feat(core): terminal graphics capability detection (Phase 9 foundation) by eFAILution · Pull Request #271 · huntridge-labs/argus

eFAILution · 2026-06-13T15:02:31Z

Description

Phase 9 — the graphics foundation, dependency-free. argus/core/terminal_caps.py detects what the host terminal can do (inline-image protocol, OSC 8 hyperlinks, truecolor) from environment variables, and the Console help overlay now reports it. Targets the integration branch (feat/tui-explorer-and-scan-runner, PR #261).

Scope, stated plainly: this ships the detection foundation, not raster rendering. Inline pixel images (a textual-image-backed logo / dependency graph / QR) are a capability-gated opt-in that builds on detect_graphics, with a Unicode/ASCII fallback. They'd add a dependency for a marginal win, so they're deliberately deferred rather than forced onto every user of a supply-chain tool — the dep-conscious default. The roadmap's Phase 9 retains the raster path as the next opt-in.

Changes Made

Added new core module (argus/core/terminal_caps.py)
Modified existing scanner/workflow (Console help)
Updated documentation

Details

terminal_caps.py (UI-free, dep-free): detect_graphics (kitty / iterm / sixel / none), supports_graphics / supports_hyperlinks / supports_truecolor, capability_summary. Env-only — no escape-probing (which would be unsafe unsolicited).
Console help overlay (DocsScreen) shows graphics=… · hyperlinks=… · truecolor=… so users know what their terminal supports.

Testing

Unit tests added/updated — test_terminal_caps.py (16 tests): kitty family (KITTY_WINDOW_ID / xterm-kitty / ghostty / wezterm), iTerm, sixel (foot / mlterm), none-for-plain, hyperlink yes/no (dumb/linux/opt-out), truecolor, summary.
Full suite: 4137 passed, 21 skipped, coverage gate met. (3 local-only viewers/browser failures are pre-existing + green in CI.)

Security Considerations

No security impact — no new dependency, no network, env-read only (no escape-sequence probing).

AI Context Updates (.ai/)

.ai/architecture.yaml updated (core/terminal_caps.py, both mirror blocks)

Checklist

Code follows project style guidelines
Documentation updated (docs/console.md — help shows terminal capabilities)
Changelog updated (handled by release-it)
All tests pass
Reviewed by at least one maintainer
Reviewed CONTRIBUTING.md guidelines

Related Issues

Console epic — docs/developer/CONSOLE-ROADMAP.md, Phase 9 (foundation; raster rendering deferred as a dep-gated opt-in).

Phase 9's foundation, dependency-free. argus/core/terminal_caps.py detects what the host terminal can do — inline-image graphics protocol (kitty / iterm / sixel), OSC 8 hyperlinks, and 24-bit truecolor — from environment variables alone (no unsolicited escape probing). Fully unit-tested (16 tests). The Console help overlay reports the detected capabilities. Scope, stated plainly: this ships the detection foundation, not raster rendering. Inline pixel images (a textual-image-backed logo / dependency graph / QR) are a capability-gated opt-in that builds on detect_graphics here, with a Unicode/ASCII fallback — deliberately deferred rather than adding a dependency for a marginal win on a supply-chain tool. Also: add "iterm" to the codespell ignore-words list (terminal name, not a typo).

codecov · 2026-06-13T15:05:01Z

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

github-actions · 2026-06-13T15:07:12Z

🔒 Argus Container Security Scan

Branch: feat/console-graphics
Commit: 9cd3e78

📊 Combined Findings Summary

🚨 Critical	⚠️ High	🟡 Medium	🔵 Low	📦 Total	🔢 Unique
3	82	79	67	231	231

Scanned: 5 containers | Build Failures: 0

📦 Container Breakdown

Container	Image	🚨 Crit	⚠️ High	🟡 Med	🔵 Low	Total	Unique	Status
cli	`ghcr.io/huntridge-labs/argus/cli:9cd3e78a444b40fd9e9613648add036b8610c448`	1	62	41	4	108	108	✅
scanner-bandit	`ghcr.io/huntridge-labs/argus/scanner-bandit:9cd3e78a444b40fd9e9613648add036b8610c448`	0	0	0	0	0	0	✅
scanner-mumps	`ghcr.io/huntridge-labs/argus/scanner-mumps:9cd3e78a444b40fd9e9613648add036b8610c448`	0	0	0	0	0	0	✅
scanner-opengrep	`ghcr.io/huntridge-labs/argus/scanner-opengrep:9cd3e78a444b40fd9e9613648add036b8610c448`	2	8	32	63	105	105	✅
scanner-supply-chain	`ghcr.io/huntridge-labs/argus/scanner-supply-chain:9cd3e78a444b40fd9e9613648add036b8610c448`	0	12	6	0	18	18	✅

🔍 Detailed Findings by Container

🚨 cli - 108 vulnerabilities (45 unique)

Image: ghcr.io/huntridge-labs/argus/cli:9cd3e78a444b40fd9e9613648add036b8610c448

Combined (Deduplicated)

🚨 Critical	⚠️ High	🟡 Medium	🔵 Low	Total	Unique
1	62	41	4	108	45

🔷 Trivy Scanner (108 findings, 43 unique)

CVE	Severity	Package	Version	Fixed
CVE-2025-68121	🚨 CRITICAL	stdlib	v1.24.11	1.24.13, 1.25.7, 1.26.0-rc.3
CVE-2026-32280	⚠️ HIGH	stdlib	v1.26.1	1.25.9, 1.26.2
CVE-2026-32281	⚠️ HIGH	stdlib	v1.26.1	1.25.9, 1.26.2
CVE-2026-32283	⚠️ HIGH	stdlib	v1.26.1	1.25.9, 1.26.2
CVE-2026-33810	⚠️ HIGH	stdlib	v1.26.1	1.26.2
CVE-2026-33811	⚠️ HIGH	stdlib	v1.26.1	1.25.10, 1.26.3
CVE-2026-33814	⚠️ HIGH	stdlib	v1.26.1	1.25.10, 1.26.3
CVE-2026-39820	⚠️ HIGH	stdlib	v1.26.1	1.25.10, 1.26.3
CVE-2026-39823	⚠️ HIGH	stdlib	v1.26.1	1.25.10, 1.26.3
CVE-2026-39825	⚠️ HIGH	stdlib	v1.26.1	1.25.10, 1.26.3
CVE-2026-39836	⚠️ HIGH	stdlib	v1.26.1	1.25.10, 1.26.3
CVE-2026-42499	⚠️ HIGH	stdlib	v1.26.1	1.25.10, 1.26.3
CVE-2026-42504	⚠️ HIGH	stdlib	v1.26.1	1.25.11, 1.26.4
CVE-2025-61726	⚠️ HIGH	stdlib	v1.24.11	1.24.12, 1.25.6
CVE-2026-25679	⚠️ HIGH	stdlib	v1.24.11	1.25.8, 1.26.1
CVE-2026-32280	⚠️ HIGH	stdlib	v1.24.11	1.25.9, 1.26.2
CVE-2026-32281	⚠️ HIGH	stdlib	v1.24.11	1.25.9, 1.26.2
CVE-2026-32283	⚠️ HIGH	stdlib	v1.24.11	1.25.9, 1.26.2
CVE-2026-33811	⚠️ HIGH	stdlib	v1.24.11	1.25.10, 1.26.3
CVE-2026-33814	⚠️ HIGH	stdlib	v1.24.11	1.25.10, 1.26.3
CVE-2026-39820	⚠️ HIGH	stdlib	v1.24.11	1.25.10, 1.26.3
CVE-2026-39823	⚠️ HIGH	stdlib	v1.24.11	1.25.10, 1.26.3
CVE-2026-39825	⚠️ HIGH	stdlib	v1.24.11	1.25.10, 1.26.3
CVE-2026-39836	⚠️ HIGH	stdlib	v1.24.11	1.25.10, 1.26.3
CVE-2026-42499	⚠️ HIGH	stdlib	v1.24.11	1.25.10, 1.26.3
CVE-2026-42504	⚠️ HIGH	stdlib	v1.24.11	1.25.11, 1.26.4
CVE-2026-46680	⚠️ HIGH	github.com/containerd/containerd/v2	v2.2.2	2.0.9, 2.2.4, 2.3.1
CVE-2026-34040	⚠️ HIGH	github.com/docker/docker	v28.5.2+incompatible	29.3.1
CVE-2026-41567	⚠️ HIGH	github.com/docker/docker	v28.5.2+incompatible	N/A
CVE-2026-42306	⚠️ HIGH	github.com/docker/docker	v28.5.2+incompatible	N/A
CVE-2026-44973	⚠️ HIGH	github.com/go-git/go-billy/v5	v5.8.0	5.9.0
CVE-2026-45022	⚠️ HIGH	github.com/go-git/go-git/v5	v5.18.0	5.19.0
CVE-2026-33811	⚠️ HIGH	stdlib	v1.26.2	1.25.10, 1.26.3
CVE-2026-33814	⚠️ HIGH	stdlib	v1.26.2	1.25.10, 1.26.3
CVE-2026-39820	⚠️ HIGH	stdlib	v1.26.2	1.25.10, 1.26.3
CVE-2026-39823	⚠️ HIGH	stdlib	v1.26.2	1.25.10, 1.26.3
CVE-2026-39825	⚠️ HIGH	stdlib	v1.26.2	1.25.10, 1.26.3
CVE-2026-39836	⚠️ HIGH	stdlib	v1.26.2	1.25.10, 1.26.3
CVE-2026-42499	⚠️ HIGH	stdlib	v1.26.2	1.25.10, 1.26.3
CVE-2026-42504	⚠️ HIGH	stdlib	v1.26.2	1.25.11, 1.26.4
CVE-2026-46680	⚠️ HIGH	github.com/containerd/containerd/v2	v2.2.2	2.0.9, 2.2.4, 2.3.1
CVE-2026-44973	⚠️ HIGH	github.com/go-git/go-billy/v5	v5.8.0	5.9.0
CVE-2026-45022	⚠️ HIGH	github.com/go-git/go-git/v5	v5.18.0	5.19.0
CVE-2026-33811	⚠️ HIGH	stdlib	v1.26.2	1.25.10, 1.26.3
CVE-2026-33814	⚠️ HIGH	stdlib	v1.26.2	1.25.10, 1.26.3
CVE-2026-39820	⚠️ HIGH	stdlib	v1.26.2	1.25.10, 1.26.3
CVE-2026-39823	⚠️ HIGH	stdlib	v1.26.2	1.25.10, 1.26.3
CVE-2026-39825	⚠️ HIGH	stdlib	v1.26.2	1.25.10, 1.26.3
CVE-2026-39836	⚠️ HIGH	stdlib	v1.26.2	1.25.10, 1.26.3
CVE-2026-42499	⚠️ HIGH	stdlib	v1.26.2	1.25.10, 1.26.3

...and 58 more

⚓ Grype Scanner (0 findings, 0 unique)

✅ No vulnerabilities detected by Grype

✅ scanner-bandit - 0 vulnerabilities (0 unique)

Image: ghcr.io/huntridge-labs/argus/scanner-bandit:9cd3e78a444b40fd9e9613648add036b8610c448

Combined (Deduplicated)

🚨 Critical	⚠️ High	🟡 Medium	🔵 Low	Total	Unique
0	0	0	0	0	0

🔷 Trivy Scanner (0 findings, 0 unique)

✅ No vulnerabilities detected by Trivy

⚓ Grype Scanner (0 findings, 0 unique)

✅ No vulnerabilities detected by Grype

✅ scanner-mumps - 0 vulnerabilities (0 unique)

Image: ghcr.io/huntridge-labs/argus/scanner-mumps:9cd3e78a444b40fd9e9613648add036b8610c448

Combined (Deduplicated)

🚨 Critical	⚠️ High	🟡 Medium	🔵 Low	Total	Unique
0	0	0	0	0	0

🔷 Trivy Scanner (0 findings, 0 unique)

✅ No vulnerabilities detected by Trivy

⚓ Grype Scanner (0 findings, 0 unique)

✅ No vulnerabilities detected by Grype

🚨 scanner-opengrep - 106 vulnerabilities (49 unique)

Image: ghcr.io/huntridge-labs/argus/scanner-opengrep:9cd3e78a444b40fd9e9613648add036b8610c448

Combined (Deduplicated)

🚨 Critical	⚠️ High	🟡 Medium	🔵 Low	Total	Unique
2	8	32	63	106	49

🔷 Trivy Scanner (106 findings, 48 unique)

CVE	Severity	Package	Version	Fixed
CVE-2026-42496	🚨 CRITICAL	perl-base	5.40.1-6	N/A
CVE-2026-8376	🚨 CRITICAL	perl-base	5.40.1-6	N/A
CVE-2025-69720	⚠️ HIGH	libncursesw6	6.5+20250216-2	N/A
CVE-2025-69720	⚠️ HIGH	libtinfo6	6.5+20250216-2	N/A
CVE-2025-69720	⚠️ HIGH	ncurses-base	6.5+20250216-2	N/A
CVE-2025-69720	⚠️ HIGH	ncurses-bin	6.5+20250216-2	N/A
CVE-2026-42497	⚠️ HIGH	perl-base	5.40.1-6	N/A
CVE-2026-48959	⚠️ HIGH	perl-base	5.40.1-6	N/A
CVE-2026-48962	⚠️ HIGH	perl-base	5.40.1-6	N/A
CVE-2026-9538	⚠️ HIGH	perl-base	5.40.1-6	N/A
CVE-2026-27456	🟡 MEDIUM	bsdutils	1:2.41-5	N/A
CVE-2026-3184	🟡 MEDIUM	bsdutils	1:2.41-5	N/A
CVE-2026-27456	🟡 MEDIUM	libblkid1	2.41-5	N/A
CVE-2026-3184	🟡 MEDIUM	libblkid1	2.41-5	N/A
CVE-2026-42250	🟡 MEDIUM	libbz2-1.0	1.0.8-6	N/A
CVE-2026-5435	🟡 MEDIUM	libc-bin	2.41-12+deb13u3	N/A
CVE-2026-5450	🟡 MEDIUM	libc-bin	2.41-12+deb13u3	N/A
CVE-2026-5928	🟡 MEDIUM	libc-bin	2.41-12+deb13u3	N/A
CVE-2026-6238	🟡 MEDIUM	libc-bin	2.41-12+deb13u3	N/A
CVE-2026-5435	🟡 MEDIUM	libc6	2.41-12+deb13u3	N/A
CVE-2026-5450	🟡 MEDIUM	libc6	2.41-12+deb13u3	N/A
CVE-2026-5928	🟡 MEDIUM	libc6	2.41-12+deb13u3	N/A
CVE-2026-6238	🟡 MEDIUM	libc6	2.41-12+deb13u3	N/A
CVE-2026-27456	🟡 MEDIUM	liblastlog2-2	2.41-5	N/A
CVE-2026-3184	🟡 MEDIUM	liblastlog2-2	2.41-5	N/A
CVE-2026-34743	🟡 MEDIUM	liblzma5	5.8.1-1	N/A
CVE-2026-27456	🟡 MEDIUM	libmount1	2.41-5	N/A
CVE-2026-3184	🟡 MEDIUM	libmount1	2.41-5	N/A
CVE-2026-27456	🟡 MEDIUM	libsmartcols1	2.41-5	N/A
CVE-2026-3184	🟡 MEDIUM	libsmartcols1	2.41-5	N/A
CVE-2026-27456	🟡 MEDIUM	libuuid1	2.41-5	N/A
CVE-2026-3184	🟡 MEDIUM	libuuid1	2.41-5	N/A
CVE-2026-27456	🟡 MEDIUM	login	1:4.16.0-2+really2.41-5	N/A
CVE-2026-3184	🟡 MEDIUM	login	1:4.16.0-2+really2.41-5	N/A
CVE-2026-27456	🟡 MEDIUM	mount	2.41-5	N/A
CVE-2026-3184	🟡 MEDIUM	mount	2.41-5	N/A
CVE-2025-15649	🟡 MEDIUM	perl-base	5.40.1-6	N/A
CVE-2026-7010	🟡 MEDIUM	perl-base	5.40.1-6	N/A
CVE-2026-5704	🟡 MEDIUM	tar	1.35+dfsg-3.1	N/A
CVE-2026-27456	🟡 MEDIUM	util-linux	2.41-5	N/A
CVE-2026-3184	🟡 MEDIUM	util-linux	2.41-5	N/A
CVE-2026-27171	🟡 MEDIUM	zlib1g	1:1.3.dfsg+really1.3.1-1+b1	N/A
CVE-2011-3374	🔵 LOW	apt	3.0.3	N/A
TEMP-0841856-B18BAF	🔵 LOW	bash	5.2.37-2+b9	N/A
CVE-2022-0563	🔵 LOW	bsdutils	1:2.41-5	N/A
CVE-2025-14104	🔵 LOW	bsdutils	1:2.41-5	N/A
CVE-2017-18018	🔵 LOW	coreutils	9.7-3	N/A
CVE-2025-5278	🔵 LOW	coreutils	9.7-3	N/A
CVE-2011-3374	🔵 LOW	libapt-pkg7.0	3.0.3	N/A
CVE-2022-0563	🔵 LOW	libblkid1	2.41-5	N/A

...and 56 more

⚓ Grype Scanner (0 findings, 0 unique)

✅ No vulnerabilities detected by Grype

⚠️

scanner-supply-chain - 18 vulnerabilities (18 unique)

Image: ghcr.io/huntridge-labs/argus/scanner-supply-chain:9cd3e78a444b40fd9e9613648add036b8610c448

Combined (Deduplicated)

🚨 Critical	⚠️ High	🟡 Medium	🔵 Low	Total	Unique
0	12	6	0	18	18

🔷 Trivy Scanner (18 findings, 18 unique)

CVE	Severity	Package	Version	Fixed
CVE-2026-32280	⚠️ HIGH	stdlib	v1.26.1	1.25.9, 1.26.2
CVE-2026-32281	⚠️ HIGH	stdlib	v1.26.1	1.25.9, 1.26.2
CVE-2026-32283	⚠️ HIGH	stdlib	v1.26.1	1.25.9, 1.26.2
CVE-2026-33810	⚠️ HIGH	stdlib	v1.26.1	1.26.2
CVE-2026-33811	⚠️ HIGH	stdlib	v1.26.1	1.25.10, 1.26.3
CVE-2026-33814	⚠️ HIGH	stdlib	v1.26.1	1.25.10, 1.26.3
CVE-2026-39820	⚠️ HIGH	stdlib	v1.26.1	1.25.10, 1.26.3
CVE-2026-39823	⚠️ HIGH	stdlib	v1.26.1	1.25.10, 1.26.3
CVE-2026-39825	⚠️ HIGH	stdlib	v1.26.1	1.25.10, 1.26.3
CVE-2026-39836	⚠️ HIGH	stdlib	v1.26.1	1.25.10, 1.26.3
CVE-2026-42499	⚠️ HIGH	stdlib	v1.26.1	1.25.10, 1.26.3
CVE-2026-42504	⚠️ HIGH	stdlib	v1.26.1	1.25.11, 1.26.4
CVE-2026-27145	🟡 MEDIUM	stdlib	v1.26.1	1.25.11, 1.26.4
CVE-2026-32282	🟡 MEDIUM	stdlib	v1.26.1	1.25.9, 1.26.2
CVE-2026-32288	🟡 MEDIUM	stdlib	v1.26.1	1.25.9, 1.26.2
CVE-2026-32289	🟡 MEDIUM	stdlib	v1.26.1	1.25.9, 1.26.2
CVE-2026-39826	🟡 MEDIUM	stdlib	v1.26.1	1.25.10, 1.26.3
CVE-2026-42507	🟡 MEDIUM	stdlib	v1.26.1	1.25.11, 1.26.4

⚓ Grype Scanner (0 findings, 0 unique)

✅ No vulnerabilities detected by Grype

Generated by Argus

eFAILution temporarily deployed to testpypi June 13, 2026 15:03 — with GitHub Actions Inactive

eFAILution merged commit 3d4d3ec into feat/tui-explorer-and-scan-runner Jun 13, 2026
26 checks passed

eFAILution deleted the feat/console-graphics branch June 13, 2026 15:07

eFAILution mentioned this pull request Jun 13, 2026

feat: Argus Console (TUI) + browser viewer modernization — interactive console, live intelligence, charts, formal PDF report #261

Closed

19 tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

feat(core): terminal graphics capability detection (Phase 9 foundation)#271

feat(core): terminal graphics capability detection (Phase 9 foundation)#271
eFAILution merged 1 commit into
feat/tui-explorer-and-scan-runnerfrom
feat/console-graphics

eFAILution commented Jun 13, 2026

Uh oh!

codecov Bot commented Jun 13, 2026

Uh oh!

github-actions Bot commented Jun 13, 2026

Combined (Deduplicated)

Combined (Deduplicated)

Combined (Deduplicated)

Combined (Deduplicated)

Combined (Deduplicated)

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Uh oh!

Conversation

eFAILution commented Jun 13, 2026

Description

Changes Made

Details

Testing

Security Considerations

AI Context Updates (.ai/)

Checklist

Related Issues

Uh oh!

codecov Bot commented Jun 13, 2026

Codecov Report

Uh oh!

github-actions Bot commented Jun 13, 2026

🔒 Argus Container Security Scan

📊 Combined Findings Summary

📦 Container Breakdown

🔍 Detailed Findings by Container

Combined (Deduplicated)

Combined (Deduplicated)

Combined (Deduplicated)

Combined (Deduplicated)

Combined (Deduplicated)

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant