{
  "flags": {
    "bus-auth": {
      "enabled": true,
      "state": "enforce",
      "issue": "0001",
      "description": "Signed control-plane auth + NATS nkey auth. Rollout: off -> soft (verify+log, allow) -> enforce (reject). 'enabled' mirrors state!=off. Server opts in via membershipd --bus-auth; clients via client.Connect(caPath).",
      "added": "2026-06-07",
      "enabled_at": "2026-06-07"
    },
    "bus-tls": {
      "enabled": true,
      "issue": "0001",
      "description": "TLS on the NATS data plane using the project's self-signed CA (deploy/tls/). Server opts in via membershipd --tls-cert/--tls-key; clients pin ca.crt via client.Connect(caPath).",
      "added": "2026-06-07",
      "enabled_at": "2026-06-07"
    },
    "decentralized": {
      "enabled": false,
      "issue": "0003",
      "description": "Control-plane state on replicated JetStream KV instead of local SQLite (branch-by-abstraction membership.Store: sqliteStore default, jetstreamStore opt-in). The route cluster (0003a) and the KV store (0003b) shipped behind this flag; the membershipd boot wiring that selects the store is COMPLETE since issue 0006c and is realized at runtime with the server flag --store kv|sqlite (default sqlite). The internal-identity bootstrap (0006a) lets membershipd open the KV store on its own embedded NATS under enforce. Per-deploy opt-in: a node joins the decentralized control plane by starting with --store kv (and --cluster-name for HA). OFF (--store sqlite) keeps the single-node SQLite control plane unchanged.",
      "added": "2026-06-07",
      "enabled_at": null
    }
  }
}