fail open term
on failure, default to permissive behavior
When a check fails (auth, rate limit, feature flag service), the system defaults to allowing the request through. Better availability, worse security. Fine for non-critical paths (recommendations); dangerous for security-critical ones. Must be a deliberate decision, not a default.