diff --git a/userspace/engine/rule_loader.cpp b/userspace/engine/rule_loader.cpp
index d58708cd..d0b80048 100644
--- a/userspace/engine/rule_loader.cpp
+++ b/userspace/engine/rule_loader.cpp
@@ -532,8 +532,8 @@ rule_loader::rule_info::rule_info(context& ctx):
         visibility(0),
         unknown_source(false),
         priority(falco_common::PRIORITY_DEBUG),
-		capture(false),
-		capture_duration(0),
+        capture(false),
+        capture_duration(0),
         enabled(true),
         warn_evttypes(true),
         skip_if_unknown_filter(false) {}
diff --git a/userspace/engine/rule_loader.h b/userspace/engine/rule_loader.h
index a96d2905..6bbc284c 100644
--- a/userspace/engine/rule_loader.h
+++ b/userspace/engine/rule_loader.h
@@ -482,8 +482,8 @@ struct rule_update_info {
 	bool has_any_value() {
 		return cond.has_value() || output.has_value() || desc.has_value() || tags.has_value() ||
 		       exceptions.has_value() || priority.has_value() || enabled.has_value() ||
-			   capture.has_value() || capture_duration.has_value() ||
-		       warn_evttypes.has_value() || skip_if_unknown_filter.has_value();
+		       capture.has_value() || capture_duration.has_value() || warn_evttypes.has_value() ||
+		       skip_if_unknown_filter.has_value();
 	}
 
 	context ctx;
diff --git a/userspace/engine/rule_loader_reader.cpp b/userspace/engine/rule_loader_reader.cpp
index 01ce2d9f..82c00139 100644
--- a/userspace/engine/rule_loader_reader.cpp
+++ b/userspace/engine/rule_loader_reader.cpp
@@ -634,8 +634,8 @@ void rule_loader::reader::read_item(rule_loader::configuration& cfg,
 		                                          "output",
 		                                          "desc",
 		                                          "priority",
-												  "capture",
-												  "capture_duration",
+		                                          "capture",
+		                                          "capture_duration",
 		                                          "tags",
 		                                          "exceptions",
 		                                          "enabled",
diff --git a/userspace/falco/app/actions/helpers.h b/userspace/falco/app/actions/helpers.h
index 0a4f9494..d16bf7cc 100644
--- a/userspace/falco/app/actions/helpers.h
+++ b/userspace/falco/app/actions/helpers.h
@@ -36,8 +36,8 @@ void format_plugin_info(std::shared_ptr<sinsp_plugin> p, std::ostream& os);
 void format_described_rules_as_text(const nlohmann::json& v, std::ostream& os);
 
 inline std::string generate_scap_file_path(const std::string& prefix,
-										   uint64_t timestamp,
-										   uint64_t evt_num) {
+                                           uint64_t timestamp,
+                                           uint64_t evt_num) {
 	// File path in format: <prefix>_<timestamp>_<evt_num>.scap
 	// Example: "/tmp/falco_00000001234567890_00000000000000042.scap"
 
@@ -45,32 +45,32 @@ inline std::string generate_scap_file_path(const std::string& prefix,
 	std::string path = prefix + "_";
 
 	// Zero-pad timestamp to 20 digits for proper lexicographic sorting
-    // Build digits from right to left in a buffer, then append to path
-    char digits[21]; // 20 digits + null terminator
+	// Build digits from right to left in a buffer, then append to path
+	char digits[21];  // 20 digits + null terminator
 	digits[20] = '\0';
-    uint64_t t = timestamp;
-    for (int i = 19; i >= 0; --i) { 
-        digits[i] = '0' + (t % 10); 
-        t /= 10; 
-    }
-    path += digits;
-    
-    // Add underscore separator between timestamp and evt_num
-    path += "_";
-    
-    // Zero-pad evt_num to 20 digits for proper lexicographic sorting
-    // Build digits from right to left in a buffer, then append to path
-    t = evt_num;
-    for (int i = 19; i >= 0; --i) { 
-        digits[i] = '0' + (t % 10); 
-        t /= 10; 
-    }
-    path += digits;
-    
-    // Add file extension
-    path += ".scap";
-    
-    return path;
+	uint64_t t = timestamp;
+	for(int i = 19; i >= 0; --i) {
+		digits[i] = '0' + (t % 10);
+		t /= 10;
+	}
+	path += digits;
+
+	// Add underscore separator between timestamp and evt_num
+	path += "_";
+
+	// Zero-pad evt_num to 20 digits for proper lexicographic sorting
+	// Build digits from right to left in a buffer, then append to path
+	t = evt_num;
+	for(int i = 19; i >= 0; --i) {
+		digits[i] = '0' + (t % 10);
+		t /= 10;
+	}
+	path += digits;
+
+	// Add file extension
+	path += ".scap";
+
+	return path;
 }
 
 falco::app::run_result open_offline_inspector(falco::app::state& s);
diff --git a/userspace/falco/app/actions/process_events.cpp b/userspace/falco/app/actions/process_events.cpp
index c256f299..05385f5b 100644
--- a/userspace/falco/app/actions/process_events.cpp
+++ b/userspace/falco/app/actions/process_events.cpp
@@ -145,7 +145,7 @@ static falco::app::run_result do_inspect(
 	}
 
 	// init dumper for captures
-	sinsp_dumper *dumper = new sinsp_dumper();
+	sinsp_dumper* dumper = new sinsp_dumper();
 	uint64_t dump_started_ts = 0;
 	uint64_t dump_deadline_ts = 0;
 
@@ -174,7 +174,7 @@ static falco::app::run_result do_inspect(
 		if(falco::app::g_terminate_signal.triggered()) {
 			falco::app::g_terminate_signal.handle([&]() {
 				falco_logger::log(falco_logger::level::INFO, "SIGINT received, exiting...\n");
-				if (dump_started_ts != 0) {
+				if(dump_started_ts != 0) {
 					dump_started_ts = 0;
 					dump_deadline_ts = 0;
 					dumper->close();
@@ -184,7 +184,7 @@ static falco::app::run_result do_inspect(
 		} else if(falco::app::g_restart_signal.triggered()) {
 			falco::app::g_restart_signal.handle([&]() {
 				falco_logger::log(falco_logger::level::INFO, "SIGHUP received, restarting...\n");
-				if (dump_started_ts != 0) {
+				if(dump_started_ts != 0) {
 					dump_started_ts = 0;
 					dump_deadline_ts = 0;
 					dumper->close();
@@ -303,7 +303,8 @@ static falco::app::run_result do_inspect(
 		// the outputs.
 		auto res = s.engine->process_event(source_engine_idx, ev, s.config->m_rule_matching);
 		if(res != nullptr) {
-			auto capture = s.config->m_capture_enabled && capture_mode_t::ALL_RULES == s.config->m_capture_mode;
+			auto capture = s.config->m_capture_enabled &&
+			               capture_mode_t::ALL_RULES == s.config->m_capture_mode;
 			for(auto& rule_res : *res) {
 				// Process output
 				s.outputs->handle_event(rule_res.evt,
@@ -312,7 +313,7 @@ static falco::app::run_result do_inspect(
 				                        rule_res.priority_num,
 				                        rule_res.format,
 				                        rule_res.tags,
-										rule_res.extra_output_fields);
+				                        rule_res.extra_output_fields);
 				// Compute capture params, if enabled
 				if(s.config->m_capture_enabled) {
 					if(capture_mode_t::RULES == s.config->m_capture_mode && rule_res.capture) {
@@ -325,25 +326,27 @@ static falco::app::run_result do_inspect(
 				}
 			}
 
-			// When a rule matches or we are in all_rules mode, we start a dump (if not in progress yet)
+			// When a rule matches or we are in all_rules mode, we start a dump (if not in progress
+			// yet)
 			if(capture && dump_started_ts == 0) {
-				dumper->open(inspector.get(), 
-					generate_scap_file_path(s.config->m_capture_path_prefix, ev->get_ts(), ev->get_num()),
-					true); // Enable compression
+				dumper->open(inspector.get(),
+				             generate_scap_file_path(s.config->m_capture_path_prefix,
+				                                     ev->get_ts(),
+				                                     ev->get_num()),
+				             true);  // Enable compression
 				dump_started_ts = ev->get_ts();
 				// If no rule has set a deadline, use the default one
-				if (dump_deadline_ts == 0) {
+				if(dump_deadline_ts == 0) {
 					dump_deadline_ts = dump_started_ts + s.config->m_capture_default_duration_ns;
 				}
 			}
 		}
 
-
 		// Save events when a dump is in progress.
 		// If the deadline is reached, close the dump.
-		if (dump_started_ts != 0) {
+		if(dump_started_ts != 0) {
 			dumper->dump(ev);
-			if (ev->get_ts() > dump_deadline_ts) {
+			if(ev->get_ts() > dump_deadline_ts) {
 				dumper->flush();
 				dumper->close();
 				dump_started_ts = 0;
@@ -491,19 +494,18 @@ falco::app::run_result falco::app::actions::process_events(falco::app::state& s)
 	if(s.config->m_capture_enabled) {
 		std::string capture_mode;
 		switch(s.config->m_capture_mode) {
-			case capture_mode_t::RULES:
-				capture_mode = "'rules'";
-				break;
-			case capture_mode_t::ALL_RULES:
-				capture_mode = "'all_rules'";
-				break;
-			default:
-				ASSERT(false);
+		case capture_mode_t::RULES:
+			capture_mode = "'rules'";
+			break;
+		case capture_mode_t::ALL_RULES:
+			capture_mode = "'all_rules'";
+			break;
+		default:
+			ASSERT(false);
 		}
-		falco_logger::log(
-		        falco_logger::level::INFO,
-		        "Capture is enabled in mode " + capture_mode +
-		                ". Capturing events to " + s.config->m_capture_path_prefix + "\n");
+		falco_logger::log(falco_logger::level::INFO,
+		                  "Capture is enabled in mode " + capture_mode + ". Capturing events to " +
+		                          s.config->m_capture_path_prefix + "\n");
 	}
 
 	// Start processing events
diff --git a/userspace/falco/configuration.cpp b/userspace/falco/configuration.cpp
index 237f68b9..37dfe953 100644
--- a/userspace/falco/configuration.cpp
+++ b/userspace/falco/configuration.cpp
@@ -97,10 +97,10 @@ falco_configuration::falco_configuration():
         m_metrics_flags(0),
         m_metrics_convert_memory_to_mb(true),
         m_metrics_include_empty_values(false),
-		m_capture_enabled(false),
-		m_capture_path_prefix("/tmp/falco"),
-		m_capture_mode(capture_mode_t::RULES),
-		m_capture_default_duration_ns(5000 * 1000000LL),
+        m_capture_enabled(false),
+        m_capture_path_prefix("/tmp/falco"),
+        m_capture_mode(capture_mode_t::RULES),
+        m_capture_default_duration_ns(5000 * 1000000LL),
         m_plugins_hostinfo(true) {
 	m_config_schema = nlohmann::json::parse(config_schema_string);
 }
@@ -641,13 +641,12 @@ void falco_configuration::load_yaml(const std::string &config_name) {
 	m_metrics_include_empty_values =
 	        m_config.get_scalar<bool>("metrics.include_empty_values", false);
 
-
 	m_capture_enabled = m_config.get_scalar<bool>("capture.enabled", false);
 	m_capture_path_prefix = m_config.get_scalar<std::string>("capture.path_prefix", "/tmp/falco");
 	// Set capture mode if not already set.
 	const std::unordered_map<std::string, capture_mode_t> capture_mode_lut = {
 	        {"rules", capture_mode_t::RULES},
-			{"all_rules", capture_mode_t::ALL_RULES},
+	        {"all_rules", capture_mode_t::ALL_RULES},
 	};
 
 	auto capture_mode_str = m_config.get_scalar<std::string>("capture.mode", "rules");
@@ -659,7 +658,8 @@ void falco_configuration::load_yaml(const std::string &config_name) {
 	}
 
 	// Convert to nanoseconds
-	m_capture_default_duration_ns = m_config.get_scalar<uint32_t>("capture.default_duration", 5000) * 1000000LL;
+	m_capture_default_duration_ns =
+	        m_config.get_scalar<uint32_t>("capture.default_duration", 5000) * 1000000LL;
 
 	m_plugins_hostinfo = m_config.get_scalar<bool>("plugins_hostinfo", true);
 
diff --git a/userspace/falco/configuration.h b/userspace/falco/configuration.h
index ef9ac7a4..40a518e2 100644
--- a/userspace/falco/configuration.h
+++ b/userspace/falco/configuration.h
@@ -214,7 +214,6 @@ public:
 	std::string m_capture_path_prefix;
 	capture_mode_t m_capture_mode = capture_mode_t::RULES;
 	u_int64_t m_capture_default_duration_ns;
-	
 
 	// Falco engine
 	engine_kind_t m_engine_mode = engine_kind_t::KMOD;