scan-commit

Use Almanax to scan a commit diff and work from the resulting findings.

Workflow:

1. Determine repo_owner, repo_name, and commit_sha from the user request.
2. If the user asks to scan the current commit or a recent commit range like "last three commits", infer the current repository and HEAD commit from the local git checkout.
3. If the user provides or clearly implies a range, include base_sha. Treat requests like "last three commits" as one diff scan ending at HEAD, not three separate scans. Ask a follow-up only if the intended range is ambiguous.
4. If Almanax tools are unavailable or authentication appears broken, switch to onboarding and guide the user through /almanax-security:setup.
5. Call almanax_scan_commit.
6. If Almanax returns selection_required=true, prefer a shared organization project when the user asks for the shared org; otherwise ask the user which org or project to use.
7. Follow next_action exactly. If next_action=poll_status, wait the full recommended_poll_after_seconds before calling almanax_get_scan_status again, and do not busy-poll.
8. When findings are available, summarize them clearly by severity and affected area.
9. If the user wants help fixing issues, address the highest severity findings first.

Important:

• Never ask the user to paste or expose their API key.
• If the scan fails because the repository is unavailable in Almanax, explain that they may need to connect GitHub or link the repository in Almanax first.