Issue Lifecycle

Understand how issues move from detection to resolution and verification in SyntaxValid.

## Issue Lifecycle

An issue in SyntaxValid follows a clear lifecycle from detection to verification.

This lifecycle ensures that risks are not only identified, but also resolved and confirmed.

---

## Lifecycle overview

Each issue moves through the following stages:

1. Detected

2. Reviewed

3. Fixed

4. Verified

5. Closed

The lifecycle is deterministic and tied to specific analysis runs.

---

## 1. Detected

An issue is detected during an analysis run.

At this stage:

- The issue is linked to a specific code snapshot

- Severity and blocking status are assigned

- An explanation and fix guidance are provided

Detected issues represent potential risk, not assumptions.

---

## 2. Reviewed

Developers review the issue to:

- Understand the root cause

- Assess real-world impact

- Decide whether immediate action is required

Blocking issues must move forward in the lifecycle.

Non-blocking issues can be scheduled.

---

## 3. Fixed

Issues can be fixed in two ways:

- Manually by the developer

- Using Fix with AI to generate a safe, reviewable patch

Fixes are applied in the codebase, not inside SyntaxValid.

---

## 4. Verified

After a fix:

1. The analysis is re-run

2. SyntaxValid evaluates the updated code snapshot

3. The issue is checked for resolution

Only re-analysis can verify a fix.

---

## 5. Closed

An issue is closed when:

- The related risk no longer exists

- The analysis confirms resolution

- The TrustScore reflects the improvement

Closed issues remain traceable for audit and review purposes.

---

## Blocking issues and lifecycle enforcement

Blocking issues enforce the lifecycle strictly.

Until they are fixed and verified:

- TrustScore remains reduced

- Merge readiness is not restored

- The issue remains active

This prevents silent risk acceptance.

---

## Lifecycle and TrustScore

TrustScore changes reflect lifecycle progress:

- Detection may reduce TrustScore

- Fixing alone does not restore it

- Verification through re-analysis confirms improvement

TrustScore always represents the current verified state.

---

## Why this lifecycle matters

Without a defined lifecycle:

- Issues get ignored

- Fixes remain unverified

- Risk accumulates silently

SyntaxValid’s lifecycle ensures accountability and clarity.

---

## Next steps

- Re-running analysis

- Policies and rules

- Integrating issue tracking into workflows