For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
Blog
DocsAPI Reference
DocsAPI Reference
    • AIStore
    • Documentation
  • Core Documentation
    • In-depth Overview
    • Terminology and core abstractions
    • Getting Started
    • Networking model
    • Buckets: design, operations, namespaces, and system buckets
    • Observability overview
    • CLI overview
    • Production deployment
    • Technical Blog
  • APIs, SDKs, and Compatibility
    • Go API
    • Python SDK
    • PyPI package
    • Python SDK reference guide
    • PyTorch integration
    • TensorFlow integration
    • HTTP API reference
    • curl examples
    • Easy URL
    • S3 compatibility
    • s3cmd quick start
    • Presigned S3 requests
    • Boto3 support
  • Command-Line Interface
    • CLI overview
    • ais help
    • CLI reference guide
    • Bucket operations
    • Cluster and remote-cluster management
    • Storage and mountpath management
    • Monitoring and ais show
    • Downloads
    • Jobs
    • Authentication and access control
    • Configuration via CLI
    • ETL CLI
    • Distributed shuffle CLI
    • ML / get-batch CLI
    • GCP credentials
    • TLS certificate management
  • Storage and Data Management
    • Storage services
    • Buckets: design, operations, namespaces, and system buckets
    • Native Bucket Inventory (NBI)
    • Backend providers
    • On-disk layout
    • Virtual directories
    • System files
    • Evicting remote buckets and cached data
  • Cluster Operations
    • Node lifecycle: maintenance, shutdown, decommission
    • Global rebalance
    • Resilver
    • AIS in Containerized Environments
    • Highly available control plane
    • Information Center (IC)
    • Out-of-band updates
    • Troubleshooting
  • Configuration and Security
    • Configuration
    • Environment variables
    • Feature flags
    • AuthN and access control
    • Authentication validation
    • HTTPS and certificates
    • Switching a cluster to HTTPS
  • ETL and Advanced Workflows
    • ETL overview
    • ETL CLI docs
    • ETL Python SDK examples
    • Custom transformers
    • ETL Python webserver SDK
    • ETL Go webserver package
    • Archives: read, write, and list
    • Distributed shuffle (dsort)
    • Initial sharding utility (ishard)
    • Downloader
    • Blob Downloader
    • Batch object retrieval (get-batch)
    • Batch operations
    • Tools and utilities
    • Extended actions (xactions)
  • Observability, Monitoring, and Performance
    • Observability overview
    • Monitoring with CLI
    • Logs
    • Prometheus integration
    • Metrics reference
    • Grafana dashboards
    • Kubernetes monitoring
    • Distributed tracing
    • Monitoring get-batch
    • AIS load generator (aisloader)
    • Benchmarking AIStore
    • Performance tuning and testing
    • Performance monitoring via CLI
    • Rate limiting
    • Checksumming
    • Filesystem Health Checker (FSHC)
    • Traffic patterns
  • Networking
    • Networking: multi-homing, network separation, IPv6
    • HTTPS configuration
    • Switching to HTTPS
    • Idle connections
    • MessagePack protocol
  • Deployment
    • AIStore on Kubernetes
    • Kubernetes Operator
    • Ansible playbooks
    • Helm charts
    • Deployment monitoring
    • Docker
  • Developer Resources
    • Development guide
    • aisnode command line
    • Build tags
  • Object and Bucket Naming
    • Unicode and special symbols in object and bucket names
    • Extremely long object names
Blog
NVIDIANVIDIA
Developer-friendly docs for your API
Privacy Policy | Your Privacy Choices | Terms of Service | Accessibility | Corporate Policies | Product Security | Contact

Copyright © 2026, NVIDIA Corporation.

LogoLogoAIStore
On this page
  • Feature flags
  • Tagging system
  • Tag categories
  • Integrity impact indicators
  • Validation and conflicts
  • Names and comments
  • Global features
  • Bucket features
  • 1. show existing bucket-scope features
  • 2. select and set
  • 3. reset feature flags back to zero (or ‘none’)
  • Validation errors
  • Example: Count-Object-NotFound-Stats
Configuration and Security

Feature flags

||View as Markdown|
Previous

Environment variables

Next

AuthN and access control

Feature flags

Feature flags are represented as a 64-bit bitmask field in aistore cluster configuration denoting assorted (named) capabilities that can be individually enabled at runtime.

The features themselves are enumerated below. Not all feature flags - henceforth, “features” - are cluster-global.

Assorted features, denoted by (*) below, can also be changed on a per-bucket basis.

By default, all features are disabled, and the corresponding 64-bit field is set to zero.

Table of Contents

  • Tagging system
  • Validation and conflicts
  • Names and comments
  • Global features
  • Bucket features
  • Example: Count-Object-NotFound-Stats

Tagging system

Feature flags are now organized with descriptive tags to help users understand their purpose and impact. The CLI displays features in a 3-column format: FEATURE | TAGS | DESCRIPTION.

Tag categories

  • Domain-specific: s3, lz4, etl, mpu, telemetry
  • Performance impact: perf, overhead
  • Network/operations: net, ops, security
  • Compatibility: compat, promote
  • Deployment: deploy

Integrity impact indicators

Feature flags that affect data integrity are marked with directional indicators:

  • integrity+ - Enhances data integrity (safer, more conservative)
  • integrity- - Potentially compromises data integrity (trading safety for performance)
  • integrity? - Complex integrity implications (depends on deployment and runtime context)

This helps operators quickly identify flags that involve safety trade-offs.

Validation and conflicts

Feature flags now include validation logic to prevent conflicting configurations:

  • Disable-Cold-GET and Streaming-Cold-GET are mutually exclusive
  • Additional validation rules may be added for other conflicting combinations

The validation occurs both at the cluster level and when setting bucket properties.

Names and comments

nametagscomment
Enforce-IntraCluster-Accesssecuritywhen enabled, aistore targets will make sure not to execute direct (ie., not redirected) API calls
Skip-Loading-VersionChecksum-MD(*)perf,integrity-skip loading existing object’s metadata, Version and Checksum (VC) in particular
Do-not-Auto-Detect-FileSharepromote,opsdo not auto-detect file share (NFS, SMB) when promoting shared files to AIS
S3-API-via-Roots3,compat,opshandle S3 requests via aistore-hostname/ (whereby the default: aistore-hostname/s3)
Fsync-PUT(*)integrity+,overheadPUT and cold-GET: commit (or sync) the object payload to stable storage
LZ4-Block-1MBlz4.tar.lz4 format, lz4 compression: maximum uncompressed block size=1MB (default: 256K)
LZ4-Frame-Checksumlz4checksum lz4 frames
Do-not-Allow-Passing-FQN-to-ETLetl,securitydo not allow passing fully-qualified name of a locally stored object to (local) ETL containers
Ignore-LimitedCoexistence-Conflictsops,integrity-run in presence of “limited coexistence” type conflicts
S3-Presigned-Request(*)s3,security,compatpass-through client-signed (presigned) S3 requests for subsequent authentication by S3
Do-not-Optimize-Listing-Virtual-Dirsoverheadwhen prefix doesn’t end with ’/’ and is a subdirectory: don’t assume there are no prefixed object names
Disable-Cold-GETperf,integrity-do not perform cold GET request when using remote bucket
Streaming-Cold-GETperf,integrity-write and transmit cold-GET content back to user in parallel, without finalizing in-cluster object
S3-Reverse-Proxys3,net,opsuse reverse proxy calls instead of HTTP-redirect for S3 API
S3-Use-Path-Styles3,compatuse older path-style addressing (as opposed to virtual-hosted style), e.g., https://s3.amazonaws.com/BUCKET/KEY
Do-not-Delete-When-Rebalancingintegrity?,opsdisable lazy deletion during global rebalance: do not delete misplaced sources of the migrated objects
Do-not-Set-Control-Plane-ToSnet,opsintra-cluster control plane: use default network priority (do not set IPv4 ToS to low-latency)
Trust-Crypto-Safe-Checksumsintegrity+,overheadwhen checking whether objects are identical trust only cryptographically secure checksums
S3-ListObjectVersionss3,overheadwhen versioning info is requested, use ListObjectVersions API (beware: extremely slow, versioned S3 buckets only)
Enable-Detailed-Prom-Metricstelemetry,overheadinclude (bucket, xaction) Prometheus variable labels with every GET and PUT transaction
Force-Container-CPU-Memdeployforce container-based CPU and memory metrics when automated environment detection fails; unlike all other feature flags, takes effect only at startup (not at runtime)
Resume-Interrupted-MPUmpu,opsresume interrupted multipart uploads from persisted partial manifests
Keep-Unknown-FQNintegrity?,opsdo not delete unrecognized/invalid FQNs during space cleanup (‘ais space-cleanup’)
Load-Balance-GETperfwhen bucket is n-way mirrored read object replica from the least-utilized mountpath
Count-Object-NotFound-Statstelemetry,opscount GET(object) 404 as errors (default: don’t)

Global features

1$ ais config cluster features <TAB-TAB>
2
3Enforce-IntraCluster-Access            S3-Presigned-Request                   S3-ListObjectVersions
4Skip-Loading-VersionChecksum-MD        Do-not-Optimize-Listing-Virtual-Dirs   Enable-Detailed-Prom-Metrics
5Do-not-Auto-Detect-FileShare           Disable-Cold-GET                       Force-Container-CPU-Mem
6S3-API-via-Root                        Streaming-Cold-GET                     Resume-Interrupted-MPU
7Fsync-PUT                              S3-Reverse-Proxy                       Keep-Unknown-FQN
8LZ4-Block-1MB                          S3-Use-Path-Style                      Load-Balance-GET
9LZ4-Frame-Checksum                     Do-not-Delete-When-Rebalancing         Count-Object-NotFound-Stats
10Do-not-Allow-Passing-FQN-to-ETL        Do-not-Set-Control-Plane-ToS           none
11Ignore-LimitedCoexistence-Conflicts    Trust-Crypto-Safe-Checksums

For example:

1$ ais config cluster features S3-API-via-Root  Skip-Loading-VersionChecksum-MD  Load-Balance-GET
2
3PROPERTY         VALUE
4features         Skip-Loading-VersionChecksum-MD
5                 S3-API-via-Root
6                 Load-Balance-GET
7
8FEATURE                              TAGS                    DESCRIPTION
9Enforce-IntraCluster-Access          security               enforce intra-cluster access
10Skip-Loading-VersionChecksum-MD      perf,integrity-        (*) skip loading existing object's metadata, Version and Checksum (VC) in particular              <<< colored
11Do-not-Auto-Detect-FileShare         promote,ops            do not auto-detect file share (NFS, SMB) when _promoting_ shared files to AIS
12S3-API-via-Root                      s3,compat,ops          handle s3 requests via `aistore-hostname/` (default: `aistore-hostname/s3`)                       <<< colored
13Fsync-PUT                            integrity+,overhead    (*) when finalizing PUT(object): fflush prior to (close, rename) sequence
14LZ4-Block-1MB                        lz4                    .tar.lz4 format, lz4 compression: max uncompressed block size=1MB (default: 256K)
15LZ4-Frame-Checksum                   lz4                    checksum lz4 frames (default: don't)
16Do-not-Allow-Passing-FQN-to-ETL      etl,security           do not allow passing fully-qualified name of a locally stored object to (local) ETL containers
17Ignore-LimitedCoexistence-Conflicts  ops,integrity-         run in presence of _limited coexistence_ type conflicts (same as e.g. CopyBckMsg.Force but globally)
18S3-Presigned-Request                 s3,security,compat     (*) pass-through client-signed (presigned) S3 requests for subsequent authentication by S3
19Do-not-Optimize-Listing-Virtual-Dirs overhead               when prefix doesn't end with '/' and is a subdirectory: don't assume there are no _prefixed_ obj names
20Disable-Cold-GET                     perf,integrity-        disable cold-GET (from remote bucket)
21Streaming-Cold-GET                   perf,integrity-        write and transmit cold-GET content back to user in parallel, without _finalizing_ in-cluster object
22S3-Reverse-Proxy                     s3,net,ops             intra-cluster communications: instead of regular HTTP redirects reverse-proxy S3 API calls to designated targets
23S3-Use-Path-Style                    s3,compat              use older path-style addressing (as opposed to virtual-hosted style), e.g., `https://s3.amazonaws.com/BUCKET/KEY`
24Do-not-Delete-When-Rebalancing       integrity?,ops         disable lazy deletion during global rebalance: do not delete misplaced sources of the migrated objects
25Do-not-Set-Control-Plane-ToS         net,ops                intra-cluster control plane: use default network priority (do not set IPv4 ToS to low-latency)
26Trust-Crypto-Safe-Checksums          integrity+,overhead    when checking whether objects are identical trust only cryptographically secure checksums
27S3-ListObjectVersions                s3,overhead            when versioning info is requested, use ListObjectVersions API (beware: extremely slow, versioned S3 buckets only)
28Enable-Detailed-Prom-Metrics         telemetry,overhead     include (bucket, xaction) Prometheus variable labels with every GET and PUT transaction
29Force-Container-CPU-Mem              deploy                 force container-based CPU and memory metrics when automated environment detection fails (startup only)
30Resume-Interrupted-MPU               mpu,ops                resume interrupted multipart uploads from persisted partial manifests
31Keep-Unknown-FQN                     integrity?,ops         do not delete unrecognized/invalid FQNs during space cleanup ('ais space-cleanup')
32Load-Balance-GET                     perf                   when bucket is n-way mirrored read object replica from the least-utilized mountpath               <<< colored
33Count-Object-NotFound-Stats          telemetry,ops          count GET(object) 404 as errors
34
35Cluster config updated

Notice the [FEATURE, TAGS, DESCRIPTION] table above that shows all supported feature flags along with their respective tags and descriptions. Currently selected features are shown in color. Tags help identify the purpose and impact of each feature at a glance.

Tip: Use the tags to quickly identify features by category. For example, look for integrity- tags to identify features that may trade data integrity for performance, or overhead tags for features that may impact performance.

To view the current (configured) setting, type the same command and hit Enter:

1$ ais config cluster features
2
3PROPERTY         VALUE
4features         Skip-Loading-VersionChecksum-MD
5                 S3-API-via-Root
6                 Load-Balance-GET
7
8FEATURE                              TAGS                    DESCRIPTION
9Enforce-IntraCluster-Access          security               enforce intra-cluster access
10Skip-Loading-VersionChecksum-MD      perf,integrity-        (*) skip loading existing object's metadata, Version and Checksum (VC) in particular               <<< colored
11Do-not-Auto-Detect-FileShare         promote,ops            do not auto-detect file share (NFS, SMB) when _promoting_ shared files to AIS
12S3-API-via-Root                      s3,compat,ops          handle s3 requests via `aistore-hostname/` (default: `aistore-hostname/s3`)                        <<< colored
13Fsync-PUT                            integrity+,overhead    (*) when finalizing PUT(object): fflush prior to (close, rename) sequence
14LZ4-Block-1MB                        lz4                    .tar.lz4 format, lz4 compression: max uncompressed block size=1MB (default: 256K)
15LZ4-Frame-Checksum                   lz4                    checksum lz4 frames (default: don't)
16Do-not-Allow-Passing-FQN-to-ETL      etl,security           do not allow passing fully-qualified name of a locally stored object to (local) ETL containers
17Ignore-LimitedCoexistence-Conflicts  ops,integrity-         run in presence of _limited coexistence_ type conflicts (same as e.g. CopyBckMsg.Force but globally)
18S3-Presigned-Request                 s3,security,compat     (*) pass-through client-signed (presigned) S3 requests for subsequent authentication by S3
19Do-not-Optimize-Listing-Virtual-Dirs overhead               when prefix doesn't end with '/' and is a subdirectory: don't assume there are no _prefixed_ obj names
20Disable-Cold-GET                     perf,integrity-        disable cold-GET (from remote bucket)
21Streaming-Cold-GET                   perf,integrity-        write and transmit cold-GET content back to user in parallel, without _finalizing_ in-cluster object
22S3-Reverse-Proxy                     s3,net,ops             intra-cluster communications: instead of regular HTTP redirects reverse-proxy S3 API calls to designated targets
23S3-Use-Path-Style                    s3,compat              use older path-style addressing (as opposed to virtual-hosted style), e.g., `https://s3.amazonaws.com/BUCKET/KEY`
24Do-not-Delete-When-Rebalancing       integrity?,ops         disable lazy deletion during global rebalance: do not delete misplaced sources of the migrated objects
25Do-not-Set-Control-Plane-ToS         net,ops                intra-cluster control plane: use default network priority (do not set IPv4 ToS to low-latency)
26Trust-Crypto-Safe-Checksums          integrity+,overhead    when checking whether objects are identical trust only cryptographically secure checksums
27S3-ListObjectVersions                s3,overhead            when versioning info is requested, use ListObjectVersions API (beware: extremely slow, versioned S3 buckets only)
28Enable-Detailed-Prom-Metrics         telemetry,overhead     include (bucket, xaction) Prometheus variable labels with every GET and PUT transaction
29Force-Container-CPU-Mem              deploy                 force container-based CPU and memory metrics when automated environment detection fails (startup only)
30Resume-Interrupted-MPU               mpu,ops                resume interrupted multipart uploads from persisted partial manifests
31Keep-Unknown-FQN                     integrity?,ops         do not delete unrecognized/invalid FQNs during space cleanup ('ais space-cleanup')
32Load-Balance-GET                     perf                   when bucket is n-way mirrored read object replica from the least-utilized mountpath               <<< colored
33Count-Object-NotFound-Stats          telemetry,ops          count GET(object) 404 as errors

The same in JSON:

1$ ais config cluster features --json
2{
3    "features": "1552"
4}

Finally, to reset feature flags back to the system defaults, <TAB-TAB> to select none from the completion list, or simply run:

1$ ais config cluster features none
2
3PROPERTY         VALUE
4features         none
5
6Cluster config updated

Bucket features

By default, created and added (ie., discovered upon remote lookup) buckets inherit their properties from the cluster.

For background and details, see Bucket Properties.

It is possible, however, to change the defaults both at bucket creation time and/or at any later time.

Here’s a brief 1-2-3 demonstration in re specifically: feature flags.

1. show existing bucket-scope features

1$ ais bucket props set ais://nnn features <TAB-TAB>
2
3Skip-Loading-VersionChecksum-MD   Streaming-Cold-GET                Count-Object-NotFound-Stats
4Fsync-PUT                         S3-Use-Path-Style                 none
5S3-Presigned-Request              S3-ListObjectVersions
6Disable-Cold-GET                  Resume-Interrupted-MPU

2. select and set

1$ ais bucket props set ais://nnn features S3-Presigned-Request
2
3"features" set to: "S3-Presigned-Request" (was: "none")
4
5Bucket props successfully updated.
6
7FEATURE                          TAGS                    DESCRIPTION
8Skip-Loading-VersionChecksum-MD  perf,integrity-        (*) skip loading existing object's metadata, Version and Checksum (VC) in particular
9Fsync-PUT                        integrity+,overhead    (*) when finalizing PUT(object): fflush prior to (close, rename) sequence
10S3-Presigned-Request             s3,security,compat     (*) pass-through client-signed (presigned) S3 requests for subsequent authentication by S3   <<<<<< colored
11Disable-Cold-GET                 perf,integrity-        disable cold-GET (from remote bucket)
12Streaming-Cold-GET               perf,integrity-        write and transmit cold-GET content back to user in parallel, without _finalizing_ in-cluster object
13S3-Use-Path-Style                s3,compat              use older path-style addressing (as opposed to virtual-hosted style), e.g., `https://s3.amazonaws.com/BUCKET/KEY`
14Resume-Interrupted-MPU           mpu,ops                resume interrupted multipart uploads from persisted partial manifests
15S3-ListObjectVersions            s3,overhead            when versioning info is requested, use ListObjectVersions API (beware: extremely slow, versioned S3 buckets only)
16Count-Object-NotFound-Stats      telemetry,ops          count GET(object) 404 as errors

3. reset feature flags back to zero (or ‘none’)

1$ ais bucket props set ais://nnn features none
2"features" set to: "0" (was: "S3-Presigned-Request")
3
4Bucket props successfully updated.
5
6FEATURE                          TAGS                    DESCRIPTION
7Skip-Loading-VersionChecksum-MD  perf,integrity-        (*) skip loading existing object's metadata, Version and Checksum (VC) in particular
8Fsync-PUT                        integrity+,overhead    (*) when finalizing PUT(object): fflush prior to (close, rename) sequence
9S3-Presigned-Request             s3,security,compat     (*) pass-through client-signed (presigned) S3 requests for subsequent authentication by S3
10Disable-Cold-GET                 perf,integrity-        disable cold-GET (from remote bucket)
11Streaming-Cold-GET               perf,integrity-        write and transmit cold-GET content back to user in parallel, without _finalizing_ in-cluster object
12S3-Use-Path-Style                s3,compat              use older path-style addressing (as opposed to virtual-hosted style), e.g., `https://s3.amazonaws.com/BUCKET/KEY`
13Resume-Interrupted-MPU           mpu,ops                resume interrupted multipart uploads from persisted partial manifests
14S3-ListObjectVersions            s3,overhead            when versioning info is requested, use ListObjectVersions API (beware: extremely slow, versioned S3 buckets only)
15Count-Object-NotFound-Stats      telemetry,ops          count GET(object) 404 as errors

Validation errors

When setting conflicting feature flags, the system will reject the configuration - e.g.:

1$ ais config cluster features Disable-Cold-GET Streaming-Cold-GET
2
3Error: feature flags "Disable-Cold-GET" and "Streaming-Cold-GET" are mutually exclusive

Example: Count-Object-NotFound-Stats

By default, a missing object (GET(object) returning 404) does not increment ERR-GET.

1$ ais get ais://nnn/missing
2Error: object "ais://nnn/missing" does not exist
3
4$ ais performance counters --regex err-get
5TARGET           ERR-GET(n)      ERR-GETBATCH(n)         ERR-GETBLOB(n)
6t[...]           -               -                       -

To restore the legacy behavior, enable Count-Object-NotFound-Stats either globally or on a per-bucket basis.

For example, set it on a bucket:

1$ ais bucket props set ais://nnn features Count-Object-NotFound-Stats
2"features" set to: "Count-Object-NotFound-Stats" (was: "none")
3
4Bucket props successfully updated.

Now the same missing-object GET increments ERR-GET:

1$ ais get ais://nnn/missing
2Error: object "ais://nnn/missing" does not exist
3
4$ ais performance counters --regex err-get
5TARGET           ERR-GET(n)      ERR-GETBATCH(n)         ERR-GETBLOB(n)
6t[...]           1               -                       -

In other words, the feature does not change GET semantics: the request still returns 404. It only changes whether object-not-found responses are counted as GET errors in the corresponding telemetry.