docs(auth): document atomic per-type device limit enforcement

Clarify in API/README that device limits are enforced independently per
normalized device type with atomic overflow revocation, and add a mapper
test covering the RFC3339 UTC timestamp contract.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-07-11 01:02:25 +08:00
parent 869e2bb75b
commit 114198f1d9
3 changed files with 19 additions and 1 deletions
+1 -1
View File
@@ -81,7 +81,7 @@ ObjectStorage:
ExpiresIn: 900
```
`Auth.DeviceLimits` is the source of truth for the desktop and mobile web-session counts shown in account device management. The effective values are returned by `GET /api/account/devices`.
`Auth.DeviceLimits` is the source of truth for desktop and mobile web-session limits. The auth store enforces each device type independently: a new login keeps the newest session and revokes the oldest overflow session atomically. The effective values are returned by `GET /api/account/devices` for display.
`Agent.Image.InputImageTransport` controls how input/reference images are sent to the image model for edit/image-to-image calls: `file` uploads image bytes with multipart form data, while `url` sends `images: [{"image_url": "..."}]` for gateways that can fetch public URLs directly.