Policies

Ce contenu n’est pas encore disponible dans votre langue.

The Limits & Policies page (/admin/limits) exposes runtime-tunable policy. Most settings can be changed without restarting the server; a small number require a restart and are flagged accordingly in the UI.

Rate limits

Per-IP and per-user request budgets, enforced in front of the endpoint dispatcher.

Policy	Default	Scope
`global`	100 req/min	per IP, sliding window
`auth`	10 req/min	per IP
`sync`	30 req/min	per authenticated user
`ai` (auth)	30 req/min	per user
`ai` (anon)	5 req/min	per IP

The Retry-After strategy and burst windows are configured alongside.

Quotas

Per-user object caps enforced before any sync push commits. Defaults:

Object	Cap
Templates	100
AI providers	20
Sessions	10,000
Memories	500
Todos	500

A push that would exceed a cap is rejected with 409 quota_exceeded. The client surfaces this in the Cloud Sync settings.

Identity policy

Controls account lifecycle:

Allow self-signup — whether /auth/register is open to the public.
Require email verification — whether new accounts must confirm before signing in.
Allowed OAuth providers — toggle Google / Microsoft / Entra individually.
Password complexity — minimum length, required character classes (for local accounts).

AI payload limits

Caps on the size of AI proxy traffic to keep costs bounded.

Setting	Purpose
Max input chars	Hard ceiling on prompt length sent to upstream providers
Max output tokens	Cap requested from upstream (per request)
Daily token budget	Optional per-user token budget over a rolling 24h

What needs a restart?

The policies above are read from IOptionsMonitor<T> and re-bind on change. A small set of settings — database provider, JWT signing key, encryption master key — only take effect after a restart. The UI shows a banner with a “Restart now” button when an unsaved change requires a restart, and the restart is performed via the configured RestartCapability (which defaults to a process-level restart and is skipped in environments where it isn’t safe).