From 3c18ad76f7446e64d95ed2dbf56a1307ef593ff2 Mon Sep 17 00:00:00 2001
From: Reinier Criel <reinier.criel@gmail.com>
Date: Wed, 17 Dec 2025 11:37:51 +0100
Subject: [PATCH] Skeleton

---
 README.md                                     | 23 +++++++++++++++++++
 .../src/shell-integration/setup-ci.js         |  8 +++++++
 2 files changed, 31 insertions(+)

diff --git a/README.md b/README.md
index 9047def..d56775c 100644
--- a/README.md
+++ b/README.md
@@ -191,6 +191,7 @@ iex "& { $(iwr 'https://raw.githubusercontent.com/AikidoSec/safe-chain/main/inst
 
 - ✅ **GitHub Actions**
 - ✅ **Azure Pipelines**
+- ✅ **CircleCI**
 
 ## GitHub Actions Example
 
@@ -224,3 +225,25 @@ iex "& { $(iwr 'https://raw.githubusercontent.com/AikidoSec/safe-chain/main/inst
 ```
 
 After setup, all subsequent package manager commands in your CI pipeline will automatically be protected by Aikido Safe Chain's malware detection.
+
+## CircleCI Example
+
+```yaml
+version: 2.1
+jobs:
+  build:
+    docker:
+      - image: cimg/node:lts
+    steps:
+      - checkout
+      - run: |
+          curl -fsSL https://raw.githubusercontent.com/AikidoSec/safe-chain/main/install-scripts/install-safe-chain.sh | sh -s -- --ci
+      - run: npm ci
+      - run: npm test
+workflows:
+  build_and_test:
+    jobs:
+      - build
+```
+
+Note: `setup-ci` writes the Safe Chain shims to `~/.safe-chain/shims` and persists PATH via CircleCI's `BASH_ENV`, so subsequent steps automatically use the wrapped package managers.
diff --git a/packages/safe-chain/src/shell-integration/setup-ci.js b/packages/safe-chain/src/shell-integration/setup-ci.js
index 14510f9..54b8505 100644
--- a/packages/safe-chain/src/shell-integration/setup-ci.js
+++ b/packages/safe-chain/src/shell-integration/setup-ci.js
@@ -157,6 +157,14 @@ function modifyPathForCi(shimsDir, binDir) {
     ui.writeInformation("##vso[task.prependpath]" + shimsDir);
     ui.writeInformation("##vso[task.prependpath]" + binDir);
   }
+
+  if (process.env.BASH_ENV) {
+    // In CircleCI, persisting PATH across steps is done by appending shell exports
+    // to the file referenced by BASH_ENV. CircleCI sources this file for each step.
+    const exportLine = `export PATH=\"${shimsDir}:${binDir}:$PATH\"` + os.EOL;
+    fs.appendFileSync(process.env.BASH_ENV, exportLine, "utf-8");
+    ui.writeInformation(`Added shims directory to BASH_ENV for CircleCI.`);
+  }
 }
 
 function getToolsToSetup() {