Recipe: Canary rollout strategy
Ship Meridian updates to a small subset of users before broad release. Validate stability, gather telemetry, and halt rollback instantly if anomalies surface.
Step 1 — Segment your audience
Define a canary cohort via license tier, machine fingerprint hash modulo, or opt-in flag. Keep the cohort under 5% of total active installs.
Step 2 — Dual-channel CDN
Publish the canary payload to a separate CDN path. The loader checks cohort membership at startup and fetches from the canary origin only when the flag matches.
Step 3 — Observe & decide
Monitor crash rate, load time, and license-check success for the canary cohort. If metrics stay within baseline for 24 hours, promote the payload to stable. If not, flip the cohort flag to zero and investigate.
Step 4 — Automate promotion
Wire the dashboard to a KV-backed feature flag. When the canary passes, toggle the flag and the CDN edge switches all clients to the new payload within one TTL cycle.
Meridian tip: Always sign canary payloads with a separate Ed25519 keypair. If the canary key is revoked, clients fall back to the stable channel automatically.