# Triggering Generate fix **Generate fix** is the action that asks Seal to build a sealed version of a specific package and version on demand. It is the path out of the [Generate available](/new-documentation/new-docs/package-states.md#generate-available) state: until you trigger it, the row sits there waiting. ## Before you start * You have the **Admin**, **Sealer**, or **Collaborator** [role](/new-documentation/new-docs/users-and-sso/user-roles.md). Watchers cannot trigger Generate fix. * The package is in the **Generate available** state on the [Vulnerable packages tab](/new-documentation/new-docs/protection-page/vulnerable-packages-tab.md). If the row is **Unfixable** instead, Generate fix has already been determined to not apply (see the [Unfixable section](/new-documentation/new-docs/package-states.md#unfixable) for why). {% hint style="info" %} **Generate fix counts against your package quota.** Each Generate fix request commits Seal to backporting, building, and testing a sealed version, and the resulting package is recorded against your tenant's package usage on the [Usage page](https://github.com/seal-community/gitbook/blob/main/new-docs/using-the-platform/usage-page/README.md), regardless of whether you go on to deploy it. {% endhint %} ## Steps 1. Open the **Protection** page and the **Vulnerable packages** tab. 2. Find the package you want a sealed version for. Filter by **Availability > Generate fix** to narrow to just the candidates. 3. Click **Generate fix** in the row's action column. 4. Confirm the dialog: **"Are you sure you want to request a sealed version for `` version ``?"** The package's state changes to **Version in progress** immediately. A toast confirms the build was queued. ## What happens next A typical Generate fix build takes **24-72 hours**. While it runs, the row shows a progress indicator instead of the action button. When the build finishes, the state changes to: * **Ready to seal** if the build succeeded. The sealed version is now in Seal's catalog. * **Pending deploy** if the build succeeded **and** a matching Sealing Rule already exists, or **and** the Seal Project uses the Automatic Remediation deployment method. The next CLI run will apply the fix. * **Unfixable** if the build failed. This is rare. See [Unfixable](/new-documentation/new-docs/package-states.md#unfixable) for the reasons. Once a sealed version is in the catalog, it is available across your tenant. Other Seal Projects that contain the same vulnerable package and version will surface it: their rows move from Generate available to Ready to seal as Seal next reconciles the discovery signal. ## Troubleshooting **The Generate fix button is disabled.** Either the package is already in the **Unfixable** state (the tooltip on the disabled button says *"There is no feasible fix at the moment"*), or your role does not include the GENERATE\_FIX permission. **The Generate fix button is missing entirely.** The package has been flagged as malicious. The action column shows a red **Malicious** badge instead. Malicious packages have no sealed counterpart; remove the package from your dependencies. **The build has been running for more than 72 hours.** Contact your Seal account team. They can check the build's progress and either explain the delay or escalate. **The state moved to Unfixable.** A Generate fix build failure is rare. See [Unfixable](/new-documentation/new-docs/package-states.md#unfixable) for the three reasons a row can land there and what to do for each. ## Related * [Package states](/new-documentation/new-docs/package-states.md): the canonical reference for the six states, including the transitions Generate fix drives. * [The Vulnerable packages tab](/new-documentation/new-docs/protection-page/vulnerable-packages-tab.md): where Generate fix is triggered. * [Sealing Rules](https://github.com/seal-community/gitbook/blob/main/new-docs/using-the-platform/sealing-rules/README.md): the next step after a successful Generate fix in the Remote and Local deployment methods. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.sealsecurity.io/new-documentation/new-docs/generate-fix.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.