fix: read CLI version from the installed app bundle

[Peyton-Spencer]

Summary

• fix mac-runner version so Homebrew-installed binaries resolve the enclosing MacRunner.app bundle and print the release version instead of dev
• add regression tests for app bundle discovery and version lookup from the bundle Info.plist

Testing

• not run in this container (swift is unavailable here)

Summary by CodeRabbit

• New Features
  • Setup/teardown now prompt for administrator authentication and better handle isolation user detection when config and system state disagree.
• Bug Fixes
  • More robust version detection: resolves app-bundle versions and falls back to "dev" when unavailable.
• Tests
  • Added unit tests covering version resolution, app-bundle detection, isolation username logic, and admin authentication flow.

[coderabbitai]

Warning

Rate limit exceeded

@Peyton-Spencer has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 21 minutes and 24 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 787930e7-bf4e-4afc-a479-b6af6d37a80a

📥 Commits

Reviewing files that changed from the base of the PR and between b85d7b6 and 7175c52.

📒 Files selected for processing (3)

• Sources/Services/CLIHandler.swift
• Sources/Services/UserIsolationService.swift
• Tests/MacRunnerTests/MacRunnerTests.swift

📝 Walkthrough

Walkthrough

Adds robust CLI version resolution (main bundle, enclosing .app, fallback "dev"); introduces administrator authentication and authenticated sudo execution paths for user isolation operations; adds helper to detect isolation username; updates setup/teardown flows to require authentication; and expands unit tests covering these behaviors.

Changes

Cohort / File(s)	Summary
CLI Version Resolution Sources/Services/CLIHandler.swift	Added static func version(executablePath:mainBundle:), plus bundleVersion(from:) and enclosingAppBundleURL(for:). Replaced prior direct Info.plist read with multi-source resolution and "dev" fallback.
User Isolation & Auth Sources/Services/UserIsolationService.swift	Added administrator authentication flow: authenticationFailed error case, hasSudoersEntry(), authenticateAdministratorAccess(), makeAdministratorAuthenticationProcess(...), and runAuthenticatedSudoOrThrow(...). Replaced direct sudo invocations with authenticated/non-interactive-aware execution.
Setup Wizard Changes Sources/Services/SetupWizard.swift	Added detectedIsolationUsername(...) helper; integrated isolation detection into runSetup/runTeardown; added administrator authentication prompts and authentication steps before creating/removing users and sudoers entries; adjusted control flow and status output.
Tests Tests/MacRunnerTests/MacRunnerTests.swift	Added multiple unit tests for isolation username detection, administrator authentication behavior, and CLIHandler version/enclosing-app detection using temporary app-bundle fixtures. Added @testable import MacRunner.

Sequence Diagram

sequenceDiagram
    participant Caller
    participant SetupWizard
    participant UserIsolation as UserIsolationService
    participant AuthProcess as sudo (auth)
    participant System

    Caller->>SetupWizard: runSetup / runTeardown
    SetupWizard->>UserIsolation: detectedIsolationUsername(...)
    alt username needed
        SetupWizard->>UserIsolation: authenticateAdministratorAccess()
        UserIsolation->>AuthProcess: makeAdministratorAuthenticationProcess() / run brief auth check
        AuthProcess-->>UserIsolation: authentication result
        alt authenticated
            SetupWizard->>UserIsolation: runAuthenticatedSudoOrThrow(arguments)
            UserIsolation->>System: execute privileged operations (useradd, mkdir, chmod, tee, dscl, rm, etc.)
            System-->>UserIsolation: operation results
            UserIsolation-->>SetupWizard: success/failure
        else auth failed
            UserIsolation-->>SetupWizard: throw authenticationFailed
        end
    else no username required
        SetupWizard-->>Caller: skip privileged steps
    end

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• Fix version mismatch: update CLI version to 1.6.0 #15: Related changes to CLIHandler.version; this PR extends that approach to resolve versions from executable/app bundle paths.
• feat: Add hybrid isolation strategy with Apple container support #12: Related refactor of sudo/process execution; both PRs modify UserIsolationService to change how privileged commands are executed and authenticated.

Poem

🐰 I hopped through bundles, sniffed each plumbed door,
I learned when to ask, and when to implore,
With sudo I squeaked a tiny request,
Now users are guarded, and tests do their best.
🥕✨

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 16.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: fixing version resolution to read from the installed app bundle instead of 'dev'.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/version-command-release-version

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

Tests/MacRunnerTests/MacRunnerTests.swift (1)

9-39: Consider adding an assertion to verify the fallback path is actually exercised.

The test relies on Bundle(for: Self.self) not having CFBundleShortVersionString. If that assumption breaks (e.g., someone adds a version to the test bundle's Info.plist), this test could pass for the wrong reason or fail unexpectedly.

An optional improvement would be to explicitly verify the test bundle doesn't return a version, ensuring the fallback path is actually being tested:

💡 Optional: Add assertion for test precondition

+            // Verify the test bundle doesn't have a version, so fallback is exercised
+            let testBundle = Bundle(for: Self.self)
+            XCTAssertNil(testBundle.infoDictionary?["CFBundleShortVersionString"] as? String)
+
             let version = CLIHandler.version(
                 executablePath: executableURL.path,
-                mainBundle: Bundle(for: Self.self)
+                mainBundle: testBundle
             )

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@Tests/MacRunnerTests/MacRunnerTests.swift` around lines 9 - 39, Add an
explicit precondition assertion inside
testCLIHandlerVersionFallsBackToEnclosingAppBundleVersion to ensure the test
bundle has no CFBundleShortVersionString so the fallback is exercised: before
calling CLIHandler.version(executablePath:mainBundle:) assert that Bundle(for:
Self.self).object(forInfoDictionaryKey: "CFBundleShortVersionString") is nil (or
that CLIHandler.version with mainBundle: Bundle(for: Self.self) returns nil) so
the test fails if someone later adds a version to the test bundle; keep the
assertion right before invoking CLIHandler.version.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@Tests/MacRunnerTests/MacRunnerTests.swift`:
- Around line 9-39: Add an explicit precondition assertion inside
testCLIHandlerVersionFallsBackToEnclosingAppBundleVersion to ensure the test
bundle has no CFBundleShortVersionString so the fallback is exercised: before
calling CLIHandler.version(executablePath:mainBundle:) assert that Bundle(for:
Self.self).object(forInfoDictionaryKey: "CFBundleShortVersionString") is nil (or
that CLIHandler.version with mainBundle: Bundle(for: Self.self) returns nil) so
the test fails if someone later adds a version to the test bundle; keep the
assertion right before invoking CLIHandler.version.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 27c2caab-bbdb-4916-96a5-269ef5ffc0fe

📥 Commits

Reviewing files that changed from the base of the PR and between 7dfb2be and f63cd03.

📒 Files selected for processing (2)

• Sources/Services/CLIHandler.swift
• Tests/MacRunnerTests/MacRunnerTests.swift

[coderabbitai]

🧹 Nitpick comments (1)

Sources/Services/UserIsolationService.swift (1)

299-304: Consider wrapping in IsolationError for consistency.

The helper throws ProcessExecutorError.executionFailed, which the caller (createUser) catches and re-wraps anyway. Throwing IsolationError directly would be more consistent with the service's error taxonomy and simplify the call site.

♻️ Optional: throw IsolationError directly

 private func runAuthenticatedSudoOrThrow(arguments: [String], errorMessage: String) throws {
     let result = try ProcessExecutor.runSudo(arguments: ["-n"] + arguments)
     guard result.succeeded else {
-        throw ProcessExecutorError.executionFailed("\(errorMessage): \(result.output)")
+        throw IsolationError.userCreationFailed("\(errorMessage): \(result.output)")
     }
 }

Note: If this helper is intended for broader use (beyond user creation), you could introduce a more generic IsolationError.commandFailed(String) case instead.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@Sources/Services/UserIsolationService.swift` around lines 299 - 304, The
helper runAuthenticatedSudoOrThrow currently throws
ProcessExecutorError.executionFailed but callers like createUser expect
IsolationError; change runAuthenticatedSudoOrThrow to throw an IsolationError
(e.g., add or use IsolationError.commandFailed(String) or
IsolationError.executionFailed(String)) and map the ProcessExecutor.runSudo
failure into that IsolationError including the output/error details so callers
no longer need to re-wrap ProcessExecutorError; update any throws signature and
tests accordingly.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@Sources/Services/UserIsolationService.swift`:
- Around line 299-304: The helper runAuthenticatedSudoOrThrow currently throws
ProcessExecutorError.executionFailed but callers like createUser expect
IsolationError; change runAuthenticatedSudoOrThrow to throw an IsolationError
(e.g., add or use IsolationError.commandFailed(String) or
IsolationError.executionFailed(String)) and map the ProcessExecutor.runSudo
failure into that IsolationError including the output/error details so callers
no longer need to re-wrap ProcessExecutorError; update any throws signature and
tests accordingly.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 9cfde924-b695-4127-9f71-b9f51a83e605

📥 Commits

Reviewing files that changed from the base of the PR and between f63cd03 and b85d7b6.

📒 Files selected for processing (3)

• Sources/Services/SetupWizard.swift
• Sources/Services/UserIsolationService.swift
• Tests/MacRunnerTests/MacRunnerTests.swift

🚧 Files skipped from review as they are similar to previous changes (1)

• Tests/MacRunnerTests/MacRunnerTests.swift

[github-actions]

🎉 This PR is included in version 1.11.1 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀