| name | dedup-rules |
| description | Rules for deduplicating code review findings across agents |
Deduplication Rules
Apply after collecting all findings from all agents.
1. Same File + Same Root Cause
"Command injection in review.sh" and "Unsanitized input in review.sh" are the SAME finding (both about input validation in the same file). Keep the more detailed one.
2. Same Problem Described Differently
"Token exposure in env" and "Secrets in environment variables" are the SAME. "No validation" and "Missing input sanitization" for the same function are the SAME. When agents use different terminology for the same issue, merge.
3. Cross-Agent Overlap
If code-reviewer and silent-failure-hunter both flag the same error handling issue, keep only one. Prefer the agent whose scope best matches the finding (error handling goes to silent-failure-hunter).
4. Parent-Child Findings
If one finding is a specific case of a broader finding (e.g., "missing null check at line 42" is a child of "function lacks input validation"), keep only the specific one.
5. Pattern-Based Grouping
Multiple instances of the same pattern across files (e.g., 5 functions all missing error handling) become one finding listing all instances.
The Test
"Would this require the same fix?" If YES, it's a duplicate. Keep the most detailed version.