Thesmios

Production proof

Production proof plan for launch readiness.

A solid B2B launch needs evidence that production routes, tenant isolation, issuer signing, evidence controls, billing, notifications, provisioning, and customer acceptance are actually proven. This pack turns strict-readiness blockers into the exact proof workstream.

13

proof groups

7

fixture or operator proofs

4

vendor or enterprise gates

1

customer acceptance gate

Strict readiness

Keep the paid-launch gate strict, but make the evidence path explicit.

Public checks can pass before every paid-launch dependency is configured. The production proof pack keeps those boundaries visible so managed private beta is not confused with self-serve or broad enterprise launch.

THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:readiness -- --strict

Production proof smoke

Production proof page and JSON endpoint are deployed and complete.

THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:production-proof

Vendor readiness smoke

Vendor readiness page and JSON endpoint are deployed, complete, and public-safe.

THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:vendor-readiness

Launch gap register smoke

Launch gap register page and JSON endpoint are deployed, complete, public-safe, and mapped to owner-specific launch work.

THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:launch-gap-register

Operator launch console smoke

Operator launch console page and JSON endpoint are deployed, public-safe, and wired into proof order, env groups, mutating boundaries, and evidence outputs.

THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:operator-launch-console

Launch claims guard smoke

Claims guard page and JSON endpoint are deployed, public-safe, and wired into buyer-safe wording, order-form exclusions, and proof requirements.

THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:launch-claims-guard

Buyer close pack smoke

Buyer close pack page and JSON endpoint are deployed, public-safe, and align launch motion, order-form scope, blocked wording, and proof attachments.

THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:buyer-close-pack

First customer launch plan smoke

First-customer launch plan page and JSON endpoint are deployed, public-safe, and align launch timeline, owner map, go/no-go gates, and proof attachments.

THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:first-customer-launch-plan

Dependency acceptance smoke

Dependency acceptance page and JSON endpoint are deployed, public-safe, and align pilot fallbacks, evidence targets, buyer language, and blocked claims.

THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:dependency-acceptance

Launch evidence ledger smoke

Evidence ledger page and JSON endpoint are deployed, public-safe, and wired into proof attachments, acceptance rules, and blocked-claim boundaries.

THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:launch-evidence-ledger

Launch unblock plan smoke

Unblock plan page and JSON endpoint are deployed, public-safe, and turn current blockers into ordered owner workstreams.

THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:launch-unblock-plan

Launch activation manifest smoke

Activation manifest page and JSON endpoint are deployed, public-safe, and turn remaining dependency blockers into exact env names, source systems, proof commands, and claim locks.

THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:launch-activation-manifest

Operator environment preflight

Local operator shell has usable seed and fixture variables before any mutating proof command runs.

npm run check:operator-env -- --env-file /tmp/operator.env --seed --include-fixtures

Operator handoff template

Locked env template, checklist, and README for collecting operator seed secrets, fixture IDs, support, billing, and enterprise proof inputs outside git.

THESMIOS_SMOKE_URL=https://www.thesmios.com npm run prepare:operator-handoff -- --output-dir /tmp/thesmios-operator-handoff

Launch owner intake packet

Locked owner-by-owner request packet generated from live strict readiness and activation manifest data, with missing inputs, source systems, proof commands, and blocked claims.

THESMIOS_SMOKE_URL=https://www.thesmios.com npm run prepare:launch-intake -- --output-dir /tmp/thesmios-launch-intake

Operator launch seed

Production records plus deterministic authenticated smoke fixture IDs.

CONFIRM_LAUNCH_OPERATOR_SEED=thesmios-launch-seed LAUNCH_OPERATIONS_SECRET=<secret> LAUNCH_SEED_ENV_OUTPUT_PATH=/tmp/thesmios-auth-smoke.env THESMIOS_SMOKE_URL=https://www.thesmios.com npm run seed:launch-operator

Operator launch proof runner

Seeds fixture records through the protected operator route, sources the locked fixture env file, and writes one launch proof JSON bundle.

CONFIRM_OPERATOR_LAUNCH_PROOF=thesmios-operator-proof LAUNCH_OPERATIONS_SECRET=<secret> THESMIOS_SMOKE_URL=https://www.thesmios.com npm run proof:operator-launch -- --seed --strict

Strict launch bundle

All public, authenticated, mutating, vendor, and enterprise fixture proofs pass or block paid launch.

THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:launch-proof-bundle -- --include-fixtures --strict --env-file /tmp/thesmios-auth-smoke.env --output /tmp/thesmios-launch-proof-bundle.json

Support notification fixture

Support request create, update, escalation, and resolution notification attempts are retained in the tenant support communications package.

CONFIRM_SUPPORT_NOTIFICATION_FIXTURE=thesmios-support-notification-fixture THESMIOS_SMOKE_URL=https://www.thesmios.com THESMIOS_NOTIFICATION_TEST_EMAIL=<test-email> npm run check:support-notification-fixture

Proof groups

public passed

Public launch and API proof

Public site, security, procurement, operations, customer launch room, DID/JWKS, and protected-route checks run without mutating customer data.

Audience: Buyer

Strict gate: Public launch smoke, unauthenticated API smoke, advisory readiness, and launch proof bundle.

THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:launch-proof-bundle

operator required

Operator launch seed

The protected seed route can create production DID/background-job records and deterministic owner, granted-employer, denied-employer fixture data.

Audience: Operator

Strict gate: Production launch seed records and authenticated smoke fixture records.

CONFIRM_OPERATOR_LAUNCH_PROOF=thesmios-operator-proof LAUNCH_OPERATIONS_SECRET=<secret> THESMIOS_SMOKE_URL=https://www.thesmios.com npm run proof:operator-launch -- --seed --include-fixtures

operator required

Operator environment preflight

`check:operator-env` validates locally sourced launch secrets and fixture variables without printing values, and treats empty sensitive placeholders from `vercel env pull` as missing.

Audience: Operator

Strict gate: Operator seed, authenticated fixture, vendor fixture, and strict paid-launch execution variables.

npm run check:operator-env -- --env-file /tmp/operator.env --seed --include-fixtures

fixture ready

Authenticated access and RLS proof

The authenticated smoke script signs in owner, granted-employer, and denied-employer users, then verifies worker, credential, task, share, upload, lifecycle, and RLS boundaries.

Audience: Security

Strict gate: Authenticated API smoke execution variables and fixture records.

THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:auth-api

fixture ready

Issuer signing proof

DID, JWKS, OIDC metadata, and status-list routes are public; the fixture proves authenticated VC-JWT and SD-JWT issuance against the published key.

Audience: Security

Strict gate: Issuer fixture execution variables.

THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:issuer-fixture

fixture ready

Evidence file controls proof

Upload, queue, active-content detection, EICAR quarantine, verification, and retention timestamp behavior are implemented behind authenticated routes.

Audience: Security

Strict gate: Evidence fixture execution variables.

THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:evidence-fixture

fixture ready

Audit export package proof

Tenant audit exports can queue JSON, CSV, and ZIP packages into private storage with signed download URLs.

Audience: Security

Strict gate: Audit export fixture execution variables.

THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:audit-export-fixture

fixture ready

Privacy and data-rights proof

User-scoped privacy export, data-rights intake, and fulfilment evidence routes are implemented with tenant-manager decisions.

Audience: Buyer

Strict gate: Privacy fixture execution variables.

THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:privacy-fixture

vendor required

Support and status notification proof

Status subscriptions, broadcasts, support request acknowledgement/update/escalation/resolution attempts, and retained support communication packages are implemented; controlled send requires verified sender reputation and a test recipient.

Audience: Operator

Strict gate: Support email configuration and notification fixture execution variables.

THESMIOS_SMOKE_URL=https://www.thesmios.com STATUS_BROADCAST_SECRET=<secret> THESMIOS_NOTIFICATION_TEST_EMAIL=<test-email> npm run check:notification-fixture && CONFIRM_SUPPORT_NOTIFICATION_FIXTURE=thesmios-support-notification-fixture THESMIOS_SMOKE_URL=https://www.thesmios.com THESMIOS_NOTIFICATION_TEST_EMAIL=<test-email> npm run check:support-notification-fixture

vendor required

Vendor readiness evidence

The vendor readiness pack publishes public-safe configured, configured-unproven, manual-fallback, and blocked states without exposing secret values.

Audience: Buyer

Strict gate: Support email, Stripe, enterprise identity, HRIS, official issuer, and evidence-operation vendor dependencies.

THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:vendor-readiness

vendor required

Stripe self-serve billing proof

Checkout, cancellation, and webhook routes are implemented; invoice/order-form launch remains the managed B2B fallback.

Audience: Finance

Strict gate: Stripe self-serve checkout and Stripe fixture execution variables.

THESMIOS_SMOKE_URL=https://www.thesmios.com STRIPE_WEBHOOK_SECRET=<secret> npm run check:stripe-fixture

external required

SCIM and enterprise SSO proof

SCIM token storage, IdP setup guides, OIDC/SAML setup profiles, and protected enterprise routes exist with managed-beta boundaries.

Audience: Enterprise

Strict gate: SCIM fixture, OIDC broker, and SAML broker configuration.

THESMIOS_SMOKE_URL=https://www.thesmios.com THESMIOS_SCIM_TOKEN=<tenant-token> npm run check:scim-fixture

customer specific

Customer acceptance evidence

Launch room, launch acceptance, continuity evidence, procurement evidence, and order-form template are implemented.

Audience: Buyer

Strict gate: Customer-specific launch room, signed order form, DPIA, retention, and residual-risk approval.

PATCH /api/platform/launch-acceptance with accepted or accepted_with_exclusions decision

Required inputs

ProofRequired inputsAcceptance evidenceIf missing
Public launch and API proofread onlyTHESMIOS_SMOKE_URLAttach the launch proof bundle JSON with public checks passing and fixture-only checks skipped.Do not send launch evidence to a buyer until the public bundle is green on the production domain.
Operator launch seedmutates productionCONFIRM_OPERATOR_LAUNCH_PROOF; LAUNCH_OPERATIONS_SECRET or AUDIT_ADMIN_SECRET; THESMIOS_AUTH_SMOKE_PASSWORDAttach returned subject, credential, workflow task, passport share, and smoke actor references in the operator launch record.Strict readiness cannot prove RLS or authenticated role separation on production data.
Operator environment preflightread onlyLocked operator env file with usable LAUNCH_OPERATIONS_SECRET or AUDIT_ADMIN_SECRET; Supabase public config and authenticated smoke fixture variables; PLATFORM_JOB_RUNNER_SECRET for evidence and audit fixturesAttach the preflight output showing every required operator/fixture variable group is ready before any mutating production proof run.Do not run operator seeding or fixture proof from this shell; retrieve real secret values from the operator password manager or approved vendor console.
Authenticated access and RLS proofmutates productionNEXT_PUBLIC_SUPABASE_URL; NEXT_PUBLIC_SUPABASE_ANON_KEY; THESMIOS_AUTH_SMOKE_PASSWORD; THESMIOS_TEST_SUBJECT_ID; THESMIOS_TEST_CREDENTIAL_ID; THESMIOS_TEST_TASK_ID; THESMIOS_TEST_SHARE_IDAttach the pass count proving owner, granted-employer, and denied-employer outcomes.Do not claim production tenant isolation or verifier access control has been proven.
Issuer signing proofmutates productionNEXT_PUBLIC_SUPABASE_URL; NEXT_PUBLIC_SUPABASE_ANON_KEY; THESMIOS_AUTH_SMOKE_PASSWORD; THESMIOS_TEST_SUBJECT_IDAttach discovery responses plus signed VC-JWT and SD-JWT verification output.Do not claim production credential signing is fully proven for a tenant.
Evidence file controls proofmutates productionNEXT_PUBLIC_SUPABASE_URL; NEXT_PUBLIC_SUPABASE_ANON_KEY; THESMIOS_AUTH_SMOKE_PASSWORD; THESMIOS_TEST_SUBJECT_ID; THESMIOS_TEST_CREDENTIAL_ID; PLATFORM_JOB_RUNNER_SECRETAttach clean, suspicious, infected, quarantine, and retention proof output.Private beta can use the policy scanner, but enterprise file-control proof remains incomplete.
Audit export package proofmutates productionNEXT_PUBLIC_SUPABASE_URL; NEXT_PUBLIC_SUPABASE_ANON_KEY; THESMIOS_AUTH_SMOKE_PASSWORD; PLATFORM_JOB_RUNNER_SECRETAttach denied-access, queued-job, generated-package, and signed-download output.Do not claim buyer audit export evidence is proven on production data.
Privacy and data-rights proofmutates productionNEXT_PUBLIC_SUPABASE_URL; NEXT_PUBLIC_SUPABASE_ANON_KEY; THESMIOS_AUTH_SMOKE_PASSWORDAttach scoped export, access/export request, erasure request, and fulfilment decision output.Do not treat DSAR and erasure fulfilment evidence as customer-accepted.
Support and status notification proofmutates productionRESEND_API_KEY; STATUS_BROADCAST_SECRET; THESMIOS_NOTIFICATION_TEST_EMAIL; NEXT_PUBLIC_SUPABASE_URL; NEXT_PUBLIC_SUPABASE_ANON_KEY; THESMIOS_AUTH_SMOKE_PASSWORD; CONFIRM_SUPPORT_NOTIFICATION_FIXTUREAttach subscriber intake, dry-run broadcast, support request lifecycle notification attempts, and controlled test-recipient delivery output.Keep support/status email as dry-run or retained-attempt evidence and use manual customer communication for launch.
Vendor readiness evidenceread onlyRESEND_API_KEY and STATUS_BROADCAST_SECRET for customer notification proof; Stripe secrets and price IDs for self-serve checkout; Enterprise IdP, HRIS, official issuer, and tenant SCIM credentials for broad enterprise claims; Customer-specific fixture output and written approval for manual-fallback boundariesAttach the vendor readiness JSON, smoke output, accepted customer exclusions, and any vendor-specific fixture output to the launch room.Keep missing vendor-backed automation out of the order form, or sell it only as managed/manual workflow with explicit customer acceptance.
Stripe self-serve billing proofread onlySTRIPE_SECRET_KEY; STRIPE_WEBHOOK_SECRET; STRIPE_PRICE_REPORT; STRIPE_PRICE_MONITORINGAttach unsigned rejection, tampered rejection, and signed fixture event acceptance output.Do not enable self-serve checkout; keep paid beta invoice-only or order-form contracted.
SCIM and enterprise SSO proofmutates productionTHESMIOS_SCIM_TOKEN; ENTERPRISE_OIDC_ISSUER; ENTERPRISE_OIDC_CLIENT_ID; ENTERPRISE_OIDC_CLIENT_SECRET; SAML_IDP_ENTITY_ID; SAML_IDP_SSO_URL; SAML_IDP_CERTIFICATEAttach IdP guide, token prefix, user/group create-read-update-deprovision output, and broker config decision.Sell enterprise SSO/SCIM as managed setup only, not self-serve enterprise provisioning.
Customer acceptance evidencemutates productionSigned order form or written approval reference; Customer-approved retention schedule; DPIA/AI governance approval; Subprocessor objection or acceptance decisionAttach signer, accepted stage, scoped exclusions, evidence references, and external approval reference.Do not mark a tenant as live even if public platform checks pass.

Boundary

This pack proves the path. It does not replace actual evidence.

Secrets, fixture runs, sender verification, Stripe setup, enterprise IdP setup, and customer signatures stay required. The value is that every blocker has an owner, command, acceptance artifact, and explicit fallback.

Do not expose secret values in launch evidence.
Run mutating fixtures only after operator approval and seed confirmation.
Attach command output to the customer launch room before stage acceptance.
Keep self-serve and enterprise claims gated until strict readiness passes.