@aikidosec/safe-chain 0.0.1-immutable-releases-beta

package/src/shell-integration/supported-shells/fish.js

@@ -0,0 +1,95 @@
+import {
+  addLineToFile,
+  doesExecutableExistOnSystem,
+  removeLinesMatchingPattern,
+} from "../helpers.js";
+import { execSync } from "child_process";
+
+const shellName = "Fish";
+const executableName = "fish";
+const startupFileCommand = "echo ~/.config/fish/config.fish";
+const eol = "\n"; // When fish runs on Windows (e.g., Git Bash or WSL), it expects LF line endings.
+
+function isInstalled() {
+  return doesExecutableExistOnSystem(executableName);
+}
+
+/**
+ * @param {import("../helpers.js").AikidoTool[]} tools
+ *
+ * @returns {boolean}
+ */
+function teardown(tools) {
+  const startupFile = getStartupFile();
+
+  for (const { tool } of tools) {
+    // Remove any existing alias for the tool
+    removeLinesMatchingPattern(
+      startupFile,
+      new RegExp(`^alias\\s+${tool}\\s+`),
+      eol
+    );
+  }
+
+  // Removes the line that sources the safe-chain fish initialization script (~/.safe-chain/scripts/init-fish.fish)
+  removeLinesMatchingPattern(
+    startupFile,
+    /^source\s+~\/\.safe-chain\/scripts\/init-fish\.fish/,
+    eol
+  );
+
+  return true;
+}
+
+function setup() {
+  const startupFile = getStartupFile();
+
+  addLineToFile(
+    startupFile,
+    `source ~/.safe-chain/scripts/init-fish.fish # Safe-chain Fish initialization script`,
+    eol
+  );
+
+  return true;
+}
+
+function getStartupFile() {
+  try {
+    return execSync(startupFileCommand, {
+      encoding: "utf8",
+      shell: executableName,
+    }).trim();
+  } catch (/** @type {any} */ error) {
+    throw new Error(
+      `Command failed: ${startupFileCommand}. Error: ${error.message}`
+    );
+  }
+}
+
+function getManualTeardownInstructions() {
+  return [
+    `Remove the following line from your ~/.config/fish/config.fish file:`,
+    `  source ~/.safe-chain/scripts/init-fish.fish`,
+    `Then restart your terminal or run: source ~/.config/fish/config.fish`,
+  ];
+}
+
+function getManualSetupInstructions() {
+  return [
+    `Add the following line to your ~/.config/fish/config.fish file:`,
+    `  source ~/.safe-chain/scripts/init-fish.fish`,
+    `Then restart your terminal or run: source ~/.config/fish/config.fish`,
+  ];
+}
+
+/**
+ * @type {import("../shellDetection.js").Shell}
+ */
+export default {
+  name: shellName,
+  isInstalled,
+  setup,
+  teardown,
+  getManualSetupInstructions,
+  getManualTeardownInstructions,
+};

package/src/shell-integration/supported-shells/powershell.js

@@ -0,0 +1,100 @@
+import {
+  addLineToFile,
+  doesExecutableExistOnSystem,
+  removeLinesMatchingPattern,
+  validatePowerShellExecutionPolicy,
+} from "../helpers.js";
+import { execSync } from "child_process";
+
+const shellName = "PowerShell Core";
+const executableName = "pwsh";
+const startupFileCommand = "echo $PROFILE";
+
+function isInstalled() {
+  return doesExecutableExistOnSystem(executableName);
+}
+
+/**
+ * @param {import("../helpers.js").AikidoTool[]} tools
+ *
+ * @returns {boolean}
+ */
+function teardown(tools) {
+  const startupFile = getStartupFile();
+
+  for (const { tool } of tools) {
+    // Remove any existing alias for the tool
+    removeLinesMatchingPattern(
+      startupFile,
+      new RegExp(`^Set-Alias\\s+${tool}\\s+`),
+    );
+  }
+
+  // Remove the line that sources the safe-chain PowerShell initialization script
+  removeLinesMatchingPattern(
+    startupFile,
+    /^\.\s+["']?\$HOME[/\\].safe-chain[/\\]scripts[/\\]init-pwsh\.ps1["']?/,
+  );
+
+  return true;
+}
+
+async function setup() {
+  const { isValid, policy } =
+    await validatePowerShellExecutionPolicy(executableName);
+  if (!isValid) {
+    throw new Error(
+      `PowerShell execution policy is set to '${policy}', which prevents safe-chain from running.\n  -> To fix this, open PowerShell as Administrator and run: Set-ExecutionPolicy -ExecutionPolicy RemoteSigned.\n     For more information, see: https://help.aikido.dev/code-scanning/aikido-malware-scanning/safe-chain-troubleshooting#powershell-execution-policy-blocks-scripts-windows`,
+    );
+  }
+
+  const startupFile = getStartupFile();
+
+  addLineToFile(
+    startupFile,
+    `. "$HOME\\.safe-chain\\scripts\\init-pwsh.ps1" # Safe-chain PowerShell initialization script`,
+  );
+
+  return true;
+}
+
+function getStartupFile() {
+  try {
+    return execSync(startupFileCommand, {
+      encoding: "utf8",
+      shell: executableName,
+    }).trim();
+  } catch (/** @type {any} */ error) {
+    throw new Error(
+      `Command failed: ${startupFileCommand}. Error: ${error.message}`,
+    );
+  }
+}
+
+function getManualTeardownInstructions() {
+  return [
+    `Remove the following line from your PowerShell profile (run "echo $PROFILE" to find its location):`,
+    `  . "$HOME\\.safe-chain\\scripts\\init-pwsh.ps1"`,
+    `Then restart your terminal or run: . $PROFILE`,
+  ];
+}
+
+function getManualSetupInstructions() {
+  return [
+    `Add the following line to your PowerShell profile (run "echo $PROFILE" to find its location):`,
+    `  . "$HOME\\.safe-chain\\scripts\\init-pwsh.ps1"`,
+    `Then restart your terminal or run: . $PROFILE`,
+  ];
+}
+
+/**
+ * @type {import("../shellDetection.js").Shell}
+ */
+export default {
+  name: shellName,
+  isInstalled,
+  setup,
+  teardown,
+  getManualSetupInstructions,
+  getManualTeardownInstructions,
+};

package/src/shell-integration/supported-shells/windowsPowershell.js

@@ -0,0 +1,100 @@
+import {
+  addLineToFile,
+  doesExecutableExistOnSystem,
+  removeLinesMatchingPattern,
+  validatePowerShellExecutionPolicy,
+} from "../helpers.js";
+import { execSync } from "child_process";
+
+const shellName = "Windows PowerShell";
+const executableName = "powershell";
+const startupFileCommand = "echo $PROFILE";
+
+function isInstalled() {
+  return doesExecutableExistOnSystem(executableName);
+}
+
+/**
+ * @param {import("../helpers.js").AikidoTool[]} tools
+ *
+ * @returns {boolean}
+ */
+function teardown(tools) {
+  const startupFile = getStartupFile();
+
+  for (const { tool } of tools) {
+    // Remove any existing alias for the tool
+    removeLinesMatchingPattern(
+      startupFile,
+      new RegExp(`^Set-Alias\\s+${tool}\\s+`),
+    );
+  }
+
+  // Remove the line that sources the safe-chain PowerShell initialization script
+  removeLinesMatchingPattern(
+    startupFile,
+    /^\.\s+["']?\$HOME[/\\].safe-chain[/\\]scripts[/\\]init-pwsh\.ps1["']?/,
+  );
+
+  return true;
+}
+
+async function setup() {
+  const { isValid, policy } =
+    await validatePowerShellExecutionPolicy(executableName);
+  if (!isValid) {
+    throw new Error(
+      `PowerShell execution policy is set to '${policy}', which prevents safe-chain from running.\n  -> To fix this, open PowerShell as Administrator and run: Set-ExecutionPolicy -ExecutionPolicy RemoteSigned.\n     For more information, see: https://help.aikido.dev/code-scanning/aikido-malware-scanning/safe-chain-troubleshooting#powershell-execution-policy-blocks-scripts-windows`,
+    );
+  }
+
+  const startupFile = getStartupFile();
+
+  addLineToFile(
+    startupFile,
+    `. "$HOME\\.safe-chain\\scripts\\init-pwsh.ps1" # Safe-chain PowerShell initialization script`,
+  );
+
+  return true;
+}
+
+function getStartupFile() {
+  try {
+    return execSync(startupFileCommand, {
+      encoding: "utf8",
+      shell: executableName,
+    }).trim();
+  } catch (/** @type {any} */ error) {
+    throw new Error(
+      `Command failed: ${startupFileCommand}. Error: ${error.message}`,
+    );
+  }
+}
+
+function getManualTeardownInstructions() {
+  return [
+    `Remove the following line from your PowerShell profile (run "echo $PROFILE" to find its location):`,
+    `  . "$HOME\\.safe-chain\\scripts\\init-pwsh.ps1"`,
+    `Then restart your terminal or run: . $PROFILE`,
+  ];
+}
+
+function getManualSetupInstructions() {
+  return [
+    `Add the following line to your PowerShell profile (run "echo $PROFILE" to find its location):`,
+    `  . "$HOME\\.safe-chain\\scripts\\init-pwsh.ps1"`,
+    `Then restart your terminal or run: . $PROFILE`,
+  ];
+}
+
+/**
+ * @type {import("../shellDetection.js").Shell}
+ */
+export default {
+  name: shellName,
+  isInstalled,
+  setup,
+  teardown,
+  getManualSetupInstructions,
+  getManualTeardownInstructions,
+};

package/src/shell-integration/supported-shells/zsh.js

@@ -0,0 +1,92 @@
+import {
+  addLineToFile,
+  doesExecutableExistOnSystem,
+  removeLinesMatchingPattern,
+} from "../helpers.js";
+import { execSync } from "child_process";
+
+const shellName = "Zsh";
+const executableName = "zsh";
+const startupFileCommand = "echo ${ZDOTDIR:-$HOME}/.zshrc";
+const eol = "\n"; // When zsh runs on Windows (e.g., Git Bash or WSL), it expects LF line endings.
+
+function isInstalled() {
+  return doesExecutableExistOnSystem(executableName);
+}
+
+/**
+ * @param {import("../helpers.js").AikidoTool[]} tools
+ *
+ * @returns {boolean}
+ */
+function teardown(tools) {
+  const startupFile = getStartupFile();
+
+  for (const { tool } of tools) {
+    // Remove any existing alias for the tool
+    removeLinesMatchingPattern(
+      startupFile,
+      new RegExp(`^alias\\s+${tool}=`),
+      eol
+    );
+  }
+
+  // Removes the line that sources the safe-chain zsh initialization script (~/.safe-chain/scripts/init-posix.sh)
+  removeLinesMatchingPattern(
+    startupFile,
+    /^source\s+~\/\.safe-chain\/scripts\/init-posix\.sh/,
+    eol
+  );
+
+  return true;
+}
+
+function setup() {
+  const startupFile = getStartupFile();
+
+  addLineToFile(
+    startupFile,
+    `source ~/.safe-chain/scripts/init-posix.sh # Safe-chain Zsh initialization script`,
+    eol
+  );
+
+  return true;
+}
+
+function getStartupFile() {
+  try {
+    return execSync(startupFileCommand, {
+      encoding: "utf8",
+      shell: executableName,
+    }).trim();
+  } catch (/** @type {any} */ error) {
+    throw new Error(
+      `Command failed: ${startupFileCommand}. Error: ${error.message}`
+    );
+  }
+}
+
+function getManualTeardownInstructions() {
+  return [
+    `Remove the following line from your ~/.zshrc file:`,
+    `  source ~/.safe-chain/scripts/init-posix.sh`,
+    `Then restart your terminal or run: source ~/.zshrc`,
+  ];
+}
+
+function getManualSetupInstructions() {
+  return [
+    `Add the following line to your ~/.zshrc file:`,
+    `  source ~/.safe-chain/scripts/init-posix.sh`,
+    `Then restart your terminal or run: source ~/.zshrc`,
+  ];
+}
+
+export default {
+  name: shellName,
+  isInstalled,
+  setup,
+  teardown,
+  getManualSetupInstructions,
+  getManualTeardownInstructions,
+};

package/src/shell-integration/teardown.js

@@ -0,0 +1,112 @@
+import chalk from "chalk";
+import { ui } from "../environment/userInteraction.js";
+import { detectShells } from "./shellDetection.js";
+import { knownAikidoTools, getPackageManagerList, getShimsDir, getScriptsDir } from "./helpers.js";
+import fs from "fs";
+
+/**
+ * @returns {Promise<void>}
+ */
+export async function teardown() {
+  ui.writeInformation(
+    chalk.bold("Removing shell aliases.") +
+      ` This will remove safe-chain aliases for ${getPackageManagerList()}.`
+  );
+  ui.emptyLine();
+
+  try {
+    const shells = detectShells();
+    if (shells.length === 0) {
+      ui.writeError("No supported shells detected. Cannot remove aliases.");
+      return;
+    }
+
+    ui.writeInformation(
+      `Detected ${shells.length} supported shell(s): ${shells
+        .map((shell) => chalk.bold(shell.name))
+        .join(", ")}.`
+    );
+
+    let updatedCount = 0;
+    for (const shell of shells) {
+      let success = false;
+      try {
+        success = shell.teardown(knownAikidoTools);
+      } catch {
+        success = false;
+      }
+
+      if (success) {
+        ui.writeInformation(
+          `${chalk.bold("- " + shell.name + ":")} ${chalk.green(
+            "Teardown successful"
+          )}`
+        );
+        updatedCount++;
+      } else {
+        ui.writeError(
+          `${chalk.bold("- " + shell.name + ":")} ${chalk.red(
+            "Teardown failed"
+          )}`
+        );
+        ui.emptyLine();
+        ui.writeInformation(`  ${chalk.bold("To tear down manually:")}`);
+        for (const instruction of shell.getManualTeardownInstructions()) {
+          ui.writeInformation(`    ${instruction}`);
+        }
+        ui.emptyLine();
+      }
+    }
+
+    if (updatedCount > 0) {
+      ui.emptyLine();
+      ui.writeInformation(`Please restart your terminal to apply the changes.`);
+    }
+  } catch (/** @type {any} */ error) {
+    ui.writeError(
+      `Failed to remove shell aliases: ${error.message}. Please check your shell configuration.`
+    );
+    return;
+  }
+}
+
+/**
+ * Removes directories created by setup-ci and setup commands
+ * @returns {Promise<void>}
+ */
+export async function teardownDirectories() {
+  const shimsDir = getShimsDir();
+  const scriptsDir = getScriptsDir();
+
+  // Remove CI shims directory
+  if (fs.existsSync(shimsDir)) {
+    try {
+      fs.rmSync(shimsDir, { recursive: true, force: true });
+      ui.writeInformation(
+        `${chalk.bold("- CI Shims:")} ${chalk.green("Removed successfully")}`
+      );
+    } catch (/** @type {any} */ error) {
+      ui.writeError(
+        `${chalk.bold("- CI Shims:")} ${chalk.red(
+          "Failed to remove"
+        )}. Error: ${error.message}`
+      );
+    }
+  }
+
+  // Remove scripts directory
+  if (fs.existsSync(scriptsDir)) {
+    try {
+      fs.rmSync(scriptsDir, { recursive: true, force: true });
+      ui.writeInformation(
+        `${chalk.bold("- Scripts:")} ${chalk.green("Removed successfully")}`
+      );
+    } catch (/** @type {any} */ error) {
+      ui.writeError(
+        `${chalk.bold("- Scripts:")} ${chalk.red(
+          "Failed to remove"
+        )}. Error: ${error.message}`
+      );
+    }
+  }
+}

package/src/ultimate/ultimateTroubleshooting.js

@@ -0,0 +1,111 @@
+import { platform } from 'os';
+import { ui } from "../environment/userInteraction.js";
+import { readFileSync, existsSync } from "node:fs";
+import {randomUUID} from "node:crypto";
+import {createWriteStream} from "fs";
+import archiver from 'archiver';
+import path from "node:path";
+
+export async function printUltimateLogs() {
+  const { proxyLogPath, ultimateLogPath, proxyErrLogPath, ultimateErrLogPath } = getPathsPerPlatform();
+
+  await printLogs(
+    "SafeChain Proxy",
+    proxyLogPath,
+    proxyErrLogPath
+  );
+
+  await printLogs(
+    "SafeChain Ultimate",
+    ultimateLogPath,
+    ultimateErrLogPath
+  );
+}
+
+export async function troubleshootingExport() {
+  const { logDir } = getPathsPerPlatform();
+  return new Promise((resolve, reject) => {
+    if (!existsSync(logDir)) {
+      ui.writeError(`Log directory not found: ${logDir}`);
+      reject(new Error(`Log directory not found: ${logDir}`));
+      return;
+    }
+
+    const date = new Date().toISOString().split('T')[0];
+    const uuid = randomUUID();
+    const zipFileName = `safechain-ultimate-${date}-${uuid}.zip`;
+    const output = createWriteStream(zipFileName);
+    const archive = archiver('zip', { zlib: { level: 9 } });
+
+    output.on('close', () => {
+      ui.writeInformation(`Logs collected and zipped as: ${path.resolve(zipFileName)}`);
+      resolve(zipFileName);
+    });
+
+    archive.on('error', (/** @type {Error} */ err) => {
+      ui.writeError(`Failed to zip logs: ${err.message}`);
+      reject(err);
+    });
+
+    archive.pipe(output);
+    archive.directory(logDir, false);
+    archive.finalize();
+  });
+}
+
+
+function getPathsPerPlatform() {
+  const os = platform();
+  if (os === 'win32') {
+    const logDir = `C:\\ProgramData\\AikidoSecurity\\SafeChainUltimate\\logs`;
+    return {
+      logDir,
+      proxyLogPath: `${logDir}\\SafeChainProxy.log`,
+      ultimateLogPath: `${logDir}\\SafeChainUltimate.log`,
+      proxyErrLogPath: `${logDir}\\SafeChainProxy.err`,
+      ultimateErrLogPath: `${logDir}\\SafeChainUltimate.err`,
+    };
+  } else if (os === 'darwin') {
+    const logDir = `/Library/Logs/AikidoSecurity/SafeChainUltimate`;
+    return {
+      logDir,
+      proxyLogPath: `${logDir}/safechain-proxy.log`,
+      ultimateLogPath: `${logDir}/safechain-ultimate.log`,
+      proxyErrLogPath: `${logDir}/safechain-proxy.error.log`,
+      ultimateErrLogPath: `${logDir}/safechain-ultimate.error.log`,
+    };
+  } else {
+    throw new Error('Unsupported platform for log printing.');
+  }
+}
+
+/**
+ * @param {string} appName
+ * @param {string} logPath
+ * @param {string} errLogPath
+ */
+async function printLogs(appName, logPath, errLogPath) {
+  ui.writeInformation(`=== ${appName} Logs ===`);
+  try {
+    if (existsSync(logPath)) {
+      const logs = readFileSync(logPath, "utf-8");
+      ui.writeInformation(logs);
+    } else {
+      ui.writeWarning(`${appName} log file not found: ${logPath}`);
+    }
+  } catch (error) {
+    ui.writeError(`Failed to read ${appName} logs: ${error}`);
+  }
+
+  ui.writeInformation(`=== ${appName} Error Logs ===`);
+  try {
+    if (existsSync(errLogPath)) {
+      const errLogs = readFileSync(errLogPath, "utf-8");
+      ui.writeInformation(errLogs);
+    } else {
+      ui.writeInformation(`No error log file found for ${appName}.`);
+    }
+  } catch (error) {
+    ui.writeError(`Failed to read ${appName} error logs: ${error}`);
+  }
+}