●Tenant-native feature management

The flag isn't for users.
It's for tenants.

Argus is per-tenant feature flags with an audit log nothing escapes — for the SaaS that ships once and serves many.

tenant-scoped deterministic reversible auditable

Get started → See how it works ↓

argus / tenants live

98chimp.tenant

TNT_01HF7Q · CA-EAST

prod 50% rollout

loomi.tenant

TNT_01HF7R · CA-CENTRAL

staging held

dk_derby.tenant

TNT_01HF7S · US-EAST

prod held until 2026-Q3

flag new_billing_v2 3 tenants · 1 live

●The problem

Flag tools were built for one app, many users.
SaaS today ships one app, many tenants.

01 · The workaround

Engineers paste tenant_id into segmentation rules.

User segments become a parking lot for org IDs. Audits can't tell tenant scope from cohort experiment from kill switch.

02 · The blast radius

A bad rollout to one tenant taints all of them.

"Disable for tenant B" requires deploying a config that touches A, C, D too. Reversibility is theatre.

03 · The compliance gap

Audit logs are global, not tenant-scoped.

When a regulated customer asks what changed in their environment last quarter, the answer is grep plus apologies.

04 · The support fog

"Is feature X on for client Y?" takes a Slack thread to answer.

Customer-facing teams have no live, tenant-scoped view of who has what. Eng becomes a support escalation queue.

●Product, in one line

Per-tenant feature flags
with an audit log nothing escapes.

Tenant is required at evaluation time. Tenant changes write tenant-scoped audit rows. Bypass is impossible — not because the SDK asks nicely, but because the row can't be written without one.

●How we're different

Tenant truth. Governed change. Safe rollback.

01 · Tenant truth

One queryable place for who has what, why, and since when.

Tenant matrix as a first-class object — not a flag-by-flag spreadsheet rebuilt in Notion.

Tenant	billing_v2	kyc_lite	refunds
98chimp	●	◐	●
loomi	○	○	●
dk_derby	○	●	◐

02 · Governed change

Two-engineer prod approval. Tenant-scoped RBAC. Immutable audit rows.

Actor, timestamp, env, tenant, flag, before, after. Required — not configurable.

approval · awaiting 1 of 2 · shahin just now

flag=new_billing_v2 tenant=98chimp → 50% 2m

role=approver scope=tenant:loomi 14m

03 · Safe rollback

Roll back for one tenant in one click — without touching the others.

Deterministic percentage rollouts hashed by tenant_id and flag_key. Same input, same outcome, every time.

tenant 98chimp50%

blast radius0 other tenants

●60 seconds, end to end

From create to revert, without a Slack thread.

Create flag

argus flag create new_billing_v2 --env prod

Scope to tenant

argus tenant 98chimp set new_billing_v2 on

50% rollout

argus rollout new_billing_v2 --tenant 98chimp --pct 50

Two-engineer approval

approval requested · awaiting 1 of 2

Audit row written

actor=shahin env=prod tenant=98chimp before=off after=50%

Revert · one click

argus rollback --tenant 98chimp · blast radius = 0

●If you remember one thing

Tenant is required at the API surface.

Once tenant scoping is mandatory, every downstream property — audit, isolation, blast radius, pricing — falls out for free.

✓ Audit, isolation, blast radius, and pricing fall out for free.
✓ TypeScript first today. Web SDK on the v1 roadmap.
✓ MVP runs on Firebase. Custom data plane is post-PMF.

typescript · argus-sdk@v0 live

// scoped, deterministic, reversible
const flag = await argus.evaluate({
  key:     "new_billing_v2",
  tenant:  ctx.tenantId,      // required
  env:     "prod",
});

if (flag.on) renderNewBilling();

// → audit row written, scoped to tenant.
// → reversible from the dashboard in one click.
// → impossible to evaluate without a tenant.

●Where Argus fits

Keep the tools you have. Argus owns tenant-scoped operations.

You probably already use

What it does well

Argus complements by

LaunchDarkly · Statsig · GrowthBook

Experimentation, broad runtime targeting, A/B and personalization.

Owning tenant decisions as tenant-owned state, with native per-tenant audit.

Firebase Remote Config

Mobile config delivery and staged rollouts.

Modeling tenant overrides, approvals, and rollback evidence above your project tree.

Runway · Codemagic · Bitrise

White-label release orchestration across many app variants.

Persistent cross-brand truth for ops, support, and audit outside the release window.

Argus is not an experimentation platform, prompt-management tool, or generic remote-config clone. We coexist by design.

●Built by operators

We've felt this break.

Argus comes out of years running multi-tenant SaaS where every "roll out for tenant B" was a custom rule, a Slack thread, and a held breath. We're shipping the layer we wished we had — and we're picking three design partners to ship it with.

— Shahin, Argus hello@projectargus.cloud

●Pilot · 30 days · written-first

Three design partners. One portfolio each. We respond in writing within two business days.

Send the shape of your portfolio (apps or tenants, brands, regulated workflows) and the rollout that scares you. We'll write back with a fit read, a matrix template you can use today, and a pilot scope. No calendar. No discovery call until both sides have written context.

Get started → Read the pilot offer →

The flag isn't for users.It's for tenants.

Flag tools were built for one app, many users. SaaS today ships one app, many tenants.