Overview
Feature Flags
Section titled “Feature Flags”Feature flags within a resolved organization + project — mirrors
EnvironmentsController’s resolve-then-dispatch shape one level deeper.
{project} is resolved key-or-guid, scoped to the resolved org (with the service-token
project allowlist forwarded), via ResolveProjectIdAsync
for every action. {flag} (get/update/archive/restore/delete) is then resolved
key-or-guid, scoped to the resolved project, via
ResolveFlagIdAsync. Dispatched commands/queries always
use the resolved GUIDs, never the raw route strings. Writes (create/update/archive/restore/
delete) require at least Member
(RequireRole); a Viewer attempting one gets a 403
forbidden envelope. Flag deletion/variation-removal guards (FLAG_HAS_DEPENDENTS,
plan limits on create, etc.) surface as-is via the existing handlers’ custom
ValidationException, which
PublicApiExceptionFilterAttribute maps to a 400 validation_failed
envelope automatically — no action here special-cases them. Defers flag runtime config
(env-config, toggle, targeting rules, prerequisites) and variations to their own controllers
(phase 3b Task 3 / phase 3c).