Limits and Runtime Guards
Current Guardrails
Section titled “Current Guardrails”The server exposes guardrails for:
- request payload size
- key size
- value size
- key count in batch commands
- transaction queue length
- sustained request rate
- burst request rate
- idle connection lifetime
- transaction lifetime
- auth failure window and temporary lockout
Runtime Controls
Section titled “Runtime Controls”Important controls include:
--max-request-payload-bytes--max-key-bytes--max-value-bytes--max-keys-per-batch--max-transaction-queue-len--requests-per-second--request-burst--idle-timeout-seconds--transaction-max-seconds--auth-failure-window-seconds--auth-failure-limit--auth-lockout-seconds
These are also available through the documented VAYLIX_* environment variables for container use.
Why They Exist
Section titled “Why They Exist”These controls reduce:
- accidental oversized requests
- noisy-client impact
- unbounded queued transaction growth
- idle connection leakage
- unbounded open transaction lifetime
- repeated online auth guessing without delay
Maintenance Mode
Section titled “Maintenance Mode”Maintenance mode is a separate operational restriction:
maintenance onmaintenance offmaintenance status
When enabled, the server stays available for reads, inspection, and backup verification flows, but rejects mutating commands, restore flows, and transaction entry/commit.
What These Controls Are Not
Section titled “What These Controls Are Not”They are not a complete abuse-defense platform.
Still missing:
- global rate limits
- per-user quotas
- IP reputation or ban lists
- distributed admission control
- replication-aware backpressure