Triage and resolve action items

Every action item created for your application lands in your queue to triage. You'll find them in two places in the dashboard: a summary widget on the application home page, and the full list under Manage > Action Items. From there you decide what to do with each one: resolve it, defer it, or reject it as not applicable.

Day to day, that means seeing what's assigned to you, triaging it, and resolving it, with or without help from AI suggestions.

When you open an application, the home page shows a summary widget with the action items assigned to it.

Action items widget on the application home page showing 8 open items broken down by priority: 3 critical, 2 high, 2 medium, 1 low

Use it as a quick pulse check. If any item is waiting on an admin decision, a pending approval notice appears alongside the counts. Click View all to open the full list.

The list view

Go to Manage > Action Items from the application sidebar to see every item assigned to your application.

Manage > Action Items list view showing columns for Title, Category, Priority, Status, Score, and Created

Click any title to open the detail view. Items are sorted by score by default, so the highest-value, highest-priority work surfaces first. Closed and rejected items are hidden unless you toggle Show closed & rejected. Use the filters above the table to narrow by category, priority, or status, or the search bar to match on item title.

Triaging an action item

Click any item to open its detail view. The page has four tabs: Details, AI Suggestions, Comments, and Activity.

From the top of the page you can Resolve, Defer, or Reject the item. Whether the action goes through immediately or needs admin approval depends on the governance rules configured for the item's category.

Resolve

Mark the item as fixed. If the category requires verification, the item moves to pending_verification and waits for an admin to confirm the resolution. Otherwise, it transitions straight to resolved.

When resolving, you can add a short resolution note and an optional evidence URL, for example a link to the pull request that fixed the issue. Send a POST request to /governance/action_item/{id}/resolve to do the same programmatically.

curl -L -X POST 'https://api.nullplatform.com/governance/action_item/xYz789AbCdEf/resolve' \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer <token>' \
-d '{
    "resolution": "Upgraded base image to node:20-alpine3.19",
    "evidence_url": "https://github.com/org/repo/pull/42"
}'

Defer

Postpone the item to a future date. You need to provide a reason (at least 10 characters) and a target date. If the category requires approval to defer, the item moves to pending_deferral until an admin approves or denies. Otherwise, it moves to deferred and automatically reopens when the target date passes.

Deferral limits

If the category defines max_deferral_count or max_deferral_days, those limits are enforced. An item that has already been deferred too many times, or for too long, is blocked from further deferrals.

The equivalent API call is a POST request to /governance/action_item/{id}/defer.

curl -L -X POST 'https://api.nullplatform.com/governance/action_item/xYz789AbCdEf/defer' \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer <token>' \
-d '{
    "deferred_until": "2026-06-01",
    "reason": "Waiting for the next maintenance window to apply this change safely."
}'

Reject

Mark the item as not applicable, for example a false positive or an issue that doesn't affect your usage. You need to provide a reason of at least 20 characters. If the category requires approval to reject, the item moves to pending_rejection until reviewed. Otherwise, it's rejected immediately.

The API equivalent is a POST request to /governance/action_item/{id}/reject.

curl -L -X POST 'https://api.nullplatform.com/governance/action_item/xYz789AbCdEf/reject' \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer <token>' \
-d '{
    "reason": "This CVE does not affect our usage of this library. The vulnerable function is never called."
}'

Status flow

The path an item takes depends on whether its category has approval gates enabled. When gates are on, your action moves the item through a pending_* state first:

When a category doesn't require approval for an action, the item skips the pending_* state and transitions directly to resolved, deferred, or rejected. While the item sits in a pending_* state, it waits for a Platform Settings admin to approve or deny. You can keep tabs on it from the list view or the Activity tab.

Reviewing AI suggestions

Some items come with one or more AI-generated fix proposals. Open the AI Suggestions tab to see them. The tab label shows the number of pending suggestions as a badge.

AI Suggestions tab showing an approved suggestion with confidence score

Some suggestions include editable execution parameters (for example, the target version of a dependency upgrade) that you can adjust before approving.

Approve or reject

Click Approve to authorize the fix. The owning agent picks it up and runs it. Click Reject to dismiss the suggestion.

After execution, the suggestion card shows whether the fix succeeded or failed. On success, you'll typically see a link to the resulting pull request or change. On failure, you can adjust the parameters and retry by approving the suggestion again.

Suggestions can have an expiration date. If you don't act on a pending or approved suggestion before that date, it expires and can no longer be applied.

The underlying endpoints are POST approve and POST reject on /governance/action_item/{actionItemId}/suggestions/{id}.

curl -L -X POST 'https://api.nullplatform.com/governance/action_item/xYz789AbCdEf/suggestions/sUg123AbCdEf/approve' \
-H 'Authorization: Bearer <token>'

Comments and activity

The Comments tab is where you discuss the item with teammates and agents. Agent comments are labeled with a BOT badge, similar to how Dependabot leaves notes on pull requests. Add a comment with a POST request to /governance/action_item/{id}/comments.

curl -L -X POST 'https://api.nullplatform.com/governance/action_item/xYz789AbCdEf/comments' \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer <token>' \
-d '{
    "content": "Reviewed the affected resources. This should be prioritized for the next sprint."
}'

The Activity tab is an audit log that records every status change, field update, and approval decision on the item, along with the actor and timestamp. Use it to understand why an item is in its current state and who did what.

Activity tab showing the audit log with status changes, comments, and updates

Next steps

Action items overview: see how the detect-triage-resolve cycle fits together
Configure and manage action items: learn what admins and ops engineers configure on the governance side
Manage with the np-governance agent plugin: script item transitions programmatically
Action items API reference: endpoints to work with items programmatically

The application dashboard widget​

The list view​

Triaging an action item​

Resolve​

Defer​

Reject​

Status flow​

Reviewing AI suggestions​

Approve or reject​

Comments and activity​

Next steps​

The application dashboard widget