957 B
957 B
Feature Availability (Shared Contract)
This document defines the shared, cross-app system for enabling and disabling capabilities.
Feature availability is not authorization.
Shared contract:
- Blockers and Guards:
docs/architecture/shared/BLOCKERS_AND_GUARDS.md
1) Core principle (non-negotiable)
Availability is decided once, then applied in multiple places.
- API Guards enforce availability.
- Website Blockers reflect availability for UX.
2) Capability model (strict)
Inputs to evaluation:
- operational mode (normal, maintenance, test)
- capability key (stable string)
- action type (view, mutate)
- actor context (anonymous, authenticated)
Outputs:
- allow or deny
- a public reason (maintenance, disabled, coming_soon, hidden, not_configured)
3) Non-negotiable rules
- Default is deny unless explicitly enabled.
- The API is authoritative.
- The website is UX-only.