Skip to content

feat: expose stable findingId and RemediationAgentQuickFix kind [IDE-2052]#1326

Draft
bastiandoetsch wants to merge 1 commit into
mainfrom
feat/IDE-2052-pr1
Draft

feat: expose stable findingId and RemediationAgentQuickFix kind [IDE-2052]#1326
bastiandoetsch wants to merge 1 commit into
mainfrom
feat/IDE-2052-pr1

Conversation

@bastiandoetsch

@bastiandoetsch bastiandoetsch commented Jun 8, 2026

Copy link
Copy Markdown
Contributor

User description

Summary

  • Add FindingId field to snyk.Issue and types.Issue with stable cross-scan identifier (Fingerprints.SnykAssetFindingV1)
  • Add RemediationAgentQuickFix LSP code action kind constant (quickfix.snyk.remediationAgent)
  • Wire FindingId through Code/OSS/Secrets/IaC converters
  • Add GetFindingId() accessor to issue interface

PR Stack — Merge Order

flowchart LR
    main(["main"])
    PR1["#? PR-1 ← YOU ARE HERE\nfindingId + kind"]
    PR2["#? PR-2\nCA provider"]
    PR3["#? PR-3\nremy initial"]
    PR4["#? PR-4\nworktree impl"]
    PR5["#? PR-5\nunit tests"]
    PR6["#? PR-6\ninteg+smoke tests"]
    main --> PR1 --> PR2 --> PR3 --> PR4 --> PR5 --> PR6
    style PR1 fill:#ffd700,color:#000
Loading

Deferred to later PRs

  • Remediation provider implementation (PR-3+)
  • Tests (PR-5, PR-6)

Test plan

  • make test passes
  • Converter tests verify FindingId population for all 4 products

PR Type

Enhancement, Tests


Description

  • Add stable FindingId to ScanIssue.

  • Introduce RemediationAgentQuickFix LSP kind.

  • Propagate FindingId through converters.

  • Add tests for new FindingId and CodeActionKind.


Diagram Walkthrough

flowchart LR
  A[Issue Interface] -- GetFindingId() --> B(ScanIssue);
  C[CodeAction Struct] -- GetKind() --> D(LSP CodeAction);
  B -- FindingId --> E(Client);
  D -- Kind --> F(Client);
  subgraph Domain/Types
    A
    C
  end
  subgraph Domain/Converter
    B
    D
  end
Loading

File Walkthrough

Relevant files
Enhancement
converter.go
Propagate FindingId and handle CodeAction Kind                     

domain/ide/converter/converter.go

  • Modified ToCodeAction to correctly use the action.GetKind() which can
    now be RemediationAgentQuickFix.
  • Fallback to types.QuickFix if action.GetKind() is types.Empty.
  • Added FindingId: issue.GetFindingId() to ScanIssue when converting
    issues for OSS, IaC, Code, and Secrets products.
+9/-1     
codeaction.go
Add Kind field to CodeAction struct                                           

domain/snyk/codeaction.go

  • Added a Kind field of type types.CodeActionKind to the CodeAction
    struct.
  • Introduced a GetKind() method to access the new Kind field.
+9/-0     
issues.go
Update CodeAction interface with GetKind                                 

internal/types/issues.go

  • Extended the CodeAction interface to include a GetKind() method,
    enabling access to the code action's kind.
+1/-0     
lsp.go
Define RemediationAgentQuickFix and document FindingId     

internal/types/lsp.go

  • Defined a new constant RemediationAgentQuickFix for the LSP
    CodeActionKind.
  • Added a detailed comment to ScanIssue.FindingId explaining its purpose
    as a stable, cross-scan identifier.
+9/-1     
Tests
converter_test.go
Test FindingId propagation and CodeAction Kind                     

domain/ide/converter/converter_test.go

  • Added multiple tests to verify ScanIssue.FindingId population for
    Code, OSS, Secrets, and IaC issues.
  • Included tests for deterministic conversion of FindingId.
  • Added tests to ensure CodeActionKind is correctly derived, including
    the new RemediationAgentQuickFix and fallback logic.
+172/-0 

@snyk-io

snyk-io Bot commented Jun 8, 2026

Copy link
Copy Markdown

Snyk checks have passed. No issues have been found so far.

Status Scan Engine Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues
Licenses 0 0 0 0 0 issues
Code Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@snyk-pr-review-bot

Copy link
Copy Markdown

PR Reviewer Guide 🔍

🧪 PR contains tests
🔒 No security concerns identified
⚡ No major issues detected
📚 Repository Context Analyzed

This review considered 16 relevant code sections from 11 files (average relevance: 0.87)

@bastiandoetsch

Copy link
Copy Markdown
Contributor Author

/describe

@snyk-pr-review-bot

Copy link
Copy Markdown

PR Description updated to latest commit (8a1072b)

@basti-snyk

Copy link
Copy Markdown
Contributor

/describe

@snyk-pr-review-bot

Copy link
Copy Markdown

PR Description updated to latest commit (c674073)

…052]

Add FindingId to ScanIssue (Diagnostic.data) sourced from issue.GetFindingId().
Unlike the existing Id field (per-result-set key), FindingId is stable across
separate scan invocations, enabling clients to correlate the same underlying
finding over time without relying on mutable string matching.

Add Kind (LSP CodeActionKind) to the CodeAction interface and domain struct.
The converter derives kind from action.GetKind(), falling back to QuickFix for
all existing actions (zero-value Kind field). Add RemediationAgentQuickFix
constant ("quickfix.snyk.remediationAgent") so clients can machine-match on
this kind rather than the localised action title.

IaC issues emit empty FindingId until the IaC scanner is updated to set it;
this gap is documented by a dedicated test.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants