Production proof
Production proof plan for launch readiness.
A solid B2B launch needs evidence that production routes, tenant isolation, issuer signing, evidence controls, billing, notifications, provisioning, and customer acceptance are actually proven. This pack turns strict-readiness blockers into the exact proof workstream.
13
proof groups
7
fixture or operator proofs
4
vendor or enterprise gates
1
customer acceptance gate
Strict readiness
Keep the paid-launch gate strict, but make the evidence path explicit.
Public checks can pass before every paid-launch dependency is configured. The production proof pack keeps those boundaries visible so managed private beta is not confused with self-serve or broad enterprise launch.
THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:readiness -- --strict
Production proof smoke
Production proof page and JSON endpoint are deployed and complete.
THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:production-proof
Vendor readiness smoke
Vendor readiness page and JSON endpoint are deployed, complete, and public-safe.
THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:vendor-readiness
Launch gap register smoke
Launch gap register page and JSON endpoint are deployed, complete, public-safe, and mapped to owner-specific launch work.
THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:launch-gap-register
Operator launch console smoke
Operator launch console page and JSON endpoint are deployed, public-safe, and wired into proof order, env groups, mutating boundaries, and evidence outputs.
THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:operator-launch-console
Launch claims guard smoke
Claims guard page and JSON endpoint are deployed, public-safe, and wired into buyer-safe wording, order-form exclusions, and proof requirements.
THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:launch-claims-guard
Buyer close pack smoke
Buyer close pack page and JSON endpoint are deployed, public-safe, and align launch motion, order-form scope, blocked wording, and proof attachments.
THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:buyer-close-pack
First customer launch plan smoke
First-customer launch plan page and JSON endpoint are deployed, public-safe, and align launch timeline, owner map, go/no-go gates, and proof attachments.
THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:first-customer-launch-plan
Dependency acceptance smoke
Dependency acceptance page and JSON endpoint are deployed, public-safe, and align pilot fallbacks, evidence targets, buyer language, and blocked claims.
THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:dependency-acceptance
Launch evidence ledger smoke
Evidence ledger page and JSON endpoint are deployed, public-safe, and wired into proof attachments, acceptance rules, and blocked-claim boundaries.
THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:launch-evidence-ledger
Launch unblock plan smoke
Unblock plan page and JSON endpoint are deployed, public-safe, and turn current blockers into ordered owner workstreams.
THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:launch-unblock-plan
Launch activation manifest smoke
Activation manifest page and JSON endpoint are deployed, public-safe, and turn remaining dependency blockers into exact env names, source systems, proof commands, and claim locks.
THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:launch-activation-manifest
Operator environment preflight
Local operator shell has usable seed and fixture variables before any mutating proof command runs.
npm run check:operator-env -- --env-file /tmp/operator.env --seed --include-fixtures
Operator handoff template
Locked env template, checklist, and README for collecting operator seed secrets, fixture IDs, support, billing, and enterprise proof inputs outside git.
THESMIOS_SMOKE_URL=https://www.thesmios.com npm run prepare:operator-handoff -- --output-dir /tmp/thesmios-operator-handoff
Launch owner intake packet
Locked owner-by-owner request packet generated from live strict readiness and activation manifest data, with missing inputs, source systems, proof commands, and blocked claims.
THESMIOS_SMOKE_URL=https://www.thesmios.com npm run prepare:launch-intake -- --output-dir /tmp/thesmios-launch-intake
Operator launch seed
Production records plus deterministic authenticated smoke fixture IDs.
CONFIRM_LAUNCH_OPERATOR_SEED=thesmios-launch-seed LAUNCH_OPERATIONS_SECRET=<secret> LAUNCH_SEED_ENV_OUTPUT_PATH=/tmp/thesmios-auth-smoke.env THESMIOS_SMOKE_URL=https://www.thesmios.com npm run seed:launch-operator
Operator launch proof runner
Seeds fixture records through the protected operator route, sources the locked fixture env file, and writes one launch proof JSON bundle.
CONFIRM_OPERATOR_LAUNCH_PROOF=thesmios-operator-proof LAUNCH_OPERATIONS_SECRET=<secret> THESMIOS_SMOKE_URL=https://www.thesmios.com npm run proof:operator-launch -- --seed --strict
Strict launch bundle
All public, authenticated, mutating, vendor, and enterprise fixture proofs pass or block paid launch.
THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:launch-proof-bundle -- --include-fixtures --strict --env-file /tmp/thesmios-auth-smoke.env --output /tmp/thesmios-launch-proof-bundle.json
Support notification fixture
Support request create, update, escalation, and resolution notification attempts are retained in the tenant support communications package.
CONFIRM_SUPPORT_NOTIFICATION_FIXTURE=thesmios-support-notification-fixture THESMIOS_SMOKE_URL=https://www.thesmios.com THESMIOS_NOTIFICATION_TEST_EMAIL=<test-email> npm run check:support-notification-fixture
Proof groups
Public launch and API proof
Public site, security, procurement, operations, customer launch room, DID/JWKS, and protected-route checks run without mutating customer data.
Audience: Buyer
Strict gate: Public launch smoke, unauthenticated API smoke, advisory readiness, and launch proof bundle.
THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:launch-proof-bundle
Operator launch seed
The protected seed route can create production DID/background-job records and deterministic owner, granted-employer, denied-employer fixture data.
Audience: Operator
Strict gate: Production launch seed records and authenticated smoke fixture records.
CONFIRM_OPERATOR_LAUNCH_PROOF=thesmios-operator-proof LAUNCH_OPERATIONS_SECRET=<secret> THESMIOS_SMOKE_URL=https://www.thesmios.com npm run proof:operator-launch -- --seed --include-fixtures
Operator environment preflight
`check:operator-env` validates locally sourced launch secrets and fixture variables without printing values, and treats empty sensitive placeholders from `vercel env pull` as missing.
Audience: Operator
Strict gate: Operator seed, authenticated fixture, vendor fixture, and strict paid-launch execution variables.
npm run check:operator-env -- --env-file /tmp/operator.env --seed --include-fixtures
Authenticated access and RLS proof
The authenticated smoke script signs in owner, granted-employer, and denied-employer users, then verifies worker, credential, task, share, upload, lifecycle, and RLS boundaries.
Audience: Security
Strict gate: Authenticated API smoke execution variables and fixture records.
THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:auth-api
Issuer signing proof
DID, JWKS, OIDC metadata, and status-list routes are public; the fixture proves authenticated VC-JWT and SD-JWT issuance against the published key.
Audience: Security
Strict gate: Issuer fixture execution variables.
THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:issuer-fixture
Evidence file controls proof
Upload, queue, active-content detection, EICAR quarantine, verification, and retention timestamp behavior are implemented behind authenticated routes.
Audience: Security
Strict gate: Evidence fixture execution variables.
THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:evidence-fixture
Audit export package proof
Tenant audit exports can queue JSON, CSV, and ZIP packages into private storage with signed download URLs.
Audience: Security
Strict gate: Audit export fixture execution variables.
THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:audit-export-fixture
Privacy and data-rights proof
User-scoped privacy export, data-rights intake, and fulfilment evidence routes are implemented with tenant-manager decisions.
Audience: Buyer
Strict gate: Privacy fixture execution variables.
THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:privacy-fixture
Support and status notification proof
Status subscriptions, broadcasts, support request acknowledgement/update/escalation/resolution attempts, and retained support communication packages are implemented; controlled send requires verified sender reputation and a test recipient.
Audience: Operator
Strict gate: Support email configuration and notification fixture execution variables.
THESMIOS_SMOKE_URL=https://www.thesmios.com STATUS_BROADCAST_SECRET=<secret> THESMIOS_NOTIFICATION_TEST_EMAIL=<test-email> npm run check:notification-fixture && CONFIRM_SUPPORT_NOTIFICATION_FIXTURE=thesmios-support-notification-fixture THESMIOS_SMOKE_URL=https://www.thesmios.com THESMIOS_NOTIFICATION_TEST_EMAIL=<test-email> npm run check:support-notification-fixture
Vendor readiness evidence
The vendor readiness pack publishes public-safe configured, configured-unproven, manual-fallback, and blocked states without exposing secret values.
Audience: Buyer
Strict gate: Support email, Stripe, enterprise identity, HRIS, official issuer, and evidence-operation vendor dependencies.
THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:vendor-readiness
Stripe self-serve billing proof
Checkout, cancellation, and webhook routes are implemented; invoice/order-form launch remains the managed B2B fallback.
Audience: Finance
Strict gate: Stripe self-serve checkout and Stripe fixture execution variables.
THESMIOS_SMOKE_URL=https://www.thesmios.com STRIPE_WEBHOOK_SECRET=<secret> npm run check:stripe-fixture
SCIM and enterprise SSO proof
SCIM token storage, IdP setup guides, OIDC/SAML setup profiles, and protected enterprise routes exist with managed-beta boundaries.
Audience: Enterprise
Strict gate: SCIM fixture, OIDC broker, and SAML broker configuration.
THESMIOS_SMOKE_URL=https://www.thesmios.com THESMIOS_SCIM_TOKEN=<tenant-token> npm run check:scim-fixture
Customer acceptance evidence
Launch room, launch acceptance, continuity evidence, procurement evidence, and order-form template are implemented.
Audience: Buyer
Strict gate: Customer-specific launch room, signed order form, DPIA, retention, and residual-risk approval.
PATCH /api/platform/launch-acceptance with accepted or accepted_with_exclusions decision
Required inputs
| Proof | Required inputs | Acceptance evidence | If missing |
|---|---|---|---|
| Public launch and API proofread only | THESMIOS_SMOKE_URL | Attach the launch proof bundle JSON with public checks passing and fixture-only checks skipped. | Do not send launch evidence to a buyer until the public bundle is green on the production domain. |
| Operator launch seedmutates production | CONFIRM_OPERATOR_LAUNCH_PROOF; LAUNCH_OPERATIONS_SECRET or AUDIT_ADMIN_SECRET; THESMIOS_AUTH_SMOKE_PASSWORD | Attach returned subject, credential, workflow task, passport share, and smoke actor references in the operator launch record. | Strict readiness cannot prove RLS or authenticated role separation on production data. |
| Operator environment preflightread only | Locked operator env file with usable LAUNCH_OPERATIONS_SECRET or AUDIT_ADMIN_SECRET; Supabase public config and authenticated smoke fixture variables; PLATFORM_JOB_RUNNER_SECRET for evidence and audit fixtures | Attach the preflight output showing every required operator/fixture variable group is ready before any mutating production proof run. | Do not run operator seeding or fixture proof from this shell; retrieve real secret values from the operator password manager or approved vendor console. |
| Authenticated access and RLS proofmutates production | NEXT_PUBLIC_SUPABASE_URL; NEXT_PUBLIC_SUPABASE_ANON_KEY; THESMIOS_AUTH_SMOKE_PASSWORD; THESMIOS_TEST_SUBJECT_ID; THESMIOS_TEST_CREDENTIAL_ID; THESMIOS_TEST_TASK_ID; THESMIOS_TEST_SHARE_ID | Attach the pass count proving owner, granted-employer, and denied-employer outcomes. | Do not claim production tenant isolation or verifier access control has been proven. |
| Issuer signing proofmutates production | NEXT_PUBLIC_SUPABASE_URL; NEXT_PUBLIC_SUPABASE_ANON_KEY; THESMIOS_AUTH_SMOKE_PASSWORD; THESMIOS_TEST_SUBJECT_ID | Attach discovery responses plus signed VC-JWT and SD-JWT verification output. | Do not claim production credential signing is fully proven for a tenant. |
| Evidence file controls proofmutates production | NEXT_PUBLIC_SUPABASE_URL; NEXT_PUBLIC_SUPABASE_ANON_KEY; THESMIOS_AUTH_SMOKE_PASSWORD; THESMIOS_TEST_SUBJECT_ID; THESMIOS_TEST_CREDENTIAL_ID; PLATFORM_JOB_RUNNER_SECRET | Attach clean, suspicious, infected, quarantine, and retention proof output. | Private beta can use the policy scanner, but enterprise file-control proof remains incomplete. |
| Audit export package proofmutates production | NEXT_PUBLIC_SUPABASE_URL; NEXT_PUBLIC_SUPABASE_ANON_KEY; THESMIOS_AUTH_SMOKE_PASSWORD; PLATFORM_JOB_RUNNER_SECRET | Attach denied-access, queued-job, generated-package, and signed-download output. | Do not claim buyer audit export evidence is proven on production data. |
| Privacy and data-rights proofmutates production | NEXT_PUBLIC_SUPABASE_URL; NEXT_PUBLIC_SUPABASE_ANON_KEY; THESMIOS_AUTH_SMOKE_PASSWORD | Attach scoped export, access/export request, erasure request, and fulfilment decision output. | Do not treat DSAR and erasure fulfilment evidence as customer-accepted. |
| Support and status notification proofmutates production | RESEND_API_KEY; STATUS_BROADCAST_SECRET; THESMIOS_NOTIFICATION_TEST_EMAIL; NEXT_PUBLIC_SUPABASE_URL; NEXT_PUBLIC_SUPABASE_ANON_KEY; THESMIOS_AUTH_SMOKE_PASSWORD; CONFIRM_SUPPORT_NOTIFICATION_FIXTURE | Attach subscriber intake, dry-run broadcast, support request lifecycle notification attempts, and controlled test-recipient delivery output. | Keep support/status email as dry-run or retained-attempt evidence and use manual customer communication for launch. |
| Vendor readiness evidenceread only | RESEND_API_KEY and STATUS_BROADCAST_SECRET for customer notification proof; Stripe secrets and price IDs for self-serve checkout; Enterprise IdP, HRIS, official issuer, and tenant SCIM credentials for broad enterprise claims; Customer-specific fixture output and written approval for manual-fallback boundaries | Attach the vendor readiness JSON, smoke output, accepted customer exclusions, and any vendor-specific fixture output to the launch room. | Keep missing vendor-backed automation out of the order form, or sell it only as managed/manual workflow with explicit customer acceptance. |
| Stripe self-serve billing proofread only | STRIPE_SECRET_KEY; STRIPE_WEBHOOK_SECRET; STRIPE_PRICE_REPORT; STRIPE_PRICE_MONITORING | Attach unsigned rejection, tampered rejection, and signed fixture event acceptance output. | Do not enable self-serve checkout; keep paid beta invoice-only or order-form contracted. |
| SCIM and enterprise SSO proofmutates production | THESMIOS_SCIM_TOKEN; ENTERPRISE_OIDC_ISSUER; ENTERPRISE_OIDC_CLIENT_ID; ENTERPRISE_OIDC_CLIENT_SECRET; SAML_IDP_ENTITY_ID; SAML_IDP_SSO_URL; SAML_IDP_CERTIFICATE | Attach IdP guide, token prefix, user/group create-read-update-deprovision output, and broker config decision. | Sell enterprise SSO/SCIM as managed setup only, not self-serve enterprise provisioning. |
| Customer acceptance evidencemutates production | Signed order form or written approval reference; Customer-approved retention schedule; DPIA/AI governance approval; Subprocessor objection or acceptance decision | Attach signer, accepted stage, scoped exclusions, evidence references, and external approval reference. | Do not mark a tenant as live even if public platform checks pass. |
Boundary
This pack proves the path. It does not replace actual evidence.
Secrets, fixture runs, sender verification, Stripe setup, enterprise IdP setup, and customer signatures stay required. The value is that every blocker has an owner, command, acceptance artifact, and explicit fallback.