close_finding
Close a security finding with a reason to update its status. Accepts optional note for closure details.
Instructions
Close a finding with a reason. Requires write scope. Rate-limited. Args: finding_id (> 0), reason (mitigated/false_positive/out_of_scope/duplicate), note (optional closure note). Returns JSON with updated finding.
DOM-21 (Phase 14.2): when note is provided and the close succeeds but
the inner note-attach fails, the response includes a structured
_warning field of shape::
{"message": "<human-readable>", "note_attach_failed": true,
"finding_id": <int>}The note-attach failure is also emitted as a structured note_attach_failure
audit event for SIEM correlation. The close itself succeeded — only the
note attachment failed.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| note | No | ||
| reason | Yes | ||
| finding_id | Yes |
Output Schema
| Name | Required | Description | Default |
|---|---|---|---|
| result | Yes |