featureflip 2.0.0 → 2.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3b4009e153b6dc621cee9ed4d8f1aaa7f199396e5d8a8266d949b3367b0f06b8
-  data.tar.gz: 1f45c271ce3d180c362cfa095d6027f0d5d48f51cc259fd31215baa8959732d6
+  metadata.gz: 2fdefb980d91435aca01a6f6344804e172dedef867fd826c5ac9a017ca6416ca
+  data.tar.gz: d98b0cda83055b8b984b2ea370b9717f6800dd44202ddacf21944fa19b0dc194
 SHA512:
-  metadata.gz: debfee24678c85c688e94935396ef142f3b1f31aaec0b7788c6fc09e51e03e805104f273e53bda66686d4eded49baff6e33f58bb7e0b2543cbdf5cfac1cf9289
-  data.tar.gz: ff2cc0874823a1dcd23c3fc29dd70deffb46b0a08fc6c9efce620299bb3200b6edbf78d5352579e2b476725e5870d9bcde1f2a48faafc8e5ccca11e113e750ba
+  metadata.gz: 360a193a8d0557ba71c45ce1c3f341d008f34f34996434328f7aa2c1da3eee9ef7cc531953ffbd21b8f83fa2674e750139c456854e59a322c0099fe04f76cc0f
+  data.tar.gz: f4f292e068e49a8688b94c530d5cce50a060f97c57742e5aaee3f4db02aa469b0623c8b3c95065c6293e0452b71a58f3dc57212b649bc78e66044dad025c24a6

data/lib/featureflip/evaluation/condition_evaluator.rb

@@ -1,13 +1,35 @@
+require "time"
+
 module Featureflip
   module Evaluation
     class ConditionEvaluator
+      # Per-regex match timeout (seconds) for MatchesRegex, mirroring the
+      # engine's 100ms RegexMatchTimeout guard against catastrophic
+      # backtracking / ReDoS (#1460). Requires Ruby >= 3.2 (gemspec floor),
+      # which added the Regexp `timeout:` keyword.
+      REGEX_TIMEOUT_SECONDS = 0.1
+
       def evaluate_condition(condition, context)
         attr_value = context[condition.attribute]
 
         return condition.negate if attr_value.nil?
 
-        str_value = attr_value.to_s.downcase
-        targets = condition.values.map { |v| v.to_s.downcase }
+        # Issue #1458: when the attribute is a native numeric (Integer/Float —
+        # Ruby's `true`/`false` are NOT Numeric, so booleans are naturally
+        # excluded), the equality-family operators coerce the condition values to
+        # numbers and compare numerically, so 1.0 matches "1". This mirrors the
+        # engine's type-aware path and runs BEFORE stringification — a String
+        # attribute (even "1.0") stays on the string path below.
+        if attr_value.is_a?(Numeric) && NUMERIC_EQUALITY_OPERATORS.include?(condition.operator)
+          return evaluate_numeric_equality(condition, attr_value)
+        end
+
+        # Pass the raw (case-preserved) strings to the operator dispatcher.
+        # Most operators compare case-insensitively and downcase internally, but
+        # the semver operators rely on case-sensitive prerelease precedence
+        # (semver §11), so the original casing must survive to that point.
+        str_value = attr_value.to_s
+        targets = condition.values.map(&:to_s)
 
         result = evaluate_operator(condition.operator, str_value, targets)
         condition.negate ? !result : result
@@ -33,49 +55,136 @@ module Featureflip
 
       private
 
+      # The equality-family operators that get type-aware numeric coercion when
+      # the attribute is a native Numeric (Issue #1458). Relational/string ops
+      # are deliberately excluded — only these four coerce.
+      NUMERIC_EQUALITY_OPERATORS = %w[Equals NotEquals In NotIn].freeze
+      private_constant :NUMERIC_EQUALITY_OPERATORS
+
+      # A parsed semantic version: the release core as dot-separated numeric
+      # segments plus an optional dot-separated prerelease identifier list.
+      SemverVersion = Struct.new(:release, :prerelease)
+      private_constant :SemverVersion
+
+      # An ISO-8601 date-time with no timezone offset (no trailing "Z"/±hh:mm),
+      # so it must be assumed UTC before parsing.
+      ISO_NO_OFFSET = /\A\d{4}-\d{2}-\d{2}[T ]\d{2}:\d{2}(:\d{2})?(\.\d+)?\z/
+      private_constant :ISO_NO_OFFSET
+
+      # A bare ISO-8601 calendar date ("2024-01-01") with no time component. The
+      # engine's DateTimeOffset.TryParse accepts these (midnight, assumed UTC),
+      # but Time.iso8601 rejects them, so they need their own midnight-UTC path.
+      ISO_DATE_ONLY = /\A\d{4}-\d{2}-\d{2}\z/
+      private_constant :ISO_DATE_ONLY
+
       def evaluate_operator(operator, value, targets)
+        # Case-insensitive views for the string/relational/date operators.
+        ci_value = value.downcase
+        ci_targets = targets.map(&:downcase)
+
         case operator
         when "Equals"
-          targets.any? { |t| value == t }
+          ci_targets.any? { |t| ci_value == t }
         when "NotEquals"
-          targets.all? { |t| value != t }
+          ci_targets.all? { |t| ci_value != t }
         when "Contains"
-          targets.any? { |t| value.include?(t) }
+          ci_targets.any? { |t| ci_value.include?(t) }
         when "NotContains"
-          targets.all? { |t| !value.include?(t) }
+          ci_targets.all? { |t| !ci_value.include?(t) }
         when "StartsWith"
-          targets.any? { |t| value.start_with?(t) }
+          ci_targets.any? { |t| ci_value.start_with?(t) }
         when "EndsWith"
-          targets.any? { |t| value.end_with?(t) }
+          ci_targets.any? { |t| ci_value.end_with?(t) }
         when "In"
-          targets.include?(value)
+          ci_targets.include?(ci_value)
         when "NotIn"
-          !targets.include?(value)
+          !ci_targets.include?(ci_value)
         when "MatchesRegex"
+          # Case-sensitive matching on the original-case value and pattern,
+          # mirroring the engine (RegexOptions.None). Case-insensitivity is
+          # opt-in via the (?i) inline flag in the pattern.
+          #
+          # A per-regex timeout bounds catastrophic backtracking / ReDoS like
+          # the engine's 100ms guard (#1460). rescue RegexpError covers BOTH an
+          # invalid pattern AND Regexp::TimeoutError (a RegexpError subclass),
+          # so either fails safe to no-match.
           targets.any? do |t|
-            Regexp.new(t, Regexp::IGNORECASE).match?(value)
+            Regexp.new(t, timeout: REGEX_TIMEOUT_SECONDS).match?(value)
           rescue RegexpError
             false
           end
+        # Relational operators match if the value satisfies the comparison
+        # against ANY condition value (mirroring the server engine), not just
+        # values[0]. `.any?` over an empty array is false, so empty values
+        # returns false without error.
         when "GreaterThan"
-          compare_numeric(value, targets[0], :>)
+          ci_targets.any? { |t| compare_numeric(ci_value, t, :>) }
         when "GreaterThanOrEqual"
-          compare_numeric(value, targets[0], :>=)
+          ci_targets.any? { |t| compare_numeric(ci_value, t, :>=) }
         when "LessThan"
-          compare_numeric(value, targets[0], :<)
+          ci_targets.any? { |t| compare_numeric(ci_value, t, :<) }
         when "LessThanOrEqual"
-          compare_numeric(value, targets[0], :<=)
+          ci_targets.any? { |t| compare_numeric(ci_value, t, :<=) }
+        # Date operators compare against the RAW value/targets, not the
+        # lowercased copies: downcasing breaks ISO-8601 parsing (the "Z" UTC
+        # designator becomes "z", which is not valid). Both operands are parsed
+        # to UTC instants — offsets are honored, no-offset strings are assumed
+        # UTC, and a bare integer is treated as Unix seconds — so an unparseable
+        # operand matches nothing instead of falling back to a string compare.
         when "Before"
-          return false if targets.empty?
-          value < targets[0]
+          targets.any? { |t| compare_datetime(value, t, :<) }
         when "After"
-          return false if targets.empty?
-          value > targets[0]
+          targets.any? { |t| compare_datetime(value, t, :>) }
+        # Semantic-version operators compare against the RAW value/targets:
+        # prerelease precedence is case-sensitive (semver §11), so the casing
+        # preserved by `evaluate_condition` must not be folded here. An
+        # unparseable version matches nothing, like the numeric/date operators.
+        when "SemverEquals"
+          targets.any? { |t| compare_semver(value, t, :==) }
+        when "SemverGreaterThan"
+          targets.any? { |t| compare_semver(value, t, :>) }
+        when "SemverGreaterThanOrEqual"
+          targets.any? { |t| compare_semver(value, t, :>=) }
+        when "SemverLessThan"
+          targets.any? { |t| compare_semver(value, t, :<) }
+        when "SemverLessThanOrEqual"
+          targets.any? { |t| compare_semver(value, t, :<=) }
         else
           false
         end
       end
 
+      # Type-aware numeric equality for a native-Numeric attribute (Issue #1458).
+      # Coerces each condition value with a strict literal parse and compares it
+      # numerically against the attribute. Equals/In match if ANY value is equal;
+      # NotEquals/NotIn are their negation. The `negate` flag is then applied,
+      # mirroring `evaluate_condition`'s tail.
+      def evaluate_numeric_equality(condition, attr_value)
+        target = attr_value.to_f
+        any_equal = condition.values.any? do |v|
+          n = parse_numeric(v)
+          n && n == target
+        end
+
+        positive = NUMERIC_EQUALITY_POSITIVE_OPERATORS.include?(condition.operator)
+        result = positive ? any_equal : !any_equal
+        condition.negate ? !result : result
+      end
+
+      # Equals/In are the "positive" members of the equality family (match on
+      # equality); NotEquals/NotIn negate the same any-equal test.
+      NUMERIC_EQUALITY_POSITIVE_OPERATORS = %w[Equals In].freeze
+      private_constant :NUMERIC_EQUALITY_POSITIVE_OPERATORS
+
+      # Strict literal parse of a condition value to a Float, reusing the same
+      # `Float()` approach as `compare_numeric`: a partial number like "1abc"
+      # raises and yields nil (no match), matching the engine's strict parse.
+      def parse_numeric(value)
+        Float(value)
+      rescue ArgumentError, TypeError
+        nil
+      end
+
       def compare_numeric(value, target, op)
         val = Float(value)
         tgt = Float(target)
@@ -83,6 +192,164 @@ module Featureflip
       rescue ArgumentError, TypeError
         false
       end
+
+      # Compares `value` and `target` as UTC date-time instants and tests the
+      # ordering against `op` (:< for Before, :> for After). Returns false when
+      # either side is not parseable, mirroring how `compare_numeric` treats
+      # non-numeric input (no lexical-string fallback).
+      def compare_datetime(value, target, op)
+        left = parse_datetime(value)
+        right = parse_datetime(target)
+        return false if left.nil? || right.nil?
+
+        left.send(op, right)
+      end
+
+      # Parses a date-time to a UTC `Time`, mirroring the engine's
+      # TryParseDateTime. ISO-8601 strings honor any timezone offset; a string
+      # without an offset is assumed UTC. A bare integer is treated as Unix time
+      # in seconds. Returns nil when the input parses as neither.
+      def parse_datetime(value)
+        s = value.to_s.strip
+
+        begin
+          # `Time.iso8601` honors offsets/"Z" but raises on a no-offset string;
+          # append the missing time/offset to assume midnight UTC for bare dates
+          # and UTC for offset-less date-times (mirroring DateTimeOffset.TryParse
+          # with AssumeUniversal).
+          iso =
+            if s.match?(ISO_DATE_ONLY)
+              "#{s}T00:00:00Z"
+            elsif s.match?(ISO_NO_OFFSET)
+              "#{s}Z"
+            else
+              s
+            end
+          return Time.iso8601(iso).utc
+        rescue ArgumentError
+          # Fall through to the Unix-seconds fallback.
+        end
+
+        # Integer fallback: treat a bare integer as Unix time in seconds.
+        if s.match?(/\A-?\d+\z/)
+          begin
+            return Time.at(Integer(s)).utc
+          rescue RangeError, ArgumentError
+            return nil
+          end
+        end
+
+        nil
+      end
+
+      # Compares `value` and `target` as semantic versions and tests the
+      # resulting precedence sign (-1/0/1) against `op`. Returns false when
+      # either side is not a parseable version, mirroring how `compare_numeric`
+      # treats non-numeric input.
+      def compare_semver(value, target, op)
+        left = parse_semver(value)
+        right = parse_semver(target)
+        return false if left.nil? || right.nil?
+
+        compare_semver_parts(left, right).send(op, 0)
+      end
+
+      # Parses a semantic version (https://semver.org). Returns a SemverVersion,
+      # or nil when the release core is missing or any release segment is
+      # non-numeric. Tolerant of an optional leading "v"/"V", "+build" metadata
+      # (ignored for precedence), and an optional "-prerelease" suffix.
+      def parse_semver(value)
+        s = value.strip
+        return nil if s.empty?
+
+        # Optional leading "v"/"V".
+        s = s[1..] if s.start_with?("v", "V")
+
+        # Build metadata ("+...") does not affect precedence.
+        plus = s.index("+")
+        s = s[0...plus] if plus
+
+        # Split the release core from the optional "-prerelease" suffix.
+        core = s
+        prerelease = []
+        dash = s.index("-")
+        if dash
+          core = s[0...dash]
+          pre = s[(dash + 1)..]
+          return nil if pre.empty? # trailing "-" with no identifiers is malformed
+
+          # `split(".", -1)` keeps trailing empty fields so "rc." / "1.0.-x" are
+          # rejected; the default `split` would silently drop them.
+          prerelease = pre.split(".", -1)
+          return nil if prerelease.any?(&:empty?)
+        end
+
+        return nil if core.empty?
+
+        release = core.split(".", -1)
+        return nil unless release.all? { |seg| all_digits?(seg) }
+
+        SemverVersion.new(release, prerelease)
+      end
+
+      # Compares two parsed versions by semantic-version precedence: release
+      # segments first (missing trailing segments treated as 0), then
+      # prerelease. Returns -1, 0, or 1.
+      def compare_semver_parts(a, b)
+        [a.release.length, b.release.length].max.times do |i|
+          seg_a = a.release[i] || "0"
+          seg_b = b.release[i] || "0"
+          cmp = compare_numeric_string(seg_a, seg_b)
+          return cmp unless cmp.zero?
+        end
+
+        compare_prerelease(a.prerelease, b.prerelease)
+      end
+
+      # Compares two prerelease identifier lists per semver §11. A version with
+      # no prerelease ranks above one that has a prerelease.
+      def compare_prerelease(a, b)
+        return 0 if a.empty? && b.empty?
+        return 1 if a.empty?
+        return -1 if b.empty?
+
+        [a.length, b.length].min.times do |i|
+          cmp = compare_prerelease_id(a[i], b[i])
+          return cmp unless cmp.zero?
+        end
+
+        # All shared identifiers equal: the longer prerelease has higher precedence.
+        a.length <=> b.length
+      end
+
+      # Compares two prerelease identifiers: numeric identifiers compare
+      # numerically and rank below alphanumeric ones; alphanumeric identifiers
+      # compare in ASCII sort order (case-sensitive) per semver §11.
+      def compare_prerelease_id(a, b)
+        a_num = all_digits?(a)
+        b_num = all_digits?(b)
+        return compare_numeric_string(a, b) if a_num && b_num
+        return -1 if a_num
+        return 1 if b_num
+
+        a <=> b
+      end
+
+      # Compares two all-digit strings as non-negative integers without parsing
+      # (overflow-free): strip leading zeros, then the longer string is the
+      # larger number; equal lengths compare ordinally. Returns -1, 0, or 1.
+      def compare_numeric_string(a, b)
+        a = a.sub(/\A0+/, "")
+        b = b.sub(/\A0+/, "")
+        return a.length <=> b.length unless a.length == b.length
+
+        a <=> b
+      end
+
+      # Reports whether `s` is non-empty and contains only ASCII digits.
+      def all_digits?(s)
+        s.match?(/\A[0-9]+\z/)
+      end
     end
   end
 end

data/lib/featureflip/evaluation/evaluator.rb

@@ -4,28 +4,54 @@ require_relative "bucketing"
 module Featureflip
   module Evaluation
     class Evaluator
+      # Mirrors packages/js-sdk/src/core/evaluator.ts. The guard uses `>` (not `>=`)
+      # so a chain of MAX_PREREQUISITE_DEPTH + 1 nested flags trips the cap — matches
+      # the JS reference implementation; see prerequisite_spec.rb depth test.
+      MAX_PREREQUISITE_DEPTH = 10
+
       def initialize
         @condition_evaluator = ConditionEvaluator.new
       end
 
-      def evaluate(flag, context, get_segment: nil)
+      def evaluate(flag, context, get_segment: nil, all_flags: {})
+        evaluate_with_shared_memo(flag, context, get_segment: get_segment, all_flags: all_flags, memo: {})
+      end
+
+      def evaluate_with_shared_memo(flag, context, all_flags:, memo:, get_segment: nil)
+        evaluate_internal(flag, context, get_segment, all_flags, 0, memo)
+      end
+
+      private
+
+      def evaluate_internal(flag, context, get_segment, all_flags, depth, memo)
+        if depth > MAX_PREREQUISITE_DEPTH
+          return off_result(flag, reason: "Error")
+        end
+
         unless flag.enabled
-          variation = flag.get_variation(flag.off_variation)
-          return Models::EvaluationDetail.new(
-            value: variation&.value,
-            reason: "FlagDisabled",
-            variation_key: flag.off_variation
-          )
+          return off_result(flag, reason: "FlagDisabled")
         end
 
+        prereq_failure = resolve_prerequisites(flag, context, get_segment, all_flags, depth, memo)
+        return prereq_failure if prereq_failure
+
         sorted_rules = flag.rules.sort_by(&:priority)
         sorted_rules.each do |rule|
-          conditions_match = if rule.segment_key && get_segment
-            segment = get_segment.call(rule.segment_key)
-            if segment
-              @condition_evaluator.evaluate_conditions(
-                segment.conditions, segment.condition_logic, context
-              )
+          conditions_match = if rule.segment_key && !rule.segment_key.empty?
+            # A segment-keyed rule must resolve its segment to match. If the
+            # segment source isn't wired (get_segment is nil), or the segment
+            # can't be found, fail closed (no match) -- mirroring the engine +
+            # C# SDK -- rather than falling through to the rule's condition
+            # groups (which match unconditionally when empty). See #1459.
+            if get_segment
+              segment = get_segment.call(rule.segment_key)
+              if segment
+                @condition_evaluator.evaluate_conditions(
+                  segment.conditions, segment.condition_logic, context
+                )
+              else
+                false
+              end
             else
               false
             end
@@ -38,25 +64,72 @@ module Featureflip
           if conditions_match
             variation_key = resolve_serve(rule.serve, context)
             variation = flag.get_variation(variation_key)
-            return Models::EvaluationDetail.new(
+            result = Models::EvaluationDetail.new(
               value: variation&.value,
               reason: "RuleMatch",
               rule_id: rule.id,
               variation_key: variation_key
             )
+            memo[flag.key] = result
+            return result
           end
         end
 
         variation_key = resolve_serve(flag.fallthrough, context)
         variation = flag.get_variation(variation_key)
-        Models::EvaluationDetail.new(
+        result = Models::EvaluationDetail.new(
           value: variation&.value,
           reason: "Fallthrough",
           variation_key: variation_key
         )
+        memo[flag.key] = result
+        result
       end
 
-      private
+      # Returns nil when all prerequisites pass; otherwise returns the off-variation
+      # result for the flag and memoises it under flag.key. Mirrors the per-branch
+      # memo writes in the JS SDK evaluator.
+      def resolve_prerequisites(flag, context, get_segment, all_flags, depth, memo)
+        prerequisites = flag.prerequisites || []
+        prerequisites.each do |prereq|
+          key = prereq.prerequisite_flag_key
+          prereq_result = memo[key]
+
+          unless prereq_result
+            prereq_flag = all_flags[key]
+            unless prereq_flag
+              return memoise(memo, flag.key, off_result(flag, reason: "PrerequisiteFailed", prerequisite_key: key))
+            end
+
+            prereq_result = evaluate_internal(prereq_flag, context, get_segment, all_flags, depth + 1, memo)
+            memo[key] = prereq_result
+          end
+
+          if prereq_result.reason == "Error"
+            return memoise(memo, flag.key, off_result(flag, reason: "Error"))
+          end
+
+          if prereq_result.variation_key != prereq.expected_variation_key
+            return memoise(memo, flag.key, off_result(flag, reason: "PrerequisiteFailed", prerequisite_key: key))
+          end
+        end
+        nil
+      end
+
+      def memoise(memo, key, result)
+        memo[key] = result
+        result
+      end
+
+      def off_result(flag, reason:, prerequisite_key: nil)
+        variation = flag.get_variation(flag.off_variation)
+        Models::EvaluationDetail.new(
+          value: variation&.value,
+          reason: reason,
+          variation_key: flag.off_variation,
+          prerequisite_key: prerequisite_key
+        )
+      end
 
       def resolve_serve(serve, context)
         if serve.type == "Fixed"
@@ -74,6 +147,21 @@ module Featureflip
         bucket_value = context["userId"] if bucket_value.nil? && bucket_by == "user_id"
         bucket_value_str = bucket_value.nil? ? "" : bucket_value.to_s
 
+        # A Rollout serve can arrive with no weighted variations -- env-level PercentageRollout
+        # has nowhere to store per-variation weights, so the mapper emits type=Rollout with no
+        # variations (#1469). Degrade to the default fixed variation instead of returning an
+        # empty key. Mirrors the engine + C#/Java SDK evaluators.
+        return serve.variation || "" if (serve.variations || []).empty?
+
+        # Keyless user contexts can't be bucketed. Rather than hashing the empty value
+        # into an arbitrary salt-dependent bucket, serve the control (first) variation
+        # deterministically. The engine assigns a random GUID per eval (spreading
+        # anonymous users over HTTP); local SDK eval is deterministic, so parity is
+        # guaranteed only for keyed contexts (#1457).
+        if bucket_value_str == "" && %w[userId user_id].include?(bucket_by) && !(serve.variations || []).empty?
+          return serve.variations[0].key
+        end
+
         bucket = Bucketing.compute_bucket(serve.salt || "", bucket_value_str)
 
         cumulative = 0
@@ -82,7 +170,8 @@ module Featureflip
           return wv.key if bucket < cumulative
         end
 
-        serve.variations&.last&.key || ""
+        # Guaranteed non-empty: the no-variations case returned the default above.
+        serve.variations.last.key
       end
     end
   end

data/lib/featureflip/http/client.rb

@@ -82,7 +82,15 @@ module Featureflip
           variations: (data["variations"] || []).map { |v| Models::Variation.new(key: v["key"], value: v["value"]) },
           rules: (data["rules"] || []).map { |r| parse_rule(r) },
           fallthrough: parse_serve(data["fallthrough"]),
-          off_variation: data["offVariation"]
+          off_variation: data["offVariation"],
+          prerequisites: (data["prerequisites"] || []).map { |p| parse_prerequisite(p) }
+        )
+      end
+
+      def parse_prerequisite(data)
+        Models::Prerequisite.new(
+          prerequisite_flag_key: data["prerequisiteFlagKey"],
+          expected_variation_key: data["expectedVariationKey"]
         )
       end
 

data/lib/featureflip/models/evaluation_detail.rb

@@ -1,7 +1,7 @@
 module Featureflip
   module Models
-    EvaluationDetail = Struct.new(:value, :reason, :rule_id, :variation_key, keyword_init: true) do
-      def initialize(value:, reason:, rule_id: nil, variation_key: nil)
+    EvaluationDetail = Struct.new(:value, :reason, :rule_id, :variation_key, :prerequisite_key, keyword_init: true) do
+      def initialize(value:, reason:, rule_id: nil, variation_key: nil, prerequisite_key: nil)
         super
       end
     end

data/lib/featureflip/models/flag.rb

@@ -28,7 +28,16 @@ module Featureflip
       end
     end
 
-    FlagConfiguration = Struct.new(:key, :version, :type, :enabled, :variations, :rules, :fallthrough, :off_variation, keyword_init: true) do
+    Prerequisite = Struct.new(:prerequisite_flag_key, :expected_variation_key, keyword_init: true)
+
+    FlagConfiguration = Struct.new(
+      :key, :version, :type, :enabled, :variations, :rules, :fallthrough, :off_variation, :prerequisites,
+      keyword_init: true
+    ) do
+      def initialize(key:, version:, type:, enabled:, variations:, rules:, fallthrough:, off_variation:, prerequisites: [])
+        super
+      end
+
       def get_variation(key)
         @variations_by_key ||= variations.each_with_object({}) { |v, h| h[v.key] = v }
         @variations_by_key[key]

data/lib/featureflip/shared_core.rb

@@ -135,7 +135,12 @@ module Featureflip
         return Models::EvaluationDetail.new(value: default_value, reason: "FlagNotFound")
       end
 
-      result = @evaluator.evaluate(flag, context, get_segment: method(:get_segment))
+      result = @evaluator.evaluate(
+        flag,
+        context,
+        get_segment: method(:get_segment),
+        all_flags: @store.all_flags_map
+      )
       value = result.value.nil? ? default_value : result.value
       record_evaluation(key, context, result.variation_key)
 
@@ -143,10 +148,14 @@ module Featureflip
         value: value,
         reason: result.reason,
         rule_id: result.rule_id,
-        variation_key: result.variation_key
+        variation_key: result.variation_key,
+        prerequisite_key: result.prerequisite_key
       )
     rescue StandardError
-      Models::EvaluationDetail.new(value: default_value, reason: "Error")
+      # Prerequisite-resolution failures return PrerequisiteFailed cleanly through
+      # the evaluator; this rescue only fires on unexpected exceptions (malformed
+      # config, programming errors), so prerequisite_key has no defined value.
+      Models::EvaluationDetail.new(value: default_value, reason: "Error", prerequisite_key: nil)
     end
 
     # --- Event methods ---

data/lib/featureflip/store/flag_store.rb

@@ -28,6 +28,10 @@ module Featureflip
         @mutex.synchronize { @flags.values }
       end
 
+      def all_flags_map
+        @mutex.synchronize { @flags.dup }
+      end
+
       def upsert(flag)
         @mutex.synchronize do
           existing = @flags[flag.key]

data/lib/featureflip/version.rb

@@ -1,3 +1,3 @@
 module Featureflip
-  VERSION = "2.0.0"
+  VERSION = "2.2.0"
 end

metadata

@@ -1,15 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: featureflip
 version: !ruby/object:Gem::Version
-  version: 2.0.0
+  version: 2.2.0
 platform: ruby
 authors:
 - Featureflip
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2026-04-11 00:00:00.000000000 Z
+date: 2026-06-19 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: logger
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement