RaveFocus Microsoft launch
Live setup execution checklist
This is the ordered run sheet for finishing SharePoint Lists, Planner compatibility, Planner Premium oversight, flows, auth, and worker launch without exposing private records.
not ready for worker launch status
32 SharePoint Lists
15 worker-facing Lists
1700 Planner tasks
167 Planner buckets
7 Premium plans
9 flows
4 blocked gates
Launch guard: no workers, forms-live mode, protected auth switch, or pay workflow launch until final preflight has zero blocked gates.
Execution Order
| # | stage / owner | current status | do this | command/link | proof required | launch gate | stop if |
|---|---|---|---|---|---|---|---|
| 1 | refresh Microsoft sign-in tenant admin / owner |
not ready for worker launch | Refresh Microsoft/Azure sign-in for the RaveFocus tenant with the guarded helper before admin consent or List creation. The helper can rerun the Microsoft retry check after the Graph token probe passes. | npm.cmd run reauth:microsoft -- -Apply -RunRetryAfter |
outputs/microsoft-signin-refresh-runbook.html shows the Graph token probe passed and outputs/microsoft-retry-check-report.html shows zero failed retry steps with no InteractionRequired or TokenIssuedBeforeRevocationTimestamp response. outputs/microsoft-signin-refresh-runbook.html |
blocked until Microsoft session is fresh | The retry report still shows failed steps, the account is not the tenant admin/owner, or the tenant is not ravefocus.onmicrosoft.com. |
| 2 | approve sharepoint admin consent tenant admin / owner |
admin consent required for PnP SharePoint connection | Approve the PnP SharePoint app consent for the RaveFocus tenant before creating Lists. | https://login.microsoftonline.com/ravefocus.onmicrosoft.com/adminconsent?client_id=31359c7f-bd7e-475c-86db-fdb8c937548e |
The task requests retry stops returning AADSTS700016. outputs/sharepoint-admin-consent-runbook.html |
blocked until consent is approved | Tenant, app ID, or account does not match the blocker sheet. |
| 3 | create one safe test List admin |
15/15 worker Lists found | Create or verify only the task requests List first, then inspect its columns and NewForm URL. | powershell -NoProfile -ExecutionPolicy Bypass -File launch\create-sharepoint-lists-from-templates.ps1 -ListName "task requests" -AuthMode DeviceLogin -Tenant ravefocus.onmicrosoft.com -Apply |
task requests exists with the expected columns and NewForm URL. outputs/sharepoint-first-list-apply-attempt.html |
do not bulk-create Lists until this passes | The first List is missing, malformed, or still blocked by consent. |
| 4 | create worker-facing Lists admin |
15 worker-facing Lists mapped | Create worker-facing Lists before support/admin Lists so forms can be tested without exposing admin-only records. | outputs/sharepoint-list-build-order.html |
15/15 worker-facing Lists exist and every NewForm URL opens. outputs/sharepoint-live-form-verification.csv |
forms stay draft-safe until all worker Lists pass | Any worker form List, URL, or required proof column is missing. |
| 5 | create support and admin Lists admin / Jupiter |
17 support/admin Lists mapped | Create the support/admin Lists for storage, approvals, analytics, proof review, pay review, guides, emoji key, and safe CRM indexes. | outputs/sharepoint-manual-import-index.html |
32/32 Lists exist and the Microsoft ID capture template has actual URLs/IDs. outputs/microsoft-id-capture-filled.csv |
worker launch stays blocked until List IDs reconcile | Any admin/support List would expose private records to workers. |
| 6 | sync website form mappings admin |
15 worker forms mapped | Run live form verification, sync SharePoint IDs, then reconcile missing Microsoft IDs. | npm.cmd run postsetup:sharepoint-report |
SharePoint ID sync and Microsoft ID reconciliation show no missing worker List rows. outputs/sharepoint-id-sync-report.html |
do not run forms:live until reconciliation passes | Any website form still points to draft/sample mode. |
| 7 | confirm Planner dispatch IDs admin |
1700 tasks / 167 buckets / 0 duplicate bucket IDs | Keep the existing Planner dispatch task and bucket IDs as the website compatibility layer. | outputs/planner-id-directory.html |
Task directory remains at 1,700 tasks with no duplicate bucket IDs and no accidental Premium-ID replacement. outputs/planner-id-directory.html |
do not replace dispatch IDs with Premium IDs | Planner visibility shows the wrong account, missing plans, or duplicate IDs. |
| 8 | create Planner Premium oversight admin / Jupiter |
7 Premium plans and 15 custom fields planned | Create the seven Plan 3/Premium oversight plans, apply the field pool, and capture actual IDs/URLs. | outputs/planner-premium-owner-action-sheet.html |
Planner Premium post-setup captures 7/7 Premium IDs and URLs. outputs/planner-premium-post-setup-pipeline.html |
Premium is oversight; dispatch IDs stay preserved | A Premium plan is missing or would replace website dispatch task IDs. |
| 9 | build proof-safe flows admin |
9 Power Automate flows planned | Build the nine flows after Lists exist so proof, approvals, corrections, and pay review move safely. | outputs/power-automate-owner-action-sheet.html |
Power Automate post-setup captures 9/9 flow IDs and test-run proof. outputs/power-automate-post-setup-pipeline.html |
flows stay blocked until trigger Lists exist | A flow would expose passwords, private records, payment details, ID photos, or recovery information. |
| 10 | lock auth and privacy admin |
prepared; not enforced | Assign roles, switch Static Web Apps auth only after setup IDs pass, and test worker/admin privacy boundaries. | outputs/auth-owner-action-sheet.html |
Worker sees only their allowed areas; admin sees setup evidence; signed-out access is blocked. outputs/auth-go-live-checklist.html |
do not invite workers before auth tests pass | Workers can see another worker profile, admin proofs, private records, or pay data. |
| 11 | deploy and verify live site admin |
waiting for Azure login | After Azure sign-in, run the authenticated live launch attempt to deploy the current package, verify the hosted site, and refresh Microsoft launch evidence. | npm.cmd run attempt:authenticated-live |
authenticated-live-launch-attempt.html shows deploy and live verification passed, or names the exact failed step. outputs/authenticated-live-launch-attempt.html |
site publish must match the verified local package | Azure login is missing, live verification fails, or the hosted site serves old setup artifacts. |
| 12 | bind custom domains domain owner / admin |
custom domains verified - SharePoint Lists/forms/auth still pending | Keep the verified workers.ravefocus.com and creators.ravefocus.com DNS records as-is and use the saved proof when reviewing launch readiness. | outputs/godaddy-dns-owner-action-sheet.html |
Azure custom-domain validation is complete, GoDaddy DNS records match the owner action sheet/runbook, and both custom domains open without certificate or routing errors. outputs/godaddy-dns-owner-action-sheet.html |
custom domain proof is satisfied; do not treat this as the remaining launch blocker | A later DNS or Azure route check stops opening the intended worker/creator areas. |
| 13 | final preflight and launch admin / Jupiter |
4 blocked gates | Run the final preflight, then switch forms live and invite workers only if every gate passes. | npm.cmd run preflight:final |
Final preflight has zero blocked gates and launch readiness says ready for worker launch. outputs/final-go-live-preflight.html |
worker launch only after zero blocked gates | Any SharePoint, Planner, flow, auth, or privacy gate is still blocked. |
Guardrails
- do not switch forms live until final preflight has zero blocked gates
- do not invite workers while worker-facing Lists are missing
- do not replace preserved Planner dispatch task IDs with Premium plan IDs
- capture setup metadata only; no passwords, payment data, private records, ID photos, recovery codes, or payout settings
- no proof = no payout; no assigned task = not payable