Managed beta readiness
Invoice-led launch path for design partners.
The public platform can support a managed private beta or invoice-led paid beta when customer scope, operator fixture evidence, manual billing, support fallback, and launch acceptance are attached. This is not strict self-serve or broad enterprise readiness.
10
launch gates
9
evidence packs
3
customer/operator proofs
4
excluded launch claims
Launch decision
Launchable with named evidence, not by default.
Managed beta is a controlled sales motion: named buyer, scoped order form, invoice or manual billing fallback, operator-run fixture proof, support fallback, and a signed customer acceptance record.
THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:managed-beta-readiness
Go
Launch a managed private beta or invoice-led paid beta only when public checks pass, scope is signed, billing fallback is accepted, access proof is attached, and customer acceptance is recorded.
Hold
Hold the tenant in setup when customer scope, billing owner, operator fixture output, procurement approval, or launch acceptance is missing.
Do not claim
Do not claim self-serve paid checkout, broad enterprise SSO/SCIM, official issuer automation, external malware scanning, or external certifications until those separate proof tracks pass.
Launch gates
Public deployment and route protection
Production homepage, marketing surfaces, status, implementation, legal, trust, readiness, and public product evidence endpoints are deployed on the production domain.
Owner: Thesmios operator
Acceptance: Attach public launch and API smoke output to the customer implementation record.
Strict proof plan is published
Production proof groups name the strict paid-readiness blockers, fixture inputs, vendor requirements, mutating boundaries, and if-missing decisions.
Owner: Thesmios operator
Acceptance: Attach the production proof JSON and smoke output so strict blockers are visible before the buyer signs.
Customer order-form scope
Order-form template and customer launch room define modules, cohort, verifier audience, data boundaries, exclusions, and acceptance language.
Owner: Buyer and Thesmios commercial owner
Acceptance: Attach the signed order form or approval reference before moving the tenant beyond setup.
Invoice or order-form billing route
Tenant billing profile and invoice setup request paths exist. Stripe checkout remains a separate self-serve proof gate.
Owner: Buyer finance owner and Thesmios operator
Acceptance: Attach billing owner, PO terms, invoice contact, plan, seat cap, and renewal/cancellation terms.
Authenticated tenant access proof
Authenticated smoke and tenant launch-room routes exist, but production fixture IDs and smoke credentials must be exported for each launch environment.
Owner: Thesmios operator
Acceptance: Attach access-control pass output before claiming tenant isolation is proven for the launch tenant.
Credential and evidence sample proof
Credential lifecycle, issuer discovery, evidence upload, verification jobs, privacy export, audit export, and launch fixtures exist behind protected routes.
Owner: Thesmios operator
Acceptance: Attach sample credential, evidence, audit export, and privacy fixture output for the tenant or scoped pilot cohort.
Support and incident fallback
SLA, support queue, status subscriptions, and status broadcast dry-run routes exist. Resend sender verification is still required for live automated email.
Owner: Thesmios support owner
Acceptance: Attach support owner, escalation route, manual notice process, and dry-run broadcast output.
Security, privacy, and procurement pack
Security assurance, procurement evidence, DPA, SLA, subprocessors, privacy, terms, status, and operations evidence are published with explicit certification boundaries.
Owner: Thesmios security owner
Acceptance: Attach procurement/security review approvals and the relevant public evidence packs.
Customer acceptance record
Launch acceptance routes and tenant launch room can store accepted, accepted-with-exclusions, deferred, rejected, or superseded stage decisions.
Owner: Buyer sponsor and Thesmios operator
Acceptance: Attach the go/no-go decision before any paid or live production claim.
Self-serve and enterprise exclusions
Self-serve Stripe checkout, broad enterprise SSO/SCIM, HRIS automation, official issuer connectors, and external certifications remain separate proof tracks.
Owner: Thesmios operator
Acceptance: List excluded claims in the order form and customer launch acceptance record.
Required evidence
| Gate | Audience | Required evidence | If missing |
|---|---|---|---|
| Public deployment and route protection | Buyer | Production deployment URL; check:launch output; check:api output; check:readiness advisory output | Do not begin a buyer rollout until the production domain and public evidence surfaces pass. |
| Strict proof plan is published | Operator | /production-proof; /api/product/production-proof; THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:production-proof | Do not represent strict readiness blockers as owned or understood. |
| Customer order-form scope | Buyer | Signed order form or written approval reference; Approved worker cohort and compliance modules; Customer launch room sections | Keep the tenant in setup; do not treat private beta or paid beta as accepted. |
| Invoice or order-form billing route | Finance | Tenant billing profile saved as invoice-only or Stripe-ready; Purchase-order terms or invoice contact; Customer acceptance for manual billing fallback | Run a no-charge private beta only; do not call the tenant a paid beta. |
| Authenticated tenant access proof | Security | CONFIRM_LAUNCH_OPERATOR_SEED=thesmios-launch-seed run output; Owner, granted-employer, and denied-employer smoke results; Authenticated tenant launch-room snapshot | Private demo can continue, but a customer tenant cannot be accepted as live. |
| Credential and evidence sample proof | Security | check:issuer-fixture output when issuer keys and auth fixtures are configured; check:evidence-fixture output when job runner secret is configured; check:audit-export-fixture output when private storage is configured; check:privacy-fixture output for data-rights proof | Do not claim production credential signing, evidence controls, audit export, or privacy fulfilment as buyer-accepted. |
| Support and incident fallback | Operator | Named customer support owner; Manual incident communication channel; Status subscriber and broadcast dry-run evidence; Controlled send proof when RESEND_API_KEY and sender reputation are configured | Keep support communication manual and exclude automated email delivery from the launch claim. |
| Security, privacy, and procurement pack | Buyer | /api/product/security-assurance; /api/product/procurement-evidence; /api/product/operations-evidence; Customer DPIA or residual-risk decision | Do not mark the launch accepted for a regulated buyer. |
| Customer acceptance record | Buyer | PATCH /api/platform/launch-acceptance output; Signer name, role, and approval reference; Scoped exclusions and residual risks | Do not mark the tenant as live, even when the public site and product evidence packs pass. |
| Self-serve and enterprise exclusions | Enterprise | Strict readiness passing; Stripe fixture proof before self-serve checkout; SCIM fixture and SSO broker proof before broad enterprise provisioning; Customer-specific HRIS and official issuer credentials | Self-serve remains gated; enterprise claims stay managed, customer-specific, or out of scope. |
Commands
Evidence commands for the managed launch record.
Run the public command before buyer review. Run mutating fixture commands only after the operator seed and customer scope are approved.
Managed beta readiness smoke
Managed beta page and JSON endpoint are deployed and complete.
THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:managed-beta-readiness
Launch proof bundle
Public launch, API, evidence pack, launch room, and readiness checks pass without mutating fixtures.
THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:launch-proof-bundle -- --output /tmp/thesmios-public-launch-proof.json
Operator launch proof runner
Production fixture IDs, authenticated proof output, and one attachable launch proof JSON bundle for managed beta acceptance.
CONFIRM_OPERATOR_LAUNCH_PROOF=thesmios-operator-proof LAUNCH_OPERATIONS_SECRET=<secret> THESMIOS_SMOKE_URL=https://www.thesmios.com npm run proof:operator-launch -- --seed --include-fixtures
Customer acceptance record
Signed order-form reference, signer, accepted stage, scoped exclusions, and evidence references.
PATCH /api/platform/launch-acceptance with accepted or accepted_with_exclusions decision
Boundary
Self-serve remains gated.
This pack makes invoice-led launch credible for design partners. It does not clear Stripe self-serve checkout, broad enterprise SSO or SCIM, HRIS automation, official issuer coverage, or external certification claims.