Thesmios
DemoLog inTry live demoBook a call

Vendor readiness

External systems that can and cannot be sold.

A B2B launch is only sellable when external dependencies are clear. This pack shows what is ready, what needs fixture proof, what can be handled manually, and which claims must stay out of scope.

Vendor readiness JSONLaunch clearanceProduction proofGap registerIntegrations

7

vendor systems

1

ready

1

configured unproven

2

blocked

Sellable motions

Invoice-led beta can move. Self-serve and broad enterprise stay gated.

Managed private beta and invoice-led paid beta remain possible when the order form, launch room, and customer evidence exclude missing automation. Self-serve checkout and broad enterprise onboarding need the vendor proofs listed below.

sellable with evidence

Managed private beta

Required evidence: Customer launch room acceptance; Signed scope or written pilot approval; Manual support and billing route if email or Stripe are not configured; Explicit exclusion of self-serve and broad enterprise claims

Disallowed claims: Self-serve checkout; Hands-off SSO/SCIM; Direct official-source automation unless keyed and accepted

conditional

Invoice-led paid beta

Required evidence: Signed order form or purchase-order evidence; Tenant billing evidence package; Operator launch proof bundle; Customer acceptance of any manual-fallback vendor boundaries

Disallowed claims: Public checkout; Automated subscription lifecycle; Enterprise identity automation without fixture proof

blocked

Self-serve paid launch

Required evidence: Production Stripe secrets and price IDs; Passing signed webhook fixture; Strict paid readiness with no blockers

Disallowed claims: Buy-now checkout; Card-backed activation; Automated cancellations until Stripe proof passes

blocked

Broad enterprise expansion

Required evidence: Customer IdP setup and SCIM fixture proof; HRIS sandbox credentials and import reconciliation; Official issuer credentials, approvals, consent, and legal basis; Customer DPIA/security approval and residual-risk acceptance

Disallowed claims: Self-serve SAML/OIDC; Automatic HRIS sync; Live official issuer automation without authority-specific approval

Vendor systems

SystemStatusConfiguredProof commandIf missing
Core runtime and trust infrastructureCore runtime - owner: Operatorready3/3 groups configuredTHESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:readinessHealth/readiness JSON, DID/JWKS responses, production seed evidence, and launch proof bundle output.Do not onboard live tenant data until runtime and trust infrastructure are configured.
Support email and status broadcastsSupport - owner: Operatormanual fallback0/1 groups configuredMissing: RESEND_API_KEYSTATUS_BROADCAST_SECRET=<secret> THESMIOS_NOTIFICATION_TEST_EMAIL=<test-email> THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:notification-fixtureStatus subscription/broadcast output, support notification fixture output, and manual follow-up evidence if email is skipped.Keep support email as manual-fallback; do not promise automated notification delivery.
Stripe self-serve billingBilling - owner: Financeblocked0/2 groups configuredMissing: STRIPE_SECRET_KEY, STRIPE_WEBHOOK_SECRET, STRIPE_PRICE_REPORT, STRIPE_PRICE_MONITORINGSTRIPE_WEBHOOK_SECRET=<webhook-secret> THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:stripe-fixtureUnsigned webhook rejection, tampered signature rejection, and signed fixture event acceptance.Sell invoice/order-form paid beta only; keep checkout disabled or setup-required.
Enterprise SSO and SCIM provisioningEnterprise identity - owner: Enterpriseblocked0/3 groups configuredMissing: ENTERPRISE_OIDC_ISSUER, ENTERPRISE_OIDC_CLIENT_ID, ENTERPRISE_OIDC_CLIENT_SECRET, SAML_IDP_ENTITY_ID, SAML_IDP_SSO_URL, SAML_IDP_CERTIFICATE, THESMIOS_SCIM_TOKENTHESMIOS_SMOKE_URL=https://www.thesmios.com THESMIOS_SCIM_TOKEN=<tenant-token> npm run check:scim-fixtureIdP setup guide, tenant token prefix, SCIM create/read/update/deprovision output, and SSO broker decision.Keep enterprise SSO/SCIM out of self-serve scope; require managed implementation and customer approval.
HRIS source connectorsEmployer system - owner: Customermanual fallback0/2 groups configuredMissing: WORKDAY_REST_BASE_URL, WORKDAY_ACCESS_TOKEN, BAMBOOHR_COMPANY_DOMAIN, BAMBOOHR_API_KEYTHESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:auth-apiCustomer sandbox import output, identifier reconciliation, and tenant launch dossier references.Do not sell automated HRIS sync as live; scope a manual or managed-import workflow.
Official issuer connectorsOfficial issuer - owner: Securitymanual fallback1/5 groups configuredMissing: HOME_OFFICE_RTW_API_KEY, UKVI_RIGHT_TO_WORK_API_KEY, DBS_UPDATE_SERVICE_API_URL, DBS_UPDATE_SERVICE_API_KEY, EVERIFY_WEB_SERVICES_BASE_URL, EVERIFY_COMPANY_ID, EVERIFY_USERNAME, EVERIFY_PASSWORD, EVERIFY_CLIENT_CERT, EVERIFY_CLIENT_KEY, EVERIFY_INTEGRATION_APPROVED=trueTHESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:issuer-fixtureIssuer fixture output plus authority-specific credential, consent, legal basis, and first customer lookup evidence.Use manual evidence, uploaded documents, or share-code capture; do not claim direct official-source automation.
Evidence scanning, audit export, and data-rights fixturesEvidence operations - owner: Operatorconfigured unproven1/2 groups configuredMissing: THESMIOS_AUTH_SMOKE_PASSWORD, THESMIOS_TEST_SUBJECT_ID, THESMIOS_TEST_CREDENTIAL_IDTHESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:evidence-fixture && THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:audit-export-fixture && THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:privacy-fixtureEvidence, audit-export, and privacy fixture output references recorded against the tenant launch room.Treat evidence operations as managed-beta controls only; do not mark paid-beta fixture evidence accepted.

Proof commands

Vendor readiness belongs in the launch proof bundle.

These commands produce evidence that can be attached to a buyer launch room without exposing secret values.

Vendor readiness smoke

Public vendor readiness page and JSON endpoint are deployed and complete.

THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:vendor-readiness

Operator env preflight

Local operator shell has usable vendor, fixture, and launch variables without printing secret values.

npm run check:operator-env -- --env-file /tmp/operator.env --seed --include-fixtures

Strict launch proof bundle

Every public, authenticated, vendor, enterprise, and mutating fixture proof passes or blocks paid launch.

THESMIOS_SMOKE_URL=https://www.thesmios.com npm run check:launch-proof-bundle -- --include-fixtures --strict --env-file /tmp/thesmios-auth-smoke.env

Boundaries

Public-safe vendor evidence, not a secret dump.

This pack reports environment variable names and readiness states only; it never exposes secret values.
Configured means a dependency appears present in the running environment; accepted means the matching fixture or customer evidence is attached.
Manual fallback is sellable only when the order form and launch room explicitly exclude the automated claim.
Enterprise and official-issuer claims require customer-specific approvals, credentials, consent, and fixture evidence.
/api/product/production-proof
/api/product/launch-clearance
/api/product/managed-beta-readiness
/api/product/provisioning-guides
/api/platform/billing-evidence
/api/platform/external-evidence
/api/platform/fixture-evidence
/api/platform/support-communications
Vendor Readiness — Thesmios