V12 Docs
Organizations

Memory

How V12 learns from your team's review decisions.

V12 remembers your team's review decisions and applies them to future runs in the same workspace. Memory builds as you shape it: marking findings Valid, marking findings Invalid with a reason, or writing an analysis context.

Memory is per workspace. Personal decisions stay personal. In an organization, every member's decisions count, and every run uses them.

Mark findings as Valid

Marking a finding Valid confirms the pattern matters in your codebase. V12 will surface similar findings more eagerly in future runs.

If the finding has a verified fix attached, V12 also learns the kind of fix you're willing to accept.

Mark findings as Invalid, with a reason

Mark a finding Invalid and write a reason. V12 uses the reason to suppress similar findings in future runs.

Be specific:

  • ✅ "We permit reentrancy in FlashLoan.sol because the call is guarded by VaultGuard.mutex."
  • ✅ "The admin endpoint in internal-tools/ is intentionally unauthenticated. It's only reachable from the VPN."
  • ❌ "Not a bug."
  • ❌ "False positive."

Vague reasons still mark the finding invalid for your team but don't teach V12 anything. If you only do one thing on this list, write reasons on invalid findings.

Analysis context

A freeform paragraph V12 reads at the start of every run in the organization. Use it to describe what your team builds, which repos are sensitive, and what you treat as noise. Only owners can edit it. Find it under Settings → Organization → Analysis context.

A DeFi team:

We build a lending protocol on Ethereum. Contracts in core-vaults/ custody user funds and are highest priority. sdk/ is a TypeScript client library used by integrators; findings there are lower priority. We've accepted the reentrancy risk in FlashLoan.sol because it's mitigated by the mutex in VaultGuard. Focus on fund loss, access control, and oracle manipulation.

A backend team:

We run a multi-tenant Node.js API. packages/auth/ and packages/billing/ are most sensitive: anything involving session tokens, payment data, or tenant isolation is high priority. packages/admin-tools/ is internal only. We use Stripe and never handle raw card numbers.

Analysis context is available in organizations only. In personal workspaces, memory still grows from your valid/invalid decisions.

Settings → Organization showing the Analysis context textarea with prompts about what the team builds, which repos are production-critical, and security concerns unique to the organization.

Billing

Credit balance, buying, and transferring between workspaces.

Data privacy

Zero data retention and the models V12 is allowed to use.

On this page

Mark findings as ValidMark findings as Invalid, with a reasonAnalysis context