Feature Flags & Dynamic Configuration

Problem statement

Gradual rollouts, kill switches, A/B experiments, and per-tenant toggles without redeploying; low latency evaluation at massive QPS.

How it works

Flag definitions stored centrally; SDKs in services poll or stream updates; local cache with TTL and version.

Analogy: Airplane cockpit switches labeled “Aux Power” — pilots can flip during flight without landing to rewiring the plane.

High-level design

Rendering diagram…

Components explained — this design

Component	What it is	Why we use it here
Config UI / GitOps	Human-friendly flag definitions + approvals.	Audit trail and peer review reduce production accidents.
Flags API	Serves evaluated config snapshots.	SDKs poll/stream; ETag caching reduces bandwidth.
PostgreSQL / DynamoDB	Stores flag rules + targeting matrices.	Postgres for complex boolean logic + joins to org tables; Dynamo for massive edge reads with DAX cache.
CDN cached GET	Public snapshot for mobile SDKs.	Scale read path cheaply; signed if sensitive experiments must stay private.

Shared definitions: 00-glossary-common-services.md

Low-level design

Evaluation context

Pass user_id, tenant, country, build into rules engine (JSONLogic / custom DSL).

Consistency

Sticky assignments for experiments — hash(user_id+flag) bucket stable across requests.

Performance

Edge config via CloudFront + signed URL for mobile apps; snapshots versioned JSON.

Safety

Kill switch flags evaluated first with no dependencies to avoid deadlock if other flags misconfigured.

E2E: rollout 5%

Rendering diagram…

Tricky parts

Problem	Solution
Flag dependency DAG	Topological eval; lint in CI
Client stale after emergency off	Short TTL + push notification to refresh
Server-side vs client-side	Secret flags never shipped to mobile plaintext

Caveats

God flag anti-pattern — too many conditionals; delete old flags aggressively.
Compliance: experiment disclosure for regulated industries.

Products

LaunchDarkly, Split.io, AWS AppConfig, Azure App Configuration, Unleash OSS.