Skip to content

P6.REV.002 — Deploying repository uses a feature-flag mechanism

Field Value
Principle P6 Reversibility
Severity info
Evidence strong
Stability experimental

What it checks

Fires when the repo has deployment artifacts (Dockerfile, Kubernetes manifests, Terraform, etc.) but shows no evidence of a feature-flag library or a local flag implementation.

Detection method

  1. Checks for deployment artifacts (same set as P6.REV.001).
  2. Scans all file paths (case-insensitive) for feature-flag keywords.

Recognized flag libraries

  • Managed: LaunchDarkly, Unleash, OpenFeature, ConfigCat, GrowthBook, Optimizely, GoFeatureFlag, Flipt, Flagsmith, Split.io
  • Local: any path containing featureflag, feature-flag, feature_flag, feature-toggle, or feature_toggle

When to suppress

If the repo intentionally ships without flags (e.g., infrastructure-only, static site), suppress with an ignore entry:

ignore:
  - rule: P6.REV.002
    reason: "Static site  no runtime to toggle"
    expires: "2027-01-01"