Merge branch 'main' into feature/poetry-2

packages/safe-chain/src/packagemanager/pip/runPipCommand.js

@@ -46,6 +46,9 @@ function setFallbackCaBundleEnvironmentVariables(env, combinedCaPath) {
  * If the user has an existing PIP_CONFIG_FILE, a new temporary config is created that merges
  * their settings with safe-chain's, leaving the original file unchanged.
  * 
+ * Special handling for commands that modify config/cache/state: PIP_CONFIG_FILE is NOT overridden to allow
+ * users to read/write persistent config. Only CA environment variables are set for these commands.
+ * 
  * @param {string} command - The pip command to execute (e.g., 'pip3')
  * @param {string[]} args - Command line arguments to pass to pip
  * @returns {Promise<{status: number}>} Exit status of the pip command
@@ -59,6 +62,12 @@ export async function runPip(command, args) {
     // validates correctly under both MITM'd and tunneled HTTPS.
     const combinedCaPath = getCombinedCaBundlePath();
 
+    // Commands that need access to persistent config/cache/state files
+    // These should not have PIP_CONFIG_FILE overridden as it would prevent them from
+    // reading/writing to the user's actual pip configuration and cache directories
+    const configRelatedCommands = ['config', 'cache', 'debug', 'completion'];
+    const isConfigRelatedCommand = args.length > 0 && configRelatedCommands.includes(args[0]);
+
     // https://pip.pypa.io/en/stable/topics/https-certificates/ explains that the 'cert' param (which we're providing via INI file)
     // will tell pip to use the provided CA bundle for HTTPS verification.
 
@@ -70,6 +79,22 @@ export async function runPip(command, args) {
     const pipConfigPath = path.join(tmpDir, `safe-chain-pip-${Date.now()}.ini`);
     let cleanupConfigPath = null; // Track temp file for cleanup
 
+    if (isConfigRelatedCommand) {
+      ui.writeVerbose(`Safe-chain: Skipping PIP_CONFIG_FILE override for 'pip ${args[0]}' command to allow persistent config/cache access.`);
+      
+      // Still set the fallback CA bundle environment variables to avoid edge cases where a 
+      // plugin or extension triggers a network call during config introspection
+      // This can do no harm
+      setFallbackCaBundleEnvironmentVariables(env, combinedCaPath);
+      
+      const result = await safeSpawn(command, args, {
+        stdio: "inherit",
+        env,
+      });
+
+      return { status: result.status };
+    }
+
     // Note: Setting PIP_CONFIG_FILE overrides all pip config levels (Global/User/Site) per pip's loading order
     if (!env.PIP_CONFIG_FILE) {
       /** @type {{ global: { cert: string, proxy?: string } }} */

packages/safe-chain/src/packagemanager/pip/runPipCommand.spec.js

@@ -62,6 +62,103 @@ describe("runPipCommand environment variable handling", () => {
     mock.reset();
   });
 
+  it("should NOT set PIP_CONFIG_FILE for 'pip config' commands to allow persistent config access", async () => {
+    const res = await runPip("pip3", ["config", "set", "global.index-url", "https://test.pypi.org/simple"]);
+    assert.strictEqual(res.status, 0);
+    assert.ok(capturedArgs, "safeSpawn should have been called");
+    
+    // PIP_CONFIG_FILE should NOT be set for config commands
+    assert.strictEqual(
+      capturedArgs.options.env.PIP_CONFIG_FILE,
+      undefined,
+      "PIP_CONFIG_FILE should NOT be set for pip config commands"
+    );
+    
+    // But CA environment variables should still be set
+    assert.strictEqual(
+      capturedArgs.options.env.REQUESTS_CA_BUNDLE,
+      "/tmp/test-combined-ca.pem",
+      "REQUESTS_CA_BUNDLE should still be set"
+    );
+    assert.strictEqual(
+      capturedArgs.options.env.SSL_CERT_FILE,
+      "/tmp/test-combined-ca.pem",
+      "SSL_CERT_FILE should still be set"
+    );
+    assert.strictEqual(
+      capturedArgs.options.env.PIP_CERT,
+      "/tmp/test-combined-ca.pem",
+      "PIP_CERT should still be set"
+    );
+  });
+
+  it("should NOT set PIP_CONFIG_FILE for 'pip config get' commands", async () => {
+    const res = await runPip("pip3", ["config", "get", "global.index-url"]);
+    assert.strictEqual(res.status, 0);
+    assert.ok(capturedArgs, "safeSpawn should have been called");
+    
+    assert.strictEqual(
+      capturedArgs.options.env.PIP_CONFIG_FILE,
+      undefined,
+      "PIP_CONFIG_FILE should NOT be set for pip config get"
+    );
+  });
+
+  it("should NOT set PIP_CONFIG_FILE for 'pip config list' commands", async () => {
+    const res = await runPip("pip3", ["config", "list"]);
+    assert.strictEqual(res.status, 0);
+    assert.ok(capturedArgs, "safeSpawn should have been called");
+    
+    assert.strictEqual(
+      capturedArgs.options.env.PIP_CONFIG_FILE,
+      undefined,
+      "PIP_CONFIG_FILE should NOT be set for pip config list"
+    );
+  });
+
+  it("should NOT set PIP_CONFIG_FILE for 'pip cache' commands", async () => {
+    const res = await runPip("pip3", ["cache", "dir"]);
+    assert.strictEqual(res.status, 0);
+    assert.ok(capturedArgs, "safeSpawn should have been called");
+    
+    assert.strictEqual(
+      capturedArgs.options.env.PIP_CONFIG_FILE,
+      undefined,
+      "PIP_CONFIG_FILE should NOT be set for pip cache commands"
+    );
+    
+    // CA env vars should still be set
+    assert.strictEqual(
+      capturedArgs.options.env.SSL_CERT_FILE,
+      "/tmp/test-combined-ca.pem",
+      "SSL_CERT_FILE should still be set"
+    );
+  });
+
+  it("should NOT set PIP_CONFIG_FILE for 'pip debug' commands", async () => {
+    const res = await runPip("pip3", ["debug"]);
+    assert.strictEqual(res.status, 0);
+    assert.ok(capturedArgs, "safeSpawn should have been called");
+    
+    assert.strictEqual(
+      capturedArgs.options.env.PIP_CONFIG_FILE,
+      undefined,
+      "PIP_CONFIG_FILE should NOT be set for pip debug"
+    );
+  });
+
+  it("should NOT set PIP_CONFIG_FILE for 'pip completion' commands", async () => {
+    const res = await runPip("pip3", ["completion", "--bash"]);
+    assert.strictEqual(res.status, 0);
+    assert.ok(capturedArgs, "safeSpawn should have been called");
+    
+    assert.strictEqual(
+      capturedArgs.options.env.PIP_CONFIG_FILE,
+      undefined,
+      "PIP_CONFIG_FILE should NOT be set for pip completion"
+    );
+  });
+
   it("should set PIP_CERT env var and create config file", async () => {
     const res = await runPip("pip3", ["install", "requests"]);
     assert.strictEqual(res.status, 0);

packages/safe-chain/src/registryProxy/mitmRequestHandler.js

@@ -117,14 +117,16 @@ function forwardRequest(req, hostname, res, requestHandler) {
 
   proxyReq.on("error", (err) => {
     ui.writeVerbose(
-      `Safe-chain: Error occurred while proxying request: ${err.message}`
+      `Safe-chain: Error occurred while proxying request to ${req.url} for ${hostname}: ${err.message}`
     );
     res.writeHead(502);
     res.end("Bad Gateway");
   });
 
   req.on("error", (err) => {
-    ui.writeError(`Safe-chain: Error reading client request: ${err.message}`);
+    ui.writeError(
+      `Safe-chain: Error reading client request to ${req.url} for ${hostname}: ${err.message}`
+    );
     proxyReq.destroy();
   });
 
@@ -175,7 +177,7 @@ function createProxyRequest(hostname, req, res, requestHandler) {
   const proxyReq = https.request(options, (proxyRes) => {
     proxyRes.on("error", (err) => {
       ui.writeError(
-        `Safe-chain: Error reading upstream response: ${err.message}`
+        `Safe-chain: Error reading upstream response to ${req.url} for ${hostname}: ${err.message}`
       );
       if (!res.headersSent) {
         res.writeHead(502);
@@ -184,7 +186,9 @@ function createProxyRequest(hostname, req, res, requestHandler) {
     });
 
     if (!proxyRes.statusCode) {
-      ui.writeError("Safe-chain: Proxy response missing status code");
+      ui.writeError(
+        `Safe-chain: Proxy response missing status code to ${req.url} for ${hostname}`
+      );
       res.writeHead(500);
       res.end("Internal Server Error");
       return;

packages/safe-chain/src/shell-integration/helpers.js

@@ -9,25 +9,91 @@ import { ECOSYSTEM_JS, ECOSYSTEM_PY } from "../config/settings.js";
  * @property {string} tool
  * @property {string} aikidoCommand
  * @property {string} ecoSystem
+ * @property {string} internalPackageManagerName
  */
 
 /**
  * @type {AikidoTool[]}
  */
 export const knownAikidoTools = [
-  { tool: "npm", aikidoCommand: "aikido-npm", ecoSystem: ECOSYSTEM_JS },
-  { tool: "npx", aikidoCommand: "aikido-npx", ecoSystem: ECOSYSTEM_JS },
-  { tool: "yarn", aikidoCommand: "aikido-yarn", ecoSystem: ECOSYSTEM_JS },
-  { tool: "pnpm", aikidoCommand: "aikido-pnpm", ecoSystem: ECOSYSTEM_JS },
-  { tool: "pnpx", aikidoCommand: "aikido-pnpx", ecoSystem: ECOSYSTEM_JS },
-  { tool: "bun", aikidoCommand: "aikido-bun", ecoSystem: ECOSYSTEM_JS },
-  { tool: "bunx", aikidoCommand: "aikido-bunx", ecoSystem: ECOSYSTEM_JS },
-  { tool: "uv", aikidoCommand: "aikido-uv", ecoSystem: ECOSYSTEM_PY },
-  { tool: "pip", aikidoCommand: "aikido-pip", ecoSystem: ECOSYSTEM_PY },
-  { tool: "pip3", aikidoCommand: "aikido-pip3", ecoSystem: ECOSYSTEM_PY },
-  { tool: "poetry", aikidoCommand: "aikido-poetry", ecoSystem: ECOSYSTEM_PY },
-  { tool: "python", aikidoCommand: "aikido-python", ecoSystem: ECOSYSTEM_PY },
-  { tool: "python3", aikidoCommand: "aikido-python3", ecoSystem: ECOSYSTEM_PY },
+  {
+    tool: "npm",
+    aikidoCommand: "aikido-npm",
+    ecoSystem: ECOSYSTEM_JS,
+    internalPackageManagerName: "npm",
+  },
+  {
+    tool: "npx",
+    aikidoCommand: "aikido-npx",
+    ecoSystem: ECOSYSTEM_JS,
+    internalPackageManagerName: "npx",
+  },
+  {
+    tool: "yarn",
+    aikidoCommand: "aikido-yarn",
+    ecoSystem: ECOSYSTEM_JS,
+    internalPackageManagerName: "yarn",
+  },
+  {
+    tool: "pnpm",
+    aikidoCommand: "aikido-pnpm",
+    ecoSystem: ECOSYSTEM_JS,
+    internalPackageManagerName: "pnpm",
+  },
+  {
+    tool: "pnpx",
+    aikidoCommand: "aikido-pnpx",
+    ecoSystem: ECOSYSTEM_JS,
+    internalPackageManagerName: "pnpx",
+  },
+  {
+    tool: "bun",
+    aikidoCommand: "aikido-bun",
+    ecoSystem: ECOSYSTEM_JS,
+    internalPackageManagerName: "bun",
+  },
+  {
+    tool: "bunx",
+    aikidoCommand: "aikido-bunx",
+    ecoSystem: ECOSYSTEM_JS,
+    internalPackageManagerName: "bunx",
+  },
+  {
+    tool: "uv",
+    aikidoCommand: "aikido-uv",
+    ecoSystem: ECOSYSTEM_PY,
+    internalPackageManagerName: "uv",
+  },
+  {
+    tool: "pip",
+    aikidoCommand: "aikido-pip",
+    ecoSystem: ECOSYSTEM_PY,
+    internalPackageManagerName: "pip",
+  },
+  {
+    tool: "pip3",
+    aikidoCommand: "aikido-pip3",
+    ecoSystem: ECOSYSTEM_PY,
+    internalPackageManagerName: "pip",
+  },
+  {
+    tool: "poetry",
+    aikidoCommand: "aikido-poetry",
+    ecoSystem: ECOSYSTEM_PY,
+    internalPackageManagerName: "pip",
+  },
+  {
+    tool: "python",
+    aikidoCommand: "aikido-python",
+    ecoSystem: ECOSYSTEM_PY,
+    internalPackageManagerName: "pip",
+  },
+  {
+    tool: "python3",
+    aikidoCommand: "aikido-python3",
+    ecoSystem: ECOSYSTEM_PY,
+    internalPackageManagerName: "pip",
+  },
   // When adding a new tool here, also update the documentation for the new tool in the README.md
 ];
 

packages/safe-chain/src/shell-integration/path-wrappers/templates/unix-wrapper.template.sh

@@ -7,9 +7,9 @@ remove_shim_from_path() {
     echo "$PATH" | sed "s|$HOME/.safe-chain/shims:||g"
 }
 
-if command -v {{AIKIDO_COMMAND}} >/dev/null 2>&1; then
+if command -v safe-chain >/dev/null 2>&1; then
   # Remove shim directory from PATH when calling {{AIKIDO_COMMAND}} to prevent infinite loops
-  PATH=$(remove_shim_from_path) exec {{AIKIDO_COMMAND}} "$@"
+  PATH=$(remove_shim_from_path) exec safe-chain {{PACKAGE_MANAGER}} "$@"
 else
   # Dynamically find original {{PACKAGE_MANAGER}} (excluding this shim directory)
   original_cmd=$(PATH=$(remove_shim_from_path) command -v {{PACKAGE_MANAGER}})

packages/safe-chain/src/shell-integration/path-wrappers/templates/windows-wrapper.template.cmd

@@ -7,10 +7,10 @@ set "SHIM_DIR=%USERPROFILE%\.safe-chain\shims"
 call set "CLEAN_PATH=%%PATH:%SHIM_DIR%;=%%"
 
 REM Check if aikido command is available with clean PATH
-set "PATH=%CLEAN_PATH%" & where {{AIKIDO_COMMAND}} >nul 2>&1
+set "PATH=%CLEAN_PATH%" & where safe-chain >nul 2>&1
 if %errorlevel%==0 (
     REM Call aikido command with clean PATH
-    set "PATH=%CLEAN_PATH%" & {{AIKIDO_COMMAND}} %*
+    set "PATH=%CLEAN_PATH%" & safe-chain {{PACKAGE_MANAGER}} %*
 ) else (
     REM Find the original command with clean PATH
     for /f "tokens=*" %%i in ('set "PATH=%CLEAN_PATH%" ^& where {{PACKAGE_MANAGER}} 2^>nul') do (

packages/safe-chain/src/shell-integration/setup-ci.js

@@ -8,6 +8,20 @@ import { fileURLToPath } from "url";
 import { includePython } from "../config/cliArguments.js";
 import { ECOSYSTEM_PY } from "../config/settings.js";
 
+/** @type {string} */
+// This checks the current file's dirname in a way that's compatible with:
+//  - Modulejs (import.meta.url)
+//  - ES modules (__dirname)
+// This is needed because safe-chain's npm package is built using ES modules,
+// but building the binaries requires commonjs.
+let dirname;
+if (import.meta.url) {
+  const filename = fileURLToPath(import.meta.url);
+  dirname = path.dirname(filename);
+} else {
+  dirname = __dirname;
+}
+
 /**
  * Loops over the detected shells and calls the setup function for each.
  */
@@ -19,6 +33,7 @@ export async function setupCi() {
   ui.emptyLine();
 
   const shimsDir = path.join(os.homedir(), ".safe-chain", "shims");
+  const binDir = path.join(os.homedir(), ".safe-chain", "bin");
   // Create the shims directory if it doesn't exist
   if (!fs.existsSync(shimsDir)) {
     fs.mkdirSync(shimsDir, { recursive: true });
@@ -26,7 +41,7 @@ export async function setupCi() {
 
   createShims(shimsDir);
   ui.writeInformation(`Created shims in ${shimsDir}`);
-  modifyPathForCi(shimsDir);
+  modifyPathForCi(shimsDir, binDir);
   ui.writeInformation(`Added shims directory to PATH for CI environments.`);
 }
 
@@ -37,10 +52,8 @@ export async function setupCi() {
  */
 function createUnixShims(shimsDir) {
   // Read the template file
-  const __filename = fileURLToPath(import.meta.url);
-  const __dirname = path.dirname(__filename);
   const templatePath = path.resolve(
-    __dirname,
+    dirname,
     "path-wrappers",
     "templates",
     "unix-wrapper.template.sh"
@@ -78,10 +91,8 @@ function createUnixShims(shimsDir) {
  */
 function createWindowsShims(shimsDir) {
   // Read the template file
-  const __filename = fileURLToPath(import.meta.url);
-  const __dirname = path.dirname(__filename);
   const templatePath = path.resolve(
-    __dirname,
+    dirname,
     "path-wrappers",
     "templates",
     "windows-wrapper.template.cmd"
@@ -124,13 +135,18 @@ function createShims(shimsDir) {
 
 /**
  * @param {string} shimsDir
+ * @param {string} binDir
  *
  * @returns {void}
  */
-function modifyPathForCi(shimsDir) {
+function modifyPathForCi(shimsDir, binDir) {
   if (process.env.GITHUB_PATH) {
     // In GitHub Actions, append the shims directory to GITHUB_PATH
-    fs.appendFileSync(process.env.GITHUB_PATH, shimsDir + os.EOL, "utf-8");
+    fs.appendFileSync(
+      process.env.GITHUB_PATH,
+      shimsDir + os.EOL + binDir + os.EOL,
+      "utf-8"
+    );
     ui.writeInformation(
       `Added shims directory to GITHUB_PATH for GitHub Actions.`
     );
@@ -141,6 +157,7 @@ function modifyPathForCi(shimsDir) {
     //  ##vso[task.prependpath]/path/to/add
     // Logging this to stdout will cause the Azure Pipelines agent to pick it up
     ui.writeInformation("##vso[task.prependpath]" + shimsDir);
+    ui.writeInformation("##vso[task.prependpath]" + binDir);
   }
 }
 

packages/safe-chain/src/shell-integration/setup.js

@@ -5,8 +5,22 @@ import { knownAikidoTools, getPackageManagerList } from "./helpers.js";
 import fs from "fs";
 import os from "os";
 import path from "path";
-import { fileURLToPath } from "url";
 import { includePython } from "../config/cliArguments.js";
+import { fileURLToPath } from "url";
+
+/** @type {string} */
+// This checks the current file's dirname in a way that's compatible with:
+//  - Modulejs (import.meta.url)
+//  - ES modules (__dirname)
+// This is needed because safe-chain's npm package is built using ES modules,
+// but building the binaries requires commonjs.
+let dirname;
+if (import.meta.url) {
+  const filename = fileURLToPath(import.meta.url);
+  dirname = path.dirname(filename);
+} else {
+  dirname = __dirname;
+}
 
 /**
  * Loops over the detected shells and calls the setup function for each.
@@ -103,10 +117,8 @@ function copyStartupFiles() {
     }
 
     // Use absolute path for source
-    const __filename = fileURLToPath(import.meta.url);
-    const __dirname = path.dirname(__filename);
-    const sourcePath = path.resolve(
-      __dirname,
+    const sourcePath = path.join(
+      dirname,
       includePython() ? "startup-scripts/include-python" : "startup-scripts",
       file
     );

packages/safe-chain/src/shell-integration/startup-scripts/include-python/init-fish.fish

@@ -1,3 +1,71 @@
+set -gx PATH $PATH $HOME/.safe-chain/bin
+
+function npx
+    wrapSafeChainCommand "npx" $argv
+end
+
+function yarn
+    wrapSafeChainCommand "yarn" $argv
+end
+
+function pnpm
+    wrapSafeChainCommand "pnpm" $argv
+end
+
+function pnpx
+    wrapSafeChainCommand "pnpx" $argv
+end
+
+function bun
+    wrapSafeChainCommand "bun" $argv
+end
+
+function bunx
+    wrapSafeChainCommand "bunx" $argv
+end
+
+function npm
+    # If args is just -v or --version and nothing else, just run the `npm -v` command
+    # This is because nvm uses this to check the version of npm
+    set argc (count $argv)
+    if test $argc -eq 1
+        switch $argv[1]
+            case "-v" "--version"
+                command npm $argv
+                return
+        end
+    end
+
+    wrapSafeChainCommand "npm" $argv
+end
+
+
+function pip
+    wrapSafeChainCommand "pip" $argv
+end
+
+function pip3
+    wrapSafeChainCommand "pip3" $argv
+end
+
+function uv
+    wrapSafeChainCommand "uv" $argv
+end
+
+function poetry
+    wrapSafeChainCommand "poetry" $argv
+end
+
+# `python -m pip`, `python -m pip3`.
+function python
+    wrapSafeChainCommand "python" $argv
+end
+
+# `python3 -m pip`, `python3 -m pip3'.
+function python3
+    wrapSafeChainCommand "python3" $argv
+end
+
 function printSafeChainWarning
     set original_cmd $argv[1]
     
@@ -17,80 +85,14 @@ end
 
 function wrapSafeChainCommand
     set original_cmd $argv[1]
-    set aikido_cmd $argv[2]
-    set cmd_args $argv[3..-1]
-    
-    if type -q $aikido_cmd
-        # If the aikido command is available, just run it with the provided arguments
-        $aikido_cmd $cmd_args
+    set cmd_args $argv[2..-1]
+
+    if type -q safe-chain
+        # If the safe-chain command is available, just run it with the provided arguments
+        safe-chain $original_cmd $cmd_args
     else
-        # If the aikido command is not available, print a warning and run the original command
+        # If the safe-chain command is not available, print a warning and run the original command
         printSafeChainWarning $original_cmd
         command $original_cmd $cmd_args
     end
 end
-
-function npx
-    wrapSafeChainCommand "npx" "aikido-npx" $argv
-end
-
-function yarn
-    wrapSafeChainCommand "yarn" "aikido-yarn" $argv
-end
-
-function pnpm
-    wrapSafeChainCommand "pnpm" "aikido-pnpm" $argv
-end
-
-function pnpx
-    wrapSafeChainCommand "pnpx" "aikido-pnpx" $argv
-end
-
-function bun
-    wrapSafeChainCommand "bun" "aikido-bun" $argv
-end
-
-function bunx
-    wrapSafeChainCommand "bunx" "aikido-bunx" $argv
-end
-
-function npm
-    # If args is just -v or --version and nothing else, just run the `npm -v` command
-    # This is because nvm uses this to check the version of npm
-    set argc (count $argv)
-    if test $argc -eq 1
-        switch $argv[1]
-            case "-v" "--version"
-                command npm $argv
-                return
-        end
-    end
-
-    wrapSafeChainCommand "npm" "aikido-npm" $argv
-end
-
-function pip
-    wrapSafeChainCommand "pip" "aikido-pip" $argv
-end
-
-function pip3
-    wrapSafeChainCommand "pip3" "aikido-pip3" $argv
-end
-
-function uv
-    wrapSafeChainCommand "uv" "aikido-uv" $argv
-end
-
-function poetry
-    wrapSafeChainCommand "poetry" "aikido-poetry" $argv
-end
-
-# `python -m pip`, `python -m pip3`.
-function python
-    wrapSafeChainCommand "python" "aikido-python" $argv
-end
-
-# `python3 -m pip`, `python3 -m pip3'.
-function python3
-    wrapSafeChainCommand "python3" "aikido-python3" $argv
-end

packages/safe-chain/src/shell-integration/startup-scripts/include-python/init-posix.sh

@@ -1,3 +1,66 @@
+export PATH="$PATH:$HOME/.safe-chain/bin"
+
+function npx() {
+  wrapSafeChainCommand "npx" "$@"
+}
+
+function yarn() {
+  wrapSafeChainCommand "yarn" "$@"
+}
+
+function pnpm() {
+  wrapSafeChainCommand "pnpm" "$@"
+}
+
+function pnpx() {
+  wrapSafeChainCommand "pnpx" "$@"
+}
+
+function bun() {
+  wrapSafeChainCommand "bun" "$@"
+}
+
+function bunx() {
+  wrapSafeChainCommand "bunx" "$@"
+}
+
+function npm() {
+  if [[ "$1" == "-v" || "$1" == "--version" ]] && [[ $# -eq 1 ]]; then
+    # If args is just -v or --version and nothing else, just run the npm version command
+    # This is because nvm uses this to check the version of npm
+    command npm "$@"
+    return
+  fi
+
+  wrapSafeChainCommand "npm" "$@"
+}
+
+
+function pip() {
+  wrapSafeChainCommand "pip" "$@"
+}
+
+function pip3() {
+  wrapSafeChainCommand "pip3" "$@"
+}
+
+function uv() {
+  wrapSafeChainCommand "uv" "$@"
+}
+
+function poetry() {
+  wrapSafeChainCommand "poetry" "$@"
+}
+
+# `python -m pip`, `python -m pip3`.
+function python() {
+  wrapSafeChainCommand "python" "$@"
+}
+
+# `python3 -m pip`, `python3 -m pip3'.
+function python3() {
+  wrapSafeChainCommand "python3" "$@"
+}
 
 function printSafeChainWarning() {
   # \033[43;30m is used to set the background color to yellow and text color to black
@@ -9,15 +72,10 @@ function printSafeChainWarning() {
 
 function wrapSafeChainCommand() {
   local original_cmd="$1"
-  local aikido_cmd="$2"
 
-  # Remove the first 2 arguments (original_cmd and aikido_cmd) from $@
-  # so that "$@" now contains only the arguments passed to the original command
-  shift 2
-
-  if command -v "$aikido_cmd" > /dev/null 2>&1; then
+  if command -v safe-chain > /dev/null 2>&1; then
     # If the aikido command is available, just run it with the provided arguments
-    "$aikido_cmd" "$@"
+    safe-chain "$@"
   else
     # If the aikido command is not available, print a warning and run the original command
     printSafeChainWarning "$original_cmd"
@@ -25,64 +83,3 @@ function wrapSafeChainCommand() {
     command "$original_cmd" "$@"
   fi
 }
-
-function npx() {
-  wrapSafeChainCommand "npx" "aikido-npx" "$@"
-}
-
-function yarn() {
-  wrapSafeChainCommand "yarn" "aikido-yarn" "$@"
-}
-
-function pnpm() {
-  wrapSafeChainCommand "pnpm" "aikido-pnpm" "$@"
-}
-
-function pnpx() {
-  wrapSafeChainCommand "pnpx" "aikido-pnpx" "$@"
-}
-
-function bun() {
-  wrapSafeChainCommand "bun" "aikido-bun" "$@"
-}
-
-function bunx() {
-  wrapSafeChainCommand "bunx" "aikido-bunx" "$@"
-}
-
-function npm() {
-  if [[ "$1" == "-v" || "$1" == "--version" ]] && [[ $# -eq 1 ]]; then
-    # If args is just -v or --version and nothing else, just run the npm version command
-    # This is because nvm uses this to check the version of npm
-    command npm "$@"
-    return
-  fi
-
-  wrapSafeChainCommand "npm" "aikido-npm" "$@"
-}
-
-function pip() {
-  wrapSafeChainCommand "pip" "aikido-pip" "$@"
-}
-
-function pip3() {
-  wrapSafeChainCommand "pip3" "aikido-pip3" "$@"
-}
-
-function uv() {
-  wrapSafeChainCommand "uv" "aikido-uv" "$@"
-}
-
-function poetry() {
-  wrapSafeChainCommand "poetry" "aikido-poetry" "$@"
-}
-
-# `python -m pip`, `python -m pip3`.
-function python() {
-  wrapSafeChainCommand "python" "aikido-python" "$@"
-}
-
-# `python3 -m pip`, `python3 -m pip3'.
-function python3() {
-  wrapSafeChainCommand "python3" "aikido-python3" "$@"
-}

packages/safe-chain/src/shell-integration/startup-scripts/include-python/init-pwsh.ps1

@@ -1,3 +1,70 @@
+# Use cross-platform path separator (: on Unix, ; on Windows)
+$pathSeparator = if ($IsWindows) { ';' } else { ':' }
+$safeChainBin = Join-Path $HOME '.safe-chain' 'bin'
+$env:PATH = "$env:PATH$pathSeparator$safeChainBin"
+
+function npx {
+    Invoke-WrappedCommand "npx" $args
+}
+
+function yarn {
+    Invoke-WrappedCommand "yarn" $args
+}
+
+function pnpm {
+    Invoke-WrappedCommand "pnpm" $args
+}
+
+function pnpx {
+    Invoke-WrappedCommand "pnpx" $args
+}
+
+function bun {
+    Invoke-WrappedCommand "bun" $args
+}
+
+function bunx {
+    Invoke-WrappedCommand "bunx" $args
+}
+
+function npm {
+    # If args is just -v or --version and nothing else, just run the npm version command
+    # This is because nvm uses this to check the version of npm
+    if (($args.Length -eq 1) -and (($args[0] -eq "-v") -or ($args[0] -eq "--version"))) {
+        Invoke-RealCommand "npm" $args
+        return
+    }
+
+    Invoke-WrappedCommand "npm" $args
+}
+
+function pip {
+    Invoke-WrappedCommand "pip" $args
+}
+
+function pip3 {
+    Invoke-WrappedCommand "pip3" $args
+}
+
+function uv {
+    Invoke-WrappedCommand "uv" $args
+}
+
+function poetry {
+    Invoke-WrappedCommand "poetry" $args
+}
+
+# `python -m pip`, `python -m pip3`.
+function python {
+    Invoke-WrappedCommand 'python' $args
+}
+
+# `python3 -m pip`, `python3 -m pip3'.
+function python3 {
+    Invoke-WrappedCommand 'python3' $args
+}
+
+
 function Write-SafeChainWarning {
     param([string]$Command)
     
@@ -39,77 +106,14 @@ function Invoke-RealCommand {
 function Invoke-WrappedCommand {
     param(
         [string]$OriginalCmd,
-        [string]$AikidoCmd,
         [string[]]$Arguments
     )
 
-    if (Test-CommandAvailable $AikidoCmd) {
-        & $AikidoCmd @Arguments
+    if (Test-CommandAvailable "safe-chain") {
+        & safe-chain $OriginalCmd @Arguments
     }
     else {
         Write-SafeChainWarning $OriginalCmd
         Invoke-RealCommand $OriginalCmd $Arguments
     }
 }
-
-function npx {
-    Invoke-WrappedCommand "npx" "aikido-npx" $args
-}
-
-function yarn {
-    Invoke-WrappedCommand "yarn" "aikido-yarn" $args
-}
-
-function pnpm {
-    Invoke-WrappedCommand "pnpm" "aikido-pnpm" $args
-}
-
-function pnpx {
-    Invoke-WrappedCommand "pnpx" "aikido-pnpx" $args
-}
-
-function bun {
-    Invoke-WrappedCommand "bun" "aikido-bun" $args
-}
-
-function bunx {
-    Invoke-WrappedCommand "bunx" "aikido-bunx" $args
-}
-
-function npm {
-    # If args is just -v or --version and nothing else, just run the npm version command
-    # This is because nvm uses this to check the version of npm
-    if (($args.Length -eq 1) -and (($args[0] -eq "-v") -or ($args[0] -eq "--version"))) {
-        Invoke-RealCommand "npm" $args
-        return
-    }
-    
-    Invoke-WrappedCommand "npm" "aikido-npm" $args
-}
-
-function pip {
-    Invoke-WrappedCommand "pip" "aikido-pip" $args
-}
-
-function pip3 {
-    Invoke-WrappedCommand "pip3" "aikido-pip3" $args
-}
-
-function uv {
-    Invoke-WrappedCommand "uv" "aikido-uv" $args
-}
-
-function poetry {
-    Invoke-WrappedCommand "poetry" "aikido-poetry" $args
-}
-
-# `python -m pip`, `python -m pip3`.
-function python {
-    Invoke-WrappedCommand 'python' 'aikido-python' $args
-}
-
-# `python3 -m pip`, `python3 -m pip3'.
-function python3 {
-    Invoke-WrappedCommand 'python3' 'aikido-python3' $args
-}
-

packages/safe-chain/src/shell-integration/startup-scripts/init-fish.fish

@@ -1,3 +1,44 @@
+set -gx PATH $PATH $HOME/.safe-chain/bin
+
+function npx
+    wrapSafeChainCommand "npx" $argv
+end
+
+function yarn
+    wrapSafeChainCommand "yarn" $argv
+end
+
+function pnpm
+    wrapSafeChainCommand "pnpm" $argv
+end
+
+function pnpx
+    wrapSafeChainCommand "pnpx" $argv
+end
+
+function bun
+    wrapSafeChainCommand "bun" $argv
+end
+
+function bunx
+    wrapSafeChainCommand "bunx" $argv
+end
+
+function npm
+    # If args is just -v or --version and nothing else, just run the `npm -v` command
+    # This is because nvm uses this to check the version of npm
+    set argc (count $argv)
+    if test $argc -eq 1
+        switch $argv[1]
+            case "-v" "--version"
+                command npm $argv
+                return
+        end
+    end
+
+    wrapSafeChainCommand "npm" $argv
+end
+
 function printSafeChainWarning
     set original_cmd $argv[1]
     
@@ -17,54 +58,14 @@ end
 
 function wrapSafeChainCommand
     set original_cmd $argv[1]
-    set aikido_cmd $argv[2]
-    set cmd_args $argv[3..-1]
-    
-    if type -q $aikido_cmd
-        # If the aikido command is available, just run it with the provided arguments
-        $aikido_cmd $cmd_args
+    set cmd_args $argv[2..-1]
+
+    if type -q safe-chain
+        # If the safe-chain command is available, just run it with the provided arguments
+        safe-chain $original_cmd $cmd_args
     else
-        # If the aikido command is not available, print a warning and run the original command
+        # If the safe-chain command is not available, print a warning and run the original command
         printSafeChainWarning $original_cmd
         command $original_cmd $cmd_args
     end
 end
-
-function npx
-    wrapSafeChainCommand "npx" "aikido-npx" $argv
-end
-
-function yarn
-    wrapSafeChainCommand "yarn" "aikido-yarn" $argv
-end
-
-function pnpm
-    wrapSafeChainCommand "pnpm" "aikido-pnpm" $argv
-end
-
-function pnpx
-    wrapSafeChainCommand "pnpx" "aikido-pnpx" $argv
-end
-
-function bun
-    wrapSafeChainCommand "bun" "aikido-bun" $argv
-end
-
-function bunx
-    wrapSafeChainCommand "bunx" "aikido-bunx" $argv
-end
-
-function npm
-    # If args is just -v or --version and nothing else, just run the `npm -v` command
-    # This is because nvm uses this to check the version of npm
-    set argc (count $argv)
-    if test $argc -eq 1
-        switch $argv[1]
-            case "-v" "--version"
-                command npm $argv
-                return
-        end
-    end
-
-    wrapSafeChainCommand "npm" "aikido-npm" $argv
-end

packages/safe-chain/src/shell-integration/startup-scripts/init-posix.sh

@@ -1,3 +1,39 @@
+export PATH="$PATH:$HOME/.safe-chain/bin"
+
+function npx() {
+  wrapSafeChainCommand "npx" "$@"
+}
+
+function yarn() {
+  wrapSafeChainCommand "yarn" "$@"
+}
+
+function pnpm() {
+  wrapSafeChainCommand "pnpm" "$@"
+}
+
+function pnpx() {
+  wrapSafeChainCommand "pnpx" "$@"
+}
+
+function bun() {
+  wrapSafeChainCommand "bun" "$@"
+}
+
+function bunx() {
+  wrapSafeChainCommand "bunx" "$@"
+}
+
+function npm() {
+  if [[ "$1" == "-v" || "$1" == "--version" ]] && [[ $# -eq 1 ]]; then
+    # If args is just -v or --version and nothing else, just run the npm version command
+    # This is because nvm uses this to check the version of npm
+    command npm "$@"
+    return
+  fi
+
+  wrapSafeChainCommand "npm" "$@"
+}
 
 function printSafeChainWarning() {
   # \033[43;30m is used to set the background color to yellow and text color to black
@@ -9,15 +45,10 @@ function printSafeChainWarning() {
 
 function wrapSafeChainCommand() {
   local original_cmd="$1"
-  local aikido_cmd="$2"
 
-  # Remove the first 2 arguments (original_cmd and aikido_cmd) from $@
-  # so that "$@" now contains only the arguments passed to the original command
-  shift 2
-
-  if command -v "$aikido_cmd" > /dev/null 2>&1; then
+  if command -v safe-chain > /dev/null 2>&1; then
     # If the aikido command is available, just run it with the provided arguments
-    "$aikido_cmd" "$@"
+    safe-chain "$@"
   else
     # If the aikido command is not available, print a warning and run the original command
     printSafeChainWarning "$original_cmd"
@@ -25,38 +56,3 @@ function wrapSafeChainCommand() {
     command "$original_cmd" "$@"
   fi
 }
-
-function npx() {
-  wrapSafeChainCommand "npx" "aikido-npx" "$@"
-}
-
-function yarn() {
-  wrapSafeChainCommand "yarn" "aikido-yarn" "$@"
-}
-
-function pnpm() {
-  wrapSafeChainCommand "pnpm" "aikido-pnpm" "$@"
-}
-
-function pnpx() {
-  wrapSafeChainCommand "pnpx" "aikido-pnpx" "$@"
-}
-
-function bun() {
-  wrapSafeChainCommand "bun" "aikido-bun" "$@"
-}
-
-function bunx() {
-  wrapSafeChainCommand "bunx" "aikido-bunx" "$@"
-}
-
-function npm() {
-  if [[ "$1" == "-v" || "$1" == "--version" ]] && [[ $# -eq 1 ]]; then
-    # If args is just -v or --version and nothing else, just run the npm version command
-    # This is because nvm uses this to check the version of npm
-    command npm "$@"
-    return
-  fi
-
-  wrapSafeChainCommand "npm" "aikido-npm" "$@"
-}

packages/safe-chain/src/shell-integration/startup-scripts/init-pwsh.ps1

@@ -1,3 +1,43 @@
+# Use cross-platform path separator (: on Unix, ; on Windows)
+$pathSeparator = if ($IsWindows) { ';' } else { ':' }
+$safeChainBin = Join-Path $HOME '.safe-chain' 'bin'
+$env:PATH = "$env:PATH$pathSeparator$safeChainBin"
+
+function npx {
+    Invoke-WrappedCommand "npx" $args
+}
+
+function yarn {
+    Invoke-WrappedCommand "yarn" $args
+}
+
+function pnpm {
+    Invoke-WrappedCommand "pnpm" $args
+}
+
+function pnpx {
+    Invoke-WrappedCommand "pnpx" $args
+}
+
+function bun {
+    Invoke-WrappedCommand "bun" $args
+}
+
+function bunx {
+    Invoke-WrappedCommand "bunx" $args
+}
+
+function npm {
+    # If args is just -v or --version and nothing else, just run the npm version command
+    # This is because nvm uses this to check the version of npm
+    if (($args.Length -eq 1) -and (($args[0] -eq "-v") -or ($args[0] -eq "--version"))) {
+        Invoke-RealCommand "npm" $args
+        return
+    }
+
+    Invoke-WrappedCommand "npm" $args
+}
+
 function Write-SafeChainWarning {
     param([string]$Command)
     
@@ -39,50 +79,14 @@ function Invoke-RealCommand {
 function Invoke-WrappedCommand {
     param(
         [string]$OriginalCmd,
-        [string]$AikidoCmd,
         [string[]]$Arguments
     )
 
-    if (Test-CommandAvailable $AikidoCmd) {
-        & $AikidoCmd @Arguments
+    if (Test-CommandAvailable "safe-chain") {
+        & safe-chain $OriginalCmd @Arguments
     }
     else {
         Write-SafeChainWarning $OriginalCmd
         Invoke-RealCommand $OriginalCmd $Arguments
     }
 }
-
-function npx {
-    Invoke-WrappedCommand "npx" "aikido-npx" $args
-}
-
-function yarn {
-    Invoke-WrappedCommand "yarn" "aikido-yarn" $args
-}
-
-function pnpm {
-    Invoke-WrappedCommand "pnpm" "aikido-pnpm" $args
-}
-
-function pnpx {
-    Invoke-WrappedCommand "pnpx" "aikido-pnpx" $args
-}
-
-function bun {
-    Invoke-WrappedCommand "bun" "aikido-bun" $args
-}
-
-function bunx {
-    Invoke-WrappedCommand "bunx" "aikido-bunx" $args
-}
-
-function npm {
-    # If args is just -v or --version and nothing else, just run the npm version command
-    # This is because nvm uses this to check the version of npm
-    if (($args.Length -eq 1) -and (($args[0] -eq "-v") -or ($args[0] -eq "--version"))) {
-        Invoke-RealCommand "npm" $args
-        return
-    }
-    
-    Invoke-WrappedCommand "npm" "aikido-npm" $args
-}