Skip to Content
Welcome to RitoSwap's documentation!
AI SystemsOperationsQuotas & Limits

Quotas & Limits

Two independent quota systems keep the agent from overspending: token quotas govern LLM usage, and crypto quotas govern how much ETH the MCP tools can send.

Token Quotas

  • Implemented in dapp/app/lib/quotas/token-quota.ts.
  • Controlled by AI_CHAT_QUOTA_ENABLED, AI_CHAT_QUOTA_TOKENS, and AI_CHAT_QUOTA_WINDOW_SEC in ai.server.ts.
  • Only enforced when JWTs are mandatory and the state worker is active. handleChatRequest performs a pre-check before streaming and records usage (addUsage) when the SSE session ends.
  • Token estimates rely on simple heuristics (estimateInputTokensFromModelMessages + estimateTokensFromText) so they work regardless of provider.

Crypto Quotas

  • Implemented in dapp/app/lib/quotas/crypto-quota.ts.
  • Configured via AI_CRYPTO_QUOTA_ENABLED, AI_CRYPTO_QUOTA_DAILY_LIMIT, AI_CRYPTO_QUOTA_USER_LIMIT, and AI_CRYPTO_QUOTA_DURATION.
  • precheckCryptoSpend is called before any send-crypto tool executes, covering both a global per-network window and a per-address window. Success/failure reasons bubble up into tool chips so the user knows whether the global pool or their individual allowance ran out.
  • recordCryptoSpend increments both windows via the state service after a transaction is mined.
⚠️

Crypto quotas require the same Durable Object service as token quotas. If NEXT_PUBLIC_ENABLE_STATE_WORKER is false, the tooling falls back to “unlimited” windows, which is acceptable in local development but not production.

Durable State Service

The Cloudflare Durable Object at dapp/cloudflare/src/durable/state.ts handles nonce storage, rate limiting, and quota windows. The Next.js side communicates through dapp/app/lib/state/client.ts, which throws if the service is disabled or misconfigured.

Reset API

dapp/app/api/quota-reset/route.ts offers a guarded POST endpoint for admins. It supports three modes:

1. Full reset

POST with { "all": true, "scope": "token|crypto|both" }. Deletes every quota key for the selected scope(s).

2. Targeted tokens

POST with { "tokenIds": ["123", "456"] }. The handler maps token IDs to per-user keys and deletes them in batches.

3. Targeted crypto addresses

POST with { "scope": "crypto", "addresses": ["0xabc..."] }. Resets the per-address windows for the active network.

All requests must include the AI_QUOTA_RESET_SECRET via either the dedicated headers (x-quota-reset-secret), Authorization bearer, JSON body, or ?secret= query param. The route also refuses to run if the state service is disabled.

Summary Table

QuotaStorage KeyEnforced ByNotes
Tokenchat:quota:{tokenId}handleChatRequestOnly active when JWTs are in play; guard rails for LLM consumption.
Crypto (global)crypto:quota:{network}:allsend-crypto*.tsCaps total daily spending for the active network.
Crypto (per user)crypto:quota:{network}:addr:{user}send-crypto*.tsPrevents a single wallet from draining the pool.
Last updated on
API OverviewChat

RitoSwap Docs does not store, collect or access any of your conversations. All saved prompts are stored locally in your browser only.