Merge pull request #136 from skulidropek/issue-135

feat: cap docker-git container CPU and RAM by default

Author: skulidropek

packages/api/src/api/contracts.ts

@@ -42,6 +42,8 @@ export type CreateProjectRequest = {
   readonly envProjectPath?: string | undefined
   readonly codexAuthPath?: string | undefined
   readonly codexHome?: string | undefined
+  readonly cpuLimit?: string | undefined
+  readonly ramLimit?: string | undefined
   readonly dockerNetworkMode?: string | undefined
   readonly dockerSharedNetworkName?: string | undefined
   readonly enableMcpPlaywright?: boolean | undefined

packages/api/src/api/schema.ts

@@ -18,6 +18,8 @@ export const CreateProjectRequestSchema = Schema.Struct({
   envProjectPath: OptionalString,
   codexAuthPath: OptionalString,
   codexHome: OptionalString,
+  cpuLimit: OptionalString,
+  ramLimit: OptionalString,
   dockerNetworkMode: OptionalString,
   dockerSharedNetworkName: OptionalString,
   enableMcpPlaywright: OptionalBoolean,

packages/api/src/services/projects.ts

@@ -192,6 +192,8 @@ export const createProjectFromRequest = (
       ...(request.envProjectPath === undefined ? {} : { envProjectPath: request.envProjectPath }),
       ...(request.codexAuthPath === undefined ? {} : { codexAuthPath: request.codexAuthPath }),
       ...(request.codexHome === undefined ? {} : { codexHome: request.codexHome }),
+      ...(request.cpuLimit === undefined ? {} : { cpuLimit: request.cpuLimit }),
+      ...(request.ramLimit === undefined ? {} : { ramLimit: request.ramLimit }),
       ...(request.dockerNetworkMode === undefined ? {} : { dockerNetworkMode: request.dockerNetworkMode }),
       ...(request.dockerSharedNetworkName === undefined ? {} : { dockerSharedNetworkName: request.dockerSharedNetworkName }),
       ...(request.enableMcpPlaywright === undefined ? {} : { enableMcpPlaywright: request.enableMcpPlaywright }),

packages/api/src/ui.ts

@@ -383,6 +383,16 @@ export const uiHtml = `<!doctype html>
                   </select>
                 </div>
               </div>
+              <div class="row" style="margin-top:0.5rem">
+                <div>
+                  <label for="create-cpu">CPU limit</label>
+                  <input id="create-cpu" type="text" placeholder="30% or 1.5" />
+                </div>
+                <div>
+                  <label for="create-ram">RAM limit</label>
+                  <input id="create-ram" type="text" placeholder="30% or 4g" />
+                </div>
+              </div>
               <div class="checkbox-row" style="margin-top:0.6rem">
                 <input id="create-up" type="checkbox" checked />
                 <label for="create-up" style="margin:0">run up</label>
@@ -530,6 +540,8 @@ export const uiScript = `
     createRepoRef: byId('create-repo-ref'),
     createSshPort: byId('create-ssh-port'),
     createNetworkMode: byId('create-network-mode'),
+    createCpu: byId('create-cpu'),
+    createRam: byId('create-ram'),
     createUp: byId('create-up'),
     createForce: byId('create-force'),
     createForceEnv: byId('create-force-env')
@@ -818,6 +830,8 @@ export const uiScript = `
       repoUrl: views.createRepoUrl.value.trim() || undefined,
       repoRef: views.createRepoRef.value.trim() || undefined,
       sshPort: views.createSshPort.value.trim() || undefined,
+      cpuLimit: views.createCpu.value.trim() || undefined,
+      ramLimit: views.createRam.value.trim() || undefined,
       dockerNetworkMode: views.createNetworkMode.value.trim() || undefined,
       up: views.createUp.checked,
       force: views.createForce.checked,

packages/app/src/docker-git/cli/parser-apply.ts

@@ -1,6 +1,7 @@
 import { Either } from "effect"
 
 import { type ApplyCommand, type ParseError } from "@effect-template/lib/core/domain"
+import { normalizeCpuLimit, normalizeRamLimit } from "@effect-template/lib/core/resource-limits"
 
 import { parseProjectDirWithOptions } from "./parser-shared.js"
 
@@ -17,12 +18,19 @@ import { parseProjectDirWithOptions } from "./parser-shared.js"
 export const parseApply = (
   args: ReadonlyArray<string>
 ): Either.Either<ApplyCommand, ParseError> =>
-  Either.map(parseProjectDirWithOptions(args), ({ projectDir, raw }) => ({
-    _tag: "Apply",
-    projectDir,
-    runUp: raw.up ?? true,
-    gitTokenLabel: raw.gitTokenLabel,
-    codexTokenLabel: raw.codexTokenLabel,
-    claudeTokenLabel: raw.claudeTokenLabel,
-    enableMcpPlaywright: raw.enableMcpPlaywright
-  }))
+  Either.gen(function*(_) {
+    const { projectDir, raw } = yield* _(parseProjectDirWithOptions(args))
+    const cpuLimit = yield* _(normalizeCpuLimit(raw.cpuLimit, "--cpu"))
+    const ramLimit = yield* _(normalizeRamLimit(raw.ramLimit, "--ram"))
+    return {
+      _tag: "Apply",
+      projectDir,
+      runUp: raw.up ?? true,
+      gitTokenLabel: raw.gitTokenLabel,
+      codexTokenLabel: raw.codexTokenLabel,
+      claudeTokenLabel: raw.claudeTokenLabel,
+      cpuLimit,
+      ramLimit,
+      enableMcpPlaywright: raw.enableMcpPlaywright
+    }
+  })

packages/app/src/docker-git/cli/parser-options.ts

@@ -20,6 +20,8 @@ interface ValueOptionSpec {
     | "envProjectPath"
     | "codexAuthPath"
     | "codexHome"
+    | "cpuLimit"
+    | "ramLimit"
     | "dockerNetworkMode"
     | "dockerSharedNetworkName"
     | "archivePath"
@@ -54,6 +56,10 @@ const valueOptionSpecs: ReadonlyArray<ValueOptionSpec> = [
   { flag: "--env-project", key: "envProjectPath" },
   { flag: "--codex-auth", key: "codexAuthPath" },
   { flag: "--codex-home", key: "codexHome" },
+  { flag: "--cpu", key: "cpuLimit" },
+  { flag: "--cpus", key: "cpuLimit" },
+  { flag: "--ram", key: "ramLimit" },
+  { flag: "--memory", key: "ramLimit" },
   { flag: "--network-mode", key: "dockerNetworkMode" },
   { flag: "--shared-network", key: "dockerSharedNetworkName" },
   { flag: "--archive", key: "archivePath" },
@@ -109,6 +115,8 @@ const valueFlagUpdaters: { readonly [K in ValueKey]: (raw: RawOptions, value: st
   envProjectPath: (raw, value) => ({ ...raw, envProjectPath: value }),
   codexAuthPath: (raw, value) => ({ ...raw, codexAuthPath: value }),
   codexHome: (raw, value) => ({ ...raw, codexHome: value }),
+  cpuLimit: (raw, value) => ({ ...raw, cpuLimit: value }),
+  ramLimit: (raw, value) => ({ ...raw, ramLimit: value }),
   dockerNetworkMode: (raw, value) => ({ ...raw, dockerNetworkMode: value }),
   dockerSharedNetworkName: (raw, value) => ({ ...raw, dockerSharedNetworkName: value }),
   archivePath: (raw, value) => ({ ...raw, archivePath: value }),

packages/app/src/docker-git/cli/usage.ts

@@ -50,6 +50,8 @@ Options:
   --env-project <path>      Host path to project env file (default: ./.orch/env/project.env)
   --codex-auth <path>       Host path for Codex auth cache (default: <projectsRoot>/.orch/auth/codex)
   --codex-home <path>       Container path for Codex auth (default: /home/dev/.codex)
+  --cpu <value>             CPU limit: percent or cores (examples: 30%, 1.5; default: 30%)
+  --ram <value>             RAM limit: percent or size (examples: 30%, 512m, 4g; default: 30%)
   --network-mode <mode>     Compose network mode: shared|project (default: shared)
   --shared-network <name>   Shared Docker network name when network-mode=shared (default: docker-git-shared)
   --out-dir <path>          Output directory (default: <projectsRoot>/<org>/<repo>[/issue-<id>|/pr-<id>])

packages/app/src/docker-git/menu-create.ts

@@ -45,28 +45,38 @@ type CreateReturnContext = CreateContext & {
   readonly view: Extract<ViewState, { readonly _tag: "Create" }>
 }
 
+type OptionalCreateArg = {
+  readonly value: string
+  readonly args: readonly [string, string]
+}
+
+const optionalCreateArgs = (input: CreateInputs): ReadonlyArray<OptionalCreateArg> => [
+  { value: input.repoUrl, args: ["--repo-url", input.repoUrl] },
+  { value: input.repoRef, args: ["--repo-ref", input.repoRef] },
+  { value: input.outDir, args: ["--out-dir", input.outDir] },
+  { value: input.cpuLimit, args: ["--cpu", input.cpuLimit] },
+  { value: input.ramLimit, args: ["--ram", input.ramLimit] }
+]
+
+const booleanCreateFlags = (input: CreateInputs): ReadonlyArray<string> =>
+  [
+    input.runUp ? null : "--no-up",
+    input.enableMcpPlaywright ? "--mcp-playwright" : null,
+    input.force ? "--force" : null,
+    input.forceEnv ? "--force-env" : null
+  ].filter((value): value is string => value !== null)
+
 export const buildCreateArgs = (input: CreateInputs): ReadonlyArray<string> => {
   const args: Array<string> = ["create"]
-  if (input.repoUrl.length > 0) {
-    args.push("--repo-url", input.repoUrl)
-  }
-  if (input.repoRef.length > 0) {
-    args.push("--repo-ref", input.repoRef)
-  }
-  if (input.outDir.length > 0) {
-    args.push("--out-dir", input.outDir)
-  }
-  if (!input.runUp) {
-    args.push("--no-up")
-  }
-  if (input.enableMcpPlaywright) {
-    args.push("--mcp-playwright")
-  }
-  if (input.force) {
-    args.push("--force")
+
+  for (const spec of optionalCreateArgs(input)) {
+    if (spec.value.length > 0) {
+      args.push(spec.args[0], spec.args[1])
+    }
   }
-  if (input.forceEnv) {
-    args.push("--force-env")
+
+  for (const flag of booleanCreateFlags(input)) {
+    args.push(flag)
   }
   return args
 }
@@ -118,6 +128,8 @@ export const resolveCreateInputs = (
     repoUrl,
     repoRef: values.repoRef ?? resolvedRepoRef ?? "main",
     outDir,
+    cpuLimit: values.cpuLimit ?? "",
+    ramLimit: values.ramLimit ?? "",
     runUp: values.runUp !== false,
     enableMcpPlaywright: values.enableMcpPlaywright === true,
     force: values.force === true,
@@ -196,6 +208,14 @@ const applyCreateStep = (input: {
       input.nextValues.outDir = input.buffer.length > 0 ? input.buffer : input.currentDefaults.outDir
       return true
     }),
+    Match.when("cpuLimit", () => {
+      input.nextValues.cpuLimit = input.buffer.length > 0 ? input.buffer : input.currentDefaults.cpuLimit
+      return true
+    }),
+    Match.when("ramLimit", () => {
+      input.nextValues.ramLimit = input.buffer.length > 0 ? input.buffer : input.currentDefaults.ramLimit
+      return true
+    }),
     Match.when("runUp", () => {
       input.nextValues.runUp = parseYesDefault(input.buffer, input.currentDefaults.runUp)
       return true

packages/app/src/docker-git/menu-render.ts

@@ -31,6 +31,8 @@ export const renderStepLabel = (step: CreateStep, defaults: CreateInputs): strin
     Match.when("repoUrl", () => "Repo URL (optional for empty workspace)"),
     Match.when("repoRef", () => `Repo ref [${defaults.repoRef}]`),
     Match.when("outDir", () => `Output dir [${defaults.outDir}]`),
+    Match.when("cpuLimit", () => `CPU limit [${defaults.cpuLimit || "30%"}]`),
+    Match.when("ramLimit", () => `RAM limit [${defaults.ramLimit || "30%"}]`),
     Match.when("runUp", () => `Run docker compose up now? [${defaults.runUp ? "Y" : "n"}]`),
     Match.when(
       "mcpPlaywright",

packages/app/src/docker-git/menu-types.ts

@@ -48,6 +48,8 @@ export type CreateInputs = {
   readonly repoUrl: string
   readonly repoRef: string
   readonly outDir: string
+  readonly cpuLimit: string
+  readonly ramLimit: string
   readonly runUp: boolean
   readonly enableMcpPlaywright: boolean
   readonly force: boolean
@@ -58,6 +60,8 @@ export type CreateStep =
   | "repoUrl"
   | "repoRef"
   | "outDir"
+  | "cpuLimit"
+  | "ramLimit"
   | "runUp"
   | "mcpPlaywright"
   | "force"
@@ -66,6 +70,8 @@ export const createSteps: ReadonlyArray<CreateStep> = [
   "repoUrl",
   "repoRef",
   "outDir",
+  "cpuLimit",
+  "ramLimit",
   "runUp",
   "mcpPlaywright",
   "force"