[PPSC-1065] feat(supply-chain): add PowerShell support to init#255
Merged
Conversation
Extend `supply-chain init` RC mode to PowerShell so Windows/PowerShell users get install-time package-age enforcement, not just scanning. - DetectShells: append a PowerShell pass (pwsh on macOS/Linux; pwsh + Windows PowerShell 5.1 on Windows). An entry qualifies if its executable is on PATH or its profile already exists. - powershellProfiles / resolveWindowsDocumentsDir: resolve the CurrentUserAllHosts profile path, handling OneDrive redirection. - generatePowerShellWrapper + shellQuotePowerShell: recursion-safe via `Get-Command -CommandType Application`, fail-closed (warn on real stderr, run the real PM unwrapped), skips dotted pip variants. - ShellReloadCommand / IsPowerShell helpers; cmd-layer string and guidance updates (init error + help, dotted-variant note, uninit help, status suppression comment). Inject/remove/status plumbing and the WrappedPMs regex are shell-agnostic, so they inherit PowerShell with no change. RC-mode only; --mode env and the uvToolReceipts Windows path fix are out of scope. Verified end-to-end on macOS via a pwsh stub; Windows-gated tests run on the existing windows-latest CI matrix entry.
There was a problem hiding this comment.
Pull request overview
Adds PowerShell (pwsh + Windows PowerShell) support to the supply-chain shell wrapper workflow, extending init/uninit/status behavior and adding tests to cover detection and wrapper generation.
Changes:
- Extend shell detection and wrapper generation to support PowerShell profiles, including profile path resolution on Unix and Windows (with OneDrive-aware Documents resolution).
- Update
supply-chain initUX to show the correct per-shell reload command and to note when dotted PM names are skipped for PowerShell. - Add/extend tests for PowerShell wrapper output, dotted-name skipping, PowerShell detection, and profile path resolution.
Reviewed changes
Copilot reviewed 7 out of 7 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| internal/supplychain/shell.go | Adds PowerShell shell constants, detection, wrapper generation, and reload-command helper. |
| internal/supplychain/shell_test.go | Adds PowerShell-focused unit tests for wrapper output, detection, and reload command. |
| internal/cmd/supply_chain_uninit.go | Updates help text to include PowerShell profile scanning. |
| internal/cmd/supply_chain_status.go | Updates boundedness comment to include PowerShell detection. |
| internal/cmd/supply_chain_init.go | Adds dotted-PM skip note logic and uses per-shell reload command printing. |
| internal/cmd/supply_chain_init_test.go | Adds tests for dotted-PM skip note helper behavior. |
| docs/CHANGELOG.md | Documents new PowerShell injection support (paths currently need correction). |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
GitHub-hosted macOS and Ubuntu runners ship with pwsh pre-installed,
so IsOnPath("pwsh") fired even when HOME/SHELL were cleared. Clear PATH
too so the test truly isolates an environment with no shells available.
Test Coverage Reporttotal: (statements) 74.0% Coverage by function |
- Quote PowerShell profile path in ShellReloadCommand to handle paths with spaces (e.g. OneDrive-redirected Documents on Windows) - Fix misleading pip note: only claim non-dotted alternatives are wrapped if they are actually present in the detected PM list - Correct CHANGELOG profile paths: profile.ps1 (CurrentUserAllHosts), not Microsoft.PowerShell_profile.ps1 (CurrentUserCurrentHost); add Windows PowerShell 5.1 path - Suppress CWE-78 FP on ShellReloadCommand return value (display-only, never executed; rcFile derives from hardcoded HOME-relative paths)
…oted PowerShell path ShellReloadCommand now wraps the profile path with shellQuotePowerShell so paths containing spaces (e.g. OneDrive Documents redirects) work correctly. Update the test want strings to match the quoted output.
2 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
supply-chain initnow injects wrapper functions into the PowerShell profile (~/.config/powershell/Microsoft.PowerShell_profile.ps1on Unix;Documents\PowerShell\Microsoft.PowerShell_profile.ps1on Windows)pip3.12) are skipped in the PowerShell profile — PowerShell function names may not contain dots — with a muted note informing the user thatpipandpip3are still wrappedsupply-chain uninitandsupply-chain statusupdated to include PowerShell in their shell detection coverageTest plan
make testpasses (2831 tests, 73.1% coverage)make lintpasses (0 issues)make buildsucceedsarmis-cli supply-chain initcreates/updates the PowerShell profilepip3.12detected: init prints the muted note about dotted names being skippedarmis-cli supply-chain statusshows PowerShell in the shell list when presentarmis-cli supply-chain uninitremoves PowerShell profile injections