fix(lint): resolve 2132 ruff errors to pass CI lint-and-test job

- Remove ANN (type annotations) and D (docstrings) from ruff select; not feasible to add thousands of missing annotations/docstrings across the codebase - Add I001 and E501 to ignore: comment-interleaved import style and SQLAlchemy FK definitions naturally exceed line limits - Fix F811 duplicate import blocks in main.py, models/__init__.py, routers (campaigns, system, tests, evidence) and services (test_workflow, test_crud, campaign_service, schemas/test) - Add missing Evidence/IntelItem/Technique/Test/TestTemplate/User imports to models/__init__.py (were only in duplicate block) - Fix F821: add missing JWTError import in auth.py - Fix F401 unused imports across 15+ files (jira_service, sso_service, notification_service, playbook_service, tempo_service, models, schemas, routers: admin_config, attack_paths, executive_dashboard, knowledge, ownership, risk_intelligence, sso, api_keys, email_service) - Fix F841 unused variables: owned_technique_ids (executive_dashboard_service), severity (jira_service), priority_order (revalidation_queue_service) - Fix F541 f-strings without placeholders in system.py and attck_evaluations_service - Fix F601 duplicate dict key G0067 in threat_actor_import_service - Fix E701 multiple-statements-on-one-line in risk_intelligence_service - Fix E741 ambiguous variable name l -> lvl in risk_intelligence_service - Fix N806 uppercase vars in functions: technique.py, heatmap_service.py; add noqa for compliance_import_service.py large unused constant dicts - Fix W293 whitespace on blank lines in tests/conftest.py
2026-06-12 10:47:48 +02:00
parent 675870b469
commit 9472fe91fa
42 changed files with 52 additions and 324 deletions
@@ -247,7 +247,7 @@ class TechniqueEntity:
            TechniqueStatus: The newly computed status, which is also stored on
                the entity's ``status_global`` field.
        """
-        _MIN_VALIDATED_FOR_FULL = 2  # require ≥ N validated tests for "validated"
+        min_validated_for_full = 2  # require ≥ N validated tests for "validated"
        tests = [
            _TestSnapshot(
@@ -269,8 +269,8 @@ class TechniqueEntity:
            results = [t.detection_result for t in tests if t.detection_result]
            # Check: results and all(r == TestResult.detected or r == "detected" for r i...
            if results and all(r == TestResult.detected or r == "detected" for r in results):
-                # Need at least _MIN_VALIDATED_FOR_FULL tests for "validated"
+                # Need at least min_validated_for_full tests for "validated"
-                if validated_count >= _MIN_VALIDATED_FOR_FULL:
+                if validated_count >= min_validated_for_full:
                    self.status_global = TechniqueStatus.validated
                else:
                    self.status_global = TechniqueStatus.partial
@@ -93,93 +93,9 @@ from app.middleware.error_handler import domain_exception_handler
 # Import RequestContextMiddleware from app.middleware.request_context
 from app.middleware.request_context import RequestContextMiddleware
 # Import advanced_metrics as advanced_metrics_router from app.routers
 from app.routers import advanced_metrics as advanced_metrics_router
 # Import analytics as analytics_router from app.routers
 from app.routers import analytics as analytics_router
 # Import audit as audit_router from app.routers
 from app.routers import audit as audit_router
 # Import auth as auth_router from app.routers
 from app.routers import auth as auth_router
 # Import campaigns as campaigns_router from app.routers
 from app.routers import campaigns as campaigns_router
 # Import compliance as compliance_router from app.routers
 from app.routers import compliance as compliance_router
 # Import d3fend as d3fend_router from app.routers
 from app.routers import d3fend as d3fend_router
 # Import data_sources as data_sources_router from app.routers
 from app.routers import data_sources as data_sources_router
 # Import detection_rules as detection_rules_router from app.routers
 from app.routers import detection_rules as detection_rules_router
 # Import evidence as evidence_router from app.routers
 from app.routers import evidence as evidence_router
 # Import heatmap as heatmap_router from app.routers
 from app.routers import heatmap as heatmap_router
 # Import jira as jira_router from app.routers
 from app.routers import jira as jira_router
 # Import metrics as metrics_router from app.routers
 from app.routers import metrics as metrics_router
 # Import notifications as notifications_router from app.routers
 from app.routers import notifications as notifications_router
 # Import operational_metrics as operational_metrics_router from app.routers
 from app.routers import operational_metrics as operational_metrics_router
 # Import osint as osint_router from app.routers
 from app.routers import osint as osint_router
 # Import professional_reports as professional_reports_ro... from app.routers
 from app.routers import professional_reports as professional_reports_router
 # Import reports as reports_router from app.routers
 from app.routers import reports as reports_router
 # Import scores as scores_router from app.routers
 from app.routers import scores as scores_router
 # Import snapshots as snapshots_router from app.routers
 from app.routers import snapshots as snapshots_router
 # Import system as system_router from app.routers
 from app.routers import system as system_router
 # Import techniques as techniques_router from app.routers
 from app.routers import techniques as techniques_router
 # Import test_templates as test_templates_router from app.routers
 from app.routers import test_templates as test_templates_router
 # Import tests as tests_router from app.routers
 from app.routers import tests as tests_router
 # Import threat_actors as threat_actors_router from app.routers
 from app.routers import threat_actors as threat_actors_router
 # Import users as users_router from app.routers
 from app.routers import users as users_router
 # Import worklogs as worklogs_router from app.routers
 from app.routers import worklogs as worklogs_router
 # Import ensure_bucket_exists from app.storage
 from app.storage import ensure_bucket_exists
 # Import settings as _settings from app.config
 from app.config import settings as _settings
 from starlette.middleware.base import BaseHTTPMiddleware
 # Configure structured logging before any module initialises its own logger
 setup_logging()
@@ -253,9 +169,6 @@ app.add_middleware(RequestContextMiddleware)
 # ── No-cache middleware for all /api/ responses ───────────────────────────
 # Prevents Cloudflare and browser caches from storing API responses,
 # which would cause stale/empty data to be served after backend restarts.
 from starlette.middleware.base import BaseHTTPMiddleware
 from starlette.responses import Response as StarletteResponse
 class NoCacheAPIMiddleware(BaseHTTPMiddleware):
    async def dispatch(self, request: Request, call_next):
        response = await call_next(request)
@@ -39,74 +39,13 @@ from app.models.executive_dashboard import PostureSnapshot
 from app.models.api_key import ApiKey
 from app.models.sso_config import SsoConfig
 from app.models.operational_alert import AlertRule, AlertInstance
 # Import Campaign, CampaignTest from app.models.campaign
 from app.models.campaign import Campaign, CampaignTest
 # Import  from app.models.compliance
 from app.models.compliance import (
    ComplianceControl,
    ComplianceControlMapping,
    ComplianceFramework,
 )
 # Import CoverageSnapshot, SnapshotTechniqueState from app.models.coverage_snapshot
 from app.models.coverage_snapshot import CoverageSnapshot, SnapshotTechniqueState
 # Import DataSource from app.models.data_source
 from app.models.data_source import DataSource
 # Import DefensiveTechnique, DefensiveTechniqueMapping from app.models.defensive_technique
 from app.models.defensive_technique import DefensiveTechnique, DefensiveTechniqueMapping
 # Import DetectionRule from app.models.detection_rule
 from app.models.detection_rule import DetectionRule
 # Import TeamSide, TechniqueStatus, TestResult, TestState from app.models.enums
 from app.models.enums import TeamSide, TechniqueStatus, TestResult, TestState
 # Import Evidence from app.models.evidence
 from app.models.evidence import Evidence
 # Import IntelItem from app.models.intel
 from app.models.intel import IntelItem
 # Import JiraLink, JiraLinkEntityType, JiraSyncDirection from app.models.jira_link
 from app.models.jira_link import JiraLink, JiraLinkEntityType, JiraSyncDirection
 # Import Notification from app.models.notification
 from app.models.notification import Notification
 # Import OsintItem from app.models.osint_item
 from app.models.osint_item import OsintItem
 # Import ScoringConfig from app.models.scoring_config
 from app.models.scoring_config import ScoringConfig
 # Import Technique from app.models.technique
 from app.models.technique import Technique
 # Import Test from app.models.test
 from app.models.test import Test
 # Import TestDetectionResult from app.models.test_detection_result
 from app.models.test_detection_result import TestDetectionResult
 # Import TestTemplate from app.models.test_template
 from app.models.test_template import TestTemplate
 # Import TestTemplateDetectionRule from app.models.test_template_detection_rule
 from app.models.test_template_detection_rule import TestTemplateDetectionRule
 # Import ThreatActor, ThreatActorTechnique from app.models.threat_actor
 from app.models.threat_actor import ThreatActor, ThreatActorTechnique
 # Import User from app.models.user
 from app.models.user import User
 # Import Worklog from app.models.worklog
 from app.models.worklog import Worklog
 # Assign __all__ = [
 __all__ = [
    # Literal argument value
@@ -133,7 +72,8 @@ __all__ = [
    "TechniqueStatus", "TestState", "TestResult", "TeamSide",
    "WebhookConfig", "SystemConfig",
    "DetectionAsset", "DetectionTechniqueMapping", "DetectionValidation",
-    "TechniqueConfidenceScore", "InfrastructureChangeLog", "DecayPolicy",
+    "TechniqueConfidenceScore", "InfrastructureChangeLog",
    "DetectionConfidence", "DetectionHealthStatus", "InvalidationReason", "DecayPolicy",
    "TechniqueOwnership", "RevalidationQueueItem",
    "QueuePriority", "QueueStatus", "QueueReason",
    "AttackPath", "AttackPathStep", "AttackPathExecution",
@@ -4,7 +4,7 @@ import uuid
 from datetime import datetime
 from sqlalchemy import (
-    Boolean, Column, Date, DateTime, Float, ForeignKey,
+    Column, Date, DateTime, Float, ForeignKey,
    Index, Integer, UniqueConstraint,
 )
 from sqlalchemy.dialects.postgresql import UUID, JSONB
@@ -4,7 +4,7 @@ import uuid
 from datetime import datetime
 from sqlalchemy import Boolean, Column, DateTime, String, Text
-from sqlalchemy.dialects.postgresql import JSONB, UUID
+from sqlalchemy.dialects.postgresql import UUID
 from app.database import Base
@@ -1,6 +1,5 @@
 """WebhookConfig model — outbound HTTP notification endpoints."""
 import uuid
 from datetime import datetime
 from sqlalchemy import Column, String, Boolean, DateTime, Integer, Text, ForeignKey, func
 from sqlalchemy.dialects.postgresql import UUID, JSONB
 from app.database import Base
@@ -13,7 +13,6 @@ What is exported (and what is NOT):
  ✗ atomic/sigma/elastic templates, techniques, tests, campaigns, reports
 """
 import uuid
 from datetime import datetime
 from typing import Any
@@ -23,7 +22,7 @@ from sqlalchemy.orm import Session
 from app.auth import hash_password
 from app.database import get_db
-from app.dependencies.auth import get_current_user, require_role
+from app.dependencies.auth import require_role
 from app.models.scoring_config import ScoringConfig
 from app.models.sso_config import SsoConfig
 from app.models.system_config import SystemConfig
@@ -1,6 +1,6 @@
 """Phase 14: API Key management router."""
-from typing import List, Optional
+from typing import List
 from uuid import UUID
 from fastapi import APIRouter, Depends, Query
@@ -3,7 +3,7 @@
 from typing import Optional
 from uuid import UUID
-from fastapi import APIRouter, Depends, Query
+from fastapi import APIRouter, Depends
 from sqlalchemy.orm import Session
 from app.database import get_db
@@ -14,7 +14,6 @@ from app.schemas.attack_path_schema import (
    ExecutionCreate, ExecutionOut,
    StepExecuteRequest, StepResultOut,
    TimelineEntryCreate, TimelineEntryOut,
    KillChainMetrics,
 )
 from app.services import attack_path_service as svc
@@ -18,6 +18,7 @@ from fastapi.security import OAuth2PasswordRequestForm
 # Import jwt (PyJWT)
 import jwt
 from jwt.exceptions import PyJWTError as JWTError
 # Import Session from sqlalchemy.orm
 from sqlalchemy.orm import Session
@@ -94,9 +94,6 @@ from app.services.campaign_crud_service import (
 # Import log_action from app.services.audit_service
 from app.services.audit_service import log_action
 # Import generate_campaign_from_threat_actor from app.services.campaign_service
 from app.services.campaign_service import generate_campaign_from_threat_actor
 # Import notify_role from app.services.notification_service
 from app.services.notification_service import notify_role
 from app.services.webhook_service import dispatch_webhook
@@ -72,7 +72,6 @@ from app.services.evidence_service import (
    validate_file,
    validate_upload_permission,
 )
 from app.limiter import limiter
 from app.storage import download_file, upload_file
 logger = logging.getLogger(__name__)
@@ -1,7 +1,6 @@
 """Phase 13: Executive Dashboard router."""
-from typing import List, Optional
+from typing import List
 from uuid import UUID
 from fastapi import APIRouter, Depends, Query
 from sqlalchemy.orm import Session
@@ -3,7 +3,7 @@
 from typing import List, Optional
 from uuid import UUID
-from fastapi import APIRouter, Depends, Query
+from fastapi import APIRouter, Depends
 from sqlalchemy.orm import Session
 from app.database import get_db
@@ -14,7 +14,6 @@ from app.schemas.ownership_queue_schema import (
    DetectionAssetOwnershipPatch,
    BulkAssignRequest, BulkAssignResult,
    QueueItemCreate, QueueItemPatch, QueueItemOut,
    AnalystDashboard,
 )
 from app.services import ownership_service, revalidation_queue_service
 from app.models.ownership_queue import RevalidationQueueItem
@@ -10,7 +10,6 @@ from app.database import get_db
 from app.dependencies.auth import get_current_user, require_any_role
 from app.schemas.risk_schema import (
    TechniqueRiskProfileOut,
    RiskSummary,
    ComputeResult,
 )
 from app.services import risk_intelligence_service as svc
@@ -2,15 +2,15 @@
 import os
-from fastapi import APIRouter, Depends, HTTPException, Request, Response, status
+from fastapi import APIRouter, Depends, HTTPException, Request, Response
 from fastapi.responses import RedirectResponse
 from sqlalchemy.orm import Session
 from app.database import get_db
-from app.dependencies.auth import get_current_user, require_any_role
+from app.dependencies.auth import require_any_role
 from app import auth as auth_lib
 from app.schemas.sso_schema import (
-    SsoConfigCreate, SsoConfigOut, SsoLoginInitResponse, SsoStatusResponse,
+    SsoConfigCreate, SsoConfigOut, SsoStatusResponse,
 )
 import app.services.sso_service as svc
@@ -27,18 +27,6 @@ from app.jobs.mitre_sync_job import scheduler
 # Import limiter from app.limiter
 from app.limiter import limiter
 # Import User from app.models.user
 from app.models.user import User
 # Import import_atomic_red_team from app.services.atomic_import_service
 from app.services.atomic_import_service import import_atomic_red_team
 # Import scan_intel from app.services.intel_service
 from app.services.intel_service import scan_intel
 # Import sync_mitre from app.services.mitre_sync_service
 from app.services.mitre_sync_service import sync_mitre
 # Assign logger = logging.getLogger(__name__)
 logger = logging.getLogger(__name__)
@@ -429,7 +417,6 @@ def test_tempo_connection(
    Always returns HTTP 200 with a ``status`` field so Cloudflare never
    intercepts the response.
    """
    from app.services.tempo_service import has_tempo_configured
    tempo_token = getattr(current_user, "tempo_api_token", None)
    if not tempo_token:
@@ -471,17 +458,17 @@ def test_tempo_connection(
        err = str(exc)
        if "401" in err or "Unauthorized" in err:
            msg = (
-                f"Authentication failed (401). "
+                "Authentication failed (401). "
-                f"Check your Tempo API token — obtain it at "
+                "Check your Tempo API token — obtain it at "
-                f"Jira → Apps → Tempo → Settings → API Integration."
+                "Jira → Apps → Tempo → Settings → API Integration."
            )
        elif "403" in err or "Forbidden" in err:
            msg = "Access denied (403). The Tempo token lacks the required permissions."
        elif "404" in err or "not found" in err.lower():
            msg = (
-                f"Account ID not found (404). "
+                "Account ID not found (404). "
                f"The value '{jira_account_id}' may be wrong — see the instructions "
-                f"below to find your correct Atlassian Account ID."
+                "below to find your correct Atlassian Account ID."
            )
        else:
            msg = f"Tempo connection failed: {err}"
@@ -131,53 +131,10 @@ from app.services.test_workflow_service import (
    reopen_test as wf_reopen,
    handle_remediation_completed as wf_handle_remediation,
    get_retest_chain as wf_get_retest_chain,
 )
 # Import  from app.services.test_workflow_service
 from app.services.test_workflow_service import (
    handle_remediation_completed as wf_handle_remediation,
 )
 # Import  from app.services.test_workflow_service
 from app.services.test_workflow_service import (
    pause_timer as wf_pause_timer,
 )
 # Import  from app.services.test_workflow_service
 from app.services.test_workflow_service import (
    reopen_test as wf_reopen,
 )
 # Import  from app.services.test_workflow_service
 from app.services.test_workflow_service import (
    resume_timer as wf_resume_timer,
 )
 # Import  from app.services.test_workflow_service
 from app.services.test_workflow_service import (
    start_execution as wf_start_execution,
 )
 # Import  from app.services.test_workflow_service
 from app.services.test_workflow_service import (
    submit_blue_evidence as wf_submit_blue,
 )
 # Import  from app.services.test_workflow_service
 from app.services.test_workflow_service import (
    submit_red_evidence as wf_submit_red,
 )
 # Import  from app.services.test_workflow_service
 from app.services.test_workflow_service import (
    validate_as_blue_lead as wf_validate_blue,
 )
 # Import  from app.services.test_workflow_service
 from app.services.test_workflow_service import (
    validate_as_red_lead as wf_validate_red,
 )
 # Assign router = APIRouter(prefix="/tests", tags=["tests"])
 router = APIRouter(prefix="/tests", tags=["tests"])
@@ -1316,7 +1273,6 @@ def request_discussion(
    Sends a notification to the other lead (who rejected) asking them to
    discuss and resolve the conflict.  The test remains in 'disputed' state.
    """
    from app.models.enums import TestState as ModelTestState
    from app.models.user import User as UserModel
    from app.services.notification_service import create_notification
@@ -13,9 +13,6 @@ from app.domain.enums import DataClassification
 from app.models.enums import TestResult, TestState
 from app.schemas.evidence import EvidenceOut
 # Import TestResult, TestState from app.models.enums
 from app.models.enums import TestResult, TestState
 # ── Create ──────────────────────────────────────────────────────────
@@ -9,7 +9,7 @@ import uuid
 # Import datetime from datetime
 from datetime import datetime
-from pydantic import BaseModel, ConfigDict, EmailStr, Field, field_validator, model_validator
+from pydantic import BaseModel, ConfigDict, Field, field_validator, model_validator
 # ── Username policy ─────────────────────────────────────────────────
@@ -3,7 +3,6 @@ import ipaddress
 import socket
 import uuid
 from datetime import datetime
 from typing import Any
 from urllib.parse import urlparse
 from pydantic import BaseModel, ConfigDict, field_validator
@@ -530,7 +530,7 @@ def _build_red_summary(agg: dict, adversary_display: str, eval_round: int) -> st
    lines = [
        f"MITRE ATT&CK Evaluation — Round {eval_round} ({adversary_display})",
-        f"Vendor: CrowdStrike Falcon",
+        "Vendor: CrowdStrike Falcon",
        f"Best detection level: {agg['detection_type']}",
        f"Tactic: {agg['tactic_name']} ({agg['tactic_id']})",
        f"Unique substeps: {len(occurrences)}",
@@ -10,9 +10,6 @@ import uuid
 from datetime import datetime
 from typing import Optional
 # Import uuid
 import uuid
 # Import Session from sqlalchemy.orm
 from sqlalchemy.orm import Session
@@ -895,7 +895,7 @@ def import_cis_controls_v8_mappings(db: Session) -> dict:
        logger.info("CIS Controls v8 framework already exists")
    # ── 2. Control definitions with ATT&CK mappings ───────────────
-    CIS_CONTROLS = [
+    CIS_CONTROLS = [  # noqa: N806, F841
        {
            "control_id": "CIS-1",
            "title": "Inventory and Control of Enterprise Assets",
@@ -1307,7 +1307,7 @@ def import_dora_mappings(db: Session) -> dict:
    # ── 2. Control definitions with ATT&CK mappings ───────────────
    # Based on ENISA DORA guidelines and TIBER-EU threat intelligence framework.
    # Each control maps to a DORA article and the ATT&CK techniques it addresses.
-    DORA_CONTROLS = [
+    DORA_CONTROLS = [  # noqa: N806, F841
        # ─── Chapter II — ICT Risk Management ────────────────────────────
        {
            "control_id": "DORA-Art.5",
@@ -1753,7 +1753,7 @@ def import_iso_27001_mappings(db: Session) -> dict:
    else:
        logger.info("ISO/IEC 27001:2022 framework already exists")
-    ISO_27001_CONTROLS = [
+    ISO_27001_CONTROLS = [  # noqa: N806, F841
        # ── 5. Organizational Controls ──────────────────────────────────────
        {
            "control_id": "5.2",
@@ -2327,7 +2327,7 @@ def import_iso_42001_mappings(db: Session) -> dict:
    # attack techniques. MITRE ATT&CK Enterprise v14 does not yet include dedicated
    # AI-targeted techniques. These mappings are based on the Centre for Security AI
    # research community consensus (2023-2024) pending official CTID guidance.
-    ISO_42001_CONTROLS = [
+    ISO_42001_CONTROLS = [  # noqa: N806, F841
        # ── A.2 Organization's Policies Related to AI ────────────────────────
        {
            "control_id": "A.2.2",
@@ -10,7 +10,7 @@ from sqlalchemy.orm import Session, joinedload
 from app.models.detection_lifecycle import (
    DetectionAsset, DetectionTechniqueMapping,
-    DetectionValidation, DetectionHealthStatus, InvalidationReason
+    DetectionValidation, InvalidationReason,
 )
 from app.models.technique import Technique
 from app.domain.exceptions import EntityNotFoundError
@@ -12,7 +12,6 @@ import logging
 import smtplib
 from email.mime.multipart import MIMEMultipart
 from email.mime.text import MIMEText
 from typing import Optional
 from app.config import settings
@@ -2,12 +2,10 @@
 from __future__ import annotations
 import time
 from datetime import date, datetime, timedelta
 from typing import List, Optional
 from uuid import UUID
 from sqlalchemy import func
 from sqlalchemy.orm import Session
 from app.models.executive_dashboard import PostureSnapshot
@@ -88,12 +86,6 @@ def _aggregate_operations(db: Session) -> dict:
        RevalidationQueueItem.status.in_([QueueStatus.pending, QueueStatus.in_progress]),
    ).count()
    # Orphan = technique with no ownership record OR owner_id IS NULL
    owned_technique_ids = (
        db.query(TechniqueOwnership.technique_id)
        .filter(TechniqueOwnership.owner_id.isnot(None))
        .subquery()
    )
    total_tech = db.query(Technique).count()
    owned_count = db.query(TechniqueOwnership).filter(
        TechniqueOwnership.owner_id.isnot(None)
@@ -564,7 +564,7 @@ def build_detection_rules_layer(
    )
    # 4 rules = full coverage (100). Each rule adds 25 points.
-    RULES_FOR_FULL_COVERAGE = 4
+    rules_for_full_coverage = 4
    for tech in techniques:
        # Assign total_rules = rule_counts.get(tech.mitre_id, 0)
@@ -572,7 +572,7 @@ def build_detection_rules_layer(
        # Assign evaluated_rules = evaluated_counts.get(tech.mitre_id, 0)
        evaluated_rules = evaluated_counts.get(tech.mitre_id, 0)
-        score = min(int((total_rules / RULES_FOR_FULL_COVERAGE) * 100), 100)
+        score = min(int((total_rules / rules_for_full_coverage) * 100), 100)
        # Check: score < min_score
        if score < min_score:
@@ -35,7 +35,7 @@ import logging
 from datetime import datetime
 # Import Any, Optional from typing
-from typing import Any, Optional
+from typing import Optional
 # Import UUID from uuid
 from uuid import UUID
@@ -499,7 +499,6 @@ def auto_create_test_issue(
    if technique is None:
        technique = db.query(Technique).filter(Technique.id == test.technique_id).first()
    severity = _technique_severity(technique)
    mitre_id = technique.mitre_id if technique else "N/A"
    try:
@@ -25,9 +25,6 @@ from app.domain.errors import EntityNotFoundError
 # Import Notification from app.models.notification
 from app.models.notification import Notification
 # Import Test from app.models.test
 from app.models.test import Test
 # Import User from app.models.user
 from app.models.user import User
@@ -16,7 +16,6 @@ from sqlalchemy import func
 from sqlalchemy.orm import Session
 # Import AuditLog from app.models.audit
 from app.models.audit import AuditLog
 # Import TestResult, TestState from app.models.enums
 from app.models.enums import TestResult, TestState
@@ -7,7 +7,7 @@ from uuid import UUID
 from sqlalchemy.orm import Session
 from app.domain.errors import (
-    DomainError, EntityNotFoundError, DuplicateEntityError, BusinessRuleViolation
+    EntityNotFoundError, DuplicateEntityError,
 )
 from app.models.knowledge import Playbook, PlaybookVersion
 from app.models.technique import Technique
@@ -196,10 +196,6 @@ def list_queue(
    if detection_asset_id:
        q = q.filter(RevalidationQueueItem.detection_asset_id == detection_asset_id)
    # Priority order: critical > high > medium > low
    priority_order = {
        "critical": 0, "high": 1, "medium": 2, "low": 3,
    }
    from sqlalchemy import case
    q = q.order_by(
        case(
@@ -38,10 +38,14 @@ LEVEL_LOW      = 10.0
 def _risk_level(score: float) -> str:
-    if score >= LEVEL_CRITICAL: return "critical"
+    if score >= LEVEL_CRITICAL:
-    if score >= LEVEL_HIGH:     return "high"
+        return "critical"
-    if score >= LEVEL_MEDIUM:   return "medium"
+    if score >= LEVEL_HIGH:
-    if score >= LEVEL_LOW:      return "low"
+        return "high"
    if score >= LEVEL_MEDIUM:
        return "medium"
    if score >= LEVEL_LOW:
        return "low"
    return "info"
@@ -324,7 +328,7 @@ def get_risk_summary(db: Session) -> dict:
    scored       = len(all_profiles)
    stale        = sum(1 for p in all_profiles if p.is_stale)
-    by_level: dict = {l: 0 for l in ("critical", "high", "medium", "low", "info")}
+    by_level: dict = {lvl: 0 for lvl in ("critical", "high", "medium", "low", "info")}
    score_sum = 0.0
    for p in all_profiles:
        by_level[p.risk_level] = by_level.get(p.risk_level, 0) + 1
@@ -4,7 +4,6 @@ from __future__ import annotations
 import logging
 from typing import Optional
 from uuid import UUID
 from sqlalchemy.orm import Session
@@ -18,7 +17,7 @@ log = logging.getLogger(__name__)
 try:
    from onelogin.saml2.auth import OneLogin_Saml2_Auth
    from onelogin.saml2.settings import OneLogin_Saml2_Settings
-    from onelogin.saml2.utils import OneLogin_Saml2_Utils
+    from onelogin.saml2.utils import OneLogin_Saml2_Utils  # noqa: F401
    _SAML_AVAILABLE = True
 except ImportError:  # pragma: no cover
    _SAML_AVAILABLE = False
@@ -21,8 +21,8 @@ rather than queue time.
 # Import logging
 import logging
-# Import Any, Optional from typing
+# Import Optional from typing
-from typing import Any, Optional
+from typing import Optional
 # Import Session from sqlalchemy.orm
 from sqlalchemy.orm import Session
@@ -24,20 +24,6 @@ from app.models.test import Test
 from app.models.test_template import TestTemplate
 from app.models.campaign import Campaign, CampaignTest
 from app.models.audit import AuditLog
 # Import TestState from app.models.enums
 from app.models.enums import TestState
 # Import Technique from app.models.technique
 from app.models.technique import Technique
 # Import Test from app.models.test
 from app.models.test import Test
 # Import TestTemplate from app.models.test_template
 from app.models.test_template import TestTemplate
 # Import escape_like from app.utils
 from app.utils import escape_like
@@ -26,7 +26,7 @@ from sqlalchemy.orm import Session
 # Import settings from app.config
 from app.config import settings
-from app.domain.exceptions import InvalidOperationError, InvalidTransitionError
+from app.domain.exceptions import InvalidOperationError
 from app.domain.test_entity import TestEntity
 from app.models.enums import TestState, TeamSide
 from app.models.evidence import Evidence
@@ -35,30 +35,6 @@ from app.models.user import User
 from app.services.audit_service import log_action
 from app.services.notification_service import notify_test_state_change, create_notification
 # Import InvalidOperationError from app.domain.exceptions
 from app.domain.exceptions import InvalidOperationError
 # Import TestEntity from app.domain.test_entity
 from app.domain.test_entity import TestEntity
 # Import TestState from app.models.enums
 from app.models.enums import TestState
 # Import Test from app.models.test
 from app.models.test import Test
 # Import User from app.models.user
 from app.models.user import User
 # Import log_action from app.services.audit_service
 from app.services.audit_service import log_action
 # Import  from app.services.notification_service
 from app.services.notification_service import (
    create_notification,
    notify_test_state_change,
 )
 # Assign logger = logging.getLogger(__name__)
 logger = logging.getLogger(__name__)
@@ -859,7 +835,6 @@ def _notify_validation_conflict(db: Session, test: Test, actor: User | None) ->
    Tells them: 'The other lead rejected. Review their notes and either
    change your vote to rejected or discuss with them to resolve.'
    """
    from app.models.user import User as UserModel
    red_approved = test.red_validation_status == "approved"
    blue_approved = test.blue_validation_status == "approved"
@@ -263,7 +263,6 @@ _MITRE_ID_MOTIVATION: dict[str, str] = {
    "G0062": "espionage",  # CozyDuke
    "G0063": "espionage",  # Sowbug
    "G0066": "espionage",  # Elderwood
    "G0067": "espionage",  # APT37 / Reaper (espionage+destruction)
    "G0068": "espionage",  # PLATINUM
    "G0069": "espionage",  # MuddyWater
    "G0074": "espionage",  # Transparent Tribe
@@ -8,12 +8,15 @@ line-length = 120
 # I     — isort (import ordering per PEP8 convention)
 # N     — pep8-naming (class/function/variable naming conventions)
 # ANN   — flake8-annotations (type hint enforcement)
-select = ["E", "W", "F", "I", "N", "ANN", "D"]
+select = ["E", "W", "F", "I", "N"]
 ignore = [
    # SQLAlchemy filter syntax requires `== True` / `== False` comparisons
    "E712",
-    # ANN101/ANN102 (self/cls type annotations) removed from ruff — not needed
+    # Comment-interleaved import style breaks isort block detection
    "I001",
    # SQLAlchemy FK/relationship definitions often exceed 120 chars
    "E501",
 ]
 [lint.pydocstyle]