Rate limits and auth limits
UnifiedMemory is currently a private hosted product. Rate limits are enforced as operational guardrails rather than public pricing-tier quotas.
Current stance
- Use scoped keys for agents and clients.
- Use admin keys only for owner/operator workflows.
- Public auth and activation routes should be protected by server-side abuse controls.
- Edge auth should fail closed if the authoritative D1 auth store is unavailable, unless a short-lived break-glass mode is explicitly enabled.
- Missing optional proof secrets should show
skipped_missing_secret, not fake success.
Key capability limits
Keys should be issued with only the capabilities needed by the integration:
| Capability area | Typical use |
|---|---|
memory.read / memory.recall | Search and retrieve scoped memory. |
memory.write | Retain explicit facts. |
agent.context | Build pre-turn prompt context. |
agent.writeback | Store post-turn outcomes. |
courtroom.read | Inspect evidence and verdicts. |
canary.read | Verify runtime/key readiness. |
What to expect
If a key exceeds its scope, the expected result is 403. If a route is
unauthenticated or the key is invalid, the expected result is 401.
Operational dashboards should distinguish real rate limiting from provider degradation, missing credentials, and no-traffic states.
Not yet public
There is no published public quota table yet. Do not infer commercial rate limits from internal proof or operator dashboards.