apply_finding_remediation
Commit the remediation of a security finding after preview approval. Records operator justification in the audit trail and applies the changes.
Instructions
Apply the remediation for a finding. Mutates state.
Commits the changes preview_finding_remediation showed. The justification is recorded in the audit trail and shown in any future review of why this cleanup was run.
DO NOT call this without first calling preview_finding_remediation and showing the operator the diff. The agent's role is to surface what's about to happen and get explicit operator confirmation; the platform records who acted but doesn't enforce the preview-then-apply norm — the agent does.
Returns 404 if the finding doesn't exist; 409 if the finding is already remediated or dismissed; 400 if justification is empty; 422 if the finding's kind has no automatic remediation handler.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| finding_id | Yes | ID of the finding to remediate. | |
| justification | Yes | One-line operator rationale recorded on the audit trail. Must be non-empty. | |
| server_version | Yes |
Output Schema
| Name | Required | Description | Default |
|---|---|---|---|
No arguments | |||