flatrun · nfebe · Mar 18, 2026 · Mar 18, 2026 · sourceant · Mar 18, 2026
diff --git a/internal/api/resource_handlers.go b/internal/api/resource_handlers.go
@@ -0,0 +1,82 @@
+package api
+
+import (
+	"net/http"
+
+	"github.com/flatrun/agent/internal/docker"
+	"github.com/gin-gonic/gin"
+)
+
+func (s *Server) getContainerResources(c *gin.Context) {
+	id := c.Param("id")
+
+	resources, err := docker.GetContainerResources(id)
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{
+			"error": err.Error(),
+		})
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{
+		"resources": resources,
+	})
+}
+
+func (s *Server) updateContainerResources(c *gin.Context) {
+	id := c.Param("id")
+
+	var update docker.ResourceUpdate
+	if err := c.ShouldBindJSON(&update); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{
+			"error": "Invalid request body: " + err.Error(),
+		})
+		return
+	}
+
+	if update.MemoryLimit == nil && update.MemorySwap == nil &&
+		update.CPUs == nil && update.CPUShares == nil {
+		c.JSON(http.StatusBadRequest, gin.H{
+			"error": "At least one resource limit must be specified",
+		})
+		return
+	}
+
+	if err := docker.UpdateContainerResources(id, &update); err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{
+			"error": err.Error(),
+		})
+		return
+	}
+
+	resources, _ := docker.GetContainerResources(id)
-	resources, _ := docker.GetContainerResources(id)
+	resources, err := docker.GetContainerResources(id)
+	if err != nil {
+		c.JSON(http.StatusOK, gin.H{
+			"message": "Resources updated, but failed to fetch current limits",
+			"error":   err.Error(),
+		})
+		return
+	}
-	resources, _ := docker.GetContainerResources(id)
+	resources, err := docker.GetContainerResources(id)
+	if err != nil {
+		c.JSON(http.StatusOK, gin.H{
+			"message": "Resources updated, but failed to fetch current limits",
+			"error":   err.Error(),
+		})
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{
+		"message":   "Resources updated",
+		"resources": resources,
+	})
+}
+
+func (s *Server) getDeploymentResources(c *gin.Context) {
+	name := c.Param("name")
+
+	if _, err := s.manager.GetDeployment(name); err != nil {
+		c.JSON(http.StatusNotFound, gin.H{
+			"error": "deployment not found",
+		})
+		return
+	}
+
+	resources, err := docker.GetDeploymentResources(name)
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{
+			"error": err.Error(),
+		})
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{
+		"deployment": name,
+		"resources":  resources,
+	})
+}
diff --git a/internal/api/resource_handlers_test.go b/internal/api/resource_handlers_test.go
@@ -0,0 +1,169 @@
+package api
+
+import (
+	"bytes"
+	"encoding/json"
+	"net/http"
+	"net/http/httptest"
+	"os"
+	"testing"
+
+	"github.com/flatrun/agent/internal/auth"
+	"github.com/flatrun/agent/internal/docker"
+	"github.com/flatrun/agent/pkg/config"
+	"github.com/gin-gonic/gin"
+)
+
+func setupResourceTestServer(t *testing.T) (*gin.Engine, string, func()) {
+	gin.SetMode(gin.TestMode)
+
+	tmpDir, err := os.MkdirTemp("", "resource_test")
+	if err != nil {
+		t.Fatalf("Failed to create temp dir: %v", err)
+	}
+
+	cfg := &config.Config{
+		DeploymentsPath: tmpDir,
+		Auth: config.AuthConfig{
+			Enabled:   true,
+			JWTSecret: "test-jwt-secret-for-resources",
+			APIKeys:   []string{"test-api-key"},
+		},
+	}
+
+	os.Setenv("FLATRUN_ADMIN_PASSWORD", "testadminpass")
+
+	authManager, err := auth.NewManager(tmpDir, &cfg.Auth)
+	if err != nil {
+		os.RemoveAll(tmpDir)
+		t.Fatalf("Failed to create auth manager: %v", err)
+	}
+
+	manager := docker.NewManager(tmpDir)
+
+	server := &Server{
+		config:      cfg,
+		authManager: authManager,
+		manager:     manager,
+	}
+
+	router := gin.New()
+	authMiddleware := auth.NewMiddlewareWithManager(&cfg.Auth, authManager)
+
+	api := router.Group("/api")
+	api.POST("/auth/login", authMiddleware.Login)
+
+	protected := api.Group("")
+	protected.Use(authMiddleware.RequireAuth())
+	{
+		protected.GET("/containers/:id/resources", authMiddleware.RequirePermission(auth.PermContainersRead), server.getContainerResources)
+		protected.PUT("/containers/:id/resources", authMiddleware.RequirePermission(auth.PermContainersWrite), server.updateContainerResources)
+		protected.GET("/deployments/:name/resources", authMiddleware.RequirePermission(auth.PermDeploymentsRead), server.getDeploymentResources)
+	}
+
+	cleanup := func() {
+		authManager.Close()
+		os.RemoveAll(tmpDir)
+		os.Unsetenv("FLATRUN_ADMIN_PASSWORD")
+	}
+
+	token := loginAndGetToken(t, router, "admin", "testadminpass")
+	return router, token, cleanup
+}
+
+func TestGetContainerResourcesRequiresAuth(t *testing.T) {
+	router, _, cleanup := setupResourceTestServer(t)
+	defer cleanup()
+
+	req := httptest.NewRequest(http.MethodGet, "/api/containers/abc123/resources", nil)
+
+	w := httptest.NewRecorder()
+	router.ServeHTTP(w, req)
+
+	if w.Code == http.StatusOK {
+		t.Error("Expected auth error, got 200")
+	}
+}
+
+func TestUpdateContainerResourcesEmptyBody(t *testing.T) {
+	router, token, cleanup := setupResourceTestServer(t)
+	defer cleanup()
+
+	body := map[string]interface{}{}
+	jsonBody, _ := json.Marshal(body)
+
+	req := httptest.NewRequest(http.MethodPut, "/api/containers/abc123/resources", bytes.NewBuffer(jsonBody))
+	req.Header.Set("Authorization", "Bearer "+token)
+	req.Header.Set("Content-Type", "application/json")
+
+	w := httptest.NewRecorder()
+	router.ServeHTTP(w, req)
+
+	if w.Code != http.StatusBadRequest {
+		t.Errorf("Expected 400 for empty update, got %d: %s", w.Code, w.Body.String())
+	}
+}
+
+func TestUpdateContainerResourcesBadJSON(t *testing.T) {
+	router, token, cleanup := setupResourceTestServer(t)
+	defer cleanup()
+
+	req := httptest.NewRequest(http.MethodPut, "/api/containers/abc123/resources", bytes.NewBufferString("{invalid"))
+	req.Header.Set("Authorization", "Bearer "+token)
+	req.Header.Set("Content-Type", "application/json")
+
+	w := httptest.NewRecorder()
+	router.ServeHTTP(w, req)
+
+	if w.Code != http.StatusBadRequest {
+		t.Errorf("Expected 400 for bad JSON, got %d", w.Code)
+	}
+}
+
+func TestGetDeploymentResourcesNotFound(t *testing.T) {
+	router, token, cleanup := setupResourceTestServer(t)
+	defer cleanup()
+
+	req := httptest.NewRequest(http.MethodGet, "/api/deployments/nonexistent/resources", nil)
+	req.Header.Set("Authorization", "Bearer "+token)
+
+	w := httptest.NewRecorder()
+	router.ServeHTTP(w, req)
+
+	if w.Code != http.StatusNotFound {
+		t.Errorf("Expected 404 for nonexistent deployment, got %d", w.Code)
+	}
+}
+
+func TestResourceUpdateStructSerialization(t *testing.T) {
+	mem := int64(256 * 1024 * 1024)
+	cpus := 0.5
+
+	update := docker.ResourceUpdate{
+		MemoryLimit: &mem,
+		CPUs:        &cpus,
+	}
+
+	data, err := json.Marshal(update)
+	if err != nil {
+		t.Fatalf("Failed to marshal: %v", err)
+	}
+
+	var parsed docker.ResourceUpdate
+	if err := json.Unmarshal(data, &parsed); err != nil {
+		t.Fatalf("Failed to unmarshal: %v", err)
+	}
+
+	if parsed.MemoryLimit == nil || *parsed.MemoryLimit != mem {
+		t.Errorf("MemoryLimit = %v, want %d", parsed.MemoryLimit, mem)
+	}
+	if parsed.CPUs == nil || *parsed.CPUs != cpus {
+		t.Errorf("CPUs = %v, want %f", parsed.CPUs, cpus)
+	}
+	if parsed.MemorySwap != nil {
+		t.Error("MemorySwap should be nil")
+	}
+	if parsed.CPUShares != nil {
+		t.Error("CPUShares should be nil")
+	}
+}
diff --git a/internal/api/server.go b/internal/api/server.go
@@ -306,6 +306,10 @@ func (s *Server) setupRoutes() {
 			protected.POST("/compose/update", s.authMiddleware.RequirePermission(auth.PermDeploymentsWrite), s.updateCompose)
 			protected.GET("/stats", s.authMiddleware.RequirePermission(auth.PermDeploymentsRead), s.getSystemStats)
 
+			// Server info and network health endpoints
+			protected.GET("/server/info", s.authMiddleware.RequirePermission(auth.PermSystemRead), s.getServerInfo)
+			protected.GET("/server/network-health", s.authMiddleware.RequirePermission(auth.PermSystemRead), s.getNetworkHealth)
+
 			// Template and plugin endpoints
 			protected.GET("/plugins", s.authMiddleware.RequirePermission(auth.PermTemplatesRead), s.listPlugins)
 			protected.GET("/plugins/:name", s.authMiddleware.RequirePermission(auth.PermTemplatesRead), s.getPlugin)
@@ -326,7 +330,10 @@ func (s *Server) setupRoutes() {
 			protected.GET("/containers/:id/stats", s.authMiddleware.RequirePermission(auth.PermContainersRead), s.getContainerStats)
 			protected.GET("/containers/stats", s.authMiddleware.RequirePermission(auth.PermContainersRead), s.getAllContainerStats)
 			protected.POST("/containers/:id/exec", s.authMiddleware.RequirePermission(auth.PermContainersWrite), s.containerExecHTTP)
+			protected.GET("/containers/:id/resources", s.authMiddleware.RequirePermission(auth.PermContainersRead), s.getContainerResources)
+			protected.PUT("/containers/:id/resources", s.authMiddleware.RequirePermission(auth.PermContainersWrite), s.updateContainerResources)
 			protected.GET("/deployments/:name/stats", s.authMiddleware.RequirePermission(auth.PermDeploymentsRead), s.authMiddleware.RequireDeploymentAccess(auth.AccessLevelRead), s.getDeploymentContainerStats)
+			protected.GET("/deployments/:name/resources", s.authMiddleware.RequirePermission(auth.PermDeploymentsRead), s.authMiddleware.RequireDeploymentAccess(auth.AccessLevelRead), s.getDeploymentResources)
 
 			// Image endpoints
 			protected.GET("/images", s.authMiddleware.RequirePermission(auth.PermImagesRead), s.listImages)

diff --git a/internal/api/server_info_handlers.go b/internal/api/server_info_handlers.go
@@ -0,0 +1,36 @@
+package api
+
+import (
+	"net/http"
+
+	"github.com/flatrun/agent/internal/system"
+	"github.com/gin-gonic/gin"
+)
+
+func (s *Server) getServerInfo(c *gin.Context) {
+	info, err := system.GetServerInfo()
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{
+			"error": err.Error(),
+		})
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{
+		"server": info,
+	})
+}
+
+func (s *Server) getNetworkHealth(c *gin.Context) {
+	health, err := system.CheckNetworkHealth(c.Request.Context())
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{
+			"error": err.Error(),
+		})
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{
+		"network_health": health,
+	})
+}