๐Ÿ”ญ /ork:audit-full โ€” two tiers, one skill

audit-full's edge is whole-codebase cross-file reasoning in one 1M context. That breaks past ~125K LOC. Instead of punting to another skill, STEP 1's token estimate now routes to a map-reduce Workflow tier that keeps coverage. Drag the slider to see which tier fires.
repo size 60K LOC

โ‘  Single-context DEFAULT

load whole codebase โ†’ analyze (sec / arch / deps) โ†’ STEP 3.5 refute โ†’ report

Cheapest, loses zero boundaries โ€” the right call whenever the repo fits. Opus 4.8 ยท 1M context.

โ‘ก Map-reduce SCALE TIER (Workflow)

Each shard keeps cross-file reasoning within it; the synthesis pass recovers cross-shard edges (taint/auth/dep-direction spanning modules) โ€” sharding's blind spot, recovered on purpose. Then the same blind-refuter pass. Committed template: audit-full/workflows/audit-full-mapreduce.mjs.

The routing rule (STEP 1)



      

Why not just always fan out?

Single-contextMap-reduce
cross-file reasoningโœ… whole repo, one windowโš ๏ธ within shard; cross-shard recovered in synthesis
costโœ… one passโŒ N shard agents + refuters
ceiling~125K LOC (1M tokens)โœ… unbounded (shard count scales)
refutationSTEP 3.5 inlinesame engine, in the workflow's Refute phase

โ†’ single-context stays the default because fanning out trades away the cross-file edge. Map-reduce is the fallback for scale one context can't hold โ€” exactly what the Workflow tool is for.

Shared engine guarantees (both tiers)

blind refuters ยท citation-verify ยท quorum (xhigh) ยท deterministic CVE/build/test EXEMPT
cross-shard finding a refuter can't reproduce โ†’ UPHELD ยท no-auto-flip (refuted CRITICAL flagged, not dropped)
spawn ceiling 24 โ†’ overflow shipped "manual review required" (never silent truncation)