Move pipCaBundle to central location

packages/safe-chain/src/packagemanager/pip/runPipCommand.js

@@ -1,7 +1,7 @@
 import { ui } from "../../environment/userInteraction.js";
 import { safeSpawn } from "../../utils/safeSpawn.js";
 import { mergeSafeChainProxyEnvironmentVariables } from "../../registryProxy/registryProxy.js";
-import { getCombinedCaBundlePath } from "./utils/pipCaBundle.js";
+import { getCombinedCaBundlePath } from "../../registryProxy/certBundle.js";
 
 export async function runPip(command, args) {
   try {

packages/safe-chain/src/packagemanager/pip/runPipCommand.spec.js

@@ -28,8 +28,8 @@ describe("runPipCommand environment variable handling", () => {
       },
     });
 
-    // Mock pipCaBundle to return a test combined bundle path
+    // Mock certBundle to return a test combined bundle path
-    mock.module("./utils/pipCaBundle.js", {
+    mock.module("../../registryProxy/certBundle.js", {
       namedExports: {
         getCombinedCaBundlePath: () => "/tmp/test-combined-ca.pem",
       },

packages/safe-chain/src/registryProxy/certBundle.js

@@ -4,7 +4,7 @@ import path from "node:path";
 import certifi from "certifi";
 import tls from "node:tls";
 import { X509Certificate } from "node:crypto";
-import { getCaCertPath } from "../../../registryProxy/certUtils.js";
+import { getCaCertPath } from "./certUtils.js";
 
 /**
  * Check if a PEM string contains only parsable cert blocks.
@@ -41,11 +41,11 @@ function isParsable(pem) {
 let cachedPath = null;
 
 /**
- * Build a combined CA bundle specifically for pip flows.
+ * Build a combined CA bundle for Python and Node HTTPS flows.
  * - Includes Safe Chain CA (for MITM of known registries)
  * - Includes Mozilla roots via npm `certifi` (public HTTPS)
  * - Includes Node's built-in root certificates as a portable fallback
- * */
+ */
 export function getCombinedCaBundlePath() {
   if (cachedPath && fs.existsSync(cachedPath)) return cachedPath;
 

packages/safe-chain/src/registryProxy/certBundle.spec.js

@@ -7,7 +7,7 @@ import tls from "node:tls";
 
 // Utility to remove the generated bundle so the module rebuilds it on demand
 function removeBundleIfExists() {
-  const target = path.join(os.tmpdir(), "safe-chain-python-ca-bundle.pem");
+  const target = path.join(os.tmpdir(), "safe-chain-ca-bundle.pem");
   try {
     if (fs.existsSync(target)) fs.unlinkSync(target);
   } catch {
@@ -15,7 +15,7 @@ function removeBundleIfExists() {
   }
 }
 
-describe("pipCaBundle.getCombinedCaBundlePath", () => {
+describe("certBundle.getCombinedCaBundlePath", () => {
   beforeEach(() => {
     mock.restoreAll();
     removeBundleIfExists();
@@ -31,13 +31,13 @@ describe("pipCaBundle.getCombinedCaBundlePath", () => {
     fs.writeFileSync(safeChainPath, `${marker}\n${rootPem}`, "utf8");
 
     // Mock the certUtils.getCaCertPath to return our temp file
-    mock.module("../../../registryProxy/certUtils.js", {
+    mock.module("./certUtils.js", {
       namedExports: {
         getCaCertPath: () => safeChainPath,
       },
     });
 
-    const { getCombinedCaBundlePath } = await import("./pipCaBundle.js");
+    const { getCombinedCaBundlePath } = await import("./certBundle.js");
     const bundlePath = getCombinedCaBundlePath();
     assert.ok(fs.existsSync(bundlePath), "Bundle path should exist");
     const contents = fs.readFileSync(bundlePath, "utf8");
@@ -53,7 +53,7 @@ describe("pipCaBundle.getCombinedCaBundlePath", () => {
     fs.writeFileSync(safeChainPath, invalidMarker, "utf8");
 
     // Mock the certUtils.getCaCertPath to return our invalid file
-    mock.module("../../../registryProxy/certUtils.js", {
+    mock.module("./certUtils.js", {
       namedExports: {
         getCaCertPath: () => safeChainPath,
       },
@@ -61,7 +61,7 @@ describe("pipCaBundle.getCombinedCaBundlePath", () => {
 
     // Ensure fresh build
     removeBundleIfExists();
-    const { getCombinedCaBundlePath } = await import("./pipCaBundle.js");
+    const { getCombinedCaBundlePath } = await import("./certBundle.js");
     const bundlePath = getCombinedCaBundlePath();
     assert.ok(fs.existsSync(bundlePath), "Bundle path should exist");
     const contents = fs.readFileSync(bundlePath, "utf8");