Kill Switch
The kill switch is the panic button. It serves OFF to 100% of traffic in one environment in seconds, overriding enabled, rollout, and every targeting rule, no redeploy, no config edit.
What it does
Killing a flag forces its off value everywhere in that environment, immediately. It writes through the KV fast path, so the change reaches the edge in seconds rather than waiting on a normal config propagation. A killed flag shows 🔴 in the dashboard and ignores its own enabled/rollout/rules until you clear it.
This bypasses everything
enabled, rolloutPct, and all targeting rules. It is the highest-priority state in how a value is chosen - use it to stop bleeding during an incident, not for routine changes.When to use it
- A new feature is throwing errors or corrupting data in prod.
- A rollout is degrading a core metric and you need it gone now.
- A dependency behind the flag is down and you want to fail to the safe path instantly.
For a planned wind-down, ramp the rollout down instead, the kill switch is for "off, right now."
Killing a flag
Trigger it via the MCP tool or the kill endpoint.
Claude → kill_flag { key: "checkout-v2", env: "prod" }
🔴 checkout-v2 @ prod → KILLED (OFF to 100% of traffic)POST https://app.shipos.app/api/v1/flags/{id}/environments/prod/kill
Authorization: Bearer sos_agt_...Clearing the kill
A kill is sticky, it stays until you clear it. Clearing restores the flag to its normal config (enabled, rollout, rules); it does not re-enable anything you had turned off.
PUT https://app.shipos.app/api/v1/flags/{id}/environments/prod/config
Authorization: Bearer sos_agt_...
Content-Type: application/json
{
"expectedVersion": 12,
"clearKill": true
}Always audited
Every kill is written to the append-only audit trail, who, when, which environment, and attributed to an agent by key prefix when triggered with sos_agt_*. Any valid key executes the kill immediately; there is no approval step, because a kill switch is the thing you reach for when seconds matter. Read it back any time from the MCP get_audit_log tool or the audit API.