Skip to content

Feature Flags Architect

Engineering - POWERFUL feature-flags-architect Source

Install: claude /plugin install engineering-advanced-skills

End-to-end discipline for feature flags: classify them, ship them, ramp them, and retire them. Most teams treat flags as throwaway if-statements; this skill treats them as a controlled lifecycle with measurable debt.

When to use

  • Adding a new flag and need a rollout plan
  • Auditing a codebase for stale or orphaned flags
  • Choosing a flag provider (LaunchDarkly vs GrowthBook vs Statsig vs Unleash vs Flipt vs build-your-own)
  • Designing a kill-switch path for a risky launch
  • Cleaning up flag debt before a release freeze
  • Reviewing whether a feature should ship behind a flag at all

Core principle: flags are a lifecycle, not an if

request → design → ship → ramp → cleanup → archive

Flags that skip cleanup become debt: dead branches, stale defaults, untested code paths, unbounded blast radius. The three scripts in this skill enforce the lifecycle.

Quick start

# 1. Audit the repo for flag debt
python scripts/flag_debt_scanner.py --repo . --max-age-days 90

# 2. Plan a progressive rollout for a new flag
python scripts/rollout_planner.py --population 100000 --target-percent 100 --duration-days 14 --strategy ring

# 3. Verify every flag has a documented kill switch
python scripts/kill_switch_audit.py --repo . --flag-doc docs/feature-flags.md

The 4 flag types (taxonomy)

Different flag types have different lifespans and ownership. Misclassifying creates debt.

Type Purpose Typical lifespan Owner Cleanup trigger
Release Hide unfinished features in production days–weeks Eng 100% rollout reached
Experiment A/B test variants weeks Product/Marketing Test concluded; winner picked
Operational Circuit breakers, perf toggles, kill switches months–years Eng/SRE Replaced by autoscaling/feature retirement
Permission Entitlements per user/account/plan years (permanent) Product Plan/role removed

Only Release and Experiment flags should be on a debt-scanner watchlist. Operational and Permission flags are by design long-lived. See references/flag_taxonomy.md for decision tree.

The 3 Python tools

All three are stdlib-only. Run with --help.

flag_debt_scanner.py

Finds flags older than --max-age-days with low usage, suggesting candidates for cleanup.

python scripts/flag_debt_scanner.py --repo . --max-age-days 90 --format text
python scripts/flag_debt_scanner.py --repo . --max-age-days 60 --format json > debt.json

Detection heuristic: 1. Walk --repo for code references matching common flag-call patterns: - flag("..."), isFlagEnabled("..."), featureFlag("..."), getFlag("...") - client.variation("...", ...), unleash.isEnabled("..."), growthbook.feature("...") 2. For each unique flag identifier, find the oldest commit that introduced it (git log --diff-filter=A -S <name>). 3. Flag as DEBT if introduced > --max-age-days ago AND used in ≤--min-uses places.

Outputs flag name, age in days, file references, suggested action. JSON mode is CI-friendly.

rollout_planner.py

Generates a phased rollout schedule from population size, target percent, duration, and strategy.

python scripts/rollout_planner.py --population 100000 --target-percent 100 --duration-days 14 --strategy ring
python scripts/rollout_planner.py --population 50000 --target-percent 25 --duration-days 7 --strategy linear
python scripts/rollout_planner.py --population 1000000 --target-percent 100 --duration-days 30 --strategy log

Strategies: - ring: 1% → 5% → 25% → 50% → 100%, evenly spaced. Default for risky launches. - linear: constant rate per day. Default for medium-risk. - log: rapid early, slow tail. Default for low-risk launches with confidence. - cohort: by named cohort (internal → beta → free → paid → all).

Outputs a markdown table with date, percent, expected user count, abort criteria, and verification step per phase.

kill_switch_audit.py

Cross-references code-discovered flags against documentation to verify each has a kill switch path written down.

python scripts/kill_switch_audit.py --repo . --flag-doc docs/feature-flags.md
python scripts/kill_switch_audit.py --repo . --flag-doc runbooks/flags.md --format json

What it checks: 1. Every code-discovered flag has an entry in --flag-doc 2. Each entry declares: owner, type, kill-switch trigger, monitoring dashboard 3. Reports flags missing documentation (FAIL) or missing fields (WARN)

Use as a pre-merge gate before any new flag ships.

Provider chooser (5 + DIY)

Provider Best for Pricing model Lock-in risk OSS option
LaunchDarkly Enterprise, complex targeting, audit/compliance Per-MAU, expensive High No
GrowthBook Mid-market, A/B testing focused, OSS-friendly Per-MAU + OSS Low Yes (self-host)
Statsig Growth/product teams, advanced experimentation Free tier + per-MAU Medium No
Unleash OSS-first, self-hosted, dev-friendly OSS + Enterprise Low Yes
Flipt Lightweight, k8s-native, simple needs OSS-only None Yes
DIY <100 flags, no targeting, full control None None N/A

Decision rules: - <50 flags + no targeting → DIY with config file or env vars - Need analytics + experimentation → Statsig or GrowthBook - Compliance/SOC2 audit logs required → LaunchDarkly - Self-hosting required (data residency / air-gapped) → Unleash or Flipt - See references/provider_comparison.md for detail.

Workflows

Workflow 1: Ship a new feature behind a flag

1. Classify: which of the 4 flag types?
   → Release (most common for engineering work)
2. Run rollout_planner.py to design the ramp
3. Add flag entry to docs/feature-flags.md BEFORE writing code:
   - name, owner, type, kill-switch trigger, dashboard URL
4. Write the code with the flag
5. Run kill_switch_audit.py — must pass before merge
6. Deploy at 0%; verify kill switch works
7. Execute rollout schedule; abort if abort criteria met
8. At 100% for 7+ days: remove flag, delete dead branch, archive doc entry

Workflow 2: Quarterly flag cleanup

1. Run flag_debt_scanner.py --repo . --max-age-days 90 > debt.md
2. For each flagged item:
   a. Confirm it reached 100% (or was killed)
   b. Find the issue/PR that introduced it; verify owner agrees to remove
   c. Delete dead branches; remove flag config
   d. Run kill_switch_audit.py — should now show one fewer flag
3. Update CHANGELOG: "Removed N stale flags"

Workflow 3: Choose a provider

1. Estimate flag count (current + 12-month projection)
2. Required features:
   - Targeting rules (user, account, geo, %)?
   - A/B testing + stats?
   - Audit log / SOC2?
   - Self-hosting / data residency?
3. Pricing budget (MAU * cost-per-MAU)
4. See provider_comparison.md decision tree
5. Build a 30-day proof-of-concept before signing

Workflow 4: Design a kill switch

1. Identify the failure modes:
   - Latency spike (which threshold?)
   - Error rate spike (which threshold?)
   - Business metric regression (which threshold?)
2. Wire each to an abort:
   - Manual: dashboard link + on-call playbook
   - Automated: alert threshold flips flag back to 0%
3. Test the kill switch in staging BEFORE production rollout
4. Document in flag-doc; pass kill_switch_audit.py

References

  • references/flag_taxonomy.md — 4 types, decision tree, ownership, lifespan
  • references/provider_comparison.md — LaunchDarkly / GrowthBook / Statsig / Unleash / Flipt / DIY trade-offs
  • references/rollout_strategies.md — ring / linear / log / cohort / geo, abort criteria, monitoring
  • references/flag_lifecycle.md — request → design → ship → ramp → cleanup → archive

Slash command

/flag-cleanup — Run the full cleanup workflow on the current repo: scan for debt, generate a removal plan, audit kill switches.

Asset templates

  • assets/flag_request_template.md — fill-in form for new flag requests (name, owner, type, kill switch, rollout plan)

Anti-patterns

  • Permanent flag with if (FLAG_FOO) 50 places — should be a Permission flag with a runtime config, not a Release flag
  • Flag with no owner — when the original engineer leaves, no one cleans it up
  • No kill switch documented — when the feature breaks, no one knows how to disable it
  • A/B test that ran 6 months — pick a winner; running indefinitely is debt
  • Flags as feature toggles for cosmetic changes — ship via deploy, not flag

Verifiable success

A team using this skill should achieve: - 100% of new flags pass kill_switch_audit.py at merge time - flag_debt_scanner.py --max-age-days 90 returns ≤5 stale flags repo-wide - Every flag has a documented owner, type, and kill switch - Mean time to retire a Release flag: <60 days from 100% rollout