milliways-infosec/AikidoSec-safe-chain
7
0
Fork 0
mirror of https://github.com/AikidoSec/safe-chain.git synced 2026-05-26 12:10:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'main' into disable-mac-unit-tests

Browse source
This commit is contained in:
Sander Declerck 2025-12-15 10:51:58 +01:00 committed by GitHub
commit 917bc66fb0
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
12 changed files with 205 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

3
packages/safe-chain/bin/safe-chain.js
View file

@ -3,7 +3,7 @@
import chalk from "chalk"; import chalk from "chalk";
import { ui } from "../src/environment/userInteraction.js"; import { ui } from "../src/environment/userInteraction.js";
import { setup } from "../src/shell-integration/setup.js"; import { setup } from "../src/shell-integration/setup.js";
import { teardown } from "../src/shell-integration/teardown.js"; import { teardown, teardownDirectories } from "../src/shell-integration/teardown.js";
import { setupCi } from "../src/shell-integration/setup-ci.js"; import { setupCi } from "../src/shell-integration/setup-ci.js";
import { initializeCliArguments } from "../src/config/cliArguments.js"; import { initializeCliArguments } from "../src/config/cliArguments.js";
import { setEcoSystem } from "../src/config/settings.js"; import { setEcoSystem } from "../src/config/settings.js";
@ -60,6 +60,7 @@ if (tool) {
} else if (command === "setup") { } else if (command === "setup") {
setup(); setup();
} else if (command === "teardown") { } else if (command === "teardown") {
teardownDirectories();
teardown(); teardown();
} else if (command === "setup-ci") { } else if (command === "setup-ci") {
setupCi(); setupCi();

2
packages/safe-chain/src/config/configFile.js
View file

@ -67,7 +67,7 @@ function validateMinimumPackageAgeHours(value) {
*/ */
export function getMinimumPackageAgeHours() { export function getMinimumPackageAgeHours() {
const config = readConfigFile(); const config = readConfigFile();
if (config.minimumPackageAgeHours) { if (config.minimumPackageAgeHours !== undefined) {
const validated = validateMinimumPackageAgeHours( const validated = validateMinimumPackageAgeHours(
config.minimumPackageAgeHours config.minimumPackageAgeHours
); );

2
packages/safe-chain/src/config/settings.js
View file

@ -81,7 +81,7 @@ function validateMinimumPackageAgeHours(value) {
return undefined; return undefined;
} }
if (numericValue > 0) { if (numericValue >= 0) {
return numericValue; return numericValue;
} }

3
packages/safe-chain/src/main.js
View file

@ -23,6 +23,7 @@ export async function main(args) {
process.on("uncaughtException", (error) => { process.on("uncaughtException", (error) => {
ui.writeError(`Safe-chain: Uncaught exception: ${error.message}`); ui.writeError(`Safe-chain: Uncaught exception: ${error.message}`);
ui.writeVerbose(`Stack trace: ${error.stack}`); ui.writeVerbose(`Stack trace: ${error.stack}`);
ui.writeBufferedLogsAndStopBuffering();
process.exit(1); process.exit(1);
}); });
@ -31,6 +32,7 @@ export async function main(args) {
if (reason instanceof Error) { if (reason instanceof Error) {
ui.writeVerbose(`Stack trace: ${reason.stack}`); ui.writeVerbose(`Stack trace: ${reason.stack}`);
} }
ui.writeBufferedLogsAndStopBuffering();
process.exit(1); process.exit(1);
}); });
@ -89,6 +91,7 @@ export async function main(args) {
return packageManagerResult.status; return packageManagerResult.status;
} catch (/** @type any */ error) { } catch (/** @type any */ error) {
ui.writeError("Failed to check for malicious packages:", error.message); ui.writeError("Failed to check for malicious packages:", error.message);
ui.writeBufferedLogsAndStopBuffering();
// Returning the exit code back to the caller allows the promise // Returning the exit code back to the caller allows the promise
// to be awaited in the bin files and return the correct exit code // to be awaited in the bin files and return the correct exit code

7
packages/safe-chain/src/packagemanager/pip/runPipCommand.js
View file

@ -8,6 +8,7 @@ import fsSync from "node:fs";
import os from "node:os"; import os from "node:os";
import path from "node:path"; import path from "node:path";
import ini from "ini"; import ini from "ini";
import { spawn } from "child_process";
/** /**
* Checks if this pip invocation should bypass safe-chain and spawn directly. * Checks if this pip invocation should bypass safe-chain and spawn directly.
@ -16,7 +17,7 @@ import ini from "ini";
* @param {string[]} args - The arguments * @param {string[]} args - The arguments
* @returns {boolean} * @returns {boolean}
*/ */
function shouldBypassSafeChain(command, args) { export function shouldBypassSafeChain(command, args) {
if (command === PYTHON_COMMAND || command === PYTHON3_COMMAND) { if (command === PYTHON_COMMAND || command === PYTHON3_COMMAND) {
// Check if args start with -m pip // Check if args start with -m pip
if (args.length >= 2 && args[0] === "-m" && (args[1] === PIP_COMMAND || args[1] === PIP3_COMMAND)) { if (args.length >= 2 && args[0] === "-m" && (args[1] === PIP_COMMAND || args[1] === PIP3_COMMAND)) {
@ -77,14 +78,16 @@ export async function runPip(command, args) {
if (shouldBypassSafeChain(command, args)) { if (shouldBypassSafeChain(command, args)) {
ui.writeVerbose(`Safe-chain: Bypassing safe-chain for non-pip invocation: ${command} ${args.join(" ")}`); ui.writeVerbose(`Safe-chain: Bypassing safe-chain for non-pip invocation: ${command} ${args.join(" ")}`);
// Spawn the ORIGINAL command with ORIGINAL args // Spawn the ORIGINAL command with ORIGINAL args
const { spawn } = await import("child_process");
return new Promise((_resolve) => { return new Promise((_resolve) => {
const proc = spawn(command, args, { stdio: "inherit" }); const proc = spawn(command, args, { stdio: "inherit" });
proc.on("exit", (/** @type {number | null} */ code) => { proc.on("exit", (/** @type {number | null} */ code) => {
ui.writeVerbose(`${command} ${args.join(" ")} exited with status ${code}`);
ui.writeBufferedLogsAndStopBuffering();
process.exit(code ?? 0); process.exit(code ?? 0);
}); });
proc.on("error", (/** @type {Error} */ err) => { proc.on("error", (/** @type {Error} */ err) => {
ui.writeError(`Error executing command: ${err.message}`); ui.writeError(`Error executing command: ${err.message}`);
ui.writeBufferedLogsAndStopBuffering();
process.exit(1); process.exit(1);
}); });
}); });

43
packages/safe-chain/src/packagemanager/pip/runPipCommand.spec.js
View file

@ -7,6 +7,7 @@ import ini from "ini";
describe("runPipCommand environment variable handling", () => { describe("runPipCommand environment variable handling", () => {
let runPip; let runPip;
let shouldBypassSafeChain;
let capturedArgs = null; let capturedArgs = null;
let customEnv = null; let customEnv = null;
let capturedConfigContent = null; // Capture config file content before cleanup let capturedConfigContent = null; // Capture config file content before cleanup
@ -56,6 +57,7 @@ describe("runPipCommand environment variable handling", () => {
const mod = await import("./runPipCommand.js"); const mod = await import("./runPipCommand.js");
runPip = mod.runPip; runPip = mod.runPip;
shouldBypassSafeChain = mod.shouldBypassSafeChain;
}); });
afterEach(() => { afterEach(() => {
@ -66,14 +68,14 @@ describe("runPipCommand environment variable handling", () => {
const res = await runPip("pip3", ["config", "set", "global.index-url", "https://test.pypi.org/simple"]); const res = await runPip("pip3", ["config", "set", "global.index-url", "https://test.pypi.org/simple"]);
assert.strictEqual(res.status, 0); assert.strictEqual(res.status, 0);
assert.ok(capturedArgs, "safeSpawn should have been called"); assert.ok(capturedArgs, "safeSpawn should have been called");
// PIP_CONFIG_FILE should NOT be set for config commands // PIP_CONFIG_FILE should NOT be set for config commands
assert.strictEqual( assert.strictEqual(
capturedArgs.options.env.PIP_CONFIG_FILE, capturedArgs.options.env.PIP_CONFIG_FILE,
undefined, undefined,
"PIP_CONFIG_FILE should NOT be set for pip config commands" "PIP_CONFIG_FILE should NOT be set for pip config commands"
); );
// But CA environment variables should still be set // But CA environment variables should still be set
assert.strictEqual( assert.strictEqual(
capturedArgs.options.env.REQUESTS_CA_BUNDLE, capturedArgs.options.env.REQUESTS_CA_BUNDLE,
@ -96,7 +98,7 @@ describe("runPipCommand environment variable handling", () => {
const res = await runPip("pip3", ["config", "get", "global.index-url"]); const res = await runPip("pip3", ["config", "get", "global.index-url"]);
assert.strictEqual(res.status, 0); assert.strictEqual(res.status, 0);
assert.ok(capturedArgs, "safeSpawn should have been called"); assert.ok(capturedArgs, "safeSpawn should have been called");
assert.strictEqual( assert.strictEqual(
capturedArgs.options.env.PIP_CONFIG_FILE, capturedArgs.options.env.PIP_CONFIG_FILE,
undefined, undefined,
@ -108,7 +110,7 @@ describe("runPipCommand environment variable handling", () => {
const res = await runPip("pip3", ["config", "list"]); const res = await runPip("pip3", ["config", "list"]);
assert.strictEqual(res.status, 0); assert.strictEqual(res.status, 0);
assert.ok(capturedArgs, "safeSpawn should have been called"); assert.ok(capturedArgs, "safeSpawn should have been called");
assert.strictEqual( assert.strictEqual(
capturedArgs.options.env.PIP_CONFIG_FILE, capturedArgs.options.env.PIP_CONFIG_FILE,
undefined, undefined,
@ -120,13 +122,13 @@ describe("runPipCommand environment variable handling", () => {
const res = await runPip("pip3", ["cache", "dir"]); const res = await runPip("pip3", ["cache", "dir"]);
assert.strictEqual(res.status, 0); assert.strictEqual(res.status, 0);
assert.ok(capturedArgs, "safeSpawn should have been called"); assert.ok(capturedArgs, "safeSpawn should have been called");
assert.strictEqual( assert.strictEqual(
capturedArgs.options.env.PIP_CONFIG_FILE, capturedArgs.options.env.PIP_CONFIG_FILE,
undefined, undefined,
"PIP_CONFIG_FILE should NOT be set for pip cache commands" "PIP_CONFIG_FILE should NOT be set for pip cache commands"
); );
// CA env vars should still be set // CA env vars should still be set
assert.strictEqual( assert.strictEqual(
capturedArgs.options.env.SSL_CERT_FILE, capturedArgs.options.env.SSL_CERT_FILE,
@ -139,7 +141,7 @@ describe("runPipCommand environment variable handling", () => {
const res = await runPip("pip3", ["debug"]); const res = await runPip("pip3", ["debug"]);
assert.strictEqual(res.status, 0); assert.strictEqual(res.status, 0);
assert.ok(capturedArgs, "safeSpawn should have been called"); assert.ok(capturedArgs, "safeSpawn should have been called");
assert.strictEqual( assert.strictEqual(
capturedArgs.options.env.PIP_CONFIG_FILE, capturedArgs.options.env.PIP_CONFIG_FILE,
undefined, undefined,
@ -151,7 +153,7 @@ describe("runPipCommand environment variable handling", () => {
const res = await runPip("pip3", ["completion", "--bash"]); const res = await runPip("pip3", ["completion", "--bash"]);
assert.strictEqual(res.status, 0); assert.strictEqual(res.status, 0);
assert.ok(capturedArgs, "safeSpawn should have been called"); assert.ok(capturedArgs, "safeSpawn should have been called");
assert.strictEqual( assert.strictEqual(
capturedArgs.options.env.PIP_CONFIG_FILE, capturedArgs.options.env.PIP_CONFIG_FILE,
undefined, undefined,
@ -181,7 +183,7 @@ describe("runPipCommand environment variable handling", () => {
assert.strictEqual(res.status, 0); assert.strictEqual(res.status, 0);
assert.ok(capturedArgs, "safeSpawn should have been called"); assert.ok(capturedArgs, "safeSpawn should have been called");
// Check environment variables are set // Check environment variables are set
assert.strictEqual( assert.strictEqual(
capturedArgs.options.env.REQUESTS_CA_BUNDLE, capturedArgs.options.env.REQUESTS_CA_BUNDLE,
@ -218,7 +220,7 @@ describe("runPipCommand environment variable handling", () => {
// For default PyPI, we still set env vars; pip CLI --cert takes precedence // For default PyPI, we still set env vars; pip CLI --cert takes precedence
const res = await runPip("pip3", ["install", "requests"]); const res = await runPip("pip3", ["install", "requests"]);
assert.strictEqual(res.status, 0); assert.strictEqual(res.status, 0);
// Environment variables still set (pip CLI --cert takes precedence) // Environment variables still set (pip CLI --cert takes precedence)
assert.strictEqual( assert.strictEqual(
capturedArgs.options.env.REQUESTS_CA_BUNDLE, capturedArgs.options.env.REQUESTS_CA_BUNDLE,
@ -233,7 +235,7 @@ describe("runPipCommand environment variable handling", () => {
it("should preserve HTTPS_PROXY from proxy merge", async () => { it("should preserve HTTPS_PROXY from proxy merge", async () => {
const res = await runPip("pip3", ["install", "requests"]); const res = await runPip("pip3", ["install", "requests"]);
assert.strictEqual(res.status, 0); assert.strictEqual(res.status, 0);
assert.strictEqual( assert.strictEqual(
capturedArgs.options.env.HTTPS_PROXY, capturedArgs.options.env.HTTPS_PROXY,
"http://localhost:8080", "http://localhost:8080",
@ -380,7 +382,7 @@ describe("runPipCommand environment variable handling", () => {
await fs.writeFile(cfgPath, initialIni, "utf-8"); await fs.writeFile(cfgPath, initialIni, "utf-8");
customEnv = { PIP_CONFIG_FILE: cfgPath }; customEnv = { PIP_CONFIG_FILE: cfgPath };
// Capture stdout/stderr // Capture stdout/stderr
let output = ""; let output = "";
const originalWrite = process.stdout.write; const originalWrite = process.stdout.write;
@ -397,4 +399,21 @@ describe("runPipCommand environment variable handling", () => {
assert.ok(output.includes("proxy found in PIP_CONFIG_FILE"), "Should warn about proxy overwrite in output"); assert.ok(output.includes("proxy found in PIP_CONFIG_FILE"), "Should warn about proxy overwrite in output");
customEnv = null; customEnv = null;
}); });
it("should bypass safe-chain for python correctly", async () => {
assert.strictEqual(shouldBypassSafeChain("python", []), true);
assert.strictEqual(shouldBypassSafeChain("python3", []), true);
assert.strictEqual(shouldBypassSafeChain("python", ["--version"]), true);
assert.strictEqual(shouldBypassSafeChain("python3", ["--version"]), true);
assert.strictEqual(shouldBypassSafeChain("python", ["-m", "http.server"]), true);
assert.strictEqual(shouldBypassSafeChain("python3", ["-m", "http.server"]), true);
assert.strictEqual(shouldBypassSafeChain("python", ["-m", "pip"]), false);
assert.strictEqual(shouldBypassSafeChain("python3", ["-m", "pip"]), false);
assert.strictEqual(shouldBypassSafeChain("python", ["-m", "pip3"]), false);
assert.strictEqual(shouldBypassSafeChain("python3", ["-m", "pip3"]), false);
});
}); });

14
packages/safe-chain/src/shell-integration/helpers.js
View file

@ -113,6 +113,20 @@ export function getPackageManagerList() {
return `${tools.join(", ")}, and ${lastTool} commands`; return `${tools.join(", ")}, and ${lastTool} commands`;
} }
/**
* @returns {string}
*/
export function getShimsDir() {
return path.join(os.homedir(), ".safe-chain", "shims");
}
/**
* @returns {string}
*/
export function getScriptsDir() {
return path.join(os.homedir(), ".safe-chain", "scripts");
}
/** /**
* @param {string} executableName * @param {string} executableName
* *

4
packages/safe-chain/src/shell-integration/setup-ci.js
View file

@ -1,6 +1,6 @@
import chalk from "chalk"; import chalk from "chalk";
import { ui } from "../environment/userInteraction.js"; import { ui } from "../environment/userInteraction.js";
import { getPackageManagerList, knownAikidoTools } from "./helpers.js"; import { getPackageManagerList, knownAikidoTools, getShimsDir } from "./helpers.js";
import fs from "fs"; import fs from "fs";
import os from "os"; import os from "os";
import path from "path"; import path from "path";
@ -32,7 +32,7 @@ export async function setupCi() {
); );
ui.emptyLine(); ui.emptyLine();
const shimsDir = path.join(os.homedir(), ".safe-chain", "shims"); const shimsDir = getShimsDir();
const binDir = path.join(os.homedir(), ".safe-chain", "bin"); const binDir = path.join(os.homedir(), ".safe-chain", "bin");
// Create the shims directory if it doesn't exist // Create the shims directory if it doesn't exist
if (!fs.existsSync(shimsDir)) { if (!fs.existsSync(shimsDir)) {

1
packages/safe-chain/src/shell-integration/setup-ci.spec.js
View file

@ -50,6 +50,7 @@ describe("Setup CI shell integration", () => {
{ tool: "yarn", aikidoCommand: "aikido-yarn" }, { tool: "yarn", aikidoCommand: "aikido-yarn" },
], ],
getPackageManagerList: () => "npm, yarn", getPackageManagerList: () => "npm, yarn",
getShimsDir: () => mockShimsDir,
}, },
}); });

7
packages/safe-chain/src/shell-integration/setup.js
View file

@ -1,9 +1,8 @@
import chalk from "chalk"; import chalk from "chalk";
import { ui } from "../environment/userInteraction.js"; import { ui } from "../environment/userInteraction.js";
import { detectShells } from "./shellDetection.js"; import { detectShells } from "./shellDetection.js";
import { knownAikidoTools, getPackageManagerList } from "./helpers.js"; import { knownAikidoTools, getPackageManagerList, getScriptsDir } from "./helpers.js";
import fs from "fs"; import fs from "fs";
import os from "os";
import path from "path"; import path from "path";
import { includePython } from "../config/cliArguments.js"; import { includePython } from "../config/cliArguments.js";
import { fileURLToPath } from "url"; import { fileURLToPath } from "url";
@ -107,10 +106,10 @@ function setupShell(shell) {
function copyStartupFiles() { function copyStartupFiles() {
const startupFiles = ["init-posix.sh", "init-pwsh.ps1", "init-fish.fish"]; const startupFiles = ["init-posix.sh", "init-pwsh.ps1", "init-fish.fish"];
const targetDir = getScriptsDir();
for (const file of startupFiles) { for (const file of startupFiles) {
const targetDir = path.join(os.homedir(), ".safe-chain", "scripts"); const targetPath = path.join(targetDir, file);
const targetPath = path.join(os.homedir(), ".safe-chain", "scripts", file);
if (!fs.existsSync(targetDir)) { if (!fs.existsSync(targetDir)) {
fs.mkdirSync(targetDir, { recursive: true }); fs.mkdirSync(targetDir, { recursive: true });

44
packages/safe-chain/src/shell-integration/teardown.js
View file

@ -1,7 +1,8 @@
import chalk from "chalk"; import chalk from "chalk";
import { ui } from "../environment/userInteraction.js"; import { ui } from "../environment/userInteraction.js";
import { detectShells } from "./shellDetection.js"; import { detectShells } from "./shellDetection.js";
import { knownAikidoTools, getPackageManagerList } from "./helpers.js"; import { knownAikidoTools, getPackageManagerList, getShimsDir, getScriptsDir } from "./helpers.js";
import fs from "fs";
/** /**
* @returns {Promise<void>} * @returns {Promise<void>}
@ -62,3 +63,44 @@ export async function teardown() {
return; return;
} }
} }
/**
* Removes directories created by setup-ci and setup commands
* @returns {Promise<void>}
*/
export async function teardownDirectories() {
const shimsDir = getShimsDir();
const scriptsDir = getScriptsDir();
// Remove CI shims directory
if (fs.existsSync(shimsDir)) {
try {
fs.rmSync(shimsDir, { recursive: true, force: true });
ui.writeInformation(
`${chalk.bold("- CI Shims:")} ${chalk.green("Removed successfully")}`
);
} catch (/** @type {any} */ error) {
ui.writeError(
`${chalk.bold("- CI Shims:")} ${chalk.red(
"Failed to remove"
)}. Error: ${error.message}`
);
}
}
// Remove scripts directory
if (fs.existsSync(scriptsDir)) {
try {
fs.rmSync(scriptsDir, { recursive: true, force: true });
ui.writeInformation(
`${chalk.bold("- Scripts:")} ${chalk.green("Removed successfully")}`
);
} catch (/** @type {any} */ error) {
ui.writeError(
`${chalk.bold("- Scripts:")} ${chalk.red(
"Failed to remove"
)}. Error: ${error.message}`
);
}
}
}

99
test/e2e/teardown-dirs.e2e.spec.js Normal file
View file

@ -0,0 +1,99 @@
import { describe, it, before, beforeEach, afterEach } from "node:test";
import { DockerTestContainer } from "./DockerTestContainer.js";
import assert from "node:assert";
describe("E2E: safe-chain teardown command", () => {
let container;
before(async () => {
DockerTestContainer.buildImage();
});
beforeEach(async () => {
container = new DockerTestContainer();
await container.start();
});
afterEach(async () => {
if (container) {
await container.stop();
container = null;
}
});
it("safe-chain teardown removes shims directory created by setup-ci", async () => {
const shell = await container.openShell("bash");
// Run setup-ci
await shell.runCommand("safe-chain setup-ci");
// Verify shims directory exists
const checkShimsExist = await shell.runCommand("test -d ~/.safe-chain/shims && echo 'exists' || echo 'missing'");
assert.ok(checkShimsExist.output.includes("exists"), "Shims directory should exist after setup-ci");
// Run teardown
await shell.runCommand("safe-chain teardown");
// Verify shims directory is gone
const checkShimsGone = await shell.runCommand("test -d ~/.safe-chain/shims && echo 'exists' || echo 'missing'");
assert.ok(checkShimsGone.output.includes("missing"), "Shims directory should be removed after teardown");
});
it("safe-chain teardown removes scripts directory created by setup", async () => {
const shell = await container.openShell("bash");
// Run setup
await shell.runCommand("safe-chain setup");
// Verify scripts directory exists
const checkScriptsExist = await shell.runCommand("test -d ~/.safe-chain/scripts && echo 'exists' || echo 'missing'");
assert.ok(checkScriptsExist.output.includes("exists"), "Scripts directory should exist after setup");
// Run teardown
await shell.runCommand("safe-chain teardown");
// Verify scripts directory is gone
const checkScriptsGone = await shell.runCommand("test -d ~/.safe-chain/scripts && echo 'exists' || echo 'missing'");
assert.ok(checkScriptsGone.output.includes("missing"), "Scripts directory should be removed after teardown");
});
it("safe-chain teardown removes shims directory created by setup-ci --include-python", async () => {
const shell = await container.openShell("bash");
// Run setup-ci with --include-python
await shell.runCommand("safe-chain setup-ci --include-python");
// Verify shims directory exists
const checkShimsExist = await shell.runCommand("test -d ~/.safe-chain/shims && echo 'exists' || echo 'missing'");
assert.ok(checkShimsExist.output.includes("exists"), "Shims directory should exist after setup-ci --include-python");
// Verify Python shims were created
const checkPythonShims = await shell.runCommand("test -f ~/.safe-chain/shims/pip && echo 'exists' || echo 'missing'");
assert.ok(checkPythonShims.output.includes("exists"), "Python shims should exist after setup-ci --include-python");
// Run teardown
await shell.runCommand("safe-chain teardown");
// Verify shims directory is gone
const checkShimsGone = await shell.runCommand("test -d ~/.safe-chain/shims && echo 'exists' || echo 'missing'");
assert.ok(checkShimsGone.output.includes("missing"), "Shims directory should be removed after teardown");
});
it("safe-chain teardown removes scripts directory created by setup --include-python", async () => {
const shell = await container.openShell("bash");
// Run setup with --include-python
await shell.runCommand("safe-chain setup --include-python");
// Verify scripts directory exists
const checkScriptsExist = await shell.runCommand("test -d ~/.safe-chain/scripts && echo 'exists' || echo 'missing'");
assert.ok(checkScriptsExist.output.includes("exists"), "Scripts directory should exist after setup --include-python");
// Run teardown
await shell.runCommand("safe-chain teardown");
// Verify scripts directory is gone
const checkScriptsGone = await shell.runCommand("test -d ~/.safe-chain/scripts && echo 'exists' || echo 'missing'");
assert.ok(checkScriptsGone.output.includes("missing"), "Scripts directory should be removed after teardown");
});
});