From 3bfca9e296470c6429dfa46d86d0be7827a5804a Mon Sep 17 00:00:00 2001
From: Uriel Corfa <uriel.corfa@ecosia.org>
Date: Wed, 7 Jan 2026 17:18:48 +0100
Subject: [PATCH 1/3] Propagate command-not-found errors when invoking wrapped
 commands

Before this change, if a package manager was not installed, safe-chain still
sets the function and when invoked, the wrapper will invoke safe-chain, which
will exit with error code 127 when it fails to invoke the wrapped command. As an
example (with a shell prompt that shows $? when non-zero):

```
$ type -f pip
bash: type: pip: not found
1$ pip
127$
```

With this patch, the wrapper first checks for the existence of the wrapped
command (ignoring functions), and if no such command exists, it instructs the
shell to invoke it anyway. This results in the shell failing to find the
command, and reporting an error as if the wrapper function wasn't there:

```
$ source init-posix.sh
$ type -f pip
bash: type: pip: not found
1$ pip
Command 'pip' not found, but can be installed with:
sudo apt install python3-pip
127$
```
---
 .../src/shell-integration/startup-scripts/init-posix.sh   | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/packages/safe-chain/src/shell-integration/startup-scripts/init-posix.sh b/packages/safe-chain/src/shell-integration/startup-scripts/init-posix.sh
index e649909..b9eebeb 100644
--- a/packages/safe-chain/src/shell-integration/startup-scripts/init-posix.sh
+++ b/packages/safe-chain/src/shell-integration/startup-scripts/init-posix.sh
@@ -76,6 +76,14 @@ function printSafeChainWarning() {
 function wrapSafeChainCommand() {
   local original_cmd="$1"
 
+  if ! type -f "${original_cmd}" > /dev/null 2>&1; then
+    # If the original command is not available, don't try to wrap it: invoke it
+    # transparently, so the shell can report errors as if this wrapper didn't
+    # exist.
+    command $@
+    return $?
+  fi
+
   if command -v safe-chain > /dev/null 2>&1; then
     # If the aikido command is available, just run it with the provided arguments
     safe-chain "$@"

From 4e894dd0fdcfdea1fb731c3562adbf6be7b86c04 Mon Sep 17 00:00:00 2001
From: Uriel Corfa <uriel.corfa@ecosia.org>
Date: Thu, 8 Jan 2026 09:56:59 +0100
Subject: [PATCH 2/3] init-posix: preserve arguments when exec'ing the
 original_cmd

---
 .../src/shell-integration/startup-scripts/init-posix.sh         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/safe-chain/src/shell-integration/startup-scripts/init-posix.sh b/packages/safe-chain/src/shell-integration/startup-scripts/init-posix.sh
index b9eebeb..ebaaf3c 100644
--- a/packages/safe-chain/src/shell-integration/startup-scripts/init-posix.sh
+++ b/packages/safe-chain/src/shell-integration/startup-scripts/init-posix.sh
@@ -80,7 +80,7 @@ function wrapSafeChainCommand() {
     # If the original command is not available, don't try to wrap it: invoke it
     # transparently, so the shell can report errors as if this wrapper didn't
     # exist.
-    command $@
+    command "$@"
     return $?
   fi
 

From 0ce0a875575a6d6ca9485e2f63cd54d44cea51e1 Mon Sep 17 00:00:00 2001
From: Uriel Corfa <uriel.corfa@ecosia.org>
Date: Thu, 8 Jan 2026 10:01:13 +0100
Subject: [PATCH 3/3] Add the same handler for fish

---
 .../startup-scripts/init-fish.fish             | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/packages/safe-chain/src/shell-integration/startup-scripts/init-fish.fish b/packages/safe-chain/src/shell-integration/startup-scripts/init-fish.fish
index ec58c8b..13463f6 100644
--- a/packages/safe-chain/src/shell-integration/startup-scripts/init-fish.fish
+++ b/packages/safe-chain/src/shell-integration/startup-scripts/init-fish.fish
@@ -71,13 +71,13 @@ end
 
 function printSafeChainWarning
     set original_cmd $argv[1]
-    
+
     # Fish equivalent of ANSI color codes: yellow background, black text for "Warning:"
     set_color -b yellow black
     printf "Warning:"
     set_color normal
     printf " safe-chain is not available to protect you from installing malware. %s will run without it.\n" $original_cmd
-    
+
     # Cyan text for the install command
     printf "Install safe-chain by using "
     set_color cyan
@@ -90,6 +90,20 @@ function wrapSafeChainCommand
     set original_cmd $argv[1]
     set cmd_args $argv[2..-1]
 
+    if not type -fq $original_cmd
+       # If the original command is not available, don't try to wrap it: invoke
+       # it transparently, so the shell can report errors as if this wrapper
+       # didn't exist. fish always adds extra debug information when executing
+       # missing commands from within a function, so after the "command not
+       # found" handler, there will be information about how the
+       # wrapSafeChainCommand function errored out. To avoid users assuming this
+       # is a safe-chain bug, display an explicit error message afterwards.
+       command $original_cmd $cmd_args
+       set oldstatus $status
+       echo "safe-chain tried to run $original_cmd but it doesn't seem to be installed in your \$PATH." >&2
+       return $oldstatus
+    end
+
     if type -q safe-chain
         # If the safe-chain command is available, just run it with the provided arguments
         safe-chain $original_cmd $cmd_args