RaveFocus launch control

Current launch blocker action sheet

This is the shortest owner/admin path from today's blocked state to the next verifiable launch step.

not ready for worker launch launch status
0/15 worker Lists found
0/7 Premium IDs
0/9 flow IDs
52 missing ID rows
5 preflight blockers
0 retry failed steps
Do next: Use a RaveFocus-owned Graph app registration or tenant-owned PnP ClientId, then retry only task requests.

Top blocker: SharePoint List creation permission is still required: Azure CLI cannot request Sites.Manage.All directly; use a RaveFocus-owned app registration or PnP consent path

Sign-in refresh proof: outputs/microsoft-signin-refresh-runbook.html

Retry proof: outputs/microsoft-retry-check-report.html

Consent URL: https://login.microsoftonline.com/ravefocus.onmicrosoft.com/adminconsent?client_id=31359c7f-bd7e-475c-86db-fdb8c937548e

PnP app ID: 31359c7f-bd7e-475c-86db-fdb8c937548e

Graph List proof: outputs/sharepoint-graph-list-creation-report.html

Graph permission path proof: outputs/sharepoint-graph-permission-path-report.html

Graph token finding: token is missing Sites.Manage.All, which Microsoft Graph requires to create SharePoint Lists

Recommended permission path: Azure CLI cannot request Sites.Manage.All directly; use a RaveFocus-owned app registration or PnP consent path

Action Order

#LaneStatusActionLink / commandProof neededStop if
1 microsoft sign-in
tenant admin / owner
ready Refresh the Microsoft/Azure tenant session with the guarded helper, then rerun the retry check before admin consent or List creation. npm.cmd run reauth:microsoft -- -Apply -RunRetryAfter outputs/microsoft-signin-refresh-runbook.html and outputs/microsoft-retry-check-report.html show Graph token probe passed and zero failed retry steps. The tenant is not ravefocus.onmicrosoft.com, the account is not tenant admin/owner, Azure CLI is not signed in, or the helper requests sensitive info.
2 sharepoint permission
tenant admin / owner
blocked: admin consent required Approve the PnP SharePoint admin consent request for the RaveFocus tenant, or use the tenant-owned PnP ClientId path in the admin consent runbook if the legacy app ID is not installed. https://login.microsoftonline.com/ravefocus.onmicrosoft.com/adminconsent?client_id=31359c7f-bd7e-475c-86db-fdb8c937548e The next task requests retry no longer returns AADSTS700016 and the task requests List is created or already exists. The consent screen is not for the listed PnP app ID, the tenant is not ravefocus.onmicrosoft.com, you are not the tenant admin/owner, or the Microsoft retry check still has failed steps.
3 graph list permission
tenant admin / owner
blocked: Graph create returned 403 Use the Azure/Graph List creator only with a token that has Microsoft Graph Sites.Manage.All or Sites.ReadWrite.All. Because Azure CLI cannot request Sites.Manage.All directly here, prefer the RaveFocus-owned app-token path or PnP consent path in the admin runbook. npm.cmd run bootstrap:sharepoint-graph-app -- -Apply outputs/sharepoint-graph-permission-path-report.html shows an approved token path, then outputs/sharepoint-graph-list-creation-report.html shows task requests was created or already existed with zero Graph errors. The report still shows 403 Forbidden, the tenant/account is wrong, or the command would create more than the scoped task requests List.
4 safe first retry
admin
blocked: admin consent still required Retry only the task requests List. Do not create every List until this first retry succeeds. powershell -NoProfile -ExecutionPolicy Bypass -File launch\create-sharepoint-lists-from-templates.ps1 -ListName "task requests" -AuthMode DeviceLogin -Tenant ravefocus.onmicrosoft.com -Apply outputs/sharepoint-first-list-apply-attempt.html shows task requests completed, then outputs/sharepoint-after-consent-unblock.csv updates. The retry still says admin consent required or task requests is not created correctly.
5 sharepoint lists/forms
admin
0/15 worker Lists found Create worker-facing Lists first, verify every NewForm URL, then sync IDs. outputs/sharepoint-list-build-order.html live form verification CSV, SharePoint ID sync report, and Microsoft ID reconciliation report update from missing to synced. Any worker-facing List or NewForm URL is missing.
6 planner premium
admin / Jupiter
0/7 Premium IDs captured Create the seven Planner Premium plans and capture actual Premium plan IDs/URLs without replacing dispatch IDs. outputs/planner-premium-owner-action-sheet.html Planner Premium post-setup shows 7/7 Premium IDs and URLs captured. A Premium plan is missing, fields are wrong, or website dispatch task IDs would be replaced.
7 power automate
admin
0/9 flow IDs captured Build the nine proof-safe Power Automate flows after SharePoint Lists exist. outputs/power-automate-owner-action-sheet.html Power Automate post-setup shows 9/9 flow IDs and tested run proof links captured. A trigger List does not exist or a flow would expose private records.
8 auth + worker privacy
admin
prepared; not enforced Keep auth prepared but not enforced until Lists, IDs, flows, and role assignments are ready for testing. outputs/auth-owner-action-sheet.html Worker account can access worker areas only; admin can access setup evidence; signed-out user cannot access operational data. Workers can see admin-only outputs, private records, or another worker's profile/task information.

Guardrails