moved troubleshooting from docs to here

2026-05-26 04:00:49 +00:00 · 2026-05-06 10:47:37 +02:00 · 2026-05-06 10:47:37 +02:00 · cd5040c3be
commit cd5040c3be
parent 7b39239b81
1 changed files with 306 additions and 1 deletions
--- a/README.md
+++ b/README.md
@ -548,4 +548,309 @@ npm-ci:

 # Troubleshooting

-Having issues? See the [Troubleshooting Guide](https://help.aikido.dev/code-scanning/aikido-malware-scanning/safe-chain-troubleshooting) for help with common problems.
+## Verification & Diagnostics
+
+**Check Installation**
+
+```bash
+# Check version
+safe-chain --version
+```
+
+**Verify Shell Integration**
+
+Run the verification command for your package manager:
+
+```bash
+npm safe-chain-verify
+pnpm safe-chain-verify
+```
+
+```
+Expected output: `OK: Safe-chain works!`
+```
+
+**Test Malware Blocking**
+
+Verify that malware detection is working:
+```
+npm install safe-chain-test
+```
+
+These test packages are flagged as malware and should be blocked by Safe Chain.
+
+**If the test package installs successfully instead of being blocked**, see Malware Not Being Blocked below.
+
+## Logging Options
+
+Use logging flags or environment variables to get more information:
+
+```bash
+# Verbose mode - detailed diagnostic output for troubleshooting
+npm install express --safe-chain-logging=verbose
+
+# Or set it globally for all commands in your session
+export SAFE_CHAIN_LOGGING=verbose
+npm install express
+
+# Silent mode - suppress all output except malware blocking
+npm install express --safe-chain-logging=silent
+```
+
+## Common Issues
+
+### Malware Not Being Blocked
+
+**Symptom:** Test malware packages (like `safe-chain-test`) install successfully when they should be blocked
+
+**Most Common Cause:** The package is cached in your package manager's local store
+
+Safe-chain blocks malicious packages by intercepting network requests to package registries using its proxy.
+
+When a package is already cached locally, the package manager skips downloading it from the registry, which bypasses the proxy.
+
+**Resolution Steps**
+
+1) Clear your package manager's cache
+
+```bash
+# For npm
+npm cache clean --force
+
+# For pnpm
+pnpm store prune
+
+# For yarn (classic)
+yarn cache clean
+
+# For yarn (berry/v2+)
+yarn cache clean --all
+
+# For bun
+bun pm cache rm
+```
+
+2) Clean local installation artifacts:
+
+```bash
+# Remove node_modules if you want a completely fresh install
+rm -rf node_modules
+```
+
+3) Re-test malware blocking:
+
+```bash
+npm install safe-chain-test    # Should be blocked
+```
+
+### Shell Aliases Not Working After Installation
+
+**Symptom:** Running `npm` shows regular npm instead of safe-chain wrapped version
+
+**First step:** Restart your terminal (most common fix)
+
+**Verify it's working:**
+
+```bash
+type npm
+```
+
+Should show: `npm is a function`
+
+**If still not working:**
+
+Check that your startup file sources safe-chain scripts from `~/.safe-chain/scripts/`:
+
+* Bash: `~/.bashrc`
+* Zsh: `~/.zshrc`
+* Fish: `~/.config/fish/config.fish`
+* PowerShell: `$PROFILE`
+
+### "Command Not Found: safe-chain"
+
+**Symptom:** Binary not found in PATH
+
+**First step:** Restart your terminal
+
+**Check PATH:**
+
+```bash
+echo $PATH
+```
+
+Should include `~/.safe-chain/bin`
+
+**If persists:** Re-run the installation script
+
+### PowerShell Execution Policy Blocks Scripts (Windows)
+
+**Symptom:** When opening PowerShell, you see an error like:
+
+```
+. : File C:\Users\<username>\Documents\WindowsPowerShell\Microsoft.PowerShell_profile.ps1 cannot be loaded because
+running scripts is disabled on this system.
+CategoryInfo          : SecurityError: (:) [], PSSecurityException
+FullyQualifiedErrorId : UnauthorizedAccess
+```
+
+**Cause:** Windows PowerShell's default execution policy (`Restricted`) blocks all script execution, including safe-chain's initialization script that's sourced from your PowerShell profile.
+
+**Resolution**
+
+1) Set the execution policy to allow local scripts
+
+Open PowerShell as Administrator and run:
+
+```powershell
+Set-ExecutionPolicy -ExecutionPolicy RemoteSigned
+```
+
+This allows:
+
+* Local scripts (like safe-chain's) to run without signing
+* Downloaded scripts to run only if signed by a trusted publisher
+
+2) Restart PowerShell and verify the error is resolved.
+
+> [!IMPORTANT]
+> `RemoteSigned` is Microsoft's recommended execution policy for client computers. It provides a good balance between security and usability.
+
+### Shell Aliases Persist After Uninstallation
+
+**Symptom:** safe-chain commands still active after running uninstall script
+
+**Steps**
+
+1. Run `safe-chain teardown` (if binary still exists)
+2. Restart your terminal
+3. If still present, manually edit shell config files:
+   * Bash: `~/.bashrc`
+   * Zsh: `~/.zshrc`
+   * Fish: `~/.config/fish/config.fish`
+   * PowerShell: `$PROFILE`
+4. Remove lines that source scripts from `~/.safe-chain/scripts/`
+5. Restart terminal again
+
+## Manual Verification Steps
+
+### Check Installation Status
+
+```bash
+# Check installation location (helps identify if installed via npm or as standalone binary)
+which safe-chain
+
+# Verify binary exists
+ls ~/.safe-chain/bin/safe-chain
+
+# Check version
+safe-chain --version
+
+# Test shell integration
+type npm
+type pip
+```
+
+**Expected `which` output:**
+
+* Standalone binary (correct): `~/.safe-chain/bin/safe-chain` or `/Users/<username>/.safe-chain/bin/safe-chain`
+* npm global (outdated): path containing `node_modules` or nvm version paths
+
+If `which` shows an npm installation, see Check for Conflicting Installations.
+
+### Check Shell Integration
+
+```bash
+# Which shell you're using
+echo $SHELL
+
+# Check if startup file sources safe-chain
+# For Bash:
+grep safe-chain ~/.bashrc
+
+# For Zsh:
+grep safe-chain ~/.zshrc
+
+# For Fish:
+grep safe-chain ~/.config/fish/config.fish
+
+# Verify scripts exist
+ls ~/.safe-chain/scripts/
+```
+
+### Check for Conflicting Installations
+
+> **Note:** The install/uninstall scripts automatically detect and remove conflicting installations, but you can manually check:
+
+```bash
+# Check npm global
+npm list -g @aikidosec/safe-chain
+
+# Check Volta
+volta list safe-chain
+
+# Check nvm (all versions)
+for version in $(nvm list | grep -oE 'v[0-9]+\.[0-9]+\.[0-9]+'); do
+  nvm exec "$version" npm list -g @aikidosec/safe-chain 2>/dev/null && echo "Found in $version"
+done
+```
+
+### Manual Cleanup
+
+> **Note:** The install and uninstall scripts automatically handle these cleanup steps. Use these manual commands only if automatic cleanup fails.
+
+#### Remove npm Global Installation
+
+```bash
+npm uninstall -g @aikidosec/safe-chain
+```
+
+#### Remove Volta Installation
+
+```bash
+volta uninstall @aikidosec/safe-chain
+```
+
+#### Remove nvm Installations (All Versions)
+
+```bash
+# Automated approach
+for version in $(nvm list | grep -oE 'v[0-9]+\.[0-9]+\.[0-9]+'); do
+  nvm exec "$version" npm uninstall -g @aikidosec/safe-chain
+done
+
+# Or manual per version
+nvm use <version>
+npm uninstall -g @aikidosec/safe-chain
+```
+
+#### Clean Shell Configuration Files
+
+Manually remove safe-chain entries from:
+
+* Bash: `~/.bashrc`
+* Zsh: `~/.zshrc`
+* Fish: `~/.config/fish/config.fish`
+* PowerShell: `$PROFILE`
+
+Look for and remove:
+
+* Lines sourcing from `~/.safe-chain/scripts/`
+* Any safe-chain related function definitions
+
+#### Remove Installation Directory
+
+```bash
+rm -rf ~/.safe-chain
+```
+
+# Report Issues
+
+If you encounter problems:
+
+1. Visit [GitHub Issues](https://github.com/AikidoSec/safe-chain/issues)
+2. Include:
+   * Operating system and version
+   * Shell type and version
+   * `safe-chain --version` output
+   * Output from verification commands
+   * Verbose logs of the failing command (add the `--safe-chain-logging=verbose` argument)