refactor: extract npm_global_install() helper for sudo-aware global installs

[marcusquinn]

Summary

Follow-up to PR #693. Extracts the sudo-aware npm global install logic into a shared npm_global_install() helper function and applies it to all npm global install call sites.

Problem

After PR #693 fixed the OpenCode CLI install with sudo detection, the same issue affected every other npm install -g call in setup.sh — MCP packages, DSPyGround, LocalWP MCP, osgrep, beads-ui, and bdui all failed with EACCES on Linux systems where npm was installed via apt.

Solution

• New npm_global_install() helper function (line 174) that:
  • Prefers bun if available (writes to ~/.bun/bin, no sudo needed)
  • Falls back to npm with automatic sudo detection
  • Checks if npm prefix dir is writable; prepends sudo if not
• Replaced all 8 npm install -g call sites with npm_global_install
• Updated fallback "try manually" messages to include sudo

Affected functions

• install_mcp_packages() — 5 MCP server packages
• setup_nodejs_env() — DSPyGround
• setup_localwp_mcp() — LocalWP MCP server
• setup_osgrep() — osgrep CLI
• setup_beads_ui() — beads-ui, bdui
• setup_opencode_cli() — OpenCode (was inline, now uses shared helper)

Testing

• npm_global_install tested directly in OrbStack Ubuntu ARM64 — installs with sudo automatically
• ./setup.sh --non-interactive passes with exit code 0
• ShellCheck passes (only pre-existing SC2155 warnings)
• bash -n setup.sh syntax check passes

[gemini-code-assist]

Warning

You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again!

[coderabbitai]

Warning

Rate limit exceeded

@marcusquinn has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 11 minutes and 22 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch bugfix/setup-sete-resilience

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

🔍 Code Quality Report

�[0;35m[MONITOR]�[0m Code Review Monitoring Report

�[0;34m[INFO]�[0m Latest Quality Status:
SonarCloud: 0 bugs, 0 vulnerabilities, 44 code smells

�[0;34m[INFO]�[0m Recent monitoring activity:
Mon Feb 9 00:16:25 UTC 2026: Code review monitoring started
Mon Feb 9 00:16:25 UTC 2026: SonarCloud - Bugs: 0, Vulnerabilities: 0, Code Smells: 44

📈 Current Quality Metrics

• BUGS: 0
• CODE SMELLS: 44
• VULNERABILITIES: 0

Generated on: Mon Feb 9 00:16:27 UTC 2026

---

Generated by AI DevOps Framework Code Review Monitoring

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud