From 6f0ca946c692e5009c2c268b343b0d7febaad85d Mon Sep 17 00:00:00 2001
From: Alex Chan <alexc@tailscale.com>
Date: Tue, 31 Mar 2026 11:19:32 +0100
Subject: [PATCH] tka: consolidate all the limits into a single file

This makes the limits easier to find and change, rather than scattering
them across the TKA code.

Updates #cleanup

Change-Id: I2f9b3b83d293eebb2572fa7bb6de2ca1f3d9a192
Signed-off-by: Alex Chan <alexc@tailscale.com>
---
 tka/key.go    |  2 --
 tka/limits.go | 24 ++++++++++++++++++++++++
 tka/state.go  |  7 -------
 tka/sync.go   |  7 -------
 tka/tka.go    |  3 ---
 5 files changed, 24 insertions(+), 19 deletions(-)
 create mode 100644 tka/limits.go

diff --git a/tka/key.go b/tka/key.go
index 005a10433..08897d409 100644
--- a/tka/key.go
+++ b/tka/key.go
@@ -104,8 +104,6 @@ func (k Key) Ed25519() (ed25519.PublicKey, error) {
 	}
 }
 
-const maxMetaBytes = 512
-
 func (k Key) StaticValidate() error {
 	if k.Votes > 4096 {
 		return fmt.Errorf("excessive key weight: %d > 4096", k.Votes)
diff --git a/tka/limits.go b/tka/limits.go
new file mode 100644
index 000000000..7f5b8dccd
--- /dev/null
+++ b/tka/limits.go
@@ -0,0 +1,24 @@
+// Copyright (c) Tailscale Inc & contributors
+// SPDX-License-Identifier: BSD-3-Clause
+
+package tka
+
+const (
+	// Upper bound on checkpoint elements, chosen arbitrarily. Intended
+	// to cap the size of large AUMs.
+	maxDisablementSecrets = 32
+	maxKeys               = 512
+
+	// Max amount of metadata that can be associated with a key, chosen arbitrarily.
+	// Intended to avoid people abusing TKA as a key-value score.
+	maxMetaBytes = 512
+
+	// Max iterations searching for any intersection during the sync process.
+	maxSyncIter = 2000
+
+	// Max iterations searching for a head intersection during the sync process.
+	maxSyncHeadIntersectionIter = 400
+
+	// Limit on scanning AUM trees, chosen arbitrarily.
+	maxScanIterations = 2000
+)
diff --git a/tka/state.go b/tka/state.go
index 66f88d672..934c531eb 100644
--- a/tka/state.go
+++ b/tka/state.go
@@ -248,13 +248,6 @@ func (s State) applyVerifiedAUM(update AUM) (State, error) {
 	}
 }
 
-// Upper bound on checkpoint elements, chosen arbitrarily. Intended to
-// cap out insanely large AUMs.
-const (
-	maxDisablementSecrets = 32
-	maxKeys               = 512
-)
-
 // staticValidateCheckpoint validates that the state is well-formed for
 // inclusion in a checkpoint AUM.
 func (s *State) staticValidateCheckpoint() error {
diff --git a/tka/sync.go b/tka/sync.go
index 18a991384..5cae9b45f 100644
--- a/tka/sync.go
+++ b/tka/sync.go
@@ -11,13 +11,6 @@ import (
 	"os"
 )
 
-const (
-	// Max iterations searching for any intersection.
-	maxSyncIter = 2000
-	// Max iterations searching for a head intersection.
-	maxSyncHeadIntersectionIter = 400
-)
-
 // ErrNoIntersection is returned when a shared AUM could
 // not be determined when evaluating a remote sync offer.
 var ErrNoIntersection = errors.New("no intersection")
diff --git a/tka/tka.go b/tka/tka.go
index e3862c29d..9b22edc2e 100644
--- a/tka/tka.go
+++ b/tka/tka.go
@@ -31,9 +31,6 @@ var cborDecOpts = cbor.DecOptions{
 	MaxMapPairs:      1024,
 }
 
-// Arbitrarily chosen limit on scanning AUM trees.
-const maxScanIterations = 2000
-
 // Authority is a Tailnet Key Authority. This type is the main coupling
 // point to the rest of the tailscale client.
 //