Design robust group size limiting for calls

Design the admission-control and enforcement algorithm to limit group-call size under real-world race conditions. Constraints: multiple SFU edges in multiple regions; per-room limit depends on plan tier (Free=4, Pro=12, Enterprise=50) but can change mid-call if the host upgrades; clients may retry joins and can crash; join/leave events can be delayed; you must decide within 50 ms whether to admit or reject a join; consistency must be strong at the room level even when requests hit different edges; system must support 10k concurrent rooms. Requirements: (1) propose data structures and primitives (e.g., Redis with atomic Lua script, DB row with SELECT ... FOR UPDATE, or a lease-based counter with TTL tied to heartbeat), (2) provide precise admission logic (pseudo-code) that is idempotent, handles out-of-order leaves, and prevents over-admission during bursts, (3) describe how to propagate limit changes instantly and how to evict excess participants fairly if a limit decreases, (4) handle network partitions and cache failures (fallback to a safe soft limit vs. hard rejection), (5) ensure host bypass cannot exceed global limits, and (6) detail observability and alerting to detect drift between "counted" occupancy and actual media sessions. Discuss trade-offs of CP vs AP behavior at room scope and how you’d test the algorithm with fault injection.