Implement Vendor Updates

# ZajLibrary — implementation playbook

You are a **senior implementation assistant** working inside the user’s real development environment (terminal, editor, git repo). You are **not** a documentation writer, tutor, or library editor.

**Mission:** Execute the procedure described below in the user’s real project workspace — create or modify the files and run the commands it specifies. Do not just summarize it.

## Metadata
- title: Implement Vendor Updates
- url: https://library.zajapps.com/tech-stack/laravel/codecanyon/build/playbooks/vendor-updates/
- shelf: Build & Create
- doc_type: implementation playbook
- status: current
- kind: playbook
- collection: codecanyon-laravel
- category: tech-stack
- subcategory: laravel
- topic: codecanyon
- description: Apply a new CodeCanyon vendor release without losing your customizations or breaking the database — compare the schema, apply the update on a branch, then restore your overlay.
- tags: codecanyon, laravel, vendor-updates, atlas, migrations, rollback

## Execution rules (binding)
- Follow `## Steps` in order. Do not skip steps or declare the work complete early.
- Respect `:::note[Who does this]`: 👤 **User** steps (browser, downloads, OAuth, moving files) need the human — wait for or instruct them; 🤖 **Agent** steps you run in the shell.
- After every command, compare its output to the `# Expected:` comment or ✅ bullet beneath it. If it differs, **stop, show what you got, and ask how to proceed** — do not guess or rewrite the procedure.
- Honor `:::caution` / `:::note` callouts as hard gates (a step may forbid a command at this stage).
- Do not mark the step done until every `## Checklist` item is genuinely satisfied.
- Scope: implement only what this page describes — no refactors, added features, or later-phase work unless the page says so.
- When reporting progress, cite the `##` / `###` headings you completed or got blocked on.
- Secrets: never put API keys, passwords, or `.env` values in frontend code, commits, or chat logs — use server-side `.env` / config only, and keep `.env` gitignored.

---

# Implement Vendor Updates

**Workflow 4 of 5.** The vendor shipped a new version of the app you bought. This is how you take it in safely — whether or not you've customized the app — without losing work or corrupting the database.

The danger is simple to state. A vendor update is a fresh copy of *their* code. If you drop it straight on top of yours, it overwrites the files you edited and you lose hours of work. The whole point of the customization system (Workflow 3) was to keep your changes in update-safe homes so a new release can pass through cleanly. This playbook is where that investment pays off.

## The core idea

Treat the new release as a known quantity *before* you apply it. You compare the new schema against your frozen `author-vX.X.X` snapshot to see exactly what will change in the database, apply the vendor files on a throwaway branch so the work is reversible, then re-run your restore script so your overlay and your ZajModules land back on top. Nothing is a surprise; everything is undoable.

```mermaid
flowchart LR
  A["New vendor<br/>release"] --> B["1 · Compare<br/>schema diff"]
  B --> C["2 · Apply update<br/>on a branch"]
  C --> D["3 · Restore your<br/>customizations"]
  D --> E["Verified app —<br/>nothing lost"]
```

Why this order matters: comparing first tells you whether a migration will quietly drop a column or table, so you can back up before — not after — the damage. Applying on a branch keeps your live code untouched until the update is proven. Restoring last re-applies the overlay that `composer install` always reverts to vanilla.

## The three steps

<CardGrid>
  <LinkCard title="1 · Compare the schema" href="/tech-stack/laravel/codecanyon/build/playbooks/vendor-updates/01-compare-schema/" description="Diff the new release against your frozen author snapshot with Atlas, classify every change by risk, and stop on any destructive operation." />
  <LinkCard title="2 · Apply the update" href="/tech-stack/laravel/codecanyon/build/playbooks/vendor-updates/02-apply-update/" description="Tag a backup, create the author branch, drop in the vendor files, then merge and run migrations safely on a branch you can throw away." />
  <LinkCard title="3 · Restore customizations" href="/tech-stack/laravel/codecanyon/build/playbooks/vendor-updates/03-restore-customizations/" description="Re-apply your vendor-customizations overlay with the restore script, confirm ZajModules survived untouched, and verify nothing was lost." />
</CardGrid>

This playbook builds directly on **[Implement Customizations](/tech-stack/laravel/codecanyon/build/playbooks/customizations/)** (Workflow 3) — the `_zaj` tables, ZajModules, and the vendor-customizations overlay are what make a vendor update survivable. If you skipped that, read it first.

For **security-only** package bumps (`composer audit` / `npm audit`) with a rollback gate — not a full vendor release — use the [Security package update runbook](/tech-stack/laravel/codecanyon/build/runbooks/security-package-update/).

:::note[See everything in this collection]
Every page in this CodeCanyon topic lives under **[/tech-stack/laravel/codecanyon/](/tech-stack/laravel/codecanyon/)** — the exhaustive cross-shelf index.
:::

Ready? The first move is always to look before you leap:

:::next[Start here]
[Compare the schema](/tech-stack/laravel/codecanyon/build/playbooks/vendor-updates/01-compare-schema/)
:::

# Implement Vendor Updates

> Source: https://library.zajapps.com/tech-stack/laravel/codecanyon/build/playbooks/vendor-updates/

**Workflow 4 of 5.** The vendor shipped a new version of the app you bought. This is how you take it in safely — whether or not you've customized the app — without losing work or corrupting the database.

The danger is simple to state. A vendor update is a fresh copy of *their* code. If you drop it straight on top of yours, it overwrites the files you edited and you lose hours of work. The whole point of the customization system (Workflow 3) was to keep your changes in update-safe homes so a new release can pass through cleanly. This playbook is where that investment pays off.

## The core idea

Treat the new release as a known quantity *before* you apply it. You compare the new schema against your frozen `author-vX.X.X` snapshot to see exactly what will change in the database, apply the vendor files on a throwaway branch so the work is reversible, then re-run your restore script so your overlay and your ZajModules land back on top. Nothing is a surprise; everything is undoable.

```mermaid
flowchart LR
  A["New vendor<br/>release"] --> B["1 · Compare<br/>schema diff"]
  B --> C["2 · Apply update<br/>on a branch"]
  C --> D["3 · Restore your<br/>customizations"]
  D --> E["Verified app —<br/>nothing lost"]
```

Why this order matters: comparing first tells you whether a migration will quietly drop a column or table, so you can back up before — not after — the damage. Applying on a branch keeps your live code untouched until the update is proven. Restoring last re-applies the overlay that `composer install` always reverts to vanilla.

## The three steps

<CardGrid>
  <LinkCard title="1 · Compare the schema" href="/tech-stack/laravel/codecanyon/build/playbooks/vendor-updates/01-compare-schema/" description="Diff the new release against your frozen author snapshot with Atlas, classify every change by risk, and stop on any destructive operation." />
  <LinkCard title="2 · Apply the update" href="/tech-stack/laravel/codecanyon/build/playbooks/vendor-updates/02-apply-update/" description="Tag a backup, create the author branch, drop in the vendor files, then merge and run migrations safely on a branch you can throw away." />
  <LinkCard title="3 · Restore customizations" href="/tech-stack/laravel/codecanyon/build/playbooks/vendor-updates/03-restore-customizations/" description="Re-apply your vendor-customizations overlay with the restore script, confirm ZajModules survived untouched, and verify nothing was lost." />
</CardGrid>

This playbook builds directly on **[Implement Customizations](/tech-stack/laravel/codecanyon/build/playbooks/customizations/)** (Workflow 3) — the `_zaj` tables, ZajModules, and the vendor-customizations overlay are what make a vendor update survivable. If you skipped that, read it first.

For **security-only** package bumps (`composer audit` / `npm audit`) with a rollback gate — not a full vendor release — use the [Security package update runbook](/tech-stack/laravel/codecanyon/build/runbooks/security-package-update/).

:::note[See everything in this collection]
Every page in this CodeCanyon topic lives under **[/tech-stack/laravel/codecanyon/](/tech-stack/laravel/codecanyon/)** — the exhaustive cross-shelf index.
:::

Ready? The first move is always to look before you leap:

:::next[Start here]
[Compare the schema](/tech-stack/laravel/codecanyon/build/playbooks/vendor-updates/01-compare-schema/)
:::

Workflow 4 of 5. The vendor shipped a new version of the app you bought. This is how you take it in safely — whether or not you’ve customized the app — without losing work or corrupting the database.

The danger is simple to state. A vendor update is a fresh copy of their code. If you drop it straight on top of yours, it overwrites the files you edited and you lose hours of work. The whole point of the customization system (Workflow 3) was to keep your changes in update-safe homes so a new release can pass through cleanly. This playbook is where that investment pays off.

The core idea

Treat the new release as a known quantity before you apply it. You compare the new schema against your frozen author-vX.X.X snapshot to see exactly what will change in the database, apply the vendor files on a throwaway branch so the work is reversible, then re-run your restore script so your overlay and your ZajModules land back on top. Nothing is a surprise; everything is undoable.

flowchart LR
  A["New vendor<br/>release"] --> B["1 · Compare<br/>schema diff"]
  B --> C["2 · Apply update<br/>on a branch"]
  C --> D["3 · Restore your<br/>customizations"]
  D --> E["Verified app —<br/>nothing lost"]

Why this order matters: comparing first tells you whether a migration will quietly drop a column or table, so you can back up before — not after — the damage. Applying on a branch keeps your live code untouched until the update is proven. Restoring last re-applies the overlay that composer install always reverts to vanilla.

The three steps

1 · Compare the schema Diff the new release against your frozen author snapshot with Atlas, classify every change by risk, and stop on any destructive operation.

2 · Apply the update Tag a backup, create the author branch, drop in the vendor files, then merge and run migrations safely on a branch you can throw away.

3 · Restore customizations Re-apply your vendor-customizations overlay with the restore script, confirm ZajModules survived untouched, and verify nothing was lost.

This playbook builds directly on Implement Customizations (Workflow 3) — the _zaj tables, ZajModules, and the vendor-customizations overlay are what make a vendor update survivable. If you skipped that, read it first.

For security-only package bumps (composer audit / npm audit) with a rollback gate — not a full vendor release — use the Security package update runbook.

Ready? The first move is always to look before you leap:

Compare the schema

# ZajLibrary — implementation playbook

You are a **senior implementation assistant** working inside the user’s real development environment (terminal, editor, git repo). You are **not** a documentation writer, tutor, or library editor.

**Mission:** Execute the procedure described below in the user’s real project workspace — create or modify the files and run the commands it specifies. Do not just summarize it.

## Metadata
- title: Implement Vendor Updates
- url: https://library.zajapps.com/tech-stack/laravel/codecanyon/build/playbooks/vendor-updates/
- shelf: Build & Create
- doc_type: implementation playbook
- status: current
- kind: playbook
- collection: codecanyon-laravel
- category: tech-stack
- subcategory: laravel
- topic: codecanyon
- description: Apply a new CodeCanyon vendor release without losing your customizations or breaking the database — compare the schema, apply the update on a branch, then restore your overlay.
- tags: codecanyon, laravel, vendor-updates, atlas, migrations, rollback

## Execution rules (binding)
- Follow `## Steps` in order. Do not skip steps or declare the work complete early.
- Respect `:::note[Who does this]`: 👤 **User** steps (browser, downloads, OAuth, moving files) need the human — wait for or instruct them; 🤖 **Agent** steps you run in the shell.
- After every command, compare its output to the `# Expected:` comment or ✅ bullet beneath it. If it differs, **stop, show what you got, and ask how to proceed** — do not guess or rewrite the procedure.
- Honor `:::caution` / `:::note` callouts as hard gates (a step may forbid a command at this stage).
- Do not mark the step done until every `## Checklist` item is genuinely satisfied.
- Scope: implement only what this page describes — no refactors, added features, or later-phase work unless the page says so.
- When reporting progress, cite the `##` / `###` headings you completed or got blocked on.
- Secrets: never put API keys, passwords, or `.env` values in frontend code, commits, or chat logs — use server-side `.env` / config only, and keep `.env` gitignored.

---

# Implement Vendor Updates

**Workflow 4 of 5.** The vendor shipped a new version of the app you bought. This is how you take it in safely — whether or not you've customized the app — without losing work or corrupting the database.

The danger is simple to state. A vendor update is a fresh copy of *their* code. If you drop it straight on top of yours, it overwrites the files you edited and you lose hours of work. The whole point of the customization system (Workflow 3) was to keep your changes in update-safe homes so a new release can pass through cleanly. This playbook is where that investment pays off.

## The core idea

Treat the new release as a known quantity *before* you apply it. You compare the new schema against your frozen `author-vX.X.X` snapshot to see exactly what will change in the database, apply the vendor files on a throwaway branch so the work is reversible, then re-run your restore script so your overlay and your ZajModules land back on top. Nothing is a surprise; everything is undoable.

```mermaid
flowchart LR
  A["New vendor<br/>release"] --> B["1 · Compare<br/>schema diff"]
  B --> C["2 · Apply update<br/>on a branch"]
  C --> D["3 · Restore your<br/>customizations"]
  D --> E["Verified app —<br/>nothing lost"]
```

Why this order matters: comparing first tells you whether a migration will quietly drop a column or table, so you can back up before — not after — the damage. Applying on a branch keeps your live code untouched until the update is proven. Restoring last re-applies the overlay that `composer install` always reverts to vanilla.

## The three steps

<CardGrid>
  <LinkCard title="1 · Compare the schema" href="/tech-stack/laravel/codecanyon/build/playbooks/vendor-updates/01-compare-schema/" description="Diff the new release against your frozen author snapshot with Atlas, classify every change by risk, and stop on any destructive operation." />
  <LinkCard title="2 · Apply the update" href="/tech-stack/laravel/codecanyon/build/playbooks/vendor-updates/02-apply-update/" description="Tag a backup, create the author branch, drop in the vendor files, then merge and run migrations safely on a branch you can throw away." />
  <LinkCard title="3 · Restore customizations" href="/tech-stack/laravel/codecanyon/build/playbooks/vendor-updates/03-restore-customizations/" description="Re-apply your vendor-customizations overlay with the restore script, confirm ZajModules survived untouched, and verify nothing was lost." />
</CardGrid>

This playbook builds directly on **[Implement Customizations](/tech-stack/laravel/codecanyon/build/playbooks/customizations/)** (Workflow 3) — the `_zaj` tables, ZajModules, and the vendor-customizations overlay are what make a vendor update survivable. If you skipped that, read it first.

For **security-only** package bumps (`composer audit` / `npm audit`) with a rollback gate — not a full vendor release — use the [Security package update runbook](/tech-stack/laravel/codecanyon/build/runbooks/security-package-update/).

:::note[See everything in this collection]
Every page in this CodeCanyon topic lives under **[/tech-stack/laravel/codecanyon/](/tech-stack/laravel/codecanyon/)** — the exhaustive cross-shelf index.
:::

Ready? The first move is always to look before you leap:

:::next[Start here]
[Compare the schema](/tech-stack/laravel/codecanyon/build/playbooks/vendor-updates/01-compare-schema/)
:::

# Implement Vendor Updates

> Source: https://library.zajapps.com/tech-stack/laravel/codecanyon/build/playbooks/vendor-updates/

**Workflow 4 of 5.** The vendor shipped a new version of the app you bought. This is how you take it in safely — whether or not you've customized the app — without losing work or corrupting the database.

The danger is simple to state. A vendor update is a fresh copy of *their* code. If you drop it straight on top of yours, it overwrites the files you edited and you lose hours of work. The whole point of the customization system (Workflow 3) was to keep your changes in update-safe homes so a new release can pass through cleanly. This playbook is where that investment pays off.

## The core idea

Treat the new release as a known quantity *before* you apply it. You compare the new schema against your frozen `author-vX.X.X` snapshot to see exactly what will change in the database, apply the vendor files on a throwaway branch so the work is reversible, then re-run your restore script so your overlay and your ZajModules land back on top. Nothing is a surprise; everything is undoable.

```mermaid
flowchart LR
  A["New vendor<br/>release"] --> B["1 · Compare<br/>schema diff"]
  B --> C["2 · Apply update<br/>on a branch"]
  C --> D["3 · Restore your<br/>customizations"]
  D --> E["Verified app —<br/>nothing lost"]
```

Why this order matters: comparing first tells you whether a migration will quietly drop a column or table, so you can back up before — not after — the damage. Applying on a branch keeps your live code untouched until the update is proven. Restoring last re-applies the overlay that `composer install` always reverts to vanilla.

## The three steps

<CardGrid>
  <LinkCard title="1 · Compare the schema" href="/tech-stack/laravel/codecanyon/build/playbooks/vendor-updates/01-compare-schema/" description="Diff the new release against your frozen author snapshot with Atlas, classify every change by risk, and stop on any destructive operation." />
  <LinkCard title="2 · Apply the update" href="/tech-stack/laravel/codecanyon/build/playbooks/vendor-updates/02-apply-update/" description="Tag a backup, create the author branch, drop in the vendor files, then merge and run migrations safely on a branch you can throw away." />
  <LinkCard title="3 · Restore customizations" href="/tech-stack/laravel/codecanyon/build/playbooks/vendor-updates/03-restore-customizations/" description="Re-apply your vendor-customizations overlay with the restore script, confirm ZajModules survived untouched, and verify nothing was lost." />
</CardGrid>

This playbook builds directly on **[Implement Customizations](/tech-stack/laravel/codecanyon/build/playbooks/customizations/)** (Workflow 3) — the `_zaj` tables, ZajModules, and the vendor-customizations overlay are what make a vendor update survivable. If you skipped that, read it first.

For **security-only** package bumps (`composer audit` / `npm audit`) with a rollback gate — not a full vendor release — use the [Security package update runbook](/tech-stack/laravel/codecanyon/build/runbooks/security-package-update/).

:::note[See everything in this collection]
Every page in this CodeCanyon topic lives under **[/tech-stack/laravel/codecanyon/](/tech-stack/laravel/codecanyon/)** — the exhaustive cross-shelf index.
:::

Ready? The first move is always to look before you leap:

:::next[Start here]
[Compare the schema](/tech-stack/laravel/codecanyon/build/playbooks/vendor-updates/01-compare-schema/)
:::