mark this step done until **every** box below is checked.

- [ ] **🤖 Assessed** — production error read; confirmed it's a true emergency and the fix is understood.
- [ ] **🤖 Branched from production** — on `Hotfix/fix-description`, off the live state (not `develop`).
- [ ] **🤖 Minimal fix shipped** — small scoped diff, merged to `production`, `dep deploy production` succeeded.
- [ ] **👤 Verified live** — the original failure is reproduced and confirmed fixed in a browser on production.
- [ ] **🤖 Tagged + back-merged** — `v[VERSION]-[next letter]` pushed; fix merged into `main`, `develop`, and `staging`.
- [ ] **👤 Cleanup approved** — incident confirmed resolved before the hotfix branch is deleted.

:::next[Next step]
[Roll back](/tech-stack/laravel/codecanyon/build/playbooks/hotfix/02-rollback/)
:::

TL;DR

Objective — patch a live, broken app the fast-but-safe way: branch from the production state (not develop), make the smallest possible fix, deploy straight to production skipping staging, then back-merge so the fix isn’t lost on the next release.

Background

The thing that makes a hotfix different from a normal deploy is where you branch from. A normal change starts on develop and flows develop → staging → production. A hotfix can’t wait for that — production is already broken, and develop may contain half-finished work you don’t want live. So you branch straight from production, fix only the one thing, and deploy directly.

That speed has a cost: the fix now lives only on the production line, not in develop. If you stop there, the next normal release silently overwrites your fix and the bug comes back. That’s why Phase 3 (back-merge) is not optional — it’s the step that makes the fix permanent.

flowchart LR
  P[production] -->|branch from| H[Hotfix/fix-description]
  H -->|deploy direct| P2[production live]
  H -->|back-merge| D[develop]
  D --> S[staging]
  P2 -->|merge| M[main]

Steps

1. Assess before you touch anything

Spend two minutes confirming it’s a true emergency and that you understand the bug. A wrong fix deployed in a panic is worse than the original break.

Read the production error log and recent deploys. Find the actual error before writing any fix.

ssh [SSH_PRODUCTION_ALIAS] "tail -50 [DEPLOY_PATH]/storage/logs/laravel.log"
git log --oneline production -5
# Expected: a stack trace / error message, and the last 5 production commits

✅ You can name what’s broken and, if a deploy caused it, which one.

Decide: hotfix or roll back. If you can fix it in under an hour, continue here. If not — or if the last deploy is the culprit — switch to Roll back and restore the last good release first.
- ✅ You’ve chosen to fix forward, and you know the fix.

2. Branch from production and fix

Branch from production itself — not develop — so your fix sits on exactly the code that’s live, with nothing extra coming along for the ride.

Branch from the live production state.

git checkout production && git pull origin production
git checkout -b Hotfix/fix-description
# Expected: now on Hotfix/fix-description, branched off current production

✅ git branch --show-current prints Hotfix/fix-description.

Make the minimal fix, test locally, and commit. Change only what’s needed to stop the bleeding — no refactors, no extras.

# find and fix the bug, then a quick local test
git commit -am "🔧 🟦 T2 Fix-Bug: Fix [description]"
git push origin Hotfix/fix-description
# Expected: one small commit pushed to the hotfix branch

✅ The fix is a small, scoped diff and is pushed to the remote.

A hotfix that touches twenty files isn’t a hotfix — it’s a feature in disguise. Keep the diff small enough to review at a glance under pressure.

3. Deploy straight to production

This is the one workflow where you skip staging on purpose. Production is already broken, so the normal staged path would only extend the outage. Merge the hotfix into production and deploy.

Merge and deploy to production.

git checkout production
git merge Hotfix/fix-description
git push origin production
dep deploy production
# Expected: deployer publishes a new release and switches the live symlink

✅ The deploy completes without errors and the new release is live.

Now hand off to a person for the one check an agent can’t truly make — does it actually work for a real user?

Open production in a browser, reproduce the original failing action, and confirm it now succeeds before moving on.

4. Make the fix permanent (back-merge)

The fix is live but fragile — it exists only on the production line. Tag it, then fold it back into every branch so the next normal release can’t undo it.

Tag the fix and propagate it to main, develop, and staging.

git tag v[VERSION]-[next letter]   # e.g. v1.0.0-a → v1.0.0-b
git push origin v[VERSION]-[next letter]

git checkout main && git merge production && git push origin main
git checkout develop && git merge Hotfix/fix-description && git push origin develop
git checkout staging && git merge develop && git push origin staging
# Expected: the fix now exists on main, develop, and staging

✅ git branch --contains Hotfix/fix-description lists develop (and the fix is on main/staging).

This back-merge is the difference between fixing the bug once and fixing it forever. Skip it and the bug reappears on the next deploy from develop.

Once a person has confirmed everything is merged and stable, clean up:

git checkout develop
# then delete the hotfix branch (local + remote) once 👤 confirms it's safe

Checklist

Do not mark this step done until every box below is checked.

🤖 Assessed — production error read; confirmed it’s a true emergency and the fix is understood.
🤖 Branched from production — on Hotfix/fix-description, off the live state (not develop).
🤖 Minimal fix shipped — small scoped diff, merged to production, dep deploy production succeeded.
👤 Verified live — the original failure is reproduced and confirmed fixed in a browser on production.
🤖 Tagged + back-merged — v[VERSION]-[next letter] pushed; fix merged into main, develop, and staging.
👤 Cleanup approved — incident confirmed resolved before the hotfix branch is deleted.

Roll back

# ZajLibrary — implementation playbook

You are a **senior implementation assistant** working inside the user’s real development environment (terminal, editor, git repo). You are **not** a documentation writer, tutor, or library editor.

**Mission:** Execute the procedure described below in the user’s real project workspace — create or modify the files and run the commands it specifies. Do not just summarize it.

## Metadata
- title: 1 · Hotfix forward
- url: https://library.zajapps.com/tech-stack/laravel/codecanyon/build/playbooks/hotfix/01-hotfix/
- shelf: Build & Create
- doc_type: implementation playbook
- status: current
- kind: playbook
- category: tech-stack
- subcategory: laravel
- topic: codecanyon
- phase: 5
- step_number: 1
- est_time: ~15 min – 1 hr
- description: Branch from production state, make the minimal scoped fix, fast-track straight to production skipping staging, then back-merge so the fix survives the next release.
- tags: codecanyon, laravel, hotfix, incident, deployer, migrations

## Execution rules (binding)
- This is step 1 of phase 5 (~15 min – 1 hr) — do only this step, then stop at its `## Checklist`.
- Follow `## Steps` in order. Do not skip steps or declare the work complete early.
- Respect `:::note[Who does this]`: 👤 **User** steps (browser, downloads, OAuth, moving files) need the human — wait for or instruct them; 🤖 **Agent** steps you run in the shell.
- After every command, compare its output to the `# Expected:` comment or ✅ bullet beneath it. If it differs, **stop, show what you got, and ask how to proceed** — do not guess or rewrite the procedure.
- Honor `:::caution` / `:::note` callouts as hard gates (a step may forbid a command at this stage).
- Do not mark the step done until every `## Checklist` item is genuinely satisfied.
- Scope: implement only what this page describes — no refactors, added features, or later-phase work unless the page says so.
- When reporting progress, cite the `##` / `###` headings you completed or got blocked on.
- Secrets: never put API keys, passwords, or `.env` values in frontend code, commits, or chat logs — use server-side `.env` / config only, and keep `.env` gitignored.

---

# 1 · Hotfix forward

## TL;DR

**Objective** — patch a live, broken app the fast-but-safe way: branch from the **production** state (not `develop`), make the smallest possible fix, deploy straight to production skipping staging, then back-merge so the fix isn't lost on the next release.

:::note[User part + done-when]
**👤 User part** — two human checkpoints: confirm the production fix actually works in the browser, and approve before the hotfix branch is deleted. Everything else (branch, commit, merge, deploy, tag, back-merge) an agent can drive.

**Done when** production works again, the fix is tagged, and it's been merged into `main`, `develop`, and `staging` so the next release keeps it. &nbsp;·&nbsp; **⏱ ~15 min – 1 hr** &nbsp;·&nbsp; 🔀 mixed (🤖 git/deploy, 👤 verify).
:::

## Background

The thing that makes a hotfix different from a normal deploy is **where you branch from**. A normal change starts on `develop` and flows `develop → staging → production`. A hotfix can't wait for that — production is already broken, and `develop` may contain half-finished work you don't want live. So you branch straight from `production`, fix only the one thing, and deploy directly.

That speed has a cost: the fix now lives only on the production line, not in `develop`. If you stop there, the **next** normal release silently overwrites your fix and the bug comes back. That's why Phase 3 (back-merge) is not optional — it's the step that makes the fix permanent.

```mermaid
flowchart LR
  P[production] -->|branch from| H[Hotfix/fix-description]
  H -->|deploy direct| P2[production live]
  H -->|back-merge| D[develop]
  D --> S[staging]
  P2 -->|merge| M[main]
```

## Steps

### 1. Assess before you touch anything

Spend two minutes confirming it's a true emergency and that you understand the bug. A wrong fix deployed in a panic is worse than the original break.

<Steps>

1. **Read the production error log and recent deploys.** Find the actual error before writing any fix.

   ```bash
   ssh [SSH_PRODUCTION_ALIAS] "tail -50 [DEPLOY_PATH]/storage/logs/laravel.log"
   git log --oneline production -5
   # Expected: a stack trace / error message, and the last 5 production commits
   ```

   - ✅ You can name what's broken and, if a deploy caused it, which one.

2. **Decide: hotfix or roll back.** If you can fix it in under an hour, continue here. If not — or if the last deploy is the culprit — switch to [Roll back](/tech-stack/laravel/codecanyon/build/playbooks/hotfix/02-rollback/) and restore the last good release first.

   - ✅ You've chosen to fix forward, and you know the fix.

</Steps>

:::caution[Don't panic-deploy]
If you can't clearly explain the bug yet, you're not ready to hotfix. Roll back to buy time, then diagnose calmly — a broken fix on top of a broken app doubles the damage.
:::

### 2. Branch from production and fix

Branch from `production` itself — **not** `develop` — so your fix sits on exactly the code that's live, with nothing extra coming along for the ride.

<Steps>

1. **Branch from the live production state.**

   ```bash
   git checkout production && git pull origin production
   git checkout -b Hotfix/fix-description
   # Expected: now on Hotfix/fix-description, branched off current production
   ```

   - ✅ `git branch --show-current` prints `Hotfix/fix-description`.

2. **Make the minimal fix, test locally, and commit.** Change only what's needed to stop the bleeding — no refactors, no extras.

   ```bash
   # find and fix the bug, then a quick local test
   git commit -am "🔧 🟦 T2 Fix-Bug: Fix [description]"
   git push origin Hotfix/fix-description
   # Expected: one small commit pushed to the hotfix branch
   ```

   - ✅ The fix is a small, scoped diff and is pushed to the remote.

</Steps>

A hotfix that touches twenty files isn't a hotfix — it's a feature in disguise. Keep the diff small enough to review at a glance under pressure.

### 3. Deploy straight to production

This is the one workflow where you **skip staging on purpose**. Production is already broken, so the normal staged path would only extend the outage. Merge the hotfix into `production` and deploy.

<Steps>

1. **Merge and deploy to production.**

   ```bash
   git checkout production
   git merge Hotfix/fix-description
   git push origin production
   dep deploy production
   # Expected: deployer publishes a new release and switches the live symlink
   ```

   - ✅ The deploy completes without errors and the new release is live.

</Steps>

Now hand off to a person for the one check an agent can't truly make — does it actually work for a real user?

:::note[Who does this]
👤 **User** opens the live site and confirms the broken thing is fixed — and that nothing obvious else broke. Only a human can judge "the app works now."
:::

Open production in a browser, reproduce the original failing action, and confirm it now succeeds before moving on.

### 4. Make the fix permanent (back-merge)

The fix is live but fragile — it exists only on the production line. Tag it, then fold it back into every branch so the next normal release can't undo it.

<Steps>

1. **Tag the fix and propagate it to `main`, `develop`, and `staging`.**

   ```bash
   git tag v[VERSION]-[next letter]   # e.g. v1.0.0-a → v1.0.0-b
   git push origin v[VERSION]-[next letter]

   git checkout main && git merge production && git push origin main
   git checkout develop && git merge Hotfix/fix-description && git push origin develop
   git checkout staging && git merge develop && git push origin staging
   # Expected: the fix now exists on main, develop, and staging
   ```

   - ✅ `git branch --contains Hotfix/fix-description` lists `develop` (and the fix is on `main`/`staging`).

</Steps>

This back-merge is the difference between fixing the bug once and fixing it forever. Skip it and the bug reappears on the next deploy from `develop`.

:::note[Who does this]
👤 **User** confirms the incident is fully resolved before the throwaway branch is removed — the branch is the only record of the isolated fix until it's safely merged everywhere.
:::

Once a person has confirmed everything is merged and stable, clean up:

```bash
git checkout develop
# then delete the hotfix branch (local + remote) once 👤 confirms it's safe
```

## Checklist

Do not mark this step done until **every** box below is checked.

- [ ] **🤖 Assessed** — production error read; confirmed it's a true emergency and the fix is understood.
- [ ] **🤖 Branched from production** — on `Hotfix/fix-description`, off the live state (not `develop`).
- [ ] **🤖 Minimal fix shipped** — small scoped diff, merged to `production`, `dep deploy production` succeeded.
- [ ] **👤 Verified live** — the original failure is reproduced and confirmed fixed in a browser on production.
- [ ] **🤖 Tagged + back-merged** — `v[VERSION]-[next letter]` pushed; fix merged into `main`, `develop`, and `staging`.
- [ ] **👤 Cleanup approved** — incident confirmed resolved before the hotfix branch is deleted.

:::next[Next step]
[Roll back](/tech-stack/laravel/codecanyon/build/playbooks/hotfix/02-rollback/)
:::

# 1 · Hotfix forward

> Source: https://library.zajapps.com/tech-stack/laravel/codecanyon/build/playbooks/hotfix/01-hotfix/

## TL;DR

**Objective** — patch a live, broken app the fast-but-safe way: branch from the **production** state (not `develop`), make the smallest possible fix, deploy straight to production skipping staging, then back-merge so the fix isn't lost on the next release.

:::note[User part + done-when]
**👤 User part** — two human checkpoints: confirm the production fix actually works in the browser, and approve before the hotfix branch is deleted. Everything else (branch, commit, merge, deploy, tag, back-merge) an agent can drive.

**Done when** production works again, the fix is tagged, and it's been merged into `main`, `develop`, and `staging` so the next release keeps it. &nbsp;·&nbsp; **⏱ ~15 min – 1 hr** &nbsp;·&nbsp; 🔀 mixed (🤖 git/deploy, 👤 verify).
:::

## Background

The thing that makes a hotfix different from a normal deploy is **where you branch from**. A normal change starts on `develop` and flows `develop → staging → production`. A hotfix can't wait for that — production is already broken, and `develop` may contain half-finished work you don't want live. So you branch straight from `production`, fix only the one thing, and deploy directly.

That speed has a cost: the fix now lives only on the production line, not in `develop`. If you stop there, the **next** normal release silently overwrites your fix and the bug comes back. That's why Phase 3 (back-merge) is not optional — it's the step that makes the fix permanent.

```mermaid
flowchart LR
  P[production] -->|branch from| H[Hotfix/fix-description]
  H -->|deploy direct| P2[production live]
  H -->|back-merge| D[develop]
  D --> S[staging]
  P2 -->|merge| M[main]
```

## Steps

### 1. Assess before you touch anything

Spend two minutes confirming it's a true emergency and that you understand the bug. A wrong fix deployed in a panic is worse than the original break.

<Steps>

1. **Read the production error log and recent deploys.** Find the actual error before writing any fix.

   ```bash
   ssh [SSH_PRODUCTION_ALIAS] "tail -50 [DEPLOY_PATH]/storage/logs/laravel.log"
   git log --oneline production -5
   # Expected: a stack trace / error message, and the last 5 production commits
   ```

   - ✅ You can name what's broken and, if a deploy caused it, which one.

2. **Decide: hotfix or roll back.** If you can fix it in under an hour, continue here. If not — or if the last deploy is the culprit — switch to [Roll back](/tech-stack/laravel/codecanyon/build/playbooks/hotfix/02-rollback/) and restore the last good release first.

   - ✅ You've chosen to fix forward, and you know the fix.

</Steps>

:::caution[Don't panic-deploy]
If you can't clearly explain the bug yet, you're not ready to hotfix. Roll back to buy time, then diagnose calmly — a broken fix on top of a broken app doubles the damage.
:::

### 2. Branch from production and fix

Branch from `production` itself — **not** `develop` — so your fix sits on exactly the code that's live, with nothing extra coming along for the ride.

<Steps>

1. **Branch from the live production state.**

   ```bash
   git checkout production && git pull origin production
   git checkout -b Hotfix/fix-description
   # Expected: now on Hotfix/fix-description, branched off current production
   ```

   - ✅ `git branch --show-current` prints `Hotfix/fix-description`.

2. **Make the minimal fix, test locally, and commit.** Change only what's needed to stop the bleeding — no refactors, no extras.

   ```bash
   # find and fix the bug, then a quick local test
   git commit -am "🔧 🟦 T2 Fix-Bug: Fix [description]"
   git push origin Hotfix/fix-description
   # Expected: one small commit pushed to the hotfix branch
   ```

   - ✅ The fix is a small, scoped diff and is pushed to the remote.

</Steps>

A hotfix that touches twenty files isn't a hotfix — it's a feature in disguise. Keep the diff small enough to review at a glance under pressure.

### 3. Deploy straight to production

This is the one workflow where you **skip staging on purpose**. Production is already broken, so the normal staged path would only extend the outage. Merge the hotfix into `production` and deploy.

<Steps>

1. **Merge and deploy to production.**

   ```bash
   git checkout production
   git merge Hotfix/fix-description
   git push origin production
   dep deploy production
   # Expected: deployer publishes a new release and switches the live symlink
   ```

   - ✅ The deploy completes without errors and the new release is live.

</Steps>

Now hand off to a person for the one check an agent can't truly make — does it actually work for a real user?

:::note[Who does this]
👤 **User** opens the live site and confirms the broken thing is fixed — and that nothing obvious else broke. Only a human can judge "the app works now."
:::

Open production in a browser, reproduce the original failing action, and confirm it now succeeds before moving on.

### 4. Make the fix permanent (back-merge)

The fix is live but fragile — it exists only on the production line. Tag it, then fold it back into every branch so the next normal release can't undo it.

<Steps>

1. **Tag the fix and propagate it to `main`, `develop`, and `staging`.**

   ```bash
   git tag v[VERSION]-[next letter]   # e.g. v1.0.0-a → v1.0.0-b
   git push origin v[VERSION]-[next letter]

   git checkout main && git merge production && git push origin main
   git checkout develop && git merge Hotfix/fix-description && git push origin develop
   git checkout staging && git merge develop && git push origin staging
   # Expected: the fix now exists on main, develop, and staging
   ```

   - ✅ `git branch --contains Hotfix/fix-description` lists `develop` (and the fix is on `main`/`staging`).

</Steps>

This back-merge is the difference between fixing the bug once and fixing it forever. Skip it and the bug reappears on the next deploy from `develop`.

:::note[Who does this]
👤 **User** confirms the incident is fully resolved before the throwaway branch is removed — the branch is the only record of the isolated fix until it's safely merged everywhere.
:::

Once a person has confirmed everything is merged and stable, clean up:

```bash
git checkout develop
# then delete the hotfix branch (local + remote) once 👤 confirms it's safe
```

## Checklist

Do not mark this step done until **every** box below is checked.

- [ ] **🤖 Assessed** — production error read; confirmed it's a true emergency and the fix is understood.
- [ ] **🤖 Branched from production** — on `Hotfix/fix-description`, off the live state (not `develop`).
- [ ] **🤖 Minimal fix shipped** — small scoped diff, merged to `production`, `dep deploy production` succeeded.
- [ ] **👤 Verified live** — the original failure is reproduced and confirmed fixed in a browser on production.
- [ ] **🤖 Tagged + back-merged** — `v[VERSION]-[next letter]` pushed; fix merged into `main`, `develop`, and `staging`.
- [ ] **👤 Cleanup approved** — incident confirmed resolved before the hotfix branch is deleted.

:::next[Next step]
[Roll back](/tech-stack/laravel/codecanyon/build/playbooks/hotfix/02-rollback/)
:::