Feature flags

ServiceTitan-ready feature flags and rollout controls.

An offline tenant policy for separating sell-now manual features from database-backed, API-backed, and partner-gated automation before PageToJob stores credentials or calls ServiceTitan.

Tenant controls
11
flags
4
default on
4
gated automation
4
high risk
Manual flags can support sales now. Database-backed, API-backed, and partner-gated flags stay off until their gates are proven.

Tenant feature flag matrix

Manual Titan Map

manual-titan-map

enabled manuallow risk

Category: mapping

Default: on

Customer visible: yes

Manual mode: Customer-reviewed pages, CTAs, campaigns, zones, memberships, and pricebook references are mapped in the workbench.

Already available without database or API access.
Kill switch: Disable mapped claims and fall back to generic website copy until the customer reviews the map.
Reviewed mapCoverage scoreCustomer approval note

Booking request fallback

booking-request-fallback

enabled manuallow risk

Category: handoff

Default: on

Customer visible: yes

Manual mode: Use local request forms, phone-first CTAs, notification fallback, source context, and dry-run booking envelope.

Already available as a manual lead-safety path.
Kill switch: Switch affected pages to phone-first CTA and disable any broken scheduler embed.
Fallback testNotification recipientSource contextNo synchronous API dependency

Manual taxonomy import

manual-taxonomy-import

manual reviewmedium risk

Category: mapping

Default: off

Customer visible: no

Manual mode: Operator imports customer-supplied CSV rows or screenshots into reviewed Titan Map candidates.

Customer provides approved exports or screenshots and redaction rules are followed.
Kill switch: Discard unreviewed imported candidates and return to customer-confirmed manual entries.
Source artifactImport warningsReviewed JSONRedaction check

Manual drift monitor

drift-monitor

enabled manualmedium risk

Category: governance

Default: on

Customer visible: yes

Manual mode: Monthly review compares live pages and manual taxonomy against customer-confirmed operations.

Customer confirms owner and review cadence.
Kill switch: Pause drift claims and mark findings needs-review when source artifacts are stale.
Affected URLsOwnerRecommended fixesCustomer review status

Campaign outcome proof

campaign-proof

manual reviewmedium risk

Category: proof

Default: off

Customer visible: yes

Manual mode: Use demo data or supplied exports with match-quality labels and explicit exclusions.

Customer supplies outcomes or accepts demo-only proof labels.
Kill switch: Remove uncertain records from revenue totals and mark the packet needs-review.
Source fieldsMatch qualityExcluded recordsExport date

Connection readiness

connection-readiness

enabled manuallow risk

Category: governance

Default: on

Customer visible: yes

Manual mode: Show module, scope, customer admin, authorization, token-storage, webhook, and sandbox requirements.

Already available as an offline readiness checklist.
Kill switch: Hide API-upgrade recommendations when the customer has no admin owner or eligible modules.
Admin contactModule listScope mapAPI-gated disclaimer

Persisted page bindings

persisted-page-bindings

database gatedmedium risk

Category: mapping

Default: off

Customer visible: no

Manual mode: Use static demo bindings and the workbench until private persistence exists.

Requires page-binding migration, audit log, tenant ownership, and customer approval workflow.
Kill switch: Use the latest customer-reviewed manual Titan Map as the source of truth.
MigrationAudit logTenant access rulesReview workflow

API taxonomy import

api-taxonomy-import

api gatedhigh risk

Category: mapping

Default: off

Customer visible: yes

Manual mode: Use manual taxonomy importer until read-only scopes and sandbox behavior are validated.

Requires app approval, customer authorization, eligible modules, granted read scopes, rate limits, and sandbox proof.
Kill switch: Stop import jobs, preserve the manual map, and mark imported candidates stale.
Approved appGranted scopesSandbox importRate-limit policyOperator error view

API booking or lead sync

api-booking-sync

api gatedhigh risk

Category: handoff

Default: off

Customer visible: yes

Manual mode: Keep local lead capture, notification fallback, sync queue draft, and manual-complete state.

Requires durable queue, idempotency, customer authorization, endpoint eligibility, retries, and external ID storage.
Kill switch: Disable API sync, keep notification fallback active, and mark queued items manual-review.
Durable queueIdempotency keysExternal IDsRetry policySupport runbook

Webhook processing

webhook-processing

api gatedhigh risk

Category: handoff

Default: off

Customer visible: no

Manual mode: Treat webhook behavior as a future requirement documented in API readiness and architecture blueprint.

Requires signing verification, raw body handling, replay protection, event persistence, and sandbox rejection tests.
Kill switch: Reject all webhook events and leave manual lead/proof paths active.
Signature verificationReplay windowIdempotent event storageSandbox rejection evidence

Marketplace or partner approval claims

marketplace-claims

partner gatedhigh risk

Category: governance

Default: off

Customer visible: yes

Manual mode: Use ServiceTitan-ready language with accurate affiliation disclaimers.

Requires confirmed ServiceTitan partner or marketplace approval and approved listing copy.
Kill switch: Remove marketplace or partner wording from public copy and sales packets.
Approval evidenceListing reviewDisclaimer reviewCustomer-safe copy

Rollout stages

Manual Launch

Sell and deliver the website, Titan Map, booking fallback, launch packet, and support runbooks without API dependency.

enabled manualmanual review
Exit evidence
  • - Launch packet
  • - Reviewed Titan Map
  • - Booking fallback test
  • - Support center

Database foundation

Persist private bindings, sync drafts, drift findings, and outcome proof while keeping API flags disabled.

enabled manualmanual reviewdatabase gated
Exit evidence
  • - Migrations
  • - Tenant access rules
  • - Audit log
  • - Retention policy

Sandbox API validation

Validate read-only imports, webhook rejection, sync retries, disconnect, and outcome matching before customer-facing automation claims.

enabled manualmanual reviewdatabase gatedapi gated
Exit evidence
  • - Sandbox tests
  • - Granted scopes
  • - Rate-limit policy
  • - Operator failure states

Partner review

Use approved ServiceTitan partner or marketplace claims only after approval evidence exists.

enabled manualmanual reviewdatabase gatedapi gatedpartner gated
Exit evidence
  • - Approval proof
  • - Approved listing copy
  • - Security answers
  • - Support contacts

Governance rules

Database-backed, API-backed, and partner-gated flags default off for every tenant.

Prevents accidental claims of live sync, credential storage, or marketplace approval.

Manual lead capture and notification fallback remain on whenever a public form or booking CTA is live.

Visitor demand should not depend on ServiceTitan availability.

Outcome proof must show whether records are demo, manual export, matched, unmatched, or needs-review.

Revenue claims need visible source and match quality.

Each high-risk flag needs a tested kill switch before activation.

Operators need a fast path back to safe manual mode.

Public copy and sales packets must follow the tenant's lowest approved capability state.

A customer with manual-only delivery should never see API or marketplace claims as active.

Flag disclaimers

  • - This feature-flag plan is an offline tenant policy and does not persist tenant settings yet.
  • - No ServiceTitan credentials, app keys, tokens, webhooks, or API calls are used by these flags.
  • - API-backed and partner-gated flags require approved app access, customer authorization, eligible modules, granted scopes, secure token storage, sandbox validation, and support runbooks.
  • - PageToJob is not affiliated with or endorsed by ServiceTitan.