feat(scans): add --status / --scan-type / --since / --until to scans list

[sachiniyer]

Summary

The scans list cards already render Status and Scan Type, but you couldn't filter on either. Triage prompts like "failed scans in the last 24h" had to fall through to grepping --format json.

Add four filter flags to scans list:

Flag	Type	Notes
--status	in-progress | complete | failed | dlq	WorkflowStatus
--scan-type	default | recent-changes	ScanType
--since	duration / ISO date / RFC3339	shares parse_time_spec with bugs list
--until	same as --since	resolves against the same now so windows read as one interval

WorkflowStatus and ScanType get clap::ValueEnum impls so they work as flag values.

Implementation

The scans API has no server-side filtering today (only repo_id/limit/offset), so any active filter forces an all-fetch path — same shape as the bugs --vulns / --introduced-by plumbing: paginate server-side to gather every scan, filter the combined set, then re-paginate client-side for output. Bare scans list (no filter) still hits the cheap single-page server fetch and is byte-equivalent to before.

Stacking

This PR is stacked on #275 (siyer/bugs-list-since-until) so it can reuse parse_time_spec. If #275 merges first, PR6 rebases cleanly; if PR6 lands first, the eventual merge conflict is just "both branches add the same util."

Testing

Automated, run locally and passing:

• cargo test — full suite green. 9 new tests in src/commands/scans.rs::tests:
  • filter_no_filters_returns_all
  • filter_by_status_failed, filter_by_status_complete
  • filter_by_scan_type_default, filter_by_scan_type_recent_changes
  • filter_combines_status_and_scan_type_as_and
  • filter_since_inclusive_lower_bound, filter_until_inclusive_upper_bound
  • filter_window_with_status (status + since combined)
• cargo clippy -- -D warnings — clean
• cargo fmt --check — clean
• cargo xtask check — clean (HELP.md regenerated for the new flags)

Manual end-to-end against live API (usedetail/detail):

• scans list … --status complete --limit 5 → total=124, every workflowStatus == "complete" ✅
• scans list … --status failed --limit 5 → total=13, first item workflowStatus == "failed" ✅
• scans list … --scan-type recent-changes --limit 5 → total=75, every scanType == "recentChanges" ✅
• scans list … --status complete --scan-type default --since 7d --limit 5 → total=1, both filters satisfied ✅
• scans list … --since garbage → Error: invalid --since value: could not parse 'garbage' as a duration (e.g. 1d, 24h), a date (YYYY-MM-DD), or an RFC3339 timestamp ✅
• Bare scans list usedetail/detail --format json --limit 3 (regression) → total=137, page=1 — single-page server fetch unchanged

🤖 Generated with Claude Code

[cubic-dev-ai]

No issues found across 3 files

[sachiniyer]

• feat(scans): add --status / --scan-type / --since / --until to scans list #282 👈 (View in Graphite)
• feat(bugs): let bugs list --status accept multiple values #276
• feat(bugs): add --since/--until time-window filters to bugs list #275
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.