---
id: wiki-2026-0508-risk-orchestration
title: Risk Orchestration
category: 10_Wiki/Topics
status: verified
canonical_id: self
aliases: [frontend-risk-management, deployment-risk-orchestration]
duplicate_of: none
source_trust_level: A
confidence_score: 0.85
verification_status: applied
tags: [frontend, deployment, feature-flags, observability, risk]
raw_sources: []
last_reinforced: 2026-05-10
github_commit: pending
tech_stack:
  language: typescript
  framework: launchdarkly-statsig-sentry
---

# Risk Orchestration

## 매 한 줄
> **"매 frontend deployment 의 risk 의 systematic 의 detect, gate, rollback 의 automated control plane."**. Feature flags + canary rollout + error budget + auto-rollback 의 의 unified pipeline — 매 2026 의 LaunchDarkly / Statsig / OpenFeature + Sentry / Datadog 의 의 standard, 매 risky change 의 production blast radius 의 minimize.

## 매 핵심

### 매 정의
- **Feature flags**: gradual rollout, kill switch, targeting (LaunchDarkly, Statsig, OpenFeature, Unleash).
- **Canary deployment**: % rollout (1% → 5% → 25% → 100%) with metric gates.
- **Error budget**: SLO-based — budget burn 의 deploy 의 freeze 의 trigger.
- **Auto-rollback**: error rate / latency regression 의 detection 의 의 traffic 의 revert.

### 매 risk dimensions
- **Functional**: regression, broken UX.
- **Performance**: LCP/CLS/INP regression.
- **Security**: leaked secret, XSS surface, CSP violation.
- **Business**: conversion drop, revenue regression.

### 매 응용
1. Risky refactor 의 1% canary + auto-rollback 의 metric breach.
2. Region-by-region rollout (us-east → us-west → eu).
3. Cohort-based exposure (employees → beta users → 5% → all).
4. Kill switch 의 incident 의 의 immediate disable.

## 💻 패턴

### Feature flag (OpenFeature standard)
```ts
import { OpenFeature } from '@openfeature/server-sdk';
import { LaunchDarklyProvider } from '@openfeature/launchdarkly-provider';

OpenFeature.setProvider(new LaunchDarklyProvider(process.env.LD_SDK_KEY!));
const client = OpenFeature.getClient();

export async function shouldShowNewCheckout(userId: string) {
  return client.getBooleanValue('new-checkout-v2', false, {
    targetingKey: userId,
  });
}
```

### Canary 의 Vercel + edge config
```ts
// middleware.ts
import { NextResponse } from 'next/server';
import { get } from '@vercel/edge-config';

export async function middleware(req: Request) {
  const canaryPercent = (await get<number>('checkout_canary')) ?? 0;
  const bucket = hashUser(req.headers.get('x-user-id') ?? '') % 100;
  const url = new URL(req.url);
  if (bucket < canaryPercent) {
    url.pathname = url.pathname.replace('/checkout', '/checkout-v2');
  }
  return NextResponse.rewrite(url);
}
```

### Error-budget gate (Sentry release health)
```ts
// scripts/check-error-budget.ts
import fetch from 'node-fetch';

const SLO_TARGET = 0.999; // 99.9% session crash-free
const r = await fetch(
  `https://sentry.io/api/0/organizations/org/sessions/?project=fe&field=session.crash_free_rate`,
  { headers: { Authorization: `Bearer ${process.env.SENTRY_TOKEN}` } },
);
const { data } = await r.json();
if (data.crash_free_rate < SLO_TARGET) {
  console.error('Error budget burned — blocking deploy');
  process.exit(1);
}
```

### Auto-rollback (Argo Rollouts analysis template)
```yaml
apiVersion: argoproj.io/v1alpha1
kind: AnalysisTemplate
metadata:
  name: error-rate-gate
spec:
  metrics:
    - name: js-error-rate
      interval: 1m
      successCondition: result < 0.01
      provider:
        prometheus:
          query: |
            sum(rate(frontend_js_errors_total[1m]))
            / sum(rate(frontend_pageviews_total[1m]))
      failureLimit: 2
```

### Statsig 의 experiment + auto-rollback
```ts
import Statsig from 'statsig-node';

await Statsig.initialize(process.env.STATSIG_KEY!);
const exp = await Statsig.getExperiment(user, 'new_search_algo');
const variant = exp.get('algo', 'baseline');

// Auto-rollback rule (Statsig console):
//   if (lcp_p75 regression > 200ms) → kill experiment
```

### CSP report 의 risk monitor
```ts
// app/api/csp-report/route.ts
export async function POST(req: Request) {
  const report = await req.json();
  await ingest('csp_violations', {
    blocked: report['csp-report']['blocked-uri'],
    directive: report['csp-report']['violated-directive'],
    page: report['csp-report']['document-uri'],
  });
  return new Response(null, { status: 204 });
}
```

### Progressive rollout (feature flag + cohort)
```ts
const stages = [
  { name: 'employees', filter: (u: User) => u.email.endsWith('@org.com') },
  { name: 'beta', filter: (u: User) => u.flags.includes('beta') },
  { name: '5pct', filter: (u: User) => hash(u.id) % 100 < 5 },
  { name: '25pct', filter: (u: User) => hash(u.id) % 100 < 25 },
  { name: 'ga', filter: () => true },
];

export function isExposed(user: User, currentStage: number) {
  return stages.slice(0, currentStage + 1).some((s) => s.filter(user));
}
```

## 매 결정 기준
| 상황 | Approach |
|---|---|
| User-targeted gradual rollout | Feature flag (LaunchDarkly / Statsig) |
| Infra / region rollout | Canary (Argo Rollouts, Spinnaker) |
| A/B experiment | Statsig / GrowthBook (stat-sig 의 evaluation) |
| Emergency disable | Kill switch flag (instant, no deploy) |
| Vendor-neutral | OpenFeature SDK + provider 의 swappable |

**기본값**: OpenFeature SDK + LaunchDarkly/Statsig + Sentry release health + auto-rollback gate.

## 🔗 Graph
- 부모: [[Site-Reliability-Engineering]]
- 변형: [[Feature-Flags]]
- Adjacent: [[Observability]] · [[Sentry]]

## 🤖 LLM 활용
**언제**: deploying risky frontend change, designing rollout plan, incident response (kill switch), experiment infrastructure.
**언제 X**: trivial CSS tweak (overhead 의 disproportionate), no observability infra (build observability first).

## ❌ 안티패턴
- **Flag debt**: stale flags 의 codebase 의 pollute — flag lifecycle policy (max 60 days, auto-cleanup tooling).
- **No metric gate**: % rollout 의 manual eyeball 의 — error rate / SLO automated gate 의 필수.
- **Single-region canary 의 multi-region claim**: traffic patterns 의 region 의 differ — region-by-region 의 separate.
- **Vendor lock**: LaunchDarkly-only API — OpenFeature 의 abstraction 의 사용.
- **Rollback 의 manual**: 5min MTTR vs. 30s automated — analysis template 의 automate.
- **Flag 의 secret 의 client bundle**: server-side evaluation 의 또는 hashed targeting key 의 사용.

## 🧪 검증 / 중복
- Verified (Google SRE book 의 error budgets, OpenFeature spec 2026, LaunchDarkly + Statsig docs).
- 신뢰도 A-.

## 🕓 Changelog
| 날짜 | 변경 |
|---|---|
| 2026-05-08 | Phase 1 |
| 2026-05-10 | Manual cleanup — full risk-orchestration playbook with 2026 OpenFeature stack |