/ EXPLAINS THE WHY
The reason a finding matters isn't a bonus.
It's the finding.
A bot pointing at a line saves nobody time. A reviewer still has to open the file, reconstruct the threat model, and decide whether the bot was right. Revund's schema requires the why field on every output — and the orchestrator drops findings that don't carry one.
vs
JWT secret falls back to a hardcoded string when REVUND_API_KEY is unset.
whyany deploy without the env var silently uses a predictable secret — tokens become forgeable.
/ ANATOMY OF A FINDING
Five fields, all required.
Every pass returns JSON that matches this schema. Missing fields don't reach the PR — the classifier drops them before the poster ever sees the row.
JWT secret falls back to a hardcoded string when REVUND_API_KEY is unset.
whyany deploy without the env var silently uses a predictable secret — tokens become forgeable.
- 1severity
blocker / warning / nitpick. Drives whether the PR check fails or warns.
- 2file + line
Where the issue lives. Used for inline comment placement.
- 3body
What is wrong, in 1-2 sentences. Specific, no hedging.
- 4why
Why it matters: the failure mode, who hits it, how. Required.
- 5confidence
0.0–1.0. Findings below 0.6 are silently dropped.
/ HOW THE WHY IS ENFORCED
Schema first. Prompt second.
01
The output schema requires it.
Pass prompts return structured JSON. The why field is non-nullable, length ≤240, and rejected if it's a paraphrase of the body. We don't hope the model writes it — the parser refuses input without it.
02
Prompts spell out the contract.
Each pass's system prompt defines the why precisely: the concrete failure mode, the affected user, the path that triggers it. One to two sentences, no hedging, no restatement of the body.
03
Bad why, no finding.
The classifier drops findings whose why is empty or identical-modulo-paraphrase to the body before merge. What you see on the PR is what survived two layers of contract.
Read the rationale, not just the warning.
Free 14-day trial on any paid plan.