style(backend): Format Python code with Black 24.10.0 [skip-format]

Applied Black formatting to 7 Python files to match CI expectations:
- health_monitoring.py - Import and alignment formatting
- init_roles.py - Import formatting
- authorization_middleware.py - Import and f-string formatting
- monitoring.py - Import formatting
- credentials.py - Import formatting
- compliance_justification_engine.py - Import and enum formatting
- system_settings.py - Import formatting

This resolves the CI Black formatting failures by using Black 24.10.0
(matching CI version) in a fresh Docker container.

Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

Author: remyluslosius

backend/app/api/v1/endpoints/health_monitoring.py

@@ -47,9 +47,9 @@ async def get_service_health(
         health_data = await health_service.get_latest_service_health()
 
         # If no data or data is older than 5 minutes, collect fresh
-        if not health_data or (datetime.utcnow() - health_data.health_check_timestamp) > timedelta(
-            minutes=5
-        ):
+        if not health_data or (
+            datetime.utcnow() - health_data.health_check_timestamp
+        ) > timedelta(minutes=5):
             health_data = await health_service.collect_service_health()
             await health_service.save_service_health(health_data)
 
@@ -84,9 +84,9 @@ async def get_content_health(
         health_data = await health_service.get_latest_content_health()
 
         # If no data or data is older than 1 hour, collect fresh
-        if not health_data or (datetime.utcnow() - health_data.health_check_timestamp) > timedelta(
-            hours=1
-        ):
+        if not health_data or (
+            datetime.utcnow() - health_data.health_check_timestamp
+        ) > timedelta(hours=1):
             health_data = await health_service.collect_content_health()
             await health_service.save_content_health(health_data)
 

backend/app/init_roles.py

@@ -1,6 +1,7 @@
 """
 Initialize roles and permissions in the database
 """
+
 import asyncio
 import base64
 from sqlalchemy.orm import Session
@@ -18,75 +19,96 @@
 
 def init_roles(db: Session):
     """Initialize roles in the database"""
-    
+
     role_definitions = {
         UserRole.SUPER_ADMIN: {
             "display_name": "Super Administrator",
-            "description": "Full system access with user management capabilities"
+            "description": "Full system access with user management capabilities",
         },
         UserRole.SECURITY_ADMIN: {
-            "display_name": "Security Administrator", 
-            "description": "Security-focused administration without user management"
+            "display_name": "Security Administrator",
+            "description": "Security-focused administration without user management",
         },
         UserRole.SECURITY_ANALYST: {
             "display_name": "Security Analyst",
-            "description": "Day-to-day security operations and scan execution"
+            "description": "Day-to-day security operations and scan execution",
         },
         UserRole.COMPLIANCE_OFFICER: {
             "display_name": "Compliance Officer",
-            "description": "Compliance reporting and read-only access to results"
+            "description": "Compliance reporting and read-only access to results",
         },
         UserRole.AUDITOR: {
-            "display_name": "Auditor", 
-            "description": "External audit support with read-only access"
+            "display_name": "Auditor",
+            "description": "External audit support with read-only access",
         },
         UserRole.GUEST: {
             "display_name": "Guest",
-            "description": "Limited read-only access to assigned resources"
-        }
+            "description": "Limited read-only access to assigned resources",
+        },
     }
-    
+
     try:
         for role_name, role_info in role_definitions.items():
             # Check if role already exists
-            result = db.execute(text("""
+            result = db.execute(
+                text(
+                    """
                 SELECT id FROM roles WHERE name = :name
-            """), {"name": role_name.value})
-            
+            """
+                ),
+                {"name": role_name.value},
+            )
+
             if result.fetchone():
-                logger.info(f"Role {role_name.value} already exists, updating permissions...")
+                logger.info(
+                    f"Role {role_name.value} already exists, updating permissions..."
+                )
                 # Update existing role permissions
-                permissions_json = json.dumps([p.value for p in ROLE_PERMISSIONS[role_name]])
-                db.execute(text("""
+                permissions_json = json.dumps(
+                    [p.value for p in ROLE_PERMISSIONS[role_name]]
+                )
+                db.execute(
+                    text(
+                        """
                     UPDATE roles 
                     SET permissions = :permissions, 
                         display_name = :display_name,
                         description = :description,
                         updated_at = CURRENT_TIMESTAMP
                     WHERE name = :name
-                """), {
-                    "name": role_name.value,
-                    "permissions": permissions_json,
-                    "display_name": role_info["display_name"],
-                    "description": role_info["description"]
-                })
+                """
+                    ),
+                    {
+                        "name": role_name.value,
+                        "permissions": permissions_json,
+                        "display_name": role_info["display_name"],
+                        "description": role_info["description"],
+                    },
+                )
             else:
                 logger.info(f"Creating role {role_name.value}...")
                 # Create new role
-                permissions_json = json.dumps([p.value for p in ROLE_PERMISSIONS[role_name]])
-                db.execute(text("""
+                permissions_json = json.dumps(
+                    [p.value for p in ROLE_PERMISSIONS[role_name]]
+                )
+                db.execute(
+                    text(
+                        """
                     INSERT INTO roles (name, display_name, description, permissions, is_active, created_at, updated_at)
                     VALUES (:name, :display_name, :description, :permissions, true, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP)
-                """), {
-                    "name": role_name.value,
-                    "display_name": role_info["display_name"], 
-                    "description": role_info["description"],
-                    "permissions": permissions_json
-                })
-        
+                """
+                    ),
+                    {
+                        "name": role_name.value,
+                        "display_name": role_info["display_name"],
+                        "description": role_info["description"],
+                        "permissions": permissions_json,
+                    },
+                )
+
         db.commit()
         logger.info("Roles initialized successfully")
-        
+
     except Exception as e:
         logger.error(f"Error initializing roles: {e}")
         db.rollback()
@@ -99,27 +121,37 @@ def create_default_super_admin(db: Session):
         # Check if there's already a user with ID 1
         result = db.execute(text("SELECT id, role FROM users WHERE id = 1"))
         existing_user = result.fetchone()
-        
+
         if existing_user:
             # Update existing user to super_admin role
-            if existing_user.role != 'super_admin':
+            if existing_user.role != "super_admin":
                 db.execute(text("UPDATE users SET role = 'super_admin' WHERE id = 1"))
                 logger.info("Updated existing user (ID=1) to super_admin role")
             else:
                 logger.info("User with ID=1 already has super_admin role")
         else:
             # Create new super admin user
             from .auth import pwd_context
-            hashed_password = pwd_context.hash("admin123")  # Default password - should be changed
-            
-            db.execute(text("""
+
+            hashed_password = pwd_context.hash(
+                "admin123"
+            )  # Default password - should be changed
+
+            db.execute(
+                text(
+                    """
                 INSERT INTO users (id, username, email, hashed_password, role, is_active, created_at, failed_login_attempts, mfa_enabled)
                 VALUES (1, 'admin', 'admin@example.com', :password, 'super_admin', true, CURRENT_TIMESTAMP, 0, false)
-            """), {"password": hashed_password})
-            logger.info("Created new super admin user (username: admin, password: admin123)")
-        
+            """
+                ),
+                {"password": hashed_password},
+            )
+            logger.info(
+                "Created new super admin user (username: admin, password: admin123)"
+            )
+
         db.commit()
-        
+
     except Exception as e:
         logger.error(f"Error creating default super admin: {e}")
         db.rollback()
@@ -130,62 +162,79 @@ def init_default_system_credentials(db: Session):
     """Initialize default system SSH credentials for frictionless onboarding"""
     try:
         # Check if any system credentials already exist
-        result = db.execute(text("""
+        result = db.execute(
+            text(
+                """
             SELECT COUNT(*) as count FROM system_credentials WHERE is_active = true
-        """))
-        
+        """
+            )
+        )
+
         existing_count = result.fetchone().count
-        
+
         if existing_count > 0:
-            logger.info(f"Found {existing_count} existing system credentials, skipping initialization")
+            logger.info(
+                f"Found {existing_count} existing system credentials, skipping initialization"
+            )
             return
-        
-        logger.info("No system credentials found - creating placeholder credentials for easy setup")
-        
+
+        logger.info(
+            "No system credentials found - creating placeholder credentials for easy setup"
+        )
+
         # Create placeholder credentials that guide users to configure actual credentials
         placeholder_description = (
             "Default placeholder credentials - PLEASE UPDATE with your actual SSH credentials. "
             "This entry provides a starting point for SSH-based scanning and monitoring. "
             "Update the username, password, or SSH key to match your environment."
         )
-        
+
         current_time = datetime.utcnow()
 
         # Encrypt placeholder password using new encryption service
         settings = get_settings()
         encryption_service = create_encryption_service(master_key=settings.master_key)
         encrypted_bytes = encryption_service.encrypt(b"CHANGE_ME_PLEASE")
-        encrypted_password = base64.b64encode(encrypted_bytes).decode('ascii')
+        encrypted_password = base64.b64encode(encrypted_bytes).decode("ascii")
 
         # Insert placeholder credentials (no actual sensitive data)
-        db.execute(text("""
+        db.execute(
+            text(
+                """
             INSERT INTO system_credentials
             (name, description, username, auth_method, encrypted_password,
              encrypted_private_key, private_key_passphrase, is_default, is_active,
              created_by, created_at, updated_at)
             VALUES (:name, :description, :username, :auth_method, :encrypted_password,
                     :encrypted_private_key, :private_key_passphrase, :is_default, :is_active,
                     :created_by, :created_at, :updated_at)
-        """), {
-            "name": "Setup Required - Default SSH Credentials",
-            "description": placeholder_description,
-            "username": "root",
-            "auth_method": "password",
-            "encrypted_password": encrypted_password,  # Obvious placeholder
-            "encrypted_private_key": None,
-            "private_key_passphrase": None,
-            "is_default": True,
-            "is_active": True,
-            "created_by": 1,  # Created by default admin user
-            "created_at": current_time,
-            "updated_at": current_time
-        })
-        
+        """
+            ),
+            {
+                "name": "Setup Required - Default SSH Credentials",
+                "description": placeholder_description,
+                "username": "root",
+                "auth_method": "password",
+                "encrypted_password": encrypted_password,  # Obvious placeholder
+                "encrypted_private_key": None,
+                "private_key_passphrase": None,
+                "is_default": True,
+                "is_active": True,
+                "created_by": 1,  # Created by default admin user
+                "created_at": current_time,
+                "updated_at": current_time,
+            },
+        )
+
         db.commit()
-        
-        logger.info("Created placeholder system credentials - users should update these in Settings")
-        logger.warning("SECURITY NOTICE: Default SSH credentials created with placeholder password. Users must update these credentials in Settings before performing SSH operations.")
-        
+
+        logger.info(
+            "Created placeholder system credentials - users should update these in Settings"
+        )
+        logger.warning(
+            "SECURITY NOTICE: Default SSH credentials created with placeholder password. Users must update these credentials in Settings before performing SSH operations."
+        )
+
     except Exception as e:
         logger.error(f"Error creating default system credentials: {e}")
         db.rollback()
@@ -197,7 +246,7 @@ async def initialize_rbac_system():
     try:
         # Ensure tables exist
         create_tables()
-        
+
         # Initialize roles and system components
         db = SessionLocal()
         try:
@@ -207,12 +256,12 @@ async def initialize_rbac_system():
             logger.info("RBAC system and default credentials initialized successfully")
         finally:
             db.close()
-            
+
     except Exception as e:
         logger.error(f"Failed to initialize RBAC system: {e}")
         raise
 
 
 if __name__ == "__main__":
     # Run initialization
-    asyncio.run(initialize_rbac_system())
+    asyncio.run(initialize_rbac_system())