OptionalgovernanceOptionalexpiresOptionalnextOptionalfindingsOptionalpolicy_id?: stringID of the policy that triggered this finding. May reference a registry policy (with source: registry) or a bespoke inline policy (with source: inline). Bespoke policy_ids are unique within their authoring container; use source_plan_id when findings aggregate across multiple plans (e.g., portfolio evaluations).
Optionalsource_plan_id?: stringFor portfolio or aggregated evaluations where findings draw on bespoke policies from multiple member plans: identifies the plan whose policy triggered this finding. Omit when the finding's policy_id is unambiguous within the response context (e.g., single-plan check_governance).
Human-readable description of the issue.
Optionaldetails?: {}Structured details for programmatic consumption.
Optionalconfidence?: numberConfidence score (0-1) in this finding. Distinguishes 'this definitely violates the policy' (0.95) from 'this might violate depending on how audience segments resolve' (0.6). When absent, the finding is presented without a confidence qualifier.
Optionaluncertainty_reason?: stringExplanation of why confidence is below 1.0 (e.g., 'Targeting includes regions that partially overlap jurisdiction boundaries'). Present when confidence is below a governance-agent-defined threshold.
Validation category that flagged the issue (e.g., 'budget_compliance', 'regulatory_compliance', 'brand_safety').