From 3c18ad76f7446e64d95ed2dbf56a1307ef593ff2 Mon Sep 17 00:00:00 2001
From: Reinier Criel <reinier.criel@gmail.com>
Date: Wed, 17 Dec 2025 11:37:51 +0100
Subject: [PATCH 1/3] Skeleton

---
 README.md                                     | 23 +++++++++++++++++++
 .../src/shell-integration/setup-ci.js         |  8 +++++++
 2 files changed, 31 insertions(+)

diff --git a/README.md b/README.md
index 9047def..d56775c 100644
--- a/README.md
+++ b/README.md
@@ -191,6 +191,7 @@ iex "& { $(iwr 'https://raw.githubusercontent.com/AikidoSec/safe-chain/main/inst
 
 - ✅ **GitHub Actions**
 - ✅ **Azure Pipelines**
+- ✅ **CircleCI**
 
 ## GitHub Actions Example
 
@@ -224,3 +225,25 @@ iex "& { $(iwr 'https://raw.githubusercontent.com/AikidoSec/safe-chain/main/inst
 ```
 
 After setup, all subsequent package manager commands in your CI pipeline will automatically be protected by Aikido Safe Chain's malware detection.
+
+## CircleCI Example
+
+```yaml
+version: 2.1
+jobs:
+  build:
+    docker:
+      - image: cimg/node:lts
+    steps:
+      - checkout
+      - run: |
+          curl -fsSL https://raw.githubusercontent.com/AikidoSec/safe-chain/main/install-scripts/install-safe-chain.sh | sh -s -- --ci
+      - run: npm ci
+      - run: npm test
+workflows:
+  build_and_test:
+    jobs:
+      - build
+```
+
+Note: `setup-ci` writes the Safe Chain shims to `~/.safe-chain/shims` and persists PATH via CircleCI's `BASH_ENV`, so subsequent steps automatically use the wrapped package managers.
diff --git a/packages/safe-chain/src/shell-integration/setup-ci.js b/packages/safe-chain/src/shell-integration/setup-ci.js
index 14510f9..54b8505 100644
--- a/packages/safe-chain/src/shell-integration/setup-ci.js
+++ b/packages/safe-chain/src/shell-integration/setup-ci.js
@@ -157,6 +157,14 @@ function modifyPathForCi(shimsDir, binDir) {
     ui.writeInformation("##vso[task.prependpath]" + shimsDir);
     ui.writeInformation("##vso[task.prependpath]" + binDir);
   }
+
+  if (process.env.BASH_ENV) {
+    // In CircleCI, persisting PATH across steps is done by appending shell exports
+    // to the file referenced by BASH_ENV. CircleCI sources this file for each step.
+    const exportLine = `export PATH=\"${shimsDir}:${binDir}:$PATH\"` + os.EOL;
+    fs.appendFileSync(process.env.BASH_ENV, exportLine, "utf-8");
+    ui.writeInformation(`Added shims directory to BASH_ENV for CircleCI.`);
+  }
 }
 
 function getToolsToSetup() {

From 5de43c1bf231220dfb8f41e3d86083e213407d02 Mon Sep 17 00:00:00 2001
From: Reinier Criel <reinier.criel@gmail.com>
Date: Wed, 17 Dec 2025 13:26:14 +0100
Subject: [PATCH 2/3] Some modifications

---
 packages/safe-chain/src/shell-integration/setup-ci.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/packages/safe-chain/src/shell-integration/setup-ci.js b/packages/safe-chain/src/shell-integration/setup-ci.js
index 54b8505..762bd9b 100644
--- a/packages/safe-chain/src/shell-integration/setup-ci.js
+++ b/packages/safe-chain/src/shell-integration/setup-ci.js
@@ -160,8 +160,8 @@ function modifyPathForCi(shimsDir, binDir) {
 
   if (process.env.BASH_ENV) {
     // In CircleCI, persisting PATH across steps is done by appending shell exports
-    // to the file referenced by BASH_ENV. CircleCI sources this file for each step.
-    const exportLine = `export PATH=\"${shimsDir}:${binDir}:$PATH\"` + os.EOL;
+    // to the file referenced by BASH_ENV. CircleCI sources this file for 'run' each step.
+    const exportLine = `export PATH="${shimsDir}:${binDir}:$PATH"` + os.EOL;
     fs.appendFileSync(process.env.BASH_ENV, exportLine, "utf-8");
     ui.writeInformation(`Added shims directory to BASH_ENV for CircleCI.`);
   }

From 8c929f65e23beccc01af8713ba03bf259904604a Mon Sep 17 00:00:00 2001
From: Reinier Criel <reinier.criel@gmail.com>
Date: Wed, 17 Dec 2025 13:51:56 +0100
Subject: [PATCH 3/3] Update README

---
 README.md | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/README.md b/README.md
index d56775c..1d6db62 100644
--- a/README.md
+++ b/README.md
@@ -224,8 +224,6 @@ iex "& { $(iwr 'https://raw.githubusercontent.com/AikidoSec/safe-chain/main/inst
   displayName: "Install dependencies"
 ```
 
-After setup, all subsequent package manager commands in your CI pipeline will automatically be protected by Aikido Safe Chain's malware detection.
-
 ## CircleCI Example
 
 ```yaml
@@ -239,11 +237,10 @@ jobs:
       - run: |
           curl -fsSL https://raw.githubusercontent.com/AikidoSec/safe-chain/main/install-scripts/install-safe-chain.sh | sh -s -- --ci
       - run: npm ci
-      - run: npm test
 workflows:
   build_and_test:
     jobs:
       - build
 ```
 
-Note: `setup-ci` writes the Safe Chain shims to `~/.safe-chain/shims` and persists PATH via CircleCI's `BASH_ENV`, so subsequent steps automatically use the wrapped package managers.
+After setup, all subsequent package manager commands in your CI pipeline will automatically be protected by Aikido Safe Chain's malware detection.