From dd8d2ae54a6398472ec7b71de3e9b40a4269dc62 Mon Sep 17 00:00:00 2001 From: jubnl Date: Sat, 11 Apr 2026 02:28:54 +0200 Subject: [PATCH] chore(mcp): raise default session and rate-limit caps MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Higher defaults reduce config friction for self-hosters while staying within reasonable server limits. - MCP_MAX_SESSION_PER_USER: 5 → 20 - MCP_RATE_LIMIT: 60 → 300 req/min --- README.md | 8 ++++---- chart/values.yaml | 8 ++++---- docker-compose.yml | 4 ++-- server/.env.example | 4 ++-- server/src/mcp/index.ts | 4 ++-- unraid-template.xml | 4 ++-- 6 files changed, 16 insertions(+), 16 deletions(-) diff --git a/README.md b/README.md index e0983450..25d6d3ff 100644 --- a/README.md +++ b/README.md @@ -166,8 +166,8 @@ services: # - DEMO_MODE=false # Enable demo mode (resets data hourly) # - ADMIN_EMAIL=admin@trek.local # Initial admin e-mail — only used on first boot when no users exist # - ADMIN_PASSWORD=changeme # Initial admin password — only used on first boot when no users exist - # - MCP_RATE_LIMIT=60 # Max MCP API requests per user per minute (default: 60) - # - MCP_MAX_SESSION_PER_USER=5 # Max concurrent MCP sessions per user (default: 5) + # - MCP_RATE_LIMIT=300 # Max MCP API requests per user per minute (default: 300) + # - MCP_MAX_SESSION_PER_USER=20 # Max concurrent MCP sessions per user (default: 20) volumes: - ./data:/app/data - ./uploads:/app/uploads @@ -311,8 +311,8 @@ trek.yourdomain.com { | `ADMIN_PASSWORD` | Password for the first admin account created on initial boot. Must be set together with `ADMIN_EMAIL`. | random | | **Other** | | | | `DEMO_MODE` | Enable demo mode (hourly data resets) | `false` | -| `MCP_RATE_LIMIT` | Max MCP API requests per user per minute | `60` | -| `MCP_MAX_SESSION_PER_USER` | Max concurrent MCP sessions per user | `5` | +| `MCP_RATE_LIMIT` | Max MCP API requests per user per minute | `300` | +| `MCP_MAX_SESSION_PER_USER` | Max concurrent MCP sessions per user | `20` | ## Optional API Keys diff --git a/chart/values.yaml b/chart/values.yaml index 47a941c7..35758aa9 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -51,10 +51,10 @@ env: # Override the OIDC discovery endpoint for providers with non-standard paths (e.g. Authentik). # DEMO_MODE: "false" # Enable demo mode (hourly data resets). - # MCP_RATE_LIMIT: "60" - # Max MCP API requests per user per minute. Defaults to 60. - # MCP_MAX_SESSION_PER_USER: "5" - # Max concurrent MCP sessions per user. Defaults to 5. + # MCP_RATE_LIMIT: "300" + # Max MCP API requests per user per minute. Defaults to 300. + # MCP_MAX_SESSION_PER_USER: "20" + # Max concurrent MCP sessions per user. Defaults to 20. # Secret environment variables stored in a Kubernetes Secret. diff --git a/docker-compose.yml b/docker-compose.yml index 39a82c60..3ae9e042 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -38,8 +38,8 @@ services: # - OIDC_DISCOVERY_URL= # Override the OIDC discovery endpoint for providers with non-standard paths (e.g. Authentik) # - ADMIN_EMAIL=admin@trek.local # Initial admin e-mail — only used on first boot when no users exist # - ADMIN_PASSWORD=changeme # Initial admin password — only used on first boot when no users exist -# - MCP_RATE_LIMIT=60 # Max MCP API requests per user per minute (default: 60) -# - MCP_MAX_SESSION_PER_USER=5 # Max concurrent MCP sessions per user (default: 5) +# - MCP_RATE_LIMIT=300 # Max MCP API requests per user per minute (default: 300) +# - MCP_MAX_SESSION_PER_USER=20 # Max concurrent MCP sessions per user (default: 20) volumes: - ./data:/app/data - ./uploads:/app/uploads diff --git a/server/.env.example b/server/.env.example index 5e8c677a..c5ebeeff 100644 --- a/server/.env.example +++ b/server/.env.example @@ -28,8 +28,8 @@ OIDC_SCOPE=openid email profile # Fully overrides the default. Add extra scopes DEMO_MODE=false # Demo mode - resets data hourly -# MCP_RATE_LIMIT=60 # Max MCP API requests per user per minute (default: 60) -# MCP_MAX_SESSION_PER_USER=5 # Max concurrent MCP sessions per user (default: 5) +# MCP_RATE_LIMIT=300 # Max MCP API requests per user per minute (default: 300) +# MCP_MAX_SESSION_PER_USER=20 # Max concurrent MCP sessions per user (default: 20) # Initial admin account — only used on first boot when no users exist yet. # If both are set the admin account is created with these credentials. diff --git a/server/src/mcp/index.ts b/server/src/mcp/index.ts index 77407f4e..ce8bced5 100644 --- a/server/src/mcp/index.ts +++ b/server/src/mcp/index.ts @@ -94,10 +94,10 @@ const STATIC_TOKEN_DEPRECATION_NOTICE = const SESSION_TTL_MS = 60 * 60 * 1000; // 1 hour const sessionParsed = Number.parseInt(process.env.MCP_MAX_SESSION_PER_USER ?? ""); -const MAX_SESSIONS_PER_USER = Number.isFinite(sessionParsed) && sessionParsed > 0 ? sessionParsed : 5; +const MAX_SESSIONS_PER_USER = Number.isFinite(sessionParsed) && sessionParsed > 0 ? sessionParsed : 20; const RATE_LIMIT_WINDOW_MS = 60 * 1000; // 1 minute const parsed = Number.parseInt(process.env.MCP_RATE_LIMIT ?? ""); -const RATE_LIMIT_MAX = Number.isFinite(parsed) && parsed > 0 ? parsed : 60; // requests per minute per user +const RATE_LIMIT_MAX = Number.isFinite(parsed) && parsed > 0 ? parsed : 300; // requests per minute per user interface RateLimitEntry { count: number; diff --git a/unraid-template.xml b/unraid-template.xml index 74fe88a8..e2390b92 100644 --- a/unraid-template.xml +++ b/unraid-template.xml @@ -57,6 +57,6 @@ false - 60 - 5 + 300 + 20