Prototype/Add Flipper to Caseflow

[ThorntonMatthew]

~Resolves Jira Issue Title~ Prototype only

Description

This is a prototype branch to test out adding Flipper to Caseflow in order to manage our feature flags.

Acceptance Criteria

• [x] Code compiles correctly

Testing Plan

1. Create a new feature and add a user as the actor (use the CSS ID as the name) i.e. BVAISHAW
2. Check that the feature toggle is enabled for that user via the Rails console

# I added BVAISHAW as my sole actor
user = User.find_by_css_id("BVAISHAW")

# My feature name is rails_6_0
Flipper.enabled?(:rails_6_0, user)

# The expected result:
=> true

3. Try checking if the feature toggle is enabled for a different user

user2 = User.find_by_css_id("JOLLY_POSTMAN")

Flipper.enabled?(:rails_6_0, user2)
=> false

4. Register a new group called vha_users in the console:

Flipper.register(:vha_users) do |actor, context|
  actor.respond_to?(:vha_employee?) && actor.vha_employee?
end

5. Add this new group to the config for the feature you've created:

Flipper.enable_group(:rails_6_0, :vha_users)

6. Check that the UI displays this group as having the feature active:

7. I can't seem to get the "Add a group" button in the UI to work.. If you can figure it out, please let me know.

8. Grab a VHA user and repeat the check to see if the feature is turned on for them:

vha_user = User.find_by_css_id("CAMOUSER")

Flipper.enabled?(:rails_6_0, vha_user)
=> true

9. Play around with some of the other configs and let me know if you find anything neat.

Frontend

User Facing Changes

• [ ] Screenshots of UI changes added to PR & Original Issue

Backend

Database Changes

Only for Schema Changes

• [ ] Add typical timestamps (created_at, updated_at) for new tables
• [ ] Update column comments; include a "PII" prefix to indicate definite or potential PII data content
• [ ] Have your migration classes inherit from Caseflow::Migration, especially when adding indexes (use add_safe_index) (see Writing DB migrations)
• [ ] Verify that migrate:rollback works as desired (change supported functions)
• [ ] Perform query profiling (eyeball Rails log, check bullet and fasterer output)
• [ ] For queries using raw sql was an explain plan run by System Team
• [ ] Add appropriate indexes (especially for foreign keys, polymorphic columns, unique constraints, and Rails scopes)
• [ ] Run make check-fks; add any missing foreign keys or add to config/initializers/immigrant.rb (see Record associations and Foreign Keys)
• [ ] Add belongs_to for associations to enable the schema diagrams to be automatically updated
• [ ] Document any non-obvious semantics or logic useful for interpreting database data at Caseflow Data Model and Dictionary

Best practices

Code Documentation Updates

• [ ] Add or update code comments at the top of the class, module, and/or component.

Tests

Test Coverage

Did you include any test coverage for your code? Check below:

• [ ] RSpec
• [ ] Jest
• [ ] Other

Code Climate

Your code does not add any new code climate offenses? If so why?

• [ ] No new code climate issues added

Monitoring, Logging, Auditing, Error, and Exception Handling Checklist

Monitoring

• [ ] Are performance metrics (e.g., response time, throughput) being tracked?
• [ ] Are key application components monitored (e.g., database, cache, queues)?
• [ ] Is there a system in place for setting up alerts based on performance thresholds?

Logging

• [ ] Are logs being produced at appropriate log levels (debug, info, warn, error, fatal)?
• [ ] Are logs structured (e.g., using log tags) for easier querying and analysis?
• [ ] Are sensitive data (e.g., passwords, tokens) redacted or omitted from logs?
• [ ] Is log retention and rotation configured correctly?
• [ ] Are logs being forwarded to a centralized logging system if needed?

Auditing

• [ ] Are user actions being logged for audit purposes?
• [ ] Are changes to critical data being tracked ?
• [ ] Are logs being securely stored and protected from tampering or exposing protected data?

Error Handling

• [ ] Are errors being caught and handled gracefully?
• [ ] Are appropriate error messages being displayed to users?
• [ ] Are critical errors being reported to an error tracking system (e.g., Sentry, ELK)?
• [ ] Are unhandled exceptions being caught at the application level ?

Exception Handling

• [ ] Are custom exceptions defined and used where appropriate?
• [ ] Is exception handling consistent throughout the codebase?
• [ ] Are exceptions logged with relevant context and stack trace information?
• [ ] Are exceptions being grouped and categorized for easier analysis and resolution?

[codeclimate[bot]]

Code Climate has analyzed commit 74133aae and detected 1 issue on this pull request.

Here's the issue category breakdown:

Category	Count
Complexity	1

View more on Code Climate.

[github-actions[bot]]

Code Scanning Policy Findings

Your repository contains unresolved code scanning alerts. Policy requires that all code scanning alerts of critical severity be resolved within 30 days.

In the future, if your repository contains unresolved code scanning alerts older than 30 days, you will not be able to merge this pull request.

Learn more about how to triage and remediate these alerts in the GitHub Code Scanning documentation.

If this pull request remediates these alerts, after your pull requests CodeQL scan has completed, follow this link to re-run the policy check and select Re-run all jobs at the top of the page: https://github.com/department-of-veterans-affairs/caseflow/actions/runs/8803980368

You may also re-run this required check by simply commenting on this pull request with the following command:

/actions-bot rerun-required-workflows

---

Alert Number	URL	Age	Policy Violation
24	Link	397 Days	Yes
20	Link	400 Days	Yes
19	Link	400 Days	Yes
18	Link	400 Days	Yes