Handle PR comments

2026-05-26 12:10:49 +00:00 · 2025-12-03 10:06:58 +01:00 · 2025-12-03 10:06:58 +01:00 · 4139275b76
commit 4139275b76
parent 31a14a3f1b
7 changed files with 204 additions and 195 deletions
--- a/build.js
+++ b/build.js
@ -11,12 +11,21 @@ if (!target) {
  process.exit(1);
 }
-(async function () {
+(async function main() {
  await clearOutputFolder();
  // Esbuild creates a single safe-chain.cjs with all dependencies included
  await bundleSafeChain();
  // Copy assets that need to be included in the binary
  // - All shell scripts that are used to setup safe-chain
  // - Certifi because it contains static root certs for Python
  // - Package.json for its metadata (package name, version, ...)
  await copyShellScripts();
  await copyCertifi();
  await copyAndModifyPackageJson();
  // Creates a single binary with safe-chain.cjs and the copied assets
  await buildSafeChainBinary(target);
 })();
--- a/packages/safe-chain/src/shell-integration/startup-scripts/include-python/init-fish.fish
+++ b/packages/safe-chain/src/shell-integration/startup-scripts/include-python/init-fish.fish
@ -1,36 +1,5 @@
 set -gx PATH $PATH $HOME/.safe-chain/bin
 function printSafeChainWarning
    set original_cmd $argv[1]
    # Fish equivalent of ANSI color codes: yellow background, black text for "Warning:"
    set_color -b yellow black
    printf "Warning:"
    set_color normal
    printf " safe-chain is not available to protect you from installing malware. %s will run without it.\n" $original_cmd
    # Cyan text for the install command
    printf "Install safe-chain by using "
    set_color cyan
    printf "npm install -g @aikidosec/safe-chain"
    set_color normal
    printf ".\n"
 end
 function wrapSafeChainCommand
    set original_cmd $argv[1]
    set cmd_args $argv[2..-1]
    if type -q safe-chain
        # If the safe-chain command is available, just run it with the provided arguments
        safe-chain $original_cmd $cmd_args
    else
        # If the safe-chain command is not available, print a warning and run the original command
        printSafeChainWarning $original_cmd
        command $original_cmd $cmd_args
    end
 end
 function npx
    wrapSafeChainCommand "npx" $argv
 end
@ -92,3 +61,34 @@ end
 function python3
    wrapSafeChainCommand "python3" $argv
 end
 function printSafeChainWarning
    set original_cmd $argv[1]
    # Fish equivalent of ANSI color codes: yellow background, black text for "Warning:"
    set_color -b yellow black
    printf "Warning:"
    set_color normal
    printf " safe-chain is not available to protect you from installing malware. %s will run without it.\n" $original_cmd
    # Cyan text for the install command
    printf "Install safe-chain by using "
    set_color cyan
    printf "npm install -g @aikidosec/safe-chain"
    set_color normal
    printf ".\n"
 end
 function wrapSafeChainCommand
    set original_cmd $argv[1]
    set cmd_args $argv[2..-1]
    if type -q safe-chain
        # If the safe-chain command is available, just run it with the provided arguments
        safe-chain $original_cmd $cmd_args
    else
        # If the safe-chain command is not available, print a warning and run the original command
        printSafeChainWarning $original_cmd
        command $original_cmd $cmd_args
    end
 end
--- a/packages/safe-chain/src/shell-integration/startup-scripts/include-python/init-posix.sh
+++ b/packages/safe-chain/src/shell-integration/startup-scripts/include-python/init-posix.sh
@ -1,27 +1,5 @@
 export PATH="$PATH:$HOME/.safe-chain/bin"
 function printSafeChainWarning() {
  # \033[43;30m is used to set the background color to yellow and text color to black
  # \033[0m is used to reset the text formatting
  printf "\033[43;30mWarning:\033[0m safe-chain is not available to protect you from installing malware. %s will run without it.\n" "$1"
  # \033[36m is used to set the text color to cyan
  printf "Install safe-chain by using \033[36mnpm install -g @aikidosec/safe-chain\033[0m.\n"
 }
 function wrapSafeChainCommand() {
  local original_cmd="$1"
  if command -v safe-chain > /dev/null 2>&1; then
    # If the aikido command is available, just run it with the provided arguments
    safe-chain "$@"
  else
    # If the aikido command is not available, print a warning and run the original command
    printSafeChainWarning "$original_cmd"
    command "$original_cmd" "$@"
  fi
 }
 function npx() {
  wrapSafeChainCommand "npx" "$@"
 }
@ -79,3 +57,25 @@ function python() {
 function python3() {
  wrapSafeChainCommand "python3" "$@"
 }
 function printSafeChainWarning() {
  # \033[43;30m is used to set the background color to yellow and text color to black
  # \033[0m is used to reset the text formatting
  printf "\033[43;30mWarning:\033[0m safe-chain is not available to protect you from installing malware. %s will run without it.\n" "$1"
  # \033[36m is used to set the text color to cyan
  printf "Install safe-chain by using \033[36mnpm install -g @aikidosec/safe-chain\033[0m.\n"
 }
 function wrapSafeChainCommand() {
  local original_cmd="$1"
  if command -v safe-chain > /dev/null 2>&1; then
    # If the aikido command is available, just run it with the provided arguments
    safe-chain "$@"
  else
    # If the aikido command is not available, print a warning and run the original command
    printSafeChainWarning "$original_cmd"
    command "$original_cmd" "$@"
  fi
 }
--- a/packages/safe-chain/src/shell-integration/startup-scripts/include-python/init-pwsh.ps1
+++ b/packages/safe-chain/src/shell-integration/startup-scripts/include-python/init-pwsh.ps1
@ -3,59 +3,6 @@ $pathSeparator = if ($IsWindows) { ';' } else { ':' }
 $safeChainBin = Join-Path $HOME '.safe-chain' 'bin'
 $env:PATH = "$env:PATH$pathSeparator$safeChainBin"
 function Write-SafeChainWarning {
    param([string]$Command)
    # PowerShell equivalent of ANSI color codes: yellow background, black text for "Warning:"
    Write-Host "Warning:" -BackgroundColor Yellow -ForegroundColor Black -NoNewline
    Write-Host " safe-chain is not available to protect you from installing malware. $Command will run without it."
    # Cyan text for the install command
    Write-Host "Install safe-chain by using " -NoNewline
    Write-Host "npm install -g @aikidosec/safe-chain" -ForegroundColor Cyan -NoNewline
    Write-Host "."
 }
 function Test-CommandAvailable {
    param([string]$Command)
    try {
        Get-Command $Command -ErrorAction Stop | Out-Null
        return $true
    }
    catch {
        return $false
    }
 }
 function Invoke-RealCommand {
    param(
        [string]$Command,
        [string[]]$Arguments
    )
    # Find the real executable to avoid calling our wrapped functions
    $realCommand = Get-Command -Name $Command -CommandType Application | Select-Object -First 1
    if ($realCommand) {
        & $realCommand.Source @Arguments
    }
 }
 function Invoke-WrappedCommand {
    param(
        [string]$OriginalCmd,
        [string[]]$Arguments
    )
    if (Test-CommandAvailable "safe-chain") {
        & safe-chain $OriginalCmd @Arguments
    }
    else {
        Write-SafeChainWarning $OriginalCmd
        Invoke-RealCommand $OriginalCmd $Arguments
    }
 }
 function npx {
    Invoke-WrappedCommand "npx" $args
 }
@ -113,3 +60,56 @@ function python3 {
    Invoke-WrappedCommand 'python3' $args
 }
 function Write-SafeChainWarning {
    param([string]$Command)
    # PowerShell equivalent of ANSI color codes: yellow background, black text for "Warning:"
    Write-Host "Warning:" -BackgroundColor Yellow -ForegroundColor Black -NoNewline
    Write-Host " safe-chain is not available to protect you from installing malware. $Command will run without it."
    # Cyan text for the install command
    Write-Host "Install safe-chain by using " -NoNewline
    Write-Host "npm install -g @aikidosec/safe-chain" -ForegroundColor Cyan -NoNewline
    Write-Host "."
 }
 function Test-CommandAvailable {
    param([string]$Command)
    try {
        Get-Command $Command -ErrorAction Stop | Out-Null
        return $true
    }
    catch {
        return $false
    }
 }
 function Invoke-RealCommand {
    param(
        [string]$Command,
        [string[]]$Arguments
    )
    # Find the real executable to avoid calling our wrapped functions
    $realCommand = Get-Command -Name $Command -CommandType Application | Select-Object -First 1
    if ($realCommand) {
        & $realCommand.Source @Arguments
    }
 }
 function Invoke-WrappedCommand {
    param(
        [string]$OriginalCmd,
        [string[]]$Arguments
    )
    if (Test-CommandAvailable "safe-chain") {
        & safe-chain $OriginalCmd @Arguments
    }
    else {
        Write-SafeChainWarning $OriginalCmd
        Invoke-RealCommand $OriginalCmd $Arguments
    }
 }
--- a/packages/safe-chain/src/shell-integration/startup-scripts/init-fish.fish
+++ b/packages/safe-chain/src/shell-integration/startup-scripts/init-fish.fish
@ -1,36 +1,5 @@
 set -gx PATH $PATH $HOME/.safe-chain/bin
 function printSafeChainWarning
    set original_cmd $argv[1]
    # Fish equivalent of ANSI color codes: yellow background, black text for "Warning:"
    set_color -b yellow black
    printf "Warning:"
    set_color normal
    printf " safe-chain is not available to protect you from installing malware. %s will run without it.\n" $original_cmd
    # Cyan text for the install command
    printf "Install safe-chain by using "
    set_color cyan
    printf "npm install -g @aikidosec/safe-chain"
    set_color normal
    printf ".\n"
 end
 function wrapSafeChainCommand
    set original_cmd $argv[1]
    set cmd_args $argv[2..-1]
    if type -q safe-chain
        # If the safe-chain command is available, just run it with the provided arguments
        safe-chain $original_cmd $cmd_args
    else
        # If the safe-chain command is not available, print a warning and run the original command
        printSafeChainWarning $original_cmd
        command $original_cmd $cmd_args
    end
 end
 function npx
    wrapSafeChainCommand "npx" $argv
 end
@ -69,3 +38,34 @@ function npm
    wrapSafeChainCommand "npm" $argv
 end
 function printSafeChainWarning
    set original_cmd $argv[1]
    # Fish equivalent of ANSI color codes: yellow background, black text for "Warning:"
    set_color -b yellow black
    printf "Warning:"
    set_color normal
    printf " safe-chain is not available to protect you from installing malware. %s will run without it.\n" $original_cmd
    # Cyan text for the install command
    printf "Install safe-chain by using "
    set_color cyan
    printf "npm install -g @aikidosec/safe-chain"
    set_color normal
    printf ".\n"
 end
 function wrapSafeChainCommand
    set original_cmd $argv[1]
    set cmd_args $argv[2..-1]
    if type -q safe-chain
        # If the safe-chain command is available, just run it with the provided arguments
        safe-chain $original_cmd $cmd_args
    else
        # If the safe-chain command is not available, print a warning and run the original command
        printSafeChainWarning $original_cmd
        command $original_cmd $cmd_args
    end
 end
--- a/packages/safe-chain/src/shell-integration/startup-scripts/init-posix.sh
+++ b/packages/safe-chain/src/shell-integration/startup-scripts/init-posix.sh
@ -1,27 +1,5 @@
 export PATH="$PATH:$HOME/.safe-chain/bin"
 function printSafeChainWarning() {
  # \033[43;30m is used to set the background color to yellow and text color to black
  # \033[0m is used to reset the text formatting
  printf "\033[43;30mWarning:\033[0m safe-chain is not available to protect you from installing malware. %s will run without it.\n" "$1"
  # \033[36m is used to set the text color to cyan
  printf "Install safe-chain by using \033[36mnpm install -g @aikidosec/safe-chain\033[0m.\n"
 }
 function wrapSafeChainCommand() {
  local original_cmd="$1"
  if command -v safe-chain > /dev/null 2>&1; then
    # If the aikido command is available, just run it with the provided arguments
    safe-chain "$@"
  else
    # If the aikido command is not available, print a warning and run the original command
    printSafeChainWarning "$original_cmd"
    command "$original_cmd" "$@"
  fi
 }
 function npx() {
  wrapSafeChainCommand "npx" "$@"
 }
@ -56,3 +34,25 @@ function npm() {
  wrapSafeChainCommand "npm" "$@"
 }
 function printSafeChainWarning() {
  # \033[43;30m is used to set the background color to yellow and text color to black
  # \033[0m is used to reset the text formatting
  printf "\033[43;30mWarning:\033[0m safe-chain is not available to protect you from installing malware. %s will run without it.\n" "$1"
  # \033[36m is used to set the text color to cyan
  printf "Install safe-chain by using \033[36mnpm install -g @aikidosec/safe-chain\033[0m.\n"
 }
 function wrapSafeChainCommand() {
  local original_cmd="$1"
  if command -v safe-chain > /dev/null 2>&1; then
    # If the aikido command is available, just run it with the provided arguments
    safe-chain "$@"
  else
    # If the aikido command is not available, print a warning and run the original command
    printSafeChainWarning "$original_cmd"
    command "$original_cmd" "$@"
  fi
 }
--- a/packages/safe-chain/src/shell-integration/startup-scripts/init-pwsh.ps1
+++ b/packages/safe-chain/src/shell-integration/startup-scripts/init-pwsh.ps1
@ -3,6 +3,41 @@ $pathSeparator = if ($IsWindows) { ';' } else { ':' }
 $safeChainBin = Join-Path $HOME '.safe-chain' 'bin'
 $env:PATH = "$env:PATH$pathSeparator$safeChainBin"
 function npx {
    Invoke-WrappedCommand "npx" $args
 }
 function yarn {
    Invoke-WrappedCommand "yarn" $args
 }
 function pnpm {
    Invoke-WrappedCommand "pnpm" $args
 }
 function pnpx {
    Invoke-WrappedCommand "pnpx" $args
 }
 function bun {
    Invoke-WrappedCommand "bun" $args
 }
 function bunx {
    Invoke-WrappedCommand "bunx" $args
 }
 function npm {
    # If args is just -v or --version and nothing else, just run the npm version command
    # This is because nvm uses this to check the version of npm
    if (($args.Length -eq 1) -and (($args[0] -eq "-v") -or ($args[0] -eq "--version"))) {
        Invoke-RealCommand "npm" $args
        return
    }
    Invoke-WrappedCommand "npm" $args
 }
 function Write-SafeChainWarning {
    param([string]$Command)
@ -55,38 +90,3 @@ function Invoke-WrappedCommand {
        Invoke-RealCommand $OriginalCmd $Arguments
    }
 }
 function npx {
    Invoke-WrappedCommand "npx" $args
 }
 function yarn {
    Invoke-WrappedCommand "yarn" $args
 }
 function pnpm {
    Invoke-WrappedCommand "pnpm" $args
 }
 function pnpx {
    Invoke-WrappedCommand "pnpx" $args
 }
 function bun {
    Invoke-WrappedCommand "bun" $args
 }
 function bunx {
    Invoke-WrappedCommand "bunx" $args
 }
 function npm {
    # If args is just -v or --version and nothing else, just run the npm version command
    # This is because nvm uses this to check the version of npm
    if (($args.Length -eq 1) -and (($args[0] -eq "-v") -or ($args[0] -eq "--version"))) {
        Invoke-RealCommand "npm" $args
        return
    }
    Invoke-WrappedCommand "npm" $args
 }