Conventional SARIF key consumed by GitHub Code Scanning’s alert-correlation
engine. Emitted in addition to FINGERPRINT_KEY so GHAS deduplicates fallow
alerts across pushes.
Composite fingerprint for v2 same-line merged comments (issue #528).
Hashes the sorted list of constituent per-finding fingerprints (joined
by :) and prefixes the resulting 16-char FNV-1a hash with merged:
so consumers can discriminate the merged shape from a single-finding
fingerprint by string inspection. The hash changes when constituent
findings change membership across runs; the bundled wrappers
(action/scripts/review.sh, ci/scripts/review.sh) and
fallow ci reconcile-review consume only the primary fingerprint, so
content-change yielding a new fingerprint cleanly re-posts on the next
run rather than silently keeping a stale body. External consumers that
want update-in-place reconciliation implement their own identity
tracking via marker_regex.
Stable fingerprint for the review envelope’s top-level summary block
(issue #528 / v2). Hashes the rendered summary body so consumers can
reconcile a single sticky PR/MR summary comment by fingerprint match
without invoking fallow twice. Stable across runs that produce the same
summary content; the hash shifts when finding counts or section headers
change, so consumers detect content change cheaply.