impr (cli): adding support for loading env variables & selecting embedding model, also made docker auto start (#703)

## Description

This PR adds three major improvements to the CLI: automatic cleanup on
init/add failures, Docker auto-start functionality, and support for
loading environment variables (API keys) and selecting embedding models.

**Key Changes:**
- Added `CleanupTracker` to rollback filesystem and config changes when
init/add operations fail
- Docker daemon now auto-starts on macOS/Windows/Linux with user
confirmation
- Environment variables (`.env` file) now loaded and passed to
containers for `OPENAI_API_KEY` and `GEMINI_API_KEY`
- `embedding_model` field added to config with `text-embedding-ada-002`
as default
- Install script checks for Docker Desktop on macOS and offers homebrew
installation
- Improved null-safety in HQL analyzer to prevent panics

**Critical Issues:**
- In `init.rs`, config backup is called after save instead of before,
breaking rollback functionality
- In `docker.rs`, `dotenvy::dotenv()` is called repeatedly in
`environment_variables()`, polluting process environment state

<details><summary><h3>Important Files Changed</h3></summary>



File Analysis



| Filename | Score | Overview |
|----------|-------|----------|
| helix-cli/src/cleanup.rs | 5/5 | added new cleanup tracker for
rollback on init/add failures - well-structured with tests |
| helix-cli/src/commands/init.rs | 2/5 | integrated cleanup tracker but
backup timing is incorrect - backup called after save instead of before
|
| helix-cli/src/docker.rs | 2/5 | added auto-start docker functionality
and env loading - dotenvy called repeatedly causing environment
pollution |
| helix-cli/src/config.rs | 5/5 | added embedding model selection with
proper defaults and serialization handling |

</details>


</details>


<details><summary><h3>Sequence Diagram</h3></summary>

```mermaid
sequenceDiagram
    participant User
    participant CLI as Helix CLI
    participant Cleanup as CleanupTracker
    participant Docker as DockerManager
    participant Env as .env File
    participant Config as helix.toml

    Note over User,Config: Init Command Flow
    User->>CLI: helix init [options]
    CLI->>Cleanup: Create CleanupTracker
    CLI->>Env: dotenvy::dotenv() (load env vars)
    CLI->>Config: Create helix.toml
    Cleanup->>Cleanup: Track created file
    CLI->>Cleanup: Track directories/files
    
    alt Cloud deployment selected
        CLI->>Cleanup: backup_config()
        CLI->>Config: Save cloud config
    end

    alt Error occurs
        CLI->>Cleanup: cleanup()
        Cleanup->>Config: Restore backup
        Cleanup->>Cleanup: Remove tracked files/dirs
        Cleanup-->>User: Cleanup summary
    end

    Note over User,Config: Docker Auto-Start Flow
    User->>CLI: helix build/run
    CLI->>Docker: check_docker_available()
    
    alt Docker not running
        Docker->>User: Prompt to start Docker
        alt User accepts
            Docker->>Docker: start_docker_daemon()
            Docker->>Docker: wait_for_docker(15s)
            Docker->>Docker: Verify running
        end
    end

    Docker->>Env: dotenvy::dotenv()
    Docker->>Docker: environment_variables()
    Note right of Docker: Loads OPENAI_API_KEY,<br/>GEMINI_API_KEY from env
    Docker->>Config: Generate docker-compose.yml
    Note right of Config: Includes dynamic env vars
```
</details>


<!-- greptile_other_comments_section -->

**Context used:**

- Rule from `dashboard` - When using OnceLock::new() in Rust code, wrap
it in a `const { ... }` block to satisfy clippy lints....
([source](https://app.greptile.com/review/custom-context?memory=7f3c5d9b-5a5e-41cd-9e7e-1992245f637c))

<!-- /greptile_comment -->

Author: xav-db

.github/workflows/clippy_check.yml

@@ -20,12 +20,13 @@ jobs:
 
     - name: Cache cargo dependencies
       uses: actions/cache@v4
+      continue-on-error: true
       with:
         path: |
           ~/.cargo/registry
           ~/.cargo/git
           target
-        key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
+        key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') || 'fallback' }}
         restore-keys: |
           ${{ runner.os }}-cargo-
           

.github/workflows/dashboard_check.yml

@@ -20,12 +20,13 @@ jobs:
 
     - name: Cache cargo dependencies
       uses: actions/cache@v4
+      continue-on-error: true
       with:
         path: |
           ~/.cargo/registry
           ~/.cargo/git
           target
-        key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
+        key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') || 'fallback' }}
         restore-keys: |
           ${{ runner.os }}-cargo-
           

.github/workflows/db_tests.yml

@@ -22,12 +22,13 @@ jobs:
 
     - name: Cache cargo dependencies
       uses: actions/cache@v4
+      continue-on-error: true
       with:
         path: |
           ~/.cargo/registry
           ~/.cargo/git
           target
-        key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
+        key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') || 'fallback' }}
         restore-keys: |
           ${{ runner.os }}-cargo-
           

.github/workflows/hql_tests.yml

@@ -29,12 +29,13 @@ jobs:
 
     - name: Cache cargo registry
       uses: actions/cache@v3
+      continue-on-error: true
       with:
         path: |
           ~/.cargo/registry
           ~/.cargo/git
           target
-        key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
+        key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') || 'fallback' }}
         restore-keys: |
           ${{ runner.os }}-cargo-
     

.github/workflows/s3_push.yml

@@ -0,0 +1,46 @@
+name: Push to S3
+
+on:
+  release:
+    types: [published, created]
+  create:
+    tags:
+      - 'v*'
+  workflow_dispatch:
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  upload-to-s3:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Configure AWS credentials using OIDC
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: arn:aws:iam::${{ vars.AWS_ACCOUNT_ID }}:role/GitHubActionsS3Role
+          aws-region: us-east-1
+
+      - name: Upload specified files and directories to S3
+        run: |
+          # Sync directories
+          aws s3 sync helix-cli/ s3://helix-repo/template/helix-cli/ --exclude "target/*"
+          aws s3 sync helix-container/ s3://helix-repo/template/helix-container/ --exclude "target/*"
+          aws s3 sync helix-macros/ s3://helix-repo/template/helix-macros/ --exclude "target/*"
+          aws s3 sync metrics/ s3://helix-repo/template/metrics/ --exclude "target/*"
+
+          # Upload root-level Cargo files
+          aws s3 cp Cargo.lock s3://helix-repo/template/Cargo.lock
+          aws s3 cp Cargo.toml s3://helix-repo/template/Cargo.toml
+
+      - name: Upload completion notification
+        if: success()
+        run: |
+          echo "Successfully uploaded all files to S3 bucket: helix-repo"
+          echo "Upload triggered by: ${{ github.event_name }}"
+          echo "Reference: ${{ github.ref }}"

Cargo.lock

@@ -1,6 +1,6 @@
 [package]
 name = "helix-cli"
-version = "2.1.2"
+version = "2.1.3"
 edition = "2024"
 
 [dependencies]