From e03bceba88cc3332906bc61b455fd2ad620d5dbd Mon Sep 17 00:00:00 2001 From: Reinier Criel Date: Tue, 25 Nov 2025 14:37:31 -0800 Subject: [PATCH] Some cleanup --- README.md | 2 +- packages/safe-chain/bin/aikido-uv.js | 3 +-- .../src/packagemanager/currentPackageManager.js | 6 ++---- .../uv/createUvPackageManager.spec.js | 16 ---------------- .../src/packagemanager/uv/runUvCommand.js | 13 ++++--------- .../src/packagemanager/uv/uvSettings.js | 5 ----- 6 files changed, 8 insertions(+), 37 deletions(-) delete mode 100644 packages/safe-chain/src/packagemanager/uv/uvSettings.js diff --git a/README.md b/README.md index 7969fba..437b76f 100644 --- a/README.md +++ b/README.md @@ -141,7 +141,7 @@ To use Aikido Safe Chain in CI/CD environments, run the following command after safe-chain setup-ci ``` -To enable Python (pip/pip3) support (beta) in CI/CD, use the `--include-python` flag: +To enable Python (pip/pip3/uv) support (beta) in CI/CD, use the `--include-python` flag: ```shell safe-chain setup-ci --include-python diff --git a/packages/safe-chain/bin/aikido-uv.js b/packages/safe-chain/bin/aikido-uv.js index b8cf210..14180f2 100755 --- a/packages/safe-chain/bin/aikido-uv.js +++ b/packages/safe-chain/bin/aikido-uv.js @@ -3,12 +3,11 @@ import { main } from "../src/main.js"; import { initializePackageManager } from "../src/packagemanager/currentPackageManager.js"; import { setEcoSystem, ECOSYSTEM_PY } from "../src/config/settings.js"; -import { UV_PACKAGE_MANAGER } from "../src/packagemanager/uv/uvSettings.js"; // Set eco system setEcoSystem(ECOSYSTEM_PY); -initializePackageManager(UV_PACKAGE_MANAGER); +initializePackageManager("uv"); // Pass through only user-supplied uv args var exitCode = await main(process.argv.slice(2)); diff --git a/packages/safe-chain/src/packagemanager/currentPackageManager.js b/packages/safe-chain/src/packagemanager/currentPackageManager.js index f18105f..c6f4484 100644 --- a/packages/safe-chain/src/packagemanager/currentPackageManager.js +++ b/packages/safe-chain/src/packagemanager/currentPackageManager.js @@ -11,8 +11,6 @@ import { import { createYarnPackageManager } from "./yarn/createPackageManager.js"; import { createPipPackageManager } from "./pip/createPackageManager.js"; import { createUvPackageManager } from "./uv/createUvPackageManager.js"; -import { PIP_PACKAGE_MANAGER } from "./pip/pipSettings.js"; -import { UV_PACKAGE_MANAGER } from "./uv/uvSettings.js"; /** * @type {{packageManagerName: PackageManager | null}} @@ -55,9 +53,9 @@ export function initializePackageManager(packageManagerName) { state.packageManagerName = createBunPackageManager(); } else if (packageManagerName === "bunx") { state.packageManagerName = createBunxPackageManager(); - } else if (packageManagerName === PIP_PACKAGE_MANAGER) { + } else if (packageManagerName === "pip") { state.packageManagerName = createPipPackageManager(); - } else if (packageManagerName === UV_PACKAGE_MANAGER) { + } else if (packageManagerName === "uv") { state.packageManagerName = createUvPackageManager(); } else { throw new Error("Unsupported package manager: " + packageManagerName); diff --git a/packages/safe-chain/src/packagemanager/uv/createUvPackageManager.spec.js b/packages/safe-chain/src/packagemanager/uv/createUvPackageManager.spec.js index ba79722..eb42924 100644 --- a/packages/safe-chain/src/packagemanager/uv/createUvPackageManager.spec.js +++ b/packages/safe-chain/src/packagemanager/uv/createUvPackageManager.spec.js @@ -11,20 +11,4 @@ test("createUvPackageManager", async (t) => { assert.strictEqual(typeof pm.isSupportedCommand, "function"); assert.strictEqual(typeof pm.getDependencyUpdatesForCommand, "function"); }); - - await t.test("should use proxy-only approach (MITM)", () => { - const pm = createUvPackageManager(); - - // uv uses proxy-only approach, so it doesn't scan args - assert.strictEqual(pm.isSupportedCommand(["pip", "install", "requests"]), false); - assert.strictEqual(pm.isSupportedCommand(["add", "requests"]), false); - assert.strictEqual(pm.isSupportedCommand([]), false); - }); - - await t.test("should return empty dependency updates", () => { - const pm = createUvPackageManager(); - - const result = pm.getDependencyUpdatesForCommand(["pip", "install", "requests"]); - assert.deepStrictEqual(result, []); - }); }); diff --git a/packages/safe-chain/src/packagemanager/uv/runUvCommand.js b/packages/safe-chain/src/packagemanager/uv/runUvCommand.js index 85302eb..ed02fe3 100644 --- a/packages/safe-chain/src/packagemanager/uv/runUvCommand.js +++ b/packages/safe-chain/src/packagemanager/uv/runUvCommand.js @@ -5,15 +5,11 @@ import { getCombinedCaBundlePath } from "../../registryProxy/certBundle.js"; /** * Sets CA bundle environment variables used by Python libraries and uv. - * These are applied to ensure all Python network libraries respect the combined CA bundle. * - * @param {NodeJS.ProcessEnv} env - Environment object to modify + * @param {NodeJS.ProcessEnv} env - Env object * @param {string} combinedCaPath - Path to the combined CA bundle */ function setUvCaBundleEnvironmentVariables(env, combinedCaPath) { - // UV_NATIVE_TLS: Use system-provided TLS certificates (default is true) - // But we also need to provide our CA bundle for MITM'd connections - // SSL_CERT_FILE: Used by Python SSL libraries and underlying HTTP clients if (env.SSL_CERT_FILE) { ui.writeWarning("Safe-chain: User defined SSL_CERT_FILE found in environment. It will be overwritten."); @@ -40,6 +36,9 @@ function setUvCaBundleEnvironmentVariables(env, combinedCaPath) { * - HTTP_PROXY / HTTPS_PROXY: Proxy settings * - SSL_CERT_FILE / REQUESTS_CA_BUNDLE: CA bundle for TLS verification * + * Unlike pip (which requires a temporary config file for cert configuration), uv directly + * honors environment variables, so no config/ini file is needed. + * * @param {string} command - The uv command to execute (typically 'uv') * @param {string[]} args - Command line arguments to pass to uv * @returns {Promise<{status: number}>} Exit status of the uv command @@ -48,11 +47,7 @@ export async function runUv(command, args) { try { const env = mergeSafeChainProxyEnvironmentVariables(process.env); - // Provide uv with a complete CA bundle (Safe Chain CA + Mozilla + Node built-in roots) - // so that network requests validate correctly under both MITM'd and tunneled HTTPS. const combinedCaPath = getCombinedCaBundlePath(); - - // Set CA bundle environment variables for uv and underlying Python libraries setUvCaBundleEnvironmentVariables(env, combinedCaPath); // Note: uv uses HTTPS_PROXY and HTTP_PROXY environment variables for proxy configuration diff --git a/packages/safe-chain/src/packagemanager/uv/uvSettings.js b/packages/safe-chain/src/packagemanager/uv/uvSettings.js deleted file mode 100644 index 6f68ea7..0000000 --- a/packages/safe-chain/src/packagemanager/uv/uvSettings.js +++ /dev/null @@ -1,5 +0,0 @@ -export const UV_PACKAGE_MANAGER = "uv"; - -// Unlike pip, uv only has one invocation method: the 'uv' command. -// There is no 'uv3' or 'python -m uv' pattern, so we don't need -// invocation tracking like pip does.