> ## Documentation Index
> Fetch the complete documentation index at: https://docs.enokilabs.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Retrieve findings for a completed run

> Returns structured findings for a completed assessment run. Returns 409 while the run is still running — partial findings are not exposed.



## OpenAPI

````yaml https://api.enokilabs.ai/openapi.json get /api/v1/run/{run_id}/findings
openapi: 3.1.0
info:
  title: Enoki External API
  description: >-
    Programmatic API for CI/CD integration. Authenticate with `Authorization:
    Bearer egk_...`.
  version: 0.1.0
servers: []
security: []
paths:
  /api/v1/run/{run_id}/findings:
    get:
      tags:
        - findings
      summary: Retrieve findings for a completed run
      description: >-
        Returns structured findings for a completed assessment run. Returns 409
        while the run is still running — partial findings are not exposed.
      operationId: api_get_run_findings_api_v1_run__run_id__findings_get
      parameters:
        - name: run_id
          in: path
          required: true
          schema:
            type: string
            title: Run Id
        - name: min_severity
          in: query
          required: false
          schema:
            anyOf:
              - type: string
              - type: 'null'
            description: Filter to findings at or above this severity.
            title: Min Severity
          description: Filter to findings at or above this severity.
        - name: status
          in: query
          required: false
          schema:
            anyOf:
              - type: string
              - type: 'null'
            description: 'Filter by finding status: open, fixed, dismissed.'
            title: Status
          description: 'Filter by finding status: open, fixed, dismissed.'
        - name: Authorization
          in: header
          required: false
          schema:
            anyOf:
              - type: string
              - type: 'null'
            description: Bearer token with API key
            title: Authorization
          description: Bearer token with API key
      responses:
        '200':
          description: Successful Response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ApiRunFindingsResponse'
        '400':
          description: Invalid min_severity or status filter
        '404':
          description: Run not found
        '409':
          description: Run still in progress
        '422':
          description: Validation Error
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/HTTPValidationError'
components:
  schemas:
    ApiRunFindingsResponse:
      properties:
        findings:
          items:
            $ref: '#/components/schemas/ApiFindingItem'
          type: array
          title: Findings
        count:
          type: integer
          title: Count
          description: Number of findings returned
      type: object
      required:
        - findings
        - count
      title: ApiRunFindingsResponse
      description: Response for GET /api/v1/run/{run_id}/findings.
    HTTPValidationError:
      properties:
        detail:
          items:
            $ref: '#/components/schemas/ValidationError'
          type: array
          title: Detail
      type: object
      title: HTTPValidationError
    ApiFindingItem:
      properties:
        finding_id:
          type: string
          title: Finding Id
        lens:
          $ref: '#/components/schemas/Lens'
        category:
          type: string
          title: Category
        severity:
          $ref: '#/components/schemas/FindingSeverity'
        description:
          type: string
          title: Description
        expected_behavior:
          type: string
          title: Expected Behavior
        status:
          type: string
          title: Status
        created_at:
          type: string
          title: Created At
        attacks:
          items:
            $ref: '#/components/schemas/ApiAttackItem'
          type: array
          title: Attacks
      type: object
      required:
        - finding_id
        - lens
        - category
        - severity
        - description
        - expected_behavior
        - status
        - created_at
        - attacks
      title: ApiFindingItem
      description: |-
        One finding in the external API response.

        ``severity`` is typed as the canonical ``FindingSeverity`` enum so
        OpenAPI publishes the allowed values and JSON output is always
        lowercase. ``attacks`` carries the per-probe replay artefacts; the
        finding row carries only the technique-level narrative shared
        across every attack under it.
    ValidationError:
      properties:
        loc:
          items:
            anyOf:
              - type: string
              - type: integer
          type: array
          title: Location
        msg:
          type: string
          title: Message
        type:
          type: string
          title: Error Type
        input:
          title: Input
        ctx:
          type: object
          title: Context
      type: object
      required:
        - loc
        - msg
        - type
      title: ValidationError
    Lens:
      type: string
      enum:
        - security
        - safety
        - quality
        - policy
      title: Lens
      description: |-
        Taxonomy partition a Finding (or test suite) is scoped to.

        Each lens is a top-level taxonomy bucket prefix. ``security`` and
        ``safety`` are the v1 lenses; ``quality`` and ``policy`` are
        reserved for future expansion. The lens drives:

        * Discriminator on the persisted ``Finding`` (security vs safety
          subtypes).
        * Security-scope enforcement at ingest (security-lens runs may
          only emit ``security.*`` categories).
        * Per-lens system prompts at the generator and retest layers.
    FindingSeverity:
      type: string
      enum:
        - critical
        - high
        - medium
        - low
      title: FindingSeverity
      description: Business-impact severity levels, ordered from most to least severe.
    ApiAttackItem:
      properties:
        attack_id:
          type: string
          title: Attack Id
        score:
          type: integer
          title: Score
        source:
          $ref: '#/components/schemas/ApiAttackSource'
        replay_script:
          items:
            $ref: '#/components/schemas/ReplayStepResponse'
          type: array
          title: Replay Script
        last_replay_status:
          type: string
          enum:
            - pending
            - succeeded
            - failed
            - inconclusive
            - stale
          title: Last Replay Status
        last_replayed_at:
          anyOf:
            - type: string
            - type: 'null'
          title: Last Replayed At
        created_at:
          type: string
          title: Created At
      type: object
      required:
        - attack_id
        - score
        - source
        - replay_script
        - last_replay_status
        - created_at
      title: ApiAttackItem
      description: One attack inside a finding in the external API response.
    ApiAttackSource:
      properties:
        source_type:
          $ref: '#/components/schemas/FindingSourceType'
        assessment_id:
          type: string
          title: Assessment Id
        attack_index:
          type: integer
          title: Attack Index
        date:
          anyOf:
            - type: string
            - type: 'null'
          title: Date
      type: object
      required:
        - source_type
        - assessment_id
        - attack_index
        - date
      title: ApiAttackSource
      description: Provenance block of one attack in the external API response.
    ReplayStepResponse:
      properties:
        step:
          type: string
          enum:
            - chat
            - http
            - assert
          title: Step
        message:
          anyOf:
            - type: string
            - type: 'null'
          title: Message
        response:
          anyOf:
            - type: string
            - type: 'null'
          title: Response
        session_id:
          anyOf:
            - type: string
            - type: 'null'
          title: Session Id
        method:
          anyOf:
            - type: string
            - type: 'null'
          title: Method
        url:
          anyOf:
            - type: string
            - type: 'null'
          title: Url
        headers:
          anyOf:
            - additionalProperties:
                type: string
              type: object
            - type: 'null'
          title: Headers
        body:
          anyOf:
            - type: string
            - type: 'null'
          title: Body
        response_status:
          anyOf:
            - type: integer
            - type: 'null'
          title: Response Status
        response_body:
          anyOf:
            - type: string
            - type: 'null'
          title: Response Body
        target:
          anyOf:
            - type: string
            - type: 'null'
          title: Target
        assertion:
          anyOf:
            - type: string
            - type: 'null'
          title: Assertion
        expected_behavior:
          anyOf:
            - type: string
            - type: 'null'
          title: Expected Behavior
        capture_as:
          anyOf:
            - type: string
            - type: 'null'
          title: Capture As
      type: object
      required:
        - step
      title: ReplayStepResponse
      description: |-
        One replay-script step exposed via API.

        Uses a flat shape (rather than a discriminated union per type) to
        keep the wire representation simple -- the frontend reads ``step``
        to decide how to render each entry.
    FindingSourceType:
      type: string
      enum:
        - manual
        - adaptive_attacker
        - test_suite
        - drill_down
      title: FindingSourceType
      description: |-
        Pipeline that produced an ``Attack``.

        Drives source-conditional ingest behaviour: security-scope
        enforcement is gated on ``ADAPTIVE_ATTACKER`` because the SDK
        runner filters its agent prompt to ``security.*`` and the gate at
        ingest rejects out-of-scope categories. ``MANUAL`` and
        ``TEST_SUITE`` bypass that gate -- curated pentest yamls have
        already been triaged, and suite-runner findings are scoped by the
        suite's own category list. ``DRILL_DOWN`` is a synthetic
        ``assessment_id`` keyed by the drill-down run that produced the
        variant attack.

````