fix(DATAGO-122883): Add total file upload limit for projects

[shanechen-solace]

What is the purpose of this change?

Add a limit to the total size of files that can be uploaded to a project to prevent unbounded storage usage across users.

How was this change implemented?

Added DEFAULT_MAX_TOTAL_UPLOAD_SIZE_BYTES constant and validation logic in project_service.py that checks the cumulative size of user-uploaded files before accepting new uploads, rejecting requests with a 400 error when the total would exceed the limit.

Key Design Decisions

For now, the limit per-file has been set to 50mb and the total upload limit is 100mb.

The total project size limit is the primary constraint rather than enforcing strict per-file limits, providing flexibility for users to manage their file sizes as needed within the overall quota. LLM-generated artifacts are intentionally excluded from the limit (filtered by source="project") to ensure that AI-generated content doesn't consume a user's upload quota, only their manually uploaded files count.

How was this change tested?

• Manual testing: Manually added files of different sizes to projects to test the upload limit behavior.
• Integration tests: Added a comprehensive test suite covering limit enforcement, valid uploads, ZIP imports, edge cases, and verification that only user-uploaded files count toward the limit.
• Known limitations: Some test scenarios involving file deletion and replacement cannot be fully validated with the mock artifact service used in tests, but work correctly in production with a real artifact service.

Demos

SLACK: https://solacedotcom.slack.com/archives/C09TE7FNFAR/p1770050818570359?thread_ts=1769705717.347159&cid=C09TE7FNFAR

Screen.Recording.2026-01-30.at.4.51.46.PM.mov

Is there anything the reviewers should focus on/be aware of?

The test suite is about half of this PR.

[github-actions]

WhiteSource Policy Violation Summary

✅︎ No Blocking Whitesource Policy Violations found in solaceai/solace-agent-mesh-ui-pr-910!

[Copilot]

Pull request overview

This PR adds a total file upload size limit for projects to prevent unbounded storage usage. The implementation enforces a 100MB total project limit (with 50MB per-file limit) in production, while tests use 3MB/1MB limits respectively.

Changes:

• Added DEFAULT_MAX_TOTAL_UPLOAD_SIZE_BYTES constant and validation logic to check cumulative user-uploaded file sizes
• LLM-generated artifacts are excluded from the limit (filtered by source="project")
• Frontend and backend both validate the total upload limit before accepting new files

Reviewed changes

Copilot reviewed 9 out of 9 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
tests/integration/apis/persistence/projects/test_projects_upload_limits.py	Comprehensive test suite covering limit enforcement, ZIP imports, edge cases, and verification that only user-uploaded files count toward limits
tests/integration/apis/conftest.py	Added test configuration override for 3MB total project size limit
src/solace_agent_mesh/gateway/http_sse/services/project_service.py	Core validation logic for total upload size limits, including helper function and limit checks in project creation and artifact upload
src/solace_agent_mesh/gateway/http_sse/routers/config.py	Exposed maxTotalUploadSizeBytes to frontend via config endpoint
src/solace_agent_mesh/gateway/constants.py	New constants file defining all upload size limit defaults
src/solace_agent_mesh/gateway/base/app.py	Added configuration parameter for total upload size limit and migrated to use centralized constants
client/webui/frontend/src/lib/utils/file-validation.ts	Added validateTotalUploadSize function for frontend validation
client/webui/frontend/src/lib/contexts/ConfigContext.ts	Added maxTotalUploadSizeBytes to config context type
client/webui/frontend/src/lib/components/projects/KnowledgeSection.tsx	Integrated total upload size validation in file upload flow

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 11 out of 11 changed files in this pull request and generated 1 comment.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Calling get_project_artifacts on every file upload may be inefficient for projects with many artifacts. Consider caching the artifact list or implementing a more efficient size tracking mechanism (e.g., storing total size as project metadata) to avoid repeated database queries and artifact service calls.

[lgh-solace]

Looks clean and has some nice additions, but perhaps goes too far on the BE? Thoughts?

[lgh-solace]

I feel this function is currently unnecessary? We are logging user_id and project_id, but those aren't user controlled, they're just IDs and UUIDs.

[lgh-solace]

This one could be useful - but not sure it's useful enough to add to the shared helper since its only one line... 🤔

Edit: Maybe we could keep it in project_service.py?

[JKaram]

Looking good.

Just be mindful of the comments the AI leaves. Some of them are very redundant.

[JKaram]

Can you remove the unnecessary comments. // 1. Validate individual file sizes ...

[JKaram]

This would be a good place for the util I mentioned above. We might even have one already.

[sonarqube-solacecloud]

Quality Gate failed

Failed conditions
B Security Rating on New Code (required ≥ A)

See analysis details on SonarQube

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE