feat: cap controller container CPU, RAM, and PIDs

[konard]

Summary

Per-project containers already inherit a default 30% CPU/RAM cap (via resolveComposeResourceLimits), but the privileged docker-git-api controller that orchestrates them had no caps and could consume the entire host. This PR closes that gap so the whole system's resource footprint stays bounded.

• Add cpus, mem_limit, memswap_limit, and pids_limit defaults to the docker-git-api service in docker-compose.yml and docker-compose.api.yml.
• Make each cap configurable via env so operators can tune them without editing compose:

  Variable	Default	Purpose
  DOCKER_GIT_CONTROLLER_CPUS	2.0	CPU cores cap
  DOCKER_GIT_CONTROLLER_MEMORY	4g	RAM + swap cap (matched, no swap headroom)
  DOCKER_GIT_CONTROLLER_PIDS	4096	PID cap (defends against fork bombs)

• Document the two-layer resource-limit story in the README.
• Add tests/docker-git/controller-resource-limits.test.ts so the controller compose files cannot regress to unbounded.

Test plan

• bun x vitest run tests/docker-git/controller-resource-limits.test.ts (6 passed)
• bun x vitest run in packages/app (275 passed)
• bun x vitest run in packages/lib (166 passed, after building docker-git-session-sync)
• bun run typecheck in packages/app
• bun run lint:tests in packages/app

Notes

• Cap values are deliberately conservative; users with bigger fleets can raise them via env vars.
• mem_limit == memswap_limit disables swap headroom so the container cannot leak past the RAM cap into swap.
• A changeset (.changeset/cap-controller-resources.md) is included so the next release picks up the change.

Closes #260

[konard]

Working session summary

PR is ready and out of draft.

Summary

The issue (Russian: "Make a limit on the consumption of the whole system's resources") was already partially addressed for per-project containers (default 30% CPU/RAM via PR #136). The remaining gap: the privileged docker-git-api controller had no caps and could itself consume the entire host.

Changes:

• docker-compose.yml and docker-compose.api.yml: added cpus, mem_limit, memswap_limit, pids_limit to the api service, parameterized via DOCKER_GIT_CONTROLLER_CPUS (default 2.0), DOCKER_GIT_CONTROLLER_MEMORY (default 4g), DOCKER_GIT_CONTROLLER_PIDS (default 4096).
• README.md: documented the two-layer resource-limit story.
• packages/app/tests/docker-git/controller-resource-limits.test.ts: regression test that asserts both compose files contain all four caps.
• .changeset/cap-controller-resources.md: triggers a patch release.

Verification: 6/6 new tests pass, 275/275 app tests pass, 166/166 lib tests pass, typecheck clean, lint:tests clean.

PR: #263

---

This summary was automatically extracted from the AI working session output.

[konard]

🤖 Solution Draft Log

This log file contains the complete execution trace of the AI solution draft process.

💰 Cost: $4.840903

📊 Context and tokens usage:

Claude Opus 4.7:

• 100.6K / 1M (10%) input tokens, 20.6K / 128K (16%) output tokens

Total: (114 new + 104.1K cache writes + 7.2M cache reads) input tokens, 20.6K output tokens, $4.743435 cost

Claude Haiku 4.5:

• 36.0K / 200K (18%) input tokens, 2.8K / 64K (4%) output tokens

Total: (61 new + 36.0K cache writes + 386.5K cache reads) input tokens, 2.8K output tokens, $0.097468 cost

🤖 Models used:

• Tool: Anthropic Claude Code
• Requested: opus
• Main model: Claude Opus 4.7 (claude-opus-4-7)
• Additional models:
  • Claude Haiku 4.5 (claude-haiku-4-5-20251001)

📎 Log file uploaded as Gist (2582KB)

• View complete solution draft log

---

Now working session is ended, feel free to review and add any feedback on the solution draft.

[konard]

🔄 Auto-restart triggered (iteration 1)

Reason: CI failures detected

Starting new session to address the issues.

---

Auto-restart-until-mergeable mode is active. This run will stop after 5 restart iterations.

[konard]

Working session summary

All 15 CI checks pass (Build, Dist deps prune, all E2E suites, Lint, Lint Effect-TS, Snapshot, Test, Types).

Summary

The "Lint Effect-TS" CI check on PR #263 was failing because the new test file packages/app/tests/docker-git/controller-resource-limits.test.ts violated the strict Effect-TS lint profile in 6 places:

• node:fs, node:path, node:url direct imports (forbidden — must use @effect/platform services)
• A type cast (as const) outside src/core/axioms.ts

Fix (commit 1e651a3): Rewrote the test to read compose files via FileSystem.FileSystem and Path.Path services with a NodeContext.layer, used it.effect, and replaced the as const array with a typed ReadonlyArray<string>. All 6 tests still pass and the rest of the suite (275 tests) is unaffected.

PR: #263

---

This summary was automatically extracted from the AI working session output.

[konard]

🔄 Auto-restart-until-mergeable Log (iteration 1)

This log file contains the complete execution trace of the AI solution draft process.

💰 Cost: $1.611414

📊 Context and tokens usage:

• 65.8K / 1M (7%) input tokens, 9.0K / 128K (7%) output tokens

Total: (56 new + 59.3K cache writes + 2.0M cache reads) input tokens, 9.0K output tokens, $1.611414 cost

🤖 Models used:

• Tool: Anthropic Claude Code
• Requested: opus
• Model: Claude Opus 4.7 (claude-opus-4-7)

📎 Log file uploaded as Gist (3601KB)

• View complete solution draft log

---

Now working session is ended, feel free to review and add any feedback on the solution draft.

[konard]

🔄 Auto-restart triggered (iteration 2)

Reason: Uncommitted changes detected

Starting new session to address the issues.

---

Auto-restart-until-mergeable mode is active. This run will stop after 5 restart iterations.

[konard]

Working session summary

Everything is in order. Final state:

• Working tree: clean (removed transient ci-logs/ debug artifacts).
• PR feat: cap controller container CPU, RAM, and PIDs #263: open, not a draft, mergeable, 15/15 CI checks pass, mergeStateStatus CLEAN.
• Branch: up-to-date with main (no rebase/merge needed).
• Solution: 5 files address issue Сделать ограничение на потребление всёй системы ресурсов #260 — caps docker-git-api controller CPU/RAM/PIDs in both compose files, with env-tunable defaults, README docs, a regression test, and a changeset.

No further work needed; the PR is ready for review.

---

This summary was automatically extracted from the AI working session output.

[konard]

🔄 Auto-restart-until-mergeable Log (iteration 2)

This log file contains the complete execution trace of the AI solution draft process.

💰 Cost: $0.380035

📊 Context and tokens usage:

• 41.5K / 1M (4%) input tokens, 2.2K / 128K (2%) output tokens

Total: (16 new + 35.0K cache writes + 209.6K cache reads) input tokens, 2.2K output tokens, $0.380036 cost

🤖 Models used:

• Tool: Anthropic Claude Code
• Requested: opus
• Model: Claude Opus 4.7 (claude-opus-4-7)

📎 Log file uploaded as Gist (3905KB)

• View complete solution draft log

---

Now working session is ended, feel free to review and add any feedback on the solution draft.

[konard]

✅ Ready to merge

This pull request is now ready to be merged:

• All CI checks have passed
• No merge conflicts
• No pending changes

---

Monitored by hive-mind with --auto-restart-until-mergeable flag