RaveFocus Microsoft launch

Live setup execution checklist

This is the ordered run sheet for finishing SharePoint Lists, Planner compatibility, Planner Premium oversight, flows, auth, and worker launch without exposing private records.

not ready for worker launch status
32 SharePoint Lists
15 worker-facing Lists
1700 Planner tasks
167 Planner buckets
7 Premium plans
9 flows
4 blocked gates
Launch guard: no workers, forms-live mode, protected auth switch, or pay workflow launch until final preflight has zero blocked gates.

Execution Order

#stage / ownercurrent statusdo thiscommand/linkproof requiredlaunch gatestop if
1 refresh Microsoft sign-in
tenant admin / owner
not ready for worker launch Refresh Microsoft/Azure sign-in for the RaveFocus tenant with the guarded helper before admin consent or List creation. The helper can rerun the Microsoft retry check after the Graph token probe passes. npm.cmd run reauth:microsoft -- -Apply -RunRetryAfter outputs/microsoft-signin-refresh-runbook.html shows the Graph token probe passed and outputs/microsoft-retry-check-report.html shows zero failed retry steps with no InteractionRequired or TokenIssuedBeforeRevocationTimestamp response.
outputs/microsoft-signin-refresh-runbook.html
blocked until Microsoft session is fresh The retry report still shows failed steps, the account is not the tenant admin/owner, or the tenant is not ravefocus.onmicrosoft.com.
2 approve sharepoint admin consent
tenant admin / owner
admin consent required for PnP SharePoint connection Approve the PnP SharePoint app consent for the RaveFocus tenant before creating Lists. https://login.microsoftonline.com/ravefocus.onmicrosoft.com/adminconsent?client_id=31359c7f-bd7e-475c-86db-fdb8c937548e The task requests retry stops returning AADSTS700016.
outputs/sharepoint-admin-consent-runbook.html
blocked until consent is approved Tenant, app ID, or account does not match the blocker sheet.
3 create one safe test List
admin
15/15 worker Lists found Create or verify only the task requests List first, then inspect its columns and NewForm URL. powershell -NoProfile -ExecutionPolicy Bypass -File launch\create-sharepoint-lists-from-templates.ps1 -ListName "task requests" -AuthMode DeviceLogin -Tenant ravefocus.onmicrosoft.com -Apply task requests exists with the expected columns and NewForm URL.
outputs/sharepoint-first-list-apply-attempt.html
do not bulk-create Lists until this passes The first List is missing, malformed, or still blocked by consent.
4 create worker-facing Lists
admin
15 worker-facing Lists mapped Create worker-facing Lists before support/admin Lists so forms can be tested without exposing admin-only records. outputs/sharepoint-list-build-order.html 15/15 worker-facing Lists exist and every NewForm URL opens.
outputs/sharepoint-live-form-verification.csv
forms stay draft-safe until all worker Lists pass Any worker form List, URL, or required proof column is missing.
5 create support and admin Lists
admin / Jupiter
17 support/admin Lists mapped Create the support/admin Lists for storage, approvals, analytics, proof review, pay review, guides, emoji key, and safe CRM indexes. outputs/sharepoint-manual-import-index.html 32/32 Lists exist and the Microsoft ID capture template has actual URLs/IDs.
outputs/microsoft-id-capture-filled.csv
worker launch stays blocked until List IDs reconcile Any admin/support List would expose private records to workers.
6 sync website form mappings
admin
15 worker forms mapped Run live form verification, sync SharePoint IDs, then reconcile missing Microsoft IDs. npm.cmd run postsetup:sharepoint-report SharePoint ID sync and Microsoft ID reconciliation show no missing worker List rows.
outputs/sharepoint-id-sync-report.html
do not run forms:live until reconciliation passes Any website form still points to draft/sample mode.
7 confirm Planner dispatch IDs
admin
1700 tasks / 167 buckets / 0 duplicate bucket IDs Keep the existing Planner dispatch task and bucket IDs as the website compatibility layer. outputs/planner-id-directory.html Task directory remains at 1,700 tasks with no duplicate bucket IDs and no accidental Premium-ID replacement.
outputs/planner-id-directory.html
do not replace dispatch IDs with Premium IDs Planner visibility shows the wrong account, missing plans, or duplicate IDs.
8 create Planner Premium oversight
admin / Jupiter
7 Premium plans and 15 custom fields planned Create the seven Plan 3/Premium oversight plans, apply the field pool, and capture actual IDs/URLs. outputs/planner-premium-owner-action-sheet.html Planner Premium post-setup captures 7/7 Premium IDs and URLs.
outputs/planner-premium-post-setup-pipeline.html
Premium is oversight; dispatch IDs stay preserved A Premium plan is missing or would replace website dispatch task IDs.
9 build proof-safe flows
admin
9 Power Automate flows planned Build the nine flows after Lists exist so proof, approvals, corrections, and pay review move safely. outputs/power-automate-owner-action-sheet.html Power Automate post-setup captures 9/9 flow IDs and test-run proof.
outputs/power-automate-post-setup-pipeline.html
flows stay blocked until trigger Lists exist A flow would expose passwords, private records, payment details, ID photos, or recovery information.
10 lock auth and privacy
admin
prepared; not enforced Assign roles, switch Static Web Apps auth only after setup IDs pass, and test worker/admin privacy boundaries. outputs/auth-owner-action-sheet.html Worker sees only their allowed areas; admin sees setup evidence; signed-out access is blocked.
outputs/auth-go-live-checklist.html
do not invite workers before auth tests pass Workers can see another worker profile, admin proofs, private records, or pay data.
11 deploy and verify live site
admin
waiting for Azure login After Azure sign-in, run the authenticated live launch attempt to deploy the current package, verify the hosted site, and refresh Microsoft launch evidence. npm.cmd run attempt:authenticated-live authenticated-live-launch-attempt.html shows deploy and live verification passed, or names the exact failed step.
outputs/authenticated-live-launch-attempt.html
site publish must match the verified local package Azure login is missing, live verification fails, or the hosted site serves old setup artifacts.
12 bind custom domains
domain owner / admin
custom domains verified - SharePoint Lists/forms/auth still pending Keep the verified workers.ravefocus.com and creators.ravefocus.com DNS records as-is and use the saved proof when reviewing launch readiness. outputs/godaddy-dns-owner-action-sheet.html Azure custom-domain validation is complete, GoDaddy DNS records match the owner action sheet/runbook, and both custom domains open without certificate or routing errors.
outputs/godaddy-dns-owner-action-sheet.html
custom domain proof is satisfied; do not treat this as the remaining launch blocker A later DNS or Azure route check stops opening the intended worker/creator areas.
13 final preflight and launch
admin / Jupiter
4 blocked gates Run the final preflight, then switch forms live and invite workers only if every gate passes. npm.cmd run preflight:final Final preflight has zero blocked gates and launch readiness says ready for worker launch.
outputs/final-go-live-preflight.html
worker launch only after zero blocked gates Any SharePoint, Planner, flow, auth, or privacy gate is still blocked.

Guardrails