diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 9a8c118..4c7281f 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -68,6 +68,71 @@ jobs:
         env:
           TF_BACKEND_CONFIG: ${{ secrets.TF_BACKEND_CONFIG }}
 
+      - name: Install OCI CLI
+        run: pip install oci-cli --quiet
+
+      - name: Check free tier capacity
+        env:
+          OCI_COMPARTMENT_OCID: ${{ secrets.OCI_COMPARTMENT_OCID }}
+        run: |
+          echo "Querying live OCI state for compartment ${OCI_COMPARTMENT_OCID}"
+
+          INSTANCES=$(oci compute instance list \
+            --compartment-id "$OCI_COMPARTMENT_OCID" \
+            --all --output json 2>/dev/null || echo '{"data":[]}')
+
+          LIVE_STATES='.["lifecycle-state"] != "TERMINATING" and .["lifecycle-state"] != "TERMINATED"'
+          A1_FILTER="select(.shape==\"VM.Standard.A1.Flex\") | select($LIVE_STATES)"
+          MICRO_FILTER="select(.shape==\"VM.Standard.E2.1.Micro\") | select($LIVE_STATES)"
+
+          CURRENT_OCPUS=$(echo "$INSTANCES" | \
+            jq "[.data[] | $A1_FILTER | (.\"shape-config\".ocpus // 0)] | add // 0")
+          CURRENT_RAM=$(echo "$INSTANCES" | \
+            jq "[.data[] | $A1_FILTER | (.\"shape-config\".\"memory-in-gbs\" // 0)] | add // 0")
+          CURRENT_MICRO=$(echo "$INSTANCES" | \
+            jq "[.data[] | $MICRO_FILTER] | length")
+
+          REQUESTED_OCPUS=$(grep -oE 'ocpus\s*=\s*[0-9]+' tofu/oci/terraform.tfvars \
+            | awk -F'=' '{s+=int($2)} END {print s+0}')
+          REQUESTED_RAM=$(grep -oE 'memory_gb\s*=\s*[0-9]+' tofu/oci/terraform.tfvars \
+            | awk -F'=' '{s+=int($2)} END {print s+0}')
+          REQUESTED_MICRO=$(grep -c 'micro_nodes' tofu/oci/terraform.tfvars || echo 0)
+
+          MAX_AMPERE_OCPUS=4
+          MAX_AMPERE_RAM_GB=24
+          MAX_MICRO_INSTANCES=1
+
+          echo "A1 live: ${CURRENT_OCPUS}/${MAX_AMPERE_OCPUS} OCPU, ${CURRENT_RAM}/${MAX_AMPERE_RAM_GB} GB"
+          echo "A1 tfvars: ${REQUESTED_OCPUS} OCPU, ${REQUESTED_RAM} GB"
+          echo "Micro: live=${CURRENT_MICRO}, tfvars=${REQUESTED_MICRO}, limit=${MAX_MICRO_INSTANCES}"
+
+          FAIL=0
+          if [ "$(echo "$REQUESTED_OCPUS > $MAX_AMPERE_OCPUS" | bc)" = "1" ]; then
+            echo "ERROR: tfvars requests ${REQUESTED_OCPUS} A1 OCPU but limit is ${MAX_AMPERE_OCPUS}"
+            FAIL=1
+          fi
+          if [ "$(echo "$CURRENT_OCPUS > $MAX_AMPERE_OCPUS" | bc)" = "1" ]; then
+            echo "ERROR: live A1 OCPU=${CURRENT_OCPUS} already exceeds limit=${MAX_AMPERE_OCPUS} — drift detected"
+            FAIL=1
+          fi
+          if [ "$(echo "$REQUESTED_RAM > $MAX_AMPERE_RAM_GB" | bc)" = "1" ]; then
+            echo "ERROR: tfvars requests ${REQUESTED_RAM} GB A1 RAM but limit is ${MAX_AMPERE_RAM_GB} GB"
+            FAIL=1
+          fi
+          if [ "$(echo "$CURRENT_RAM > $MAX_AMPERE_RAM_GB" | bc)" = "1" ]; then
+            echo "ERROR: live A1 RAM=${CURRENT_RAM} GB already exceeds limit=${MAX_AMPERE_RAM_GB} GB — drift detected"
+            FAIL=1
+          fi
+          if [ "$REQUESTED_MICRO" -gt "$MAX_MICRO_INSTANCES" ]; then
+            echo "ERROR: tfvars requests ${REQUESTED_MICRO} Micro but limit is ${MAX_MICRO_INSTANCES}"
+            FAIL=1
+          fi
+          if [ "$CURRENT_MICRO" -gt "$MAX_MICRO_INSTANCES" ]; then
+            echo "ERROR: live Micro=${CURRENT_MICRO} exceeds limit=${MAX_MICRO_INSTANCES} — drift"
+            FAIL=1
+          fi
+          exit $FAIL
+
       - name: Setup OpenTofu
         uses: opentofu/setup-opentofu@v2.0.0
         with: