Skeleton

README.md

@@ -191,6 +191,7 @@ iex "& { $(iwr 'https://raw.githubusercontent.com/AikidoSec/safe-chain/main/inst
 
 - ✅ **GitHub Actions**
 - ✅ **Azure Pipelines**
+- ✅ **CircleCI**
 
 ## GitHub Actions Example
 
@@ -224,3 +225,25 @@ iex "& { $(iwr 'https://raw.githubusercontent.com/AikidoSec/safe-chain/main/inst
 ```
 
 After setup, all subsequent package manager commands in your CI pipeline will automatically be protected by Aikido Safe Chain's malware detection.
+
+## CircleCI Example
+
+```yaml
+version: 2.1
+jobs:
+  build:
+    docker:
+      - image: cimg/node:lts
+    steps:
+      - checkout
+      - run: |
+          curl -fsSL https://raw.githubusercontent.com/AikidoSec/safe-chain/main/install-scripts/install-safe-chain.sh | sh -s -- --ci
+      - run: npm ci
+      - run: npm test
+workflows:
+  build_and_test:
+    jobs:
+      - build
+```
+
+Note: `setup-ci` writes the Safe Chain shims to `~/.safe-chain/shims` and persists PATH via CircleCI's `BASH_ENV`, so subsequent steps automatically use the wrapped package managers.

packages/safe-chain/src/shell-integration/setup-ci.js

@@ -157,6 +157,14 @@ function modifyPathForCi(shimsDir, binDir) {
     ui.writeInformation("##vso[task.prependpath]" + shimsDir);
     ui.writeInformation("##vso[task.prependpath]" + binDir);
   }
+
+  if (process.env.BASH_ENV) {
+    // In CircleCI, persisting PATH across steps is done by appending shell exports
+    // to the file referenced by BASH_ENV. CircleCI sources this file for each step.
+    const exportLine = `export PATH=\"${shimsDir}:${binDir}:$PATH\"` + os.EOL;
+    fs.appendFileSync(process.env.BASH_ENV, exportLine, "utf-8");
+    ui.writeInformation(`Added shims directory to BASH_ENV for CircleCI.`);
+  }
 }
 
 function getToolsToSetup() {