First customer launch plan

Move one B2B customer from interest to accepted pilot.

The launch evidence is no longer the hard part to find. This plan turns the current close pack, customer launch room, activation manifest, and evidence ledger into a practical first-customer pilot path with owners, weeks, proof, and go/no-go gates.

Launch plan JSON Buyer close pack Activation manifest Evidence ledger

timeline steps

acceptance gates

named roles

activation gaps

Launch stance

First customer means managed pilot, not broad launch.

Treat the first customer as a managed private beta or invoice-led paid beta only. Self-serve checkout, broad enterprise automation, HRIS automation, official issuer automation, and external certification claims remain blocked until their proof gates pass.

THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:first-customer-launch-plan

recommended motion

invoice-paid-beta

Invoice-led paid beta: sell with exclusions

Billing default: Invoice-only or no-charge design-partner billing until Stripe fixture proof clears self-serve checkout.

Timeline

The first pilot closes by evidence, not by optimism.

customer required

Week 0

Scope, pricing, and excluded claims

Choose the launch motion and make the order-form scope narrower than the roadmap.

Attach the buyer close pack to the opportunity.
Copy allowed wording and blocked wording into the order-form notes.
Confirm invoice-only or no-charge design-partner billing unless Stripe fixture proof exists.

Owner: Sales

Exit gate: Sales, finance, and customer sponsor agree on launch motion, cohort, billing route, and exclusions.

If missing: Do not send signature language or procurement answers.

customer required

Week 1

Tenant setup and named owners

Name every decision owner before worker data or evidence enters production.

Create or select the launch tenant.
Record tenant owner, billing owner, privacy/security owner, support owner, and implementation owner.
Approve pilot worker cohort, modules, verifier audiences, employee notice path, and retention boundary.

Owner: Customer

Exit gate: No required customer role or cohort boundary is blank in the launch room.

If missing: Keep the tenant in setup and use demo data only.

operator required

Week 1

Operator activation and fixture shell

Prepare the locked operator shell, seed records, and proof outputs without exposing secrets.

Run operator environment preflight against the locked env file.
Collect missing Vercel env names and source systems from the activation manifest.
Seed production launch/auth-smoke fixtures only after the operator confirmation command is approved.

Owner: Operator

Exit gate: Operator has locked env evidence, production seed evidence, and fixture IDs in `/tmp` only.

If missing: Do not run authenticated, mutating, or paid-beta proof.

operator required

Week 2

Access, credential, evidence, audit, and privacy proof

Prove the actual paid workflow on production tenant data or document the excluded path.

Run authenticated route proof for owner, granted employer, denied employer, task, share, and credential flows.
Run issuer, evidence, audit export, and privacy fixtures for in-scope controls.
Attach outputs to tenant fixture evidence and launch dossier.

Owner: Security

Exit gate: Every in-scope credential/evidence workflow has a pass output or a signed exclusion.

If missing: Do not accept paid production use for the tenant.

customer required

Week 2

Support, billing, procurement, and continuity

Make payment, support, legal, incident, and continuity boundaries reviewable before go-live.

Save tenant billing profile or invoice evidence.
Attach support route, notification attempts, manual outbox fallback, and status communication plan.
Attach procurement, DPA/SLA, security/privacy, operations, and continuity evidence required by scope.

Owner: Finance

Exit gate: Finance, support, security, and customer approver accept the manual fallbacks and open exclusions.

If missing: Run no-charge private beta only and exclude paid/support automation claims.

customer required

Week 3

Go/no-go acceptance and live pilot

Record a single launch decision and bind the first customer to the accepted stage.

Download tenant launch dossier and launch decision.
Record accepted, accepted with exclusions, deferred, or rejected launch acceptance.
Re-run launch clearance, launch proof bundle, and strict readiness after any dependency change.

Owner: Operator

Exit gate: Customer and operator agree on setup-only, managed private beta, invoice-led paid beta, or hold.

If missing: Do not import live worker traffic or call the tenant live.

Go/no-go gates

Each stage has a stop rule.

Setup, managed beta, invoice-led paid beta, self-serve, and enterprise expansion use separate gates so a first customer cannot accidentally inherit unsupported claims.

customer required

Setup-only

Commercial scope, owners, cohort, modules, support path, and exclusions must be recorded before production data is used.

THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:first-customer-launch-plan

If missing: Keep the tenant in setup-only.

operator required

Managed private beta

Public checks, customer scope, operator seed/access proof, customer launch room, and manual support fallback must be attached.

THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:launch-proof-bundle -- --output /tmp/thesmios-first-customer-public-proof.json

If missing: Run demo/setup workflows only.

customer required

Invoice-led paid beta

Billing profile or invoice/order-form evidence, fixture proof, support fallback, and accepted paid_beta or accepted_with_exclusions decision must be attached.

THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:launch-proof-bundle -- --include-fixtures --strict --env-file /tmp/thesmios-auth-smoke.env --output /tmp/thesmios-first-customer-fixture-proof.json

If missing: Keep the launch no-charge or setup-only.

blocked

Self-serve paid launch

Blocked. Strict readiness must be ready and Stripe fixture proof must pass before self-serve checkout is enabled.

THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:readiness -- --strict

If missing: Keep Stripe checkout out of the first-customer close and use invoice/order-form billing only.

blocked

Enterprise expansion

Blocked. Enterprise SSO, SAML, HRIS, official issuer credentials, and SCIM fixture evidence remain customer/vendor-specific.

THESMIOS_SMOKE_URL=https://www.thesmios.com THESMIOS_SCIM_TOKEN=<tenant-scim-token> npm run check:scim-fixture

If missing: Keep enterprise automation excluded, managed, or customer-specific.

Owner map

Executive sponsor

Customer

Due before: setup

Commercial decision maker, rollout budget, and success criteria.

Evidence: Named sponsor on the order form or design-partner acceptance record.

Tenant owner

Customer

Due before: setup

Workspace owner, admin invite approver, role model, and emergency access owner.

Evidence: Tenant settings owner membership plus launch-room sign-off.

Billing owner

Customer

Due before: paid beta

Invoice contact, PO requirement, Stripe readiness, renewal, cancellation, and overage approvals.

Evidence: Tenant billing profile, invoice setup request, signed order form, or Stripe fixture output.

Privacy and security approver

Customer

Due before: private beta

DPA, subprocessors, data residency, retention, AI-governance, and security review decisions.

Evidence: Approved privacy/security bundle and customer-approved retention schedule.

Implementation owner

Thesmios

Due before: setup

Launch plan, fixture run ownership, evidence pack assembly, and customer handoff.

Evidence: Named owner in the launch-room record and customer-request queue.

Support and incident owner

Joint

Due before: private beta

SLA severity route, escalation path, incident broadcast approver, and next-update owner.

Evidence: Status subscriber proof, support owner, and notification fixture output where configured.

Provisioning owner

Joint

Due before: enterprise

IdP choice, SCIM token handling, group mapping, pilot user evidence, and deprovision proof.

Evidence: Selected IdP guide, SCIM token prefix/last-used timestamp, and SCIM fixture output.

Continuity owner

Thesmios

Due before: paid beta

External uptime monitor, alert routing, rollback owner, known-good deployment, and restore rehearsal.

Evidence: Operations evidence pack, deployment inspect output, rollback rehearsal, and restore record.

Proof commands

Attach outputs before moving stages.

Public proof can be shared early. Fixture, secret-backed, and customer-specific proof stays in locked operator and tenant records.

First customer launch plan smoke

First-customer launch plan page and JSON endpoint are deployed, complete, public-safe, and linked into launch proof bundles.

THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:first-customer-launch-plan

Dependency acceptance

Manual, invoice, managed, fixture-pending, and out-of-scope dependency treatments are accepted or kept claim-locked.

THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:dependency-acceptance

Buyer close pack

Selected launch motion, order-form scope, close checklist, blocked wording, and proof attachments are current.

THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:buyer-close-pack

Launch activation manifest

Missing env names, source systems, activation groups, and claim locks are current before operators request secrets.

THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:launch-activation-manifest

Customer launch room

Customer roles, sections, stages, commands, and linked evidence packs are ready for a launch tenant.

THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:customer-launch-room

Launch proof bundle

Public launch, API, evidence-pack, deployment-parity, and advisory-readiness checks pass before first-customer handoff.

THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:launch-proof-bundle -- --output /tmp/thesmios-first-customer-public-proof.json

Paid-beta fixture proof

Authenticated, mutating, billing, support, enterprise, and strict-readiness proof is attached or blocks paid go-live.

Close controls

The same evidence must show up in sales, security, and implementation.

Order-form attachments

/api/product/first-customer-launch-plan
GET /api/product/commercial-pack
GET /api/product/order-form-template
GET /api/product/customer-launch-room
GET /api/product/launch-evidence
GET /api/platform/launch-room with authenticated tenant member
GET /api/platform/launch-dossier?download=1 with authenticated tenant member
THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:launch-proof-bundle -- --output /tmp/thesmios-public-launch-proof.json

Blocked wording

Self-serve checkout
Broad enterprise SSO/SCIM
Official issuer automation without credentials
Public self-serve checkout
Unscoped enterprise automation
External certifications before evidence exists
Automated paid conversion
Broad enterprise automation

Boundaries

This plan is an execution artifact for a first customer; it does not replace signed order-form scope, tenant launch acceptance, vendor credentials, or fixture output.

Public-safe artifacts can be shared with buyers, but smoke passwords, generated fixture IDs, service-role keys, webhook secrets, SCIM tokens, and vendor credentials stay in locked operator files only.

A week can close only when its evidence is attached to the tenant launch room, launch dossier, external evidence register, billing evidence, fixture evidence, or support communications package.

Self-serve and broad enterprise claims remain out of scope for the first customer unless strict readiness and customer-specific vendor proof pass.