Settings
Settings is the admin screen for deployment-wide platform configuration.
Only admins can load or save settings.
Team Member Access
Section titled “Team Member Access”Settings supports two sign-in access methods:
| Method | Behavior |
|---|---|
| Any authenticated user | Any valid Roster Auth or configured identity-provider user can sign in and receive an identity profile. |
| Only invited team members | Users must already exist as team members before sign-in is allowed. |
If your organization provisions team members through an upstream SCIM process, manage those users as invited team members inside Roster and document the upstream provisioning source separately.
Invite Email Delivery
Section titled “Invite Email Delivery”Invite email delivery is optional and applies to IDP-only team member invites.
Supported providers:
- SMTP
- Resend
Common fields include from email, from name, reply-to email, provider, and provider-specific secret material. Secrets are retained by leaving the secret field blank and can be cleared from the UI.
Agents
Section titled “Agents”The Agents section configures the resolver agent:
- Provider
- Model
- Reasoning effort
- Max tokens
- Input cost per million tokens
- Cached input cost per million tokens
- Output cost per million tokens
- API type: Responses or Chat Completions
- URL
Deployment secrets and provider defaults are still managed outside this screen. See Model Providers for provider credentials, model allowlists, and supported provider families.
Rate Limiting
Section titled “Rate Limiting”Rate limiting can be enabled or disabled globally. Each rule has its own enabled state, limit, and window in seconds.
Default rules are:
| Rule | Default limit | Default window |
|---|---|---|
| HTTP requests by IP | 300 | 60 seconds |
| Authenticated REST and MCP actor | 120 | 60 seconds |
| Resolve LLM calls | 20 | 3,600 seconds |
HTTP IP rate limits skip static development and asset paths. REST and MCP actor
limits use API token IDs, OAuth identities, or identity IDs. Resolve LLM limits
use the API token, OAuth principal, identity, client IP, or unknown fallback.
Rate-limited clients receive HTTP 429 with Retry-After,
X-RateLimit-Limit, X-RateLimit-Remaining, and X-RateLimit-Reset headers.
Data Retention
Section titled “Data Retention”Retention settings accept positive integers in days or no limit:
- Resolve requests
- Audit events
- Model runs
Worker journal retention is configured in the PII section under Worker journals.
PII settings control which fields are retained or shown in:
- Audit events: IP address, user agent, personal-looking metadata fields
- Model runs: actor name, actor email, input/output, tool payloads, error details
- Resolve requests: actor name, actor email, actor credential details, query text
- Resolve result fields: user ID, display name, email, title, labels, metadata, memberships, delegation details, participant names, project IDs
- Operational logs: error details, model developer notes, connector identifiers
- Worker journals: retention days
For principles and erasure workflow guidance, see Privacy and Data Retention.
About Roster
Section titled “About Roster”The About panel shows deployment version information and links to third-party notices for open-source license review.