> ## Documentation Index > Fetch the complete documentation index at: https://specs.flux.employinc.io/llms.txt > Use this file to discover all available pages before exploring further. # M1: Paychex Pilot Launch # M1: Paychex Pilot Launch **Status**: ACTIVE **Target**: 2026-04-30 **Owner**: @pj **Design spec**: [`docs/superpowers/specs/2026-04-17-paychex-pilot-release-design.md`](../../superpowers/specs/2026-04-17-paychex-pilot-release-design.md) **Absorbs**: `docs/roadmap/paychex-go-live-dod.md` (PR #307) — close with pointer to this doc + Cycle 364 when merged. *** ## What the Pilot Is One Paychex customer completes the full Flux hiring flow end-to-end on 2026-04-30. The pilot is single-digit tenants — demo-quality polish on the golden path, production-quality durability on the 6-step steel thread, intentionally narrower than general-availability scope. The pilot is **not** a full product launch. It is the first real-world test of the platform against a paying partnership, with pre-declared cut-lines so we ship credibly even if deep-integration components slip. *** ## Steel Thread The 6 steps every pilot employer executes: | # | Step | Floor (guaranteed) | Stretch (cuttable via cut-lines below) | | - | -------------------------------------- | ------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------ | | 1 | Employer signs up (Paychex customer) | Clerk signup + Paychex-branded login | Paychex SSO (HC-10) — explicitly out | | 2 | Create job conversationally | AI intake → JD generated + approved → persisted | — | | 3 | Post to job boards | Cycle 208 Phase 1: 3-tier architecture + 8 adapters scaffolded + Indeed live + AI tier-selection over live channels | LinkedIn + ZipRecruiter live | | 4 | Candidates apply + receive updates | Portal (Cycle 323.5) + magic-link + Resend email + Bird toll-free transactional SMS (Cycle 323.7) | Full Candidate Agent multi-channel (Wave 3 post-pilot) | | 5 | Schedule interviews | Chat-driven scheduling via Resend + .ics + SMS confirmation | `InterviewSchedulingWorkflow` + Google Calendar | | 6 | Select candidate + hand off to Paychex | Cycle 363 `HirePackage` export — printable sheet + JSON download for manual Paychex entry | Real `PaychexApiGateway` | *** ## Cycles in Scope ### Floor (must ship by 2026-04-30) | Cycle | Title | Wave | Status | | ------------------- | ------------------------------------------------------------------- | ---- | ----------------------------------- | | 205.2 | API Hardening — finish | 1 | In progress | | 208 Phase 1 | Job Distribution Engine — architecture + Indeed live | 2 | Draft | | 217 | Candidate Identity Split | 3 | ✅ Merged (PR #285) | | 323.5 | Candidate Portal (agent-native) | 3 | Draft | | 323.6 | Notification External Delivery — email subset only | 3 | Draft | | **323.7** | **Pilot Transactional SMS Gateway** | 3 | **New (this milestone)** | | 363 | Select for Hire — canonical-first (HC-8) | 4 | Plan merged (PR #364); impl pending | | 209.1 | Staging Operational | 5 | Draft | | 213 | Deploy Hardening | 5 | In progress (PR #225) | | 301.1 | k3d Observability Foundation | 5 | Plan merged (PR #384) | | 301.2 | SLO Alerts & Routing | 5 | Plan merged | | 301.3 | GKE Staging Deployment (observability stack) | 5 | Plan merged | | 382 / 382.1 / 382.2 | Production Environment Bootstrap | 5 | Plan in PR #420 | | **364** | **Paychex Pilot Finishing** (UI, E2E, security, runbooks, Go/No-Go) | 5 | **New (this milestone)** | | **365** | **Pilot Evals Harness** | 5 | **New (this milestone)** | | 221 | Chief Engineer Review System | 6 | ✅ Operating | ### Stretch (ship only if cut-lines green) | Item | Cut-line | Fallback | | ------------------------------------------------ | ---------- | ----------------------------------- | | Real `PaychexApiGateway` (PR #307 §1) | CL-1 | Cycle 363 `HirePackage` export | | LinkedIn Jobs API live | CL-2 | Indeed-only active channel | | `InterviewSchedulingWorkflow` + Calendar gateway | CL-3 | Chat-driven via Resend + .ics + SMS | | Full 10-concurrent session load support | CL-4 | Pin to ≤3 concurrent in runbook | | 211.1 Pricing Integration | capacity | Pilot tenants manually onboarded | | 213 Feature Flags (OpenFeature + Flipt) | capacity | Env-var toggles | | 218 AI Response Feedback (PR #300) | merge only | Not a launch blocker | ### Explicitly Out (post-pilot milestones) | Item | Lands in | | --------------------------------------------------------------------- | ----------------- | | A2P 10DLC SMS cutover | M2 | | Cycle 208 Phase 2 + 3 (Appcast, optimization loop, predictive models) | M3 | | Candidate Match Agent (218.x series) | M4 | | Candidate Agent Multi-Channel GA (323.1–323.4) | M5 | | Dark Factory Autonomous Ops (301.4, 301.5) | M6 | | SOC2 Type I | M7 | | Canonical Schema Platform Part 2 (projections, MCP tools) | Wave 2 post-pilot | | EU AI Act formal conformity assessment | Wave 4 post-pilot | *** ## Phase 1 — Kickoff (Long-Lead Items) Submit on Day 1 of milestone execution. These are external-dependency items with lead times that can stall work if delayed. | Long-lead item | Lead time | Fallback if not ready by end of Phase 2 | | ------------------------------------ | ---------- | ------------------------------------------------------------------------ | | Paychex sandbox OAuth credentials | days–weeks | Auto-triggers CL-1 | | Paychex production OAuth credentials | days–weeks | Pilot ships sandbox-only; production creds land before first real tenant | | Indeed Sponsored Jobs API sandbox | 3–5 days | Indeed XML feed (unpaid, slower approval) | | A2P 10DLC SMS registration | 2–6 weeks | Bird toll-free (24–48h) — ships in pilot; A2P cutover is M2 | | LinkedIn Jobs API (stretch) | 5–10 days | Stays stub; Indeed-only | | Resend domain authentication | 1–3 days | Shared Flux domain (lower deliverability) | **Escalation**: If any long-lead item is not approved within 7 days of submission, escalate to CTO for vendor-level intervention or scope adjustment. *** ## Phase 2 — Parallel Build Six streams, one owner each. No cross-stream blocks. | Stream | Cycles | Exit milestone | | ------------------------------------------- | ---------------------------------------------- | -------------------------------------------------------------------------------------------------------------------- | | **S1. Hiring agent + portal + SMS + email** | 323.5, 323.7, 323.6 email subset, 205.2 finish | Candidate applies via portal; receives email + SMS confirmations; status visible | | **S2. Job distribution** | 208 Phase 1 | Indeed live; 3-tier architecture + 8 adapters scaffolded; AI tier-selection operational | | **S3. Select for Hire + Paychex API** | 363 (impl), `PaychexApiGateway` (PR #307 §1) | Employer hires → real Paychex employee (stretch) OR `HirePackage` export ready (floor) | | **S4. Prod bootstrap + deploy hardening** | 382.1, 382.2, 209.1, 213 | GKE production cluster live; release-branch gating; rollback tested | | **S5. Observability + alerts** | 301.1, 301.2, 301.3 | Dashboards green in staging; alerts routed to on-call (not `/dev/null`); Paychex-specific dashboard live | | **S6. Evals + Paychex pilot finishing** | 365, 364 | Eval harness gating CI; security audit clean; employee data UI shipped; runbooks written; Go/No-Go checklist at 100% | *** ## Phase 3 — Cut-Line Gates Each cut-line is a pre-declared go/no-go checkpoint on its stream's critical-path milestone. Fallback actions are automatic — no re-negotiation mid-flight. | Cut-line | Triggering milestone | Green path | Red path (automatic fallback) | | ----------------------- | ------------------------------------------------------------------------- | --------------------------------- | ---------------------------------------------------------------------------------------------------- | | **CL-1** | S3: `PaychexApiGateway` sandbox E2E round-trip (create → verify → delete) | Real Paychex API in pilot | Cut `PaychexApiGateway`; Cycle 363 `HirePackage` export is the hire-to-payroll handoff | | **CL-2** (stretch only) | S2: LinkedIn sandbox approved AND adapter green | LinkedIn live alongside Indeed | LinkedIn stays stub; AI picks from live channels only | | **CL-3** | S1: `InterviewSchedulingWorkflow` + Calendar gateway E2E green | Temporal-orchestrated interviews | Chat-driven scheduling via Resend + .ics + SMS confirmation | | **CL-4** | S6: 10-concurrent-session load test passes | Pilot serves concurrent employers | Pin pilot to ≤3 concurrent employer sessions; document cap in runbook | | **CL-5** | S6: Security audit CRITICAL/HIGH findings = 0 | Launch proceeds | Launch blocked until CRITICAL/HIGH remediated; non-critical features may defer to post-launch hotfix | *** ## Phase 4 — Integration Burn * All Floor streams merged to `release/paychex-pilot` branch * 72-hour burn-in against GKE staging with synthetic traffic (10 concurrent sessions) * Paychex partner dry-run against sandbox end-to-end * All cut-lines verified (green or fallback active) *** ## Phase 5 — Go-Live Gate Run the Go/No-Go checklist below. Sign-off from CTO + Paychex partnership stakeholder required before promotion. ### Go/No-Go Checklist Absorbs + refines PR #307 §10. Each item has a verifier (person or automated check) and an artifact. #### Code & Integration * [ ] All Floor cycles merged to `release/paychex-pilot` branch * [ ] `make quality-gates` green on the release branch * [ ] Cycle 365 Pilot Evals Harness passes at ≥ 90% aggregate * [ ] Cycle 364 Paychex sandbox E2E tests pass (or cleanly skipped if CL-1 fallback active) * [ ] Cycle 208 Phase 1 smoke test: job created via chat → Indeed posting API called → receipt logged * [ ] Cycle 323.5 smoke test: candidate magic-link auth → portal → chat with agent * [ ] Cycle 323.7 smoke test: application received → SMS sent to test phone → STOP inbound records opt-out * [ ] Cycle 363 smoke test: hire confirmation → HirePackage persisted → (CL-1) real Paychex employee OR (fallback) export sheet generated #### Infrastructure * [ ] GKE production cluster live (Cycle 382.1) * [ ] Release-branch gating active (Cycle 382.1 ADR) * [ ] `make prod-rollback` tested end-to-end in staging (Cycle 213) * [ ] All production secrets in Doppler + synced via ESO * [ ] ArgoCD sync healthy for production namespace * [ ] Database backups verified (Cycle 213); point-in-time recovery tested #### Observability & Alerts * [ ] Paychex pilot Grafana dashboard deployed + green (Cycle 364 §6) * [ ] SLO alerts configured in Alertmanager (Cycle 301.2) * [ ] Alerts route to on-call (not `/dev/null`) * [ ] Synthetic alert tested: simulated failure triggers page * [ ] Tempo distributed tracing verified: request → agent → tool → DB spans linked * [ ] Loki log aggregation verified with structured JSON logs, PII redacted #### Security & Compliance * [ ] Security audit report CRITICAL/HIGH = 0 (Cycle 364 §3) * [ ] PII flow audit clean: no tax ID / bank account / phone in logs beyond last-4 masks * [ ] Clerk auth validated on all employer endpoints; session auth validated on candidate endpoints * [ ] IDOR testing clean: no cross-tenant access * [ ] Secrets audit clean: no hardcoded credentials * [ ] Dependency scan: no HIGH/CRITICAL CVEs without documented mitigation * [ ] SMS TCPA compliance: opt-in captured, STOP handling verified #### Performance * [ ] Load test passes: 10 concurrent employer sessions, 30min sustained (Cycle 364 §4) — OR CL-4 fallback applied * [ ] API P95 \< 200ms (non-LLM paths) * [ ] Chat TTFT P95 \< 1.5s * [ ] Temporal workflow P95 \< 120s #### Documentation & Readiness * [ ] All 4 runbooks published (Cycle 364 §5): incident response, Paychex onboarding failures, SMS deliverability, rollback * [ ] On-call engineer briefed on runbooks; dry-run of incident procedure completed * [ ] Paychex partnership stakeholder dry-run complete (Phase 4 integration burn) #### Human Sign-Off * [ ] CTO approval (Patrick Jean) * [ ] Paychex partnership stakeholder approval * [ ] On-call engineer accepts responsibility for first 72h post-launch *** ## Decisions Made During Design 1. Approach A — "Target with Cut-Lines": aspirational scope in plan, automatic fallbacks for deep-integration pieces. 2. Paychex API in scope; cuttable via CL-1 to Cycle 363 export path. 3. SMS transactional in pilot floor; full agent SMS is post-pilot. 4. Toll-free SMS in pilot; A2P 10DLC is M2. 5. Job distribution ships 3-tier architecture + Indeed live; others scaffolded. 6. Candidate Match Agent entirely out of pilot (Wave 4 / M4). 7. Waves are domain-organized, not release-organized. *** ## Open Follow-Ups * GitHub issues for Cycles 323.7, 364, 365 (per Cycle 381 issue-number IDs). * Close PR #307 with a pointer to this doc + Cycle 364. * Cycle 307 `paychex-go-live-dod.md` absorbed — do not merge as-is. * Numbering collisions flagged in the design spec (§4): follow-up pass post-pilot. *** ## Links * Design spec: [`docs/superpowers/specs/2026-04-17-paychex-pilot-release-design.md`](../../superpowers/specs/2026-04-17-paychex-pilot-release-design.md) * Roadmap overview: [`docs/roadmap/roadmap-overview.md`](../roadmap-overview.md) * Cycle 323.7: [`cycles/cycle323.7-pilot-transactional-sms.md`](../cycles/cycle323.7-pilot-transactional-sms.md) * Cycle 364: [`cycles/cycle364-paychex-pilot-finishing.md`](../cycles/cycle364-paychex-pilot-finishing.md) * Cycle 365: [`cycles/cycle365-pilot-evals-harness.md`](../cycles/cycle365-pilot-evals-harness.md) * Cycle 363: [`cycles/cycle363-select-for-hire.md`](../cycles/cycle363-select-for-hire.md)