~/ / flagdrop / features
// platform capabilities

Everything you need
to ship behind a flag.

Nine capabilities, zero lock-in. FlagDrop is the smallest surface area that still handles every serious feature-flag workflow — gradual rollouts, targeting, kill switches, audit trails, and AI-native control.

7 SDKs4 cloud providersEU / US / APAC regions
01 / 09 ��� architecture

Push config to
your bucket.
Read it locally.

FlagDrop is architecturally different from every other vendor. We don't serve evaluation requests. We write signed JSON to your S3, GCS, or Azure Blob bucket and SDKs read from it. Your traffic stays in your VPC, your region, your compliance envelope.

path→ flagdrop → s3 → sdk
p99 eval0.8 ms
egress0 bytes
proxynone
$ flagdrop push production
→ writing production.json (2.1kb)
→ signing with project key ...7f3a
→ s3://acme-flags-prod/production.json
→ invalidating edge cache (cloudfront)
# SDK pickup
acme-api.eu-west-1 ✓ 142ms
acme-api.us-east-1 ✓ 38ms
acme-web.cloudflare ✓ 61ms
acme-mobile.ios queued (next open)
# Network
flagdrop ─push──▶ your_bucket ─read──▶ your_sdks
(no flagdrop servers on read path)
02 / 09 — sdks

Seven SDKs.
One API.
Nothing exotic.

Type-safe getters for every primitive. Hot-reload on bucket change. Deterministic bucketing. 2-4kb gzipped. No WASM. No native bindings. No background daemon. If you can read JSON, you have a FlagDrop SDK.

node / deno / bun2.1kb
python 3.10+pip install flagdrop
go0 deps
rustno_std option
swift / kotlinios · android
edgeworkers · lambda@edge
// uniform API across runtimes
flags.getBool (name, default)
flags.getString (name, default)
flags.getNumber (name, default)
flags.getJson<T>(name, default)
flags.getVariant(name, user)
# react hook
const on = useFlag('new-checkout')
# deterministic bucketing
flags.rolloutSeed(user.id) → stable
03 / 09 — targeting

Rules humans
and agents can both
read.

Rule engine is a transparent JSON AST — not an opaque blob behind a GUI. Check it into Git, diff it in PRs, let your AI agent reason about it. Target by user, plan, geo, device, session, anything you pass in.

// rule · new-checkout
if user.plan == 'pro'
and user.country in ['US','CA','UK']
and hash(user.id) < 0.25
then true
// fallback
else false
→ evaluated locally, in 0.3ms, on 128 chars of JSON
04 / 09 — rollouts

Percentages,
schedules,
kill switches.

Ramp from 0 → 100% with a slider or a cron. Auto-promote staged flags on a schedule. Kill a flag instantly — a single write to your bucket revokes it across every SDK in under 5 seconds.

// rollout timeline · new-checkout
10:00 0% (internal only)
12:00 5% (canary)
14:00 25% (pro plan)
16:00 50% ◆ auto
18:00 100% (scheduled)
# kill switch
$ flagdrop kill new-checkout
✓ revoked · propagated in 3.1s
05 / 09 — mcp server

First-class
agent tooling.

Our MCP server exposes every FlagDrop action as a tool. Your coding agent creates flags where it writes the code, scopes rollouts to the right env, and appends to the audit log just like a human would.

create_flag(name, type, default)

Scaffolds a new flag with sensible defaults and a draft PR.

toggle(name, env, value)

Flip a boolean in any environment. Bounded by per-agent permissions.

rollout(name, percent, target?)

Gradual ramp with optional targeting rule.

target(name, rule)

Attach a JSON AST rule. Validates before push.

rollback(name, toVersion)

Restore any prior config. Every push is versioned.

audit(name, since)

Read who changed what, when, and from where.

06 / 09 — residency

Your region.
Your key.
Your problem, solved.

Pick the bucket. Pick the region. Pick the KMS key. FlagDrop respects it. Works for EU data residency, HIPAA, FedRAMP-adjacent setups, and the one legal team that won't let you use anything that touches us-east-1.

// active regions · your deployments
us-east-1
eu-west-1
ap-northeast-1
sa-east-1 (idle)
// guarantees
· no cross-region replication without your consent
· byok · kms-aware encryption
· vpc-endpoints supported
07 / 09 — audit

Every change, logged.
Every logged change,
reversible.

Immutable log of every push: who, when, from where, with what rationale. Versioned config. One-click rollback. Export to S3 for SIEM ingestion.

12:04:31CREATE flag 'ai-rewrite'cursor · mcp
12:07:02TARGET plan == 'pro' && hash < 0.1alex@acme.dev
12:09:18ROLLOUT 10%alex@acme.dev
12:14:55EVAL stable, 2,014 hits · 0 errorssdk.metrics
12:21:40ROLLOUT 50%claude · mcp
12:44:11KILL 'ai-rewrite'maya@acme.dev
12:44:14REVOKED across 14 SDKs · 3.1ssystem
08 / 09 — security

Boring on
purpose.

Every config signed with ed25519. SDKs verify signatures before applying. Per-project API keys and granular role scoping.

encryptioned25519 signed �� KMS at rest
authSAML · Okta · Google · SCIM
rbacper-project · per-env
// signature verification at read
1. sdk reads production.json from s3
2. fetches public key (cached 24h)
3. verifies ed25519 signature
4. rejects if tampered → keeps last good
# if s3 is compromised:
attacker rewrites flags.json ✗ rejected
sdks fall back to last signed ✓ safe
09 / 09 — teams

Unlimited seats.
Forever.
We mean it.

Add every engineer, PM, designer, and on-call agent. Guest access for contractors. Per-project roles. No add-on fees. No "contact sales." If someone at your company needs to flip a flag, they should be able to.

// team · acme-api
◆ alex · owner · ssh · 2fa
◆ maya · maintainer · saml · 2fa
◆ jordan · maintainer · saml · 2fa
◇ tomas · developer · saml · 2fa
◇ priya · developer · saml · 2fa
◇ wen · developer · saml · 2fa
◇ devon · viewer · saml
+ 18 more
cost_delta = $0.00
// still reading?

Four minutes to
your first flag.

Free tier, no card, zero migration lock-in. If you like it, you pay $49/mo. If you don't, you keep the bucket.

$ flagdrop init →Read the docs