Vendventory Documentation
Ctrl+K
v1.0.0 Changelog
Docs / Buyer ZIP Audit

Buyer ZIP Audit

Use this checklist before generating the marketplace archive. The goal is to ship a clean buyer package that installs without missing dependencies, without exposing local runtime state, and without unnecessary clutter.

Packaging target: the archive should be installable, documented, and friendly to shared-hosting buyers who may not run Composer or a queue worker themselves.

1) Packaging Strategy

Decide the archive contract
  • Ship the exact app structure the buyer needs for installation, configuration, and production runtime.
  • If the item targets shared hosting, include the resolved vendor/ tree in the buyer package.
  • Make sure the installation guide matches the packaging choice so the buyer does not discover missing steps after upload.

2) Must Include

Core delivery contents
  • Application source: app/, bootstrap/, config/, database/, public/, resources/, routes/, and vendor/ when required by the packaging strategy.
  • Framework entry files such as artisan, composer.json, composer.lock, and .env.example.
  • Buyer-facing docs under documentation/, including installation, configuration, release, and troubleshooting pages.
  • Current migrations, essential seeders, optional demo seeders, and installer services that match the docs.

3) Must Exclude

Remove these before zipping
  • Version-control metadata such as .git/.
  • Live environment files such as .env.
  • Logs, local runtime cache, sessions, compiled views, and other generated state under storage/ and bootstrap/cache/.
  • Machine-specific clutter such as editor temp files, OS junk files, and local export artifacts.

4) Secret and Runtime Review

Secrets
  • Do not ship production SMTP credentials, API keys, OAuth secrets, or personal webhook endpoints.
  • Check example config values, documentation screenshots, and copied command output for accidental secrets.
  • Make sure mail, queue, and session defaults match what the docs promise.
Runtime state
  • Clear caches and remove generated files that were created on the packaging machine.
  • Exclude local SQLite files, export PDFs, uploaded test images, and debug dumps.
  • Confirm the archive does not contain stale demo data exported from a live environment.

5) Final Archive Check

Final sign-off before upload
  1. Build the release archive from a clean workspace copy or a release-prepared folder.
  2. Open the ZIP locally and verify the top-level structure is what the buyer will actually see.
  3. Cross-check the archive against the installation guide and release checklist.
  4. Record the version, packaging date, and the person who signed off the archive.
← Previous: Clean Install Smoke Next: Manual QA Checklist →