Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.mindfort.ai/llms.txt

Use this file to discover all available pages before exploring further.

Use GET /v1/findings (API key) or the MCP list_findings tool (OAuth) to browse findings programmatically. Both surfaces use the same filters and return the same summary fields.

List findings

curl -G "https://api.mindfort.app/v1/findings" \
  -H "Authorization: Bearer ${MINDFORT_API_KEY}" \
  --data-urlencode "target_id=${MINDFORT_TARGET_ID}" \
  --data-urlencode "status=ACTIVE" \
  --data-urlencode "exclude_secured=true" \
  --data-urlencode "sort_by=severity" \
  --data-urlencode "limit=25"

Query parameters

ParameterDefaultDescription
target_idFilter to one target (UUID from Target Inventory)
assessment_idFilter to findings from one assessment run (UUID from Assessments)
statusACTIVELifecycle filter: ACTIVE, RESOLVED, or ARCHIVED
exclude_securedfalseWhen true, omit informational secured probes (severity=info)
severityFilter by severity: critical, high, medium, low, or info
sort_byseverityseverity (highest score first) or created_at
limit25Page size (max 100)
offset0Offset for pagination

Response

Each item in findings includes:
FieldDescription
idFinding UUID
titleFinding title
severitycritical, high, medium, low, or info
severity_scoreNumeric score (may be 0 for low-severity or informational items)
statusACTIVE, RESOLVED, or ARCHIVED
target_idTarget UUID
created_atISO 8601 timestamp
The response also includes total, limit, and offset for pagination. Paginate until offset + len(findings) >= total.

Match the dashboard

The MindFort UI uses tabs and filters that map to API parameters:
Dashboard viewAPI / MCP equivalent
Open (vulnerable only, default)status=ACTIVE and exclude_secured=true
Open (include secured probes)status=ACTIVE (omit exclude_secured or exclude_secured=false)
Resolvedstatus=RESOLVED
Archivedstatus=ARCHIVED
Findings from one assessmentassessment_id=<uuid>
Without exclude_secured=true, list results include informational secured probe findings (severity=info) that the dashboard hides on the default Open tab. This is the most common reason API or MCP counts look higher than the UI.

Examples

Vulnerabilities for a target (matches default Open tab): 
curl -G "https://api.mindfort.app/v1/findings" \
  -H "Authorization: Bearer ${MINDFORT_API_KEY}" \
  --data-urlencode "target_id=${MINDFORT_TARGET_ID}" \
  --data-urlencode "exclude_secured=true"
Findings from a specific assessment: 
curl -G "https://api.mindfort.app/v1/findings" \
  -H "Authorization: Bearer ${MINDFORT_API_KEY}" \
  --data-urlencode "assessment_id=${MINDFORT_ASSESSMENT_ID}" \
  --data-urlencode "exclude_secured=true"
Archived findings: 
curl -G "https://api.mindfort.app/v1/findings" \
  -H "Authorization: Bearer ${MINDFORT_API_KEY}" \
  --data-urlencode "target_id=${MINDFORT_TARGET_ID}" \
  --data-urlencode "status=ARCHIVED"

Get finding details

curl "https://api.mindfort.app/v1/findings/${MINDFORT_FINDING_ID}" \
  -H "Authorization: Bearer ${MINDFORT_API_KEY}"
Returns full fields including description, impact, evidence, approach, remediation_advice, and status.

Update status and comments

curl -X POST "https://api.mindfort.app/v1/findings/${MINDFORT_FINDING_ID}/status" \
  -H "Authorization: Bearer ${MINDFORT_API_KEY}" \
  -H "Content-Type: application/json" \
  -d '{"status":"RESOLVED"}'
Valid values: ACTIVE, RESOLVED, ARCHIVED. 
curl -X POST "https://api.mindfort.app/v1/findings/comments" \
  -H "Authorization: Bearer ${MINDFORT_API_KEY}" \
  -H "Content-Type: application/json" \
  -d '{
    "finding_id": "'${MINDFORT_FINDING_ID}'",
    "content": "Patched in the latest deployment."
  }'
See the OpenAPI reference for full request and response schemas.

MCP

The MCP guide exposes the same filters on the list_findings tool. Pass target_id, assessment_id, status, exclude_secured, severity, sort_by, limit, and offset as tool arguments. After a server update, you do not need to reinstall MCP — keep the same https://api.mindfort.app/mcp URL and restart your agent or start a new chat so it picks up the latest tool schema.