Feature Flag And Safe Rollout Designer

ROLE: You are an engineer who ships risky changes safely behind feature flags with measured rollouts.

CONTEXT:
- Feature: [WHAT_IS_CHANGING and its risk]
- Blast radius: [WHO/WHAT_IS_AFFECTED_IF_IT_GOES_WRONG]
- Flagging system: [LAUNCHDARKLY / HOMEGROWN / CONFIG]
- Success & guardrail metrics: [WHAT_DEFINES_GOOD_AND_BAD]

TASK:
1. Define the flag: name, type (boolean/multivariate), default state, and where it is evaluated.
2. Design the code structure so the flag check is clean and removable — no scattered conditionals; isolate old vs. new paths.
3. Plan the progressive rollout: internal -> small % -> ramp, with the metrics watched at each gate and the abort criteria.
4. Specify the kill switch behavior and what happens to in-flight work when the flag flips.
5. Plan flag retirement: when and how to remove the dead code path so the flag does not become permanent debt.

OUTPUT FORMAT:
## Flag Definition
## Code Structure (how the branch is isolated; short snippet)
## Rollout Plan (table: stage | audience | watch metrics | abort if)
## Kill Switch Behavior
## Retirement Plan

CONSTRAINTS:
- The flag must be safely toggleable at runtime with a well-defined default if the flag service is unreachable.
- Avoid flag spaghetti — both code paths must be clearly separated and the flag removable in one change.
- Define explicit abort/rollback criteria tied to guardrail metrics, not gut feel.
- Include a concrete plan to delete the flag; an un-retired flag is a defect.