sonar-duplication

SonarQube — Duplication

List files that contain duplicated code in a SonarQube project, then drill into duplication blocks for a specific file when needed.

Usage

sonar-duplication                              # all duplicated files in the current project (auto-paginated)
sonar-duplication my-project                   # duplicated files in a specific project
sonar-duplication my-project --pr 42           # same, on a pull request
sonar-duplication my-project --page-size 100 --page 2   # single page of results (manual pagination)
sonar-duplication my-project --file src/auth/login.py   # duplication detail for one file

Prerequisites

This skill requires the SonarQube MCP Server to be configured and the tools mcp__sonarqube__search_duplicated_files and mcp__sonarqube__get_duplications to be available in your session.

Before proceeding, verify the tools are accessible. If they are not, do not attempt to call any CLI commands or invent alternatives, and show the user:

Unable to reach the SonarQube MCP Server, or project key not found.

Possible causes:

• MCP server not registered — invoke the sonar-integrate skill to configure the SonarQube MCP Server, then restart the agent session
• Credentials not configured — invoke the sonar-integrate skill
• Project key is wrong or no default project in MCP config — pass an explicit key, or verify sonar-project.properties / re-run the sonar-integrate skill for this project

Then ask the user (yes/no) whether to run the sonar-integrate skill now. If they confirm, invoke the sonar-integrate skill yourself and follow it end-to-end in this session, then ask the user to restart the agent session so the new MCP tools become available; if they decline, stop.

Instructions

Step 1: Resolve the project key (only when needed)

MCP tools sometimes do not require projectKey after the sonar-integrate skill has stored the default project for this workspace. Resolve a key only when you must pass it (tool schema requires it, or the user targets another project):

• If the user provided a project key, use it.
• Otherwise look for sonar.projectKey in sonar-project.properties at the repo root.
• If still not found, omit projectKey in MCP calls and rely on the integration default.

Step 2: Parse optional flags from the user-provided arguments

Flag	Meaning
--pr <id>	Pull request context (maps to pullRequest)
--page-size <n>	Results per page for manual pagination only; integer 1–500 (maps to pageSize)
--page <n>	Page number for manual pagination; starts at 1 (maps to pageIndex)
--file <key>	Skip the duplicated-files list; fetch duplication blocks for this file (maps to key in get_duplications)

Pagination rule: By default, call search_duplicated_files without pageSize or pageIndex so the MCP server auto-fetches every page of duplicated files (up to 10,000 files). Use pageSize and pageIndex only when the user asks for a specific page or wants to limit page size. If the user supplies --page-size but not --page, use pageIndex 1.

Step 3: Run the appropriate flow

Flow A — Duplicated file list (default, no --file)

Call mcp__sonarqube__search_duplicated_files.

Default (auto-fetch all pages):

Include projectKey only if you resolved one in Step 1 and the tool requires it; otherwise omit it.

{
  "projectKey": "<only-if-required>",
  "pullRequest": "<id>"
}

Omit pullRequest when --pr was not given. Omit pageSize and pageIndex entirely so all duplicated files are retrieved automatically. Omit projectKey from the payload when the integration default applies.

Manual pagination (single page):

{
  "projectKey": "<only-if-required>",
  "pullRequest": "<id>",
  "pageSize": <n>,
  "pageIndex": <n>
}

The tool returns only files that have duplications. Present results in a table. Include columns the response provides (for example path, duplicated line counts, or density); sort by the strongest duplication signal if multiple metrics exist (for example highest duplicated-lines density or count first).

## Duplication — `my-project`

Files with duplications:

| File                 | Duplicated lines (example) |
| -------------------- | -------------------------- |
| src/auth/login.py    | 42                         |
| src/utils/helpers.py | 18                         |

If the list is empty: "No duplicated files were returned for this project/branch/PR."

Then offer to drill in:

"Ask me to open duplications for any file, or invoke the sonar-duplication skill with --file <file-key> (add a project key only if needed)."

Flow B — Duplication detail (--file <key> given, or user asks to inspect a file)

Call mcp__sonarqube__get_duplications:

{
  "key": "<file-key>",
  "pullRequest": "<id>"
}

The file key format is <projectKey>:<path>, e.g. my-project:src/auth/login.py. If the user provides just a path, prepend the resolved project key when you have one; otherwise follow the MCP tool schema for the default project. Omit pullRequest when --pr was not given.

Permission: This call requires Browse permission on the file’s project. If the tool returns a permission or authorization error, tell the user they need the Browse role on the project and that they may need a role with code-view access.

Present duplication blocks from the response: for each block, show ranges, sibling copies, or other fields returned by the API so the user can see where code is duplicated.

## Duplication detail — `src/auth/login.py`

### Block 1
- Lines 10–24 (example) duplicated in `src/other/helper.py` lines 30–44
...

If the file has no duplications in the response, say: "No duplications were reported for this file."

Step 4: Next steps

• To refactor: "Ask me to extract a shared helper or consolidate the duplicated regions."
• To scan the same file for issues: "Invoke the sonar-analyze skill with <file>."
• To check the quality gate (e.g. new_duplicated_lines_density): "Invoke the sonar-quality-gate skill (add a project key only if you are not using the integration default)."