Launch gap register
Every open gap before B2B launch.
A launch-ready B2B product needs a queue that separates runtime blockers, paid-launch proof, enterprise dependencies, and customer acceptance. This register keeps every remaining claim tied to an owner, proof command, and fallback boundary.
32
open launch gaps
7
strict blockers
6
vendor gaps
7
customer evidence gates
Mode impact
Managed and invoice paths are conditional. Self-serve and broad enterprise remain blocked.
The register does not hide missing work. It shows exactly which launch motion each gap blocks and which claims must stay out of sales, order forms, and buyer evidence until proof is attached.
THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:readiness -- --strict
conditional
Managed private beta
Managed private beta can be sold only with signed customer acceptance, scoped exclusions, and 17 tracked gaps.
17 linked gaps. Disallowed claims: Private demo can continue, but a customer tenant cannot be accepted as live.; Do not claim production credential signing, evidence controls, audit export, or privacy fulfilment as buyer-accepted.; Do not run operator seeding or fixture proof from this shell; retrieve real secret values from the operator password manager or approved vendor console.; Strict readiness cannot prove RLS or authenticated role separation on production data.; Keep support/status email as dry-run or retained-attempt evidence and use manual customer communication for launch.; Accepted customer tenant; Invoice-led paid beta without fixture proof; Do not claim buyer audit export evidence is proven on production data.; Do not claim production tenant isolation or verifier access control has been proven.; Private beta can use the policy scanner, but enterprise file-control proof remains incomplete.; Do not claim production credential signing is fully proven for a tenant.; Do not treat DSAR and erasure fulfilment evidence as customer-accepted.
conditional
Invoice-led paid beta
Invoice-led paid beta can be sold only with signed customer acceptance, scoped exclusions, and 20 tracked gaps.
20 linked gaps. Disallowed claims: Private demo can continue, but a customer tenant cannot be accepted as live.; Do not claim production credential signing, evidence controls, audit export, or privacy fulfilment as buyer-accepted.; Buyer-accepted malware/quarantine proof before evidence fixture output.; Buyer-accepted audit exports before export fixture output.; Buyer-accepted data-rights fulfilment proof before privacy fixture output.; Do not run operator seeding or fixture proof from this shell; retrieve real secret values from the operator password manager or approved vendor console.; Strict readiness cannot prove RLS or authenticated role separation on production data.; Keep support/status email as dry-run or retained-attempt evidence and use manual customer communication for launch.; Accepted customer tenant; Invoice-led paid beta without fixture proof; Do not claim buyer audit export evidence is proven on production data.; Do not claim production tenant isolation or verifier access control has been proven.
blocked
Self-serve paid launch
Self-serve paid launch is blocked until 24 gaps are resolved or explicitly removed from scope.
24 linked gaps. Disallowed claims: Private demo can continue, but a customer tenant cannot be accepted as live.; Do not claim production credential signing, evidence controls, audit export, or privacy fulfilment as buyer-accepted.; Buyer-accepted malware/quarantine proof before evidence fixture output.; Buyer-accepted audit exports before export fixture output.; Buyer-accepted data-rights fulfilment proof before privacy fixture output.; Do not run operator seeding or fixture proof from this shell; retrieve real secret values from the operator password manager or approved vendor console.; Strict readiness cannot prove RLS or authenticated role separation on production data.; Keep support/status email as dry-run or retained-attempt evidence and use manual customer communication for launch.; Accepted customer tenant; Invoice-led paid beta without fixture proof; Do not claim buyer audit export evidence is proven on production data.; Do not claim production tenant isolation or verifier access control has been proven.
blocked
Broad enterprise expansion
Broad enterprise expansion is blocked until 26 gaps are resolved or explicitly removed from scope.
26 linked gaps. Disallowed claims: Private demo can continue, but a customer tenant cannot be accepted as live.; Do not claim production credential signing, evidence controls, audit export, or privacy fulfilment as buyer-accepted.; Do not run operator seeding or fixture proof from this shell; retrieve real secret values from the operator password manager or approved vendor console.; Strict readiness cannot prove RLS or authenticated role separation on production data.; Keep support/status email as dry-run or retained-attempt evidence and use manual customer communication for launch.; Accepted customer tenant; Invoice-led paid beta without fixture proof; Do not claim buyer audit export evidence is proven on production data.; Do not claim production tenant isolation or verifier access control has been proven.; Private beta can use the policy scanner, but enterprise file-control proof remains incomplete.; Do not claim production credential signing is fully proven for a tenant.; Do not treat DSAR and erasure fulfilment evidence as customer-accepted.
Owner queue
| Gap | Severity | Owner | Stage blocked | Missing evidence | Proof command | Next action |
|---|---|---|---|---|---|---|
| Authenticated tenant access proofmanaged beta gate - operator required. Authenticated smoke and tenant launch-room routes exist, but production fixture IDs and smoke credentials must be exported for each launch environment. | p1 paid launch | Operator | managed private beta; invoice paid beta; self serve paid; enterprise expansion | CONFIRM_LAUNCH_OPERATOR_SEED=thesmios-launch-seed run output; Owner, granted-employer, and denied-employer smoke results; Authenticated tenant launch-room snapshot | Record the evidence in the customer launch room.Attach access-control pass output before claiming tenant isolation is proven for the launch tenant. | Owner: Thesmios operator. Private demo can continue, but a customer tenant cannot be accepted as live.Private demo can continue, but a customer tenant cannot be accepted as live. |
| Credential and evidence sample proofmanaged beta gate - operator required. Credential lifecycle, issuer discovery, evidence upload, verification jobs, privacy export, audit export, and launch fixtures exist behind protected routes. | p1 paid launch | Operator | managed private beta; invoice paid beta; self serve paid; enterprise expansion | check:issuer-fixture output when issuer keys and auth fixtures are configured; check:evidence-fixture output when job runner secret is configured; check:audit-export-fixture output when private storage is configured; check:privacy-fixture output for data-rights proof | Record the evidence in the customer launch room.Attach sample credential, evidence, audit export, and privacy fixture output for the tenant or scoped pilot cohort. | Owner: Thesmios operator. Do not claim production credential signing, evidence controls, audit export, or privacy fulfilment as buyer-accepted.Do not claim production credential signing, evidence controls, audit export, or privacy fulfilment as buyer-accepted. |
| Evidence scanning, audit export, and data-rights fixturesvendor readiness - configured unproven; 1/2 environment groups configured. Code paths exist, but each launch tenant still needs authenticated fixture proof attached to external launch evidence. | p1 paid launch | Operator | invoice paid beta; self serve paid | THESMIOS_AUTH_SMOKE_PASSWORD; THESMIOS_TEST_SUBJECT_ID; THESMIOS_TEST_CREDENTIAL_ID; Evidence, audit-export, and privacy fixture output references recorded against the tenant launch room. | THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:evidence-fixture && THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:audit-export-fixture && THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:privacy-fixtureEvidence, audit-export, and privacy fixture output references recorded against the tenant launch room. | Configure or explicitly exclude THESMIOS_AUTH_SMOKE_PASSWORD, THESMIOS_TEST_SUBJECT_ID, THESMIOS_TEST_CREDENTIAL_ID.Treat evidence operations as managed-beta controls only; do not mark paid-beta fixture evidence accepted. |
| Operator environment preflightproduction proof - `check:operator-env` validates locally sourced launch secrets and fixture variables without printing values, and treats empty sensitive placeholders from `vercel env pull` as missing. | p1 paid launch | Operator | managed private beta; invoice paid beta; self serve paid; enterprise expansion | Locked operator env file with usable LAUNCH_OPERATIONS_SECRET or AUDIT_ADMIN_SECRET; Supabase public config and authenticated smoke fixture variables; PLATFORM_JOB_RUNNER_SECRET for evidence and audit fixtures | npm run check:operator-env -- --env-file /tmp/operator.env --seed --include-fixturesAttach the preflight output showing every required operator/fixture variable group is ready before any mutating production proof run. | Attach the operator environment preflight evidence to the launch room or mark the claim out of scope.Do not run operator seeding or fixture proof from this shell; retrieve real secret values from the operator password manager or approved vendor console. |
| Operator launch seedproduction proof - The protected seed route can create production DID/background-job records and deterministic owner, granted-employer, denied-employer fixture data. | p1 paid launch | Operator | managed private beta; invoice paid beta; self serve paid; enterprise expansion | CONFIRM_OPERATOR_LAUNCH_PROOF; LAUNCH_OPERATIONS_SECRET or AUDIT_ADMIN_SECRET; THESMIOS_AUTH_SMOKE_PASSWORD | CONFIRM_OPERATOR_LAUNCH_PROOF=thesmios-operator-proof LAUNCH_OPERATIONS_SECRET=<secret> THESMIOS_SMOKE_URL=https://www.thesmios.com npm run proof:operator-launch -- --seed --include-fixturesAttach returned subject, credential, workflow task, passport share, and smoke actor references in the operator launch record. | Attach the operator launch seed evidence to the launch room or mark the claim out of scope.Strict readiness cannot prove RLS or authenticated role separation on production data. |
| Support and status notification proofproduction proof - Status subscriptions, broadcasts, support request acknowledgement/update/escalation/resolution attempts, and retained support communication packages are implemented; controlled send requires verified sender reputation and a test recipient. | p1 paid launch | Operator | managed private beta; invoice paid beta; self serve paid; enterprise expansion | RESEND_API_KEY; STATUS_BROADCAST_SECRET; THESMIOS_NOTIFICATION_TEST_EMAIL; NEXT_PUBLIC_SUPABASE_URL; NEXT_PUBLIC_SUPABASE_ANON_KEY; +2 more | THESMIOS_SMOKE_URL=https://www.thesmios.com STATUS_BROADCAST_SECRET=<secret> THESMIOS_NOTIFICATION_TEST_EMAIL=<test-email> npm run check:notification-fixture && CONFIRM_SUPPORT_NOTIFICATION_FIXTURE=thesmios-support-notification-fixture THESMIOS_SMOKE_URL=https://www.thesmios.com THESMIOS_NOTIFICATION_TEST_EMAIL=<test-email> npm run check:support-notification-fixtureAttach subscriber intake, dry-run broadcast, support request lifecycle notification attempts, and controlled test-recipient delivery output. | Attach the support and status notification proof evidence to the launch room or mark the claim out of scope.Keep support/status email as dry-run or retained-attempt evidence and use manual customer communication for launch. |
| Support emailstrict readiness - Required for customer-request acknowledgements and status subscription confirmation mail. | p1 paid launch | Operator | managed private beta; invoice paid beta; self serve paid; enterprise expansion | RESEND_API_KEY; STATUS_BROADCAST_SECRET; THESMIOS_NOTIFICATION_TEST_EMAIL; NEXT_PUBLIC_SUPABASE_URL; NEXT_PUBLIC_SUPABASE_ANON_KEY; +2 more | THESMIOS_SMOKE_URL=https://www.thesmios.com STATUS_BROADCAST_SECRET=<secret> THESMIOS_NOTIFICATION_TEST_EMAIL=<test-email> npm run check:notification-fixture && CONFIRM_SUPPORT_NOTIFICATION_FIXTURE=thesmios-support-notification-fixture THESMIOS_SMOKE_URL=https://www.thesmios.com THESMIOS_NOTIFICATION_TEST_EMAIL=<test-email> npm run check:support-notification-fixtureAttach subscriber intake, dry-run broadcast, support request lifecycle notification attempts, and controlled test-recipient delivery output. | Complete Support and status notification proof and rerun strict readiness.Keep support/status email as dry-run or retained-attempt evidence and use manual customer communication for launch. |
| Audit export package proofproduction proof - Tenant audit exports can queue JSON, CSV, and ZIP packages into private storage with signed download URLs. | p1 paid launch | Security | managed private beta; invoice paid beta; self serve paid; enterprise expansion | NEXT_PUBLIC_SUPABASE_URL; NEXT_PUBLIC_SUPABASE_ANON_KEY; THESMIOS_AUTH_SMOKE_PASSWORD; PLATFORM_JOB_RUNNER_SECRET | THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:audit-export-fixtureAttach denied-access, queued-job, generated-package, and signed-download output. | Attach the audit export package proof evidence to the launch room or mark the claim out of scope.Do not claim buyer audit export evidence is proven on production data. |
| Authenticated access and RLS proofproduction proof - The authenticated smoke script signs in owner, granted-employer, and denied-employer users, then verifies worker, credential, task, share, upload, lifecycle, and RLS boundaries. | p1 paid launch | Security | managed private beta; invoice paid beta; self serve paid; enterprise expansion | NEXT_PUBLIC_SUPABASE_URL; NEXT_PUBLIC_SUPABASE_ANON_KEY; THESMIOS_AUTH_SMOKE_PASSWORD; THESMIOS_TEST_SUBJECT_ID; THESMIOS_TEST_CREDENTIAL_ID; +2 more | THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:auth-apiAttach the pass count proving owner, granted-employer, and denied-employer outcomes. | Attach the authenticated access and rls proof evidence to the launch room or mark the claim out of scope.Do not claim production tenant isolation or verifier access control has been proven. |
| Authenticated smoke fixture recordsstrict readiness - Seed authenticated smoke users and fixture records before relying on production RLS/API evidence. | p1 paid launch | Security | managed private beta; invoice paid beta; self serve paid; enterprise expansion | data_sets; data_set_records; NEXT_PUBLIC_SUPABASE_URL; NEXT_PUBLIC_SUPABASE_ANON_KEY; THESMIOS_AUTH_SMOKE_PASSWORD; +4 more | THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:auth-apiAttach the pass count proving owner, granted-employer, and denied-employer outcomes. | Complete Authenticated access and RLS proof and rerun strict readiness.Do not claim production tenant isolation or verifier access control has been proven. |
| Evidence file controls proofproduction proof - Upload, queue, active-content detection, EICAR quarantine, verification, and retention timestamp behavior are implemented behind authenticated routes. | p1 paid launch | Security | managed private beta; invoice paid beta; self serve paid; enterprise expansion | NEXT_PUBLIC_SUPABASE_URL; NEXT_PUBLIC_SUPABASE_ANON_KEY; THESMIOS_AUTH_SMOKE_PASSWORD; THESMIOS_TEST_SUBJECT_ID; THESMIOS_TEST_CREDENTIAL_ID; +1 more | THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:evidence-fixtureAttach clean, suspicious, infected, quarantine, and retention proof output. | Attach the evidence file controls proof evidence to the launch room or mark the claim out of scope.Private beta can use the policy scanner, but enterprise file-control proof remains incomplete. |
| Issuer signing proofproduction proof - DID, JWKS, OIDC metadata, and status-list routes are public; the fixture proves authenticated VC-JWT and SD-JWT issuance against the published key. | p1 paid launch | Security | managed private beta; invoice paid beta; self serve paid; enterprise expansion | NEXT_PUBLIC_SUPABASE_URL; NEXT_PUBLIC_SUPABASE_ANON_KEY; THESMIOS_AUTH_SMOKE_PASSWORD; THESMIOS_TEST_SUBJECT_ID | THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:issuer-fixtureAttach discovery responses plus signed VC-JWT and SD-JWT verification output. | Attach the issuer signing proof evidence to the launch room or mark the claim out of scope.Do not claim production credential signing is fully proven for a tenant. |
| Stripe self-serve billingstrict readiness - Required for public self-serve checkout; invoice-only private beta can run without it. | p1 paid launch | Finance | self serve paid | STRIPE_SECRET_KEY; STRIPE_WEBHOOK_SECRET; STRIPE_PRICE_REPORT; STRIPE_PRICE_MONITORING | THESMIOS_SMOKE_URL=https://www.thesmios.com STRIPE_WEBHOOK_SECRET=<secret> npm run check:stripe-fixtureAttach unsigned rejection, tampered rejection, and signed fixture event acceptance output. | Complete Stripe self-serve billing proof and rerun strict readiness.Do not enable self-serve checkout; keep paid beta invoice-only or order-form contracted. |
| Stripe self-serve billingvendor readiness - blocked; 0/2 environment groups configured. Invoice-led paid beta remains the commercial fallback until Stripe secrets, prices, and webhook fixture proof are attached. | p1 paid launch | Finance | self serve paid | STRIPE_SECRET_KEY; STRIPE_WEBHOOK_SECRET; STRIPE_PRICE_REPORT; STRIPE_PRICE_MONITORING; Unsigned webhook rejection, tampered signature rejection, and signed fixture event acceptance. | STRIPE_WEBHOOK_SECRET=<webhook-secret> THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:stripe-fixtureUnsigned webhook rejection, tampered signature rejection, and signed fixture event acceptance. | Configure or explicitly exclude STRIPE_SECRET_KEY, STRIPE_WEBHOOK_SECRET, STRIPE_PRICE_REPORT, STRIPE_PRICE_MONITORING.Sell invoice/order-form paid beta only; keep checkout disabled or setup-required. |
| Stripe self-serve billing proofproduction proof - Checkout, cancellation, and webhook routes are implemented; invoice/order-form launch remains the managed B2B fallback. | p1 paid launch | Finance | self serve paid | STRIPE_SECRET_KEY; STRIPE_WEBHOOK_SECRET; STRIPE_PRICE_REPORT; STRIPE_PRICE_MONITORING | THESMIOS_SMOKE_URL=https://www.thesmios.com STRIPE_WEBHOOK_SECRET=<secret> npm run check:stripe-fixtureAttach unsigned rejection, tampered rejection, and signed fixture event acceptance output. | Attach the stripe self-serve billing proof evidence to the launch room or mark the claim out of scope.Do not enable self-serve checkout; keep paid beta invoice-only or order-form contracted. |
| Privacy and data-rights proofproduction proof - User-scoped privacy export, data-rights intake, and fulfilment evidence routes are implemented with tenant-manager decisions. | p1 paid launch | Customer | managed private beta; invoice paid beta; self serve paid; enterprise expansion | NEXT_PUBLIC_SUPABASE_URL; NEXT_PUBLIC_SUPABASE_ANON_KEY; THESMIOS_AUTH_SMOKE_PASSWORD | THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:privacy-fixtureAttach scoped export, access/export request, erasure request, and fulfilment decision output. | Attach the privacy and data-rights proof evidence to the launch room or mark the claim out of scope.Do not treat DSAR and erasure fulfilment evidence as customer-accepted. |
| Vendor readiness evidenceproduction proof - The vendor readiness pack publishes public-safe configured, configured-unproven, manual-fallback, and blocked states without exposing secret values. | p1 paid launch | Customer | managed private beta; invoice paid beta; self serve paid; enterprise expansion | RESEND_API_KEY and STATUS_BROADCAST_SECRET for customer notification proof; Stripe secrets and price IDs for self-serve checkout; Enterprise IdP, HRIS, official issuer, and tenant SCIM credentials for broad enterprise claims; Customer-specific fixture output and written approval for manual-fallback boundaries | THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:vendor-readinessAttach the vendor readiness JSON, smoke output, accepted customer exclusions, and any vendor-specific fixture output to the launch room. | Attach the vendor readiness evidence evidence to the launch room or mark the claim out of scope.Keep missing vendor-backed automation out of the order form, or sell it only as managed/manual workflow with explicit customer acceptance. |
| Official issuer connectorsvendor readiness - manual fallback; 1/5 environment groups configured. Official issuer coverage can be represented as manual/upload/share-code workflow until each authority credential is approved. | p2 enterprise | Security | enterprise expansion | HOME_OFFICE_RTW_API_KEY; UKVI_RIGHT_TO_WORK_API_KEY; DBS_UPDATE_SERVICE_API_URL; DBS_UPDATE_SERVICE_API_KEY; EVERIFY_WEB_SERVICES_BASE_URL; +7 more | THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:issuer-fixtureIssuer fixture output plus authority-specific credential, consent, legal basis, and first customer lookup evidence. | Configure or explicitly exclude HOME_OFFICE_RTW_API_KEY, UKVI_RIGHT_TO_WORK_API_KEY, DBS_UPDATE_SERVICE_API_URL, DBS_UPDATE_SERVICE_API_KEY.Use manual evidence, uploaded documents, or share-code capture; do not claim direct official-source automation. |
| Enterprise OIDC broker configstrict readiness - Required before enterprise OIDC can move from managed setup to live brokered SSO. | p2 enterprise | Enterprise | enterprise expansion | ENTERPRISE_OIDC_ISSUER; ENTERPRISE_OIDC_CLIENT_ID; ENTERPRISE_OIDC_CLIENT_SECRET; THESMIOS_SCIM_TOKEN; SAML_IDP_ENTITY_ID; +2 more | THESMIOS_SMOKE_URL=https://www.thesmios.com THESMIOS_SCIM_TOKEN=<tenant-token> npm run check:scim-fixtureAttach IdP guide, token prefix, user/group create-read-update-deprovision output, and broker config decision. | Complete SCIM and enterprise SSO proof and rerun strict readiness.Sell enterprise SSO/SCIM as managed setup only, not self-serve enterprise provisioning. |
| Enterprise SAML IdP configstrict readiness - Required before enterprise SAML can move from managed setup to live brokered SSO. | p2 enterprise | Enterprise | enterprise expansion | SAML_IDP_ENTITY_ID; SAML_IDP_SSO_URL; SAML_IDP_CERTIFICATE; THESMIOS_SCIM_TOKEN; ENTERPRISE_OIDC_ISSUER; +2 more | THESMIOS_SMOKE_URL=https://www.thesmios.com THESMIOS_SCIM_TOKEN=<tenant-token> npm run check:scim-fixtureAttach IdP guide, token prefix, user/group create-read-update-deprovision output, and broker config decision. | Complete SCIM and enterprise SSO proof and rerun strict readiness.Sell enterprise SSO/SCIM as managed setup only, not self-serve enterprise provisioning. |
| Enterprise SSO and SCIM provisioningvendor readiness - blocked; 0/3 environment groups configured. Enterprise identity can be sold only as managed setup with customer IdP configuration and fixture proof. | p2 enterprise | Enterprise | enterprise expansion | ENTERPRISE_OIDC_ISSUER; ENTERPRISE_OIDC_CLIENT_ID; ENTERPRISE_OIDC_CLIENT_SECRET; SAML_IDP_ENTITY_ID; SAML_IDP_SSO_URL; +3 more | THESMIOS_SMOKE_URL=https://www.thesmios.com THESMIOS_SCIM_TOKEN=<tenant-token> npm run check:scim-fixtureIdP setup guide, tenant token prefix, SCIM create/read/update/deprovision output, and SSO broker decision. | Configure or explicitly exclude ENTERPRISE_OIDC_ISSUER, ENTERPRISE_OIDC_CLIENT_ID, ENTERPRISE_OIDC_CLIENT_SECRET, SAML_IDP_ENTITY_ID.Keep enterprise SSO/SCIM out of self-serve scope; require managed implementation and customer approval. |
| HRIS connector credentialsstrict readiness - Required before Workday and BambooHR connectors can be sold as customer-live. | p2 enterprise | Enterprise | enterprise expansion | WORKDAY_REST_BASE_URL; WORKDAY_ACCESS_TOKEN; BAMBOOHR_COMPANY_DOMAIN; BAMBOOHR_API_KEY; THESMIOS_SCIM_TOKEN; +6 more | THESMIOS_SMOKE_URL=https://www.thesmios.com THESMIOS_SCIM_TOKEN=<tenant-token> npm run check:scim-fixtureAttach IdP guide, token prefix, user/group create-read-update-deprovision output, and broker config decision. | Complete SCIM and enterprise SSO proof and rerun strict readiness.Sell enterprise SSO/SCIM as managed setup only, not self-serve enterprise provisioning. |
| Official issuer connector credentialsstrict readiness - Required before official issuer integrations can be sold as live rather than credential-required or manual. | p2 enterprise | Enterprise | enterprise expansion | COMPANIES_HOUSE_API_KEY; HOME_OFFICE_RTW_API_KEY; DBS_UPDATE_SERVICE_API_KEY; EVERIFY_INTEGRATION_APPROVED; THESMIOS_SCIM_TOKEN; +6 more | THESMIOS_SMOKE_URL=https://www.thesmios.com THESMIOS_SCIM_TOKEN=<tenant-token> npm run check:scim-fixtureAttach IdP guide, token prefix, user/group create-read-update-deprovision output, and broker config decision. | Complete SCIM and enterprise SSO proof and rerun strict readiness.Sell enterprise SSO/SCIM as managed setup only, not self-serve enterprise provisioning. |
| SCIM and enterprise SSO proofproduction proof - SCIM token storage, IdP setup guides, OIDC/SAML setup profiles, and protected enterprise routes exist with managed-beta boundaries. | p2 enterprise | Enterprise | enterprise expansion | THESMIOS_SCIM_TOKEN; ENTERPRISE_OIDC_ISSUER; ENTERPRISE_OIDC_CLIENT_ID; ENTERPRISE_OIDC_CLIENT_SECRET; SAML_IDP_ENTITY_ID; +2 more | THESMIOS_SMOKE_URL=https://www.thesmios.com THESMIOS_SCIM_TOKEN=<tenant-token> npm run check:scim-fixtureAttach IdP guide, token prefix, user/group create-read-update-deprovision output, and broker config decision. | Attach the scim and enterprise sso proof evidence to the launch room or mark the claim out of scope.Sell enterprise SSO/SCIM as managed setup only, not self-serve enterprise provisioning. |
| Self-serve and enterprise exclusionsmanaged beta gate - out of scope. Self-serve Stripe checkout, broad enterprise SSO/SCIM, HRIS automation, official issuer connectors, and external certifications remain separate proof tracks. | p2 enterprise | Enterprise | self serve paid; enterprise expansion | Strict readiness passing; Stripe fixture proof before self-serve checkout; SCIM fixture and SSO broker proof before broad enterprise provisioning; Customer-specific HRIS and official issuer credentials | List excluded claims in the order form and customer launch acceptance record.List excluded claims in the order form and customer launch acceptance record. | Owner: Thesmios operator. Self-serve remains gated; enterprise claims stay managed, customer-specific, or out of scope.Self-serve remains gated; enterprise claims stay managed, customer-specific, or out of scope. |
| HRIS source connectorsvendor readiness - manual fallback; 0/2 environment groups configured. Manual CSV/import or customer-provided evidence can support managed beta until the buyer supplies HRIS credentials. | p2 enterprise | Customer | enterprise expansion | WORKDAY_REST_BASE_URL; WORKDAY_ACCESS_TOKEN; BAMBOOHR_COMPANY_DOMAIN; BAMBOOHR_API_KEY; Customer sandbox import output, identifier reconciliation, and tenant launch dossier references. | THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:auth-apiCustomer sandbox import output, identifier reconciliation, and tenant launch dossier references. | Configure or explicitly exclude WORKDAY_REST_BASE_URL, WORKDAY_ACCESS_TOKEN, BAMBOOHR_COMPANY_DOMAIN, BAMBOOHR_API_KEY.Do not sell automated HRIS sync as live; scope a manual or managed-import workflow. |
| Support and incident fallbackmanaged beta gate - manual fallback. SLA, support queue, status subscriptions, and status broadcast dry-run routes exist. Resend sender verification is still required for live automated email. | p3 customer acceptance | Operator | managed private beta; invoice paid beta; self serve paid; enterprise expansion | Named customer support owner; Manual incident communication channel; Status subscriber and broadcast dry-run evidence; Support request notification lifecycle fixture output; Controlled send proof when RESEND_API_KEY and sender reputation are configured | Record the evidence in the customer launch room.Attach support owner, escalation route, manual notice process, and dry-run broadcast output. | Owner: Thesmios support owner. Keep support communication manual and exclude automated email delivery from the launch claim.Keep support communication manual and exclude automated email delivery from the launch claim. |
| Support email and status broadcastsvendor readiness - manual fallback; 0/1 environment groups configured. Managed beta can use retained support attempts and manual customer follow-up. Paid launch needs controlled delivery proof. | p3 customer acceptance | Operator | invoice paid beta; self serve paid | RESEND_API_KEY; Status subscription/broadcast output, support notification fixture output, and manual follow-up evidence if email is skipped. | STATUS_BROADCAST_SECRET=<secret> THESMIOS_NOTIFICATION_TEST_EMAIL=<test-email> THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:notification-fixtureStatus subscription/broadcast output, support notification fixture output, and manual follow-up evidence if email is skipped. | Configure or explicitly exclude RESEND_API_KEY.Keep support email as manual-fallback; do not promise automated notification delivery. |
| Invoice or order-form billing routemanaged beta gate - manual fallback. Tenant billing profile and invoice setup request paths exist. Stripe checkout remains a separate self-serve proof gate. | p3 customer acceptance | Finance | invoice paid beta; self serve paid | Tenant billing profile saved as invoice-only or Stripe-ready; Purchase-order terms or invoice contact; Customer acceptance for manual billing fallback | Record the evidence in the customer launch room.Attach billing owner, PO terms, invoice contact, plan, seat cap, and renewal/cancellation terms. | Owner: Buyer finance owner and Thesmios operator. Run a no-charge private beta only; do not call the tenant a paid beta.Run a no-charge private beta only; do not call the tenant a paid beta. |
| Customer acceptance evidenceproduction proof - Launch room, launch acceptance, continuity evidence, procurement evidence, and order-form template are implemented. | p3 customer acceptance | Customer | managed private beta; invoice paid beta; self serve paid; enterprise expansion | Signed order form or written approval reference; Customer-approved retention schedule; DPIA/AI governance approval; Subprocessor objection or acceptance decision | PATCH /api/platform/launch-acceptance with accepted or accepted_with_exclusions decisionAttach signer, accepted stage, scoped exclusions, evidence references, and external approval reference. | Attach the customer acceptance evidence evidence to the launch room or mark the claim out of scope.Do not mark a tenant as live even if public platform checks pass. |
| Customer acceptance recordmanaged beta gate - customer required. Launch acceptance routes and tenant launch room can store accepted, accepted-with-exclusions, deferred, rejected, or superseded stage decisions. | p3 customer acceptance | Customer | managed private beta; invoice paid beta; self serve paid; enterprise expansion | PATCH /api/platform/launch-acceptance output; Signer name, role, and approval reference; Scoped exclusions and residual risks | Record the evidence in the customer launch room.Attach the go/no-go decision before any paid or live production claim. | Owner: Buyer sponsor and Thesmios operator. Do not mark the tenant as live, even when the public site and product evidence packs pass.Do not mark the tenant as live, even when the public site and product evidence packs pass. |
| Customer order-form scopemanaged beta gate - customer required. Order-form template and customer launch room define modules, cohort, verifier audience, data boundaries, exclusions, and acceptance language. | p3 customer acceptance | Customer | managed private beta; invoice paid beta; self serve paid; enterprise expansion | Signed order form or written approval reference; Approved worker cohort and compliance modules; Customer launch room sections | Record the evidence in the customer launch room.Attach the signed order form or approval reference before moving the tenant beyond setup. | Owner: Buyer and Thesmios commercial owner. Keep the tenant in setup; do not treat private beta or paid beta as accepted.Keep the tenant in setup; do not treat private beta or paid beta as accepted. |
Proof commands
The queue is evidence-backed, not a spreadsheet disconnected from production.
Each command produces attachable launch evidence or identifies why a paid, self-serve, or enterprise claim remains blocked.
Launch gap register smoke
Page and JSON endpoint are deployed, complete, public-safe, and wired into proof bundles.
THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:launch-gap-register
Strict readiness
Current production blockers and dependency names without secret values.
THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:readiness -- --strict
Operator environment preflight
Local operator shell has usable launch, fixture, vendor, and mutating proof variables.
npm run check:operator-env -- --env-file /tmp/operator.env --seed --include-fixtures
Launch proof bundle
Every public, authenticated, vendor, enterprise, and mutating fixture proof passes or blocks paid launch.
THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:launch-proof-bundle -- --include-fixtures --strict --env-file /tmp/thesmios-auth-smoke.env --output /tmp/thesmios-launch-proof-bundle.json
Boundaries
Public-safe launch governance.
This register reports evidence names, dependency names, owner queues, and proof commands only; secret values are never exposed.
Configured does not mean accepted. A claim becomes sellable only when the matching proof output or customer acceptance is attached.
Manual fallback is a launch path only when the order form and launch room explicitly exclude the missing automated claim.
Strict readiness remains the gate for self-serve paid launch and broad enterprise expansion.
/api/product/launch-clearance
/api/product/production-proof
/api/product/vendor-readiness
/api/product/managed-beta-readiness
/api/product/operator-launch-console
/api/product/launch-claims-guard
/api/product/customer-launch-room
/api/product/operations-evidence
/api/product/procurement-evidence
/api/platform/launch-room
/api/platform/launch-dossier?download=1