feat: auto-provision runner toolchains

[Peyton-Spencer]

Summary

• auto-provision gh before repo validation, then detect common language toolchains from root repo metadata when creating new runners
• add a persisted settings.tools.extraPackages config plus settings UI so users can request extra Homebrew packages for future runners
• cover package planning, config decoding, settings normalization, and gh path detection with focused unit tests

Testing

• git diff --check
• swift test (not runnable in this container: swift: command not found)

Notes

• this PR provisions tools for non-isolated and dedicated-user runners; container-mode provisioning is intentionally left for follow-up work

[Peyton-Spencer]

Good first pass. Architecture is clean — dependency injection on ToolProvisioningService makes it testable, ToolDetector enum is a nice pattern, and the package name normalization whitelist blocks shell metacharacters.

One minor security note (not blocking):

In ToolProvisioningService.swift, isInstalled() uses string interpolation into a shell command:

let result = try await runCommand("/bin/bash", ["-lc", "command -v \(package)"])

The normalize() whitelist ([a-z0-9@+._-]) prevents injection, so this is safe in practice. But if this ever gets refactored, the interpolation pattern could become a risk. Consider using ["/opt/homebrew/bin/\(package)", "/usr/local/bin/\(package)"] path checks exclusively (which you already do first), and dropping the command -v fallback — or at least adding a comment noting the safety invariant.

Everything else looks solid. Will merge when CI is green.

[coderabbitai]

Warning

Rate limit exceeded

@Peyton-Spencer has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 14 minutes and 25 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: e565b610-b4c5-4d0b-a668-2f43c82bf410

📥 Commits

Reviewing files that changed from the base of the PR and between c09a483 and 5f133a3.

📒 Files selected for processing (6)

• Sources/Models/Runner.swift
• Sources/Services/GHCLIService.swift
• Sources/Services/RunnerManager.swift
• Sources/Services/ToolProvisioningService.swift
• Sources/Views/MenuBarView.swift
• Tests/MacRunnerTests/MacRunnerTests.swift

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/39-auto-provision-tools

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

🎉 This PR is included in version 1.14.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀