Question
Design the change-management / safe-rollout pipeline for an authorization policy system used company-wide, where a single bad policy edit can either lock everyone out (over-restrictive) or open a hole (over-permissive), and policies change dozens of times a day across many teams. Beyond the runtime decision engine, design how a policy change is validated, dry-run, and rolled out safely. Discuss policy versioning, shadow/dual evaluation against real traffic, automated impact analysis ('this change would newly DENY 4,200 requests/day'), staged rollout, and instant rollback — all while the engine answers millions of decisions/sec.
Clarify scale and constraints first. Propose a clean component breakdown, then go deep on the hard parts — data model, bottlenecks, consistency, failure modes — and name the trade-offs you are making.