+1 -1

cmd/hold/main.go

reviewed

··· 106 106 os.Exit(1) 107 107 } 108 108 if quotaMgr.IsEnabled() { 109 109 - slog.Info("Quota enforcement enabled", "berths", quotaMgr.BerthCount(), "defaultBerth", quotaMgr.GetDefaultBerth()) 109 109 + slog.Info("Quota enforcement enabled", "tiers", quotaMgr.TierCount(), "defaultTier", quotaMgr.GetDefaultTier()) 110 110 } else { 111 111 slog.Info("Quota enforcement disabled (no quotas.yaml found)") 112 112 }

+10 -10

deploy/quotas.yaml

reviewed

··· 2 2 # Copy this file to quotas.yaml to enable quota enforcement. 3 3 # If quotas.yaml doesn't exist, quotas are disabled (unlimited for all users). 4 4 5 5 - # Berths define quota tiers using nautical crew ranks. 6 6 - # Each berth has a quota limit specified in human-readable format. 5 5 + # Tiers define quota levels using nautical crew ranks. 6 6 + # Each tier has a quota limit specified in human-readable format. 7 7 # Supported units: B, KB, MB, GB, TB, PB (case-insensitive) 8 8 - berths: 8 8 + tiers: 9 9 # Entry-level crew - suitable for new or casual users 10 10 deckhand: 11 11 quota: 5GB ··· 18 18 quartermaster: 19 19 quota: 100GB 20 20 21 21 - # You can add custom berths with any name: 21 21 + # You can add custom tiers with any name: 22 22 # unlimited_crew: 23 23 # quota: 1TB 24 24 25 25 defaults: 26 26 - # Default berth assigned to new crew members who don't have an explicit berth. 27 27 - # This berth must exist in the berths section above. 28 28 - new_crew_berth: deckhand 26 26 + # Default tier assigned to new crew members who don't have an explicit tier. 27 27 + # This tier must exist in the tiers section above. 28 28 + new_crew_tier: deckhand 29 29 30 30 # Notes: 31 31 - # - The hold captain (owner) always has unlimited quota regardless of berths. 32 32 - # - Crew members can be assigned a specific berth in their crew record. 33 33 - # - If a crew member's berth doesn't exist in config, they fall back to the default. 31 31 + # - The hold captain (owner) always has unlimited quota regardless of tiers. 32 32 + # - Crew members can be assigned a specific tier in their crew record. 33 33 + # - If a crew member's tier doesn't exist in config, they fall back to the default. 34 34 # - Quota is calculated per-user by summing unique blob sizes (deduplicated). 35 35 # - Quota is checked when pushing manifests (after blobs are already uploaded).

+11 -11

docs/QUOTAS.md

reviewed

··· 507 507 - Email/webhook notifications 508 508 - Grace period before hard enforcement 509 509 510 510 - ### 3. Berth-Based Quotas (Implemented) 510 510 + ### 3. Tier-Based Quotas (Implemented) 511 511 512 512 - ATCR uses nautical-themed "berths" for quota tiers, configured via `quotas.yaml`: 512 512 + ATCR uses quota tiers to limit storage per crew member, configured via `quotas.yaml`: 513 513 514 514 ```yaml 515 515 # quotas.yaml 516 516 - berths: 516 516 + tiers: 517 517 deckhand: # Entry-level crew 518 518 quota: 5GB 519 519 bosun: # Mid-level crew ··· 522 522 quota: 100GB 523 523 524 524 defaults: 525 525 - new_crew_berth: deckhand # Default berth for new crew members 525 525 + new_crew_tier: deckhand # Default tier for new crew members 526 526 ``` 527 527 528 528 - | Berth | Limit | Description | 529 529 - |-------|-------|-------------| 528 528 + | Tier | Limit | Description | 529 529 + |------|-------|-------------| 530 530 | deckhand | 5 GB | Entry-level crew member | 531 531 | bosun | 50 GB | Mid-level crew member | 532 532 | quartermaster | 100 GB | Senior crew member | 533 533 | owner (captain) | Unlimited | Hold owner always has unlimited | 534 534 535 535 - **Berth Resolution:** 535 535 + **Tier Resolution:** 536 536 1. If user is captain (owner) → unlimited 537 537 - 2. If crew member has explicit berth → use that berth's limit 538 538 - 3. If crew member has no berth → use `defaults.new_crew_berth` 539 539 - 4. If default berth not found → unlimited 537 537 + 2. If crew member has explicit tier → use that tier's limit 538 538 + 3. If crew member has no tier → use `defaults.new_crew_tier` 539 539 + 4. If default tier not found → unlimited 540 540 541 541 **Crew Record Example:** 542 542 ```json ··· 545 545 "member": "did:plc:alice123", 546 546 "role": "writer", 547 547 "permissions": ["blob:write"], 548 548 - "berth": "bosun", 548 548 + "tier": "bosun", 549 549 "addedAt": "2026-01-04T12:00:00Z" 550 550 } 551 551 ```

+2 -2

lexicons/io/atcr/hold/crew.json

reviewed

··· 29 29 "maxLength": 64 30 30 } 31 31 }, 32 32 - "berth": { 32 32 + "tier": { 33 33 "type": "string", 34 34 - "description": "Optional berth (nautical rank) for quota limits (e.g., 'deckhand', 'bosun', 'quartermaster'). If empty, uses defaults.new_crew_berth from quotas.yaml.", 34 34 + "description": "Optional tier for quota limits (e.g., 'deckhand', 'bosun', 'quartermaster'). If empty, uses defaults.new_crew_tier from quotas.yaml.", 35 35 "maxLength": 32 36 36 }, 37 37 "addedAt": {

+3 -3

pkg/appview/handlers/storage.go

reviewed

··· 26 26 UniqueBlobs int `json:"uniqueBlobs"` 27 27 TotalSize int64 `json:"totalSize"` 28 28 Limit *int64 `json:"limit,omitempty"` // nil = unlimited 29 29 - Berth string `json:"berth,omitempty"` // e.g., "deckhand", "bosun", "owner" 29 29 + Tier string `json:"tier,omitempty"` // e.g., "deckhand", "bosun", "owner" 30 30 } 31 31 32 32 func (h *StorageHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { ··· 110 110 HasLimit bool 111 111 HumanLimit string 112 112 UsagePercent int 113 113 - Berth string 113 113 + Tier string 114 114 }{ 115 115 UniqueBlobs: stats.UniqueBlobs, 116 116 TotalSize: stats.TotalSize, ··· 118 118 HasLimit: hasLimit, 119 119 HumanLimit: humanLimit, 120 120 UsagePercent: usagePercent, 121 121 - Berth: stats.Berth, 121 121 + Tier: stats.Tier, 122 122 } 123 123 124 124 w.Header().Set("Content-Type", "text/html")

+6 -6

pkg/appview/templates/pages/settings.html

reviewed

··· 31 31 32 32 <!-- Storage Usage Section --> 33 33 <section class="settings-section storage-section"> 34 34 - <h2>Storage Usage</h2> 34 34 + <h2>Stowage</h2> 35 35 <p>Estimated storage usage on your default hold.</p> 36 36 <div id="storage-stats" hx-get="/api/storage" hx-trigger="load" hx-swap="innerHTML"> 37 37 <p><i data-lucide="loader-2" class="spin"></i> Loading...</p> ··· 293 293 white-space: nowrap; 294 294 } 295 295 296 296 - /* Berth Badge */ 297 297 - .storage-section .berth-badge { 296 296 + /* Tier Badge */ 297 297 + .storage-section .tier-badge { 298 298 text-transform: capitalize; 299 299 padding: 0.125rem 0.5rem; 300 300 border-radius: 4px; ··· 302 302 background: var(--accent-bg, #e0f2fe); 303 303 color: var(--accent, #0369a1); 304 304 } 305 305 - .storage-section .berth-owner { 305 305 + .storage-section .tier-owner { 306 306 background: #fef3c7; 307 307 color: #92400e; 308 308 } 309 309 - .storage-section .berth-quartermaster { 309 309 + .storage-section .tier-quartermaster { 310 310 background: #dcfce7; 311 311 color: #166534; 312 312 } 313 313 - .storage-section .berth-bosun { 313 313 + .storage-section .tier-bosun { 314 314 background: #e0e7ff; 315 315 color: #3730a3; 316 316 }

+3 -3

pkg/appview/templates/partials/storage_stats.html

reviewed

··· 1 1 {{ define "storage_stats" }} 2 2 <div class="storage-stats"> 3 3 - {{ if .Berth }} 3 3 + {{ if .Tier }} 4 4 <div class="stat-row"> 5 5 - <span class="stat-label">Berth:</span> 6 6 - <span class="stat-value berth-badge berth-{{ .Berth }}">{{ .Berth }}</span> 5 5 + <span class="stat-label">Tier:</span> 6 6 + <span class="stat-value tier-badge tier-{{ .Tier }}">{{ .Tier }}</span> 7 7 </div> 8 8 {{ end }} 9 9 <div class="stat-row">

+33 -33

pkg/atproto/cbor_gen.go

reviewed

··· 27 27 cw := cbg.NewCborWriter(w) 28 28 fieldCount := 6 29 29 30 30 - if t.Berth == "" { 30 30 + if t.Tier == "" { 31 31 fieldCount-- 32 32 } 33 33 ··· 58 58 return err 59 59 } 60 60 61 61 + // t.Tier (string) (string) 62 62 + if t.Tier != "" { 63 63 + 64 64 + if len("tier") > 8192 { 65 65 + return xerrors.Errorf("Value in field \"tier\" was too long") 66 66 + } 67 67 + 68 68 + if err := cw.WriteMajorTypeHeader(cbg.MajTextString, uint64(len("tier"))); err != nil { 69 69 + return err 70 70 + } 71 71 + if _, err := cw.WriteString(string("tier")); err != nil { 72 72 + return err 73 73 + } 74 74 + 75 75 + if len(t.Tier) > 8192 { 76 76 + return xerrors.Errorf("Value in field t.Tier was too long") 77 77 + } 78 78 + 79 79 + if err := cw.WriteMajorTypeHeader(cbg.MajTextString, uint64(len(t.Tier))); err != nil { 80 80 + return err 81 81 + } 82 82 + if _, err := cw.WriteString(string(t.Tier)); err != nil { 83 83 + return err 84 84 + } 85 85 + } 86 86 + 61 87 // t.Type (string) (string) 62 88 if len("$type") > 8192 { 63 89 return xerrors.Errorf("Value in field \"$type\" was too long") ··· 79 105 } 80 106 if _, err := cw.WriteString(string(t.Type)); err != nil { 81 107 return err 82 82 - } 83 83 - 84 84 - // t.Berth (string) (string) 85 85 - if t.Berth != "" { 86 86 - 87 87 - if len("berth") > 8192 { 88 88 - return xerrors.Errorf("Value in field \"berth\" was too long") 89 89 - } 90 90 - 91 91 - if err := cw.WriteMajorTypeHeader(cbg.MajTextString, uint64(len("berth"))); err != nil { 92 92 - return err 93 93 - } 94 94 - if _, err := cw.WriteString(string("berth")); err != nil { 95 95 - return err 96 96 - } 97 97 - 98 98 - if len(t.Berth) > 8192 { 99 99 - return xerrors.Errorf("Value in field t.Berth was too long") 100 100 - } 101 101 - 102 102 - if err := cw.WriteMajorTypeHeader(cbg.MajTextString, uint64(len(t.Berth))); err != nil { 103 103 - return err 104 104 - } 105 105 - if _, err := cw.WriteString(string(t.Berth)); err != nil { 106 106 - return err 107 107 - } 108 108 } 109 109 110 110 // t.Member (string) (string) ··· 240 240 241 241 t.Role = string(sval) 242 242 } 243 243 - // t.Type (string) (string) 244 244 - case "$type": 243 243 + // t.Tier (string) (string) 244 244 + case "tier": 245 245 246 246 { 247 247 sval, err := cbg.ReadStringWithMax(cr, 8192) ··· 249 249 return err 250 250 } 251 251 252 252 - t.Type = string(sval) 252 252 + t.Tier = string(sval) 253 253 } 254 254 - // t.Berth (string) (string) 255 255 - case "berth": 254 254 + // t.Type (string) (string) 255 255 + case "$type": 256 256 257 257 { 258 258 sval, err := cbg.ReadStringWithMax(cr, 8192) ··· 260 260 return err 261 261 } 262 262 263 263 - t.Berth = string(sval) 263 263 + t.Type = string(sval) 264 264 } 265 265 // t.Member (string) (string) 266 266 case "member":

+2 -2

pkg/atproto/lexicon.go

reviewed

··· 594 594 Member string `json:"member" cborgen:"member"` 595 595 Role string `json:"role" cborgen:"role"` 596 596 Permissions []string `json:"permissions" cborgen:"permissions"` 597 597 - Berth string `json:"berth,omitempty" cborgen:"berth,omitempty"` // Optional berth for quota limits (nautical rank) 598 598 - AddedAt string `json:"addedAt" cborgen:"addedAt"` // RFC3339 timestamp 597 597 + Tier string `json:"tier,omitempty" cborgen:"tier,omitempty"` // Optional tier for quota limits (e.g., 'deckhand', 'bosun', 'quartermaster') 598 598 + AddedAt string `json:"addedAt" cborgen:"addedAt"` // RFC3339 timestamp 599 599 } 600 600 601 601 // LayerRecord represents metadata about a container layer stored in the hold

+2 -2

pkg/hold/oci/xrpc.go

reviewed

··· 24 24 pds *pds.HoldPDS 25 25 httpClient pds.HTTPClient 26 26 enableBlueskyPosts bool 27 27 - quotaMgr *quota.Manager // Quota manager for berth-based limits 27 27 + quotaMgr *quota.Manager // Quota manager for tier-based limits 28 28 } 29 29 30 30 // NewXRPCHandler creates a new OCI XRPC handler ··· 281 281 if operation == "push" { 282 282 // Soft limit check: block if ALREADY over quota 283 283 // (blobs already uploaded to S3 by this point, no sense rejecting) 284 284 - stats, err := h.pds.GetQuotaForUserWithBerth(ctx, req.UserDID, h.quotaMgr) 284 284 + stats, err := h.pds.GetQuotaForUserWithTier(ctx, req.UserDID, h.quotaMgr) 285 285 if err == nil && stats.Limit != nil && stats.TotalSize > *stats.Limit { 286 286 slog.Warn("Quota exceeded for push", 287 287 "userDid", req.UserDID,

+12 -12

pkg/hold/pds/layer.go

reviewed

··· 67 67 UniqueBlobs int `json:"uniqueBlobs"` 68 68 TotalSize int64 `json:"totalSize"` 69 69 Limit *int64 `json:"limit,omitempty"` // nil = unlimited 70 70 - Berth string `json:"berth,omitempty"` // nautical rank for quota tier 70 70 + Tier string `json:"tier,omitempty"` // quota tier (e.g., 'deckhand', 'bosun', 'quartermaster') 71 71 } 72 72 73 73 // GetQuotaForUser calculates storage quota for a specific user ··· 164 164 }, nil 165 165 } 166 166 167 167 - // GetQuotaForUserWithBerth calculates quota with berth-aware limits 168 168 - // It returns the base quota stats plus the berth limit and berth name. 167 167 + // GetQuotaForUserWithTier calculates quota with tier-aware limits 168 168 + // It returns the base quota stats plus the tier limit and tier name. 169 169 // Captain (owner) always has unlimited quota. 170 170 - func (p *HoldPDS) GetQuotaForUserWithBerth(ctx context.Context, userDID string, quotaMgr *quota.Manager) (*QuotaStats, error) { 170 170 + func (p *HoldPDS) GetQuotaForUserWithTier(ctx context.Context, userDID string, quotaMgr *quota.Manager) (*QuotaStats, error) { 171 171 // Get base stats 172 172 stats, err := p.GetQuotaForUser(ctx, userDID) 173 173 if err != nil { ··· 182 182 // Check if user is captain (owner) - always unlimited 183 183 _, captain, err := p.GetCaptainRecord(ctx) 184 184 if err == nil && captain.Owner == userDID { 185 185 - stats.Berth = "owner" 185 185 + stats.Tier = "owner" 186 186 // Limit remains nil (unlimited) 187 187 return stats, nil 188 188 } 189 189 190 190 - // Get crew record to find berth 191 191 - crewBerth := p.getCrewBerth(ctx, userDID) 190 190 + // Get crew record to find tier 191 191 + crewTier := p.getCrewTier(ctx, userDID) 192 192 193 193 // Resolve limit from quota manager 194 194 - stats.Limit = quotaMgr.GetBerthLimit(crewBerth) 195 195 - stats.Berth = quotaMgr.GetBerthName(crewBerth) 194 194 + stats.Limit = quotaMgr.GetTierLimit(crewTier) 195 195 + stats.Tier = quotaMgr.GetTierName(crewTier) 196 196 197 197 return stats, nil 198 198 } 199 199 200 200 - // getCrewBerth returns the berth for a crew member, or empty string if not found 201 201 - func (p *HoldPDS) getCrewBerth(ctx context.Context, userDID string) string { 200 200 + // getCrewTier returns the tier for a crew member, or empty string if not found 201 201 + func (p *HoldPDS) getCrewTier(ctx context.Context, userDID string) string { 202 202 crewMembers, err := p.ListCrewMembers(ctx) 203 203 if err != nil { 204 204 return "" ··· 206 206 207 207 for _, member := range crewMembers { 208 208 if member.Record.Member == userDID { 209 209 - return member.Record.Berth 209 209 + return member.Record.Tier 210 210 } 211 211 } 212 212

+53 -53

pkg/hold/pds/layer_test.go

reviewed

··· 328 328 return pds, cleanup 329 329 } 330 330 331 331 - // addCrewMemberWithBerth adds a crew member with a specific berth (nautical rank) 332 332 - func addCrewMemberWithBerth(t *testing.T, pds *HoldPDS, memberDID, role string, permissions []string, berth string) { 331 331 + // addCrewMemberWithTier adds a crew member with a specific tier 332 332 + func addCrewMemberWithTier(t *testing.T, pds *HoldPDS, memberDID, role string, permissions []string, tier string) { 333 333 t.Helper() 334 334 335 335 crewRecord := &atproto.CrewRecord{ ··· 337 337 Member: memberDID, 338 338 Role: role, 339 339 Permissions: permissions, 340 340 - Berth: berth, 340 340 + Tier: tier, 341 341 AddedAt: "2026-01-04T12:00:00Z", 342 342 } 343 343 344 344 _, _, err := pds.repomgr.CreateRecord(sharedCtx, pds.uid, atproto.CrewCollection, crewRecord) 345 345 if err != nil { 346 346 - t.Fatalf("Failed to add crew member with berth: %v", err) 346 346 + t.Fatalf("Failed to add crew member with tier: %v", err) 347 347 } 348 348 } 349 349 350 350 - func TestGetQuotaForUserWithBerth_OwnerUnlimited(t *testing.T) { 350 350 + func TestGetQuotaForUserWithTier_OwnerUnlimited(t *testing.T) { 351 351 ownerDID := "did:plc:owner123" 352 352 pds, cleanup := setupTestPDSWithIndex(t, ownerDID) 353 353 defer cleanup() ··· 358 358 tmpDir := t.TempDir() 359 359 configPath := filepath.Join(tmpDir, "quotas.yaml") 360 360 configContent := ` 361 361 - berths: 361 361 + tiers: 362 362 deckhand: 363 363 quota: 5GB 364 364 bosun: 365 365 quota: 50GB 366 366 367 367 defaults: 368 368 - new_crew_berth: deckhand 368 368 + new_crew_tier: deckhand 369 369 ` 370 370 if err := os.WriteFile(configPath, []byte(configContent), 0644); err != nil { 371 371 t.Fatalf("Failed to write quota config: %v", err) ··· 391 391 } 392 392 393 393 // Get quota for owner 394 394 - stats, err := pds.GetQuotaForUserWithBerth(ctx, ownerDID, quotaMgr) 394 394 + stats, err := pds.GetQuotaForUserWithTier(ctx, ownerDID, quotaMgr) 395 395 if err != nil { 396 396 - t.Fatalf("GetQuotaForUserWithBerth failed: %v", err) 396 396 + t.Fatalf("GetQuotaForUserWithTier failed: %v", err) 397 397 } 398 398 399 399 // Owner should have unlimited quota (nil limit) ··· 401 401 t.Errorf("Expected nil limit for owner, got %d", *stats.Limit) 402 402 } 403 403 404 404 - // Berth should be "owner" 405 405 - if stats.Berth != "owner" { 406 406 - t.Errorf("Expected berth 'owner', got %q", stats.Berth) 404 404 + // Tier should be "owner" 405 405 + if stats.Tier != "owner" { 406 406 + t.Errorf("Expected tier 'owner', got %q", stats.Tier) 407 407 } 408 408 409 409 // Should have 3 unique blobs ··· 420 420 t.Logf("Owner quota stats: %+v", stats) 421 421 } 422 422 423 423 - func TestGetQuotaForUserWithBerth_CrewWithDefaultBerth(t *testing.T) { 423 423 + func TestGetQuotaForUserWithTier_CrewWithDefaultTier(t *testing.T) { 424 424 ownerDID := "did:plc:owner456" 425 425 crewDID := "did:plc:crew123" 426 426 pds, cleanup := setupTestPDSWithIndex(t, ownerDID) ··· 432 432 tmpDir := t.TempDir() 433 433 configPath := filepath.Join(tmpDir, "quotas.yaml") 434 434 configContent := ` 435 435 - berths: 435 435 + tiers: 436 436 deckhand: 437 437 quota: 5GB 438 438 bosun: 439 439 quota: 50GB 440 440 441 441 defaults: 442 442 - new_crew_berth: deckhand 442 442 + new_crew_tier: deckhand 443 443 ` 444 444 if err := os.WriteFile(configPath, []byte(configContent), 0644); err != nil { 445 445 t.Fatalf("Failed to write quota config: %v", err) ··· 450 450 t.Fatalf("Failed to create quota manager: %v", err) 451 451 } 452 452 453 453 - // Add crew member with no berth (should use default) 454 454 - addCrewMemberWithBerth(t, pds, crewDID, "writer", []string{"blob:write"}, "") 453 453 + // Add crew member with no tier (should use default) 454 454 + addCrewMemberWithTier(t, pds, crewDID, "writer", []string{"blob:write"}, "") 455 455 456 456 // Create layer records for crew member 457 457 for i := range 2 { ··· 468 468 } 469 469 470 470 // Get quota for crew member 471 471 - stats, err := pds.GetQuotaForUserWithBerth(ctx, crewDID, quotaMgr) 471 471 + stats, err := pds.GetQuotaForUserWithTier(ctx, crewDID, quotaMgr) 472 472 if err != nil { 473 473 - t.Fatalf("GetQuotaForUserWithBerth failed: %v", err) 473 473 + t.Fatalf("GetQuotaForUserWithTier failed: %v", err) 474 474 } 475 475 476 476 - // Should have 5GB limit (deckhand berth) 476 476 + // Should have 5GB limit (deckhand tier) 477 477 expectedLimit := int64(5 * 1024 * 1024 * 1024) 478 478 if stats.Limit == nil { 479 479 t.Fatal("Expected non-nil limit for crew member") ··· 482 482 t.Errorf("Expected limit %d, got %d", expectedLimit, *stats.Limit) 483 483 } 484 484 485 485 - // Berth should be "deckhand" 486 486 - if stats.Berth != "deckhand" { 487 487 - t.Errorf("Expected berth 'deckhand', got %q", stats.Berth) 485 485 + // Tier should be "deckhand" 486 486 + if stats.Tier != "deckhand" { 487 487 + t.Errorf("Expected tier 'deckhand', got %q", stats.Tier) 488 488 } 489 489 490 490 // Should have 2 unique blobs ··· 492 492 t.Errorf("Expected 2 unique blobs, got %d", stats.UniqueBlobs) 493 493 } 494 494 495 495 - t.Logf("Crew (deckhand berth) quota stats: %+v", stats) 495 495 + t.Logf("Crew (deckhand tier) quota stats: %+v", stats) 496 496 } 497 497 498 498 - func TestGetQuotaForUserWithBerth_CrewWithExplicitBerth(t *testing.T) { 498 498 + func TestGetQuotaForUserWithTier_CrewWithExplicitTier(t *testing.T) { 499 499 ownerDID := "did:plc:owner789" 500 500 crewDID := "did:plc:bosuncrew456" 501 501 pds, cleanup := setupTestPDSWithIndex(t, ownerDID) ··· 507 507 tmpDir := t.TempDir() 508 508 configPath := filepath.Join(tmpDir, "quotas.yaml") 509 509 configContent := ` 510 510 - berths: 510 510 + tiers: 511 511 deckhand: 512 512 quota: 5GB 513 513 bosun: 514 514 quota: 50GB 515 515 516 516 defaults: 517 517 - new_crew_berth: deckhand 517 517 + new_crew_tier: deckhand 518 518 ` 519 519 if err := os.WriteFile(configPath, []byte(configContent), 0644); err != nil { 520 520 t.Fatalf("Failed to write quota config: %v", err) ··· 525 525 t.Fatalf("Failed to create quota manager: %v", err) 526 526 } 527 527 528 528 - // Add crew member with explicit "bosun" berth 529 529 - addCrewMemberWithBerth(t, pds, crewDID, "writer", []string{"blob:write"}, "bosun") 528 528 + // Add crew member with explicit "bosun" tier 529 529 + addCrewMemberWithTier(t, pds, crewDID, "writer", []string{"blob:write"}, "bosun") 530 530 531 531 // Create layer records for crew member 532 532 record := atproto.NewLayerRecord( ··· 541 541 } 542 542 543 543 // Get quota for crew member 544 544 - stats, err := pds.GetQuotaForUserWithBerth(ctx, crewDID, quotaMgr) 544 544 + stats, err := pds.GetQuotaForUserWithTier(ctx, crewDID, quotaMgr) 545 545 if err != nil { 546 546 - t.Fatalf("GetQuotaForUserWithBerth failed: %v", err) 546 546 + t.Fatalf("GetQuotaForUserWithTier failed: %v", err) 547 547 } 548 548 549 549 - // Should have 50GB limit (bosun berth) 549 549 + // Should have 50GB limit (bosun tier) 550 550 expectedLimit := int64(50 * 1024 * 1024 * 1024) 551 551 if stats.Limit == nil { 552 552 t.Fatal("Expected non-nil limit for crew member") ··· 555 555 t.Errorf("Expected limit %d, got %d", expectedLimit, *stats.Limit) 556 556 } 557 557 558 558 - // Berth should be "bosun" 559 559 - if stats.Berth != "bosun" { 560 560 - t.Errorf("Expected berth 'bosun', got %q", stats.Berth) 558 558 + // Tier should be "bosun" 559 559 + if stats.Tier != "bosun" { 560 560 + t.Errorf("Expected tier 'bosun', got %q", stats.Tier) 561 561 } 562 562 563 563 - t.Logf("Crew (bosun berth) quota stats: %+v", stats) 563 563 + t.Logf("Crew (bosun tier) quota stats: %+v", stats) 564 564 } 565 565 566 566 - func TestGetQuotaForUserWithBerth_NoQuotaManager(t *testing.T) { 566 566 + func TestGetQuotaForUserWithTier_NoQuotaManager(t *testing.T) { 567 567 ownerDID := "did:plc:ownerabc" 568 568 crewDID := "did:plc:crewabc" 569 569 pds, cleanup := setupTestPDSWithIndex(t, ownerDID) ··· 572 572 ctx := sharedCtx 573 573 574 574 // Add crew member 575 575 - addCrewMemberWithBerth(t, pds, crewDID, "writer", []string{"blob:write"}, "deckhand") 575 575 + addCrewMemberWithTier(t, pds, crewDID, "writer", []string{"blob:write"}, "deckhand") 576 576 577 577 // Create layer record 578 578 record := atproto.NewLayerRecord( ··· 587 587 } 588 588 589 589 // Get quota with nil quota manager (no enforcement) 590 590 - stats, err := pds.GetQuotaForUserWithBerth(ctx, crewDID, nil) 590 590 + stats, err := pds.GetQuotaForUserWithTier(ctx, crewDID, nil) 591 591 if err != nil { 592 592 - t.Fatalf("GetQuotaForUserWithBerth failed: %v", err) 592 592 + t.Fatalf("GetQuotaForUserWithTier failed: %v", err) 593 593 } 594 594 595 595 // Should have nil limit (unlimited) ··· 597 597 t.Errorf("Expected nil limit when quota manager is nil, got %d", *stats.Limit) 598 598 } 599 599 600 600 - // Berth should be empty 601 601 - if stats.Berth != "" { 602 602 - t.Errorf("Expected empty berth, got %q", stats.Berth) 600 600 + // Tier should be empty 601 601 + if stats.Tier != "" { 602 602 + t.Errorf("Expected empty tier, got %q", stats.Tier) 603 603 } 604 604 605 605 t.Logf("No quota manager stats: %+v", stats) 606 606 } 607 607 608 608 - func TestGetQuotaForUserWithBerth_DisabledQuotas(t *testing.T) { 608 608 + func TestGetQuotaForUserWithTier_DisabledQuotas(t *testing.T) { 609 609 ownerDID := "did:plc:ownerdef" 610 610 crewDID := "did:plc:crewdef" 611 611 pds, cleanup := setupTestPDSWithIndex(t, ownerDID) ··· 624 624 } 625 625 626 626 // Add crew member 627 627 - addCrewMemberWithBerth(t, pds, crewDID, "writer", []string{"blob:write"}, "bosun") 627 627 + addCrewMemberWithTier(t, pds, crewDID, "writer", []string{"blob:write"}, "bosun") 628 628 629 629 // Create layer record 630 630 record := atproto.NewLayerRecord( ··· 639 639 } 640 640 641 641 // Get quota with disabled quota manager 642 642 - stats, err := pds.GetQuotaForUserWithBerth(ctx, crewDID, quotaMgr) 642 642 + stats, err := pds.GetQuotaForUserWithTier(ctx, crewDID, quotaMgr) 643 643 if err != nil { 644 644 - t.Fatalf("GetQuotaForUserWithBerth failed: %v", err) 644 644 + t.Fatalf("GetQuotaForUserWithTier failed: %v", err) 645 645 } 646 646 647 647 // Should have nil limit (unlimited when quotas disabled) ··· 652 652 t.Logf("Disabled quotas stats: %+v", stats) 653 653 } 654 654 655 655 - func TestGetQuotaForUserWithBerth_DeduplicatesBlobs(t *testing.T) { 655 655 + func TestGetQuotaForUserWithTier_DeduplicatesBlobs(t *testing.T) { 656 656 ownerDID := "did:plc:ownerghi" 657 657 crewDID := "did:plc:crewghi" 658 658 pds, cleanup := setupTestPDSWithIndex(t, ownerDID) ··· 664 664 tmpDir := t.TempDir() 665 665 configPath := filepath.Join(tmpDir, "quotas.yaml") 666 666 configContent := ` 667 667 - berths: 667 667 + tiers: 668 668 deckhand: 669 669 quota: 5GB 670 670 671 671 defaults: 672 672 - new_crew_berth: deckhand 672 672 + new_crew_tier: deckhand 673 673 ` 674 674 if err := os.WriteFile(configPath, []byte(configContent), 0644); err != nil { 675 675 t.Fatalf("Failed to write quota config: %v", err) ··· 681 681 } 682 682 683 683 // Add crew member 684 684 - addCrewMemberWithBerth(t, pds, crewDID, "writer", []string{"blob:write"}, "") 684 684 + addCrewMemberWithTier(t, pds, crewDID, "writer", []string{"blob:write"}, "") 685 685 686 686 // Create multiple layer records with same digest (should be deduplicated) 687 687 digest := "sha256:duplicatelayer" ··· 699 699 } 700 700 701 701 // Get quota 702 702 - stats, err := pds.GetQuotaForUserWithBerth(ctx, crewDID, quotaMgr) 702 702 + stats, err := pds.GetQuotaForUserWithTier(ctx, crewDID, quotaMgr) 703 703 if err != nil { 704 704 - t.Fatalf("GetQuotaForUserWithBerth failed: %v", err) 704 704 + t.Fatalf("GetQuotaForUserWithTier failed: %v", err) 705 705 } 706 706 707 707 // Should have 1 unique blob (deduplicated)

+2 -2

pkg/hold/pds/xrpc.go

reviewed

··· 1537 1537 return 1538 1538 } 1539 1539 1540 1540 - // Get quota stats with berth-aware limits 1541 1541 - stats, err := h.pds.GetQuotaForUserWithBerth(r.Context(), userDID, h.quotaMgr) 1540 1540 + // Get quota stats with tier-aware limits 1541 1541 + stats, err := h.pds.GetQuotaForUserWithTier(r.Context(), userDID, h.quotaMgr) 1542 1542 if err != nil { 1543 1543 slog.Error("Failed to get quota", "userDid", userDID, "error", err) 1544 1544 http.Error(w, fmt.Sprintf("failed to get quota: %v", err), http.StatusInternalServerError)

+43 -43

pkg/hold/quota/config.go

reviewed

··· 13 13 14 14 // Config represents the quotas.yaml configuration 15 15 type Config struct { 16 16 - Berths map[string]BerthConfig `yaml:"berths"` 17 17 - Defaults DefaultsConfig `yaml:"defaults"` 16 16 + Tiers map[string]TierConfig `yaml:"tiers"` 17 17 + Defaults DefaultsConfig `yaml:"defaults"` 18 18 } 19 19 20 20 - // BerthConfig represents a single berth's configuration 21 21 - type BerthConfig struct { 20 20 + // TierConfig represents a single tier's configuration 21 21 + type TierConfig struct { 22 22 Quota string `yaml:"quota"` // Human-readable size: "5GB", "50GB", etc. 23 23 } 24 24 25 25 // DefaultsConfig represents default settings 26 26 type DefaultsConfig struct { 27 27 - NewCrewBerth string `yaml:"new_crew_berth"` 27 27 + NewCrewTier string `yaml:"new_crew_tier"` 28 28 } 29 29 30 30 - // Manager manages quota configuration and berth resolution 30 30 + // Manager manages quota configuration and tier resolution 31 31 type Manager struct { 32 32 config *Config 33 33 - berths map[string]int64 // resolved berth name -> bytes 33 33 + tiers map[string]int64 // resolved tier name -> bytes 34 34 } 35 35 36 36 // NewManager creates a quota manager, loading config from file if present 37 37 func NewManager(configPath string) (*Manager, error) { 38 38 m := &Manager{ 39 39 - berths: make(map[string]int64), 39 39 + tiers: make(map[string]int64), 40 40 } 41 41 42 42 // Try to load config file ··· 56 56 57 57 m.config = &cfg 58 58 59 59 - // Parse and resolve all berths 60 60 - for name, berth := range cfg.Berths { 61 61 - bytes, err := ParseHumanBytes(berth.Quota) 59 59 + // Parse and resolve all tiers 60 60 + for name, tier := range cfg.Tiers { 61 61 + bytes, err := ParseHumanBytes(tier.Quota) 62 62 if err != nil { 63 63 - return nil, fmt.Errorf("invalid quota for berth %q: %w", name, err) 63 63 + return nil, fmt.Errorf("invalid quota for tier %q: %w", name, err) 64 64 } 65 65 - m.berths[name] = bytes 65 65 + m.tiers[name] = bytes 66 66 } 67 67 68 68 return m, nil ··· 73 73 return m.config != nil 74 74 } 75 75 76 76 - // GetBerthLimit resolves the quota limit for a berth key 77 77 - // Returns nil for unlimited (captain, no config, or berth not found with no default) 76 76 + // GetTierLimit resolves the quota limit for a tier key 77 77 + // Returns nil for unlimited (captain, no config, or tier not found with no default) 78 78 // 79 79 // Resolution order: 80 80 // 1. If quotas disabled → nil (unlimited) 81 81 - // 2. If berthKey provided and found → return that berth's limit 82 82 - // 3. If berthKey not found or empty → use defaults.new_crew_berth 83 83 - // 4. If default berth not found → nil (unlimited) 84 84 - func (m *Manager) GetBerthLimit(berthKey string) *int64 { 81 81 + // 2. If tierKey provided and found → return that tier's limit 82 82 + // 3. If tierKey not found or empty → use defaults.new_crew_tier 83 83 + // 4. If default tier not found → nil (unlimited) 84 84 + func (m *Manager) GetTierLimit(tierKey string) *int64 { 85 85 if !m.IsEnabled() { 86 86 return nil 87 87 } 88 88 89 89 - // Try the provided berth key first 90 90 - if berthKey != "" { 91 91 - if limit, ok := m.berths[berthKey]; ok { 89 89 + // Try the provided tier key first 90 90 + if tierKey != "" { 91 91 + if limit, ok := m.tiers[tierKey]; ok { 92 92 return &limit 93 93 } 94 94 } 95 95 96 96 - // Fall back to default berth 97 97 - if m.config.Defaults.NewCrewBerth != "" { 98 98 - if limit, ok := m.berths[m.config.Defaults.NewCrewBerth]; ok { 96 96 + // Fall back to default tier 97 97 + if m.config.Defaults.NewCrewTier != "" { 98 98 + if limit, ok := m.tiers[m.config.Defaults.NewCrewTier]; ok { 99 99 return &limit 100 100 } 101 101 } 102 102 103 103 - // No valid berth found - unlimited 103 103 + // No valid tier found - unlimited 104 104 return nil 105 105 } 106 106 107 107 - // GetBerthName resolves the berth name for a berth key 108 108 - // Returns the actual berth name being used (after fallback resolution) 109 109 - func (m *Manager) GetBerthName(berthKey string) string { 107 107 + // GetTierName resolves the tier name for a tier key 108 108 + // Returns the actual tier name being used (after fallback resolution) 109 109 + func (m *Manager) GetTierName(tierKey string) string { 110 110 if !m.IsEnabled() { 111 111 return "" 112 112 } 113 113 114 114 - // Try the provided berth key first 115 115 - if berthKey != "" { 116 116 - if _, ok := m.berths[berthKey]; ok { 117 117 - return berthKey 114 114 + // Try the provided tier key first 115 115 + if tierKey != "" { 116 116 + if _, ok := m.tiers[tierKey]; ok { 117 117 + return tierKey 118 118 } 119 119 } 120 120 121 121 - // Fall back to default berth 122 122 - if m.config.Defaults.NewCrewBerth != "" { 123 123 - if _, ok := m.berths[m.config.Defaults.NewCrewBerth]; ok { 124 124 - return m.config.Defaults.NewCrewBerth 121 121 + // Fall back to default tier 122 122 + if m.config.Defaults.NewCrewTier != "" { 123 123 + if _, ok := m.tiers[m.config.Defaults.NewCrewTier]; ok { 124 124 + return m.config.Defaults.NewCrewTier 125 125 } 126 126 } 127 127 128 128 return "" 129 129 } 130 130 131 131 - // GetDefaultBerth returns the default berth name for new crew members 132 132 - func (m *Manager) GetDefaultBerth() string { 131 131 + // GetDefaultTier returns the default tier name for new crew members 132 132 + func (m *Manager) GetDefaultTier() string { 133 133 if m.config == nil { 134 134 return "" 135 135 } 136 136 - return m.config.Defaults.NewCrewBerth 136 136 + return m.config.Defaults.NewCrewTier 137 137 } 138 138 139 139 - // BerthCount returns the number of configured berths 140 140 - func (m *Manager) BerthCount() int { 141 141 - return len(m.berths) 139 139 + // TierCount returns the number of configured tiers 140 140 + func (m *Manager) TierCount() int { 141 141 + return len(m.tiers) 142 142 } 143 143 144 144 // ParseHumanBytes parses human-readable byte sizes like "5GB", "100MB", "1.5TB"

+34 -34

pkg/hold/quota/config_test.go

reviewed

··· 97 97 if m.IsEnabled() { 98 98 t.Error("expected quotas to be disabled when file missing") 99 99 } 100 100 - if m.GetBerthLimit("anything") != nil { 100 100 + if m.GetTierLimit("anything") != nil { 101 101 t.Error("expected nil limit when quotas disabled") 102 102 } 103 103 } ··· 107 107 configPath := filepath.Join(tmpDir, "quotas.yaml") 108 108 109 109 configContent := ` 110 110 - berths: 110 110 + tiers: 111 111 deckhand: 112 112 quota: 5GB 113 113 bosun: ··· 116 116 quota: 100GB 117 117 118 118 defaults: 119 119 - new_crew_berth: deckhand 119 119 + new_crew_tier: deckhand 120 120 ` 121 121 if err := os.WriteFile(configPath, []byte(configContent), 0644); err != nil { 122 122 t.Fatalf("failed to write config: %v", err) ··· 131 131 t.Error("expected quotas to be enabled") 132 132 } 133 133 134 134 - if m.BerthCount() != 3 { 135 135 - t.Errorf("expected 3 berths, got %d", m.BerthCount()) 134 134 + if m.TierCount() != 3 { 135 135 + t.Errorf("expected 3 tiers, got %d", m.TierCount()) 136 136 } 137 137 138 138 - // Test default berth (empty string) 139 139 - limit := m.GetBerthLimit("") 138 138 + // Test default tier (empty string) 139 139 + limit := m.GetTierLimit("") 140 140 if limit == nil { 141 141 - t.Fatal("expected non-nil limit for default berth") 141 141 + t.Fatal("expected non-nil limit for default tier") 142 142 } 143 143 if *limit != 5*1024*1024*1024 { 144 144 t.Errorf("expected 5GB limit for default, got %d", *limit) 145 145 } 146 146 147 147 - // Test explicit berth 148 148 - limit = m.GetBerthLimit("bosun") 147 147 + // Test explicit tier 148 148 + limit = m.GetTierLimit("bosun") 149 149 if limit == nil { 150 150 t.Fatal("expected non-nil limit for bosun") 151 151 } ··· 153 153 t.Errorf("expected 50GB limit for bosun, got %d", *limit) 154 154 } 155 155 156 156 - // Test berth name resolution 157 157 - if m.GetBerthName("") != "deckhand" { 158 158 - t.Errorf("expected berth name 'deckhand' for empty key, got %q", m.GetBerthName("")) 156 156 + // Test tier name resolution 157 157 + if m.GetTierName("") != "deckhand" { 158 158 + t.Errorf("expected tier name 'deckhand' for empty key, got %q", m.GetTierName("")) 159 159 } 160 160 - if m.GetBerthName("bosun") != "bosun" { 161 161 - t.Errorf("expected berth name 'bosun', got %q", m.GetBerthName("bosun")) 160 160 + if m.GetTierName("bosun") != "bosun" { 161 161 + t.Errorf("expected tier name 'bosun', got %q", m.GetTierName("bosun")) 162 162 } 163 163 } 164 164 ··· 167 167 configPath := filepath.Join(tmpDir, "quotas.yaml") 168 168 169 169 configContent := ` 170 170 - berths: 170 170 + tiers: 171 171 deckhand: 172 172 quota: 5GB 173 173 quartermaster: 174 174 quota: 50GB 175 175 176 176 defaults: 177 177 - new_crew_berth: deckhand 177 177 + new_crew_tier: deckhand 178 178 ` 179 179 if err := os.WriteFile(configPath, []byte(configContent), 0644); err != nil { 180 180 t.Fatalf("failed to write config: %v", err) ··· 185 185 t.Fatalf("failed to load config: %v", err) 186 186 } 187 187 188 188 - // Unknown berth should fall back to default 189 189 - limit := m.GetBerthLimit("unknown_berth") 188 188 + // Unknown tier should fall back to default 189 189 + limit := m.GetTierLimit("unknown_tier") 190 190 if limit == nil { 191 191 - t.Fatal("expected fallback to default berth") 191 191 + t.Fatal("expected fallback to default tier") 192 192 } 193 193 if *limit != 5*1024*1024*1024 { 194 194 t.Errorf("expected 5GB limit from default fallback, got %d", *limit) 195 195 } 196 196 197 197 - // Berth name should also fall back 198 198 - if m.GetBerthName("unknown_berth") != "deckhand" { 199 199 - t.Errorf("expected berth name 'deckhand' for unknown berth, got %q", m.GetBerthName("unknown_berth")) 197 197 + // Tier name should also fall back 198 198 + if m.GetTierName("unknown_tier") != "deckhand" { 199 199 + t.Errorf("expected tier name 'deckhand' for unknown tier, got %q", m.GetTierName("unknown_tier")) 200 200 } 201 201 } 202 202 ··· 220 220 configPath := filepath.Join(tmpDir, "quotas.yaml") 221 221 222 222 configContent := ` 223 223 - berths: 223 223 + tiers: 224 224 deckhand: 225 225 quota: invalid_size 226 226 227 227 defaults: 228 228 - new_crew_berth: deckhand 228 228 + new_crew_tier: deckhand 229 229 ` 230 230 if err := os.WriteFile(configPath, []byte(configContent), 0644); err != nil { 231 231 t.Fatalf("failed to write config: %v", err) ··· 237 237 } 238 238 } 239 239 240 240 - func TestNewManager_NoDefaultBerth(t *testing.T) { 240 240 + func TestNewManager_NoDefaultTier(t *testing.T) { 241 241 tmpDir := t.TempDir() 242 242 configPath := filepath.Join(tmpDir, "quotas.yaml") 243 243 244 244 configContent := ` 245 245 - berths: 245 245 + tiers: 246 246 quartermaster: 247 247 quota: 50GB 248 248 249 249 defaults: 250 250 - new_crew_berth: nonexistent 250 250 + new_crew_tier: nonexistent 251 251 ` 252 252 if err := os.WriteFile(configPath, []byte(configContent), 0644); err != nil { 253 253 t.Fatalf("failed to write config: %v", err) ··· 258 258 t.Fatalf("failed to load config: %v", err) 259 259 } 260 260 261 261 - // Empty berth key with nonexistent default should return nil (unlimited) 262 262 - limit := m.GetBerthLimit("") 261 261 + // Empty tier key with nonexistent default should return nil (unlimited) 262 262 + limit := m.GetTierLimit("") 263 263 if limit != nil { 264 264 - t.Error("expected nil limit when default berth doesn't exist") 264 264 + t.Error("expected nil limit when default tier doesn't exist") 265 265 } 266 266 267 267 - // Explicit berth should still work 268 268 - limit = m.GetBerthLimit("quartermaster") 267 267 + // Explicit tier should still work 268 268 + limit = m.GetTierLimit("quartermaster") 269 269 if limit == nil { 270 270 - t.Fatal("expected non-nil limit for quartermaster berth") 270 270 + t.Fatal("expected non-nil limit for quartermaster tier") 271 271 } 272 272 if *limit != 50*1024*1024*1024 { 273 273 t.Errorf("expected 50GB limit for quartermaster, got %d", *limit)

+10 -10

quotas.yaml.example

reviewed

··· 2 2 # Copy this file to quotas.yaml to enable quota enforcement. 3 3 # If quotas.yaml doesn't exist, quotas are disabled (unlimited for all users). 4 4 5 5 - # Berths define quota tiers using nautical crew ranks. 6 6 - # Each berth has a quota limit specified in human-readable format. 5 5 + # Tiers define quota levels using nautical crew ranks. 6 6 + # Each tier has a quota limit specified in human-readable format. 7 7 # Supported units: B, KB, MB, GB, TB, PB (case-insensitive) 8 8 - berths: 8 8 + tiers: 9 9 # Entry-level crew - suitable for new or casual users 10 10 deckhand: 11 11 quota: 5GB ··· 18 18 quartermaster: 19 19 quota: 100GB 20 20 21 21 - # You can add custom berths with any name: 21 21 + # You can add custom tiers with any name: 22 22 # unlimited_crew: 23 23 # quota: 1TB 24 24 25 25 defaults: 26 26 - # Default berth assigned to new crew members who don't have an explicit berth. 27 27 - # This berth must exist in the berths section above. 28 28 - new_crew_berth: deckhand 26 26 + # Default tier assigned to new crew members who don't have an explicit tier. 27 27 + # This tier must exist in the tiers section above. 28 28 + new_crew_tier: deckhand 29 29 30 30 # Notes: 31 31 - # - The hold captain (owner) always has unlimited quota regardless of berths. 32 32 - # - Crew members can be assigned a specific berth in their crew record. 33 33 - # - If a crew member's berth doesn't exist in config, they fall back to the default. 31 31 + # - The hold captain (owner) always has unlimited quota regardless of tiers. 32 32 + # - Crew members can be assigned a specific tier in their crew record. 33 33 + # - If a crew member's tier doesn't exist in config, they fall back to the default. 34 34 # - Quota is calculated per-user by summing unique blob sizes (deduplicated). 35 35 # - Quota is checked when pushing manifests (after blobs are already uploaded).