Policy
Runtime Policy
Guardrails that keep AI Dev Hub fast and reliable for builders: clear rate budgets, deterministic validation, and operator safety controls.
Runtime Rate Budgets
| Risk Class | Requests | Window | Input Cap |
|---|---|---|---|
| L (light transforms) | 60 | 60s | 128 KB |
| M (richer transforms) | 30 | 60s | 256 KB |
| H (network-sensitive) | 10 | 60s | 512 KB |
Runtime limits are per identity and return HTTP 429 with retry headers when exceeded.
Payload + Execution Limits
- Request body cap: 1 MB
- Response body cap: 1.4 MB
- Max concurrent requests per identity: 6
- Timeout envelope: L=2000ms, M=4000ms, H=8000ms
- Default daily network budget: 3000 network calls (operator configurable)
Dedicated API Limits
Dedicated API tools run on their own endpoints and currently follow the free-tier budget below.
- Per-day budget: 50 requests/day per IP
- Burst budget: 10 requests per 10s window
Safety Guardrails
- Private, loopback, and local-network targets are blocked for runtime network fetches.
- Input schemas are validated before execution to prevent malformed tool calls.
- Operator kill switches can pause runtime or network budgets during incidents.
- Structured runtime logs are emitted for rate-limit and failure monitoring.
Error Code Quick Reference
| Code | Meaning |
|---|---|
| 400 | Invalid input, wrong surface, or browser-only tool on runtime endpoint |
| 429 | Rate-limited or daily network budget exhausted |
| 503 | Runtime paused by operator policy |
| 504 | Upstream/network timeout |