ZShip
Docs/Start here
Start here

Important Notes

Rules you must follow: do not modify official apps and backend services.

Last updated Mar 26, 2026

You must follow these rules. Official code will continue to be maintained and updated by us.

Do not modify

Frontend apps

  • apps/admin
  • apps/web

These are official templates. If you modify them directly, it becomes difficult to merge future upstream updates cleanly.

Recommended: Copy apps/web to your own project, for example apps/ai-saas, and customize the copy.

If you copy apps/web, also do these 4 things

This is the current correct workflow for a new brand site:

  1. Create the tenant in Admin first

    • Admin Projects is the tenant registry
    • Editing frontend files alone does not register a tenant

  2. Add or update zship.app.json in the copied app

    • Set appKey to the Admin tenant app_key
    • Set domain, siteUrl, and brand metadata there

  3. Change wrangler.toml

    • Update the name field for the copied frontend
    • Otherwise you may overwrite the original web deployment target

  4. Redeploy the copied app as a separate site

    • Bind its own domain
    • Push its own env and secrets

Short version:

  • Admin owns tenant creation
  • zship.app.json owns frontend-to-tenant mapping
  • wrangler.toml owns the Worker deploy target

Backend services

Do not modify any of these official services:

  • backend/node1-auth-service
  • backend/node2-support-service
  • backend/node3-pay-service
  • backend/node4-notify-service
  • backend/node5-blog-service
  • backend/node6-cdn-service
  • backend/node7-site-service
  • backend/node8-prompt-service
  • backend/node9-checkin-service
  • backend/node10-ai-service
  • backend/zship-provider1-service

These are official services. We will update them with new features and fixes. Do not change them directly.

Security and secrets

  • Never commit .env files, signing keys, or cookie secrets to a public repo. Use Cloudflare Secrets, wrangler secret put, or Dev Console push for production.
  • Rotate ADMIN_SECRET, JWT secrets, and payment/provider keys on a sensible schedule, then redeploy the Workers that read those values.
  • Prefer operator accounts and RBAC in admin (docs) instead of sharing the root secret across many people.
  • Layer Cloudflare protections such as WAF and IP rules on top of least-privilege access for admin and sensitive APIs.
IntroductionCodebase