Auto-Fix Reconciliation

When you ship a fix, Vygl notices automatically: a previously-seen fingerprint that doesn’t reappear in a full scan of the default branch is marked auto_fixed. Triage state — including AI verdicts, comments, and history — is preserved on the historical record.

When auto-fix runs

Auto-fix reconciliation runs after a scan completes, but only when all three conditions are met:

1. full_scan=true — the scan covered the entire repository, not a PR diff or a partial run.
2. Branch is the project’s default branch (main, master, trunk, etc.).
3. The scan was successful — engine errors don’t trigger reconciliation.

When these line up, Vygl iterates the project’s open findings (statuses open, acknowledged, or fixed) and checks whether each fingerprint appeared in the new scan. Missing fingerprints are flipped to auto_fixed.

Why these conditions

Why full_scan only? Incremental scans (e.g. PR diffs) don’t cover the whole codebase. If a finding doesn’t appear in a diff scan, it’s probably because the scan didn’t look at it — not because it was fixed. Marking it auto-fixed in that case would be a false positive.

Why default branch only? A finding “disappearing” on a feature branch doesn’t mean it’s gone from main. Reconciling against feature branches would constantly flip findings between fixed and open as developers branch and merge.

What’s preserved

When a finding flips to auto_fixed:

• Its history stays — first-seen scan, last-seen scan, every prior status transition.
• Its comments stay.
• Its AI verdict stays (true positive / false positive / uncertain).
• Its fingerprint stays — if the same issue is reintroduced later, the existing finding is reopened rather than created anew.

Reopening an auto-fixed finding

If an auto_fixed finding’s fingerprint reappears in a future scan, the finding is automatically reopened (status returns to open). Old triage state is preserved in history. This handles the regression case cleanly — you’ll see “first detected 2026-03-15, last detected 2026-04-12, auto-fixed 2026-04-13, reopened 2026-05-01”.

Force a manual reset

If you’ve made structural changes that mean a previous finding is genuinely gone — and you’d rather mark it explicitly than wait for the next default-branch scan — manually flip the status to fixed from the finding detail page. The audit log records the manual action for future review.