Platform Admin Service — Epics
Service: platform-admin-service Epic prefix: PLTADM-EPIC Last updated: 2026-04-18
Epics
PLTADM-EPIC-01 — Platform configuration governance
| Field | Value |
|---|---|
| Issue type | Epic |
| Summary | Governed config CRUD with allow-list, type validation, and auditable history |
| Status | In Progress |
| Priority | Must |
| Labels | service:platform-admin, domain:platform_admin, slice:S0 |
| Components | config-module |
| Fix version | M0 |
| FR references | FR-PLTADM-CFG-001..004, FR-PLTADM-ENH-001 |
| Legacy FR refs | FR-ADM-CFG-001..004, FR-ADM-ENH-001 |
| Dependencies | — |
| Rollup status | Partial |
Business outcome: Platform operators have a single governed store for platform-wide and tenant-scoped settings. All changes are auditable with actor and value transition metadata. Unknown keys are rejected, preventing misconfiguration.
Description:
Delivers CRUD for PlatformConfig with allow-list validation, type schema enforcement, and append-only PlatformConfigHistory. Config scope can be PLATFORM (global) or TENANT (per-tenant). History endpoint supports cursor-based pagination sorted by changed_at DESC. Config updates emit platform_admin.config.updated.v1 for downstream consumers (e.g., identity-service session timeout update).
Stories: PLTADM-US-001, PLTADM-US-002
PLTADM-EPIC-02 — Feature flag lifecycle and evaluation
| Field | Value |
|---|---|
| Issue type | Epic |
| Summary | Feature flag CRUD, tenant override precedence, and cache-backed evaluation |
| Status | Implemented |
| Priority | Must |
| Labels | service:platform-admin, domain:platform_admin, slice:S0 |
| Components | feature-flag-module |
| Fix version | M0 |
| FR references | FR-PLTADM-FF-001..006, FR-PLTADM-ENH-003, FR-PLTADM-ENH-004 |
| Legacy FR refs | FR-ADM-FF-001..006, FR-ADM-ENH-003, FR-ADM-ENH-004 |
| Dependencies | PLTADM-EPIC-01 |
| Rollup status | Implemented |
Business outcome: Platform engineers can safely control feature rollout across all tenants or enable/disable features for specific tenants without code deployment. Archived flags always evaluate to false. Evaluation is cached for low-latency on-path checks.
Description:
Flag lifecycle: create (unique key), update (defaultEnabled, description), archive (terminal). Tenant override: explicit enable/disable per tenant overrides defaultEnabled. Evaluation: deterministic logic (archived=false, disabled-override=false, enabled-override=true, else default). Redis cache 60 s TTL; event-driven invalidation on mutation. Internal evaluate endpoint for downstream services (p95 ≤ 120 ms). Compatibility routes for legacy /api/platform/* paths.
Stories: PLTADM-US-003, PLTADM-US-004, PLTADM-US-005
PLTADM-EPIC-03 — Platform health aggregation
| Field | Value |
|---|---|
| Issue type | Epic |
| Summary | Aggregate health with dynamic source registration and 10s-cache |
| Status | In Progress |
| Priority | Must |
| Labels | service:platform-admin, domain:platform_admin, slice:S0 |
| Components | health-module |
| Fix version | M0 (static), M1 (dynamic) |
| FR references | FR-PLTADM-HLT-001..004, FR-PLTADM-ENH-002 |
| Legacy FR refs | FR-ADM-HLT-001..004, FR-ADM-ENH-002 |
| Dependencies | — |
| Rollup status | Partial |
Business outcome: Platform operators have immediate aggregate health visibility for incident triage. A single endpoint shows overall status and per-service breakdown. Dynamic registration enables elastic deployment without hardcoded service lists.
Description:
GET /admin/health/aggregate returns { overall, services[] } cached at 10 s TTL. Background HealthPollerJob probes each registered source every 15 s. Dynamic source registration via POST /internal/admin/health/sources — heartbeat timestamp updated on re-registration; staleness > 60 s marks source unhealthy.
Stories: PLTADM-US-006, PLTADM-US-007
PLTADM-EPIC-04 — Reliability and quality controls
| Field | Value |
|---|---|
| Issue type | Epic |
| Summary | Coverage, p95 latency verification, and observability gates |
| Status | In Progress |
| Priority | Must |
| Labels | service:platform-admin, domain:platform_admin, slice:S0 |
| Components | cross-cutting |
| Fix version | M1 |
| FR references | FR-PLTADM-NFR-001..003 |
| Legacy FR refs | NFR-ADM-001..003 |
| Dependencies | All PLTADM-EPICs |
| Rollup status | In Progress |
Business outcome: platform-admin-service meets platform-wide quality, latency, and observability targets, providing confidence for all downstream services that depend on feature flag evaluation and config access.
Description: Covers: unit + integration coverage ≥ 80%, mandatory outbox/inbox/tenant-isolation tests, flag evaluate p95 ≤ 120 ms load test, aggregate health response ≤ 2 s, OpenTelemetry instrumentation, SLO burn rate alerts, and config/flag history audit trail verified by compliance team.
Stories: PLTADM-US-008, PLTADM-US-009
PLTADM-EPIC-05 — Contract and operations enhancements
| Field | Value |
|---|---|
| Issue type | Epic |
| Summary | Close gaps: history API, dynamic health reg, tenant flag listing, route compat |
| Status | To Do |
| Priority | Should |
| Labels | service:platform-admin, domain:platform_admin, slice:S1 |
| Components | config-module, feature-flag-module, health-module |
| Fix version | M1 |
| FR references | FR-PLTADM-ENH-001..004 |
| Legacy FR refs | FR-ADM-ENH-001..004 |
| Dependencies | PLTADM-EPIC-01, PLTADM-EPIC-02, PLTADM-EPIC-03 |
| Rollup status | Not started |
Business outcome: Known control-plane gaps from review findings are closed while preserving backward compatibility for existing consumers during the migration window.
Description:
Four enhancement items: (1) Config history endpoint with deterministic paging/sorting; (2) dynamic health source registration and heartbeat lifecycle; (3) tenant admin flag listing endpoint; (4) compatibility route policy for legacy /api/platform/* paths with deprecation telemetry and sunset criteria.
Stories: PLTADM-US-010, PLTADM-US-011