Add regular setup support

2026-05-26 12:10:49 +00:00 · 2026-04-10 12:09:40 -07:00 · 2026-04-10 12:09:40 -07:00 · 24af6f21eb
commit 24af6f21eb
parent 1635bee387
23 changed files with 575 additions and 48 deletions
--- a/test/e2e/poetry.e2e.spec.js
+++ b/test/e2e/poetry.e2e.spec.js
@ -422,4 +422,46 @@ describe("E2E: poetry coverage", () => {
      `Expected env list output. Output was:\n${envListResult.output}`
    );
  });
+
+  describe("with SAFE_CHAIN_DIR (custom install directory)", () => {
+    const CUSTOM_DIR = "/usr/local/.safe-chain";
+    let customContainer;
+
+    beforeEach(async () => {
+      customContainer = new DockerTestContainer();
+      await customContainer.start();
+
+      const setupShell = await customContainer.openShell("zsh");
+      await setupShell.runCommand(`export SAFE_CHAIN_DIR=${CUSTOM_DIR}`);
+      await setupShell.runCommand("safe-chain setup");
+      await setupShell.runCommand("command poetry cache clear pypi --all -n");
+    });
+
+    afterEach(async () => {
+      if (customContainer) {
+        await customContainer.stop();
+        customContainer = null;
+      }
+    });
+
+    it("blocks malicious poetry packages when scripts are in a custom directory", async () => {
+      const shell = await customContainer.openShell("zsh");
+      await shell.runCommand("mkdir /tmp/test-poetry-custom-dir");
+      await shell.runCommand(
+        "cd /tmp/test-poetry-custom-dir && poetry init --no-interaction"
+      );
+      const result = await shell.runCommand(
+        "cd /tmp/test-poetry-custom-dir && poetry add safe-chain-pi-test"
+      );
+
+      assert.ok(
+        result.output.includes("blocked by safe-chain"),
+        `Expected malicious package to be blocked. Output:\n${result.output}`
+      );
+      assert.ok(
+        result.output.includes("Exiting without installing malicious packages."),
+        `Expected malicious package to be blocked. Output:\n${result.output}`
+      );
+    });
+  });
 });