Launch unblock plan
Turn launch blockers into executable work.
Strict readiness says what is blocked. The evidence ledger says where proof belongs. This plan turns both into ordered workstreams with the command, evidence target, owner, and claim lock needed to unblock a real B2B launch.
5
active workstreams
1
operator workstreams
2
vendor workstreams
2
blocked launch modes
Next unblock actions
Start with the shell, not the sales claim.
The first three actions are intentionally operational: prove the local handoff, run the approved evidence command, then attach the output where customer review can see it.
Run the security fixture suite
Security, evidence, audit, and privacy fixtures
Evidence target: /api/product/production-proof
THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:issuer-fixture && THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:evidence-fixture && THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:audit-export-fixture && THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:privacy-fixture
Configure Resend and run notification fixtures
Support and status notification proof
Evidence target: /tmp/thesmios-launch-proof-bundle.json
THESMIOS_SMOKE_URL=https://www.thesmios.com STATUS_BROADCAST_SECRET=<secret> THESMIOS_NOTIFICATION_TEST_EMAIL=<test-email> npm run check:notification-fixture && CONFIRM_SUPPORT_NOTIFICATION_FIXTURE=thesmios-support-notification-fixture THESMIOS_SMOKE_URL=https://www.thesmios.com THESMIOS_NOTIFICATION_TEST_EMAIL=<test-email> npm run check:support-notification-fixture
Attach invoice or order-form billing evidence
Billing and paid conversion
Evidence target: /api/platform/billing-evidence
GET /api/platform/billing-evidence
Workstreams
Every blocker gets an owner and an attachment target.
Security, evidence, audit, and privacy fixtures
Clear the security and privacy proof outputs that buyers expect before paid beta evidence is accepted.
Owner: Security
Blocks: invoice paid beta; self serve paid; managed private beta; enterprise expansion
If skipped: Do not claim production-grade evidence scanning, audit export, credential signing, or DSAR fulfilment proof.
Actions
Proof run: Run the security fixture suite
Issuer, file-control, audit export, and privacy/data-rights fixture outputs pass against the seeded production tenant.
THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:issuer-fixture && THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:evidence-fixture && THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:audit-export-fixture && THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:privacy-fixture
Attach to /api/product/production-proof. Attach passing outputs to the security review pack and tenant fixture evidence package before paid-beta acceptance.
Evidence scanning, audit export, and data-rights fixtures
Needs fixture outputTarget: /tmp/thesmios-launch-proof-bundle.json
Locked: Buyer-accepted malware/quarantine proof before evidence fixture output.; Buyer-accepted audit exports before export fixture output.; Buyer-accepted data-rights fulfilment proof before privacy fixture output.
Operator environment preflight
Needs operator runTarget: /tmp/thesmios-launch-proof-bundle.json
Locked: Do not run operator seeding or fixture proof from this shell; retrieve real secret values from the operator password manager or approved vendor console.
Operator launch seed
Needs operator runTarget: /tmp/thesmios-launch-proof-bundle.json
Locked: Strict readiness cannot prove RLS or authenticated role separation on production data.
Audit export package proof
Needs fixture outputTarget: /api/product/production-proof
Locked: Do not claim buyer audit export evidence is proven on production data.
Authenticated access and RLS proof
Needs fixture outputTarget: /api/product/production-proof
Locked: Do not claim production tenant isolation or verifier access control has been proven.
Authenticated smoke fixture records
Needs fixture outputTarget: /api/product/production-proof
Locked: Accepted customer tenant; Invoice-led paid beta without fixture proof
Support and status notification proof
Configure email delivery and prove status plus support-notification attempts before support communications are sold as automated.
Owner: Operator
Blocks: managed private beta; invoice paid beta; self serve paid; enterprise expansion
If skipped: Use manual customer follow-up and retained skipped/failed notification evidence; do not claim automated support email delivery.
Actions
Vendor setup: Configure Resend and run notification fixtures
Status subscriber intake, dry-run or controlled-send broadcast, and retained support request lifecycle notification attempts.
THESMIOS_SMOKE_URL=https://www.thesmios.com STATUS_BROADCAST_SECRET=<secret> THESMIOS_NOTIFICATION_TEST_EMAIL=<test-email> npm run check:notification-fixture && CONFIRM_SUPPORT_NOTIFICATION_FIXTURE=thesmios-support-notification-fixture THESMIOS_SMOKE_URL=https://www.thesmios.com THESMIOS_NOTIFICATION_TEST_EMAIL=<test-email> npm run check:support-notification-fixture
Attach to /tmp/thesmios-launch-proof-bundle.json. Attach sent delivery proof or record the manual fallback before paid-beta support acceptance.
Support and status notification proof
Needs fixture outputTarget: /tmp/thesmios-launch-proof-bundle.json
Locked: Keep support/status email as dry-run or retained-attempt evidence and use manual customer communication for launch.
Support email
Needs vendor setupTarget: Approved vendor console evidence or explicit signed exclusion
Locked: Accepted customer tenant; Invoice-led paid beta without fixture proof
Support and incident fallback
Needs customer acceptanceTarget: /api/platform/launch-room
Locked: Automated claim without accepted manual fallback
Support email and status broadcasts
Needs vendor setupTarget: Approved vendor console evidence or explicit signed exclusion
Locked: Automated customer email acknowledgement before sender reputation and fixture delivery are proven.; Incident broadcast delivery to customer recipients before controlled notification proof.
Billing and paid conversion
Separate invoice-led beta from self-serve paid launch, then prove Stripe only when public checkout is actually in scope.
Owner: Finance
Blocks: self serve paid; invoice paid beta
If skipped: Keep paid beta invoice/order-form only and block public checkout or automated paid conversion claims.
Actions
Customer record: Attach invoice or order-form billing evidence
Saved billing profile, invoice or PO reference, commercial owner, accepted plan limits, and self-serve exclusions.
GET /api/platform/billing-evidence
Attach to /api/platform/billing-evidence. Invoice-led paid beta can proceed only after billing evidence and customer acceptance are attached.
Vendor setup: Prove Stripe before self-serve checkout
Unsigned and tampered webhook rejection plus signed fixture event acceptance on production.
THESMIOS_SMOKE_URL=https://www.thesmios.com STRIPE_WEBHOOK_SECRET=<secret> npm run check:stripe-fixture
Attach to /api/platform/billing-evidence. Do not enable or market self-serve checkout until this proof and production price configuration are attached.
Stripe self-serve billing
Needs vendor setupTarget: /api/platform/billing-evidence
Locked: Self-serve checkout; Automated paid conversion
Stripe self-serve billing
Needs vendor setupTarget: /api/platform/billing-evidence
Locked: Public self-serve paid checkout.; Automated subscription lifecycle and webhook-driven paid activation.
Stripe self-serve billing proof
Needs contract exclusionTarget: Signed order-form exclusions section
Locked: Self-serve checkout; Card-backed activation
Invoice or order-form billing route
Needs contract exclusionTarget: Signed order-form exclusions section
Locked: Automated claim without accepted manual fallback
Customer acceptance and signed scope
Collect the buyer-side approvals, scoped exclusions, and evidence references that turn a managed beta into an accepted tenant launch.
Owner: Customer
Blocks: managed private beta; invoice paid beta; self serve paid; enterprise expansion
If skipped: Do not mark a tenant live even when the public product and operator proofs are present.
Actions
Customer record: Record external launch evidence
Signed order form, PO/invoice, security/privacy approval, support route, uptime or restore references, and fixture-output references.
PATCH /api/platform/external-evidence
Attach to /api/platform/launch-room. Attach artifact references to the customer launch room before requesting go/no-go approval.
Contract scope: Record launch acceptance
Signer, accepted stage, decision, evidence references, external approval reference, and scoped exclusions.
PATCH /api/platform/launch-acceptance
Attach to Signed order-form exclusions section. Accepted-with-exclusions is valid only when the exclusions match the order form and claims guard.
Authenticated tenant access proof
Needs customer acceptanceTarget: /api/platform/launch-room
Locked: Private demo can continue, but a customer tenant cannot be accepted as live.
Credential and evidence sample proof
Needs customer acceptanceTarget: /api/platform/launch-room
Locked: Do not claim production credential signing, evidence controls, audit export, or privacy fulfilment as buyer-accepted.
Privacy and data-rights proof
Needs customer acceptanceTarget: /api/platform/launch-room
Locked: Do not treat DSAR and erasure fulfilment evidence as customer-accepted.
Customer acceptance evidence
Needs contract exclusionTarget: Signed order-form exclusions section
Locked: Live tenant; Paid beta; Enterprise expansion
Customer acceptance record
Needs contract exclusionTarget: Signed order-form exclusions section
Locked: Live customer tenant without signed acceptance
Customer order-form scope
Needs contract exclusionTarget: Signed order-form exclusions section
Locked: Live customer tenant without signed acceptance
Enterprise SSO, SCIM, HRIS, and official issuers
Configure customer/vendor credentials and prove provisioning before broad enterprise automation is claimed.
Owner: Enterprise
Blocks: managed private beta; invoice paid beta; self serve paid; enterprise expansion
If skipped: Sell enterprise scope as managed setup only; do not claim hands-off SSO, SCIM, HRIS, or official-source automation.
Actions
Vendor setup: Configure enterprise vendors and run SCIM proof
IdP setup approval, SCIM token evidence, user and group create/read/update/deprovision output, and any HRIS or issuer approval references.
THESMIOS_SMOKE_URL=https://www.thesmios.com THESMIOS_SCIM_TOKEN=<tenant-token> npm run check:scim-fixture
Attach to Approved vendor console evidence or explicit signed exclusion. Enterprise expansion remains blocked until customer-specific IdP, HRIS, official issuer, and SCIM fixture evidence is attached.
Vendor readiness evidence
Needs customer acceptanceTarget: /api/platform/launch-room
Locked: Keep missing vendor-backed automation out of the order form, or sell it only as managed/manual workflow with explicit customer acceptance.
Official issuer connectors
Blocked until externalTarget: Approved vendor console evidence or explicit signed exclusion
Locked: Live Home Office / UKVI checks without approved credentials and employee consent.; Live DBS Update Service checks without customer legal basis and API credentials.; Live E-Verify case submission without approval, MOU, certificates, and tenant credentials.
Enterprise OIDC broker config
Blocked until externalTarget: Approved vendor console evidence or explicit signed exclusion
Locked: Broad enterprise automation; Hands-off SSO/SCIM; Live HRIS or official issuer automation
Enterprise SAML IdP config
Blocked until externalTarget: Approved vendor console evidence or explicit signed exclusion
Locked: Broad enterprise automation; Hands-off SSO/SCIM; Live HRIS or official issuer automation
Enterprise SSO and SCIM provisioning
Blocked until externalTarget: Approved vendor console evidence or explicit signed exclusion
Locked: Broad enterprise self-serve SSO.; Hands-off SCIM provisioning across all IdPs.; Brokered SAML/OIDC production login before tenant IdP proof.
HRIS connector credentials
Blocked until externalTarget: Approved vendor console evidence or explicit signed exclusion
Locked: Broad enterprise automation; Hands-off SSO/SCIM; Live HRIS or official issuer automation
Mode decisions
The plan keeps launch claims locked to evidence.
Managed private beta
Conditionally launchable for a named design partner with signed scope, operator fixture evidence, manual support fallback, and launch acceptance.
Blocked by: none
Invoice-led paid beta
Conditionally launchable only after customer acceptance, billing profile, invoice/order-form evidence, and authenticated fixture proof are attached.
Blocked by: Authenticated smoke fixture records; Support email
Self-serve paid launch
Blocked. Strict readiness must be ready and Stripe fixture proof must pass before self-serve checkout is enabled.
Blocked by: Authenticated smoke fixture records; Support email; Stripe self-serve billing
Broad enterprise expansion
Blocked. Enterprise SSO, SAML, HRIS, official issuer credentials, and SCIM fixture evidence remain customer/vendor-specific.
Blocked by: Enterprise OIDC broker config; Enterprise SAML IdP config; HRIS connector credentials; Official issuer connector credentials; Authenticated smoke fixture records; Support email; Stripe self-serve billing
Claim locks
Missing proof stays out of the order form.
Launch unblock plan smoke
Page and JSON endpoint are deployed, public-safe, and derived from the live clearance and ledger state.
THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:launch-unblock-plan
Operator environment preflight
Usable local launch variables without printing secret values.
npm run check:operator-env -- --env-file /tmp/operator.env --seed --include-fixtures --json
Strict readiness
Production dependency gate after workstreams have been cleared or explicitly excluded.
THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:readiness -- --strict