Skip to content
FlagLint

Safety Model

FlagLint is conservative. It separates inventory, review, and source edits so teams can inspect migration work before applying it.

Safety Model Diagram

Section titled “Safety Model Diagram”
flowchart TD
    A["Source files"] --> B["Local AST analysis"]
    B --> C["Evaluation inventory"]
    C --> D["Migration plan / SARIF"]
    D --> E{Developer review}
    E -->|approve| F["migrate --apply"]
    E -->|skip| C

What --apply Requires

Section titled “What --apply Requires”

migrate --apply rewrites a call site only when all of these are true:

  • The LaunchDarkly client is proven from supported Node.js server SDK provenance.
  • The call is a supported value evaluation method.
  • The flag key is static.
  • The fallback value and value type are known.
  • The evaluation context expression is present.
  • A local or configured imported OpenFeature client binding is proven.
  • The git working tree is clean, unless --allow-dirty is explicitly used.

What Is Never Auto-Rewritten

Section titled “What Is Never Auto-Rewritten”
  • Dynamic keys.
  • Detail evaluations such as variationDetail and boolVariationDetail.
  • Bulk calls such as allFlags() and allFlagsState().
  • Unknown fallback types.
  • Configured wrappers.
  • Ambiguous or unconfigured OpenFeature client bindings.
  • Browser SDKs, React SDKs, non-Node SDKs, and non-LaunchDarkly providers.

Required Review

Section titled “Required Review”

Generated diffs are reviewable migration assistance, not proof of production safety. Run tests and review each diff before merging.

Feedback

Section titled “Feedback”