- Added provider-specific kingfisher scan subcommands (for example kingfisher scan github …) that translate into the legacy flags under the hood. The new layout keeps backwards compatibility while removing the wall of provider options from kingfisher scan --help.

- Updated the README so every provider example (GitHub, GitLab, Bitbucket, Azure Repos, Gitea, Hugging Face, Slack, Jira, Confluence, S3, GCS, Docker) uses the new subcommand style.
- Restored the direct kingfisher scan /path/to/dir flow for local filesystem scans while adding a --list-only switch to each provider subcommand so repository enumeration no longer requires the standalone github repos, gitlab repos, etc. commands.
- Removed the legacy top-level provider commands (kingfisher github, kingfisher gitlab, kingfisher gitea, kingfisher bitbucket, kingfisher azure, kingfisher huggingface) now that enumeration lives under kingfisher scan <provider> --list-only.
- Fixed kingfisher scan github … (and other provider-specific subcommands) so they no longer demand placeholder path arguments before the CLI accepts the request.
- Removed the --bitbucket-username, --bitbucket-token, and --bitbucket-oauth-token flags in favour of KF_BITBUCKET_* environment variables when authenticating to Bitbucket.

README.md

@@ -421,6 +421,13 @@ kingfisher scan . \
 
 When the branch under test is already checked out, `--branch HEAD` or omitting `--branch` entirely is sufficient. Kingfisher exits with `200` when any findings are discovered and `205` when validated secrets are present, allowing CI jobs to fail automatically if new credentials slip in.
 
+> **Tip:** You can point Kingfisher at a local working tree and scan another branch or commit without changing checkouts. The CLI now resolves repositories from their worktree roots, so commands like the following work without needing to pass the `.git` directory explicitly:
+
+```bash
+kingfisher scan /path/to/local/repo --branch <ref>
+kingfisher scan C:\\src\\repo --branch <commit-hash>
+```
+
 The same diff-focused workflow works when cloning repositories on the fly with `--git-url`. Kingfisher automatically tries remote-tracking names like `origin/main` and `origin/feature-1`, so you can target the branches involved in a pull request without performing a local checkout first.
 
 ```bash
@@ -602,6 +609,17 @@ repository's issues (including pull requests), wiki, and any public gists owned
 the repository owner and scans them for secrets. Fetching these extras counts
 against API rate limits and private artifacts require a `KF_GITHUB_TOKEN`.
 
+> **Why does `--git-url` sometimes report fewer findings than scanning a local checkout?**. 
+> 
+> Remote clones created via `--git-url` default to `--mirror`/bare mode so Kingfisher only
+> reads the Git history. When you point Kingfisher at an existing working tree (for example
+> `kingfisher scan ./repo`), it enumerates both the filesystem contents *and* the Git
+> history. Any secrets that are present in the checked-out files therefore appear twice:
+> once from the working tree path and once from the commit where the secret entered the
+> history. To replicate the remote behavior locally, either scan a bare clone or disable
+> history scanning with `--git-history none` when targeting a working tree.
+
+
 ```bash
 # Scan the repository only
 kingfisher scan --git-url https://github.com/org/repo.git