@aikidosec/safe-chain 1.2.1 → 1.2.4

package/README.md

@@ -22,6 +22,7 @@ Aikido Safe Chain supports the following package managers:
 - 📦 **pip** (beta)
 - 📦 **pip3** (beta)
 - 📦 **uv** (beta)
+- 📦 **poetry** (beta)
 
 # Usage
 
@@ -81,7 +82,7 @@ iex "& { $(iwr 'https://raw.githubusercontent.com/AikidoSec/safe-chain/main/inst
 
    - The output should show that Aikido Safe Chain is blocking the installation of these test packages as they are flagged as malware.
 
-When running `npm`, `npx`, `yarn`, `pnpm`, `pnpx`, `bun`, `bunx`, `uv`, `pip`, or `pip3` commands, the Aikido Safe Chain will automatically check for malware in the packages you are trying to install. It also intercepts Python module invocations for pip when available (e.g., `python -m pip install ...`, `python3 -m pip download ...`). If any malware is detected, it will prompt you to exit the command.
+When running `npm`, `npx`, `yarn`, `pnpm`, `pnpx`, `bun`, `bunx`, `uv`, `pip`, `pip3` or `poetry` commands, the Aikido Safe Chain will automatically check for malware in the packages you are trying to install. It also intercepts Python module invocations for pip when available (e.g., `python -m pip install ...`, `python3 -m pip download ...`). If any malware is detected, it will prompt you to exit the command.
 
 You can check the installed version by running:
 
@@ -93,13 +94,13 @@ safe-chain --version
 
 ### Malware Blocking
 
-The Aikido Safe Chain works by running a lightweight proxy server that intercepts package downloads from the npm registry and PyPI. When you run npm, npx, yarn, pnpm, pnpx, bun, bunx, uv, `pip`, or `pip3` commands, all package downloads are routed through this local proxy, which verifies packages in real-time against **[Aikido Intel - Open Sources Threat Intelligence](https://intel.aikido.dev/?tab=malware)**. If malware is detected in any package (including deep dependencies), the proxy blocks the download before the malicious code reaches your machine.
+The Aikido Safe Chain works by running a lightweight proxy server that intercepts package downloads from the npm registry and PyPI. When you run npm, npx, yarn, pnpm, pnpx, bun, bunx, uv, pip, pip3 or poetry commands, all package downloads are routed through this local proxy, which verifies packages in real-time against **[Aikido Intel - Open Sources Threat Intelligence](https://intel.aikido.dev/?tab=malware)**. If malware is detected in any package (including deep dependencies), the proxy blocks the download before the malicious code reaches your machine.
 
 ### Minimum package age (npm only)
 
 For npm packages, Safe Chain temporarily suppresses packages published within the last 24 hours (by default) until they have been validated against malware. This provides an additional security layer during the critical period when newly published packages are most vulnerable to containing undetected threats. You can configure this threshold or bypass this protection entirely - see the [Minimum Package Age Configuration](#minimum-package-age) section below.
 
-⚠️ This feature **only applies to npm-based package managers** (npm, npx, yarn, pnpm, pnpx, bun, bunx) and does not apply to Python package managers (uv, pip, pip3).
+⚠️ This feature **only applies to npm-based package managers** (npm, npx, yarn, pnpm, pnpx, bun, bunx) and does not apply to Python package managers (uv, pip, pip3, poetry).
 
 ### Shell Integration
 
@@ -115,17 +116,21 @@ More information about the shell integration can be found in the [shell integrat
 
 ## Uninstallation
 
-To uninstall the Aikido Safe Chain, you can run the following command:
+To uninstall the Aikido Safe Chain, use our one-line uninstaller:
 
-1. **Remove all aliases from your shell** by running:
-   ```shell
-   safe-chain teardown
-   ```
-2. **Uninstall the Aikido Safe Chain package** using npm:
-   ```shell
-   npm uninstall -g @aikidosec/safe-chain
-   ```
-3. **❗Restart your terminal** to remove the aliases.
+### Unix/Linux/macOS
+
+```shell
+curl -fsSL https://raw.githubusercontent.com/AikidoSec/safe-chain/main/install-scripts/uninstall-safe-chain.sh | sh
+```
+
+### Windows (PowerShell)
+
+```powershell
+iex (iwr "https://raw.githubusercontent.com/AikidoSec/safe-chain/main/install-scripts/uninstall-safe-chain.ps1" -UseBasicParsing)
+```
+
+**❗Restart your terminal** after uninstalling to ensure all aliases are removed.
 
 # Configuration
 
@@ -235,7 +240,7 @@ iex "& { $(iwr 'https://raw.githubusercontent.com/AikidoSec/safe-chain/main/inst
   run: npm ci
 ```
 
-> **Note:** Remove `--include-python` if you don't need Python (pip/pip3/uv) support.
+> **Note:** Remove `--include-python` if you don't need Python (pip/pip3/uv/poetry) support.
 
 ## Azure DevOps Example
 
@@ -252,6 +257,6 @@ iex "& { $(iwr 'https://raw.githubusercontent.com/AikidoSec/safe-chain/main/inst
   displayName: "Install dependencies"
 ```
 
-> **Note:** Remove `--include-python` if you don't need Python (pip/pip3/uv) support.
+> **Note:** Remove `--include-python` if you don't need Python (pip/pip3/uv/poetry) support.
 
 After setup, all subsequent package manager commands in your CI pipeline will automatically be protected by Aikido Safe Chain's malware detection.

package/bin/aikido-pip.js

@@ -3,15 +3,12 @@
 import { main } from "../src/main.js";
 import { initializePackageManager } from "../src/packagemanager/currentPackageManager.js";
 import { setEcoSystem, ECOSYSTEM_PY } from "../src/config/settings.js";
-import { setCurrentPipInvocation, PIP_INVOCATIONS, PIP_PACKAGE_MANAGER } from "../src/packagemanager/pip/pipSettings.js";
+import { PIP_PACKAGE_MANAGER, PIP_COMMAND } from "../src/packagemanager/pip/pipSettings.js";
 
 // Set eco system
 setEcoSystem(ECOSYSTEM_PY);
 
-// Set current invocation
-setCurrentPipInvocation(PIP_INVOCATIONS.PIP);
-
-initializePackageManager(PIP_PACKAGE_MANAGER);
+initializePackageManager(PIP_PACKAGE_MANAGER, { tool: PIP_COMMAND, args: process.argv.slice(2) });
 
 (async () => {
   // Pass through only user-supplied pip args

package/bin/aikido-pip3.js

@@ -3,16 +3,12 @@
 import { main } from "../src/main.js";
 import { initializePackageManager } from "../src/packagemanager/currentPackageManager.js";
 import { setEcoSystem, ECOSYSTEM_PY } from "../src/config/settings.js";
-import { setCurrentPipInvocation, PIP_INVOCATIONS, PIP_PACKAGE_MANAGER } from "../src/packagemanager/pip/pipSettings.js";
+import { PIP_PACKAGE_MANAGER, PIP3_COMMAND } from "../src/packagemanager/pip/pipSettings.js";
 
 // Set eco system
 setEcoSystem(ECOSYSTEM_PY);
 
-// Set current invocation
-setCurrentPipInvocation(PIP_INVOCATIONS.PIP3);
-
-// Create package manager
-initializePackageManager(PIP_PACKAGE_MANAGER);
+initializePackageManager(PIP_PACKAGE_MANAGER, { tool: PIP3_COMMAND, args: process.argv.slice(2) });
 
 (async () => {
   // Pass through only user-supplied pip args

package/bin/aikido-poetry.js

@@ -0,0 +1,13 @@
+#!/usr/bin/env node
+
+import { main } from "../src/main.js";
+import { initializePackageManager } from "../src/packagemanager/currentPackageManager.js";
+import { setEcoSystem, ECOSYSTEM_PY } from "../src/config/settings.js";
+
+setEcoSystem(ECOSYSTEM_PY);
+initializePackageManager("poetry");
+
+(async () => {
+  var exitCode = await main(process.argv.slice(2));
+  process.exit(exitCode);
+})();

package/bin/aikido-python.js

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 
 import { initializePackageManager } from "../src/packagemanager/currentPackageManager.js";
-import { setCurrentPipInvocation, PIP_INVOCATIONS, PIP_PACKAGE_MANAGER } from "../src/packagemanager/pip/pipSettings.js";
+import { PIP_PACKAGE_MANAGER, PYTHON_COMMAND } from "../src/packagemanager/pip/pipSettings.js";
 import { setEcoSystem, ECOSYSTEM_PY } from "../src/config/settings.js";
 import { main } from "../src/main.js";
 
@@ -11,20 +11,9 @@ setEcoSystem(ECOSYSTEM_PY);
 // Strip nodejs and wrapper script from args
 let argv = process.argv.slice(2);
 
-(async () => {
-  if (argv[0] === '-m' && (argv[1] === 'pip' || argv[1] === 'pip3')) {
-    setEcoSystem(ECOSYSTEM_PY);
-    setCurrentPipInvocation(argv[1] === 'pip3' ? PIP_INVOCATIONS.PY_PIP3 : PIP_INVOCATIONS.PY_PIP);
-    initializePackageManager(PIP_PACKAGE_MANAGER);
-
-    // Strip off the '-m pip' or '-m pip3' from the args
-    argv = argv.slice(2);
+initializePackageManager(PIP_PACKAGE_MANAGER, { tool: PYTHON_COMMAND, args: argv });
 
-    var exitCode = await main(argv);
-    process.exit(exitCode);
-  } else {
-    // Forward to real python binary for non-pip flows
-    const { spawn } = await import('child_process');
-    spawn('python', argv, { stdio: 'inherit' });
-  }
+(async () => {
+  var exitCode = await main(argv);
+  process.exit(exitCode);
 })();

package/bin/aikido-python3.js

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 
 import { initializePackageManager } from "../src/packagemanager/currentPackageManager.js";
-import { setCurrentPipInvocation, PIP_INVOCATIONS, PIP_PACKAGE_MANAGER } from "../src/packagemanager/pip/pipSettings.js";
+import { PIP_PACKAGE_MANAGER, PYTHON3_COMMAND } from "../src/packagemanager/pip/pipSettings.js";
 import { setEcoSystem, ECOSYSTEM_PY } from "../src/config/settings.js";
 import { main } from "../src/main.js";
 
@@ -11,20 +11,9 @@ setEcoSystem(ECOSYSTEM_PY);
 // Strip nodejs and wrapper script from args
 let argv = process.argv.slice(2);
 
-(async () => {
-  if (argv[0] === '-m' && (argv[1] === 'pip' || argv[1] === 'pip3')) {
-    setEcoSystem(ECOSYSTEM_PY);
-    setCurrentPipInvocation(argv[1] === 'pip3' ? PIP_INVOCATIONS.PY3_PIP3 : PIP_INVOCATIONS.PY3_PIP);
-    initializePackageManager(PIP_PACKAGE_MANAGER);
-
-    // Strip off the '-m pip' or '-m pip3' from the args
-    argv = argv.slice(2);
+initializePackageManager(PIP_PACKAGE_MANAGER, { tool: PYTHON3_COMMAND, args: argv });
 
-    var exitCode = await main(argv);
-    process.exit(exitCode);
-  } else {
-    // Forward to real python3 binary for non-pip flows
-    const { spawn } = await import('child_process');
-    spawn('python3', argv, { stdio: 'inherit' });
-  }
+(async () => {
+  var exitCode = await main(argv);
+  process.exit(exitCode);
 })();

package/bin/safe-chain.js

@@ -3,7 +3,7 @@
 import chalk from "chalk";
 import { ui } from "../src/environment/userInteraction.js";
 import { setup } from "../src/shell-integration/setup.js";
-import { teardown } from "../src/shell-integration/teardown.js";
+import { teardown, teardownDirectories } from "../src/shell-integration/teardown.js";
 import { setupCi } from "../src/shell-integration/setup-ci.js";
 import { initializeCliArguments } from "../src/config/cliArguments.js";
 import { setEcoSystem } from "../src/config/settings.js";
@@ -13,11 +13,6 @@ import path from "path";
 import { fileURLToPath } from "url";
 import fs from "fs";
 import { knownAikidoTools } from "../src/shell-integration/helpers.js";
-import {
-  PIP_INVOCATIONS,
-  PIP_PACKAGE_MANAGER,
-  setCurrentPipInvocation,
-} from "../src/packagemanager/pip/pipSettings.js";
 
 /** @type {string} */
 // This checks the current file's dirname in a way that's compatible with:
@@ -46,15 +41,14 @@ const command = process.argv[2];
 
 const tool = knownAikidoTools.find((tool) => tool.tool === command);
 
-if (tool && tool.internalPackageManagerName === PIP_PACKAGE_MANAGER) {
-  (async function () {
-    await executePip(tool);
-  })();
-} else if (tool) {
+if (tool) {
   const args = process.argv.slice(3);
 
   setEcoSystem(tool.ecoSystem);
-  initializePackageManager(tool.internalPackageManagerName);
+  
+  // Provide tool context to PM (pip uses this; others ignore)
+  const toolContext = { tool: tool.tool, args };
+  initializePackageManager(tool.internalPackageManagerName, toolContext);
 
   (async () => {
     var exitCode = await main(args);
@@ -66,6 +60,7 @@ if (tool && tool.internalPackageManagerName === PIP_PACKAGE_MANAGER) {
 } else if (command === "setup") {
   setup();
 } else if (command === "teardown") {
+  teardownDirectories();
   teardown();
 } else if (command === "setup-ci") {
   setupCi();
@@ -140,51 +135,3 @@ async function getVersion() {
 
   return "0.0.0";
 }
-
-/**
- * @param {import("../src/shell-integration/helpers.js").AikidoTool} tool
- */
-async function executePip(tool) {
-  // Scanners for pip / pip3 / python / python3 use a slightly different approach:
-  //  - They all use the same PIP_PACKAGE_MANAGER internally, but need some setup to be able to do so
-  //     - It needs to set which tool to run (pip / pip3 / python / python3)
-  //     - For python and python3, the -m pip/pip3 args are removed and later added again by the package manager
-  //  - Python / python3 skips safe-chain if not being run with -m pip or -m pip3
-
-  let args = process.argv.slice(3);
-  setEcoSystem(tool.ecoSystem);
-  initializePackageManager(PIP_PACKAGE_MANAGER);
-
-  let shouldSkip = false;
-  if (tool.tool === "pip") {
-    setCurrentPipInvocation(PIP_INVOCATIONS.PIP);
-  } else if (tool.tool === "pip3") {
-    setCurrentPipInvocation(PIP_INVOCATIONS.PIP3);
-  } else if (tool.tool === "python") {
-    if (args[0] === "-m" && (args[1] === "pip" || args[1] === "pip3")) {
-      setCurrentPipInvocation(
-        args[1] === "pip3" ? PIP_INVOCATIONS.PY_PIP3 : PIP_INVOCATIONS.PY_PIP
-      );
-      args = args.slice(2);
-    } else {
-      shouldSkip = true;
-    }
-  } else if (tool.tool === "python3") {
-    if (args[0] === "-m" && (args[1] === "pip" || args[1] === "pip3")) {
-      setCurrentPipInvocation(
-        args[1] === "pip3" ? PIP_INVOCATIONS.PY3_PIP3 : PIP_INVOCATIONS.PY3_PIP
-      );
-      args = args.slice(2);
-    } else {
-      shouldSkip = true;
-    }
-  }
-
-  if (shouldSkip) {
-    const { spawn } = await import("child_process");
-    spawn(tool.tool, args, { stdio: "inherit" });
-  } else {
-    var exitCode = await main(args);
-    process.exit(exitCode);
-  }
-}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aikidosec/safe-chain",
-  "version": "1.2.1",
+  "version": "1.2.4",
   "scripts": {
     "test": "node --test --experimental-test-module-mocks 'src/**/*.spec.js'",
     "test:watch": "node --test --watch --experimental-test-module-mocks 'src/**/*.spec.js'",
@@ -20,6 +20,7 @@
     "aikido-pip3": "bin/aikido-pip3.js",
     "aikido-python": "bin/aikido-python.js",
     "aikido-python3": "bin/aikido-python3.js",
+    "aikido-poetry": "bin/aikido-poetry.js",
     "safe-chain": "bin/safe-chain.js"
   },
   "type": "module",

package/src/config/configFile.js

@@ -67,7 +67,7 @@ function validateMinimumPackageAgeHours(value) {
  */
 export function getMinimumPackageAgeHours() {
   const config = readConfigFile();
-  if (config.minimumPackageAgeHours) {
+  if (config.minimumPackageAgeHours !== undefined) {
     const validated = validateMinimumPackageAgeHours(
       config.minimumPackageAgeHours
     );

package/src/config/settings.js

@@ -81,7 +81,7 @@ function validateMinimumPackageAgeHours(value) {
     return undefined;
   }
 
-  if (numericValue > 0) {
+  if (numericValue >= 0) {
     return numericValue;
   }
 

package/src/main.js

@@ -23,6 +23,7 @@ export async function main(args) {
   process.on("uncaughtException", (error) => {
     ui.writeError(`Safe-chain: Uncaught exception: ${error.message}`);
     ui.writeVerbose(`Stack trace: ${error.stack}`);
+    ui.writeBufferedLogsAndStopBuffering();
     process.exit(1);
   });
 
@@ -31,6 +32,7 @@ export async function main(args) {
     if (reason instanceof Error) {
       ui.writeVerbose(`Stack trace: ${reason.stack}`);
     }
+    ui.writeBufferedLogsAndStopBuffering();
     process.exit(1);
   });
 
@@ -64,8 +66,7 @@ export async function main(args) {
 
     const auditStats = getAuditStats();
     if (auditStats.totalPackages > 0) {
-      ui.emptyLine();
-      ui.writeInformation(
+      ui.writeVerbose(
         `${chalk.green("✔")} Safe-chain: Scanned ${
           auditStats.totalPackages
         } packages, no malware found.`
@@ -90,6 +91,7 @@ export async function main(args) {
     return packageManagerResult.status;
   } catch (/** @type any */ error) {
     ui.writeError("Failed to check for malicious packages:", error.message);
+    ui.writeBufferedLogsAndStopBuffering();
 
     // Returning the exit code back to the caller allows the promise
     //  to be awaited in the bin files and return the correct exit code

package/src/packagemanager/currentPackageManager.js

@@ -11,6 +11,7 @@ import {
 import { createYarnPackageManager } from "./yarn/createPackageManager.js";
 import { createPipPackageManager } from "./pip/createPackageManager.js";
 import { createUvPackageManager } from "./uv/createUvPackageManager.js";
+import { createPoetryPackageManager } from "./poetry/createPoetryPackageManager.js";
 
 /**
  * @type {{packageManagerName: PackageManager | null}}
@@ -35,10 +36,11 @@ const state = {
 
 /**
  * @param {string} packageManagerName
+ * @param {{ tool: string, args: string[] }} [context] - Optional tool context for package managers like pip
  *
  * @return {PackageManager}
  */
-export function initializePackageManager(packageManagerName) {
+export function initializePackageManager(packageManagerName, context) {
   if (packageManagerName === "npm") {
     state.packageManagerName = createNpmPackageManager();
   } else if (packageManagerName === "npx") {
@@ -54,9 +56,11 @@ export function initializePackageManager(packageManagerName) {
   } else if (packageManagerName === "bunx") {
     state.packageManagerName = createBunxPackageManager();
   } else if (packageManagerName === "pip") {
-    state.packageManagerName = createPipPackageManager();
+    state.packageManagerName = createPipPackageManager(context);
   } else if (packageManagerName === "uv") {
     state.packageManagerName = createUvPackageManager();
+  } else if (packageManagerName === "poetry") {
+    state.packageManagerName = createPoetryPackageManager();
   } else {
     throw new Error("Unsupported package manager: " + packageManagerName);
   }

package/src/packagemanager/pip/createPackageManager.js

@@ -1,17 +1,21 @@
 import { runPip } from "./runPipCommand.js";
-import { getCurrentPipInvocation } from "./pipSettings.js";
+import { PIP_COMMAND } from "./pipSettings.js";
+
 /**
+ * @param {{ tool: string, args: string[] }} [context] - Optional context with tool name and args
  * @returns {import("../currentPackageManager.js").PackageManager}
  */
-export function createPipPackageManager() {
+export function createPipPackageManager(context) {
+  const tool = context?.tool || PIP_COMMAND;
+
   return {
     /**
      * @param {string[]} args
      */
     runCommand: (args) => {
-      const invocation = getCurrentPipInvocation();
-      const fullArgs = [...invocation.args, ...args];
-      return runPip(invocation.command, fullArgs);
+      // Args from main.js are already stripped of --safe-chain-* flags
+      // We just pass the tool (e.g. "python3") and the args (e.g. ["-m", "pip", "install", ...])
+      return runPip(tool, args);
     },
     // For pip, rely solely on MITM proxy to detect/deny downloads from known registries.
     isSupportedCommand: () => false,

package/src/packagemanager/pip/pipSettings.js

@@ -1,30 +1,6 @@
 export const PIP_PACKAGE_MANAGER = "pip";
 
-// All supported python/pip invocations for Safe Chain interception
-export const PIP_INVOCATIONS = {
-  PIP: { command: "pip", args: [] },
-  PIP3: { command: "pip3", args: [] },
-  PY_PIP: { command: "python", args: ["-m", "pip"] },
-  PY3_PIP: { command: "python3", args: ["-m", "pip"] },
-  PY_PIP3: { command: "python", args: ["-m", "pip3"] },
-  PY3_PIP3: { command: "python3", args: ["-m", "pip3"] }
-};
-
-/**
- * @type {{ command: string, args: string[] }}
- */
-let currentInvocation = PIP_INVOCATIONS.PY3_PIP; // Default to python3 -m pip
-
-/**
- * @param {{ command: string, args: string[] }} invocation
- */
-export function setCurrentPipInvocation(invocation) {
-  currentInvocation = invocation;
-}
-
-/**
- * @returns {{ command: string, args: string[] }}
- */
-export function getCurrentPipInvocation() {
-  return currentInvocation;
-}
+export const PIP_COMMAND = "pip";
+export const PIP3_COMMAND = "pip3";
+export const PYTHON_COMMAND = "python";
+export const PYTHON3_COMMAND = "python3";

package/src/packagemanager/pip/runPipCommand.js

@@ -2,11 +2,31 @@ import { ui } from "../../environment/userInteraction.js";
 import { safeSpawn } from "../../utils/safeSpawn.js";
 import { mergeSafeChainProxyEnvironmentVariables } from "../../registryProxy/registryProxy.js";
 import { getCombinedCaBundlePath } from "../../registryProxy/certBundle.js";
+import { PIP_COMMAND, PIP3_COMMAND, PYTHON_COMMAND, PYTHON3_COMMAND } from "./pipSettings.js";
 import fs from "node:fs/promises";
 import fsSync from "node:fs";
 import os from "node:os";
 import path from "node:path";
 import ini from "ini";
+import { spawn } from "child_process";
+
+/**
+ * Checks if this pip invocation should bypass safe-chain and spawn directly.
+ * Returns true if the tool is python/python3 but NOT being run with -m pip/pip3.
+ * @param {string} command - The command executable
+ * @param {string[]} args - The arguments
+ * @returns {boolean}
+ */
+export function shouldBypassSafeChain(command, args) {
+  if (command === PYTHON_COMMAND || command === PYTHON3_COMMAND) {
+    // Check if args start with -m pip
+    if (args.length >= 2 && args[0] === "-m" && (args[1] === PIP_COMMAND || args[1] === PIP3_COMMAND)) {
+      return false;
+    }
+    return true;
+  }
+  return false;
+}
 
 /**
  * Sets fallback CA bundle environment variables used by Python libraries.
@@ -49,15 +69,34 @@ function setFallbackCaBundleEnvironmentVariables(env, combinedCaPath) {
  * Special handling for commands that modify config/cache/state: PIP_CONFIG_FILE is NOT overridden to allow
  * users to read/write persistent config. Only CA environment variables are set for these commands.
  * 
- * @param {string} command - The pip command to execute (e.g., 'pip3')
+ * @param {string} command - The pip command executable (e.g., 'pip3' or 'python3')
  * @param {string[]} args - Command line arguments to pass to pip
  * @returns {Promise<{status: number}>} Exit status of the pip command
  */
 export async function runPip(command, args) {
+  // Check if we should bypass safe-chain (python/python3 without -m pip)
+  if (shouldBypassSafeChain(command, args)) {
+    ui.writeVerbose(`Safe-chain: Bypassing safe-chain for non-pip invocation: ${command} ${args.join(" ")}`);
+    // Spawn the ORIGINAL command with ORIGINAL args
+    return new Promise((_resolve) => {
+      const proc = spawn(command, args, { stdio: "inherit" });
+      proc.on("exit", (/** @type {number | null} */ code) => {
+        ui.writeVerbose(`${command} ${args.join(" ")} exited with status ${code}`);
+        ui.writeBufferedLogsAndStopBuffering();
+        process.exit(code ?? 0);
+      });
+      proc.on("error", (/** @type {Error} */ err) => {
+        ui.writeError(`Error executing command: ${err.message}`);
+        ui.writeBufferedLogsAndStopBuffering();
+        process.exit(1);
+      });
+    });
+  }
+
   try {
     const env = mergeSafeChainProxyEnvironmentVariables(process.env);
 
-    // Always provide Python with a complete CA bundle (Safe Chain CA + Mozilla + Node built-in roots)
+    // Always provide Python with a complete CA bundle (Safe Chain CA + Mozilla + Node built-in roots + user certs)
     // so that any network request made by pip, including those outside explicit CLI args,
     // validates correctly under both MITM'd and tunneled HTTPS.
     const combinedCaPath = getCombinedCaBundlePath();

package/src/packagemanager/poetry/createPoetryPackageManager.js

@@ -0,0 +1,77 @@
+import { ui } from "../../environment/userInteraction.js";
+import { safeSpawn } from "../../utils/safeSpawn.js";
+import { mergeSafeChainProxyEnvironmentVariables } from "../../registryProxy/registryProxy.js";
+import { getCombinedCaBundlePath } from "../../registryProxy/certBundle.js";
+
+/**
+ * @returns {import("../currentPackageManager.js").PackageManager}
+ */
+export function createPoetryPackageManager() {
+  return {
+    runCommand: (args) => runPoetryCommand(args),
+
+    // MITM only approach for Poetry
+    isSupportedCommand: () => false,
+    getDependencyUpdatesForCommand: () => [],
+  };
+}
+
+/**
+ * Sets CA bundle environment variables used by Poetry and Python libraries.
+ * Poetry uses the Python requests library which respects these environment variables.
+ * 
+ * @param {NodeJS.ProcessEnv} env - Environment object to modify
+ * @param {string} combinedCaPath - Path to the combined CA bundle
+ */
+function setPoetryCaBundleEnvironmentVariables(env, combinedCaPath) {
+  // SSL_CERT_FILE: Used by Python SSL libraries and requests
+  if (env.SSL_CERT_FILE) {
+    ui.writeWarning("Safe-chain: User defined SSL_CERT_FILE found in environment. It will be overwritten.");
+  }
+  env.SSL_CERT_FILE = combinedCaPath;
+
+  // REQUESTS_CA_BUNDLE: Used by the requests library (which Poetry uses)
+  if (env.REQUESTS_CA_BUNDLE) {
+    ui.writeWarning("Safe-chain: User defined REQUESTS_CA_BUNDLE found in environment. It will be overwritten.");
+  }
+  env.REQUESTS_CA_BUNDLE = combinedCaPath;
+
+  // PIP_CERT: Poetry may use pip internally
+  if (env.PIP_CERT) {
+    ui.writeWarning("Safe-chain: User defined PIP_CERT found in environment. It will be overwritten.");
+  }
+  env.PIP_CERT = combinedCaPath;
+}
+
+/**
+ * Runs a poetry command with safe-chain's certificate bundle and proxy configuration.
+ * 
+ * Poetry respects standard HTTP_PROXY/HTTPS_PROXY environment variables through
+ * the Python requests library.
+ * 
+ * @param {string[]} args - Command line arguments to pass to poetry
+ * @returns {Promise<{status: number}>} Exit status of the poetry command
+ */
+async function runPoetryCommand(args) {
+  try {
+    const env = mergeSafeChainProxyEnvironmentVariables(process.env);
+
+    const combinedCaPath = getCombinedCaBundlePath();
+    setPoetryCaBundleEnvironmentVariables(env, combinedCaPath);
+
+    const result = await safeSpawn("poetry", args, {
+      stdio: "inherit",
+      env,
+    });
+    
+    return { status: result.status };
+  } catch (/** @type any */ error) {
+    if (error.status) {
+      return { status: error.status };
+    } else {
+      ui.writeError("Error executing command:", error.message);
+      ui.writeError("Is 'poetry' installed and available on your system?");
+      return { status: 1 };
+    }
+  }
+}