souleyez 2.43.29__py3-none-any.whl → 3.0.0__py3-none-any.whl

souleyez/reporting/formatters.py

@@ -35,21 +35,27 @@ class MarkdownFormatter:
 
 ---"""
 
-    def executive_summary(self, engagement: Dict, findings: Dict, overview: Dict, report_type: str = 'technical') -> str:
+    def executive_summary(
+        self,
+        engagement: Dict,
+        findings: Dict,
+        overview: Dict,
+        report_type: str = "technical",
+    ) -> str:
         """
         Generate executive summary with business impact context.
-        
+
         Args:
             engagement: Engagement details
             findings: Findings grouped by severity
             overview: Attack surface overview
             report_type: 'executive', 'technical', or 'summary'
         """
-        critical_count = len(findings['critical'])
-        high_count = len(findings['high'])
-        medium_count = len(findings['medium'])
-        total_hosts = overview['total_hosts']
-        exploited = overview['exploited_services']
+        critical_count = len(findings["critical"])
+        high_count = len(findings["high"])
+        medium_count = len(findings["medium"])
+        total_hosts = overview["total_hosts"]
+        exploited = overview["exploited_services"]
 
         # Determine risk level
         if critical_count > 0:
@@ -87,86 +93,94 @@ The penetration test identified **{critical_count} critical** and **{high_count}
             summary += " Immediate remediation is recommended for critical findings to prevent potential compromise."
 
         # Business Impact Section (for executive reports)
-        if report_type == 'executive' and (critical_count > 0 or high_count > 0):
+        if report_type == "executive" and (critical_count > 0 or high_count > 0):
             summary += "\n\n### BUSINESS IMPACT\n\n"
-            
+
             # Analyze top findings for business impact
-            top_findings = findings['critical'][:3] if critical_count > 0 else findings['high'][:3]
+            top_findings = (
+                findings["critical"][:3] if critical_count > 0 else findings["high"][:3]
+            )
             impacts = self._calculate_business_impacts(top_findings)
-            
+
             # Overall business risks
             summary += "**Key Business Risks:**\n\n"
-            
-            if any('data breach' in str(f.get('title', '')).lower() or 
-                   'sql injection' in str(f.get('title', '')).lower() 
-                   for f in findings['critical']):
+
+            if any(
+                "data breach" in str(f.get("title", "")).lower()
+                or "sql injection" in str(f.get("title", "")).lower()
+                for f in findings["critical"]
+            ):
                 summary += "- **Data Breach Risk:** Vulnerabilities could expose sensitive customer data, leading to regulatory fines (GDPR up to €20M/4% revenue) and reputational damage\n"
-            
+
             if critical_count > 0:
                 summary += f"- **System Compromise:** {critical_count} critical vulnerabilit{'y' if critical_count == 1 else 'ies'} could allow attackers full system access\n"
-            
+
             if high_count >= 3:
                 summary += f"- **Security Posture:** {high_count} high-severity issues indicate systematic security gaps requiring attention\n"
-            
+
             summary += "\n**Compliance Impact:**\n\n"
-            
+
             # Estimate compliance implications
             if critical_count > 0 or high_count >= 5:
                 summary += "- Current security posture may not meet PCI-DSS, ISO 27001, or SOC 2 requirements\n"
                 summary += "- Non-compliance could block customer contracts, certifications, or partnerships\n"
-            
+
             # Financial impact estimate
             summary += "\n**Estimated Financial Impact (if exploited):**\n\n"
             if critical_count > 0:
                 summary += f"- Incident response costs: ${50000 * critical_count:,} - ${200000 * critical_count:,}\n"
-                summary += f"- Potential breach notification and remediation: ${100000:,}+\n"
+                summary += (
+                    f"- Potential breach notification and remediation: ${100000:,}+\n"
+                )
                 summary += "- Reputational damage and customer loss: Significant\n"
 
         # Top risks with business context
         if critical_count > 0 or high_count > 0:
             summary += "\n\n### TOP RISKS\n\n"
-            top_findings = findings['critical'][:3] + findings['high'][:3]
+            top_findings = findings["critical"][:3] + findings["high"][:3]
             for idx, finding in enumerate(top_findings[:5], 1):
-                severity = finding.get('severity', 'unknown').upper()
-                title = finding['title']
+                severity = finding.get("severity", "unknown").upper()
+                title = finding["title"]
                 summary += f"**{idx}. {title}** - {severity}\n"
-                
+
                 # Add business impact for executive reports
-                if report_type == 'executive':
+                if report_type == "executive":
                     impact = self._get_finding_business_context(finding)
                     summary += f"   *Impact:* {impact}\n"
-                
+
                 summary += "\n"
 
         # Action Timeline (for executive reports)
-        if report_type == 'executive' and (critical_count > 0 or high_count > 0):
+        if report_type == "executive" and (critical_count > 0 or high_count > 0):
             summary += "### ACTION TIMELINE\n\n"
-            
+
             if critical_count > 0:
                 summary += f"**Immediate (This Week):** Address {critical_count} critical finding{'s' if critical_count != 1 else ''}\n"
                 summary += "- Deploy emergency patches\n"
                 summary += "- Implement temporary mitigations\n"
                 summary += "- Begin incident response preparation\n\n"
-            
+
             if high_count > 0:
                 summary += f"**Short-Term (Within 2 Weeks):** Remediate {high_count} high-priority issue{'s' if high_count != 1 else ''}\n"
                 summary += "- Plan and schedule fixes\n"
                 summary += "- Update security configurations\n"
                 summary += "- Review access controls\n\n"
-            
+
             if medium_count > 0:
                 summary += f"**Medium-Term (30 Days):** Address {medium_count} medium-severity finding{'s' if medium_count != 1 else ''}\n"
                 summary += "- Systematic security improvements\n"
                 summary += "- Policy and procedure updates\n\n"
-            
+
             # Resource estimate
             total_hours = (critical_count * 4) + (high_count * 2) + (medium_count * 1)
             summary += f"**Estimated Remediation Effort:** {total_hours}-{total_hours * 2} hours\n"
-            summary += "*See Recommendations section for detailed remediation guidance.*\n"
+            summary += (
+                "*See Recommendations section for detailed remediation guidance.*\n"
+            )
 
         summary += "\n---"
         return summary
-    
+
     def _calculate_business_impacts(self, findings: List[Dict]) -> List[str]:
         """Calculate business impacts for top findings."""
         impacts = []
@@ -174,44 +188,57 @@ The penetration test identified **{critical_count} critical** and **{high_count}
             impact = self._get_finding_business_context(finding)
             impacts.append(impact)
         return impacts
-    
+
     def _get_finding_business_context(self, finding: Dict) -> str:
         """Get business context for a specific finding."""
-        title_lower = finding.get('title', '').lower()
-        
+        title_lower = finding.get("title", "").lower()
+
         # Data breach scenarios
-        if 'sql injection' in title_lower or 'data breach' in title_lower or 'dump' in title_lower:
+        if (
+            "sql injection" in title_lower
+            or "data breach" in title_lower
+            or "dump" in title_lower
+        ):
             return "Data breach risk with regulatory and reputational consequences"
-        
+
         # Authentication/Access
-        if 'authentication' in title_lower or 'credential' in title_lower or 'password' in title_lower:
+        if (
+            "authentication" in title_lower
+            or "credential" in title_lower
+            or "password" in title_lower
+        ):
             return "Unauthorized access could compromise confidential systems and data"
-        
+
         # Injection attacks
-        if 'injection' in title_lower or 'xss' in title_lower:
+        if "injection" in title_lower or "xss" in title_lower:
             return "User account compromise and potential malware distribution"
-        
+
         # Information disclosure
-        if 'disclosure' in title_lower or 'exposure' in title_lower:
+        if "disclosure" in title_lower or "exposure" in title_lower:
             return "Information leakage aids attacker reconnaissance and planning"
-        
+
         # Configuration issues
-        if 'configuration' in title_lower or 'misconfiguration' in title_lower:
+        if "configuration" in title_lower or "misconfiguration" in title_lower:
             return "Security weaknesses that lower defense effectiveness"
-        
+
         # Default severity-based context
-        severity = finding.get('severity', '').lower()
-        if severity == 'critical':
+        severity = finding.get("severity", "").lower()
+        if severity == "critical":
             return "High-impact vulnerability requiring immediate attention"
-        elif severity == 'high':
+        elif severity == "high":
             return "Significant security risk requiring timely remediation"
         else:
             return "Security issue requiring attention"
 
-    def engagement_overview(self, engagement: Dict, tools_used: List[str] = None, report_type: str = 'technical') -> str:
+    def engagement_overview(
+        self,
+        engagement: Dict,
+        tools_used: List[str] = None,
+        report_type: str = "technical",
+    ) -> str:
         """
         Generate engagement overview section.
-        
+
         Args:
             engagement: Engagement details
             tools_used: List of tools used in assessment
@@ -230,83 +257,152 @@ Testing was conducted against systems within the defined scope. All testing acti
 ### Tools Used
 
 """
-        
+
         # If tools list provided, use it dynamically
         if tools_used:
             # Executive: Just show count
-            if report_type == 'executive':
+            if report_type == "executive":
                 section += f"{len(tools_used)} industry-standard security testing tools were utilized during this assessment.\n\n"
                 section += "---"
                 return section
-            
+
             # Tool descriptions and categories
             tool_info = {
-                'nmap': {'desc': 'Port scanning and service enumeration', 'cat': 'Reconnaissance'},
-                'metasploit': {'desc': 'Exploitation and post-exploitation', 'cat': 'Exploitation'},
-                'msf': {'desc': 'Exploitation and post-exploitation', 'cat': 'Exploitation'},
-                'nuclei': {'desc': 'Web vulnerability scanning with templated checks', 'cat': 'Vulnerability Scanning'},
-                'sqlmap': {'desc': 'SQL injection testing and database exploitation', 'cat': 'Exploitation'},
-                'gobuster': {'desc': 'Directory and DNS brute forcing', 'cat': 'Enumeration'},
-                'ffuf': {'desc': 'Fast web fuzzer for directory and parameter discovery', 'cat': 'Enumeration'},
-                'hydra': {'desc': 'Credential brute forcing', 'cat': 'Password Attacks'},
-                'theharvester': {'desc': 'OSINT and email/subdomain gathering', 'cat': 'Reconnaissance'},
-                'dnsrecon': {'desc': 'DNS enumeration and zone transfer testing', 'cat': 'Reconnaissance'},
-                'whois': {'desc': 'Domain registration and ownership information', 'cat': 'Reconnaissance'},
-                'enum4linux': {'desc': 'SMB/Windows enumeration', 'cat': 'Enumeration'},
-                'smbmap': {'desc': 'SMB share enumeration and access testing', 'cat': 'Enumeration'},
-                'wpscan': {'desc': 'WordPress vulnerability scanning', 'cat': 'Vulnerability Scanning'},
-                'dirb': {'desc': 'Web content scanner', 'cat': 'Enumeration'},
-                'searchsploit': {'desc': 'Exploit database search', 'cat': 'Exploitation'},
-                'john': {'desc': 'Password cracking', 'cat': 'Password Attacks'},
-                'hashcat': {'desc': 'Advanced password recovery', 'cat': 'Password Attacks'},
-                'medusa': {'desc': 'Parallel password brute forcer', 'cat': 'Password Attacks'},
-                'crackmapexec': {'desc': 'Network authentication testing', 'cat': 'Exploitation'},
-                'responder': {'desc': 'LLMNR/NBT-NS/MDNS poisoner', 'cat': 'Exploitation'},
-                'bloodhound': {'desc': 'Active Directory attack path analysis', 'cat': 'Post-Exploitation'},
-                'mimikatz': {'desc': 'Credential extraction', 'cat': 'Post-Exploitation'},
-                'linpeas': {'desc': 'Linux privilege escalation checker', 'cat': 'Post-Exploitation'},
-                'winpeas': {'desc': 'Windows privilege escalation checker', 'cat': 'Post-Exploitation'},
+                "nmap": {
+                    "desc": "Port scanning and service enumeration",
+                    "cat": "Reconnaissance",
+                },
+                "metasploit": {
+                    "desc": "Exploitation and post-exploitation",
+                    "cat": "Exploitation",
+                },
+                "msf": {
+                    "desc": "Exploitation and post-exploitation",
+                    "cat": "Exploitation",
+                },
+                "nuclei": {
+                    "desc": "Web vulnerability scanning with templated checks",
+                    "cat": "Vulnerability Scanning",
+                },
+                "sqlmap": {
+                    "desc": "SQL injection testing and database exploitation",
+                    "cat": "Exploitation",
+                },
+                "gobuster": {
+                    "desc": "Directory and DNS brute forcing",
+                    "cat": "Enumeration",
+                },
+                "ffuf": {
+                    "desc": "Fast web fuzzer for directory and parameter discovery",
+                    "cat": "Enumeration",
+                },
+                "hydra": {
+                    "desc": "Credential brute forcing",
+                    "cat": "Password Attacks",
+                },
+                "theharvester": {
+                    "desc": "OSINT and email/subdomain gathering",
+                    "cat": "Reconnaissance",
+                },
+                "dnsrecon": {
+                    "desc": "DNS enumeration and zone transfer testing",
+                    "cat": "Reconnaissance",
+                },
+                "whois": {
+                    "desc": "Domain registration and ownership information",
+                    "cat": "Reconnaissance",
+                },
+                "enum4linux": {"desc": "SMB/Windows enumeration", "cat": "Enumeration"},
+                "smbmap": {
+                    "desc": "SMB share enumeration and access testing",
+                    "cat": "Enumeration",
+                },
+                "wpscan": {
+                    "desc": "WordPress vulnerability scanning",
+                    "cat": "Vulnerability Scanning",
+                },
+                "dirb": {"desc": "Web content scanner", "cat": "Enumeration"},
+                "searchsploit": {
+                    "desc": "Exploit database search",
+                    "cat": "Exploitation",
+                },
+                "john": {"desc": "Password cracking", "cat": "Password Attacks"},
+                "hashcat": {
+                    "desc": "Advanced password recovery",
+                    "cat": "Password Attacks",
+                },
+                "medusa": {
+                    "desc": "Parallel password brute forcer",
+                    "cat": "Password Attacks",
+                },
+                "crackmapexec": {
+                    "desc": "Network authentication testing",
+                    "cat": "Exploitation",
+                },
+                "responder": {
+                    "desc": "LLMNR/NBT-NS/MDNS poisoner",
+                    "cat": "Exploitation",
+                },
+                "bloodhound": {
+                    "desc": "Active Directory attack path analysis",
+                    "cat": "Post-Exploitation",
+                },
+                "mimikatz": {
+                    "desc": "Credential extraction",
+                    "cat": "Post-Exploitation",
+                },
+                "linpeas": {
+                    "desc": "Linux privilege escalation checker",
+                    "cat": "Post-Exploitation",
+                },
+                "winpeas": {
+                    "desc": "Windows privilege escalation checker",
+                    "cat": "Post-Exploitation",
+                },
             }
-            
+
             # Group tools by category
             categorized = {}
             unknown_tools = []
-            
+
             for tool in tools_used:
                 tool_lower = tool.lower()
                 info = tool_info.get(tool_lower)
-                
+
                 if info:
-                    category = info['cat']
+                    category = info["cat"]
                     if category not in categorized:
                         categorized[category] = []
-                    categorized[category].append({
-                        'name': tool,
-                        'desc': info['desc']
-                    })
+                    categorized[category].append({"name": tool, "desc": info["desc"]})
                 else:
                     unknown_tools.append(tool)
-            
+
             # Display by category in logical order
             category_order = [
-                'Reconnaissance',
-                'Enumeration',
-                'Vulnerability Scanning',
-                'Exploitation',
-                'Password Attacks',
-                'Post-Exploitation'
+                "Reconnaissance",
+                "Enumeration",
+                "Vulnerability Scanning",
+                "Exploitation",
+                "Password Attacks",
+                "Post-Exploitation",
             ]
-            
+
             for category in category_order:
                 if category in categorized:
                     section += f"**{category}:**\n"
-                    for tool in sorted(categorized[category], key=lambda x: x['name'].lower()):
+                    for tool in sorted(
+                        categorized[category], key=lambda x: x["name"].lower()
+                    ):
                         # Capitalize tool name properly
-                        tool_lower = tool['name'].lower()
-                        tool_name = tool['name'].upper() if tool_lower in ['smb', 'dns', 'osint'] else tool['name'].title()
+                        tool_lower = tool["name"].lower()
+                        tool_name = (
+                            tool["name"].upper()
+                            if tool_lower in ["smb", "dns", "osint"]
+                            else tool["name"].title()
+                        )
                         section += f"- {tool_name} - {tool['desc']}\n"
                     section += "\n"
-            
+
             # Add any unknown tools at the end
             if unknown_tools:
                 section += "**Other Tools:**\n"
@@ -331,14 +427,14 @@ Testing was conducted against systems within the defined scope. All testing acti
 - Gobuster - Directory brute forcing
 
 """
-        
+
         section += "---"
         return section
 
     def attack_surface_section(self, attack_surface: Dict) -> str:
         """Generate attack surface analysis section."""
-        hosts = attack_surface['hosts'][:5]
-        overview = attack_surface['overview']
+        hosts = attack_surface["hosts"][:5]
+        overview = attack_surface["overview"]
 
         section = """## ATTACK SURFACE ANALYSIS
 
@@ -353,16 +449,18 @@ Testing was conducted against systems within the defined scope. All testing acti
         section += "### Top Targets (by attack surface score)\n\n"
 
         for idx, host in enumerate(hosts, 1):
-            prog = host['exploitation_progress']
-            pct = round((prog['exploited'] / prog['total'] * 100) if prog['total'] > 0 else 0, 0)
+            prog = host["exploitation_progress"]
+            pct = round(
+                (prog["exploited"] / prog["total"] * 100) if prog["total"] > 0 else 0, 0
+            )
 
             section += f"#### #{idx} {host['host']}"
-            if host.get('hostname'):
+            if host.get("hostname"):
                 section += f" ({host['hostname']})"
             section += f" - Score: {host['score']}\n\n"
 
             # Format services count properly (handle list, int, or empty)
-            services_data = host.get('services', 0)
+            services_data = host.get("services", 0)
             if isinstance(services_data, list):
                 services_count = len(services_data)
             else:
@@ -371,7 +469,7 @@ Testing was conducted against systems within the defined scope. All testing acti
             section += f"- **{host['open_ports']} open ports**\n"
             section += f"- **{services_count} services** identified\n"
             section += f"- **{host['findings']} vulnerabilities** found"
-            if host['critical_findings'] > 0:
+            if host["critical_findings"] > 0:
                 section += f" ({host['critical_findings']} critical)"
             section += "\n"
             section += f"- **Exploitation:** {prog['exploited']}/{prog['total']} services ({pct}%)\n\n"
@@ -381,11 +479,11 @@ Testing was conducted against systems within the defined scope. All testing acti
 
     def findings_summary(self, findings: Dict) -> str:
         """Generate findings summary section."""
-        critical = len(findings['critical'])
-        high = len(findings['high'])
-        medium = len(findings['medium'])
-        low = len(findings['low'])
-        info = len(findings['info'])
+        critical = len(findings["critical"])
+        high = len(findings["high"])
+        medium = len(findings["medium"])
+        low = len(findings["low"])
+        info = len(findings["info"])
         total = critical + high + medium + low + info
 
         return f"""## FINDINGS SUMMARY
@@ -402,7 +500,7 @@ Testing was conducted against systems within the defined scope. All testing acti
 | **Total** | **{total}** | **100%** |
 
 ---"""
-    
+
     def key_findings_summary(self, findings: Dict) -> str:
         """
         Generate key findings summary - shows top critical/high findings upfront.
@@ -413,56 +511,61 @@ Testing was conducted against systems within the defined scope. All testing acti
 *Quick overview of the most critical security issues discovered*
 
 """
-        
-        critical_findings = findings['critical']
-        high_findings = findings['high']
-        
+
+        critical_findings = findings["critical"]
+        high_findings = findings["high"]
+
         # Immediate Action Required (Critical)
         if critical_findings:
             section += "### 🚨 Immediate Action Required (Critical)\n\n"
             for idx, finding in enumerate(critical_findings[:5], 1):  # Top 5 critical
-                title = finding.get('title', 'Untitled Finding')
+                title = finding.get("title", "Untitled Finding")
                 host = self._format_affected_host(finding)
                 section += f"{idx}. **{title}**\n"
                 section += f"   - Host: {host}\n"
-                if finding.get('description'):
+                if finding.get("description"):
                     # Get first sentence or first 100 chars
-                    desc = finding['description'].split('.')[0][:100]
+                    desc = finding["description"].split(".")[0][:100]
                     section += f"   - Impact: {desc}...\n"
                 section += "\n"
-            
+
             if len(critical_findings) > 5:
                 section += f"*...and {len(critical_findings) - 5} more critical finding(s)*\n\n"
-        
+
         # High Priority (Within 7 days)
         if high_findings:
             section += "### ⚠️  High Priority (Address within 7 days)\n\n"
             for idx, finding in enumerate(high_findings[:3], 1):  # Top 3 high
-                title = finding.get('title', 'Untitled Finding')
+                title = finding.get("title", "Untitled Finding")
                 host = self._format_affected_host(finding)
                 section += f"{idx}. **{title}** - {host}\n"
-            
+
             if len(high_findings) > 3:
                 section += f"\n*...and {len(high_findings) - 3} more high-priority finding(s)*\n"
             section += "\n"
-        
+
         # Overall stats
         total_critical = len(critical_findings)
         total_high = len(high_findings)
-        total_medium = len(findings['medium'])
-        total_low = len(findings['low'])
-        
+        total_medium = len(findings["medium"])
+        total_low = len(findings["low"])
+
         section += f"**Total Findings:** {total_critical} Critical, {total_high} High, {total_medium} Medium, {total_low} Low\n\n"
         section += "**Recommendation:** Address all critical findings immediately, high findings within 7 days.\n\n"
         section += "*See Detailed Findings section below for complete information.*\n\n"
         section += "---\n"
-        
+
         return section
-    
-    def compliance_section(self, findings: List[Dict], compliance_data: Dict, report_type: str = 'technical') -> str:
+
+    def compliance_section(
+        self,
+        findings: List[Dict],
+        compliance_data: Dict,
+        report_type: str = "technical",
+    ) -> str:
         """
         Generate compliance mapping section.
-        
+
         Args:
             findings: List of all findings
             compliance_data: Compliance coverage data
@@ -472,33 +575,35 @@ Testing was conducted against systems within the defined scope. All testing acti
                         - summary: Brief summary only
         """
         from souleyez.reporting.compliance_mappings import ComplianceMappings
-        
+
         mapper = ComplianceMappings()
         section = """## COMPLIANCE MAPPING
 
 ### OWASP Top 10 2021 Coverage
 
 """
-        
-        owasp_coverage = compliance_data['owasp']
+
+        owasp_coverage = compliance_data["owasp"]
         section += f"**Coverage: {owasp_coverage['coverage_percent']}%** ({len(owasp_coverage['covered'])}/{owasp_coverage['total']} categories)\n\n"
-        
+
         # Count findings per category
         owasp_findings_count = {}
         for finding in findings:
             owasp_matches = mapper.map_finding_to_owasp(finding)
             for owasp_id in owasp_matches:
-                owasp_findings_count[owasp_id] = owasp_findings_count.get(owasp_id, 0) + 1
-        
+                owasp_findings_count[owasp_id] = (
+                    owasp_findings_count.get(owasp_id, 0) + 1
+                )
+
         # OWASP Coverage Table
-        if report_type == 'executive':
+        if report_type == "executive":
             # Executive: Only show matched categories (reduce clutter)
-            if owasp_coverage['covered']:
+            if owasp_coverage["covered"]:
                 section += "**OWASP Categories Identified:**\n\n"
                 section += "| Category | Findings |\n"
                 section += "|----------|----------|\n"
-                
-                for owasp_id in sorted(owasp_coverage['covered']):
+
+                for owasp_id in sorted(owasp_coverage["covered"]):
                     name = mapper.get_owasp_name(owasp_id)
                     count = owasp_findings_count.get(owasp_id, 0)
                     section += f"| {owasp_id}: {name} | {count} |\n"
@@ -508,87 +613,89 @@ Testing was conducted against systems within the defined scope. All testing acti
             # Technical/Summary: Show all categories with status
             section += "| Category | Status | Findings |\n"
             section += "|----------|--------|----------|\n"
-            
+
             for owasp_id in sorted(mapper.owasp_mappings.keys()):
                 name = mapper.get_owasp_name(owasp_id)
-                if owasp_id in owasp_coverage['covered']:
+                if owasp_id in owasp_coverage["covered"]:
                     count = owasp_findings_count.get(owasp_id, 0)
                     status = "✅ Covered"
                     section += f"| {owasp_id}: {name} | {status} | {count} |\n"
                 else:
                     section += f"| {owasp_id}: {name} | ⚪ Not Found | 0 |\n"
-        
+
         section += "\n### CWE Top 25 Coverage\n\n"
-        
-        cwe_coverage = compliance_data['cwe']
+
+        cwe_coverage = compliance_data["cwe"]
         section += f"**Coverage: {cwe_coverage['coverage_percent']}%** ({len(cwe_coverage['covered'])}/{cwe_coverage['total']} categories)\n\n"
-        
-        if cwe_coverage['covered']:
+
+        if cwe_coverage["covered"]:
             section += "**CWEs Identified:**\n\n"
-            
+
             # Count findings per CWE
             cwe_findings_count = {}
             for finding in findings:
                 cwe_matches = mapper.map_finding_to_cwe(finding)
                 for cwe_id in cwe_matches:
                     cwe_findings_count[cwe_id] = cwe_findings_count.get(cwe_id, 0) + 1
-            
+
             # Limit to top 10 for executive reports
-            cwe_list = sorted(cwe_coverage['covered'])
-            if report_type == 'executive' and len(cwe_list) > 10:
+            cwe_list = sorted(cwe_coverage["covered"])
+            if report_type == "executive" and len(cwe_list) > 10:
                 cwe_list = cwe_list[:10]
                 show_more = True
             else:
                 show_more = False
-            
+
             for cwe_id in cwe_list:
                 name = mapper.get_cwe_name(cwe_id)
                 count = cwe_findings_count.get(cwe_id, 0)
                 section += f"- **{cwe_id}**: {name} ({count} finding{'s' if count != 1 else ''})\n"
-            
+
             if show_more:
                 section += f"\n*...and {len(cwe_coverage['covered']) - 10} more CWEs*\n"
         else:
             section += "No CWE Top 25 vulnerabilities identified.\n"
-        
+
         # Compliance Gaps (only for technical reports)
-        if report_type == 'technical' and (compliance_data['owasp']['gaps'] or compliance_data['cwe']['gaps']):
+        if report_type == "technical" and (
+            compliance_data["owasp"]["gaps"] or compliance_data["cwe"]["gaps"]
+        ):
             section += "\n### Compliance Gaps\n\n"
-            
-            if compliance_data['owasp']['gaps']:
+
+            if compliance_data["owasp"]["gaps"]:
                 section += f"**OWASP Categories Not Found:** {len(compliance_data['owasp']['gaps'])} categories not represented in findings.\n\n"
-            
-            if compliance_data['cwe']['gaps']:
+
+            if compliance_data["cwe"]["gaps"]:
                 section += f"**CWE Categories Not Found:** {len(compliance_data['cwe']['gaps'])} weakness types not identified.\n\n"
-            
+
             section += "*Note: Gaps indicate vulnerability types not found during testing, which may be positive (not present) or indicate areas requiring deeper assessment.*\n"
-        
+
         section += "\n---"
         return section
 
-    def detailed_findings(self, findings: Dict, report_type: str = 'technical') -> str:
+    def detailed_findings(self, findings: Dict, report_type: str = "technical") -> str:
         """Generate detailed findings section."""
         section = "## DETAILED FINDINGS\n\n"
 
         finding_number = 1
-        for severity in ['critical', 'high', 'medium', 'low', 'info']:
+        for severity in ["critical", "high", "medium", "low", "info"]:
             for finding in findings[severity]:
                 section += f"### Finding #{finding_number}: {finding['title']}\n\n"
 
                 # Severity badge
                 severity_upper = severity.upper()
                 emoji_map = {
-                    'critical': '🔴',
-                    'high': '🟠',
-                    'medium': '🟡',
-                    'low': '🟢',
-                    'info': 'ℹ️'
+                    "critical": "🔴",
+                    "high": "🟠",
+                    "medium": "🟡",
+                    "low": "🟢",
+                    "info": "ℹ️",
                 }
                 section += f"**Severity:** {emoji_map[severity]} {severity_upper}  \n"
 
-                if finding.get('cvss'):
+                if finding.get("cvss"):
                     section += f"**CVSS Score:** {finding['cvss']}  \n"
-                if finding.get('cve'):
+                if finding.get("cve"):
                     section += f"**CVE:** {finding['cve']}  \n"
 
                 # Format affected host display
@@ -597,14 +704,16 @@ Testing was conducted against systems within the defined scope. All testing acti
                 section += f"**Tool:** {finding['tool']}  \n\n"
 
                 # Description
-                if finding.get('description'):
+                if finding.get("description"):
                     section += f"**Description:**\n\n{finding['description']}\n\n"
 
                 # Remediation - Always include
-                remediation_text = finding.get('remediation', '')
+                remediation_text = finding.get("remediation", "")
                 if not remediation_text:
-                    remediation_text = self._generate_default_remediation(finding, severity)
-                
+                    remediation_text = self._generate_default_remediation(
+                        finding, severity
+                    )
+
                 section += f"**Recommendation:**\n\n{remediation_text}\n\n"
 
                 section += "---\n\n"
@@ -622,7 +731,9 @@ Testing was conducted against systems within the defined scope. All testing acti
         section += f"- **Reconnaissance:** {evidence_counts['reconnaissance']} items\n"
         section += f"- **Enumeration:** {evidence_counts['enumeration']} items\n"
         section += f"- **Exploitation:** {evidence_counts['exploitation']} items\n"
-        section += f"- **Post-Exploitation:** {evidence_counts['post_exploitation']} items\n\n"
+        section += (
+            f"- **Post-Exploitation:** {evidence_counts['post_exploitation']} items\n\n"
+        )
 
         if credentials:
             section += f"### Credentials Discovered ({len(credentials)} total)\n\n"
@@ -648,7 +759,7 @@ Testing was conducted against systems within the defined scope. All testing acti
 *Prioritized remediation roadmap with estimated effort and impact*
 
 """
-        
+
         # Quick Wins (< 1 hour, high impact)
         quick_wins = self._identify_quick_wins(findings)
         if quick_wins:
@@ -658,29 +769,31 @@ Testing was conducted against systems within the defined scope. All testing acti
                 section += f"{idx}. **{win['title']}** ⏱️ {win['effort']}\n"
                 section += f"   - **Action:** {win['action']}\n"
                 section += f"   - **Impact:** {win['impact']}\n\n"
-        
+
         # Immediate Actions (Critical Priority - Today/This Week)
-        section += "### 🚨 Immediate Actions (Critical Priority - Complete This Week)\n\n"
-        
-        if findings['critical']:
-            total_critical = len(findings['critical'])
+        section += (
+            "### 🚨 Immediate Actions (Critical Priority - Complete This Week)\n\n"
+        )
+
+        if findings["critical"]:
+            total_critical = len(findings["critical"])
             section += f"**{total_critical} critical finding{'s' if total_critical != 1 else ''} requiring immediate attention:**\n\n"
-            
-            for idx, finding in enumerate(findings['critical'][:5], 1):
+
+            for idx, finding in enumerate(findings["critical"][:5], 1):
                 section += f"**{idx}. {finding['title']}**\n"
-                
+
                 # Add specific remediation steps
-                if finding.get('remediation'):
+                if finding.get("remediation"):
                     section += f"   - **Fix:** {finding['remediation']}\n"
-                
+
                 # Add resource estimate based on finding type
                 effort = self._estimate_remediation_effort(finding)
                 section += f"   - **Estimated Effort:** {effort}\n"
-                
+
                 # Add business impact context
-                impact = self._get_business_impact(finding, 'critical')
+                impact = self._get_business_impact(finding, "critical")
                 section += f"   - **Business Impact:** {impact}\n\n"
-            
+
             if total_critical > 5:
                 section += f"*...and {total_critical - 5} more critical finding(s). See Detailed Findings section.*\n\n"
         else:
@@ -689,30 +802,30 @@ Testing was conducted against systems within the defined scope. All testing acti
         # Short-Term (High Priority - 1-2 Weeks)
         section += "### ⚠️  Short-Term Actions (High Priority - Within 2 Weeks)\n\n"
 
-        if findings['high']:
-            total_high = len(findings['high'])
+        if findings["high"]:
+            total_high = len(findings["high"])
             section += f"**{total_high} high-priority finding{'s' if total_high != 1 else ''} to address:**\n\n"
-            
-            for idx, finding in enumerate(findings['high'][:3], 1):
+
+            for idx, finding in enumerate(findings["high"][:3], 1):
                 section += f"{idx}. **{finding['title']}**\n"
-                if finding.get('remediation'):
+                if finding.get("remediation"):
                     # Shorten if too long
-                    rem = finding['remediation']
+                    rem = finding["remediation"]
                     if len(rem) > 150:
                         rem = rem[:147] + "..."
                     section += f"   - {rem}\n"
                 effort = self._estimate_remediation_effort(finding)
                 section += f"   - Effort: {effort}\n\n"
-            
+
             if total_high > 3:
                 section += f"*...and {total_high - 3} more high-priority findings.*\n\n"
         else:
             section += "✅ No high-priority findings identified.\n\n"
 
         # Medium-Term (Medium Severity - 30 Days)
-        if findings['medium']:
+        if findings["medium"]:
             section += "### 📋 Medium-Term Actions (Within 30 Days)\n\n"
-            total_medium = len(findings['medium'])
+            total_medium = len(findings["medium"])
             section += f"**{total_medium} medium-severity finding{'s' if total_medium != 1 else ''} identified.** "
             section += "Prioritize based on asset criticality and exposure.\n\n"
             section += "Review the Detailed Findings section for specific remediation guidance on each issue.\n\n"
@@ -729,125 +842,138 @@ Testing was conducted against systems within the defined scope. All testing acti
 
         section += "\n---"
         return section
-    
+
     def _identify_quick_wins(self, findings: Dict) -> List[Dict]:
         """Identify quick-win fixes (< 1 hour, high impact)."""
         quick_wins = []
-        
+
         # Common quick-win patterns
         quick_win_patterns = {
-            'information disclosure': {
-                'action': 'Remove or restrict access to exposed information',
-                'impact': 'Reduces reconnaissance opportunities for attackers',
-                'effort': '15-30 min'
+            "information disclosure": {
+                "action": "Remove or restrict access to exposed information",
+                "impact": "Reduces reconnaissance opportunities for attackers",
+                "effort": "15-30 min",
             },
-            'default credentials': {
-                'action': 'Change all default passwords immediately',
-                'impact': 'Prevents trivial unauthorized access',
-                'effort': '5-10 min per system'
+            "default credentials": {
+                "action": "Change all default passwords immediately",
+                "impact": "Prevents trivial unauthorized access",
+                "effort": "5-10 min per system",
             },
-            'missing security headers': {
-                'action': 'Configure web server security headers',
-                'impact': 'Protects against common web attacks',
-                'effort': '30-45 min'
+            "missing security headers": {
+                "action": "Configure web server security headers",
+                "impact": "Protects against common web attacks",
+                "effort": "30-45 min",
             },
-            'unencrypted': {
-                'action': 'Enable SSL/TLS encryption',
-                'impact': 'Protects data in transit',
-                'effort': '30-60 min'
+            "unencrypted": {
+                "action": "Enable SSL/TLS encryption",
+                "impact": "Protects data in transit",
+                "effort": "30-60 min",
+            },
+            "directory listing": {
+                "action": "Disable directory indexing in web server config",
+                "impact": "Prevents information disclosure",
+                "effort": "10-15 min",
             },
-            'directory listing': {
-                'action': 'Disable directory indexing in web server config',
-                'impact': 'Prevents information disclosure',
-                'effort': '10-15 min'
-            }
         }
-        
+
         # Check critical and high findings for quick wins
-        for finding in findings['critical'] + findings['high']:
-            title_lower = finding['title'].lower()
+        for finding in findings["critical"] + findings["high"]:
+            title_lower = finding["title"].lower()
             for pattern, details in quick_win_patterns.items():
                 if pattern in title_lower:
-                    quick_wins.append({
-                        'title': finding['title'],
-                        'action': details['action'],
-                        'impact': details['impact'],
-                        'effort': details['effort']
-                    })
+                    quick_wins.append(
+                        {
+                            "title": finding["title"],
+                            "action": details["action"],
+                            "impact": details["impact"],
+                            "effort": details["effort"],
+                        }
+                    )
                     break
-            
+
             # Limit to top 5 quick wins
             if len(quick_wins) >= 5:
                 break
-        
+
         return quick_wins
-    
+
     def _estimate_remediation_effort(self, finding: Dict) -> str:
         """Estimate remediation effort based on finding type."""
-        title_lower = finding['title'].lower()
-        
+        title_lower = finding["title"].lower()
+
         # High effort (4+ hours)
-        if any(x in title_lower for x in ['architecture', 'redesign', 'refactor', 'encryption scheme']):
+        if any(
+            x in title_lower
+            for x in ["architecture", "redesign", "refactor", "encryption scheme"]
+        ):
             return "4-8 hours (Complex)"
-        
+
         # Medium effort (1-4 hours)
-        if any(x in title_lower for x in ['sql injection', 'xss', 'authentication', 'access control']):
+        if any(
+            x in title_lower
+            for x in ["sql injection", "xss", "authentication", "access control"]
+        ):
             return "2-4 hours (Moderate)"
-        
+
         # Low effort (< 1 hour)
-        if any(x in title_lower for x in ['default', 'disclosure', 'header', 'configuration']):
+        if any(
+            x in title_lower
+            for x in ["default", "disclosure", "header", "configuration"]
+        ):
             return "30-60 minutes (Simple)"
-        
+
         # Default to medium
         return "1-3 hours (Moderate)"
-    
+
     def _get_business_impact(self, finding: Dict, severity: str) -> str:
         """Get business impact context for finding."""
-        title_lower = finding['title'].lower()
-        
+        title_lower = finding["title"].lower()
+
         # Data breach scenarios
-        if 'sql injection' in title_lower or 'data breach' in title_lower:
-            return "Data breach, regulatory penalties (GDPR/PCI-DSS), reputational damage"
-        
+        if "sql injection" in title_lower or "data breach" in title_lower:
+            return (
+                "Data breach, regulatory penalties (GDPR/PCI-DSS), reputational damage"
+            )
+
         # Authentication issues
-        if 'authentication' in title_lower or 'credentials' in title_lower:
+        if "authentication" in title_lower or "credentials" in title_lower:
             return "Unauthorized access, potential system compromise"
-        
+
         # XSS/injection
-        if 'xss' in title_lower or 'injection' in title_lower:
+        if "xss" in title_lower or "injection" in title_lower:
             return "User account compromise, data theft, malware distribution"
-        
+
         # Default by severity
-        if severity == 'critical':
+        if severity == "critical":
             return "High risk of immediate exploitation and business disruption"
         else:
             return "Security exposure requiring timely remediation"
-    
+
     def _calculate_resource_summary(self, findings: Dict) -> Dict:
         """Calculate total remediation effort summary."""
         effort_map = {
-            '5-10 min per system': 0.2,
-            '10-15 min': 0.25,
-            '15-30 min': 0.5,
-            '30-45 min': 0.75,
-            '30-60 min': 1,
-            '30-60 minutes (Simple)': 1,
-            '1-3 hours (Moderate)': 2,
-            '2-4 hours (Moderate)': 3,
-            '4-8 hours (Complex)': 6
+            "5-10 min per system": 0.2,
+            "10-15 min": 0.25,
+            "15-30 min": 0.5,
+            "30-45 min": 0.75,
+            "30-60 min": 1,
+            "30-60 minutes (Simple)": 1,
+            "1-3 hours (Moderate)": 2,
+            "2-4 hours (Moderate)": 3,
+            "4-8 hours (Complex)": 6,
         }
-        
-        summary = {'critical': 0, 'high': 0, 'medium': 0}
-        
-        for severity in ['critical', 'high', 'medium']:
+
+        summary = {"critical": 0, "high": 0, "medium": 0}
+
+        for severity in ["critical", "high", "medium"]:
             for finding in findings[severity]:
                 effort_str = self._estimate_remediation_effort(finding)
                 # Default to 2 hours if not in map
                 hours = effort_map.get(effort_str, 2)
                 summary[severity] += hours
-        
-        summary['total'] = summary['critical'] + summary['high'] + summary['medium']
-        
+
+        summary["total"] = summary["critical"] + summary["high"] + summary["medium"]
+
         return summary
 
     def methodology(self) -> str:
@@ -882,7 +1008,7 @@ This penetration test followed industry-standard methodology based on PTES (Pene
 All testing was conducted in accordance with the agreed-upon rules of engagement and with explicit authorization.
 
 ---"""
-    
+
     def attack_chain_section(
         self, chain: Dict, summary: Dict, host_centric_chain: Dict = None
     ) -> str:
@@ -894,14 +1020,15 @@ All testing was conducted in accordance with the agreed-upon rules of engagement
             host_centric_chain: New host-centric chain structure (preferred)
         """
         from souleyez.reporting.attack_chain import AttackChainAnalyzer
+
         analyzer = AttackChainAnalyzer()
 
         # Use host-centric chain if available
-        if host_centric_chain and host_centric_chain.get('hosts'):
+        if host_centric_chain and host_centric_chain.get("hosts"):
             return self._host_centric_attack_section(host_centric_chain, analyzer)
 
         # Fallback to legacy visualization
-        if not chain or not chain.get('nodes'):
+        if not chain or not chain.get("nodes"):
             return ""
 
         section = """## ATTACK CHAIN ANALYSIS
@@ -927,15 +1054,17 @@ The following diagram shows the progression of the attack from initial reconnais
         section += f"- **Total Attack Steps:** {summary['total_nodes']} nodes, {summary['total_edges']} transitions\n"
         section += f"- **Hosts Compromised:** {summary['hosts_compromised']}\n"
         section += f"- **Active Phases:** {summary['phases_active']}/4 penetration testing phases\n"
-        section += f"- **Attack Depth:** {summary['longest_path']} levels (longest path)\n"
+        section += (
+            f"- **Attack Depth:** {summary['longest_path']} levels (longest path)\n"
+        )
 
-        if summary['critical_nodes']:
+        if summary["critical_nodes"]:
             section += f"- **Critical Nodes:** {len(summary['critical_nodes'])} high-connectivity points\n"
 
         section += "\n**Phase Breakdown:**\n\n"
-        for phase, count in chain['phases'].items():
+        for phase, count in chain["phases"].items():
             if count > 0:
-                phase_name = phase.replace('_', ' ').title()
+                phase_name = phase.replace("_", " ").title()
                 section += f"- **{phase_name}:** {count} evidence items\n"
 
         section += "\n### Attack Flow Interpretation\n\n"
@@ -946,7 +1075,7 @@ The following diagram shows the progression of the attack from initial reconnais
         section += "- Credential harvesting and access escalation\n"
         section += "- Post-exploitation activities on compromised hosts\n"
 
-        if summary['hosts_compromised'] > 1:
+        if summary["hosts_compromised"] > 1:
             section += "\n**Lateral Movement:** The attack chain shows movement across "
             section += f"{summary['hosts_compromised']} different hosts, indicating potential for lateral movement within the network.\n"
 
@@ -956,8 +1085,8 @@ The following diagram shows the progression of the attack from initial reconnais
     def _host_centric_attack_section(self, chain: Dict, analyzer) -> str:
         """Generate host-centric attack chain visualization."""
         summary = analyzer.get_host_centric_summary(chain)
-        hosts = chain.get('hosts', [])
-        lateral_edges = chain.get('lateral_edges', [])
+        hosts = chain.get("hosts", [])
+        lateral_edges = chain.get("lateral_edges", [])
 
         section = """## ATTACK PATH VISUALIZATION
 
@@ -998,45 +1127,49 @@ Each box represents a target host with its attack progression. Arrows show the p
         section += f"- **Hosts Exploited:** {summary['hosts_exploited']}\n"
         section += f"- **Total Attack Steps:** {summary['total_nodes']}\n"
         section += f"- **Deepest Penetration:** {summary['deepest_attack']} phases"
-        if summary.get('deepest_host'):
+        if summary.get("deepest_host"):
             section += f" (on {summary['deepest_host']})"
         section += "\n"
 
-        if summary['lateral_movements'] > 0:
+        if summary["lateral_movements"] > 0:
             section += f"- **Lateral Movements:** {summary['lateral_movements']} cross-host transitions\n"
 
         # Phase breakdown
-        phase_counts = summary.get('phase_counts', {})
+        phase_counts = summary.get("phase_counts", {})
         if any(v > 0 for v in phase_counts.values()):
             section += "\n**Attack Phase Distribution:**\n\n"
             phase_labels = {
-                'discovery': 'Discovery',
-                'enumeration': 'Enumeration',
-                'vulnerability': 'Vulnerabilities',
-                'exploitation': 'Exploitation',
-                'credential': 'Credentials',
-                'post_exploitation': 'Post-Exploitation'
+                "discovery": "Discovery",
+                "enumeration": "Enumeration",
+                "vulnerability": "Vulnerabilities",
+                "exploitation": "Exploitation",
+                "credential": "Credentials",
+                "post_exploitation": "Post-Exploitation",
             }
             for phase, count in phase_counts.items():
                 if count > 0:
-                    label = phase_labels.get(phase, phase.replace('_', ' ').title())
+                    label = phase_labels.get(phase, phase.replace("_", " ").title())
                     section += f"- **{label}:** {count} instances\n"
 
         # Interpretation
         section += "\n### Attack Flow Interpretation\n\n"
 
-        if summary['hosts_exploited'] == 0:
+        if summary["hosts_exploited"] == 0:
             section += "No hosts were fully exploited during this engagement. "
-            section += "The attack progressed through reconnaissance and enumeration phases.\n"
-        elif summary['hosts_exploited'] == 1:
+            section += (
+                "The attack progressed through reconnaissance and enumeration phases.\n"
+            )
+        elif summary["hosts_exploited"] == 1:
             section += f"One host was successfully exploited. "
-            if summary['lateral_movements'] > 0:
+            if summary["lateral_movements"] > 0:
                 section += "Lateral movement was detected, suggesting the attacker attempted to pivot to other systems.\n"
             else:
                 section += "No lateral movement was detected.\n"
         else:
-            section += f"**{summary['hosts_exploited']} hosts** were successfully exploited. "
-            if summary['lateral_movements'] > 0:
+            section += (
+                f"**{summary['hosts_exploited']} hosts** were successfully exploited. "
+            )
+            if summary["lateral_movements"] > 0:
                 section += f"**{summary['lateral_movements']} lateral movements** were detected, "
                 section += "demonstrating the attacker's ability to pivot between systems using harvested credentials.\n"
             else:
@@ -1045,8 +1178,12 @@ Each box represents a target host with its attack progression. Arrows show the p
         section += "\n---"
         return section
 
-    def appendix(self, hosts: List[Dict], credentials: List[Dict],
-                 include_methodology: bool = True) -> str:
+    def appendix(
+        self,
+        hosts: List[Dict],
+        credentials: List[Dict],
+        include_methodology: bool = True,
+    ) -> str:
         """Generate appendix section with optional methodology."""
         section = """## APPENDIX
 
@@ -1095,14 +1232,14 @@ All testing was conducted in accordance with the agreed-upon rules of engagement
 
         for host in hosts:
             # Format services count properly (handle list, int, or empty)
-            services_data = host.get('services', 0)
+            services_data = host.get("services", 0)
             if isinstance(services_data, list):
                 services_count = len(services_data)
             else:
                 services_count = services_data
 
             section += f"- **{host['host']}**"
-            if host.get('hostname'):
+            if host.get("hostname"):
                 section += f" ({host['hostname']})"
             section += f" - {services_count} services, {host['findings']} findings\n"
 
@@ -1131,197 +1268,218 @@ All testing was conducted in accordance with the agreed-upon rules of engagement
 
 *This report contains confidential information. Unauthorized distribution is prohibited.*
 """
-    
+
     def _format_affected_host(self, finding: Dict) -> str:
         """
         Format affected host display from finding data.
-        
+
         Tries multiple fields in order:
         1. ip_address (from JOIN with hosts table)
-        2. hostname (from JOIN with hosts table)  
+        2. hostname (from JOIN with hosts table)
         3. path (for web findings with URL path)
         4. port (show port number)
         5. 'Unknown' as fallback
-        
+
         Args:
             finding: Finding dictionary with host data
-            
+
         Returns:
             Formatted host string
         """
         # Try IP address first (most common)
-        if finding.get('ip_address'):
-            host_str = finding['ip_address']
+        if finding.get("ip_address"):
+            host_str = finding["ip_address"]
             # Add hostname if available
-            if finding.get('hostname'):
+            if finding.get("hostname"):
                 host_str += f" ({finding['hostname']})"
             # Add port if available
-            if finding.get('port'):
+            if finding.get("port"):
                 host_str += f":{finding['port']}"
             # Add path for web findings - but only if it's a clean path (not a full URL)
-            if finding.get('path') and finding['path'] != '/' and not finding['path'].startswith('http'):
-                host_str += finding['path']
+            if (
+                finding.get("path")
+                and finding["path"] != "/"
+                and not finding["path"].startswith("http")
+            ):
+                host_str += finding["path"]
             return host_str
-        
+
         # Try hostname alone
-        if finding.get('hostname'):
-            host_str = finding['hostname']
-            if finding.get('port'):
+        if finding.get("hostname"):
+            host_str = finding["hostname"]
+            if finding.get("port"):
                 host_str += f":{finding['port']}"
             # Only add path if it's a clean path (not a full URL)
-            if finding.get('path') and finding['path'] != '/' and not finding['path'].startswith('http'):
-                host_str += finding['path']
+            if (
+                finding.get("path")
+                and finding["path"] != "/"
+                and not finding["path"].startswith("http")
+            ):
+                host_str += finding["path"]
             return host_str
-        
+
         # Try path alone (web findings without host) - but only if not a full URL
-        if finding.get('path') and not finding['path'].startswith('http'):
-            return finding['path']
-        
+        if finding.get("path") and not finding["path"].startswith("http"):
+            return finding["path"]
+
         # Try port alone
-        if finding.get('port'):
+        if finding.get("port"):
             return f"Port {finding['port']}"
-        
+
         # Fallback
-        return 'Unknown'
-    
+        return "Unknown"
+
     def _generate_default_remediation(self, finding: Dict, severity: str) -> str:
         """Generate default remediation recommendation based on finding details."""
-        title_lower = finding.get('title', '').lower()
-        tool = finding.get('tool', '').lower()
-        
+        title_lower = finding.get("title", "").lower()
+        tool = finding.get("tool", "").lower()
+
         # SQL Injection
-        if 'sql injection' in title_lower or 'sqli' in title_lower:
+        if "sql injection" in title_lower or "sqli" in title_lower:
             return """1. Implement parameterized queries/prepared statements for all database operations
 2. Apply input validation and sanitization for all user inputs
 3. Use stored procedures with properly defined parameters
 4. Implement least privilege database access controls
 5. Deploy a Web Application Firewall (WAF) to block SQL injection attempts
 6. Review and patch all vulnerable parameters immediately"""
-        
+
         # XSS
-        if 'xss' in title_lower or 'cross-site scripting' in title_lower:
+        if "xss" in title_lower or "cross-site scripting" in title_lower:
             return """1. Implement proper output encoding for all user-controlled data
 2. Use Content Security Policy (CSP) headers
 3. Apply HTML sanitization on user inputs
 4. Enable HTTPOnly and Secure flags on cookies
 5. Validate and sanitize all input on server-side
 6. Use modern frameworks with built-in XSS protection"""
-        
+
         # Authentication issues
-        if 'auth' in title_lower or 'login' in title_lower or 'password' in title_lower or 'credential' in title_lower:
+        if (
+            "auth" in title_lower
+            or "login" in title_lower
+            or "password" in title_lower
+            or "credential" in title_lower
+        ):
             return """1. Implement multi-factor authentication (MFA)
 2. Enforce strong password policies (minimum 12 characters, complexity)
 3. Use bcrypt or Argon2 for password hashing
 4. Implement account lockout after failed attempts
 5. Use secure session management with proper timeouts
 6. Review and update authentication mechanisms"""
-        
+
         # SSL/TLS issues
-        if 'ssl' in title_lower or 'tls' in title_lower or 'certificate' in title_lower:
+        if "ssl" in title_lower or "tls" in title_lower or "certificate" in title_lower:
             return """1. Update to TLS 1.2 or higher (disable TLS 1.0/1.1)
 2. Use strong cipher suites only
 3. Obtain and install valid SSL/TLS certificates
 4. Enable HSTS (HTTP Strict Transport Security)
 5. Configure proper certificate chain validation
 6. Regular certificate monitoring and renewal"""
-        
+
         # File upload
-        if 'upload' in title_lower or 'file' in title_lower:
+        if "upload" in title_lower or "file" in title_lower:
             return """1. Validate file types using whitelist approach
 2. Implement file size restrictions
 3. Scan uploaded files for malware
 4. Store uploaded files outside web root
 5. Use random filenames to prevent path traversal
 6. Implement proper access controls on uploaded content"""
-        
+
         # Command injection
-        if 'command injection' in title_lower or 'command execution' in title_lower:
+        if "command injection" in title_lower or "command execution" in title_lower:
             return """1. Avoid system calls that use user input
 2. Implement strict input validation and sanitization
 3. Use safe APIs that don't invoke shell commands
 4. Apply the principle of least privilege for process execution
 5. Use parameterized commands when shell execution is necessary
 6. Implement command whitelisting"""
-        
+
         # Directory traversal
-        if 'directory traversal' in title_lower or 'path traversal' in title_lower:
+        if "directory traversal" in title_lower or "path traversal" in title_lower:
             return """1. Validate and sanitize all file path inputs
 2. Use whitelisting for allowed paths
 3. Reject paths with '..' sequences
 4. Implement proper access controls on file systems
 5. Use secure file access APIs
 6. Chroot/jail file operations where possible"""
-        
+
         # Information disclosure
-        if 'disclosure' in title_lower or 'exposure' in title_lower or 'leakage' in title_lower:
+        if (
+            "disclosure" in title_lower
+            or "exposure" in title_lower
+            or "leakage" in title_lower
+        ):
             return """1. Remove or restrict access to sensitive information
 2. Implement proper error handling (don't expose stack traces)
 3. Review and remove debug information from production
 4. Apply proper authentication and authorization
 5. Use generic error messages for public-facing systems
 6. Review server configurations and headers"""
-        
+
         # Misconfigurations
-        if 'misconfiguration' in title_lower or 'default' in title_lower:
+        if "misconfiguration" in title_lower or "default" in title_lower:
             return """1. Change all default credentials immediately
 2. Disable unnecessary services and features
 3. Apply security hardening guidelines (CIS benchmarks)
 4. Review and update security configurations
 5. Implement regular security configuration audits
 6. Use infrastructure-as-code for consistent configurations"""
-        
+
         # SMB/Windows issues
-        if 'smb' in title_lower or tool == 'enum4linux':
+        if "smb" in title_lower or tool == "enum4linux":
             return """1. Disable SMBv1 protocol (use SMBv2/v3 only)
 2. Restrict anonymous access to SMB shares
 3. Implement proper access controls on shares
 4. Enable SMB signing and encryption
 5. Apply latest Windows security patches
 6. Use strong authentication mechanisms"""
-        
+
         # DNS issues
-        if 'dns' in title_lower or tool == 'dnsrecon':
+        if "dns" in title_lower or tool == "dnsrecon":
             return """1. Restrict zone transfers to authorized servers only
 2. Implement DNSSEC for data integrity
 3. Use split-horizon DNS for internal/external separation
 4. Apply rate limiting to prevent DNS amplification attacks
 5. Monitor DNS logs for suspicious activity
 6. Keep DNS software updated"""
-        
+
         # Brute force / Weak credentials
-        if 'brute' in title_lower or 'weak password' in title_lower or tool in ['hydra', 'medusa']:
+        if (
+            "brute" in title_lower
+            or "weak password" in title_lower
+            or tool in ["hydra", "medusa"]
+        ):
             return """1. Enforce strong password policies
 2. Implement account lockout mechanisms
 3. Deploy multi-factor authentication (MFA)
 4. Monitor and alert on failed login attempts
 5. Use CAPTCHA for login forms
 6. Implement rate limiting on authentication endpoints"""
-        
+
         # Web vulnerabilities (generic)
-        if tool in ['nuclei', 'gobuster', 'ffuf']:
+        if tool in ["nuclei", "gobuster", "ffuf"]:
             return """1. Review and patch identified web vulnerabilities
 2. Apply security updates to web server and applications
 3. Implement Web Application Firewall (WAF)
 4. Use security headers (CSP, X-Frame-Options, etc.)
 5. Perform regular security testing
 6. Follow OWASP Top 10 remediation guidance"""
-        
+
         # Default by severity
-        if severity == 'critical':
+        if severity == "critical":
             return """1. **IMMEDIATE ACTION REQUIRED** - Patch or mitigate this vulnerability within 24 hours
 2. Isolate affected systems if immediate patching isn't possible
 3. Implement monitoring for exploitation attempts
 4. Review logs for signs of compromise
 5. Notify security team and stakeholders
 6. Plan for emergency patching and testing"""
-        elif severity == 'high':
+        elif severity == "high":
             return """1. Prioritize remediation within 7 days
 2. Apply vendor patches or security updates
 3. Implement temporary mitigations if patches unavailable
 4. Review and restrict access to affected systems
 5. Enhance monitoring and logging
 6. Document remediation efforts"""
-        elif severity == 'medium':
+        elif severity == "medium":
             return """1. Address within 30 days as part of regular patching cycle
 2. Review and apply security best practices
 3. Implement defense-in-depth controls
@@ -1336,7 +1494,7 @@ All testing was conducted in accordance with the agreed-upon rules of engagement
 5. Monitor for any changes in risk level
 6. Consider as part of security posture improvement"""
 
-    def ai_executive_summary(self, content: str, provider: str = 'AI') -> str:
+    def ai_executive_summary(self, content: str, provider: str = "AI") -> str:
         """
         Render AI-generated executive summary.
 
@@ -1355,7 +1513,7 @@ All testing was conducted in accordance with the agreed-upon rules of engagement
 
 ---"""
 
-    def ai_remediation_plan(self, content: str, provider: str = 'AI') -> str:
+    def ai_remediation_plan(self, content: str, provider: str = "AI") -> str:
         """
         Render AI-generated remediation plan.
 
@@ -1374,7 +1532,9 @@ All testing was conducted in accordance with the agreed-upon rules of engagement
 
 ---"""
 
-    def ai_risk_rating(self, rating: str, justification: str, provider: str = 'AI') -> str:
+    def ai_risk_rating(
+        self, rating: str, justification: str, provider: str = "AI"
+    ) -> str:
         """
         Render AI-generated risk rating.
 
@@ -1387,13 +1547,13 @@ All testing was conducted in accordance with the agreed-upon rules of engagement
             str: Formatted markdown section
         """
         emoji_map = {
-            'CRITICAL': '🔴',
-            'HIGH': '🟠',
-            'MODERATE': '🟡',
-            'LOW': '🟢',
-            'UNKNOWN': '⚪'
+            "CRITICAL": "🔴",
+            "HIGH": "🟠",
+            "MODERATE": "🟡",
+            "LOW": "🟢",
+            "UNKNOWN": "⚪",
         }
-        emoji = emoji_map.get(rating.upper(), '⚪')
+        emoji = emoji_map.get(rating.upper(), "⚪")
 
         return f"""### AI Risk Assessment
 
@@ -1411,7 +1571,7 @@ All testing was conducted in accordance with the agreed-upon rules of engagement
         business_impact: str,
         attack_scenario: str,
         risk_context: str,
-        provider: str = 'AI'
+        provider: str = "AI",
     ) -> str:
         """
         Render AI-enhanced finding context.
@@ -1429,16 +1589,22 @@ All testing was conducted in accordance with the agreed-upon rules of engagement
         sections = []
 
         if business_impact:
-            sections.append(f"""**Business Impact:**
-{business_impact}""")
+            sections.append(
+                f"""**Business Impact:**
+{business_impact}"""
+            )
 
         if attack_scenario:
-            sections.append(f"""**Attack Scenario:**
-{attack_scenario}""")
+            sections.append(
+                f"""**Attack Scenario:**
+{attack_scenario}"""
+            )
 
         if risk_context:
-            sections.append(f"""**Risk Context:**
-{risk_context}""")
+            sections.append(
+                f"""**Risk Context:**
+{risk_context}"""
+            )
 
         if not sections:
             return ""
@@ -1495,7 +1661,7 @@ All testing was conducted in accordance with the agreed-upon rules of engagement
             risk_msg = "Critical detection blindspots"
 
         # Use generated executive summary if available
-        exec_summary_text = getattr(data, 'executive_summary', '') or ''
+        exec_summary_text = getattr(data, "executive_summary", "") or ""
 
         return f"""## EXECUTIVE SUMMARY
 
@@ -1534,9 +1700,17 @@ This section summarizes which penetration test attacks triggered SIEM alerts and
         # Status breakdown
         statuses = [
             ("Detected", summary.detected, "Attacks that triggered SIEM alerts"),
-            ("Not Detected", summary.not_detected, "Attacks that did NOT trigger alerts (gaps)"),
+            (
+                "Not Detected",
+                summary.not_detected,
+                "Attacks that did NOT trigger alerts (gaps)",
+            ),
             ("Partial", summary.partial, "Attacks with some but incomplete detection"),
-            ("Offline", summary.offline, "Offline tools (no network detection expected)"),
+            (
+                "Offline",
+                summary.offline,
+                "Offline tools (no network detection expected)",
+            ),
             ("Unknown", summary.unknown, "Validation errors or inconclusive results"),
         ]
 
@@ -1569,7 +1743,7 @@ The following matrix shows which MITRE ATT&CK techniques were tested during the
         # Group by tactic
         tactics_data = {}
         for item in data.heatmap_data:
-            tactic = item['tactic_name']
+            tactic = item["tactic_name"]
             if tactic not in tactics_data:
                 tactics_data[tactic] = []
             tactics_data[tactic].append(item)
@@ -1578,16 +1752,16 @@ The following matrix shows which MITRE ATT&CK techniques were tested during the
             section += f"#### {tactic}\n\n"
 
             for tech in techniques:
-                status = tech['status']
+                status = tech["status"]
                 icon = {
-                    'detected': '✅',
-                    'not_detected': '❌',
-                    'partial': '⚠️',
-                    'not_tested': '⬜'
-                }.get(status, '⬜')
+                    "detected": "✅",
+                    "not_detected": "❌",
+                    "partial": "⚠️",
+                    "not_tested": "⬜",
+                }.get(status, "⬜")
 
-                rate = f" ({tech['detection_rate']}%)" if tech['tested'] > 0 else ""
-                tools = ', '.join(tech['tools_used']) if tech['tools_used'] else 'N/A'
+                rate = f" ({tech['detection_rate']}%)" if tech["tested"] > 0 else ""
+                tools = ", ".join(tech["tools_used"]) if tech["tools_used"] else "N/A"
 
                 section += f"- {icon} **{tech['technique_id']}** - {tech['technique_name']}{rate}\n"
                 section += f"  - Tools: {tools}\n"
@@ -1599,7 +1773,7 @@ The following matrix shows which MITRE ATT&CK techniques were tested during the
 
     def detected_attacks_table(self, data) -> str:
         """Generate table of attacks that triggered SIEM alerts."""
-        detected = [r for r in data.detection_results if r.status == 'detected']
+        detected = [r for r in data.detection_results if r.status == "detected"]
 
         if not detected:
             return """## DETECTED ATTACKS
@@ -1618,15 +1792,21 @@ The following {len(detected)} attack{'s' if len(detected) != 1 else ''} successf
 """
 
         for result in detected[:50]:  # Limit to 50
-            attack_type = result.attack_type or 'Unknown'
-            target = getattr(result, 'target_ip', 'N/A') or 'N/A'
+            attack_type = result.attack_type or "Unknown"
+            target = getattr(result, "target_ip", "N/A") or "N/A"
             alerts = result.alerts_count
-            rules = ', '.join(result.rule_ids[:3]) if result.rule_ids else 'N/A'
+            rules = ", ".join(result.rule_ids[:3]) if result.rule_ids else "N/A"
             if len(result.rule_ids) > 3:
-                rules += '...'
-            timestamp = result.checked_at.strftime('%Y-%m-%d %H:%M') if result.checked_at else 'N/A'
+                rules += "..."
+            timestamp = (
+                result.checked_at.strftime("%Y-%m-%d %H:%M")
+                if result.checked_at
+                else "N/A"
+            )
 
-            section += f"| {attack_type} | {target} | {alerts} | {rules} | {timestamp} |\n"
+            section += (
+                f"| {attack_type} | {target} | {alerts} | {rules} | {timestamp} |\n"
+            )
 
         section += "\n---\n"
         return section
@@ -1653,20 +1833,27 @@ These represent blindspots in security monitoring that should be addressed.
 """
 
         for idx, gap in enumerate(gaps[:30], 1):  # Limit to 30
-            attack_type = gap.attack_type or 'Unknown'
-            target = getattr(gap, 'target_ip', 'N/A') or 'N/A'
+            attack_type = gap.attack_type or "Unknown"
+            target = getattr(gap, "target_ip", "N/A") or "N/A"
 
             # Get MITRE technique
             from souleyez.detection.mitre_mappings import map_tool_to_techniques
+
             techniques = map_tool_to_techniques(attack_type)
-            mitre = techniques[0]['id'] if techniques else 'N/A'
+            mitre = techniques[0]["id"] if techniques else "N/A"
 
             # Priority based on attack type severity
             from souleyez.detection.attack_signatures import get_signature
+
             sig = get_signature(attack_type)
-            severity = sig.get('severity', 'medium')
-            priority_map = {'critical': '🔴 Critical', 'high': '🟠 High', 'medium': '🟡 Medium', 'low': '🟢 Low'}
-            priority = priority_map.get(severity, '🟡 Medium')
+            severity = sig.get("severity", "medium")
+            priority_map = {
+                "critical": "🔴 Critical",
+                "high": "🟠 High",
+                "medium": "🟡 Medium",
+                "low": "🟢 Low",
+            }
+            priority = priority_map.get(severity, "🟡 Medium")
 
             section += f"| {priority} | {attack_type} | {target} | {mitre} | Add detection rules |\n"
 
@@ -1675,7 +1862,7 @@ These represent blindspots in security monitoring that should be addressed.
 
     def severity_breakdown_section(self, data) -> str:
         """Generate alert severity breakdown section."""
-        severity = getattr(data, 'severity_breakdown', None)
+        severity = getattr(data, "severity_breakdown", None)
         if not severity or severity.total == 0:
             return """## ALERT SEVERITY BREAKDOWN
 
@@ -1695,11 +1882,17 @@ Distribution of {severity.total} alerts by severity level:
             ("High", severity.high),
             ("Medium", severity.medium),
             ("Low", severity.low),
-            ("Info", severity.info)
+            ("Info", severity.info),
         ]:
             if count > 0:
                 pct = round(count / severity.total * 100, 1)
-                icon = {"Critical": "🔴", "High": "🟠", "Medium": "🟡", "Low": "🟢", "Info": "⚪"}.get(level, "⚪")
+                icon = {
+                    "Critical": "🔴",
+                    "High": "🟠",
+                    "Medium": "🟡",
+                    "Low": "🟢",
+                    "Info": "⚪",
+                }.get(level, "⚪")
                 section += f"| {icon} {level} | {count} | {pct}% |\n"
 
         section += "\n---\n"
@@ -1707,7 +1900,7 @@ Distribution of {severity.total} alerts by severity level:
 
     def top_rules_section(self, data) -> str:
         """Generate top triggered rules section."""
-        top_rules = getattr(data, 'top_rules', [])
+        top_rules = getattr(data, "top_rules", [])
         if not top_rules:
             return """## TOP TRIGGERED RULES
 
@@ -1724,13 +1917,19 @@ The following SIEM rules generated the most alerts:
 """
         for idx, rule in enumerate(top_rules[:10], 1):
             sev_icon = {
-                'critical': '🔴', 'crit': '🔴',
-                'high': '🟠',
-                'medium': '🟡', 'med': '🟡',
-                'low': '🟢',
-                'info': '⚪'
-            }.get(rule.severity.lower(), '⚪')
-            rule_name = rule.rule_name[:50] + "..." if len(rule.rule_name) > 50 else rule.rule_name
+                "critical": "🔴",
+                "crit": "🔴",
+                "high": "🟠",
+                "medium": "🟡",
+                "med": "🟡",
+                "low": "🟢",
+                "info": "⚪",
+            }.get(rule.severity.lower(), "⚪")
+            rule_name = (
+                rule.rule_name[:50] + "..."
+                if len(rule.rule_name) > 50
+                else rule.rule_name
+            )
             section += f"| {idx} | {rule.rule_id} | {rule_name} | {rule.count} | {sev_icon} {rule.severity.capitalize()} |\n"
 
         section += "\n---\n"
@@ -1738,7 +1937,7 @@ The following SIEM rules generated the most alerts:
 
     def sample_alerts_section(self, data) -> str:
         """Generate sample alerts section with actual alert content."""
-        samples = getattr(data, 'sample_alerts', [])
+        samples = getattr(data, "sample_alerts", [])
         if not samples:
             return """## SAMPLE ALERTS
 
@@ -1753,12 +1952,14 @@ Representative alerts from the assessment (highest severity first):
 """
         for idx, alert in enumerate(samples[:5], 1):
             sev_icon = {
-                'critical': '🔴', 'crit': '🔴',
-                'high': '🟠',
-                'medium': '🟡', 'med': '🟡',
-                'low': '🟢',
-                'info': '⚪'
-            }.get(alert.severity.lower(), '⚪')
+                "critical": "🔴",
+                "crit": "🔴",
+                "high": "🟠",
+                "medium": "🟡",
+                "med": "🟡",
+                "low": "🟢",
+                "info": "⚪",
+            }.get(alert.severity.lower(), "⚪")
 
             section += f"""### Alert {idx}: {alert.rule_name}
 
@@ -1783,7 +1984,7 @@ Representative alerts from the assessment (highest severity first):
 
     def vulnerability_section(self, data) -> str:
         """Generate Wazuh vulnerability section for detection report."""
-        vuln_data = getattr(data, 'vulnerability_section', None)
+        vuln_data = getattr(data, "vulnerability_section", None)
 
         if not vuln_data or vuln_data.total_vulns == 0:
             return """## VULNERABILITY CONTEXT
@@ -1819,11 +2020,13 @@ Cross-referencing with attack targets reveals which vulnerable systems were test
 """
             for cve in vuln_data.top_cves[:10]:
                 sev_icon = {
-                    'critical': '🔴', 'high': '🟠',
-                    'medium': '🟡', 'low': '🟢'
-                }.get(cve.severity.lower(), '⚪')
+                    "critical": "🔴",
+                    "high": "🟠",
+                    "medium": "🟡",
+                    "low": "🟢",
+                }.get(cve.severity.lower(), "⚪")
                 name = cve.name[:40] + "..." if len(cve.name) > 40 else cve.name
-                pkg = cve.package_name or 'N/A'
+                pkg = cve.package_name or "N/A"
                 section += f"| {cve.cve_id} | {name} | {sev_icon} {cve.severity} | {cve.cvss_score:.1f} | {pkg} |\n"
             section += "\n"
 
@@ -1848,7 +2051,12 @@ These hosts were targeted during the assessment and have known vulnerabilities:
                 if host.top_vulns:
                     section += f"**{host.host_ip}** - Top Vulnerabilities:\n"
                     for v in host.top_vulns[:3]:
-                        sev_icon = {'critical': '🔴', 'high': '🟠', 'medium': '🟡', 'low': '🟢'}.get(v.severity.lower(), '⚪')
+                        sev_icon = {
+                            "critical": "🔴",
+                            "high": "🟠",
+                            "medium": "🟡",
+                            "low": "🟢",
+                        }.get(v.severity.lower(), "⚪")
                         section += f"- {sev_icon} **{v.cve_id}** (CVSS {v.cvss_score:.1f}) - {v.name[:60]}\n"
                     section += "\n"
 
@@ -1884,11 +2092,11 @@ The following recommendations will help close detection gaps:
 """
         for idx, rec in enumerate(recs[:20], 1):
             priority_icon = {
-                'critical': '🔴',
-                'high': '🟠',
-                'medium': '🟡',
-                'low': '🟢'
-            }.get(rec.priority, '🟡')
+                "critical": "🔴",
+                "high": "🟠",
+                "medium": "🟡",
+                "low": "🟢",
+            }.get(rec.priority, "🟡")
 
             section += f"""### {idx}. {rec.attack_type.upper()} Detection
 
@@ -1902,7 +2110,9 @@ The following recommendations will help close detection gaps:
 
 """
             if rec.suggested_rule_ids:
-                section += f"**Suggested Rule IDs:** {', '.join(rec.suggested_rule_ids)}\n\n"
+                section += (
+                    f"**Suggested Rule IDs:** {', '.join(rec.suggested_rule_ids)}\n\n"
+                )
 
         section += "---\n"
         return section
@@ -1931,7 +2141,11 @@ Detection coverage broken down by target host:
         sorted_hosts = sorted(hosts.values(), key=lambda h: h.coverage_percent)
 
         for host in sorted_hosts[:20]:  # Limit to 20
-            coverage_icon = '🟢' if host.coverage_percent >= 75 else '🟡' if host.coverage_percent >= 50 else '🔴'
+            coverage_icon = (
+                "🟢"
+                if host.coverage_percent >= 75
+                else "🟡" if host.coverage_percent >= 50 else "🔴"
+            )
             section += f"| {host.host_ip} | {host.total_attacks} | {host.detected} | {host.not_detected} | {coverage_icon} {host.coverage_percent}% |\n"
 
         section += "\n---\n"
@@ -2958,14 +3172,16 @@ class HTMLFormatter(MarkdownFormatter):
 <div class="container">
 """
 
-    def executive_one_pager(self, metrics: Dict, findings: Dict, engagement: Dict) -> str:
+    def executive_one_pager(
+        self, metrics: Dict, findings: Dict, engagement: Dict
+    ) -> str:
         """Generate executive one-pager - single page summary for executives."""
-        risk_level = metrics.get('risk_level', 'MEDIUM').lower()
-        risk_score = metrics.get('risk_score', 50)
+        risk_level = metrics.get("risk_level", "MEDIUM").lower()
+        risk_score = metrics.get("risk_score", 50)
 
         # Get top findings
-        critical = findings.get('critical', [])
-        high = findings.get('high', [])
+        critical = findings.get("critical", [])
+        high = findings.get("high", [])
         top_findings = (critical + high)[:5]
 
         # Calculate estimated breach cost (rough estimate based on findings)
@@ -3015,10 +3231,10 @@ class HTMLFormatter(MarkdownFormatter):
 <h3>TOP SECURITY RISKS</h3>
 """
             for idx, finding in enumerate(top_findings, 1):
-                severity = finding.get('severity', 'high')
-                sev_class = 'high' if severity == 'high' else ''
-                title = finding.get('title', 'Finding')[:50]
-                host = finding.get('ip_address', finding.get('hostname', 'Unknown'))
+                severity = finding.get("severity", "high")
+                sev_class = "high" if severity == "high" else ""
+                title = finding.get("title", "Finding")[:50]
+                host = finding.get("ip_address", finding.get("hostname", "Unknown"))
 
                 html += f"""<div class="exec-finding-row {sev_class}">
     <div class="exec-finding-num">{idx}</div>
@@ -3029,14 +3245,14 @@ class HTMLFormatter(MarkdownFormatter):
             html += "</div>\n"
 
         # Bottom line recommendation
-        if risk_level in ['critical', 'high']:
-            bottom_class = ''
+        if risk_level in ["critical", "high"]:
+            bottom_class = ""
             bottom_msg = "IMMEDIATE ACTION REQUIRED: Critical vulnerabilities expose your organization to significant risk. Remediation should begin within 24-48 hours."
-        elif risk_level == 'medium':
-            bottom_class = 'medium'
+        elif risk_level == "medium":
+            bottom_class = "medium"
             bottom_msg = "ACTION RECOMMENDED: Several security issues require attention within the next 1-2 weeks to maintain security posture."
         else:
-            bottom_class = 'low'
+            bottom_class = "low"
             bottom_msg = "GOOD STANDING: Minor issues identified. Continue regular security maintenance and monitoring."
 
         html += f"""<div class="exec-bottom-line {bottom_class}">
@@ -3051,7 +3267,7 @@ class HTMLFormatter(MarkdownFormatter):
         all_findings = []
         for severity, items in findings.items():
             for f in items:
-                f['_severity'] = severity
+                f["_severity"] = severity
                 all_findings.append(f)
 
         if not all_findings:
@@ -3064,28 +3280,30 @@ class HTMLFormatter(MarkdownFormatter):
         # Low Impact + Hard to Exploit = Low (bottom-left)
 
         quadrants = {
-            'critical': [],  # High impact, easy exploit
-            'high': [],      # High impact, hard exploit
-            'medium': [],    # Low impact, easy exploit
-            'low': []        # Low impact, hard exploit
+            "critical": [],  # High impact, easy exploit
+            "high": [],  # High impact, hard exploit
+            "medium": [],  # Low impact, easy exploit
+            "low": [],  # Low impact, hard exploit
         }
 
         for f in all_findings:
-            sev = f.get('_severity', 'info')
-            if sev == 'critical':
-                quadrants['critical'].append(f)
-            elif sev == 'high':
-                quadrants['high'].append(f)
-            elif sev == 'medium':
-                quadrants['medium'].append(f)
-            elif sev == 'low':
-                quadrants['low'].append(f)
+            sev = f.get("_severity", "info")
+            if sev == "critical":
+                quadrants["critical"].append(f)
+            elif sev == "high":
+                quadrants["high"].append(f)
+            elif sev == "medium":
+                quadrants["medium"].append(f)
+            elif sev == "low":
+                quadrants["low"].append(f)
 
         def render_dots(findings_list, severity, max_dots=12):
             dots = ""
             for i, f in enumerate(findings_list[:max_dots]):
-                title = f.get('title', 'Finding')[:20]
-                dots += f'<div class="quadrant-dot {severity}" title="{title}">{i+1}</div>'
+                title = f.get("title", "Finding")[:20]
+                dots += (
+                    f'<div class="quadrant-dot {severity}" title="{title}">{i+1}</div>'
+                )
             if len(findings_list) > max_dots:
                 dots += f'<div class="quadrant-dot {severity}">+{len(findings_list) - max_dots}</div>'
             return dots
@@ -3104,14 +3322,14 @@ class HTMLFormatter(MarkdownFormatter):
         <div class="quadrant-title">Monitor</div>
         <div class="quadrant-findings">
 """
-        html += render_dots(quadrants['high'], 'high')
+        html += render_dots(quadrants["high"], "high")
         html += """        </div>
     </div>
     <div class="quadrant-cell critical">
         <div class="quadrant-title">Fix Now</div>
         <div class="quadrant-findings">
 """
-        html += render_dots(quadrants['critical'], 'critical')
+        html += render_dots(quadrants["critical"], "critical")
         html += """        </div>
     </div>
 
@@ -3120,14 +3338,14 @@ class HTMLFormatter(MarkdownFormatter):
         <div class="quadrant-title">Accept Risk</div>
         <div class="quadrant-findings">
 """
-        html += render_dots(quadrants['low'], 'low')
+        html += render_dots(quadrants["low"], "low")
         html += """        </div>
     </div>
     <div class="quadrant-cell medium">
         <div class="quadrant-title">Schedule Fix</div>
         <div class="quadrant-findings">
 """
-        html += render_dots(quadrants['medium'], 'medium')
+        html += render_dots(quadrants["medium"], "medium")
         html += """        </div>
     </div>
 
@@ -3141,13 +3359,13 @@ class HTMLFormatter(MarkdownFormatter):
 
     def remediation_timeline(self, metrics: Dict) -> str:
         """Generate visual remediation timeline."""
-        timeline = metrics.get('remediation_timeline', {})
-        total_days = timeline.get('total_days', 30)
+        timeline = metrics.get("remediation_timeline", {})
+        total_days = timeline.get("total_days", 30)
 
-        critical_days = timeline.get('critical', 2)
-        high_days = timeline.get('high', 7)
-        medium_days = timeline.get('medium', 14)
-        low_days = timeline.get('low', 7)
+        critical_days = timeline.get("critical", 2)
+        high_days = timeline.get("high", 7)
+        medium_days = timeline.get("medium", 14)
+        low_days = timeline.get("low", 7)
 
         # Calculate percentages
         if total_days > 0:
@@ -3206,7 +3424,7 @@ class HTMLFormatter(MarkdownFormatter):
 
 <div class="dashboard">
 """
-        
+
         # Risk Score Card
         html += f"""    <div class="metric-card {risk_class}">
         <div class="metric-label">OVERALL RISK SCORE</div>
@@ -3214,7 +3432,7 @@ class HTMLFormatter(MarkdownFormatter):
         <div class="metric-label">{metrics['risk_level']}</div>
     </div>
 """
-        
+
         # Total Findings Card
         html += f"""    <div class="metric-card">
         <div class="metric-label">TOTAL FINDINGS</div>
@@ -3222,7 +3440,7 @@ class HTMLFormatter(MarkdownFormatter):
         <div class="metric-label">{metrics['critical_findings']} Critical | {metrics['high_findings']} High</div>
     </div>
 """
-        
+
         # Hosts Assessed Card
         html += f"""    <div class="metric-card">
         <div class="metric-label">HOSTS ASSESSED</div>
@@ -3230,7 +3448,7 @@ class HTMLFormatter(MarkdownFormatter):
         <div class="metric-label">{metrics['vulnerable_hosts']} Vulnerable</div>
     </div>
 """
-        
+
         # Exploitation Rate Card
         html += f"""    <div class="metric-card">
         <div class="metric-label">EXPLOITATION RATE</div>
@@ -3238,16 +3456,16 @@ class HTMLFormatter(MarkdownFormatter):
         <div class="metric-label">{metrics['exploited_services']}/{metrics['total_services']} Services</div>
     </div>
 """
-        
+
         # Remediation Timeline Card
-        timeline = metrics['remediation_timeline']
+        timeline = metrics["remediation_timeline"]
         html += f"""    <div class="metric-card">
         <div class="metric-label">ESTIMATED REMEDIATION</div>
         <div class="metric-value">{timeline['weeks']}</div>
         <div class="metric-label">Weeks (~{timeline['total_days']} days)</div>
     </div>
 """
-        
+
         # Credentials Found Card
         html += f"""    <div class="metric-card">
         <div class="metric-label">CREDENTIALS FOUND</div>
@@ -3255,7 +3473,7 @@ class HTMLFormatter(MarkdownFormatter):
         <div class="metric-label">Valid Credentials</div>
     </div>
 """
-        
+
         html += "</div>\n</div>\n\n---\n\n"
         return html
 
@@ -3264,15 +3482,15 @@ class HTMLFormatter(MarkdownFormatter):
         if not attack_surface:
             return ""
 
-        overview = attack_surface.get('overview', {})
-        hosts = attack_surface.get('hosts', [])
+        overview = attack_surface.get("overview", {})
+        hosts = attack_surface.get("hosts", [])
 
         if not hosts:
             return ""
 
         # Calculate gap count (services not exploited)
-        total_services = overview.get('total_services', 0)
-        exploited_services = overview.get('exploited_services', 0)
+        total_services = overview.get("total_services", 0)
+        exploited_services = overview.get("exploited_services", 0)
         gap_count = total_services - exploited_services
 
         html = """<div class="intel-hub">
@@ -3291,14 +3509,16 @@ class HTMLFormatter(MarkdownFormatter):
         # Top target callout
         if hosts:
             top = hosts[0]
-            top_ip = top.get('host', 'unknown')
-            top_hostname = top.get('hostname', '')
-            top_score = top.get('score', 0)
-            top_services = top.get('services', [])
-            top_exploited = sum(1 for s in top_services if s.get('status') == 'exploited')
+            top_ip = top.get("host", "unknown")
+            top_hostname = top.get("hostname", "")
+            top_score = top.get("score", 0)
+            top_services = top.get("services", [])
+            top_exploited = sum(
+                1 for s in top_services if s.get("status") == "exploited"
+            )
             top_total_svc = len(top_services)
-            top_critical = top.get('critical_findings', 0)
-            top_findings = top.get('findings', 0)
+            top_critical = top.get("critical_findings", 0)
+            top_findings = top.get("findings", 0)
 
             top_display = top_ip
             if top_hostname:
@@ -3309,11 +3529,11 @@ class HTMLFormatter(MarkdownFormatter):
             html += f'    <div class="top-target-host">{top_display}</div>\n'
             html += f'    <div class="top-target-stats">Score: {top_score} pts | {top_exploited}/{top_total_svc} services exploited | '
             if top_critical > 0:
-                html += f'{top_critical} critical, {top_findings - top_critical} high findings'
+                html += f"{top_critical} critical, {top_findings - top_critical} high findings"
             else:
-                html += f'{top_findings} findings'
-            html += '</div>\n'
-            html += '</div>\n\n'
+                html += f"{top_findings} findings"
+            html += "</div>\n"
+            html += "</div>\n\n"
 
         # Host table
         # Limit to top 10 hosts for readability
@@ -3336,21 +3556,21 @@ class HTMLFormatter(MarkdownFormatter):
 """
 
         for idx, host in enumerate(display_hosts, 1):
-            host_ip = host.get('host', 'unknown')
-            hostname = host.get('hostname', '')
-            score = host.get('score', 0)
-            services = host.get('services', [])
+            host_ip = host.get("host", "unknown")
+            hostname = host.get("hostname", "")
+            score = host.get("score", 0)
+            services = host.get("services", [])
             service_count = len(services)
-            findings = host.get('findings', 0)
-            critical = host.get('critical_findings', 0)
+            findings = host.get("findings", 0)
+            critical = host.get("critical_findings", 0)
 
             # Score color class
             if score >= 70:
-                score_class = 'score-critical'
+                score_class = "score-critical"
             elif score >= 50:
-                score_class = 'score-high'
+                score_class = "score-high"
             else:
-                score_class = 'score-medium'
+                score_class = "score-medium"
 
             # Host display
             host_display = host_ip
@@ -3364,8 +3584,10 @@ class HTMLFormatter(MarkdownFormatter):
                 findings_display = str(findings)
 
             # Exploitation progress
-            exploited = sum(1 for s in services if s.get('status') == 'exploited')
-            progress_filled = min(8, int((exploited / service_count * 8) if service_count > 0 else 0))
+            exploited = sum(1 for s in services if s.get("status") == "exploited")
+            progress_filled = min(
+                8, int((exploited / service_count * 8) if service_count > 0 else 0)
+            )
             progress_empty = 8 - progress_filled
 
             progress_bar = f'<span class="progress-filled">{"█" * progress_filled}</span><span class="progress-empty">{"░" * progress_empty}</span>'
@@ -3394,8 +3616,13 @@ class HTMLFormatter(MarkdownFormatter):
 """
         return html
 
-    def compare_to_previous(self, current_metrics: Dict, previous_metrics: Dict,
-                            current_engagement: Dict, previous_engagement: Dict) -> str:
+    def compare_to_previous(
+        self,
+        current_metrics: Dict,
+        previous_metrics: Dict,
+        current_engagement: Dict,
+        previous_engagement: Dict,
+    ) -> str:
         """Generate comparison section showing improvement/regression from previous engagement.
 
         Args:
@@ -3408,20 +3635,20 @@ class HTMLFormatter(MarkdownFormatter):
             return ""
 
         # Calculate deltas
-        current_risk = current_metrics.get('risk_score', 0)
-        prev_risk = previous_metrics.get('risk_score', 0)
+        current_risk = current_metrics.get("risk_score", 0)
+        prev_risk = previous_metrics.get("risk_score", 0)
         risk_delta = current_risk - prev_risk
 
-        current_critical = current_metrics.get('severity_counts', {}).get('critical', 0)
-        prev_critical = previous_metrics.get('severity_counts', {}).get('critical', 0)
+        current_critical = current_metrics.get("severity_counts", {}).get("critical", 0)
+        prev_critical = previous_metrics.get("severity_counts", {}).get("critical", 0)
         critical_delta = current_critical - prev_critical
 
-        current_high = current_metrics.get('severity_counts', {}).get('high', 0)
-        prev_high = previous_metrics.get('severity_counts', {}).get('high', 0)
+        current_high = current_metrics.get("severity_counts", {}).get("high", 0)
+        prev_high = previous_metrics.get("severity_counts", {}).get("high", 0)
         high_delta = current_high - prev_high
 
-        current_total = current_metrics.get('total_findings', 0)
-        prev_total = previous_metrics.get('total_findings', 0)
+        current_total = current_metrics.get("total_findings", 0)
+        prev_total = previous_metrics.get("total_findings", 0)
         total_delta = current_total - prev_total
 
         # Determine overall trend
@@ -3446,9 +3673,9 @@ class HTMLFormatter(MarkdownFormatter):
             trend_text = "NO CHANGE"
             trend_color = "#6b7280"
 
-        prev_date = previous_engagement.get('created_at', 'Unknown')
-        if hasattr(prev_date, 'strftime'):
-            prev_date = prev_date.strftime('%B %d, %Y')
+        prev_date = previous_engagement.get("created_at", "Unknown")
+        if hasattr(prev_date, "strftime"):
+            prev_date = prev_date.strftime("%B %d, %Y")
 
         html = f"""<div class="compare-section" style="margin: 30px 0; padding: 25px; background: linear-gradient(135deg, #f0f9ff 0%, #e0f2fe 100%); border-radius: 12px; border: 2px solid #0ea5e9;">
 
@@ -3552,136 +3779,136 @@ class HTMLFormatter(MarkdownFormatter):
         """Generate charts section with Chart.js visualizations."""
         if not charts:
             return ""
-        
+
         html = """<div id="charts-section">
 <h2>VISUAL ANALYSIS</h2>
 
 <div class="charts-grid">
 """
-        
+
         # Phase 1 Charts
         # Severity Distribution Chart
-        if 'severity_distribution' in charts:
+        if "severity_distribution" in charts:
             html += """    <div class="chart-container">
         <canvas id="severityChart"></canvas>
     </div>
 """
-        
+
         # Host Impact Chart
-        if 'host_impact' in charts:
+        if "host_impact" in charts:
             html += """    <div class="chart-container">
         <canvas id="hostChart"></canvas>
     </div>
 """
-        
+
         # Exploitation Progress Chart
-        if 'exploitation_progress' in charts:
+        if "exploitation_progress" in charts:
             html += """    <div class="chart-container">
         <canvas id="exploitationChart"></canvas>
     </div>
 """
-        
+
         # Phase 2 Charts
         # Timeline Chart
-        if 'timeline' in charts:
+        if "timeline" in charts:
             html += """    <div class="chart-container">
         <canvas id="timelineChart"></canvas>
     </div>
 """
-        
+
         # Evidence by Phase Chart
-        if 'evidence_by_phase' in charts:
+        if "evidence_by_phase" in charts:
             html += """    <div class="chart-container">
         <canvas id="evidencePhaseChart"></canvas>
     </div>
 """
-        
+
         # Service Exposure Chart
-        if 'service_exposure' in charts:
+        if "service_exposure" in charts:
             html += """    <div class="chart-container">
         <canvas id="serviceExposureChart"></canvas>
     </div>
 """
-        
+
         # Credentials by Service Chart
-        if 'credentials_by_service' in charts:
+        if "credentials_by_service" in charts:
             html += """    <div class="chart-container">
         <canvas id="credentialsChart"></canvas>
     </div>
 """
-        
+
         html += "</div>\n</div>\n\n---\n\n"
-        
+
         # Add Chart.js initialization scripts
         html += "<script>\n"
-        
+
         # Phase 1 Charts
-        if 'severity_distribution' in charts:
+        if "severity_distribution" in charts:
             html += f"""
 const severityCtx = document.getElementById('severityChart');
 if (severityCtx) {{
     new Chart(severityCtx, {charts['severity_distribution']});
 }}
 """
-        
-        if 'host_impact' in charts:
+
+        if "host_impact" in charts:
             html += f"""
 const hostCtx = document.getElementById('hostChart');
 if (hostCtx) {{
     new Chart(hostCtx, {charts['host_impact']});
 }}
 """
-        
-        if 'exploitation_progress' in charts:
+
+        if "exploitation_progress" in charts:
             html += f"""
 const exploitationCtx = document.getElementById('exploitationChart');
 if (exploitationCtx) {{
     new Chart(exploitationCtx, {charts['exploitation_progress']});
 }}
 """
-        
+
         # Phase 2 Charts
-        if 'timeline' in charts:
+        if "timeline" in charts:
             html += f"""
 const timelineCtx = document.getElementById('timelineChart');
 if (timelineCtx) {{
     new Chart(timelineCtx, {charts['timeline']});
 }}
 """
-        
-        if 'evidence_by_phase' in charts:
+
+        if "evidence_by_phase" in charts:
             html += f"""
 const evidencePhaseCtx = document.getElementById('evidencePhaseChart');
 if (evidencePhaseCtx) {{
     new Chart(evidencePhaseCtx, {charts['evidence_by_phase']});
 }}
 """
-        
-        if 'service_exposure' in charts:
+
+        if "service_exposure" in charts:
             html += f"""
 const serviceExposureCtx = document.getElementById('serviceExposureChart');
 if (serviceExposureCtx) {{
     new Chart(serviceExposureCtx, {charts['service_exposure']});
 }}
 """
-        
-        if 'credentials_by_service' in charts:
+
+        if "credentials_by_service" in charts:
             html += f"""
 const credentialsCtx = document.getElementById('credentialsChart');
 if (credentialsCtx) {{
     new Chart(credentialsCtx, {charts['credentials_by_service']});
 }}
 """
-        
+
         html += "</script>\n\n"
         return html
-    
+
     def detailed_findings_collapsible(self, findings: Dict) -> str:
         """Generate detailed findings with collapsible sections by severity."""
         from souleyez.reporting.compliance_mappings import ComplianceMappings
-        
+
         mapper = ComplianceMappings()
-        
+
         section = """## DETAILED FINDINGS
 
 <div class="collapse-controls">
@@ -3690,29 +3917,29 @@ if (credentialsCtx) {{
 </div>
 
 """
-        
-        severity_order = ['critical', 'high', 'medium', 'low', 'info']
+
+        severity_order = ["critical", "high", "medium", "low", "info"]
         emoji_map = {
-            'critical': '🔴',
-            'high': '🟠',
-            'medium': '🟡',
-            'low': '🟢',
-            'info': '🔵'
+            "critical": "🔴",
+            "high": "🟠",
+            "medium": "🟡",
+            "low": "🟢",
+            "info": "🔵",
         }
-        
+
         finding_number = 1
-        
+
         for severity in severity_order:
             if not findings.get(severity):
                 continue
-            
+
             count = len(findings[severity])
             severity_title = severity.upper()
-            emoji = emoji_map.get(severity, '')
-            
+            emoji = emoji_map.get(severity, "")
+
             # Create collapsible section
             # Auto-expand Critical and High findings for quick visibility
-            open_attr = ' open' if severity in ['critical', 'high'] else ''
+            open_attr = " open" if severity in ["critical", "high"] else ""
             section_id = f"findings-{severity}"
             section += f"""<details id="{section_id}"{open_attr}>
     <summary class="severity-{severity}">
@@ -3724,10 +3951,10 @@ if (credentialsCtx) {{
     <div class="findings-content">
 
 """
-            
+
             # Add each finding
             for finding in findings[severity]:
-                severity_lower = finding.get('severity', severity).lower()
+                severity_lower = finding.get("severity", severity).lower()
 
                 # Use HTML formatting instead of markdown for proper rendering
                 section += f"""<div class="finding-card">
@@ -3749,9 +3976,11 @@ if (credentialsCtx) {{
                         badges.append(f"<code>{cwe_id}</code>")
                     section += " ".join(badges) + "</p>\n"
 
-                if finding.get('cvss'):
-                    section += f"<p><strong>CVSS Score:</strong> {finding['cvss']}</p>\n"
-                if finding.get('cve'):
+                if finding.get("cvss"):
+                    section += (
+                        f"<p><strong>CVSS Score:</strong> {finding['cvss']}</p>\n"
+                    )
+                if finding.get("cve"):
                     section += f"<p><strong>CVE:</strong> {finding['cve']}</p>\n"
 
                 # Format affected host display
@@ -3760,15 +3989,17 @@ if (credentialsCtx) {{
                 section += f"<p><strong>Tool:</strong> {finding['tool']}</p>\n"
 
                 # Description
-                if finding.get('description'):
-                    desc = finding['description'].replace('\n', '<br>\n')
+                if finding.get("description"):
+                    desc = finding["description"].replace("\n", "<br>\n")
                     section += f"<p><strong>Description:</strong></p>\n<p>{desc}</p>\n"
 
                 # Evidence (if available) - shows proof of vulnerability
-                evidence_text = finding.get('evidence', '')
+                evidence_text = finding.get("evidence", "")
                 if evidence_text and len(evidence_text.strip()) > 0:
                     # Escape HTML in evidence
-                    safe_evidence = evidence_text.replace('<', '&lt;').replace('>', '&gt;')
+                    safe_evidence = evidence_text.replace("<", "&lt;").replace(
+                        ">", "&gt;"
+                    )
                     section += f"""<div class="finding-evidence">
 <div class="finding-evidence-label">Evidence / Proof</div>
 <pre>{safe_evidence}</pre>
@@ -3776,21 +4007,23 @@ if (credentialsCtx) {{
 """
 
                 # Remediation - Add recommendations
-                remediation_text = finding.get('remediation', '')
+                remediation_text = finding.get("remediation", "")
 
                 # If no remediation provided, generate a basic one
                 if not remediation_text:
-                    remediation_text = self._generate_default_remediation(finding, severity)
+                    remediation_text = self._generate_default_remediation(
+                        finding, severity
+                    )
 
                 if remediation_text:
-                    remediation_html = remediation_text.replace('\n', '<br>\n')
+                    remediation_html = remediation_text.replace("\n", "<br>\n")
                     section += f"<p><strong>Remediation:</strong></p>\n<p>{remediation_html}</p>\n"
 
                 section += "</div>\n<hr>\n\n"
                 finding_number += 1
-            
+
             section += "    </div>\n</details>\n\n"
-        
+
         return section
 
     # =========================================================================
@@ -3813,17 +4046,17 @@ if (credentialsCtx) {{
         # Group by tactic
         tactics_data = {}
         for item in data.heatmap_data:
-            tactic = item['tactic_name']
+            tactic = item["tactic_name"]
             if tactic not in tactics_data:
                 tactics_data[tactic] = {
-                    'id': item['tactic_id'],
-                    'order': item['tactic_order'],
-                    'techniques': []
+                    "id": item["tactic_id"],
+                    "order": item["tactic_order"],
+                    "techniques": [],
                 }
-            tactics_data[tactic]['techniques'].append(item)
+            tactics_data[tactic]["techniques"].append(item)
 
         # Sort tactics by order
-        sorted_tactics = sorted(tactics_data.items(), key=lambda x: x[1]['order'])
+        sorted_tactics = sorted(tactics_data.items(), key=lambda x: x[1]["order"])
 
         html = """
 <style>
@@ -3970,7 +4203,7 @@ if (credentialsCtx) {{
 """
 
         for tactic_name, tactic_data in sorted_tactics:
-            techniques = tactic_data['techniques']
+            techniques = tactic_data["techniques"]
             if not techniques:
                 continue
 
@@ -3981,12 +4214,14 @@ if (credentialsCtx) {{
 """
 
             for tech in techniques:
-                status_class = tech['status'].replace('_', '-')
+                status_class = tech["status"].replace("_", "-")
                 rate_html = ""
-                if tech['tested'] > 0:
+                if tech["tested"] > 0:
                     rate_html = f'<span class="mitre-technique-rate">{tech["detection_rate"]}%</span>'
 
-                tools_title = ', '.join(tech['tools_used']) if tech['tools_used'] else 'N/A'
+                tools_title = (
+                    ", ".join(tech["tools_used"]) if tech["tools_used"] else "N/A"
+                )
 
                 html += f"""
         <div class="mitre-technique {status_class}" title="Tools: {tools_title}">
@@ -4118,7 +4353,9 @@ if (credentialsCtx) {{
 """
 
         # Insert CSS before closing </head>
-        return base_header.replace('</style>\n</head>', '</style>\n' + detection_css + '</head>')
+        return base_header.replace(
+            "</style>\n</head>", "</style>\n" + detection_css + "</head>"
+        )
 
     def html_footer(self) -> str:
         """Generate HTML footer."""