Merge remote-tracking branch 'origin/main' into issue-278-d92a50df7e27

Author: skulidropek

.coderabbit.yaml

@@ -0,0 +1,140 @@
+# yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json
+language: "ru-RU"
+early_access: false
+
+reviews:
+  profile: "assertive"
+  request_changes_workflow: false
+  high_level_summary: true
+  high_level_summary_in_walkthrough: true
+  review_status: true
+  review_details: true
+  commit_status: true
+  fail_commit_status: true
+  collapse_walkthrough: true
+  changed_files_summary: true
+  sequence_diagrams: true
+  estimate_code_review_effort: true
+  assess_linked_issues: true
+  related_issues: true
+  related_prs: true
+  suggested_labels: true
+  poem: false
+  in_progress_fortune: false
+  abort_on_close: true
+
+  auto_review:
+    enabled: true
+    auto_incremental_review: true
+    auto_pause_after_reviewed_commits: 0
+    drafts: true
+    base_branches:
+      - ".*"
+    labels:
+      - "!do-not-review"
+      - "!skip-coderabbit"
+    ignore_title_keywords:
+      - "[skip review]"
+      - "[skip coderabbit]"
+      - "do not review"
+
+  path_instructions:
+    - path: "**/*"
+      instructions: |
+        Ты строгий ревьюер SPEC DRIVEN DEVELOPMENT.
+
+        Перед выводами изучи README.md, другие *.md файлы, linked issues,
+        PR description, PR comments/discussion и релевантную кодовую базу.
+
+        Сверь изменения с исходным ТЗ/спекой и обсуждением. Флагай любой уход
+        от спеки, недокументированное изменение поведения, отсутствие тестов
+        для заявленного поведения и security-риск. Если спека не видна,
+        попроси автора добавить ее в issue или PR description.
+
+        Проверь решение с точки зрения формальной верификации: какие инварианты,
+        предусловия и постусловия можно доказать математически, а где доказуемость
+        слабая. Оцени решение с точки зрения теории игр: устойчивы ли стимулы,
+        нет ли выгодного обхода правил, и какое решение было бы сильнее.
+
+  pre_merge_checks:
+    issue_assessment:
+      mode: "warning"
+    custom_checks:
+      - name: "Requirements alignment"
+        mode: "error"
+        instructions: |
+          Fail if the diff contradicts the visible spec/TZ, linked issue, PR
+          discussion, README/docs, or changes behavior without documenting it.
+          Fail if promised behavior has no relevant tests. Return Inconclusive
+          when the spec is missing and ask the author to add it. Also flag weak
+          formal invariants or game-theory incentives when they undermine the spec.
+      - name: "Security regression"
+        mode: "warning"
+        instructions: |
+          Fail if changed files introduce a high-confidence security regression, including:
+          - command injection or unsafe shell/process execution with user-controlled input;
+          - path traversal or writes outside intended project/container state directories;
+          - credential, token, private-key, or PII exposure in source, generated config, logs, or CI output;
+          - unsafe Docker/GitHub Actions configuration such as privileged containers, broad host mounts, unbounded Docker socket access, unsafe `pull_request_target`, or unnecessary write permissions;
+          - dependency or package-manager changes that materially increase supply-chain risk without justification.
+
+          Pass when no high-confidence regression is found. Return Inconclusive when the diff is too large or lacks enough context to determine risk.
+
+  tools:
+    github-checks:
+      enabled: true
+      timeout_ms: 900000
+    gitleaks:
+      enabled: true
+    trufflehog:
+      enabled: true
+    semgrep:
+      enabled: true
+    opengrep:
+      enabled: true
+    osvScanner:
+      enabled: true
+    checkov:
+      enabled: true
+    trivy:
+      enabled: true
+    presidio:
+      enabled: true
+    actionlint:
+      enabled: true
+    hadolint:
+      enabled: true
+    shellcheck:
+      enabled: true
+    eslint:
+      enabled: true
+    oxc:
+      enabled: true
+    yamllint:
+      enabled: true
+    dotenvLint:
+      enabled: true
+
+knowledge_base:
+  opt_out: false
+  web_search:
+    enabled: true
+  code_guidelines:
+    enabled: true
+    filePatterns:
+      - "AGENTS.md"
+      - "CLAUDE.md"
+      - "GEMINI.md"
+      - "README.md"
+      - "docs/**/*.md"
+  issues:
+    scope: "local"
+  pull_requests:
+    scope: "local"
+  learnings:
+    scope: "local"
+
+chat:
+  art: false
+  auto_reply: true
+  allow_non_org_members: true

.github/pull_request_template.md

@@ -0,0 +1,18 @@
+# Source TZ / Issues
+
+- Fixes #
+- Related discussion:
+
+## Summary
+
+-
+
+## Requirements Alignment
+
+- Implemented:
+- Out of scope:
+- Security-sensitive changes:
+
+## Verification
+
+-

.greptile/config.json

@@ -0,0 +1,43 @@
+{
+  "strictness": 1,
+  "commentTypes": ["logic", "syntax", "style", "info"],
+  "triggerOnUpdates": true,
+  "triggerOnDrafts": true,
+  "ignorePatterns": "node_modules/**\ndist/**\ncoverage/**\nthird_party/**",
+  "statusCheck": true,
+  "statusCommentsEnabled": true,
+  "updateExistingSummaryComment": true,
+  "summarySection": {
+    "included": true,
+    "collapsible": true,
+    "defaultOpen": false
+  },
+  "instructions": "This is a public MIT open-source TypeScript/Bun monorepo. Review every PR as SPEC DRIVEN DEVELOPMENT: compare the diff with README.md, repository Markdown docs, linked issues, PR description, PR comments and the relevant codebase. Flag spec drift, undocumented behavior changes, missing tests for promised behavior, high-confidence security risks, weak formal invariants, and game-theory incentive problems.",
+  "rules": [
+    {
+      "id": "spec-source-required",
+      "rule": "Every behavioral change must be traceable to a visible source of truth: linked issue, PR description, PR discussion, README/docs, or changed-code reference. If the spec is missing, ask the author to add it before approval.",
+      "severity": "high"
+    },
+    {
+      "id": "spec-alignment",
+      "rule": "Flag any change that contradicts the visible issue/TZ/spec, PR discussion, README/docs, or changes behavior without documentation.",
+      "severity": "high"
+    },
+    {
+      "id": "security-review",
+      "rule": "Look for injection, path traversal, secret leaks, unsafe Docker/GitHub Actions settings, supply-chain risk, and cross-container isolation regressions.",
+      "severity": "high"
+    },
+    {
+      "id": "formal-verification",
+      "rule": "Assess which invariants, preconditions, and postconditions are mathematically defensible. Flag weak or unstated invariants when they affect correctness.",
+      "severity": "medium"
+    },
+    {
+      "id": "game-theory",
+      "rule": "Assess whether the implementation creates incentives to bypass intended rules or safety controls. Suggest a stronger mechanism when incentives are misaligned.",
+      "severity": "medium"
+    }
+  ]
+}

.greptile/files.json

@@ -0,0 +1,16 @@
+{
+  "files": [
+    {
+      "path": "README.md",
+      "description": "Main project behavior, CLI usage, runtime contracts, and architecture notes."
+    },
+    {
+      "path": "AGENTS.md",
+      "description": "Repository engineering rules, formal verification expectations, and review constraints."
+    },
+    {
+      "path": "LICENSE",
+      "description": "Project license text, legal terms, and copyright."
+    }
+  ]
+}

.greptile/rules.md

@@ -0,0 +1,15 @@
+# SPEC-DRIVEN DEVELOPMENT Review Rules
+
+Review every PR against its source of truth, not only against the diff.
+
+Use README.md, repository Markdown docs, linked issues, PR description, PR comments/discussion, and the relevant codebase as review context.
+
+Flag:
+- Spec drift or contradiction with the issue/TZ/spec.
+- Undocumented behavior changes.
+- Missing tests for promised behavior.
+- Security regressions.
+- Weak formal invariants, preconditions, or postconditions.
+- Game-theory incentive problems where users can profitably bypass intended rules.
+
+If the spec is not visible, ask the author to copy the final requirements into the issue or PR description.

.pr_agent.toml

@@ -0,0 +1,24 @@
+[github_app]
+pr_commands = [
+  "/agentic_describe",
+  "/agentic_review"
+]
+handle_push_trigger = true
+push_commands = [
+  "/agentic_review"
+]
+
+[review_agent]
+comments_location_policy = "both"
+inline_comments_severity_threshold = 2
+issues_user_guidelines = """
+Review as SPEC DRIVEN DEVELOPMENT.
+Read README.md, repository Markdown docs, linked issues, PR description, PR comments/discussion, and relevant code.
+Flag spec drift, undocumented behavior changes, missing tests for promised behavior, and security risks.
+"""
+compliance_user_guidelines = """
+Check whether the code matches the visible issue/TZ/spec and discussion.
+Check formal-verification quality: invariants, preconditions, postconditions, and what can be proved mathematically.
+Check game-theory quality: whether incentives let users bypass intended rules, and suggest stronger mechanisms.
+If the spec is missing, ask the author to add it to the issue or PR description.
+"""

.sourcery.yaml

@@ -0,0 +1,13 @@
+ignore:
+  - .git
+  - node_modules
+  - dist
+  - coverage
+  - third_party
+
+github:
+  labels: []
+  ignore_labels:
+    - sourcery-ignore
+    - do-not-review
+    - skip-review

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 ProverCoderAI Contributors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -3,6 +3,8 @@
 `docker-git` создаёт отдельную Docker-среду для каждого репозитория, issue или PR.
 По умолчанию проекты лежат в `~/.docker-git`.
 
+License: MIT. See [LICENSE](LICENSE).
+
 ## Установка
 
 ```bash
@@ -113,3 +115,30 @@ When the CLI cannot acquire Docker access it now prints a message that
 names the specific failure mode, restates the host-Docker contract, and
 lists remediation steps for that exact mode. Implementation lives in
 `packages/app/src/docker-git/controller-docker-diagnostics.ts`.
+
+## Resource limits
+
+`docker-git` caps host resource consumption at two layers so a runaway
+project (or the controller itself) cannot consume the entire system.
+
+- **Per-project containers** ship with a default limit of `30%` CPU and
+  `30%` RAM (resolved against the host on `apply`). Override via
+  `--cpu` / `--ram` (or per-project `docker-git.json`).
+- **Controller container** (`docker-git-api`) is capped in
+  `docker-compose.yml` and `docker-compose.api.yml`. When started through
+  `docker-git` or `./ctl`, the default CPU/RAM cap is resolved to `90%` of
+  host resources. Override with global CLI flags:
+
+  ```bash
+  docker-git --controller-cpu 75% --controller-ram 8g --controller-pids 8192 ps
+  ./ctl up --cpu 75% --ram 8g --pids 8192
+  ```
+
+  The same values can be provided through env vars before `docker-git` or
+  `./ctl up`:
+
+  | Variable                       | Default | Purpose                              |
+  | ------------------------------ | ------- | ------------------------------------ |
+  | `DOCKER_GIT_CONTROLLER_CPUS`   | `90%`   | CPU percent or cores for the controller |
+  | `DOCKER_GIT_CONTROLLER_MEMORY` | `90%`   | RAM percent or size; swap is matched |
+  | `DOCKER_GIT_CONTROLLER_PIDS`   | `4096`  | Maximum PIDs inside the controller   |