Production proof
Production proof plan for launch readiness.
A solid B2B launch needs evidence that production routes, tenant isolation, issuer signing, evidence controls, billing, notifications, provisioning, and customer acceptance are actually proven. This pack turns strict-readiness blockers into the exact proof workstream.
11
proof groups
7
fixture or operator proofs
3
vendor or enterprise gates
1
customer acceptance gate
Strict readiness
Keep the paid-launch gate strict, but make the evidence path explicit.
Public checks can pass before every paid-launch dependency is configured. The production proof pack keeps those boundaries visible so managed private beta is not confused with self-serve or broad enterprise launch.
THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:readiness -- --strict
Production proof smoke
Production proof page and JSON endpoint are deployed and complete.
THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:production-proof
Operator launch seed
Production records plus deterministic authenticated smoke fixture IDs.
CONFIRM_LAUNCH_OPERATOR_SEED=thesmios-launch-seed LAUNCH_OPERATIONS_SECRET=<secret> LAUNCH_SEED_ENV_OUTPUT_PATH=/tmp/thesmios-auth-smoke.env THESMIOS_SMOKE_URL=https://www.thesmios.com npm run seed:launch-operator
Operator launch proof runner
Seeds fixture records through the protected operator route, sources the locked fixture env file, and writes one launch proof JSON bundle.
CONFIRM_OPERATOR_LAUNCH_PROOF=thesmios-operator-proof LAUNCH_OPERATIONS_SECRET=<secret> THESMIOS_SMOKE_URL=https://www.thesmios.com npm run proof:operator-launch -- --seed --strict
Strict launch bundle
All public, authenticated, mutating, vendor, and enterprise fixture proofs pass or block paid launch.
THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:launch-proof-bundle -- --include-fixtures --strict --env-file /tmp/thesmios-auth-smoke.env --output /tmp/thesmios-launch-proof-bundle.json
Proof groups
Public launch and API proof
Public site, security, procurement, operations, customer launch room, DID/JWKS, and protected-route checks run without mutating customer data.
Audience: Buyer
Strict gate: Public launch smoke, unauthenticated API smoke, advisory readiness, and launch proof bundle.
THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:launch-proof-bundle
Operator launch seed
The protected seed route can create production DID/background-job records and deterministic owner, granted-employer, denied-employer fixture data.
Audience: Operator
Strict gate: Production launch seed records and authenticated smoke fixture records.
CONFIRM_OPERATOR_LAUNCH_PROOF=thesmios-operator-proof LAUNCH_OPERATIONS_SECRET=<secret> THESMIOS_SMOKE_URL=https://www.thesmios.com npm run proof:operator-launch -- --seed --include-fixtures
Authenticated access and RLS proof
The authenticated smoke script signs in owner, granted-employer, and denied-employer users, then verifies worker, credential, task, share, upload, lifecycle, and RLS boundaries.
Audience: Security
Strict gate: Authenticated API smoke execution variables and fixture records.
THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:auth-api
Issuer signing proof
DID, JWKS, OIDC metadata, and status-list routes are public; the fixture proves authenticated VC-JWT and SD-JWT issuance against the published key.
Audience: Security
Strict gate: Issuer fixture execution variables.
THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:issuer-fixture
Evidence file controls proof
Upload, queue, active-content detection, EICAR quarantine, verification, and retention timestamp behavior are implemented behind authenticated routes.
Audience: Security
Strict gate: Evidence fixture execution variables.
THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:evidence-fixture
Audit export package proof
Tenant audit exports can queue JSON, CSV, and ZIP packages into private storage with signed download URLs.
Audience: Security
Strict gate: Audit export fixture execution variables.
THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:audit-export-fixture
Privacy and data-rights proof
User-scoped privacy export, data-rights intake, and fulfilment evidence routes are implemented with tenant-manager decisions.
Audience: Buyer
Strict gate: Privacy fixture execution variables.
THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:privacy-fixture
Support and status notification proof
Status subscriptions and broadcasts are implemented; controlled send requires verified sender reputation and a test recipient.
Audience: Operator
Strict gate: Support email configuration and notification fixture execution variables.
THESMIOS_SMOKE_URL=https://www.thesmios.com STATUS_BROADCAST_SECRET=<secret> THESMIOS_NOTIFICATION_TEST_EMAIL=<test-email> npm run check:notification-fixture
Stripe self-serve billing proof
Checkout, cancellation, and webhook routes are implemented; invoice/order-form launch remains the managed B2B fallback.
Audience: Finance
Strict gate: Stripe self-serve checkout and Stripe fixture execution variables.
THESMIOS_SMOKE_URL=https://www.thesmios.com STRIPE_WEBHOOK_SECRET=<secret> npm run check:stripe-fixture
SCIM and enterprise SSO proof
SCIM token storage, IdP setup guides, OIDC/SAML setup profiles, and protected enterprise routes exist with managed-beta boundaries.
Audience: Enterprise
Strict gate: SCIM fixture, OIDC broker, and SAML broker configuration.
THESMIOS_SMOKE_URL=https://www.thesmios.com THESMIOS_SCIM_TOKEN=<tenant-token> npm run check:scim-fixture
Customer acceptance evidence
Launch room, launch acceptance, continuity evidence, procurement evidence, and order-form template are implemented.
Audience: Buyer
Strict gate: Customer-specific launch room, signed order form, DPIA, retention, and residual-risk approval.
PATCH /api/platform/launch-acceptance with accepted or accepted_with_exclusions decision
Required inputs
| Proof | Required inputs | Acceptance evidence | If missing |
|---|---|---|---|
| Public launch and API proofread only | THESMIOS_SMOKE_URL | Attach the launch proof bundle JSON with public checks passing and fixture-only checks skipped. | Do not send launch evidence to a buyer until the public bundle is green on the production domain. |
| Operator launch seedmutates production | CONFIRM_OPERATOR_LAUNCH_PROOF; LAUNCH_OPERATIONS_SECRET or AUDIT_ADMIN_SECRET; THESMIOS_AUTH_SMOKE_PASSWORD | Attach returned subject, credential, workflow task, passport share, and smoke actor references in the operator launch record. | Strict readiness cannot prove RLS or authenticated role separation on production data. |
| Authenticated access and RLS proofmutates production | NEXT_PUBLIC_SUPABASE_URL; NEXT_PUBLIC_SUPABASE_ANON_KEY; THESMIOS_AUTH_SMOKE_PASSWORD; THESMIOS_TEST_SUBJECT_ID; THESMIOS_TEST_CREDENTIAL_ID; THESMIOS_TEST_TASK_ID; THESMIOS_TEST_SHARE_ID | Attach the pass count proving owner, granted-employer, and denied-employer outcomes. | Do not claim production tenant isolation or verifier access control has been proven. |
| Issuer signing proofmutates production | NEXT_PUBLIC_SUPABASE_URL; NEXT_PUBLIC_SUPABASE_ANON_KEY; THESMIOS_AUTH_SMOKE_PASSWORD; THESMIOS_TEST_SUBJECT_ID | Attach discovery responses plus signed VC-JWT and SD-JWT verification output. | Do not claim production credential signing is fully proven for a tenant. |
| Evidence file controls proofmutates production | NEXT_PUBLIC_SUPABASE_URL; NEXT_PUBLIC_SUPABASE_ANON_KEY; THESMIOS_AUTH_SMOKE_PASSWORD; THESMIOS_TEST_SUBJECT_ID; THESMIOS_TEST_CREDENTIAL_ID; PLATFORM_JOB_RUNNER_SECRET | Attach clean, suspicious, infected, quarantine, and retention proof output. | Private beta can use the policy scanner, but enterprise file-control proof remains incomplete. |
| Audit export package proofmutates production | NEXT_PUBLIC_SUPABASE_URL; NEXT_PUBLIC_SUPABASE_ANON_KEY; THESMIOS_AUTH_SMOKE_PASSWORD; PLATFORM_JOB_RUNNER_SECRET | Attach denied-access, queued-job, generated-package, and signed-download output. | Do not claim buyer audit export evidence is proven on production data. |
| Privacy and data-rights proofmutates production | NEXT_PUBLIC_SUPABASE_URL; NEXT_PUBLIC_SUPABASE_ANON_KEY; THESMIOS_AUTH_SMOKE_PASSWORD | Attach scoped export, access/export request, erasure request, and fulfilment decision output. | Do not treat DSAR and erasure fulfilment evidence as customer-accepted. |
| Support and status notification proofmutates production | RESEND_API_KEY; STATUS_BROADCAST_SECRET; THESMIOS_NOTIFICATION_TEST_EMAIL | Attach subscriber intake, dry-run broadcast, and controlled test-recipient delivery output. | Keep support/status email as dry-run evidence and use manual customer communication for launch. |
| Stripe self-serve billing proofread only | STRIPE_SECRET_KEY; STRIPE_WEBHOOK_SECRET; STRIPE_PRICE_REPORT; STRIPE_PRICE_MONITORING | Attach unsigned rejection, tampered rejection, and signed fixture event acceptance output. | Do not enable self-serve checkout; keep paid beta invoice-only or order-form contracted. |
| SCIM and enterprise SSO proofmutates production | THESMIOS_SCIM_TOKEN; ENTERPRISE_OIDC_ISSUER; ENTERPRISE_OIDC_CLIENT_ID; ENTERPRISE_OIDC_CLIENT_SECRET; SAML_IDP_ENTITY_ID; SAML_IDP_SSO_URL; SAML_IDP_CERTIFICATE | Attach IdP guide, token prefix, user/group create-read-update-deprovision output, and broker config decision. | Sell enterprise SSO/SCIM as managed setup only, not self-serve enterprise provisioning. |
| Customer acceptance evidencemutates production | Signed order form or written approval reference; Customer-approved retention schedule; DPIA/AI governance approval; Subprocessor objection or acceptance decision | Attach signer, accepted stage, scoped exclusions, evidence references, and external approval reference. | Do not mark a tenant as live even if public platform checks pass. |
Boundary
This pack proves the path. It does not replace actual evidence.
Secrets, fixture runs, sender verification, Stripe setup, enterprise IdP setup, and customer signatures stay required. The value is that every blocker has an owner, command, acceptance artifact, and explicit fallback.