Permissions

For ScanU comments in pull requests, grant these job permissions:

• contents: read for checkout.
• pull-requests: write and issues: write so the action can create/update a PR comment.

Typical workflow behavior

• pull_request: create run, poll status, publish summary comment, fail job if diffs found and fail_on_diff=true.
• push to main: run in baseline-only mode when you intentionally want to refresh baselines.