FinishKit logoFinishKit/Docs
Dashboard →
Fix & Ship·Beginner

How to Fix a Finding

The workflow for addressing a FinishKit finding and verifying the fix.

Each finding in your Finish Plan has a Suggested fix section. Here's how to use it.

Step 1: Read the finding carefully

Open the finding and read:

  • What the issue is: the explanation tells you why this is a problem
  • Where it is: the file and line reference takes you straight to the code
  • What to do: the suggested fix is a concrete action, not vague advice

Step 2: Open your editor

Go to the file referenced in the finding. If your editor has the FinishKit MCP server, use get_findings to pull findings directly into your workflow, or get_patches to get auto-generated fixes.

You can also paste the finding explanation into your AI assistant (Cursor, Windsurf, Claude Code, etc.) as context and ask it to fix the specific issue.

Step 3: Make the fix

Apply the suggested fix. For common issues:

Missing env var? Add it to your deployment platform (Vercel, Railway, etc.) and to your .env.example file.

Exposed secret? Remove it from the code, rotate the key, and add it as an environment variable instead.

Missing error handling? Wrap the relevant code in a try/catch and add a user-facing error message.

No auth on a route? Add your auth middleware to the route handler.

Step 4: Re-scan to verify

After fixing, run a new scan to confirm the finding is resolved.

You don't have to fix everything at once. Fix the blockers and critical findings first, ship, then work through the rest iteratively.