Module diff 

The diff command: compare two saved fleet reports (scan -f json) and show what appeared, what cleared, and which surviving advisories changed blast radius. A first-class take on the scan --baseline flag — that flag keeps only new findings from a live scan; diff is pure (no scanning, no DB, no network), works off two JSON files, and reports fixed + still-open too.

Exit code: 0 clean (no gating-new findings), 1 a new finding tripped the gate, 2 a file could not be read or parsed. --exit-zero forces 0 for a report-only run.

Structs

DiffArgs

Functions

run_diff

Run fleetreach diff, returning the process exit code.