Findings

Findings are issues discovered by agents during test runs, discoveries, and test plans. Each finding includes severity, evidence linking back to specific agent trace steps, and triage status.

GET /api/v1/findings

List findings

Parameters

Parameter	Type	In	Required	Description
`project_id`	uuid	query	No	Filter by project ID
`severity`	string	query	No	Filter by severity (critical, high, medium, low)
`status`	string	query	No	Filter by status (open, retest, false_positive, resolved). Default: open+retest
`source`	string	query	No	Filter by source (product, agent, prompt, etc.)
`limit`	integer	query	No	Number of results to return (max 100) (default: 20)

Status Codes

Code	Description
`200`	OK
`401`	Unauthorized

Response Body

{
  "findings": [{
  "finding": {
    "id": "019e5f8e-14d4-7654-b3cc-44cb8be3493b",
    "tenant_id": "550e8400-e29b-41d4-a716-446655440000",
    "project_id": "660e8400-e29b-41d4-a716-446655440000",
    "type": "functional",
    "severity": "high",
    "title": "Login form accepts empty password",
    "description": "The login form submits without validation when the password field is empty.",
    "url": "https://example.com/login",
    "status": "open",
    "first_seen_at": "2025-01-15T10:30:00Z",
    "last_seen_at": "2025-01-15T10:30:00Z"
  },
  "evidence": [
    {
      "agent_id": "880e8400-e29b-41d4-a716-446655440000",
      "agent_name": "Discovery: example.com",
      "trace_step_index": 5,
      "observed_at": "2025-01-15T10:30:00Z"
    }
  ]
}]
}

API Key

project_id

severity

status

source

limit

cURL

Response

GET /api/v1/findings/{id}

Get finding by ID

Returns a finding with its evidence chain (agent trace step links).