add-autogate
$
npx mdskill add cloudflare/workerd/add-autogateAdds a temporary autogate to workerd for gradual rollout of risky changes, enabling kill switches during deployment.
- Helps developers safely introduce risky code changes without permanent binary releases.
- Integrates with workerd's internal tooling and the AutogateKey enum in C++ headers.
- Decides based on guidelines for temporary gates versus permanent compatibility flags.
- Presents results through step-by-step instructions for enum registration, mapping, usage, and testing.
SKILL.md
.github/skills/add-autogateView on GitHub ↗
---
name: add-autogate
description: Step-by-step guide for adding a new autogate to workerd for gradual rollout of risky changes, including enum registration, string mapping, usage pattern, and testing.
---
## Adding an Autogate
Autogates enable gradual rollout of risky code changes independent of binary releases. Unlike compatibility flags (which are permanent, date-based behavioral changes), autogates are temporary gates that can be toggled on/off via internal tooling during rollout, then removed once the change is stable.
### When to use an autogate vs a compat flag
| Use an autogate when... | Use a compat flag when... |
| --------------------------------------------- | ------------------------------------------ |
| Rolling out a risky internal change gradually | Changing user-visible behavior permanently |
| You need a kill switch during rollout | The change is tied to a compatibility date |
| The gate will be removed once stable | Users need to opt in or out explicitly |
Autogates and compat flags are separate mechanisms — an autogate does not become a compat flag.
### Step 1: Add the enum value
Edit `src/workerd/util/autogate.h`. Add a new entry to the `AutogateKey` enum **before `NumOfKeys`**:
```cpp
enum class AutogateKey {
TEST_WORKERD,
// ... existing gates ...
// Brief description of what this gate controls.
MY_NEW_FEATURE,
NumOfKeys // Reserved for iteration.
};
```
Naming convention: `SCREAMING_SNAKE_CASE` for the enum value.
### Step 2: Add the string mapping
Edit `src/workerd/util/autogate.c++`. Add a `case` to the `KJ_STRINGIFY` switch **before the `NumOfKeys` case**:
```cpp
kj::StringPtr KJ_STRINGIFY(AutogateKey key) {
switch (key) {
// ... existing cases ...
case AutogateKey::MY_NEW_FEATURE:
return "my-new-feature"_kj;
case AutogateKey::NumOfKeys:
KJ_FAIL_ASSERT("NumOfKeys should not be used in getName");
}
}
```
Naming convention: `kebab-case` for the string name. This string is what appears in runtime configuration (prefixed with `workerd-autogate-`). The enum name and string name should match to avoid confusion.
### Step 3: Guard your code
Use `Autogate::isEnabled()` to conditionally execute the new code path:
```cpp
#include <workerd/util/autogate.h>
// At the point where behavior should change:
if (util::Autogate::isEnabled(util::AutogateKey::MY_NEW_FEATURE)) {
// New code path
} else {
// Old code path (keep until gate is removed)
}
```
### Step 4: Test
Three ways to test autogated code:
**A. The `@all-autogates` test variant** (automatic):
Every `wd_test()` and `kj_test()` generates a `@all-autogates` variant that enables all gates. If your feature is tested by existing tests, they'll automatically run with the gate enabled:
```bash
just stream-test //src/workerd/api/tests:my-test@all-autogates
```
**B. Targeted C++ test setup**:
In a C++ test file, enable specific gates:
```cpp
#include <workerd/util/autogate.h>
// In test setup:
util::Autogate::initAutogateNamesForTest({"my-new-feature"_kj});
// In test teardown:
util::Autogate::deinitAutogate();
```
**C. Environment variable**:
Set `WORKERD_ALL_AUTOGATES=1` to enable all gates when no explicit config is provided.
### Step 5: Build and verify
```bash
just build
just stream-test //path/to:my-test@ # Old behavior (gate off)
just stream-test //path/to:my-test@all-autogates # New behavior (gate on)
```
### Step 6: Remove the gate (after rollout)
Once the human user explicitly confirms that the feature is stable and fully rolled out:
1. Remove the `AutogateKey` enum value from `autogate.h`
2. Remove the `case` from `KJ_STRINGIFY` in `autogate.c++`
3. Remove all `Autogate::isEnabled()` checks, keeping only the new code path
### Checklist
- [ ] Enum value added to `AutogateKey` in `autogate.h` (before `NumOfKeys`)
- [ ] Comment describes what the gate controls
- [ ] String mapping added to `KJ_STRINGIFY` in `autogate.c++`
- [ ] Code guarded with `Autogate::isEnabled()`
- [ ] Old code path preserved (for rollback)
- [ ] `@all-autogates` test variant passes
- [ ] Tests cover both gated and ungated paths
### Files touched
| File | What to do |
| ------------------------------- | --------------------------------------- |
| `src/workerd/util/autogate.h` | Add enum value with comment |
| `src/workerd/util/autogate.c++` | Add case to `KJ_STRINGIFY` |
| Your feature file(s) | Guard code with `Autogate::isEnabled()` |
More from cloudflare/workerd
- add-compat-flagStep-by-step guide for adding a new compatibility flag to workerd, including capnp schema, C++ usage, testing, and documentation requirements.
- bazel-test-hygieneMandatory rules for running bazel tests during development. Load this skill before running any bazel test command, especially when validating fixes or verifying regression tests. Prevents false confidence from cached results, filter flags that silently match nothing, and partial test runs that miss breakage.
- commit-categoriesCommit categorization rules for changelogs and "what's new" summaries. MUST be loaded before categorizing commits in changelog or whats-new commands. Provides the canonical path-based category table used to group commits by area.
- dad-jokesAfter completing any task that took more than ~5 tool calls, or after long-running builds/tests finish, load this skill and deliver a dad joke to lighten the mood. Also load before any user-requested joke, pun, or limerick. Never improvise jokes without loading this skill first.
- find-and-run-testsHow to find, build, and run tests in workerd. Covers wd-test, kj_test target naming, bazel query patterns, and common flags. Also covers parent project integration tests if workerd is used as a submodule. Load this skill when you need to locate or run a test and aren't sure of the exact target name or invocation.
- identify-reviewerIdentifies the local user's GitHub account and git identity before performing code reviews. Load this skill at the start of any PR review, code review, or commit log analysis so findings can be framed relative to the user's own prior comments, commits, and approval status.
- investigation-notesStructured scratch tracking document for investigation state during bug hunts - prevents re-reading code, losing context, and rabbit holes; maintains external memory so you don't re-derive conclusions
- kj-styleKJ/workerd C++ style guidelines for code review. Covers naming, type usage, memory management, error handling, inheritance, constness, and formatting conventions. Load this skill when reviewing or writing C++ code in the workerd codebase.
- markdown-draftsUse markdown formatting when drafting content intended for external systems (GitHub issues/PRs, Jira tickets, wiki pages, design docs, etc.) so formatting is preserved when the user copies it. Load this skill before producing any draft the user will paste elsewhere.
- module-registryLoad when working with the module registry in workerd — reading, modifying, debugging, or reviewing module resolution, compilation, evaluation, or registration code. Provides pointers to three reference documents covering the legacy registry, V8 module internals, and the new registry design.