Skip to content

Instantly share code, notes, and snippets.

@deanmlittle

deanmlittle/Feature Gate Activation.md

Last active August 13, 2025 01:00
Show Gist options
  • Save deanmlittle/1d9e8e9d65a637d314e080b32e1c29ed to your computer and use it in GitHub Desktop.
Save deanmlittle/1d9e8e9d65a637d314e080b32e1c29ed to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Feature Gate Activation.md

Feature Gate Activation Guide

Below is a guide to feature gate activations, outlining the requirements and expectations for those holding the feature gate activation keypair.

Expectations

Holding the keypair for a feature gate isn’t just “having the magic button.” It comes with both technical and process responsibilities, along with a tiny bit of ceremonial paranoia, to make sure the activation goes smoothly and safely.

Here’s what’s expected of you:

1. Be Part of the Audit Process

You’re expected to participate in the audit process for any change related to the gated feature.

That means understanding what’s being deployed, confirming that the activation conditions have been met, and ensuring nothing sketchy slipped in.

As the most important stakeholder in feature gate activation, the buck ultimately stops with you.

2. Know When to Re-Key

If the logic under the gate changes in a way that could bypass or weaken the original control, you must recognize that and flag for a re-key.

This isn’t optional - stale keys are a security and process liability.

Some examples could include:

  • A bug was discovered affecting an actively deployed validator client release
  • A consensus-breaking change in the feature was made affecting an actively deployed validator client release
  • A feature is merged with, or superseded by another
  • The keypair is lost/compromised

3. Stay in Contact with Release Engineering (RelEng)

Maintain clear, responsive communication with the RelEng team before, during, and after activation. You can find the #releng channel on the Solana Tech Discord here. You will need at least the contributor role to be able to post in the channel. If you are not a contributor, reach out to someone who can vouch for you in the #contributor-role-requests channel.

Consider that before, during and after activation includes the following networks:

  • Testnet
  • Devnet
  • Mainnet Beta

If there’s a hold, block, or any uncertainty about activation timing, signal the RelEng team immediately.

Think of yourself as part of an “activation triad”: dev, releng, and you.

4. Don’t Jump the Gun

Activation happens only when the agreed conditions are met and the go-ahead is given.

Early activation is not a bold move, it’s a bad move.

The unofficial policy: activate early and we’ll “send the MQ-9s after you” (read: expect swift and thorough follow-up).

5. Keep the Key Secure

This is the obvious one: protect the keypair like it’s root on prod (because in a sense, it is).

No unencrypted storage, no “oops I pasted it in Slack,” and definitely no sharing without following proper key distribution policy.

In short: If you hold the keypair, you’re more than a gatekeeper - you’re part of the safety net ensuring the right code goes live at the right time, with the right oversight. Treat the role with the seriousness of a high stakes production deployment authority - it is a serious role with serious consequences.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment