fix(docker): allow swap and network configuration#308
Conversation
- resolves memswap_limit from RAM as a finite RAM+swap ceiling - passes configurable Docker network settings into build and auth run commands - normalizes CRLF in skiller patch matching
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: ASSERTIVE Plan: Pro Plus Run ID: 📒 Files selected for processing (2)
📜 Recent review details⏰ Context from checks skipped due to timeout of 900000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (6)
🧰 Additional context used📓 Path-based instructions (8)**/*⚙️ CodeRabbit configuration file
Files:
**/*.{ts,tsx}📄 CodeRabbit inference engine (CLAUDE.md)
Files:
**/*.test.{ts,tsx}📄 CodeRabbit inference engine (CLAUDE.md)
Files:
**/*.{ts,tsx,js,jsx}📄 CodeRabbit inference engine (AGENTS.md)
Files:
**/*.{test,spec}.{ts,tsx}📄 CodeRabbit inference engine (AGENTS.md)
Files:
**/*.{sh,bash,py,js,ts,jsx,tsx,go,java,rb,php}📄 CodeRabbit inference engine (Custom checks)
Files:
**/*.{py,js,ts,jsx,tsx,go,java,rb,php,sh,bash,c,cpp}📄 CodeRabbit inference engine (Custom checks)
Files:
**/*.{js,ts,jsx,tsx,py,java,go,rb,php,sh,bash,yml,yaml,json,env*,toml,cfg,config,dockerfile,dockerignore}📄 CodeRabbit inference engine (Custom checks)
Files:
🧠 Learnings (1)📓 Common learnings🔇 Additional comments (2)
📝 WalkthroughSummary by CodeRabbit
WalkthroughДобавлено вычисление swapLimit по финальному ramLimit; renderDockerCompose использует swapLimit для memswap_limit. Введена опция network для docker run/build; переход с -v на --mount через buildDockerBindMountArg. Улучшена нормализация путей (trimTrailingPathSeparators, joinHelpers) и CRLF→LF в скрипте патчей; соответствующие тесты обновлены. ChangesSwap Limit Resolution
Controller env integration & compose defaults
Docker Network Configuration and Bind-Mounts
Path & Command Helpers
Patch Utility
Estimated code review effort: ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
|
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 5
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@packages/app/src/lib/shell/docker-auth.ts`:
- Around line 201-204: The code forces "--network host" by default; change the
logic in the block that builds dockerNetwork so it only adds the "--network"
flag when an explicit value is provided via spec.network or the
DOCKER_GIT_AUTH_DOCKER_NETWORK env (i.e. remove the implicit default "host").
Locate the dockerNetwork assignment (uses spec.network and
resolveDockerEnvValue("DOCKER_GIT_AUTH_DOCKER_NETWORK")) and ensure you do not
fallback to "host" — instead only trim and push("--network", dockerNetwork) when
dockerNetwork is non-empty because it was explicitly set.
In `@packages/app/src/lib/usecases/docker-image.ts`:
- Around line 70-73: The code blindly adds ["--network", spec.buildNetwork]
whenever spec.buildNetwork !== undefined which can pass empty/whitespace and
break docker; update the networkArgs construction (used where
runCommandWithExitCodes is called and in the args for the "docker build"
invocation) to first check const net = spec.buildNetwork?.trim(); and only set
networkArgs = net ? ["--network", net] : []; ensure the trimmed value is used in
the args passed to runCommandWithExitCodes so empty or whitespace-only
buildNetwork is ignored.
In `@packages/lib/src/shell/docker-auth.ts`:
- Around line 200-203: The current code forces "--network host" by default
because dockerNetwork falls back to "host"; change this so the network flag is
only added when an explicit config exists: compute a network value from
spec.network or resolveDockerEnvValue("DOCKER_GIT_AUTH_DOCKER_NETWORK") without
defaulting to "host" (e.g., const dockerNetwork = (spec.network ??
resolveDockerEnvValue(...));), then only call base.push("--network",
dockerNetwork) when dockerNetwork is non-null/undefined and
dockerNetwork.trim().length > 0; update references around dockerNetwork,
resolveDockerEnvValue, spec.network and the base.push call accordingly.
In `@packages/lib/src/usecases/docker-image.ts`:
- Around line 69-72: The current construction of networkArgs uses
spec.buildNetwork directly and can pass invalid/empty strings to the docker
build command; update the guard used when building networkArgs (the variable and
its use with runCommandWithExitCodes) to trim spec.buildNetwork and only include
["--network", spec.buildNetwork] when the trimmed value is non-empty (same
robust pattern as used in docker-auth), so that networkArgs is [] for
undefined/null/blank values and the docker build args remain valid.
In `@scripts/skiller-apply-docker-git-patches.mjs`:
- Around line 78-79: Вынесите повторную проверку normalized.endsWith("\n") в
локальную константу (например finalNewline) и используйте её и при заполнении
поля finalNewline, и при вычислении lines: finalNewline ? normalized.slice(0,
-1).split("\n") : normalized.split("\n"); обновите соответствующие места в
функции/блоке где объявлены finalNewline, lines и используется переменная
normalized.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Pro Plus
Run ID: ec20d46c-59e9-4503-a8b1-469e11617bab
📒 Files selected for processing (14)
packages/app/src/docker-git/frontend-lib/core/resource-limits.tspackages/app/src/lib/core/resource-limits.tspackages/app/src/lib/core/templates/docker-compose.tspackages/app/src/lib/shell/docker-auth.tspackages/app/src/lib/usecases/docker-image.tspackages/app/src/lib/usecases/github-auth-image.tspackages/app/src/lib/usecases/gitlab-auth-image.tspackages/lib/src/core/resource-limits.tspackages/lib/src/core/templates/docker-compose.tspackages/lib/src/shell/docker-auth.tspackages/lib/src/usecases/docker-image.tspackages/lib/src/usecases/github-auth-image.tspackages/lib/src/usecases/gitlab-auth-image.tsscripts/skiller-apply-docker-git-patches.mjs
📜 Review details
⏰ Context from checks skipped due to timeout of 900000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (9)
- GitHub Check: E2E (Login context)
- GitHub Check: E2E (Runtime volumes + SSH)
- GitHub Check: E2E (OpenCode)
- GitHub Check: E2E (Browser command)
- GitHub Check: Lint
- GitHub Check: E2E (Clone auto-open SSH)
- GitHub Check: Test
- GitHub Check: E2E (Clone cache)
- GitHub Check: Final build (windows-latest)
🧰 Additional context used
📓 Path-based instructions (6)
**/*.{ts,tsx}
📄 CodeRabbit inference engine (CLAUDE.md)
**/*.{ts,tsx}: Implement Functional Core, Imperative Shell (FCIS) pattern: CORE layer contains only pure functions with immutable data and mathematical operations; SHELL layer isolates all effects (IO, network, database). Strict dependency direction: SHELL → CORE (never reverse).
Never useany,unknown,eslint-disable,ts-ignore, orastype assertions (except in rigorously justified cases with documentation). Always use exhaustive union type analysis through.exhaustive()pattern matching.
All external dependencies must be wrapped through typed interfaces and injected via Effect-TS Layer pattern. Never call external services directly from CORE functions.
Use monadic composition with Effect-TS for all effects:Effect<Success, Error, Requirements>. Compose effects throughpipe()andEffect.flatMap(). Implement dependency injection via Layer pattern. Handle errors without try/catch blocks.
All functions must be pure in the CORE layer: no side effects (logging, console output, IO operations, mutations). Separate all side effects into the SHELL layer.
Use exhaustive pattern matching with Effect.Match instead of switch statements. Example:Match.value(item).pipe(Match.when(...), Match.exhaustive).
Document all functions with comprehensive TSDoc including:@pure(true/false),@effect(required services),@invariant(mathematical invariants),@precondition,@postcondition,@complexity(time and space),@throwsNever (errors must be typed in Effect).
Use functional comment markers for code clarity: CHANGE (brief description), WHY (mathematical/architectural justification), QUOTE(ТЗ) (requirement citation), REF (RTM or message ID), SOURCE (external source with quote), FORMAT THEOREM (∀x ∈ Domain: P(x) → Q(f(x))), PURITY (CORE|SHELL), EFFECT (Effect type signature), INVARIANT (mathematical invariant), COMPLEXITY (time/space).
Define all external service dependencies as Context.Tag classes with fully typed methods returning Effect types. Example: `class Da...
Files:
packages/app/src/lib/core/templates/docker-compose.tspackages/lib/src/usecases/github-auth-image.tspackages/app/src/lib/shell/docker-auth.tspackages/lib/src/core/resource-limits.tspackages/app/src/lib/usecases/docker-image.tspackages/lib/src/usecases/docker-image.tspackages/lib/src/shell/docker-auth.tspackages/app/src/lib/usecases/gitlab-auth-image.tspackages/lib/src/core/templates/docker-compose.tspackages/app/src/lib/core/resource-limits.tspackages/app/src/docker-git/frontend-lib/core/resource-limits.tspackages/lib/src/usecases/gitlab-auth-image.tspackages/app/src/lib/usecases/github-auth-image.ts
**/*.{ts,tsx,js,jsx}
📄 CodeRabbit inference engine (AGENTS.md)
**/*.{ts,tsx,js,jsx}: Forbidden constructs in CORE code:any,eslint-disable,ts-ignore,async/await, raw Promise chains (then/catch),Promise.all,try/catchfor logic control,console.*, switch statements (use Match with .exhaustive() instead)
All functions must use Effect-TS for composing effects:Effect<Success, Error, Requirements>. No direct async/await, Promise chains, or try/catch in product logic.
Functional comments must include: CHANGE, WHY, QUOTE(ТЗ) or n/a, REF, SOURCE or n/a, FORMAT THEOREM, PURITY (CORE|SHELL), EFFECT signature for SHELL functions, INVARIANT, and COMPLEXITY.
All data mutations must use immutable patterns (ReadonlyArray, readonly properties, Object.freeze); mutation in SHELL only when absolutely necessary and documented.
Files:
packages/app/src/lib/core/templates/docker-compose.tspackages/lib/src/usecases/github-auth-image.tspackages/app/src/lib/shell/docker-auth.tspackages/lib/src/core/resource-limits.tspackages/app/src/lib/usecases/docker-image.tspackages/lib/src/usecases/docker-image.tspackages/lib/src/shell/docker-auth.tspackages/app/src/lib/usecases/gitlab-auth-image.tspackages/lib/src/core/templates/docker-compose.tspackages/app/src/lib/core/resource-limits.tspackages/app/src/docker-git/frontend-lib/core/resource-limits.tspackages/lib/src/usecases/gitlab-auth-image.tspackages/app/src/lib/usecases/github-auth-image.ts
**/*.{sh,bash,py,js,ts,jsx,tsx,go,java,rb,php}
📄 CodeRabbit inference engine (Custom checks)
Fail if changed files introduce command injection or unsafe shell/process execution with user-controlled input
Files:
packages/app/src/lib/core/templates/docker-compose.tspackages/lib/src/usecases/github-auth-image.tspackages/app/src/lib/shell/docker-auth.tspackages/lib/src/core/resource-limits.tspackages/app/src/lib/usecases/docker-image.tspackages/lib/src/usecases/docker-image.tspackages/lib/src/shell/docker-auth.tspackages/app/src/lib/usecases/gitlab-auth-image.tspackages/lib/src/core/templates/docker-compose.tspackages/app/src/lib/core/resource-limits.tspackages/app/src/docker-git/frontend-lib/core/resource-limits.tspackages/lib/src/usecases/gitlab-auth-image.tspackages/app/src/lib/usecases/github-auth-image.ts
**/*.{py,js,ts,jsx,tsx,go,java,rb,php,sh,bash,c,cpp}
📄 CodeRabbit inference engine (Custom checks)
Fail if changed files introduce path traversal or writes outside intended project/container state directories
Files:
packages/app/src/lib/core/templates/docker-compose.tspackages/lib/src/usecases/github-auth-image.tspackages/app/src/lib/shell/docker-auth.tspackages/lib/src/core/resource-limits.tspackages/app/src/lib/usecases/docker-image.tspackages/lib/src/usecases/docker-image.tspackages/lib/src/shell/docker-auth.tspackages/app/src/lib/usecases/gitlab-auth-image.tspackages/lib/src/core/templates/docker-compose.tspackages/app/src/lib/core/resource-limits.tspackages/app/src/docker-git/frontend-lib/core/resource-limits.tspackages/lib/src/usecases/gitlab-auth-image.tspackages/app/src/lib/usecases/github-auth-image.ts
**/*.{js,ts,jsx,tsx,py,java,go,rb,php,sh,bash,yml,yaml,json,env*,toml,cfg,config,dockerfile,dockerignore}
📄 CodeRabbit inference engine (Custom checks)
Fail if changed files expose credentials, tokens, private-keys, or PII in source, generated config, logs, or CI output
Files:
packages/app/src/lib/core/templates/docker-compose.tspackages/lib/src/usecases/github-auth-image.tspackages/app/src/lib/shell/docker-auth.tspackages/lib/src/core/resource-limits.tspackages/app/src/lib/usecases/docker-image.tspackages/lib/src/usecases/docker-image.tspackages/lib/src/shell/docker-auth.tspackages/app/src/lib/usecases/gitlab-auth-image.tspackages/lib/src/core/templates/docker-compose.tspackages/app/src/lib/core/resource-limits.tspackages/app/src/docker-git/frontend-lib/core/resource-limits.tspackages/lib/src/usecases/gitlab-auth-image.tspackages/app/src/lib/usecases/github-auth-image.ts
**/*
⚙️ CodeRabbit configuration file
**/*: Ты строгий ревьюер SPEC DRIVEN DEVELOPMENT.Перед выводами изучи README.md, другие *.md файлы, linked issues,
PR description, PR comments/discussion и релевантную кодовую базу.Сверь изменения с исходным ТЗ/спекой и обсуждением. Флагай любой уход
от спеки, недокументированное изменение поведения, отсутствие тестов
для заявленного поведения и security-риск. Если спека не видна,
попроси автора добавить ее в issue или PR description.Проверь решение с точки зрения формальной верификации: какие инварианты,
предусловия и постусловия можно доказать математически, а где доказуемость
слабая. Оцени решение с точки зрения теории игр: устойчивы ли стимулы,
нет ли выгодного обхода правил, и какое решение было бы сильнее.
Files:
packages/app/src/lib/core/templates/docker-compose.tsscripts/skiller-apply-docker-git-patches.mjspackages/lib/src/usecases/github-auth-image.tspackages/app/src/lib/shell/docker-auth.tspackages/lib/src/core/resource-limits.tspackages/app/src/lib/usecases/docker-image.tspackages/lib/src/usecases/docker-image.tspackages/lib/src/shell/docker-auth.tspackages/app/src/lib/usecases/gitlab-auth-image.tspackages/lib/src/core/templates/docker-compose.tspackages/app/src/lib/core/resource-limits.tspackages/app/src/docker-git/frontend-lib/core/resource-limits.tspackages/lib/src/usecases/gitlab-auth-image.tspackages/app/src/lib/usecases/github-auth-image.ts
🪛 OpenGrep (1.20.0)
packages/lib/src/core/resource-limits.ts
[ERROR] 152-152: Dynamic command passed to child_process.exec/execSync. Use child_process.execFile or spawn with an argument array instead.
(coderabbit.command-injection.exec-js)
packages/app/src/lib/core/resource-limits.ts
[ERROR] 153-153: Dynamic command passed to child_process.exec/execSync. Use child_process.execFile or spawn with an argument array instead.
(coderabbit.command-injection.exec-js)
packages/app/src/docker-git/frontend-lib/core/resource-limits.ts
[ERROR] 153-153: Dynamic command passed to child_process.exec/execSync. Use child_process.execFile or spawn with an argument array instead.
(coderabbit.command-injection.exec-js)
🔇 Additional comments (25)
packages/app/src/docker-git/frontend-lib/core/resource-limits.ts (5)
17-17: LGTM!Also applies to: 25-29
32-46: LGTM!
152-164: LGTM!
166-178: LGTM!
189-199: LGTM!packages/app/src/lib/core/resource-limits.ts (5)
17-17: LGTM!Also applies to: 25-29
32-46: LGTM!
152-164: LGTM!
166-178: LGTM!
189-199: LGTM!packages/lib/src/core/resource-limits.ts (5)
16-16: LGTM!Also applies to: 24-28
31-45: LGTM!
151-163: LGTM!
165-177: LGTM!
188-198: LGTM!packages/app/src/lib/core/templates/docker-compose.ts (2)
73-76: LGTM!
122-124: LGTM!packages/lib/src/core/templates/docker-compose.ts (2)
72-75: LGTM!
121-123: LGTM!scripts/skiller-apply-docker-git-patches.mjs (2)
71-81: LGTM!
71-81: ⚡ Quick winНормализация CRLF реализована корректно.
Реализация правильно обрабатывает CRLF-файлы из Windows-checkout перед сопоставлением hunks, сохраняет состояние финального перевода строки через roundtrip и корректно справляется со смешанными окончаниями строк. Инвариант «сопоставление patch зависит от содержимого строк, а не от политики EOL хоста» соблюдается.
packages/app/src/lib/usecases/github-auth-image.ts (1)
19-29: LGTM!Also applies to: 53-54
packages/lib/src/usecases/github-auth-image.ts (1)
18-28: LGTM!Also applies to: 52-53
packages/app/src/lib/usecases/gitlab-auth-image.ts (1)
21-23: LGTM!Also applies to: 55-56
packages/lib/src/usecases/gitlab-auth-image.ts (1)
21-23: LGTM!Also applies to: 55-56
|
в этом PR я пытался реализовать поддержку Windows окружения Потому что на винде нормально docker-git не запускается |
There was a problem hiding this comment.
Actionable comments posted: 10
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
packages/app/tests/docker-git/controller-resource-limits.test.ts (1)
56-80:⚠️ Potential issue | 🟠 Major | ⚡ Quick winНужен property-based тест для инвариантов резолва лимитов контроллера.
Один фиксированный пример не доказывает корректность формулы на диапазоне входов. Добавьте
fast-checkсвойство (например: при валидных host-ресурсахmemorySwap >= memory, а при дефолтном сценарииmemorySwapсогласован с правилом расчёта и парсится как корректный размер).As per coding guidelines "
**/*.test.{ts,tsx}: Implement property-based testing using fast-check for mathematical properties and invariants."🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@packages/app/tests/docker-git/controller-resource-limits.test.ts` around lines 56 - 80, Add a fast-check property test around resolveControllerResourceLimitEnv that generates valid host resources (e.g., cpuCount > 0 and totalMemoryBytes > 0 within realistic ranges) and for each shrink-wrap call use Either.match to ensure a Right result, then assert invariants: parse env.memory and env.memorySwap into bytes and verify memorySwap >= memory and memorySwap equals the expected rule-derived value (e.g., memory ≈ 90% of totalMemoryBytes converted to "m" units and memorySwap ≈ 2 * memory), and verify cpus equals cpuCount * 0.9 formatted the same way as resolveControllerResourceLimitEnv produces; fail the property on Left results. Reference resolveControllerResourceLimitEnv and use the same Either.match flow as the existing test to locate where to add the property.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@packages/app/src/docker-git/frontend-lib/core/command-builders-shared.ts`:
- Around line 33-39: Add a comprehensive TSDoc block for the exported function
trimTrailingPathSeparators describing its purpose, the parameter (value: string)
and return (string), and include the required tags: `@pure`, `@effect` (list any
dependencies or note none), `@invariant` (describe the mathematical invariant
e.g., result has no trailing path separators), `@precondition` (input is a string;
may be empty), `@postcondition` (output length <= input length and ends without
'/' or '\\' unless empty), and `@complexity` (e.g., O(n) where n = value.length);
ensure the doc is placed immediately above the trimTrailingPathSeparators export
and is written in TSDoc format.
- Around line 33-39: trimTrailingPathSeparators currently can turn "/" into ""
and "C:\" into "C:"; update the function (trimTrailingPathSeparators) to
preserve root paths by returning "/" unchanged and preserving Windows drive
roots like "X:\" or "X:/" (i.e. patterns like /^[A-Za-z]:[\\/]*$/) instead of
stripping their trailing separator; only remove trailing slashes/backslashes for
non-root paths and ensure the function returns the original root form when input
is a root path.
In `@packages/app/src/docker-git/frontend-lib/usecases/path-helpers.ts`:
- Around line 53-58: joinHomePath unconditionally appends a path separator after
the trimmed home which produces double separators for root homes (e.g.
"//.docker-git" or "C://.docker-git"); update joinHomePath to compute sep using
homePathSeparator(root) and only insert sep when the trimmed root is non-empty
and does not already end with sep (fall back to concatenating root + child when
root is empty or already ends with the separator); reference functions:
joinHomePath, homePathSeparator, trimTrailingSlash and apply the same guardy
logic to the similar occurrence noted near the other join helper.
In `@packages/app/src/lib/core/command-builders-shared.ts`:
- Around line 33-39: Add a comprehensive TSDoc block immediately above the
exported function trimTrailingPathSeparators describing purpose and contract:
include a brief description, `@param` value - input string, `@returns` - string with
trailing '/' or '\' removed, `@pure`, `@effect` (none / pure function),
`@precondition` (value is a string; callers may pass empty string), `@postcondition`
(result has no trailing path separators; result is a substring of value),
`@invariant` (for any input value, repeatedly applying the function is idempotent:
trimTrailingPathSeparators(trimTrailingPathSeparators(value)) ===
trimTrailingPathSeparators(value)), and `@complexity` O(n) where n is
value.length; ensure the doc mentions behavior for empty string and strings with
no trailing separators and place it directly above the
trimTrailingPathSeparators export.
- Around line 33-39: Функция trimTrailingPathSeparators обрезает все конечные
слеши и теряет семантику корневых путей ("/" -> "" и "C:\" -> "C:"), что ломает
последующие join; исправьте её так, чтобы при входе, который представляет
корень, она возвращала корректный корневой путь: если value равен только слешам
(например "/" или "\\"), вернуть один слеш соответствующего типа; если value
соответствует Windows-драйву с только разделителями (шаблон типа
/^[A-Za-z]:[\\/]*$/), вернуть букву-двоеточие и один обратный слеш/слеш
(например "C:\"), иначе продолжить текущую логику удаления лишних конечных
разделителей; внесите правки в функцию trimTrailingPathSeparators.
In `@packages/app/src/lib/usecases/path-helpers.ts`:
- Around line 53-58: joinHomePath always appends a separator even when home is
the root, producing doubled separators like //file or C://file; fix joinHomePath
by using root = trimTrailingSlash(home) then special-casing an empty root (which
means original was "/") to return `/${child}` (no extra separator), otherwise
compute sep = homePathSeparator(root) and return `${root}${sep}${child}`; update
the same logic where the other occurrence at the second join location is
implemented (referenced by joinHomePath and homePathSeparator and
trimTrailingSlash).
In `@packages/lib/src/core/command-builders-shared.ts`:
- Around line 32-38: Add a comprehensive TSDoc block above the exported function
trimTrailingPathSeparators describing its purpose, parameters and return value,
and include the required tags: `@pure`, `@effect` (list dependencies, e.g., none or
deterministic), `@invariant` (describe that returned string has no trailing '/' or
'\\' when non-empty), `@precondition` (input is a string), `@postcondition` (output
is input without trailing path separators), and `@complexity` (O(n) where n is
string length); ensure the text matches the style of other parser docs in this
module and references the function name trimTrailingPathSeparators so the
contract and invariants are preserved.
- Around line 32-38: The trimTrailingPathSeparators function currently strips
separators from root paths (turning "/" into "" and "C:\" into "C:"), so update
trimTrailingPathSeparators to preserve root paths: early-return the original
value if it is exactly "/" or if it matches a Windows drive-root pattern like
/^[A-Za-z]:[\\/]/ (e.g. "C:\" or "C:/"), otherwise perform the existing trimming
logic; reference the function name trimTrailingPathSeparators to locate the
change.
In `@packages/lib/src/usecases/path-helpers.ts`:
- Around line 54-57: joinHomePath currently builds the path as
`${root}${homePathSeparator(root)}${child}` which produces a double slash when
home is "/" (e.g. "//.docker-git"); update joinHomePath to special-case the
trimmed root (from trimTrailingSlash) so that when root is "/" or an empty
string it returns `/${child}` (or otherwise avoids adding an extra separator),
otherwise keep the existing `${root}${homePathSeparator(root)}${child}`
behavior; refer to joinHomePath, trimTrailingSlash and homePathSeparator to
locate and change the logic.
In `@packages/lib/tests/scripts/skiller-patch.test.ts`:
- Around line 20-37: Add a fast-check property test that verifies invariants of
the patch helpers: generate arbitrary text (including ones with CRLFs) and
assert that splitText(input) returns lines that contain no '\r' characters and
that finalNewline === (input.endsWith('\n') || input.endsWith('\r\n')) (or
equivalently matches input.endsWith('\r\n') or input.endsWith('\n')), and also
add a property that for any generated CRLF-containing source and a parsed
filePatch (use parsePatch(patchText) to obtain filePatch), applyFilePatch when
run in "forward" mode behaves the same as applying it after normalizing input
CRLF -> LF (i.e., applyFilePatch(normalizeCRLF(input), filePatch, "forward") ===
applyFilePatch(input, filePatch, "forward") normalized); reference splitText,
applyFilePatch and parsePatch to locate where to add the tests and use
fast-check arbitraries for multiline strings including '\r' and '\n'.
---
Outside diff comments:
In `@packages/app/tests/docker-git/controller-resource-limits.test.ts`:
- Around line 56-80: Add a fast-check property test around
resolveControllerResourceLimitEnv that generates valid host resources (e.g.,
cpuCount > 0 and totalMemoryBytes > 0 within realistic ranges) and for each
shrink-wrap call use Either.match to ensure a Right result, then assert
invariants: parse env.memory and env.memorySwap into bytes and verify memorySwap
>= memory and memorySwap equals the expected rule-derived value (e.g., memory ≈
90% of totalMemoryBytes converted to "m" units and memorySwap ≈ 2 * memory), and
verify cpus equals cpuCount * 0.9 formatted the same way as
resolveControllerResourceLimitEnv produces; fail the property on Left results.
Reference resolveControllerResourceLimitEnv and use the same Either.match flow
as the existing test to locate where to add the property.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Pro Plus
Run ID: 7710b709-ba16-4f40-9ed3-c0595566d222
📒 Files selected for processing (44)
docker-compose.api.ymldocker-compose.ymlpackages/app/src/docker-git/controller-resource-limits-shell.tspackages/app/src/docker-git/controller-resource-limits.tspackages/app/src/docker-git/frontend-lib/core/command-builders-shared.tspackages/app/src/docker-git/frontend-lib/core/command-builders.tspackages/app/src/docker-git/frontend-lib/usecases/path-helpers.tspackages/app/src/lib/core/command-builders-shared.tspackages/app/src/lib/core/command-builders.tspackages/app/src/lib/core/templates/docker-compose.tspackages/app/src/lib/shell/docker-auth.tspackages/app/src/lib/usecases/auth-claude-oauth.tspackages/app/src/lib/usecases/auth-gemini-helpers.tspackages/app/src/lib/usecases/auth-gemini-oauth.tspackages/app/src/lib/usecases/docker-image.tspackages/app/src/lib/usecases/github-auth-image.tspackages/app/src/lib/usecases/gitlab-auth-image.tspackages/app/src/lib/usecases/path-helpers.tspackages/app/tests/docker-git/controller-resource-limits.test.tspackages/lib/src/core/command-builders-shared.tspackages/lib/src/core/command-builders.tspackages/lib/src/core/templates/docker-compose.tspackages/lib/src/shell/docker-auth.tspackages/lib/src/usecases/auth-claude-oauth.tspackages/lib/src/usecases/auth-gemini-helpers.tspackages/lib/src/usecases/auth-gemini-oauth.tspackages/lib/src/usecases/docker-image.tspackages/lib/src/usecases/github-auth-image.tspackages/lib/src/usecases/gitlab-auth-image.tspackages/lib/src/usecases/path-helpers.tspackages/lib/tests/core/command-builders.test.tspackages/lib/tests/core/resource-limits.test.tspackages/lib/tests/core/templates.test.tspackages/lib/tests/scripts/skiller-patch.test.tspackages/lib/tests/shell/docker-auth.test.tspackages/lib/tests/usecases/apply.test.tspackages/lib/tests/usecases/auth-container-paths.test.tspackages/lib/tests/usecases/auth-gemini-oauth.test.tspackages/lib/tests/usecases/docker-image.test.tspackages/lib/tests/usecases/path-helpers.test.tspackages/lib/tests/usecases/prepare-files.test.tspackages/lib/tests/usecases/state-repo-auto-pull.test.tspackages/lib/tests/usecases/state-repo-init.test.tsscripts/skiller-apply-docker-git-patches.mjs
📜 Review details
🧰 Additional context used
📓 Path-based instructions (10)
**/*.{js,ts,jsx,tsx,py,java,go,rb,php,sh,bash,yml,yaml,json,env*,toml,cfg,config,dockerfile,dockerignore}
📄 CodeRabbit inference engine (Custom checks)
Fail if changed files expose credentials, tokens, private-keys, or PII in source, generated config, logs, or CI output
Files:
docker-compose.api.ymldocker-compose.ymlpackages/lib/tests/usecases/auth-gemini-oauth.test.tspackages/app/src/docker-git/controller-resource-limits-shell.tspackages/lib/tests/usecases/docker-image.test.tspackages/lib/tests/usecases/apply.test.tspackages/lib/src/core/command-builders-shared.tspackages/lib/tests/usecases/state-repo-auto-pull.test.tspackages/lib/tests/usecases/path-helpers.test.tspackages/app/src/lib/core/command-builders-shared.tspackages/lib/src/usecases/gitlab-auth-image.tspackages/lib/src/usecases/auth-gemini-oauth.tspackages/app/src/docker-git/frontend-lib/core/command-builders-shared.tspackages/lib/tests/usecases/state-repo-init.test.tspackages/lib/tests/core/command-builders.test.tspackages/app/src/lib/usecases/github-auth-image.tspackages/app/src/lib/usecases/gitlab-auth-image.tspackages/lib/src/usecases/auth-gemini-helpers.tspackages/lib/src/usecases/github-auth-image.tspackages/lib/src/core/templates/docker-compose.tspackages/lib/tests/scripts/skiller-patch.test.tspackages/lib/src/usecases/auth-claude-oauth.tspackages/app/tests/docker-git/controller-resource-limits.test.tspackages/app/src/lib/core/templates/docker-compose.tspackages/app/src/lib/usecases/docker-image.tspackages/app/src/lib/usecases/auth-gemini-helpers.tspackages/lib/tests/usecases/auth-container-paths.test.tspackages/lib/tests/shell/docker-auth.test.tspackages/app/src/docker-git/controller-resource-limits.tspackages/lib/tests/usecases/prepare-files.test.tspackages/lib/tests/core/resource-limits.test.tspackages/app/src/lib/usecases/auth-gemini-oauth.tspackages/app/src/lib/core/command-builders.tspackages/app/src/lib/usecases/path-helpers.tspackages/app/src/docker-git/frontend-lib/usecases/path-helpers.tspackages/lib/src/core/command-builders.tspackages/app/src/docker-git/frontend-lib/core/command-builders.tspackages/lib/tests/core/templates.test.tspackages/app/src/lib/usecases/auth-claude-oauth.tspackages/lib/src/usecases/docker-image.tspackages/app/src/lib/shell/docker-auth.tspackages/lib/src/shell/docker-auth.tspackages/lib/src/usecases/path-helpers.ts
**/{Dockerfile*,docker-compose*.{yml,yaml},.dockerignore}
📄 CodeRabbit inference engine (Custom checks)
Fail if changed files introduce unsafe Docker configuration such as privileged containers, broad host mounts, unbounded Docker socket access, or unnecessary write permissions
Files:
docker-compose.api.ymldocker-compose.yml
**/docker-compose{,.api}.yml
📄 CodeRabbit inference engine (README.md)
Controller container (docker-git-api) should be capped in docker-compose.yml and docker-compose.api.yml with default CPU/RAM cap resolved to 90% of host resources
Files:
docker-compose.api.ymldocker-compose.yml
**/*
⚙️ CodeRabbit configuration file
**/*: Ты строгий ревьюер SPEC DRIVEN DEVELOPMENT.Перед выводами изучи README.md, другие *.md файлы, linked issues,
PR description, PR comments/discussion и релевантную кодовую базу.Сверь изменения с исходным ТЗ/спекой и обсуждением. Флагай любой уход
от спеки, недокументированное изменение поведения, отсутствие тестов
для заявленного поведения и security-риск. Если спека не видна,
попроси автора добавить ее в issue или PR description.Проверь решение с точки зрения формальной верификации: какие инварианты,
предусловия и постусловия можно доказать математически, а где доказуемость
слабая. Оцени решение с точки зрения теории игр: устойчивы ли стимулы,
нет ли выгодного обхода правил, и какое решение было бы сильнее.
Files:
docker-compose.api.ymldocker-compose.ymlpackages/lib/tests/usecases/auth-gemini-oauth.test.tspackages/app/src/docker-git/controller-resource-limits-shell.tspackages/lib/tests/usecases/docker-image.test.tspackages/lib/tests/usecases/apply.test.tspackages/lib/src/core/command-builders-shared.tspackages/lib/tests/usecases/state-repo-auto-pull.test.tspackages/lib/tests/usecases/path-helpers.test.tspackages/app/src/lib/core/command-builders-shared.tspackages/lib/src/usecases/gitlab-auth-image.tspackages/lib/src/usecases/auth-gemini-oauth.tspackages/app/src/docker-git/frontend-lib/core/command-builders-shared.tspackages/lib/tests/usecases/state-repo-init.test.tspackages/lib/tests/core/command-builders.test.tspackages/app/src/lib/usecases/github-auth-image.tspackages/app/src/lib/usecases/gitlab-auth-image.tspackages/lib/src/usecases/auth-gemini-helpers.tspackages/lib/src/usecases/github-auth-image.tspackages/lib/src/core/templates/docker-compose.tspackages/lib/tests/scripts/skiller-patch.test.tspackages/lib/src/usecases/auth-claude-oauth.tspackages/app/tests/docker-git/controller-resource-limits.test.tspackages/app/src/lib/core/templates/docker-compose.tspackages/app/src/lib/usecases/docker-image.tspackages/app/src/lib/usecases/auth-gemini-helpers.tspackages/lib/tests/usecases/auth-container-paths.test.tspackages/lib/tests/shell/docker-auth.test.tspackages/app/src/docker-git/controller-resource-limits.tspackages/lib/tests/usecases/prepare-files.test.tspackages/lib/tests/core/resource-limits.test.tspackages/app/src/lib/usecases/auth-gemini-oauth.tspackages/app/src/lib/core/command-builders.tspackages/app/src/lib/usecases/path-helpers.tspackages/app/src/docker-git/frontend-lib/usecases/path-helpers.tspackages/lib/src/core/command-builders.tspackages/app/src/docker-git/frontend-lib/core/command-builders.tspackages/lib/tests/core/templates.test.tsscripts/skiller-apply-docker-git-patches.mjspackages/app/src/lib/usecases/auth-claude-oauth.tspackages/lib/src/usecases/docker-image.tspackages/app/src/lib/shell/docker-auth.tspackages/lib/src/shell/docker-auth.tspackages/lib/src/usecases/path-helpers.ts
**/*.{ts,tsx}
📄 CodeRabbit inference engine (CLAUDE.md)
**/*.{ts,tsx}: Implement Functional Core, Imperative Shell (FCIS) pattern: CORE layer contains only pure functions with immutable data and mathematical operations; SHELL layer isolates all effects (IO, network, database). Strict dependency direction: SHELL → CORE (never reverse).
Never useany,unknown,eslint-disable,ts-ignore, orastype assertions (except in rigorously justified cases with documentation). Always use exhaustive union type analysis through.exhaustive()pattern matching.
All external dependencies must be wrapped through typed interfaces and injected via Effect-TS Layer pattern. Never call external services directly from CORE functions.
Use monadic composition with Effect-TS for all effects:Effect<Success, Error, Requirements>. Compose effects throughpipe()andEffect.flatMap(). Implement dependency injection via Layer pattern. Handle errors without try/catch blocks.
All functions must be pure in the CORE layer: no side effects (logging, console output, IO operations, mutations). Separate all side effects into the SHELL layer.
Use exhaustive pattern matching with Effect.Match instead of switch statements. Example:Match.value(item).pipe(Match.when(...), Match.exhaustive).
Document all functions with comprehensive TSDoc including:@pure(true/false),@effect(required services),@invariant(mathematical invariants),@precondition,@postcondition,@complexity(time and space),@throwsNever (errors must be typed in Effect).
Use functional comment markers for code clarity: CHANGE (brief description), WHY (mathematical/architectural justification), QUOTE(ТЗ) (requirement citation), REF (RTM or message ID), SOURCE (external source with quote), FORMAT THEOREM (∀x ∈ Domain: P(x) → Q(f(x))), PURITY (CORE|SHELL), EFFECT (Effect type signature), INVARIANT (mathematical invariant), COMPLEXITY (time/space).
Define all external service dependencies as Context.Tag classes with fully typed methods returning Effect types. Example: `class Da...
Files:
packages/lib/tests/usecases/auth-gemini-oauth.test.tspackages/app/src/docker-git/controller-resource-limits-shell.tspackages/lib/tests/usecases/docker-image.test.tspackages/lib/tests/usecases/apply.test.tspackages/lib/src/core/command-builders-shared.tspackages/lib/tests/usecases/state-repo-auto-pull.test.tspackages/lib/tests/usecases/path-helpers.test.tspackages/app/src/lib/core/command-builders-shared.tspackages/lib/src/usecases/gitlab-auth-image.tspackages/lib/src/usecases/auth-gemini-oauth.tspackages/app/src/docker-git/frontend-lib/core/command-builders-shared.tspackages/lib/tests/usecases/state-repo-init.test.tspackages/lib/tests/core/command-builders.test.tspackages/app/src/lib/usecases/github-auth-image.tspackages/app/src/lib/usecases/gitlab-auth-image.tspackages/lib/src/usecases/auth-gemini-helpers.tspackages/lib/src/usecases/github-auth-image.tspackages/lib/src/core/templates/docker-compose.tspackages/lib/tests/scripts/skiller-patch.test.tspackages/lib/src/usecases/auth-claude-oauth.tspackages/app/tests/docker-git/controller-resource-limits.test.tspackages/app/src/lib/core/templates/docker-compose.tspackages/app/src/lib/usecases/docker-image.tspackages/app/src/lib/usecases/auth-gemini-helpers.tspackages/lib/tests/usecases/auth-container-paths.test.tspackages/lib/tests/shell/docker-auth.test.tspackages/app/src/docker-git/controller-resource-limits.tspackages/lib/tests/usecases/prepare-files.test.tspackages/lib/tests/core/resource-limits.test.tspackages/app/src/lib/usecases/auth-gemini-oauth.tspackages/app/src/lib/core/command-builders.tspackages/app/src/lib/usecases/path-helpers.tspackages/app/src/docker-git/frontend-lib/usecases/path-helpers.tspackages/lib/src/core/command-builders.tspackages/app/src/docker-git/frontend-lib/core/command-builders.tspackages/lib/tests/core/templates.test.tspackages/app/src/lib/usecases/auth-claude-oauth.tspackages/lib/src/usecases/docker-image.tspackages/app/src/lib/shell/docker-auth.tspackages/lib/src/shell/docker-auth.tspackages/lib/src/usecases/path-helpers.ts
**/*.test.{ts,tsx}
📄 CodeRabbit inference engine (CLAUDE.md)
**/*.test.{ts,tsx}: Implement property-based testing using fast-check for mathematical properties and invariants. Example:fc.property(fc.array(messageArbitrary), (messages) => isChronologicallySorted(sortMessagesByTimestamp(messages))).
Mock external dependencies in unit tests using Effect's testing utilities. Run tests without Effect runtime for speed. Example:Effect.provide(MockService), Effect.runPromise.
Files:
packages/lib/tests/usecases/auth-gemini-oauth.test.tspackages/lib/tests/usecases/docker-image.test.tspackages/lib/tests/usecases/apply.test.tspackages/lib/tests/usecases/state-repo-auto-pull.test.tspackages/lib/tests/usecases/path-helpers.test.tspackages/lib/tests/usecases/state-repo-init.test.tspackages/lib/tests/core/command-builders.test.tspackages/lib/tests/scripts/skiller-patch.test.tspackages/app/tests/docker-git/controller-resource-limits.test.tspackages/lib/tests/usecases/auth-container-paths.test.tspackages/lib/tests/shell/docker-auth.test.tspackages/lib/tests/usecases/prepare-files.test.tspackages/lib/tests/core/resource-limits.test.tspackages/lib/tests/core/templates.test.ts
**/*.{ts,tsx,js,jsx}
📄 CodeRabbit inference engine (AGENTS.md)
**/*.{ts,tsx,js,jsx}: Forbidden constructs in CORE code:any,eslint-disable,ts-ignore,async/await, raw Promise chains (then/catch),Promise.all,try/catchfor logic control,console.*, switch statements (use Match with .exhaustive() instead)
All functions must use Effect-TS for composing effects:Effect<Success, Error, Requirements>. No direct async/await, Promise chains, or try/catch in product logic.
Functional comments must include: CHANGE, WHY, QUOTE(ТЗ) or n/a, REF, SOURCE or n/a, FORMAT THEOREM, PURITY (CORE|SHELL), EFFECT signature for SHELL functions, INVARIANT, and COMPLEXITY.
All data mutations must use immutable patterns (ReadonlyArray, readonly properties, Object.freeze); mutation in SHELL only when absolutely necessary and documented.
Files:
packages/lib/tests/usecases/auth-gemini-oauth.test.tspackages/app/src/docker-git/controller-resource-limits-shell.tspackages/lib/tests/usecases/docker-image.test.tspackages/lib/tests/usecases/apply.test.tspackages/lib/src/core/command-builders-shared.tspackages/lib/tests/usecases/state-repo-auto-pull.test.tspackages/lib/tests/usecases/path-helpers.test.tspackages/app/src/lib/core/command-builders-shared.tspackages/lib/src/usecases/gitlab-auth-image.tspackages/lib/src/usecases/auth-gemini-oauth.tspackages/app/src/docker-git/frontend-lib/core/command-builders-shared.tspackages/lib/tests/usecases/state-repo-init.test.tspackages/lib/tests/core/command-builders.test.tspackages/app/src/lib/usecases/github-auth-image.tspackages/app/src/lib/usecases/gitlab-auth-image.tspackages/lib/src/usecases/auth-gemini-helpers.tspackages/lib/src/usecases/github-auth-image.tspackages/lib/src/core/templates/docker-compose.tspackages/lib/tests/scripts/skiller-patch.test.tspackages/lib/src/usecases/auth-claude-oauth.tspackages/app/tests/docker-git/controller-resource-limits.test.tspackages/app/src/lib/core/templates/docker-compose.tspackages/app/src/lib/usecases/docker-image.tspackages/app/src/lib/usecases/auth-gemini-helpers.tspackages/lib/tests/usecases/auth-container-paths.test.tspackages/lib/tests/shell/docker-auth.test.tspackages/app/src/docker-git/controller-resource-limits.tspackages/lib/tests/usecases/prepare-files.test.tspackages/lib/tests/core/resource-limits.test.tspackages/app/src/lib/usecases/auth-gemini-oauth.tspackages/app/src/lib/core/command-builders.tspackages/app/src/lib/usecases/path-helpers.tspackages/app/src/docker-git/frontend-lib/usecases/path-helpers.tspackages/lib/src/core/command-builders.tspackages/app/src/docker-git/frontend-lib/core/command-builders.tspackages/lib/tests/core/templates.test.tspackages/app/src/lib/usecases/auth-claude-oauth.tspackages/lib/src/usecases/docker-image.tspackages/app/src/lib/shell/docker-auth.tspackages/lib/src/shell/docker-auth.tspackages/lib/src/usecases/path-helpers.ts
**/*.{test,spec}.{ts,tsx}
📄 CodeRabbit inference engine (AGENTS.md)
Property-based tests (fast-check) must verify mathematical invariants; unit tests must use Effect test utilities without async/await.
Files:
packages/lib/tests/usecases/auth-gemini-oauth.test.tspackages/lib/tests/usecases/docker-image.test.tspackages/lib/tests/usecases/apply.test.tspackages/lib/tests/usecases/state-repo-auto-pull.test.tspackages/lib/tests/usecases/path-helpers.test.tspackages/lib/tests/usecases/state-repo-init.test.tspackages/lib/tests/core/command-builders.test.tspackages/lib/tests/scripts/skiller-patch.test.tspackages/app/tests/docker-git/controller-resource-limits.test.tspackages/lib/tests/usecases/auth-container-paths.test.tspackages/lib/tests/shell/docker-auth.test.tspackages/lib/tests/usecases/prepare-files.test.tspackages/lib/tests/core/resource-limits.test.tspackages/lib/tests/core/templates.test.ts
**/*.{sh,bash,py,js,ts,jsx,tsx,go,java,rb,php}
📄 CodeRabbit inference engine (Custom checks)
Fail if changed files introduce command injection or unsafe shell/process execution with user-controlled input
Files:
packages/lib/tests/usecases/auth-gemini-oauth.test.tspackages/app/src/docker-git/controller-resource-limits-shell.tspackages/lib/tests/usecases/docker-image.test.tspackages/lib/tests/usecases/apply.test.tspackages/lib/src/core/command-builders-shared.tspackages/lib/tests/usecases/state-repo-auto-pull.test.tspackages/lib/tests/usecases/path-helpers.test.tspackages/app/src/lib/core/command-builders-shared.tspackages/lib/src/usecases/gitlab-auth-image.tspackages/lib/src/usecases/auth-gemini-oauth.tspackages/app/src/docker-git/frontend-lib/core/command-builders-shared.tspackages/lib/tests/usecases/state-repo-init.test.tspackages/lib/tests/core/command-builders.test.tspackages/app/src/lib/usecases/github-auth-image.tspackages/app/src/lib/usecases/gitlab-auth-image.tspackages/lib/src/usecases/auth-gemini-helpers.tspackages/lib/src/usecases/github-auth-image.tspackages/lib/src/core/templates/docker-compose.tspackages/lib/tests/scripts/skiller-patch.test.tspackages/lib/src/usecases/auth-claude-oauth.tspackages/app/tests/docker-git/controller-resource-limits.test.tspackages/app/src/lib/core/templates/docker-compose.tspackages/app/src/lib/usecases/docker-image.tspackages/app/src/lib/usecases/auth-gemini-helpers.tspackages/lib/tests/usecases/auth-container-paths.test.tspackages/lib/tests/shell/docker-auth.test.tspackages/app/src/docker-git/controller-resource-limits.tspackages/lib/tests/usecases/prepare-files.test.tspackages/lib/tests/core/resource-limits.test.tspackages/app/src/lib/usecases/auth-gemini-oauth.tspackages/app/src/lib/core/command-builders.tspackages/app/src/lib/usecases/path-helpers.tspackages/app/src/docker-git/frontend-lib/usecases/path-helpers.tspackages/lib/src/core/command-builders.tspackages/app/src/docker-git/frontend-lib/core/command-builders.tspackages/lib/tests/core/templates.test.tspackages/app/src/lib/usecases/auth-claude-oauth.tspackages/lib/src/usecases/docker-image.tspackages/app/src/lib/shell/docker-auth.tspackages/lib/src/shell/docker-auth.tspackages/lib/src/usecases/path-helpers.ts
**/*.{py,js,ts,jsx,tsx,go,java,rb,php,sh,bash,c,cpp}
📄 CodeRabbit inference engine (Custom checks)
Fail if changed files introduce path traversal or writes outside intended project/container state directories
Files:
packages/lib/tests/usecases/auth-gemini-oauth.test.tspackages/app/src/docker-git/controller-resource-limits-shell.tspackages/lib/tests/usecases/docker-image.test.tspackages/lib/tests/usecases/apply.test.tspackages/lib/src/core/command-builders-shared.tspackages/lib/tests/usecases/state-repo-auto-pull.test.tspackages/lib/tests/usecases/path-helpers.test.tspackages/app/src/lib/core/command-builders-shared.tspackages/lib/src/usecases/gitlab-auth-image.tspackages/lib/src/usecases/auth-gemini-oauth.tspackages/app/src/docker-git/frontend-lib/core/command-builders-shared.tspackages/lib/tests/usecases/state-repo-init.test.tspackages/lib/tests/core/command-builders.test.tspackages/app/src/lib/usecases/github-auth-image.tspackages/app/src/lib/usecases/gitlab-auth-image.tspackages/lib/src/usecases/auth-gemini-helpers.tspackages/lib/src/usecases/github-auth-image.tspackages/lib/src/core/templates/docker-compose.tspackages/lib/tests/scripts/skiller-patch.test.tspackages/lib/src/usecases/auth-claude-oauth.tspackages/app/tests/docker-git/controller-resource-limits.test.tspackages/app/src/lib/core/templates/docker-compose.tspackages/app/src/lib/usecases/docker-image.tspackages/app/src/lib/usecases/auth-gemini-helpers.tspackages/lib/tests/usecases/auth-container-paths.test.tspackages/lib/tests/shell/docker-auth.test.tspackages/app/src/docker-git/controller-resource-limits.tspackages/lib/tests/usecases/prepare-files.test.tspackages/lib/tests/core/resource-limits.test.tspackages/app/src/lib/usecases/auth-gemini-oauth.tspackages/app/src/lib/core/command-builders.tspackages/app/src/lib/usecases/path-helpers.tspackages/app/src/docker-git/frontend-lib/usecases/path-helpers.tspackages/lib/src/core/command-builders.tspackages/app/src/docker-git/frontend-lib/core/command-builders.tspackages/lib/tests/core/templates.test.tspackages/app/src/lib/usecases/auth-claude-oauth.tspackages/lib/src/usecases/docker-image.tspackages/app/src/lib/shell/docker-auth.tspackages/lib/src/shell/docker-auth.tspackages/lib/src/usecases/path-helpers.ts
🔇 Additional comments (39)
docker-compose.api.yml (1)
42-42: LGTM!docker-compose.yml (1)
44-44: LGTM!packages/lib/tests/usecases/auth-gemini-oauth.test.ts (1)
23-24: LGTM!packages/app/src/docker-git/controller-resource-limits-shell.ts (1)
6-6: LGTM!Also applies to: 82-82
packages/lib/tests/usecases/docker-image.test.ts (1)
1-73: LGTM!packages/lib/tests/usecases/apply.test.ts (1)
247-247: LGTM!packages/lib/tests/usecases/state-repo-auto-pull.test.ts (1)
26-30: LGTM!packages/lib/tests/usecases/path-helpers.test.ts (1)
7-7: LGTM!Also applies to: 55-78
packages/lib/src/usecases/gitlab-auth-image.ts (1)
21-22: LGTM!packages/lib/src/usecases/auth-gemini-oauth.ts (1)
11-11: LGTM!Also applies to: 114-115, 283-284
packages/lib/tests/usecases/state-repo-init.test.ts (1)
25-27: LGTM!Also applies to: 30-33
packages/lib/tests/core/command-builders.test.ts (1)
145-156: LGTM!packages/app/src/lib/usecases/github-auth-image.ts (1)
19-20: LGTM!Also applies to: 22-22, 27-28
packages/app/src/lib/usecases/gitlab-auth-image.ts (1)
21-22: LGTM!packages/lib/src/usecases/auth-gemini-helpers.ts (1)
10-10: LGTM!Also applies to: 219-228
packages/lib/src/usecases/github-auth-image.ts (1)
18-19: LGTM!Also applies to: 21-21, 26-27
packages/lib/src/core/templates/docker-compose.ts (1)
75-75: LGTM!Also applies to: 84-89, 127-127
packages/lib/src/usecases/auth-claude-oauth.ts (1)
10-10: LGTM!Also applies to: 83-90
packages/app/src/lib/core/templates/docker-compose.ts (1)
76-76: LGTM!Also applies to: 85-90, 128-128
packages/app/src/lib/usecases/docker-image.ts (1)
10-10: LGTM!Also applies to: 19-39, 92-92
packages/app/src/lib/usecases/auth-gemini-helpers.ts (1)
11-11: LGTM!Also applies to: 220-229
packages/lib/tests/usecases/auth-container-paths.test.ts (1)
188-189: LGTM!Also applies to: 201-202, 244-246
packages/lib/tests/shell/docker-auth.test.ts (1)
2-46: LGTM!Also applies to: 81-91, 93-117, 119-127
packages/app/src/docker-git/controller-resource-limits.ts (1)
12-12: LGTM!Also applies to: 38-38, 310-310
packages/lib/tests/usecases/prepare-files.test.ts (1)
259-260: LGTM!Also applies to: 290-291
packages/lib/tests/core/resource-limits.test.ts (1)
65-65: LGTM!Also applies to: 82-82, 99-99, 120-120, 137-137, 151-151, 170-170
packages/app/src/lib/usecases/auth-gemini-oauth.ts (1)
12-12: LGTM!Also applies to: 115-116, 284-285
packages/app/src/lib/core/command-builders.ts (1)
11-12: LGTM!Also applies to: 29-29
packages/app/src/lib/usecases/path-helpers.ts (1)
38-43: LGTM!packages/app/src/docker-git/frontend-lib/usecases/path-helpers.ts (1)
38-43: LGTM!packages/lib/src/core/command-builders.ts (1)
11-12: LGTM!Also applies to: 29-29
packages/app/src/docker-git/frontend-lib/core/command-builders.ts (1)
11-12: LGTM!Also applies to: 29-29
packages/lib/tests/core/templates.test.ts (1)
548-549: LGTM!Also applies to: 559-570, 605-607, 618-619, 632-634, 643-647, 657-659, 667-668
scripts/skiller-apply-docker-git-patches.mjs (1)
4-4: LGTM!Also applies to: 21-21, 71-82, 95-95, 136-164
packages/app/src/lib/usecases/auth-claude-oauth.ts (1)
11-11: LGTM!Also applies to: 84-91
packages/lib/src/usecases/docker-image.ts (1)
18-38: LGTM!Also applies to: 91-91
packages/app/src/lib/shell/docker-auth.ts (1)
17-17: LGTM!Also applies to: 47-67, 141-145, 217-249
packages/lib/src/shell/docker-auth.ts (1)
16-16: LGTM!Also applies to: 46-67, 140-145, 216-248
packages/lib/src/usecases/path-helpers.ts (1)
37-42: LGTM!Also applies to: 52-53, 66-66
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@packages/lib/src/core/templates/docker-compose.ts`:
- Line 103: Update the documentation to reflect that swap is now configured
separately: change the “Resource limits” section in the README to remove the
statement that swap is automatically matched to memory and explicitly document
the new DOCKER_GIT_CONTROLLER_MEMORY_SWAP variable and its behavior; mention
that memswap_limit is set from resourceLimits.swapLimit (memswap_limit) rather
than mirroring mem_limit, update any examples and the description of
DOCKER_GIT_CONTROLLER_MEMORY_SWAP to show units/format and precedence, and note
how it interacts with DOCKER_GIT_CONTROLLER_MEMORY (mem_limit) and CPU limits.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Pro Plus
Run ID: 9d107e5c-5602-4b99-88bb-3c0c28203b42
📒 Files selected for processing (7)
packages/app/src/docker-git/frontend-lib/core/command-builders.tspackages/app/src/lib/core/command-builders.tspackages/app/src/lib/core/templates/docker-compose.tspackages/lib/src/core/command-builders.tspackages/lib/src/core/templates/docker-compose.tspackages/lib/tests/core/templates.test.tspackages/lib/tests/usecases/prepare-files.test.ts
📜 Review details
⏰ Context from checks skipped due to timeout of 900000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (6)
- GitHub Check: E2E (Login context)
- GitHub Check: E2E (Clone cache)
- GitHub Check: E2E (Browser command)
- GitHub Check: E2E (OpenCode)
- GitHub Check: E2E (Clone auto-open SSH)
- GitHub Check: E2E (Runtime volumes + SSH)
🧰 Additional context used
📓 Path-based instructions (8)
**/*.{ts,tsx}
📄 CodeRabbit inference engine (CLAUDE.md)
**/*.{ts,tsx}: Implement Functional Core, Imperative Shell (FCIS) pattern: CORE layer contains only pure functions with immutable data and mathematical operations; SHELL layer isolates all effects (IO, network, database). Strict dependency direction: SHELL → CORE (never reverse).
Never useany,unknown,eslint-disable,ts-ignore, orastype assertions (except in rigorously justified cases with documentation). Always use exhaustive union type analysis through.exhaustive()pattern matching.
All external dependencies must be wrapped through typed interfaces and injected via Effect-TS Layer pattern. Never call external services directly from CORE functions.
Use monadic composition with Effect-TS for all effects:Effect<Success, Error, Requirements>. Compose effects throughpipe()andEffect.flatMap(). Implement dependency injection via Layer pattern. Handle errors without try/catch blocks.
All functions must be pure in the CORE layer: no side effects (logging, console output, IO operations, mutations). Separate all side effects into the SHELL layer.
Use exhaustive pattern matching with Effect.Match instead of switch statements. Example:Match.value(item).pipe(Match.when(...), Match.exhaustive).
Document all functions with comprehensive TSDoc including:@pure(true/false),@effect(required services),@invariant(mathematical invariants),@precondition,@postcondition,@complexity(time and space),@throwsNever (errors must be typed in Effect).
Use functional comment markers for code clarity: CHANGE (brief description), WHY (mathematical/architectural justification), QUOTE(ТЗ) (requirement citation), REF (RTM or message ID), SOURCE (external source with quote), FORMAT THEOREM (∀x ∈ Domain: P(x) → Q(f(x))), PURITY (CORE|SHELL), EFFECT (Effect type signature), INVARIANT (mathematical invariant), COMPLEXITY (time/space).
Define all external service dependencies as Context.Tag classes with fully typed methods returning Effect types. Example: `class Da...
Files:
packages/lib/tests/usecases/prepare-files.test.tspackages/lib/src/core/templates/docker-compose.tspackages/lib/src/core/command-builders.tspackages/app/src/docker-git/frontend-lib/core/command-builders.tspackages/app/src/lib/core/command-builders.tspackages/lib/tests/core/templates.test.tspackages/app/src/lib/core/templates/docker-compose.ts
**/*.test.{ts,tsx}
📄 CodeRabbit inference engine (CLAUDE.md)
**/*.test.{ts,tsx}: Implement property-based testing using fast-check for mathematical properties and invariants. Example:fc.property(fc.array(messageArbitrary), (messages) => isChronologicallySorted(sortMessagesByTimestamp(messages))).
Mock external dependencies in unit tests using Effect's testing utilities. Run tests without Effect runtime for speed. Example:Effect.provide(MockService), Effect.runPromise.
Files:
packages/lib/tests/usecases/prepare-files.test.tspackages/lib/tests/core/templates.test.ts
**/*.{ts,tsx,js,jsx}
📄 CodeRabbit inference engine (AGENTS.md)
**/*.{ts,tsx,js,jsx}: Forbidden constructs in CORE code:any,eslint-disable,ts-ignore,async/await, raw Promise chains (then/catch),Promise.all,try/catchfor logic control,console.*, switch statements (use Match with .exhaustive() instead)
All functions must use Effect-TS for composing effects:Effect<Success, Error, Requirements>. No direct async/await, Promise chains, or try/catch in product logic.
Functional comments must include: CHANGE, WHY, QUOTE(ТЗ) or n/a, REF, SOURCE or n/a, FORMAT THEOREM, PURITY (CORE|SHELL), EFFECT signature for SHELL functions, INVARIANT, and COMPLEXITY.
All data mutations must use immutable patterns (ReadonlyArray, readonly properties, Object.freeze); mutation in SHELL only when absolutely necessary and documented.
Files:
packages/lib/tests/usecases/prepare-files.test.tspackages/lib/src/core/templates/docker-compose.tspackages/lib/src/core/command-builders.tspackages/app/src/docker-git/frontend-lib/core/command-builders.tspackages/app/src/lib/core/command-builders.tspackages/lib/tests/core/templates.test.tspackages/app/src/lib/core/templates/docker-compose.ts
**/*.{test,spec}.{ts,tsx}
📄 CodeRabbit inference engine (AGENTS.md)
Property-based tests (fast-check) must verify mathematical invariants; unit tests must use Effect test utilities without async/await.
Files:
packages/lib/tests/usecases/prepare-files.test.tspackages/lib/tests/core/templates.test.ts
**/*.{sh,bash,py,js,ts,jsx,tsx,go,java,rb,php}
📄 CodeRabbit inference engine (Custom checks)
Fail if changed files introduce command injection or unsafe shell/process execution with user-controlled input
Files:
packages/lib/tests/usecases/prepare-files.test.tspackages/lib/src/core/templates/docker-compose.tspackages/lib/src/core/command-builders.tspackages/app/src/docker-git/frontend-lib/core/command-builders.tspackages/app/src/lib/core/command-builders.tspackages/lib/tests/core/templates.test.tspackages/app/src/lib/core/templates/docker-compose.ts
**/*.{py,js,ts,jsx,tsx,go,java,rb,php,sh,bash,c,cpp}
📄 CodeRabbit inference engine (Custom checks)
Fail if changed files introduce path traversal or writes outside intended project/container state directories
Files:
packages/lib/tests/usecases/prepare-files.test.tspackages/lib/src/core/templates/docker-compose.tspackages/lib/src/core/command-builders.tspackages/app/src/docker-git/frontend-lib/core/command-builders.tspackages/app/src/lib/core/command-builders.tspackages/lib/tests/core/templates.test.tspackages/app/src/lib/core/templates/docker-compose.ts
**/*.{js,ts,jsx,tsx,py,java,go,rb,php,sh,bash,yml,yaml,json,env*,toml,cfg,config,dockerfile,dockerignore}
📄 CodeRabbit inference engine (Custom checks)
Fail if changed files expose credentials, tokens, private-keys, or PII in source, generated config, logs, or CI output
Files:
packages/lib/tests/usecases/prepare-files.test.tspackages/lib/src/core/templates/docker-compose.tspackages/lib/src/core/command-builders.tspackages/app/src/docker-git/frontend-lib/core/command-builders.tspackages/app/src/lib/core/command-builders.tspackages/lib/tests/core/templates.test.tspackages/app/src/lib/core/templates/docker-compose.ts
**/*
⚙️ CodeRabbit configuration file
**/*: Ты строгий ревьюер SPEC DRIVEN DEVELOPMENT.Перед выводами изучи README.md, другие *.md файлы, linked issues,
PR description, PR comments/discussion и релевантную кодовую базу.Сверь изменения с исходным ТЗ/спекой и обсуждением. Флагай любой уход
от спеки, недокументированное изменение поведения, отсутствие тестов
для заявленного поведения и security-риск. Если спека не видна,
попроси автора добавить ее в issue или PR description.Проверь решение с точки зрения формальной верификации: какие инварианты,
предусловия и постусловия можно доказать математически, а где доказуемость
слабая. Оцени решение с точки зрения теории игр: устойчивы ли стимулы,
нет ли выгодного обхода правил, и какое решение было бы сильнее.
Files:
packages/lib/tests/usecases/prepare-files.test.tspackages/lib/src/core/templates/docker-compose.tspackages/lib/src/core/command-builders.tspackages/app/src/docker-git/frontend-lib/core/command-builders.tspackages/app/src/lib/core/command-builders.tspackages/lib/tests/core/templates.test.tspackages/app/src/lib/core/templates/docker-compose.ts
🔇 Additional comments (7)
packages/lib/tests/usecases/prepare-files.test.ts (1)
259-260: LGTM!Also applies to: 295-296
packages/lib/src/core/templates/docker-compose.ts (1)
112-112: LGTM!Also applies to: 120-122, 175-175
packages/lib/src/core/command-builders.ts (1)
11-13: LGTM!Also applies to: 29-29
packages/app/src/docker-git/frontend-lib/core/command-builders.ts (1)
11-13: LGTM!Also applies to: 29-29
packages/app/src/lib/core/command-builders.ts (1)
11-13: LGTM!Also applies to: 29-29
packages/lib/tests/core/templates.test.ts (1)
634-634: LGTM!Also applies to: 646-657, 691-693, 734-735, 742-742, 755-757, 763-763
packages/app/src/lib/core/templates/docker-compose.ts (1)
24-24: LGTM!Also applies to: 33-33, 47-50, 56-56, 104-104, 113-113, 115-119, 121-123, 140-144, 147-149, 153-153, 161-161, 164-169, 176-176, 192-193, 197-197, 201-201, 210-210, 214-214, 252-252, 261-261, 292-293, 296-296
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@packages/lib/tests/usecases/path-helpers.test.ts`:
- Around line 55-102: Add a property-based test around defaultProjectsRoot using
fast-check (fc.property) to assert normalization invariants: generate HOME or
USERPROFILE values (including variations with and without trailing '/' or '\'
and root-only values like '/' or 'C:\'), optional DOCKER_GIT_PROJECTS_ROOT
values (including '~' prefixes), and base workspace paths; for each case patch
env with withPatchedEnv and call defaultProjectsRoot inside Effect.sync, then
assert (1) the returned path ends with a single separator + folder (no double
separators before ".docker-git" or custom override), and (2) idempotence for
base paths with/without trailing separators (calling defaultProjectsRoot with
base and with base + trailing separator yields same result). Use fc.property and
appropriate generators and shrinkers to replace the fixed examples in the test
file, referencing the defaultProjectsRoot function and the existing
withPatchedEnv/Effect.sync test harness.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Pro Plus
Run ID: ef8cd408-58b3-4afd-a0fc-233c95a8eb7b
📒 Files selected for processing (12)
packages/app/src/docker-git/frontend-lib/core/command-builders-shared.tspackages/app/src/docker-git/frontend-lib/core/command-builders.tspackages/app/src/docker-git/frontend-lib/usecases/path-helpers.tspackages/app/src/lib/core/command-builders-shared.tspackages/app/src/lib/core/command-builders.tspackages/app/src/lib/usecases/path-helpers.tspackages/lib/src/core/command-builders-shared.tspackages/lib/src/core/command-builders.tspackages/lib/src/usecases/path-helpers.tspackages/lib/tests/core/command-builders.test.tspackages/lib/tests/scripts/skiller-patch.test.tspackages/lib/tests/usecases/path-helpers.test.ts
📜 Review details
⏰ Context from checks skipped due to timeout of 900000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (9)
- GitHub Check: E2E (Login context)
- GitHub Check: E2E (Browser command)
- GitHub Check: E2E (Clone cache)
- GitHub Check: E2E (OpenCode)
- GitHub Check: E2E (Runtime volumes + SSH)
- GitHub Check: E2E (Clone auto-open SSH)
- GitHub Check: Test
- GitHub Check: Lint
- GitHub Check: Final build (windows-latest)
🧰 Additional context used
📓 Path-based instructions (8)
**/*.{ts,tsx}
📄 CodeRabbit inference engine (CLAUDE.md)
**/*.{ts,tsx}: Implement Functional Core, Imperative Shell (FCIS) pattern: CORE layer contains only pure functions with immutable data and mathematical operations; SHELL layer isolates all effects (IO, network, database). Strict dependency direction: SHELL → CORE (never reverse).
Never useany,unknown,eslint-disable,ts-ignore, orastype assertions (except in rigorously justified cases with documentation). Always use exhaustive union type analysis through.exhaustive()pattern matching.
All external dependencies must be wrapped through typed interfaces and injected via Effect-TS Layer pattern. Never call external services directly from CORE functions.
Use monadic composition with Effect-TS for all effects:Effect<Success, Error, Requirements>. Compose effects throughpipe()andEffect.flatMap(). Implement dependency injection via Layer pattern. Handle errors without try/catch blocks.
All functions must be pure in the CORE layer: no side effects (logging, console output, IO operations, mutations). Separate all side effects into the SHELL layer.
Use exhaustive pattern matching with Effect.Match instead of switch statements. Example:Match.value(item).pipe(Match.when(...), Match.exhaustive).
Document all functions with comprehensive TSDoc including:@pure(true/false),@effect(required services),@invariant(mathematical invariants),@precondition,@postcondition,@complexity(time and space),@throwsNever (errors must be typed in Effect).
Use functional comment markers for code clarity: CHANGE (brief description), WHY (mathematical/architectural justification), QUOTE(ТЗ) (requirement citation), REF (RTM or message ID), SOURCE (external source with quote), FORMAT THEOREM (∀x ∈ Domain: P(x) → Q(f(x))), PURITY (CORE|SHELL), EFFECT (Effect type signature), INVARIANT (mathematical invariant), COMPLEXITY (time/space).
Define all external service dependencies as Context.Tag classes with fully typed methods returning Effect types. Example: `class Da...
Files:
packages/lib/src/core/command-builders-shared.tspackages/lib/tests/core/command-builders.test.tspackages/app/src/lib/core/command-builders-shared.tspackages/lib/src/usecases/path-helpers.tspackages/app/src/docker-git/frontend-lib/core/command-builders-shared.tspackages/lib/tests/usecases/path-helpers.test.tspackages/app/src/docker-git/frontend-lib/usecases/path-helpers.tspackages/app/src/docker-git/frontend-lib/core/command-builders.tspackages/lib/src/core/command-builders.tspackages/app/src/lib/usecases/path-helpers.tspackages/lib/tests/scripts/skiller-patch.test.tspackages/app/src/lib/core/command-builders.ts
**/*.{ts,tsx,js,jsx}
📄 CodeRabbit inference engine (AGENTS.md)
**/*.{ts,tsx,js,jsx}: Forbidden constructs in CORE code:any,eslint-disable,ts-ignore,async/await, raw Promise chains (then/catch),Promise.all,try/catchfor logic control,console.*, switch statements (use Match with .exhaustive() instead)
All functions must use Effect-TS for composing effects:Effect<Success, Error, Requirements>. No direct async/await, Promise chains, or try/catch in product logic.
Functional comments must include: CHANGE, WHY, QUOTE(ТЗ) or n/a, REF, SOURCE or n/a, FORMAT THEOREM, PURITY (CORE|SHELL), EFFECT signature for SHELL functions, INVARIANT, and COMPLEXITY.
All data mutations must use immutable patterns (ReadonlyArray, readonly properties, Object.freeze); mutation in SHELL only when absolutely necessary and documented.
Files:
packages/lib/src/core/command-builders-shared.tspackages/lib/tests/core/command-builders.test.tspackages/app/src/lib/core/command-builders-shared.tspackages/lib/src/usecases/path-helpers.tspackages/app/src/docker-git/frontend-lib/core/command-builders-shared.tspackages/lib/tests/usecases/path-helpers.test.tspackages/app/src/docker-git/frontend-lib/usecases/path-helpers.tspackages/app/src/docker-git/frontend-lib/core/command-builders.tspackages/lib/src/core/command-builders.tspackages/app/src/lib/usecases/path-helpers.tspackages/lib/tests/scripts/skiller-patch.test.tspackages/app/src/lib/core/command-builders.ts
**/*.{sh,bash,py,js,ts,jsx,tsx,go,java,rb,php}
📄 CodeRabbit inference engine (Custom checks)
Fail if changed files introduce command injection or unsafe shell/process execution with user-controlled input
Files:
packages/lib/src/core/command-builders-shared.tspackages/lib/tests/core/command-builders.test.tspackages/app/src/lib/core/command-builders-shared.tspackages/lib/src/usecases/path-helpers.tspackages/app/src/docker-git/frontend-lib/core/command-builders-shared.tspackages/lib/tests/usecases/path-helpers.test.tspackages/app/src/docker-git/frontend-lib/usecases/path-helpers.tspackages/app/src/docker-git/frontend-lib/core/command-builders.tspackages/lib/src/core/command-builders.tspackages/app/src/lib/usecases/path-helpers.tspackages/lib/tests/scripts/skiller-patch.test.tspackages/app/src/lib/core/command-builders.ts
**/*.{py,js,ts,jsx,tsx,go,java,rb,php,sh,bash,c,cpp}
📄 CodeRabbit inference engine (Custom checks)
Fail if changed files introduce path traversal or writes outside intended project/container state directories
Files:
packages/lib/src/core/command-builders-shared.tspackages/lib/tests/core/command-builders.test.tspackages/app/src/lib/core/command-builders-shared.tspackages/lib/src/usecases/path-helpers.tspackages/app/src/docker-git/frontend-lib/core/command-builders-shared.tspackages/lib/tests/usecases/path-helpers.test.tspackages/app/src/docker-git/frontend-lib/usecases/path-helpers.tspackages/app/src/docker-git/frontend-lib/core/command-builders.tspackages/lib/src/core/command-builders.tspackages/app/src/lib/usecases/path-helpers.tspackages/lib/tests/scripts/skiller-patch.test.tspackages/app/src/lib/core/command-builders.ts
**/*.{js,ts,jsx,tsx,py,java,go,rb,php,sh,bash,yml,yaml,json,env*,toml,cfg,config,dockerfile,dockerignore}
📄 CodeRabbit inference engine (Custom checks)
Fail if changed files expose credentials, tokens, private-keys, or PII in source, generated config, logs, or CI output
Files:
packages/lib/src/core/command-builders-shared.tspackages/lib/tests/core/command-builders.test.tspackages/app/src/lib/core/command-builders-shared.tspackages/lib/src/usecases/path-helpers.tspackages/app/src/docker-git/frontend-lib/core/command-builders-shared.tspackages/lib/tests/usecases/path-helpers.test.tspackages/app/src/docker-git/frontend-lib/usecases/path-helpers.tspackages/app/src/docker-git/frontend-lib/core/command-builders.tspackages/lib/src/core/command-builders.tspackages/app/src/lib/usecases/path-helpers.tspackages/lib/tests/scripts/skiller-patch.test.tspackages/app/src/lib/core/command-builders.ts
**/*
⚙️ CodeRabbit configuration file
**/*: Ты строгий ревьюер SPEC DRIVEN DEVELOPMENT.Перед выводами изучи README.md, другие *.md файлы, linked issues,
PR description, PR comments/discussion и релевантную кодовую базу.Сверь изменения с исходным ТЗ/спекой и обсуждением. Флагай любой уход
от спеки, недокументированное изменение поведения, отсутствие тестов
для заявленного поведения и security-риск. Если спека не видна,
попроси автора добавить ее в issue или PR description.Проверь решение с точки зрения формальной верификации: какие инварианты,
предусловия и постусловия можно доказать математически, а где доказуемость
слабая. Оцени решение с точки зрения теории игр: устойчивы ли стимулы,
нет ли выгодного обхода правил, и какое решение было бы сильнее.
Files:
packages/lib/src/core/command-builders-shared.tspackages/lib/tests/core/command-builders.test.tspackages/app/src/lib/core/command-builders-shared.tspackages/lib/src/usecases/path-helpers.tspackages/app/src/docker-git/frontend-lib/core/command-builders-shared.tspackages/lib/tests/usecases/path-helpers.test.tspackages/app/src/docker-git/frontend-lib/usecases/path-helpers.tspackages/app/src/docker-git/frontend-lib/core/command-builders.tspackages/lib/src/core/command-builders.tspackages/app/src/lib/usecases/path-helpers.tspackages/lib/tests/scripts/skiller-patch.test.tspackages/app/src/lib/core/command-builders.ts
**/*.test.{ts,tsx}
📄 CodeRabbit inference engine (CLAUDE.md)
**/*.test.{ts,tsx}: Implement property-based testing using fast-check for mathematical properties and invariants. Example:fc.property(fc.array(messageArbitrary), (messages) => isChronologicallySorted(sortMessagesByTimestamp(messages))).
Mock external dependencies in unit tests using Effect's testing utilities. Run tests without Effect runtime for speed. Example:Effect.provide(MockService), Effect.runPromise.
Files:
packages/lib/tests/core/command-builders.test.tspackages/lib/tests/usecases/path-helpers.test.tspackages/lib/tests/scripts/skiller-patch.test.ts
**/*.{test,spec}.{ts,tsx}
📄 CodeRabbit inference engine (AGENTS.md)
Property-based tests (fast-check) must verify mathematical invariants; unit tests must use Effect test utilities without async/await.
Files:
packages/lib/tests/core/command-builders.test.tspackages/lib/tests/usecases/path-helpers.test.tspackages/lib/tests/scripts/skiller-patch.test.ts
🔇 Additional comments (4)
packages/lib/src/core/command-builders.ts (1)
11-12: LGTM!Also applies to: 29-30, 118-120, 139-143
packages/app/src/lib/usecases/path-helpers.ts (1)
38-43: LGTM!Also applies to: 53-60, 69-69
packages/lib/tests/scripts/skiller-patch.test.ts (1)
1-89: LGTM!packages/app/src/lib/core/command-builders.ts (1)
11-12: LGTM!Also applies to: 29-30, 118-120, 139-143
1 participant
Source TZ / Issues
Fixes #306.
Problem
Generated Docker Compose files set
memswap_limitequal tomem_limit. Sincememswap_limitis the total RAM+swap ceiling, this leaves no swap headroom and can make project containers fail under memory bursts even when Docker/WSL swap is available.Windows users also hit path and Docker runtime incompatibilities: bind mounts used
-vwith Windows paths, auth/build flows had no explicit network escape hatch, YAML env_file paths were not quoted for drive-letter paths, and CRLF checkouts could break Skiller patch matching.Requirements Alignment
Solution
swapLimitseparately fromramLimitand render Composemem_limit/memswap_limitindependently.--network hostby default.--mountsyntax and preserve Windows/root path semantics.env_filepaths as YAML single-quoted strings.joinHomePath, TSDoc, and fast-check CRLF invariants.Verification
bun run --cwd packages/lib vitest run tests/core/command-builders.test.ts tests/usecases/path-helpers.test.ts tests/scripts/skiller-patch.test.tsgit diff --checkbun run lint:effectbun run checkbun run lintbun run testNotes
The dirty
third_party/skiller-desktop-skills-managersubmodule was intentionally not included because it is a separate Git repository.SOURCE: n/a