feat(console): in-app init wizard (Initialize screen)#265
Merged
eFAILution merged 1 commit intoJun 13, 2026
Conversation
Phase 3 of the Console roadmap. The home menu's Initialize entry now opens an in-app wizard (InitScreen) instead of shelling out to `argus init`: it detects the project, shows what it found plus a tool-readiness line, lists the proposed scanners as toggles, and writes argus.yml. `w` writes; `r` writes and hands straight to the Phase-0 scan runner for the first scan; `esc` cancels. An existing argus.yml requires a confirming second keypress before it's overwritten — mirroring `argus init`'s --force guard, never a silent clobber. The wizard reimplements no detection logic. init_wizard.py is a UI-free, textual-free frontend over the pure functions in argus.init (detect_project, generate_config, _extract_enabled_scanners, _check_local_readiness): build_plan returns an InitPlan (detected categories, proposed scanners, generated YAML, readiness) and write_config enforces the overwrite guard. Scanner toggles reuse the Phase-2 config_editor over the generated YAML, so toggling and the comment-preserving write share one implementation. The signal-to-label map moves to argus.init.SIGNAL_LABELS so the CLI summary and the wizard render identical names. With Init now in-app, the _HANDOFF_INIT sentinel and its subprocess hand-off in launch() are removed.
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
Contributor
🔒 Argus Container Security ScanBranch: 📊 Combined Findings Summary
Scanned: 5 containers | Build Failures: 0 📦 Container Breakdown
🔍 Detailed Findings by Container🚨 cli - 108 vulnerabilities (45 unique)Image: Combined (Deduplicated)
🔷 Trivy Scanner (108 findings, 43 unique)
...and 58 more ⚓ Grype Scanner (0 findings, 0 unique)✅ No vulnerabilities detected by Grype ✅ scanner-bandit - 0 vulnerabilities (0 unique)Image: Combined (Deduplicated)
🔷 Trivy Scanner (0 findings, 0 unique)✅ No vulnerabilities detected by Trivy ⚓ Grype Scanner (0 findings, 0 unique)✅ No vulnerabilities detected by Grype ✅ scanner-mumps - 0 vulnerabilities (0 unique)Image: Combined (Deduplicated)
🔷 Trivy Scanner (0 findings, 0 unique)✅ No vulnerabilities detected by Trivy ⚓ Grype Scanner (0 findings, 0 unique)✅ No vulnerabilities detected by Grype 🚨 scanner-opengrep - 106 vulnerabilities (49 unique)Image: Combined (Deduplicated)
🔷 Trivy Scanner (106 findings, 48 unique)
...and 56 more ⚓ Grype Scanner (0 findings, 0 unique)✅ No vulnerabilities detected by Grype
|
| 🚨 Critical | 🟡 Medium | 🔵 Low | Total | Unique | |
|---|---|---|---|---|---|
| 0 | 12 | 6 | 0 | 18 | 18 |
🔷 Trivy Scanner (18 findings, 18 unique)
| CVE | Severity | Package | Version | Fixed |
|---|---|---|---|---|
| CVE-2026-32280 | stdlib | v1.26.1 | 1.25.9, 1.26.2 | |
| CVE-2026-32281 | stdlib | v1.26.1 | 1.25.9, 1.26.2 | |
| CVE-2026-32283 | stdlib | v1.26.1 | 1.25.9, 1.26.2 | |
| CVE-2026-33810 | stdlib | v1.26.1 | 1.26.2 | |
| CVE-2026-33811 | stdlib | v1.26.1 | 1.25.10, 1.26.3 | |
| CVE-2026-33814 | stdlib | v1.26.1 | 1.25.10, 1.26.3 | |
| CVE-2026-39820 | stdlib | v1.26.1 | 1.25.10, 1.26.3 | |
| CVE-2026-39823 | stdlib | v1.26.1 | 1.25.10, 1.26.3 | |
| CVE-2026-39825 | stdlib | v1.26.1 | 1.25.10, 1.26.3 | |
| CVE-2026-39836 | stdlib | v1.26.1 | 1.25.10, 1.26.3 | |
| CVE-2026-42499 | stdlib | v1.26.1 | 1.25.10, 1.26.3 | |
| CVE-2026-42504 | stdlib | v1.26.1 | 1.25.11, 1.26.4 | |
| CVE-2026-27145 | 🟡 MEDIUM | stdlib | v1.26.1 | 1.25.11, 1.26.4 |
| CVE-2026-32282 | 🟡 MEDIUM | stdlib | v1.26.1 | 1.25.9, 1.26.2 |
| CVE-2026-32288 | 🟡 MEDIUM | stdlib | v1.26.1 | 1.25.9, 1.26.2 |
| CVE-2026-32289 | 🟡 MEDIUM | stdlib | v1.26.1 | 1.25.9, 1.26.2 |
| CVE-2026-39826 | 🟡 MEDIUM | stdlib | v1.26.1 | 1.25.10, 1.26.3 |
| CVE-2026-42507 | 🟡 MEDIUM | stdlib | v1.26.1 | 1.25.11, 1.26.4 |
⚓ Grype Scanner (0 findings, 0 unique)
✅ No vulnerabilities detected by Grype
Generated by Argus
eFAILution
merged commit e375afe
into
feat/tui-explorer-and-scan-runner
26 checks passed
19 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Phase 3 of the Console roadmap: an in-app Initialize wizard. The home menu's Initialize entry now opens an
InitScreeninstead of shelling out toargus init. This PR targets the Console integration branch (feat/tui-explorer-and-scan-runner, PR #261), notmain— it merges in once green so the full Console can be reviewed as one solution.Changes Made
Details
InitScreen(argus/viewers/terminal/console.py): detect → show what was found + a one-line tool-readiness summary → list proposed scanners as toggles → writeargus.yml.wwrites;rwrites and hands off to the Phase-0 scan runner for the first scan;esccancels. An existingargus.ymlrequires a confirming second keypress before overwrite (mirrorsargus init --force) — never a silent clobber.init_wizard.py(new,argus/viewers/terminal/): UI-free, textual-free frontend over the pureargus.initfunctions — no detection logic is reimplemented.build_plan(root)callsdetect_project/generate_config/_extract_enabled_scanners/_check_local_readinessand returns anInitPlan(detected categories, proposed scanners, generated YAML, readiness).write_configenforces the overwrite guard (FileExistsErrorunlessforce).config_editorover the generated YAML, so toggling and the comment-preserving write share one implementation.argus.init.SIGNAL_LABELS: the signal→label map was promoted to a module-level constant so the CLI summary and the wizard render identical names._HANDOFF_INITsentinel and itssubprocesshand-off inlaunch()are gone (the unusedsysimport too).Testing
Test Results
test_init_wizard.py(new): 24 tests covering detected-category mapping, plan building (python project / empty dir /detect=False), readiness formatting, summary line, and thewrite_configoverwrite guard.test_console.py(updated):initnow routes through_open_init(pushesInitScreen, no hand-off); addedInitScreenconstruction coverage.Pilotsmoke tests confirmed detect → toggle (recompose) → write end-to-end, and the existing-config two-keypress overwrite arm.viewers/browserfailures are the known pre-existing fastapi-0.136.1 template diffs (green in CI), unrelated to this change.Security Considerations
Security Details
The wizard writes a generated/validated
argus.ymland never overwrites an existing file without an explicit second confirmation. No code execution; detection is the same read-only logicargus initalready runs.AI Context Updates (.ai/)
.ai/architecture.yamlupdated (Init wizard +init_wizard.pynoted underviewers/terminal/).ai/workflows.yamlupdated.ai/decisions.yamlupdated.ai/errors.yamlupdatedChecklist
docs/console.mdInitialize section,docs/developer/CONSOLE-ROADMAP.mdPhase 3 → shipped)Related Issues
Part of the Console epic (
docs/developer/CONSOLE-ROADMAP.md, Phase 3).Screenshots/Logs (if applicable)
Wizard is keyboard-driven (enter toggle · w write · r write & scan · esc cancel). It shows the detected project signals, a readiness line, and the proposed scanner toggles.