feat: add MCP_RATE_LIMIT env variable to control MCP request rate

Document MCP_RATE_LIMIT in README, docker-compose, .env.example, Helm values and configmap.
2026-04-03 15:43:58 +02:00
parent 6b94c0632c
commit 64d4a20403
6 changed files with 12 additions and 1 deletions
--- a/server/.env.example
+++ b/server/.env.example
@@ -28,6 +28,8 @@ OIDC_SCOPE=openid email profile groups # Space-separated OIDC scopes to request

 DEMO_MODE=false # Demo mode - resets data hourly

+# MCP_RATE_LIMIT=60 # Max MCP API requests per user per minute (default: 60)
+
 # Initial admin account — only used on first boot when no users exist yet.
 # If both are set the admin account is created with these credentials.
 # If either is omitted a random password is generated and printed to the server log.
--- a/server/src/mcp/index.ts
+++ b/server/src/mcp/index.ts
@@ -21,7 +21,8 @@ const sessions = new Map<string, McpSession>();
 const SESSION_TTL_MS = 60 * 60 * 1000; // 1 hour
 const MAX_SESSIONS_PER_USER = 5;
 const RATE_LIMIT_WINDOW_MS = 60 * 1000; // 1 minute
-const RATE_LIMIT_MAX = 60; // requests per minute per user
+const parsed = Number.parseInt(process.env.MCP_RATE_LIMIT ?? "");
+const RATE_LIMIT_MAX = Number.isFinite(parsed) && parsed > 0 ? parsed : 60; // requests per minute per user

 interface RateLimitEntry {
  count: number;