Launch unblock plan
Turn launch blockers into executable work.
Strict readiness says what is blocked. The evidence ledger says where proof belongs. This plan turns both into ordered workstreams with the command, evidence target, owner, and claim lock needed to unblock a real B2B launch.
6
active workstreams
2
operator workstreams
2
vendor workstreams
2
blocked launch modes
Next unblock actions
Start with the shell, not the sales claim.
The first three actions are intentionally operational: prove the local handoff, run the approved evidence command, then attach the output where customer review can see it.
Validate the operator env handoff
Operator seed and fixture proof
Evidence target: /tmp/thesmios-launch-proof-bundle.json
npm run check:operator-env -- --env-file /tmp/operator.env --seed --include-fixtures --json
Run the operator launch proof bundle
Operator seed and fixture proof
Evidence target: /tmp/thesmios-launch-proof-bundle.json
CONFIRM_OPERATOR_LAUNCH_PROOF=thesmios-operator-proof LAUNCH_OPERATIONS_SECRET=<secret> THESMIOS_SMOKE_URL=https://www.thesmios.com npm run proof:operator-launch -- --seed --include-fixtures
Run the security fixture suite
Security, evidence, audit, and privacy fixtures
Evidence target: /api/product/production-proof
THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:issuer-fixture && THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:evidence-fixture && THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:audit-export-fixture && THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:privacy-fixture
Workstreams
Every blocker gets an owner and an attachment target.
Operator seed and fixture proof
Prepare the operator shell, seed production smoke fixtures if approved, and produce one launch proof bundle for authenticated and mutating evidence.
Owner: Operator
Blocks: managed private beta; invoice paid beta; self serve paid; enterprise expansion
If skipped: Keep production tenant isolation, issuer signing, evidence pipeline, audit export, and privacy claims out of paid launch evidence.
Actions
Preflight: Validate the operator env handoff
Every seed and authenticated fixture variable group reports ready without printing secret values.
npm run check:operator-env -- --env-file /tmp/operator.env --seed --include-fixtures --json
Attach to /tmp/thesmios-launch-proof-bundle.json. Do not run mutating proof commands from this shell until the preflight is ready.
Proof run: Run the operator launch proof bundle
A locked `/tmp/thesmios-launch-proof-bundle.json` with public, authenticated, issuer, evidence, audit, and privacy proof outputs.
CONFIRM_OPERATOR_LAUNCH_PROOF=thesmios-operator-proof LAUNCH_OPERATIONS_SECRET=<secret> THESMIOS_SMOKE_URL=https://www.thesmios.com npm run proof:operator-launch -- --seed --include-fixtures
Attach to /tmp/thesmios-launch-proof-bundle.json. Attach the output file to the customer launch room or mark excluded scopes in the order form.
Authenticated tenant access proof
Needs customer acceptanceTarget: /api/platform/launch-room
Locked: Private demo can continue, but a customer tenant cannot be accepted as live.
Credential and evidence sample proof
Needs customer acceptanceTarget: /api/platform/launch-room
Locked: Do not claim production credential signing, evidence controls, audit export, or privacy fulfilment as buyer-accepted.
Evidence scanning, audit export, and data-rights fixtures
Needs fixture outputTarget: /tmp/thesmios-launch-proof-bundle.json
Locked: Buyer-accepted malware/quarantine proof before evidence fixture output.; Buyer-accepted audit exports before export fixture output.; Buyer-accepted data-rights fulfilment proof before privacy fixture output.
Operator environment preflight
Needs operator runTarget: /tmp/thesmios-launch-proof-bundle.json
Locked: Do not run operator seeding or fixture proof from this shell; retrieve real secret values from the operator password manager or approved vendor console.
Operator launch seed
Needs operator runTarget: /tmp/thesmios-launch-proof-bundle.json
Locked: Strict readiness cannot prove RLS or authenticated role separation on production data.
Authenticated smoke fixture records
Needs fixture outputTarget: /api/product/production-proof
Locked: Accepted customer tenant; Invoice-led paid beta without fixture proof
Security, evidence, audit, and privacy fixtures
Clear the security and privacy proof outputs that buyers expect before paid beta evidence is accepted.
Owner: Security
Blocks: managed private beta; invoice paid beta; self serve paid; enterprise expansion
If skipped: Do not claim production-grade evidence scanning, audit export, credential signing, or DSAR fulfilment proof.
Actions
Proof run: Run the security fixture suite
Issuer, file-control, audit export, and privacy/data-rights fixture outputs pass against the seeded production tenant.
THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:issuer-fixture && THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:evidence-fixture && THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:audit-export-fixture && THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:privacy-fixture
Attach to /api/product/production-proof. Attach passing outputs to the security review pack and tenant fixture evidence package before paid-beta acceptance.
Audit export package proof
Needs fixture outputTarget: /api/product/production-proof
Locked: Do not claim buyer audit export evidence is proven on production data.
Authenticated access and RLS proof
Needs fixture outputTarget: /api/product/production-proof
Locked: Do not claim production tenant isolation or verifier access control has been proven.
Evidence file controls proof
Needs fixture outputTarget: /api/product/production-proof
Locked: Private beta can use the policy scanner, but enterprise file-control proof remains incomplete.
Issuer signing proof
Blocked until externalTarget: Approved vendor console evidence or explicit signed exclusion
Locked: Do not claim production credential signing is fully proven for a tenant.
Support and status notification proof
Configure email delivery and prove status plus support-notification attempts before support communications are sold as automated.
Owner: Operator
Blocks: managed private beta; invoice paid beta; self serve paid; enterprise expansion
If skipped: Use manual customer follow-up and retained skipped/failed notification evidence; do not claim automated support email delivery.
Actions
Vendor setup: Configure Resend and run notification fixtures
Status subscriber intake, dry-run or controlled-send broadcast, and retained support request lifecycle notification attempts.
THESMIOS_SMOKE_URL=https://www.thesmios.com STATUS_BROADCAST_SECRET=<secret> THESMIOS_NOTIFICATION_TEST_EMAIL=<test-email> npm run check:notification-fixture && CONFIRM_SUPPORT_NOTIFICATION_FIXTURE=thesmios-support-notification-fixture THESMIOS_SMOKE_URL=https://www.thesmios.com THESMIOS_NOTIFICATION_TEST_EMAIL=<test-email> npm run check:support-notification-fixture
Attach to /tmp/thesmios-launch-proof-bundle.json. Attach sent delivery proof or record the manual fallback before paid-beta support acceptance.
Support and status notification proof
Needs fixture outputTarget: /tmp/thesmios-launch-proof-bundle.json
Locked: Keep support/status email as dry-run or retained-attempt evidence and use manual customer communication for launch.
Support email
Needs vendor setupTarget: Approved vendor console evidence or explicit signed exclusion
Locked: Accepted customer tenant; Invoice-led paid beta without fixture proof
Billing and paid conversion
Separate invoice-led beta from self-serve paid launch, then prove Stripe only when public checkout is actually in scope.
Owner: Finance
Blocks: self serve paid
If skipped: Keep paid beta invoice/order-form only and block public checkout or automated paid conversion claims.
Actions
Customer record: Attach invoice or order-form billing evidence
Saved billing profile, invoice or PO reference, commercial owner, accepted plan limits, and self-serve exclusions.
GET /api/platform/billing-evidence
Attach to /api/platform/billing-evidence. Invoice-led paid beta can proceed only after billing evidence and customer acceptance are attached.
Vendor setup: Prove Stripe before self-serve checkout
Unsigned and tampered webhook rejection plus signed fixture event acceptance on production.
THESMIOS_SMOKE_URL=https://www.thesmios.com STRIPE_WEBHOOK_SECRET=<secret> npm run check:stripe-fixture
Attach to /api/platform/billing-evidence. Do not enable or market self-serve checkout until this proof and production price configuration are attached.
Stripe self-serve billing
Needs vendor setupTarget: /api/platform/billing-evidence
Locked: Self-serve checkout; Automated paid conversion
Stripe self-serve billing
Needs vendor setupTarget: /api/platform/billing-evidence
Locked: Public self-serve paid checkout.; Automated subscription lifecycle and webhook-driven paid activation.
Customer acceptance and signed scope
Collect the buyer-side approvals, scoped exclusions, and evidence references that turn a managed beta into an accepted tenant launch.
Owner: Customer
Blocks: managed private beta; invoice paid beta; self serve paid; enterprise expansion
If skipped: Do not mark a tenant live even when the public product and operator proofs are present.
Actions
Customer record: Record external launch evidence
Signed order form, PO/invoice, security/privacy approval, support route, uptime or restore references, and fixture-output references.
PATCH /api/platform/external-evidence
Attach to /api/platform/launch-room. Attach artifact references to the customer launch room before requesting go/no-go approval.
Contract scope: Record launch acceptance
Signer, accepted stage, decision, evidence references, external approval reference, and scoped exclusions.
PATCH /api/platform/launch-acceptance
Attach to Signed order-form exclusions section. Accepted-with-exclusions is valid only when the exclusions match the order form and claims guard.
Privacy and data-rights proof
Needs customer acceptanceTarget: /api/platform/launch-room
Locked: Do not treat DSAR and erasure fulfilment evidence as customer-accepted.
Enterprise SSO, SCIM, HRIS, and official issuers
Configure customer/vendor credentials and prove provisioning before broad enterprise automation is claimed.
Owner: Enterprise
Blocks: managed private beta; invoice paid beta; self serve paid; enterprise expansion
If skipped: Sell enterprise scope as managed setup only; do not claim hands-off SSO, SCIM, HRIS, or official-source automation.
Actions
Vendor setup: Configure enterprise vendors and run SCIM proof
IdP setup approval, SCIM token evidence, user and group create/read/update/deprovision output, and any HRIS or issuer approval references.
THESMIOS_SMOKE_URL=https://www.thesmios.com THESMIOS_SCIM_TOKEN=<tenant-token> npm run check:scim-fixture
Attach to Approved vendor console evidence or explicit signed exclusion. Enterprise expansion remains blocked until customer-specific IdP, HRIS, official issuer, and SCIM fixture evidence is attached.
Vendor readiness evidence
Needs customer acceptanceTarget: /api/platform/launch-room
Locked: Keep missing vendor-backed automation out of the order form, or sell it only as managed/manual workflow with explicit customer acceptance.
Official issuer connectors
Blocked until externalTarget: Approved vendor console evidence or explicit signed exclusion
Locked: Live Home Office / UKVI checks without approved credentials and employee consent.; Live DBS Update Service checks without customer legal basis and API credentials.; Live E-Verify case submission without approval, MOU, certificates, and tenant credentials.
Enterprise OIDC broker config
Blocked until externalTarget: Approved vendor console evidence or explicit signed exclusion
Locked: Broad enterprise automation; Hands-off SSO/SCIM; Live HRIS or official issuer automation
Enterprise SAML IdP config
Blocked until externalTarget: Approved vendor console evidence or explicit signed exclusion
Locked: Broad enterprise automation; Hands-off SSO/SCIM; Live HRIS or official issuer automation
Enterprise SSO and SCIM provisioning
Blocked until externalTarget: Approved vendor console evidence or explicit signed exclusion
Locked: Broad enterprise self-serve SSO.; Hands-off SCIM provisioning across all IdPs.; Brokered SAML/OIDC production login before tenant IdP proof.
HRIS connector credentials
Blocked until externalTarget: Approved vendor console evidence or explicit signed exclusion
Locked: Broad enterprise automation; Hands-off SSO/SCIM; Live HRIS or official issuer automation
Mode decisions
The plan keeps launch claims locked to evidence.
Managed private beta
Conditionally launchable for a named design partner with signed scope, operator fixture evidence, manual support fallback, and launch acceptance.
Blocked by: none
Invoice-led paid beta
Conditionally launchable only after customer acceptance, billing profile, invoice/order-form evidence, and authenticated fixture proof are attached.
Blocked by: Authenticated smoke fixture records; Support email
Self-serve paid launch
Blocked. Strict readiness must be ready and Stripe fixture proof must pass before self-serve checkout is enabled.
Blocked by: Authenticated smoke fixture records; Support email; Stripe self-serve billing
Broad enterprise expansion
Blocked. Enterprise SSO, SAML, HRIS, official issuer credentials, and SCIM fixture evidence remain customer/vendor-specific.
Blocked by: Enterprise OIDC broker config; Enterprise SAML IdP config; HRIS connector credentials; Official issuer connector credentials; Authenticated smoke fixture records; Support email; Stripe self-serve billing
Claim locks
Missing proof stays out of the order form.
Launch unblock plan smoke
Page and JSON endpoint are deployed, public-safe, and derived from the live clearance and ledger state.
THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:launch-unblock-plan
Operator environment preflight
Usable local launch variables without printing secret values.
npm run check:operator-env -- --env-file /tmp/operator.env --seed --include-fixtures --json
Strict readiness
Production dependency gate after workstreams have been cleared or explicitly excluded.
THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:readiness -- --strict