Generate an auto-fix proposal on demand.

POST 
/v1/scans/:scan_id/findings/:finding_id/autofix-proposals

Runs the restricted agent (read-only tools, file deny-list, size cap) against the finding and stages a proposal. If an open proposal already exists for the same fingerprint+repo, that one is returned with 200 instead — idempotent on the dev-tool path, so a CI loop can safely retry. If the agent declined to produce a patch (forbidden file, model refusal, …), the response is still 201 with a failed-status proposal whose error carries the reason.

Request

Responses

200

Existing open proposal returned (idempotent).

201

Newly staged proposal (or a failed row if the agent declined).

400

Malformed request — missing or invalid fields.

403

Authenticated, but not allowed (tier / role / ownership).

404

Resource not found or not visible to the caller.