FinishKit logoFinishKit/Docs
Dashboard →
Fix & Ship·Beginner

How to Fix a Finding

The workflow for addressing a FinishKit finding and verifying the fix.

Each finding in your Finish Plan has a Suggested fix section. Here's how to use it.

Step 1: Read the finding carefully

Open the finding and read:

  • What the issue is: the explanation tells you why this is a problem
  • Where it is: the file and line reference takes you straight to the code
  • What to do: the suggested fix is a concrete action, not vague advice

Step 2: Open your editor

Go to the file referenced in the finding. If you're using Cursor or Windsurf, open the file and ask your AI assistant to fix the specific issue. Paste the explanation from FinishKit as context.

Step 3: Make the fix

Apply the suggested fix. For common issues:

Missing env var? Add it to your deployment platform (Vercel, Railway, etc.) and to your .env.example file.

Exposed secret? Remove it from the code, rotate the key, and add it as an environment variable instead.

Missing error handling? Wrap the relevant code in a try/catch and add a user-facing error message.

No auth on a route? Add your auth middleware to the route handler.

Step 4: Re-scan to verify

After fixing, run a new scan to confirm the finding is resolved.

You don't have to fix everything at once. Fix the blockers and critical findings first, ship, then work through the rest iteratively.