Overview
Feature flags (src/config/feature-flags.config.ts) can enable or disable critical security features (auth, rate limiting). There is no audit trail of who changed a flag, when, or what the previous value was. This is a compliance gap.
Specifications
Features:
- Log every feature flag state change with actor, old value, new value, and timestamp.
Tasks:
- Create a
FeatureFlagAuditService that wraps flag reads/writes.
- Emit audit log entries on each flag change via
AuditLogService.
- Expose an admin endpoint
GET /feature-flags/audit returning the last 100 changes.
- Add unit tests verifying audit emission on flag toggle.
Impacted Files:
src/config/feature-flags.config.ts- New
src/config/feature-flag-audit.service.ts
Acceptance Criteria
- Each flag change generates an audit entry with actor and diff.
- Admin endpoint returns the flag change history.
- Unit test verifies audit is called on toggle.
Overview
Feature flags (
src/config/feature-flags.config.ts) can enable or disable critical security features (auth, rate limiting). There is no audit trail of who changed a flag, when, or what the previous value was. This is a compliance gap.Specifications
Features:
Tasks:
FeatureFlagAuditServicethat wraps flag reads/writes.AuditLogService.GET /feature-flags/auditreturning the last 100 changes.Impacted Files:
src/config/feature-flags.config.tssrc/config/feature-flag-audit.service.tsAcceptance Criteria