Skip to content
SaaS ERP SaaS ERP Docs

Fork checklist — new product from the platform

Reusable (prefer dependency, not copy)

  • OpenAPI fragments + merge pipeline patterns from prego-zuplo
  • Worker skeleton (Hono, auth middleware, tenant context) from prego_ai
  • @platform/platform-trust (X-Internal-Sig contract) in Prego/packages/platform-trust, vendored into prego-zuplo and prego_ai as packages/platform-trust. With Prego cloned beside those repos, refresh vendors via pnpm run sync:platform-trust (or npm run sync:platform-trust in prego_ai).
  • Documentation spine under Prego/docs platform/ and contracts/

Configurable (per environment)

  • Cloudflare account IDs, zone names, Worker names
  • Zuplo environment variables and upstream URLs
  • INTERNAL_SECRET, JWT issuers, Stripe keys
  • Frappe site ↔ tenant_id mapping in control-plane

Copied per product

  • Product-specific OpenAPI fragments and route modules
  • Domain Frappe app (or separate app repo) for that vertical
  • Product UI routes and branding in Next.js apps
  • Pulumi stack names / Ansible inventory for that product’s infra

Bootstrap order (runbook)

  1. Pulumi (or equivalent) — core bindings and secrets placeholders
  2. Ansible — bench / VM provisioning if used
  3. Control-plane — create tenant row and runtime record
  4. Zuplo — point upstreams at new Worker/Frappe URLs
  5. Workers — deploy with secrets; enable REQUIRE_INTERNAL_SIG when ready
  6. Pages — deploy UI with correct public API base URL

Adjust to your stack; document the final order in a single runbook page per product.

Verification

  • Tenant isolation test (cross-tenant request must fail)
  • OpenAPI merged output matches deployed routes
  • prego-zuplo (after config/*.oas.json or merge-list changes): repo root pnpm run sync-oas then pnpm run verify; pnpm run verify:portal matches GitHub CI (adds Zudoku production docs build). See How to add an API §1.
  • prego-zuplo Portal ALLOWED_ORIGINS includes every browser origin you use (local dev, production, *.pages.dev previews if applicable). If web apps send x-trace-id, the active CORS policy’s allowedHeaders must allow it — see prego-zuplo docs/runbook/ and Tenant & trust boundaries.
  • prego_ai: repo root npm run install:workers then npm run test. packages/platform-trust is vendored from Prego/packages/platform-trust (rsync both gateway and worker repos when the contract changes). Default Actions do not clone private Prego.
  • Staging e2e: sign-in → one critical API → optional assistant route if applicable

한국어

재사용은 계약·워커 뼈대·문서 체계를 의존성으로 가져가고, 설정은 계정/시크릿/업스트림 URL, 복사는 제품별 OAS·도메인 앱·UI입니다. 부트스트랩 순서는 한 runbook에 고정합니다. prego-zuplo OAS 변경 후에는 루트에서 sync-oasverify, CI와 동일 검증은 verify:portal입니다. prego_ai는 루트에서 install:workerstest이며 platform-trust는 모노레포에서 벤더합니다. 브라우저 출처·ALLOWED_ORIGINS·x-trace-id CORS는 prego-zuplo docs/runbook/테넌트 신뢰 경계를 맞춥니다.

Help