Technical limits for EdgeBase App Functions.
Execution
| Limit | Default | Configurable | Notes |
|---|
| Max call depth | 5 | No | Prevents circular context.admin.functions.call() chains |
| Blocking hook timeout | 5 seconds | No | Fixed — beforeSignUp, beforeSignIn, onTokenRefresh, beforePasswordReset |
| Non-blocking hook | No timeout | — | afterSignUp, afterSignIn run via ctx.waitUntil() |
| Action handler timeout (Room) | 5 seconds | No | Per onAction execution |
| Schedule function timeout | 10 seconds | No | AbortSignal.timeout(10000) per function. Note: scheduleFunctionTimeout config type exists but runtime enforcement is not yet implemented — the 10s default is hardcoded. |
| Alarm wall-clock budget | 30 seconds | No | Cloudflare DO Alarm limit; functions split if exceeded |
HTTP Triggers
| Feature | Details |
|---|
| Routing | Filesystem-based (SvelteKit style) |
| Dynamic params | [param].ts → context.params.param |
| Catch-all | [...slug].ts → context.params.slug |
| Route groups | (group)/file.ts → parentheses removed from URL |
| Methods | GET, POST, PUT, PATCH, DELETE (named exports) |
| Middleware | _middleware.ts applies to directory and subdirectories |
| Ignored files | _helper.ts (underscore prefix, not middleware) |
DB Triggers
| Trigger | Execution | Notes |
|---|
afterInsert | Async (ctx.waitUntil()) | Never blocks API response |
afterUpdate | Async (ctx.waitUntil()) | |
afterDelete | Async (ctx.waitUntil()) | |
| Trigger error | Logged only | Best-effort; does not roll back the CUD operation |
Auth Hooks
| Hook | Type | Timeout | Notes |
|---|
beforeSignUp | Blocking | 5s (hardcoded) | Can reject signup; skipped on timeout |
beforeSignIn | Blocking | 5s (hardcoded) | Can reject signin; skipped on timeout |
onTokenRefresh | Blocking | 5s (hardcoded) | Can inject custom claims |
afterSignUp | Non-blocking | None | ctx.waitUntil() |
afterSignIn | Non-blocking | None | ctx.waitUntil() |
beforePasswordReset | Blocking | 5s | Called on both reset-password and change-password |
Schedule Triggers
| Limit | Value | Notes |
|---|
| Cron syntax | Standard 5-field | Defined in edgebase.config.ts, deployed as Cloudflare Cron Triggers |
| Execution | Worker scheduled() handler | Each schedule function runs via ctx.waitUntil() |
| Concurrent execution | Parallel | Each schedule trigger runs independently in the Worker |
Rate Limiting
| Group | Default | Key | Configurable |
|---|
functions | 50 req / 60s | IP | Yes |
global | 10,000,000 req / 60s | IP | Yes |
Service Key requests bypass the functions group limit.
The same bypass semantics apply to all Admin SDKs.
FunctionError Codes
| Code | HTTP Status |
|---|
not-found | 404 |
permission-denied | 403 |
unauthenticated | 401 |
invalid-argument | 400 |
already-exists | 409 |
internal | 500 |
unavailable | 503 |
failed-precondition | 412 |
resource-exhausted | 429 |