Refactor PyPI logic and cleanup

packages/safe-chain/src/packagemanager/pip/createPackageManager.js

@@ -1,17 +1,21 @@
 import { runPip } from "./runPipCommand.js";
-import { getCurrentPipInvocation } from "./pipSettings.js";
+import { PIP_COMMAND } from "./pipSettings.js";
+
 /**
+ * @param {{ tool: string, args: string[] }} [context] - Optional context with tool name and args
  * @returns {import("../currentPackageManager.js").PackageManager}
  */
-export function createPipPackageManager() {
+export function createPipPackageManager(context) {
+  const tool = context?.tool || PIP_COMMAND;
+
   return {
     /**
      * @param {string[]} args
      */
     runCommand: (args) => {
-      const invocation = getCurrentPipInvocation();
-      const fullArgs = [...invocation.args, ...args];
-      return runPip(invocation.command, fullArgs);
+      // Args from main.js are already stripped of --safe-chain-* flags
+      // We just pass the tool (e.g. "python3") and the args (e.g. ["-m", "pip", "install", ...])
+      return runPip(tool, args);
     },
     // For pip, rely solely on MITM proxy to detect/deny downloads from known registries.
     isSupportedCommand: () => false,