coulomb/feature-control
2
0
Fork 0
generated from coulomb/repo-seed
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
fa39883aec537e381ab4e0ef19cf90b51698a23f
feature-control/INTENT.md
tegwick 571e2f7127 feat(bootstrap): finish FEATURE-WP-0001 State Hub integration workstream 
- T01 (Review Generated Integration Files): Reviewed INTENT.md, SCOPE.md, AGENTS.md, .custodian-brief.md. Refined SCOPE.md (removed generic generated placeholder, added repo-specific In/Out Scope, Current State noting completion of WP-0001 and WP-0002, canon alignment). Refined README.md with links to canon-mapping and workplans. Confirmed INTENT and AGENTS already specific.
- T02 (Verify Local Developer Workflow): Confirmed pure-docs repo (no build/test files). Added 'Local Developer Workflow' section to AGENTS.md documenting verification commands (cat/ls for review, hub curls, make fix-consistency from state-hub, progress POSTs) and extension guidance.
- Updated FEATURE-WP-0001 workplan: T01/T02 marked done with detailed notes; frontmatter status set to finished.
- Includes completion of FEATURE-WP-0002 (canon alignment for PRD/UCC, docs/canon-mapping.md + interface card stub, terminology updates with EvaluationScope and ITC mappings).
- Ran make fix-consistency REPO=feature-control after changes (synced hub, set workstreams to finished).

All per AGENTS.md session protocol, workplan instructions, and custodian brief.

Bootstrap workstream now 3/3 complete; no active workstreams remaining.
2026-06-14 21:24:46 +02:00

16 KiB
Executable File
Raw Blame History

feature-control — INTENT

Status: Draft v0.1
Date: 2026-06-14
Owner: feature-control initiative
Repository role: Umbrella repository for feature availability control infrastructure
Primary repo-facing standard: OpenFeature
Terminology alignment: InfoTechCanon-compatible; extends InfoTechCanon where feature availability requires additional precision. See docs/canon-mapping.md (delivered via FEATURE-WP-0002) for detailed mappings, ownership boundaries (consumed ITC-ORG/ACCESS/LAND/GOV vs owned Feature availability control), the EvaluationScope terminology decision, OpenFeature grounding, and proposed canon extensions (Feature as ProducerCapability specialization etc.).

1. Intent

feature-control exists to provide a shared, low-impact, cross-repository infrastructure for controlling feature availability in multi-vendor, multi-tenant, multi-domain software landscapes.

The project enables software systems to ship code independently from feature availability decisions. It allows platform operators, product owners, tenant administrators, SREs, developers, and agent operators to turn features on, off, hidden, visible-disabled, read-only, degraded, variant-controlled, or remotely configured at runtime without redeploying consuming repositories.

In consuming repositories, feature-control should manifest primarily as OpenFeature usage. Repositories should not depend directly on a concrete feature flag backend. They should evaluate feature decisions through OpenFeature SDKs, thin organization-provided wrappers, canonical feature keys, generated constants, and test/local providers.

2. Why this project exists

Modern platform landscapes need to release continuously while controlling what is available to whom, where, and under which operational conditions.

Without a shared feature-control infrastructure, repositories tend to accumulate ad hoc booleans, tenant-specific branches, hidden configuration switches, and poorly documented rollout logic. This leads to hard-coded customer behavior, unnecessary compute consumption, unsafe emergency handling, unclear ownership, and architectural erosion.

feature-control addresses this by introducing a canonical feature availability model, OpenFeature-based repository integration, backend-independent provider architecture, explainable feature decisions, governance rules, lifecycle management, auditability, and operational controls.

The project is intended to help establish good architecture, reduce unnecessary compute usage, and keep feature availability decisions explicit, observable, and reversible.

3. Core stance

feature-control treats feature flagging as one mechanism inside a broader feature availability control plane.

It explicitly distinguishes:

Concern Meaning
Feature availability Whether a feature is effectively enabled, disabled, hidden, degraded, read-only, or variant/config controlled.
Entitlement Whether a tenant, customer, vendor, organization, user, or agent has been granted commercial or administrative access.
Authorization Whether an actor is permitted to perform an operation according to security policy.
Visibility Whether the user interface should show, hide, disable, or expose a feature as preview/upgrade.
Operational control Whether a feature should be disabled, degraded, or rerouted for safety, incident handling, dependency failure, or compute control.

Feature-control may compose signals from entitlement, authorization, policy, and operations, but it must not become the sole authorization system. Security-critical access must still be enforced by backend authorization and policy checks.

4. Scope

The project covers the standards, models, infrastructure, APIs, provider integrations, tooling, and governance needed to control feature availability across repositories and deployments.

In scope

  • Canonical feature terminology and metadata.
  • Feature key naming conventions.
  • OpenFeature-based repository integration guidance.
  • Evaluation context model for multi-scope decisions.
  • Decision model with value, reason, source, and metadata.
  • Scope model for platform, installation, environment, deployment, vendor, tenant, domain, organization, group, user, service, repository, and agent.
  • Backend provider abstraction and adapter strategy.
  • Local/test provider support for low-friction adoption.
  • Runtime evaluation, caching, fallback, and safe defaults.
  • Feature lifecycle governance and stale-flag cleanup.
  • Audit logging for feature changes.
  • Operational kill switches and degraded modes.
  • Compute-control use cases, such as disabling expensive processing paths per tenant or installation.
  • Agent-aware capability availability control.
  • Integration points with InfoTechCanon, IAM, entitlement, policy, observability, and deployment infrastructure.

Out of scope for the first stage

  • Replacing the central authorization system.
  • Replacing product billing, contract management, or entitlement source-of-truth.
  • Requiring all repositories to adopt a custom SDK instead of OpenFeature.
  • Building a full experimentation analytics suite as the first milestone.
  • Treating client-side feature flags as security enforcement.
  • Becoming a generic configuration database for unrelated application settings.
  • Forcing a final backend decision before practical implementation learning has been gathered.

5. Design principles

5.1 OpenFeature first

Repository code should depend on OpenFeature concepts, not a specific vendor or backend. This keeps adoption lightweight and preserves backend reversibility.

5.2 Low impact on consuming repositories

A repository should be able to start with:

  • one dependency or wrapper;
  • a small number of feature evaluations;
  • canonical feature keys;
  • local defaults;
  • test-provider support;
  • no direct dependency on the control-plane backend.

5.3 Explicit decisions, not mysterious booleans

A feature evaluation should be explainable. The decision should make clear what value was returned, why, from which scope, under which context, and with which fallback behavior.

5.4 Separate concerns, compose decisions

Feature availability, entitlement, authorization, visibility, rollout, and operational safety should remain conceptually distinct, even when composed into one effective runtime decision.

5.5 Safe defaults

Every feature must have a safe default. Evaluation failure must be predictable and appropriate for the feature category. Security-sensitive and costly features should usually fail closed.

5.6 Governance without friction

The infrastructure should improve architecture and operations without creating excessive process overhead. Temporary release flags should be easy to create and remove; sensitive production flags should be controlled and audited.

5.7 Compute efficiency as a first-class use case

Feature-control should help systems avoid running capabilities that are not needed, not entitled, not used, not trusted, or temporarily too expensive.

5.8 Agent-aware but security-conscious

Agents, automation actors, and workers are first-class evaluation subjects. Feature-control may gate agent capabilities, but actual tool execution must still be authorized by the relevant security and policy systems.

6. Canonical concepts

Concept Meaning
Feature A named capability, behavior, UI element, workflow path, integration, compute path, or configuration-controlled functional slice.
Feature Key Stable identifier used by code and control plane.
Feature Availability Effective availability state of a feature for a context.
Feature Decision Evaluated result including value, reason, source, and metadata.
Evaluation Context Runtime facts used to evaluate a feature decision.
Scope Level or dimension where a rule or override applies.
Feature Rule Conditional logic that contributes to a feature decision.
Segment Reusable group or condition set for targeting.
Variant Alternative treatment, mode, or value of a feature.
Remote Config Feature-associated value such as threshold, limit, model, provider, or mode.
Kill Switch High-priority operational override to disable or degrade behavior quickly.
Entitlement Commercial, contractual, or administrative grant.
Visibility UI presentation state derived from or related to feature availability.
Agent Non-human actor such as AI agent, automation, bot, worker, or tool-using runtime subject.

7. Expected repository experience

A consuming repository should experience feature-control as a small, predictable integration pattern.

Example developer flow:

  1. Add OpenFeature SDK or organization wrapper.
  2. Import generated feature keys or declare a new key through the canonical process.
  3. Provide a safe default.
  4. Evaluate a feature decision using a context.
  5. Add tests with a local/test provider.
  6. Document feature ownership and lifecycle metadata.
  7. Avoid direct backend-specific calls unless implementing a provider or platform component.

Example pseudo-flow:

Repository code
  -> feature-control wrapper / OpenFeature client
  -> provider
  -> feature-control backend or local evaluator
  -> FeatureDecision
  -> runtime behavior

8. Infrastructure shape

The project may evolve into multiple components, but the umbrella intent remains stable.

Potential components:

Component Purpose
feature-canon Canonical terminology, schemas, naming, and lifecycle rules.
feature-sdk Thin organization wrappers and generated constants around OpenFeature.
feature-provider Provider adapters for selected backends and local/test modes.
feature-control-api Internal management and evaluation APIs.
feature-control-ui Administration UI for platform, vendor, tenant, domain, group, user, and agent scopes.
feature-resolver Decision composition engine for rules, overrides, entitlements, policies, and fallbacks.
feature-audit Append-only audit trail for changes and decisions where required.
feature-sync GitOps import/export and synchronization with repositories.
feature-observe Metrics, evaluation logs, stale-flag detection, and operational insight.

The first implementation may use an existing backend such as Unleash, Flagsmith, flagd, GO Feature Flag, or another OpenFeature-compatible provider. The architecture should remain backend-reversible.

9. Relationship to InfoTechCanon

feature-control should conform to InfoTechCanon terminology where possible and extend it where feature availability requires more precise concepts. The authoritative reference is docs/canon-mapping.md (produced under FEATURE-WP-0002), which contains entity/relationship tables, ownership (e.g. Entitlement/Grant and AuthorizationDecision under ITC-ACCESS; Environment/Deployment/Service/Repository under ITC-LAND; Actor/Agent/Membership under ITC-ORG; Decision/Evidence/ProducerCapability under ITC-GOV + purpose-demand), the qualified EvaluationScope term (to avoid clash with canon producer-scope / ScopePressure), gaps, validation hooks, and extension candidates.

Expected alignment points (see mapping for details + ITC IDs):

  • identity and actor modeling (ITC-ORG Actor/Agent/Person + ITC-ACCESS Subject/Principal);
  • tenant/vendor/organization/community modeling (ITC-ORG + small-saas tenant patterns);
  • access control and authorization terminology (ITC-ACCESS);
  • policy and governance concepts (ITC-GOV, including Purpose, ScopePressure, Decision, Evidence);
  • deployment and installation terminology (ITC-LAND);
  • operational control and observability;
  • canonical data model conventions;
  • task/tag/lifecycle governance (ITC-TASK + TaggingStandard).

Expected extensions (proposed in the mapping for assimilation):

  • feature availability decision model;
  • feature key canon;
  • feature lifecycle taxonomy (on top of Task + Governance);
  • feature evaluation context (OF + canon fact projection);
  • feature visibility semantics (distinct derived concern);
  • rollout and variant semantics (OF-native + governance);
  • agent capability availability controls (ITC-ORG.Agent + ITC-ACCESS);
  • compute-control feature patterns.

Where overlap exists with access control, feature-control should avoid redefining authorization. It should instead describe how authorization and policy signals are referenced, composed, or checked alongside feature availability (per the strong boundaries in the mapping and PRD/UCC FR-7/FR-8).

10. Initial lifecycle model

Every feature should have lifecycle metadata.

Suggested lifecycle states:

proposed
registered
implemented
internal
preview
beta
general-availability
deprecated
sunset
removed

Suggested flag categories:

release
experiment
operational
entitlement
visibility
migration
remote-config
compute-control
agent-capability
compliance

Temporary flags should have an expected removal or review date. Long-lived flags should be explicitly classified and owned.

11. Initial success criteria

The project is successful when:

  1. A repository can adopt feature-control using OpenFeature with minimal code changes.
  2. A feature can be controlled per installation, tenant, group, user, and agent.
  3. A feature decision can explain its value, source, and reason.
  4. Expensive compute paths can be disabled where not needed.
  5. Emergency kill switches can be applied without redeployment.
  6. Feature availability is not confused with authorization.
  7. Feature metadata includes owner, category, lifecycle, and safe default.
  8. Tests can run without a live backend.
  9. Backend choice remains reversible.
  10. The model fits naturally into InfoTechCanon terminology.

12. First milestones

M1 — Canonical model

Create schemas and terminology for feature keys, metadata, evaluation context, decision states, decision reasons, scopes, and lifecycle.

M2 — Repository integration pattern

Define the OpenFeature wrapper pattern, generated constants approach, test-provider pattern, and low-impact adoption guide.

M3 — Backend evaluation spike

Compare Unleash, Flagsmith, flagd, and GO Feature Flag against the canonical model and integration requirements.

M4 — Resolver and decision explanation

Prototype effective decision composition across defaults, scopes, overrides, entitlements, visibility, and operational kill switches.

M5 — Compute-control pilot

Apply feature-control to one expensive or optional background capability and measure reduction in unnecessary work.

M6 — Tenant and agent pilot

Control one tenant-level feature and one agent capability using the shared evaluation context.

13. Open questions

  1. Which backend should be used for the first operational implementation?
  2. Should feature-control own an internal resolver, or initially delegate rule evaluation to an existing backend?
  3. Which feature metadata should be mandatory from day one?
  4. How tightly should entitlement data be integrated into feature decisions?
  5. Which decisions require audit at evaluation time, not only at change time?
  6. How should tenant-admin self-service be bounded?
  7. How should feature keys be namespaced across repos and domains?
  8. How should stale-flag cleanup be enforced?
  9. Which features should fail open, fail closed, or fail degraded?
  10. How should agent capability flags integrate with tool authorization and policy enforcement?

14. Repository documentation set

This repository should initially contain:

INTENT.md
ProductRequirementsDocument.md
UseCaseCatalog.md

Likely next documents:

ArchitectureOverview.md
FeatureContextSchema.md
FeatureDecisionSchema.md
FeatureKeyNamingStandard.md
OpenFeatureIntegrationGuide.md
BackendEvaluation.md
LifecycleAndGovernanceStandard.md
ComputeControlPatterns.md
AgentCapabilityControl.md

15. Stable intent vs evolving scope

The stable intent of feature-control is to provide a shared, low-impact, OpenFeature-based control infrastructure for feature availability across multi-vendor, multi-tenant software landscapes.

The implementation scope may evolve as practical learning accumulates. Backend choice, component boundaries, UI depth, resolver complexity, and entitlement integration are expected to change through experiments and pilots.

The project should preserve the stable intent while allowing the actual scope to adapt.

Reference in New Issue View Git Blame Copy Permalink