transilience report style

Skill

Threat Intelligence Report Design System — ReportLab-based PDF generation for A4 reports with Transilience branding, typography, and layout standards.

Files12
  • @skills/transilience-report-style/SKILL.md
  • @skills/transilience-report-style/compliance-report.md
  • @skills/transilience-report-style/fonts/Carlito-Bold.ttf
  • @skills/transilience-report-style/fonts/Carlito-BoldItalic.ttf
  • @skills/transilience-report-style/fonts/Carlito-Italic.ttf
  • @skills/transilience-report-style/fonts/Carlito-Regular.ttf
  • @skills/transilience-report-style/fonts/Poppins-Bold.ttf
  • @skills/transilience-report-style/fonts/Poppins-Italic.ttf
  • @skills/transilience-report-style/fonts/Poppins-Light.ttf
  • @skills/transilience-report-style/fonts/Poppins-Medium.ttf
  • @skills/transilience-report-style/fonts/Poppins-Regular.ttf
  • @skills/transilience-report-style/pentest-report.md

Transilience AI — Threat Intelligence Report Design System

Version: 4.0
Format: PDF (A4), ReportLab
Last Updated: February 24, 2026

1. Page & Document Configuration

PropertyValue
Page SizeA4 (595.28 × 841.89 pt)
Margins20mm all sides
Content Width (CW)555.28 pt (A4 width − 2 × 20mm)
Top Margin Offset+8 pt (28mm effective top)
Bottom Margin Offset+10 pt (30mm effective bottom)
Background Color#07040B (BG) — near-black with purple undertone
OutputEmbedded fonts, single PDF file

2. Typography

2.1 Font Stack

AliasFontWeightRole
FHPoppins-Bold700Headlines, metric values, section numbers, score values
FMPoppins-Medium500Subheads, section labels, card section headers, sidebar labels
FRPoppins (Regular)400Footer text, metadata labels, TOC sub-items
FLPoppins-Light300Reserved (registered, not actively used)
FIPoppins-Italic400iReserved (registered, not actively used)
FBCarlito (Regular)400Body text, card summaries, table cells, bullet content
FBBCarlito-Bold700Bold inline emphasis within body paragraphs
FBICarlito-Italic400iConfidentiality notices, closing statement
FBBICarlito-BoldItalic700iRegistered for <b><i> combinations within Carlito
FMONOCourierMITRE technique IDs, CVE identifiers, subdomain names
Family Registration: Carlito is registered as a full family (normal, bold, italic, boldItalic) enabling automatic style switching via ReportLab's <b> and <i> XML tags.

2.2 Type Scale

Style KeyFontSizeLeadingColorAlignmentUsage
ctPoppins-Bold36 pt44 pt#FFFFFFLeftCover title ("THREAT INTELLIGENCE", "REPORT")
ccPoppins-Medium18 pt24 pt#8B5CF6LeftCover client name
h1Poppins-Bold20 pt26 pt#FFFFFFLeftSection titles
h2Poppins-Medium16 pt21 pt#FFFFFFLeftSubsection titles
h3Poppins-Medium13 pt17 pt#8B5CF6LeftSub-headers within sections
ttPoppins-Medium13 pt18 pt#FFFFFFLeftCard titles, posture item titles
bodyCarlito12 pt17 pt#F0F2F5JustifyBody paragraphs
bsCarlito11 pt15 pt#F0F2F5LeftSmall body (table cells, metadata values)
tsCarlito11 pt16 pt#F0F2F5JustifyCard description text
labelPoppins10 pt13 pt#E0E3E8LeftCover metadata labels
slPoppins-Medium10 pt13 pt#8B5CF6LeftTable column headers
bulletCarlito12 pt17 pt#F0F2F5LeftBullet items (14pt leftIndent, 0 bulletIndent)
noticeCarlito-Italic10 pt14 pt#E0E3E8LeftConfidentiality footer

2.3 Advisory Card Typography

ElementFontSizeColorNotes
Serial + Severity TagPoppins-Bold14 ptSeverity colorFormat: #1 [CRITICAL]
Card TitlePoppins-Bold14 pt#FFFFFFSame line as serial, leading 20pt
Metadata RowCarlito10 pt#F0F2F5Labels in #8B5CF6, pipe-separated
Score LabelsPoppins-Medium10 pt#F0F2F5"SEVERITY", "RELEVANCE", "PRIORITY"
Score ValuesPoppins-Bold12 ptDynamic color0.85 format
Score Band LabelPoppins-Bold10 ptDynamic color"HIGH", "MEDIUM", "LOW" (priority row only)
Section HeadersPoppins-Medium10 pt#8B5CF6"TECHNICAL DETAILS", "IMPACT CONTEXT", etc.
Detection Evidence HeaderPoppins-Medium10 pt#10B981Green to distinguish from purple headers
Section BodyCarlito11 pt#F0F2F5leading 15pt
MITRE LabelCarlito11 pt#F59E0BAmber for "MITRE Tactics:", "Techniques:"
CVE LabelCarlito11 pt#3B82F6Blue for "CVEs:"
CVE/Technique ValuesCourier10–11 pt#F0F2F5Monospace for IDs
Relevance BulletsCarlito11 pt#F0F2F5• symbol, 16pt leftIndent, leading 16pt
Source LinkCarlito10 pt#3B82F6Underlined

3. Color Palette

3.1 Backgrounds

TokenHexRGBUsage
BG#07040B(7, 4, 11)Page background — deepest layer
BG2#0D0A14(13, 10, 20)Reserved secondary background
BGC#13101C(19, 16, 28)Card backgrounds, table header rows, metric boxes
BGCA#1A1625(26, 22, 37)Alternating table rows, progress bar track
BGEL#18181B(24, 24, 27)Reserved elevated surface
GL#1E1A2E(30, 26, 46)Table gridlines, footer bar background
BS#2A2535(42, 37, 53)Card/box border stroke (0.4pt width)

3.2 Brand Colors

TokenHexRGBUsage
BP#6941C6(105, 65, 198)Primary brand — TOC numbers, metric accents, section number ghost
BPL#8B5CF6(139, 92, 246)Primary light — h3 headers, card section headers, metadata labels, page numbers
BM#C9317C(201, 49, 124)Magenta accent — third-party tech stack category

3.3 Text Colors

TokenHexUsage
T1#FFFFFFBrightest — headlines, card titles, tech names in evidence
T2#F0F2F5Primary body — paragraphs, table cells, card content
T3#E0E3E8Muted — labels, impact context field names, no-match text
TM#CDD1D8Most muted — fallback severity color

3.4 Severity Colors

TokenHexSeverityUsage
SC#EF4444CriticalAccent bars, score coloring, badges, immediate recommendations
SH#FB923CHighAccent bars, score coloring, badges, short-term recommendations
SM#EAB308MediumAccent bars, score coloring, badges, medium-term recommendations
SL#22C55ELowAccent bars, score coloring, badges, security posture "STRONG"

3.5 Accent Colors

TokenHexUsage
AB#3B82F6Info blue — CVE labels, source links, "ASSETS" metric box
AE#10B981Emerald green — "Implemented" status, detection evidence header
AA#F59E0BAmber — MITRE labels, analytics tech category

3.6 Gradient Specification

The brand gradient is a linear interpolation between two endpoints used across multiple components:
PropertyStart (left)End (right)
Red0.412 (105/255)0.788 (201/255)
Green0.255 (65/255)0.192 (49/255)
Blue0.776 (198/255)0.486 (124/255)
Hex equivalent#6941C6 (BP)#C9317C (BM)
Rendered as: 80 discrete steps, left-to-right. Used in: page top rule (3.5pt), section dividers (2pt), cover separators (3pt), progress bars, card bottom dividers.

4. Component Library

4.1 GradientLine

A full-width or partial-width horizontal rule using the brand gradient.
PropertyValue
Default height2 pt
Steps80
Corner radiusNone (rectangular)
UsageSection dividers (full CW, 2pt), cover (full CW, 3pt), cover sub-separator (CW×0.35, 2pt), card bottom (CW×0.5, 1pt)

4.2 GradientBar

A proportional progress bar with gradient fill and rounded track.
PropertyValue
Track height12 pt
Track backgroundBGCA (#1A1625)
Track corner radius3 pt
FillBrand gradient, clipped to fraction width
Min fraction0.06 (floor)
Max width160 pt (default)

4.3 CardBox

A bordered container with optional accent sidebar. Used for posture items, recommendations, methodology phases.
PropertyValue
BackgroundBGC (#13101C)
Corner radius6 pt
BorderBS (#2A2535), 0.4 pt stroke
Accent bar4 pt wide, full height, left side, 2pt corner radius
Default padding11 pt
Content offsetpadding + 6pt (when accent present)

4.4 MetricBox

A compact KPI display used in the executive summary row.
PropertyValue
Height58 pt
Width(CW − 30) / 5 per box
BackgroundBGC (#13101C)
BorderBS 0.4pt stroke, 6pt corner radius
Top accent3pt colored bar across full width, 1pt corner radius
ValuePoppins-Bold 22pt, centered, severity-colored
LabelPoppins 9pt, centered, T2, 7pt from bottom

4.5 SeverityBadge

A colored pill showing severity level.
PropertyValue
Width60 pt
Height16 pt
Corner radius3 pt
BackgroundSeverity color fill
TextPoppins-Medium 9pt, centered
Text colorWhite (critical/high/low), Black (medium)

4.6 SectionNumber

A large decorative section number with ghost double-strike effect.
PropertyValue
WidthFull CW
Height38 pt
Front layerPoppins-Bold 42pt, rgba(105, 65, 198, 0.7) at (0, 0)
Ghost layerPoppins-Bold 42pt, rgba(140, 92, 230, 0.5) at (1, 1) — offset 1pt right and up

4.7 ScoreRow

Three horizontal inline score bars stacked vertically.
PropertyValue
Total height60 pt
Row height16 pt
Row padding4 pt
Bar max widthCW × 0.48
Bar height8 pt
Bar trackBGCA, 3pt radius
Bar fillSeverity color at 0.85 alpha, min 4pt width
Glow dotCircle at fill endpoint, severity color at 0.3 alpha, 5pt radius
Layout x-positionsLabel: 0, Value: CW×0.12 + 10, Bar: CW×0.22, Band: CW×0.72 + 10
Dynamic color rules:
Score TypeThresholds
Severity≥0.75 → SC (red), ≥0.5 → SH (orange), else → SM (yellow)
Relevance≥0.6 → AE (green), ≥0.3 → AA (amber), else → T3 (muted)
Priority≥0.7 → SC (red), ≥0.5 → SH (orange), ≥0.3 → SM (yellow), else → T3

4.8 AccentBar (Card Top)

A thin colored bar at the top of each advisory card.
PropertyValue
WidthFull CW
Height4 pt
Corner radius2 pt
ColorSeverity color of the advisory

4.9 TechStackBlock

A category block displaying technology items as a bulleted list.
PropertyValue
WidthCW × 0.48
BackgroundBGC, 5pt radius
BorderBS 0.3pt stroke
Header bar22pt height, category color fill, 5pt radius
Header textPoppins-Medium 10pt, white, 10pt left offset
Item bullet2pt radius circle, category color, at (14, y+3)
Item textCarlito 10pt, T2, at (22, y)
Item spacing16pt vertical

5. Page Template (dark_bg)

Applied to every page via onFirstPage and onLaterPages.

5.1 Background Fill

  • Full page BG (#07040B) rectangle

5.2 Top Gradient Rule

  • Brand gradient (80 steps, BP → BM), 3.5pt height, full page width, positioned at page top

5.3 Footer Bar

PropertyValue
Height26 pt
BackgroundGL (#1E1A2E)
Left textPoppins 7pt, T3: TRANSILIENCE AI · Threat Intelligence Report · CONFIDENTIAL
Left offset20mm margin
Page numberPoppins-Bold 9pt, BP — right-aligned
Page labelPoppins 8pt, T2: Page — immediately left of number

5.4 Left Accent Strip

  • 2.5pt wide vertical bar, full page height minus footer, rgba(105, 65, 198, 0.12), positioned at x=0

6. Radar Visualization

A custom Flowable rendering a polar threat radar.

6.1 Dimensions

PropertyValue
Canvas size300pt + 100pt width, 300pt + 60pt height
Center(200, 180)
Max radius300 × 0.38 = 114 pt

6.2 Background Glow

Concentric filled circles from max_r + 20 down to 0 (step −2), each with increasing alpha (0.03 → 0.05), color rgba(10, 5, 20, alpha).

6.3 Ring Grid

4 dashed concentric rings at 25%, 50%, 75%, 100% of max radius.
RingFractionLabelLabel Color
Inner0.25CRITICALSC (#EF4444)
Mid-inner0.50HIGHSH (#FB923C)
Mid-outer0.75MEDIUMSM (#EAB308)
Outer1.00LOWSL (#22C55E)
  • Ring stroke: rgba(105, 65, 198, 0.3), 0.5pt, dash pattern (3, 3)
  • Labels positioned along 15° angle from center at each ring's radius, Poppins-Medium 7pt

6.4 Sector Spokes

12 spokes at 30° intervals, representing attack surfaces:
Web Apps/API, Cloud/Infra, Network, Endpoints, Email, Mobile, IoT/OT, Data Storage, Identity, Third-Party, Physical, Social Eng.
  • Spoke stroke: rgba(105, 65, 198, 0.25), 0.3pt
  • Labels: Poppins-Medium 9pt, white, at max_r + 32 from center
  • Alignment: centered if near vertical, left-aligned if right half, right-aligned if left half

6.5 Center Crosshair

  • 16pt arms, color rgba(140, 92, 230, 0.4), 0.4pt
  • Center glow: 16 concentric circles, rgba(105, 65, 198, 0.04 × (16−r))

6.6 Threat Points

Each threat plotted using theta_deg and radius_norm from data.
SeverityRGBPoint radius
Critical(0.937, 0.267, 0.267)7 pt
High(0.984, 0.573, 0.235)5.5 pt
Medium(0.918, 0.702, 0.031)4.5 pt
Low(0.133, 0.773, 0.369)3.5 pt
Three-layer rendering per point:
  1. Outer glow: severity color at 0.12 alpha, radius + 7pt
  2. Mid glow: severity color at 0.25 alpha, radius + 3pt
  3. Core dot: severity color at 0.9 alpha, exact radius
  4. Specular highlight: white at 0.3 alpha, offset (−0.15r, +0.15r), radius 0.35r

7. Advisory Card Structure

Cards are returned as flat lists of Flowables (not wrapped in CardBox), enabling ReportLab page-split. Between cards: CondPageBreak(220) — only breaks if <220pt space remains.

7.1 Card Layout (top to bottom)

#SectionSpacing After
1AccentBar (4pt, severity color)8pt
2Title#{serial} [{SEVERITY}] {title}2pt (spaceAfter)
3Metadata Row — pipe-separated: Source │ Surface │ Status │ First Seen2pt + 10pt gap
4ScoreRow — 3 inline progress bars (60pt)12pt gap
5Summary — justified body text4pt + 6pt gap
6TECHNICAL DETAILS (conditional) — Tactics, Techniques, CVEs4pt per item + 6pt gap
7IMPACT CONTEXT (always shown) — Industries, Regions, Assets4pt per item + 6pt gap
7bDETECTION EVIDENCE (conditional) — Techstack fingerprint matches3pt per item + 6pt gap
8RELEVANCE ANALYSIS (conditional) — Bullet-point reasoning4pt per item + 4pt gap
9Source Link — blue underlined URL0pt
10Bottom Divider — GradientLine at CW×0.5, 1pt height8pt before

7.2 Metadata Row Format

Source: THREAT INTEL │ Surface: Endpoint / Email │ Status: NEW │ First Seen: 2026-02-24
Labels in BPL (#8B5CF6), values in T2, separator: unicode (U+2502) with 4-space padding.
Source label mapping: threatTHREAT INTEL, productPRODUCT VULN, breachBREACH INTEL.

7.3 Detection Evidence Format

• {TechName} — {evidence_string}
Tech name in T1 (white, bold), em-dash separator, evidence string in T2. Max 6 items per card.

7.4 Section Header Coloring

HeaderColor
TECHNICAL DETAILSBPL (#8B5CF6)
IMPACT CONTEXTBPL (#8B5CF6)
DETECTION EVIDENCEAE (#10B981) — green to visually distinguish
RELEVANCE ANALYSISBPL (#8B5CF6)

8. Cover Page Layout

8.1 Structure (top to bottom)

ElementConfiguration
Logo row3-column table: [Transilience logo (55×22mm), spacer, Client logo (38×27mm)], row height 28mm
Gap26mm
Gradient separatorFull CW, 3pt height
Gap12mm
Title line 1"THREAT INTELLIGENCE" — ct style (Poppins-Bold 36pt, white)
Title line 2"REPORT" — ct style
Gap6mm
Client namecc style (Poppins-Medium 18pt, BPL)
Gap4mm
Sub-separatorGradientLine CW×0.35, 2pt
Gap8mm
Metadata table6 rows, 2 columns (CW×0.3 label, CW×0.7 value)
Gap15mm
Confidentiality noticeCarlito-Italic 10pt, T3

8.2 Metadata Fields

LabelStyle
REPORT DATEPoppins 10pt T3 → value Carlito 11pt T2
CLASSIFICATIONSame
SECTORSame
REGIONSame
GENERATED BYSame
REPORT IDSame — format: TI-{CLIENT}-{YYYYMMDD}

9. Table of Contents Layout

ElementStyle
Title"TABLE OF CONTENTS" — h1 style
DividerGradientLine full CW, 2pt
Gap8mm
Main entry3-column table: section number (Poppins-Bold 13pt BP, 35pt col), title (Poppins-Medium 10.5pt T1), page (Poppins-Bold 11pt T1, right-aligned, 40pt col)
Entry separator0.3pt GL line below
Sub-entryIndented 15pt, Poppins 10pt, sub-number in T3, title in T2

10. Report Section Blueprint

10.1 Standard Section Header Pattern

Every numbered section follows this sequence:
  1. SectionNumber(num) — decorative ghost number (38pt height)
  2. Section title in h1 style (Poppins-Bold 20pt)
  3. GradientLine(CW, 2) — full-width separator
  4. Spacer(1, 4*mm) — breathing room

10.2 Section Inventory (12 sections)

#SectionContent Type
01Executive SummaryMetricBox row + narrative + bulleted key findings
02Threat Landscape OverviewSource distribution table + attack surface table
03Threat Radar VisualizationRadarVisualization flowable + legend
04Critical Severity AdvisoriesAdvisory cards (PageBreak before section)
05High Severity AdvisoriesAdvisory cards (PageBreak before section)
06Medium Severity AdvisoriesAdvisory cards (PageBreak before section)
07Attack Surface AnalysisDigital footprint table + subdomain inventory
08Asset Inventory & Crown JewelsCrown jewel CardBoxes + full inventory table
09Technology Stack IntelligenceTechStackBlocks + security headers table
10Security Posture AssessmentStatus CardBoxes (6 items)
11Strategic RecommendationsTiered CardBoxes (Immediate/Short/Medium-term)
12Methodology & Data SourcesPipeline CardBoxes + scoring methodology + evidence table

11. Spacing System

11.1 Vertical Rhythm

ContextSpacing
After section title8pt (h1 spaceAfter)
After gradient divider4mm (≈11.3pt)
Between card sections (within)4pt
Between card section groups6pt
After metadata row → scores10pt
After scores → summary12pt
After summary → tech details6pt
Between advisory cardsCondPageBreak(220)
Between severity sectionsPageBreak()
Before Evidence CollectionPageBreak()

11.2 Table Padding

PropertyValue
Top padding4–5 pt
Bottom padding4–5 pt
Left padding6–8 pt
Row separator0.5pt GL line

12. Data-Driven Components

12.1 Evidence Map Architecture

Technology evidence is extracted from techstack_report.json and indexed by keyword. The extraction traverses:
  • technologies.frontend[] — name, evidence[].finding, evidence[].details
  • technologies.backend[] — web servers, frameworks, CMS, languages
  • technologies.infrastructure[] — DNS, CDN providers
  • technologies.security[] — WAF, certificates, headers, email security
  • technologies.third_party[] — analytics, collaboration tools
Each evidence item is indexed under multiple keywords derived from the technology name fragments. Alias mappings expand coverage (e.g., emailproofpoint, microsoft, dmarc).

12.2 Threat-Evidence Matching

get_threat_evidence(threat) scans the threat's title, summary, and threat_name against the keyword index. Returns up to 6 (tech_name, evidence_string) tuples. Deduplication by {tech_name}:{evidence} key.

12.3 Severity Sorting

All threats sorted by: severity rank descending (critical=4, high=3, medium=2, low=1), then prioritization_score descending. Split into four lists for section rendering.

13. Unicode Characters

CharacterCodeUsage
U+2502Pipe separator in metadata rows
U+2022Bullet point in relevance analysis, detection evidence
U+2014Em-dash in section headers, posture items, evidence items
·U+00B7Middle dot in footer text
U+2714Reserved (previously used in evidence, now removed)
&bull;HTML entityBullet in executive summary key findings

14. Adaptive Behaviors

14.1 Page Break Strategy

TransitionMethod
Between advisories (same severity)CondPageBreak(220) — break only if <220pt remains
Between severity sectionsPageBreak() — always new page
Before Evidence CollectionPageBreak() — separate last page

14.2 Card Splittability

Advisory cards return flat list[Flowable] instead of monolithic CardBox. This allows ReportLab's frame to split cards across page boundaries at any Paragraph/Spacer seam, eliminating blank pages.

14.3 Client Adaptation

The design system is client-agnostic. Customized per client:
  • Cover: client logo, name, sector, region, report ID
  • Executive summary: narrative and key findings
  • Attack surface: domain/subdomain inventory
  • Evidence map: keyword aliases tuned to client's tech stack
  • Security posture: assessments specific to client's infrastructure
  • Recommendations: actionable items specific to client's vulnerabilities
All visual elements (colors, typography, spacing, components) remain identical across clients.
transilience-report-style — Kortix Marketplace | Kortix