> ## Documentation Index
> Fetch the complete documentation index at: https://docs.mindfort.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Findings

> Learn how to list, filter, and triage MindFort findings with the REST API and MCP, and match dashboard tabs using status and exclude_secured filters.

Use `GET /v1/findings` (API key) or the MCP `list_findings` tool (OAuth) to browse findings programmatically. Both surfaces use the same filters and return the same summary fields.

## List findings

```bash theme={null}
curl -G "https://api.mindfort.app/v1/findings" \
  -H "Authorization: Bearer ${MINDFORT_API_KEY}" \
  --data-urlencode "target_id=${MINDFORT_TARGET_ID}" \
  --data-urlencode "status=ACTIVE" \
  --data-urlencode "exclude_secured=true" \
  --data-urlencode "sort_by=severity" \
  --data-urlencode "limit=25"
```

### Query parameters

| Parameter         | Default    | Description                                                            |
| ----------------- | ---------- | ---------------------------------------------------------------------- |
| `target_id`       | —          | Filter to one target (UUID from **Target Inventory**)                  |
| `assessment_id`   | —          | Filter to findings from one assessment run (UUID from **Assessments**) |
| `status`          | `ACTIVE`   | Lifecycle filter: `ACTIVE`, `RESOLVED`, or `ARCHIVED`                  |
| `exclude_secured` | `false`    | When `true`, omit informational secured probes (`severity=info`)       |
| `severity`        | —          | Filter by severity: `critical`, `high`, `medium`, `low`, or `info`     |
| `sort_by`         | `severity` | `severity` (highest score first) or `created_at`                       |
| `limit`           | `25`       | Page size (max `100`)                                                  |
| `offset`          | `0`        | Offset for pagination                                                  |

### Response

Each item in `findings` includes:

| Field            | Description                                                        |
| ---------------- | ------------------------------------------------------------------ |
| `id`             | Finding UUID                                                       |
| `title`          | Finding title                                                      |
| `severity`       | `critical`, `high`, `medium`, `low`, or `info`                     |
| `severity_score` | Numeric score (may be `0` for low-severity or informational items) |
| `status`         | `ACTIVE`, `RESOLVED`, or `ARCHIVED`                                |
| `target_id`      | Target UUID                                                        |
| `created_at`     | ISO 8601 timestamp                                                 |

The response also includes `total`, `limit`, and `offset` for pagination. Paginate until `offset + len(findings) >= total`.

### Match the dashboard

The MindFort UI uses tabs and filters that map to API parameters:

| Dashboard view                      | API / MCP equivalent                                                |
| ----------------------------------- | ------------------------------------------------------------------- |
| **Open** (vulnerable only, default) | `status=ACTIVE` and `exclude_secured=true`                          |
| **Open** (include secured probes)   | `status=ACTIVE` (omit `exclude_secured` or `exclude_secured=false`) |
| **Resolved**                        | `status=RESOLVED`                                                   |
| **Archived**                        | `status=ARCHIVED`                                                   |
| Findings from one assessment        | `assessment_id=<uuid>`                                              |

<Note>
  Without `exclude_secured=true`, list results include informational **secured** probe findings (`severity=info`) that the dashboard hides on the default Open tab. This is the most common reason API or MCP counts look higher than the UI.
</Note>

### Examples

**Vulnerabilities for a target (matches default Open tab):**

```bash theme={null}
curl -G "https://api.mindfort.app/v1/findings" \
  -H "Authorization: Bearer ${MINDFORT_API_KEY}" \
  --data-urlencode "target_id=${MINDFORT_TARGET_ID}" \
  --data-urlencode "exclude_secured=true"
```

**Findings from a specific assessment:**

```bash theme={null}
curl -G "https://api.mindfort.app/v1/findings" \
  -H "Authorization: Bearer ${MINDFORT_API_KEY}" \
  --data-urlencode "assessment_id=${MINDFORT_ASSESSMENT_ID}" \
  --data-urlencode "exclude_secured=true"
```

**Archived findings:**

```bash theme={null}
curl -G "https://api.mindfort.app/v1/findings" \
  -H "Authorization: Bearer ${MINDFORT_API_KEY}" \
  --data-urlencode "target_id=${MINDFORT_TARGET_ID}" \
  --data-urlencode "status=ARCHIVED"
```

## Get finding details

```bash theme={null}
curl "https://api.mindfort.app/v1/findings/${MINDFORT_FINDING_ID}" \
  -H "Authorization: Bearer ${MINDFORT_API_KEY}"
```

Returns full fields including `description`, `impact`, `evidence`, `approach`, `remediation_advice`, and `status`.

## Update status

```bash theme={null}
curl -X POST "https://api.mindfort.app/v1/findings/${MINDFORT_FINDING_ID}/status" \
  -H "Authorization: Bearer ${MINDFORT_API_KEY}" \
  -H "Content-Type: application/json" \
  -d '{"status":"RESOLVED"}'
```

Valid values: `ACTIVE`, `RESOLVED`, `ARCHIVED`.

## MCP

The [MCP guide](/guides/mcp) exposes the same filters on the `list_findings` tool. Pass `target_id`, `assessment_id`, `status`, `exclude_secured`, `severity`, `sort_by`, `limit`, and `offset` as tool arguments.

After a server update, you do **not** need to reinstall MCP — keep the same `https://api.mindfort.app/mcp` URL and restart your agent or start a new chat so it picks up the latest tool schema.
