Sam redirected the work away from a broad onboarding blitz and toward a single practical priority: Joe needs visibility to access, credentials, account relationships, and Litify spend data. The work shifted from analysis to cleaning up the root onboarding runbook so it gives Joe verified direction without advice language or guesses.
Replaced the root Google Doc _README - Joe CMO Onboarding Reference.md with Joe CMO Access and Direction Runbook. The runbook now records Joe's canonical identity, credential source locations, system-by-system access status, active account and vendor relationships, Litify reporting direction, compiled spend totals, and in-flight/unconfirmed access facts.
Added compiled Litify spend tabs to the existing Google Sheet 00 - 2026 Marketing Budget Sheet.xlsx in 05_Budgeting_and_Spend. Tabs added: Litify Spend Summary, Litify 2026 Lines, Litify Monthly Totals, Litify YTD by Source, Litify YTD by Type, and Litify Top Descriptions.
Live Litify verification used LITIFY_ORG. Joe's Salesforce user is active as jchoniski@demandsam.com, profile Litify Marketing User, with 27 permission assignments. The spend source object is litify_mktgROI__Monthly_Marketing_Spend__c; all-time compiled spend was verified at 1,028 records and $5,565,787.09. 2026 YTD spend was verified at 126 records and $636,797.86.
The runbook deliberately does not copy raw passwords, API keys, private keys, SSH values, database values, or recovery codes. It points Joe to the sensitive credential source docs in 04_Access_and_Credentials and records the access route, owner surface, and verified status.
Tried creating a new companion Google Sheet for the compiled Litify spend export in 05_Budgeting_and_Spend. The service-account Drive path failed because the account's Drive quota is exceeded. The workaround was better anyway: add the compiled Litify tabs to the existing 2026 marketing budget workbook, which succeeded.
A first run of the runbook write stopped before writing because the local secret scanner was too broad and treated long Google/Notion IDs as possible secrets. The scanner was tightened to target real secret patterns, then the Docs API write succeeded.
Kept raw credential values out of the runbook body. The existing credential source docs already contain direct login and vault references; duplicating those values into a broad orientation doc would create another loose credential surface. The runbook therefore gives direction and source locations, which matches Sam's instruction to give Joe access and direction without guessing.
Used the existing 2026 marketing budget workbook for the compiled spend data. That avoids another file, keeps budget and actual spend together, and bypasses the service-account quota issue.
Preserved unresolved access facts as factual status lines rather than instructions. RingCentral, Google Ads, Meta, WordPress/Cloudways, Canva, Slack, password-manager tooling, and budget-by-vendor placeholders are all marked with their evidence status instead of being turned into advice.
Google Doc updated: https://docs.google.com/document/d/1KwqgTE8eEOiQEKh0es4_O5-1asGCYMWzbkvq2XWBuVg/edit?usp=drivesdk
Google Sheet updated: https://docs.google.com/spreadsheets/d/1YMKnqpn6LcAiX88fOGxFYXXhw_whbFtYmhGTe4wLvWo/edit
Root onboarding folder: https://drive.google.com/drive/folders/1DLj6xtZKMPVbpYHQcqbQ2gXjNn-Rac75
Important Drive paths referenced in the runbook: 04_Access_and_Credentials, 01_Runbook / Marketing Contacts - Active.csv, 05_Budgeting_and_Spend, 11_Litify_and_CRM, and 99_Tooling_and_API_Reference.
No local project files were edited in this session. git status --short showed a dirty tree that pre-existed this work; those unrelated changes were left untouched.