Service Quotas

Service quotas define capacity limits for accounts and organizations on the FlexGalaxy.AI platform. They control maximums like “member accounts per organization” or “SCPs per entity.”

Quota Model

Each quota has:

  • service_code – the service namespace (e.g. organizations)

  • quota_code – unique identifier within the service (e.g. L-member-accounts)

  • default_value – platform default

  • applied_value – current effective limit (may be higher than default after approval)

  • max_value – hard ceiling (null = no ceiling, adjustable via request)

  • adjustable – whether increase requests are accepted

Platform Defaults

Quota

Default

Max

Adjustable

Member accounts per organization

10

Yes

Organizational units per organization

2000

Yes

OU nesting depth

5

5

No

SCPs per organization

10,000

Yes

SCPs attached per entity

5

5

No

SCP document size (characters)

5,120

5,120

No

Delegated administrators per organization

20

Yes

Account Lifecycle

Standalone Account

Accounts that do not belong to an organization have their own set of quotas. These are seeded with platform defaults on first access.

  • View quotas: GET /api/v1/accounts/me/quotas

  • Request increase: POST /api/v1/accounts/me/quota-requests

  • View requests: GET /api/v1/accounts/me/quota-requests

All increase requests are reviewed by platform admins via StarGate.

Account Creates Organization

When a standalone account creates an organization:

  1. Default quotas are seeded for the new org

  2. mergeStandaloneQuotas(accountId, orgId) runs

  3. For each quota, the org gets max(orgDefault, accountApprovedValue)

  4. Standalone quota records are deleted

This preserves any previously approved quota increases.

Account Leaves Organization

When an account leaves (or is removed from) an organization, the system checks whether the org has quotas above platform defaults:

No elevated quotas – the account leaves immediately.

Elevated quotas exist – the leave is gated:

  1. Standalone quotas are seeded with platform defaults for the account

  2. Quota increase requests are auto-submitted for each elevated value

  3. Each request is tagged with leave_request_account_id

  4. The account stays in the org until all requests are decided

Leave-gated request outcomes

Decision

Result

All approved

Account automatically departs the org with the elevated quota values

Any denied

All remaining pending leave requests are cancelled, standalone quota records are cleaned up, account stays in the org. The user is notified that the leave was blocked.

Organization-Scoped Quotas

Accounts within an organization use the org’s quotas:

  • View quotas: GET /api/v1/organizations/{orgId}/quotas

  • Request increase: POST /api/v1/organizations/{orgId}/quota-requests

  • View requests: GET /api/v1/organizations/{orgId}/quota-requests

Platform Admin Review

Platform admins manage all quota increase requests (both org-level and standalone account-level) through a unified queue:

  • List pending: GET /api/v1/quota-requests?page=0&size=20

  • Approve: PUT /api/v1/quota-requests/{requestId}/approve

  • Deny: PUT /api/v1/quota-requests/{requestId}/deny

Leave-gated requests appear in the same queue with an auto-generated reason indicating the account is leaving an org.

API Reference

Account-Level Endpoints

GET  /api/v1/accounts/me/quotas           -- list account quotas (or defaults)
POST /api/v1/accounts/me/quota-requests    -- submit increase request
GET  /api/v1/accounts/me/quota-requests    -- list account's requests
GET  /api/v1/quotas/defaults               -- platform default quotas (read-only)

Organization-Level Endpoints

GET  /api/v1/organizations/{orgId}/quotas              -- list org quotas
GET  /api/v1/organizations/{orgId}/quotas/{quotaId}    -- get single quota
POST /api/v1/organizations/{orgId}/quota-requests       -- submit increase request
GET  /api/v1/organizations/{orgId}/quota-requests       -- list org's requests
DELETE /api/v1/organizations/{orgId}/quota-requests/{id} -- cancel request

Admin Endpoints

GET  /api/v1/quota-requests                       -- list all pending (paginated)
PUT  /api/v1/quota-requests/{requestId}/approve    -- approve request
PUT  /api/v1/quota-requests/{requestId}/deny       -- deny request (reason required)