Findings
A finding is a specific, located observation from verification — a named file, a concrete issue, and a recommended action. Findings accumulate in the proof chain and are triaged by Learn between pipeline cycles.
Severity levels
| Severity | Meaning | Typical action |
|---|---|---|
| risk | Could hurt you. Security flaw, data loss, silent failure. | Fix before merging — usually scope. |
| debt | Making the codebase worse. Duplication, fragile patterns, missing tests. | scope for follow-up or promote to a skill rule. |
| obs | Worth knowing. Not wrong, but useful for the next engineer. | acknowledge or monitor. |
Suggested actions
Every finding carries a suggested_action — the classifier's recommendation for what to do. This is the second word in the terminal notation [debt · scope].
| Action | Meaning |
|---|---|
promote | Encode as a permanent rule in a skill file. The pattern should never recur. |
scope | Needs engineering work. Create a new pipeline scope to address it. |
monitor | Watch across future cycles. Not urgent, but track for recurrence. |
acknowledge | Acknowledged. Valid observation, no action needed. |
Categories
Each finding is categorized: code (implementation issue), test (test quality or coverage), or upstream (spec, scope, or tooling issue). The category tells you what kind of thing is wrong — severity tells you how much it matters.
Lifecycle
Every finding starts as active. From there, two terminal states:
- closed — resolved or acknowledged. The
closed_byfield records who:mechanical(the referenced file was removed),human(developer decision), oragent(Learn triage). - promoted — the finding describes a recurring pattern. It becomes a rule in a skill file via
ana proof promote. Thepromoted_tofield records which skill received the rule.
Between pipeline cycles, run ana run learn to triage active findings. Learn presents them by severity, recommends actions, and executes closes and promotions with your approval.
A finding without a follow-up is wasted. The lifecycle ensures every finding either informs the next cycle or is explicitly acknowledged.
A real finding
From the security-hardening proof:
Active. Categorized as a test gap. Severity: debt — the codebase is getting worse without these tests. Action: scope — needs engineering work as a follow-up. No single file to point at because it's a structural gap, not a line-level bug.
Build also produces build concerns — lighter-weight observations that enter the proof chain with severity and action but without lifecycle tracking. Findings are Verify's output; concerns are Build's honest admissions.