Dependency acceptance
Accept the fallback, or keep the claim locked.
The remaining blockers are not code mysteries. This pack turns support email, Stripe, enterprise identity, HRIS, official issuer, and fixture proof gaps into explicit pilot fallback decisions with buyer language, evidence targets, and blocked claims.
7
dependencies
3
manual fallbacks
1
fixture gates
1
out of scope
Launch position
Managed or invoice-led pilot only.
Managed private beta or invoice-led paid beta only, with each dependency fallback accepted in the order form and tenant launch room.
Attach this pack, the buyer close pack, the first-customer launch plan, and the launch claims guard. List every manual, invoice, managed, or excluded dependency in scoped exclusions.
Not cleared
- Public self-serve checkout
- Automated subscription lifecycle
- Broad enterprise SSO/SAML/SCIM
- Live HRIS sync without customer credentials
- Official issuer automation without authority credentials and legal basis
- Buyer-accepted fixture controls without attached command output
Acceptance matrix
Every dependency has a buyer-safe treatment.
Core runtime
Core runtime and trust infrastructure
- Managed pilot
- Required baseline. Managed pilot can start only while runtime, database, issuer keys, jobs, and private storage remain configured.
- Invoice pilot
- Required baseline for paid beta. Re-run deployment parity and advisory readiness before customer handoff.
- Customer acceptance language
- Customer accepts the current production deployment as the baseline environment only when current health, readiness, and deployment parity outputs are attached.
Owner: Operator
Evidence target: /api/product/production-proof
Vendor status: ready
Activation status: blocked until seed
Support
Support email and status broadcasts
- Managed pilot
- Allowed with named support owner, manual customer follow-up route, and retained support communication evidence.
- Invoice pilot
- Allowed only if the order form accepts manual support communication until Resend sender proof is attached.
- Customer acceptance language
- Customer accepts manual support and incident communications until controlled notification and support notification fixture outputs are attached.
Owner: Operator
Evidence target: /api/platform/support-communications
Vendor status: manual fallback
Activation status: needs vendor
Billing
Stripe self-serve billing
- Managed pilot
- No-charge or invoice-only pilot is allowed. Public checkout and automated subscription activation stay blocked.
- Invoice pilot
- Invoice-led paid beta is allowed only with signed order form, billing owner, invoice route, and tenant billing evidence.
- Customer acceptance language
- Customer accepts invoice/manual billing and confirms self-serve card checkout, automated subscription lifecycle, and public buy-now activation are excluded.
Owner: Finance
Evidence target: /api/platform/billing-evidence
Vendor status: blocked
Activation status: needs secret
Enterprise identity
Enterprise SSO and SCIM provisioning
- Managed pilot
- Allowed only as managed setup or explicit exclusion. Broad SSO, SAML, and SCIM claims stay out of first-customer scope.
- Invoice pilot
- Allowed only if SSO/SCIM is excluded or treated as managed customer-specific implementation with fixture proof before enterprise expansion.
- Customer acceptance language
- Customer accepts that broad enterprise SSO, SAML, and SCIM provisioning are not included unless tenant IdP setup and SCIM fixture proof are attached.
Owner: Enterprise
Evidence target: /api/platform/sso-evidence
Vendor status: blocked
Activation status: needs customer
Employer system
HRIS source connectors
- Managed pilot
- Allowed with manual import, customer-provided evidence, or scoped sample cohort. Automated HRIS sync is excluded.
- Invoice pilot
- Allowed only when the order form names the import path and excludes live Workday/BambooHR automation until customer credentials are proven.
- Customer acceptance language
- Customer accepts managed import or manual evidence capture until Workday or BambooHR sandbox credentials and reconciliation proof are attached.
Owner: Customer
Evidence target: /api/platform/vendor-evidence
Vendor status: manual fallback
Activation status: needs customer
Official issuer
Official issuer connectors
- Managed pilot
- Allowed with manual evidence, uploaded documents, share-code capture, or customer-provided official proof.
- Invoice pilot
- Allowed only if official-source automation is excluded until authority credentials, consent, legal basis, and fixture evidence are attached.
- Customer acceptance language
- Customer accepts manual or customer-provided official evidence workflows until authority-specific connector credentials and issuer proof are attached.
Owner: Security
Evidence target: /api/platform/vendor-evidence
Vendor status: manual fallback
Activation status: needs vendor
Evidence operations
Evidence scanning, audit export, and data-rights fixtures
- Managed pilot
- Do not mark the tenant accepted as live until evidence, audit export, and privacy fixture outputs are attached or explicitly excluded.
- Invoice pilot
- Paid beta requires accepted fixture references for every credential, evidence, audit, and privacy workflow included in scope.
- Customer acceptance language
- Customer accepts that evidence controls, audit export, and privacy fulfilment are buyer-accepted only after fixture outputs or scoped exclusions are attached.
Owner: Operator
Evidence target: /api/platform/fixture-evidence
Vendor status: configured unproven
Activation status: blocked until seed
Claim locks
Missing proof becomes blocked wording.
These are not internal caveats. If proof is missing, the sales, procurement, order-form, and implementation wording must exclude the corresponding claim.
Core runtime and trust infrastructure
- Production credential signing before issuer fixture output is attached.
If missing: Do not onboard live tenant data until runtime and trust infrastructure are configured.
Support email and status broadcasts
- Automated customer email acknowledgement before sender reputation and fixture delivery are proven.
- Incident broadcast delivery to customer recipients before controlled notification proof.
If missing: Keep support email as manual-fallback; do not promise automated notification delivery.
Stripe self-serve billing
- Public self-serve paid checkout.
- Automated subscription lifecycle and webhook-driven paid activation.
If missing: Sell invoice/order-form paid beta only; keep checkout disabled or setup-required.
Enterprise SSO and SCIM provisioning
- Broad enterprise self-serve SSO.
- Hands-off SCIM provisioning across all IdPs.
- Brokered SAML/OIDC production login before tenant IdP proof.
If missing: Keep enterprise SSO/SCIM out of self-serve scope; require managed implementation and customer approval.
HRIS source connectors
- Live Workday sync before customer sandbox credentials and field mapping proof.
- Live BambooHR sync before customer sandbox credentials and field mapping proof.
If missing: Do not sell automated HRIS sync as live; scope a manual or managed-import workflow.
Official issuer connectors
- Live Home Office / UKVI checks without approved credentials and employee consent.
- Live DBS Update Service checks without customer legal basis and API credentials.
- Live E-Verify case submission without approval, MOU, certificates, and tenant credentials.
If missing: Use manual evidence, uploaded documents, or share-code capture; do not claim direct official-source automation.
Acceptance checklist
The buyer record has to name the fallback.
Manual, invoice, managed, and excluded dependency treatments only count when they are attached to the tenant launch room, launch dossier, launch decision, or signed order-form evidence.
Customer
Executive sponsor: Named sponsor on the order form or design-partner acceptance record.
Due before: setup
Customer
Tenant owner: Tenant settings owner membership plus launch-room sign-off.
Due before: setup
Customer
Billing owner: Tenant billing profile, invoice setup request, signed order form, or Stripe fixture output.
Due before: paid beta
Customer
Privacy and security approver: Approved privacy/security bundle and customer-approved retention schedule.
Due before: private beta
Thesmios
Implementation owner: Named owner in the launch-room record and customer-request queue.
Due before: setup
Joint
Support and incident owner: Status subscriber proof, support owner, and notification fixture output where configured.
Due before: private beta
Buyer and Thesmios commercial owner
Attach the signed order form or approval reference before moving the tenant beyond setup.
Due before: Customer order-form scope
Buyer finance owner and Thesmios operator
Attach billing owner, PO terms, invoice contact, plan, seat cap, and renewal/cancellation terms.
Due before: Invoice or order-form billing route
Thesmios operator
Attach access-control pass output before claiming tenant isolation is proven for the launch tenant.
Due before: Authenticated tenant access proof
Thesmios operator
Attach sample credential, evidence, audit export, and privacy fixture output for the tenant or scoped pilot cohort.
Due before: Credential and evidence sample proof
Proof commands
Dependency acceptance smoke
Dependency acceptance page and JSON endpoint are deployed, complete, public-safe, and linked into launch proof bundles.
THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:dependency-acceptance
Launch claims guard
Buyer wording, blocked wording, order-form treatment, and required evidence match the accepted dependency fallbacks.
THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:launch-claims-guard
First customer launch plan
Timeline, owner map, go/no-go gates, blocked wording, and proof commands are current for the pilot.
THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:first-customer-launch-plan
Vendor readiness
External dependency states and missing environment names are current before buyer review.
THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:vendor-readiness
Strict readiness
Self-serve paid launch and broad enterprise launch remain blocked until this command has no blockers.
THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:readiness -- --strict