Problem
The audit-pipeline sub-stage skills (adherence.md, mapping.md, scoping.md) use user-invocable: false in their YAML frontmatter to prevent direct invocation. This is a Claude Code-specific field — OpenCode, Gemini CLI, and other tools do not recognize it.
Without a tool-agnostic guard, an agent can auto-trigger a sub-stage directly, bypassing the pipeline router's prerequisite checks:
adherence requires delta-report.yaml (produced by mapping)
mapping requires scoping.yaml (produced by scoping)
Skipping prerequisites could produce invalid or incomplete compliance artifacts.
This gap becomes more relevant now that skills are distributed to consumer repos via lola (#119, #126), where the consuming tool may not be Claude Code.
Current state
| File |
Guard mechanism |
Honored by |
skills/audit-pipeline/adherence.md |
user-invocable: false |
Claude Code only |
skills/audit-pipeline/mapping.md |
user-invocable: false |
Claude Code only |
skills/audit-pipeline/scoping.md |
user-invocable: false |
Claude Code only |
Options to evaluate
-
Guard text in description — Prefix descriptions with NEVER AUTO-TRIGGER - or similar text that any LLM-based tool would interpret as a constraint. Simple but relies on the model respecting the instruction.
-
Move to agents/ — Restructure sub-stages as subagents (.opencode/agents/) instead of skills. OpenCode's agent system supports subagent delegation, which would give the pipeline router explicit control. Requires updating the dispatching logic in audit-pipeline/SKILL.md.
-
Convention-based approach — Define a frontmatter field or naming convention (e.g., _scoping.md prefix, or a dispatch-only: true field) that all tool integrations agree to honor. Requires cross-tool coordination.
Acceptance criteria
Context
Problem
The audit-pipeline sub-stage skills (
adherence.md,mapping.md,scoping.md) useuser-invocable: falsein their YAML frontmatter to prevent direct invocation. This is a Claude Code-specific field — OpenCode, Gemini CLI, and other tools do not recognize it.Without a tool-agnostic guard, an agent can auto-trigger a sub-stage directly, bypassing the pipeline router's prerequisite checks:
adherencerequiresdelta-report.yaml(produced bymapping)mappingrequiresscoping.yaml(produced byscoping)Skipping prerequisites could produce invalid or incomplete compliance artifacts.
This gap becomes more relevant now that skills are distributed to consumer repos via lola (#119, #126), where the consuming tool may not be Claude Code.
Current state
skills/audit-pipeline/adherence.mduser-invocable: falseskills/audit-pipeline/mapping.mduser-invocable: falseskills/audit-pipeline/scoping.mduser-invocable: falseOptions to evaluate
Guard text in description — Prefix descriptions with
NEVER AUTO-TRIGGER -or similar text that any LLM-based tool would interpret as a constraint. Simple but relies on the model respecting the instruction.Move to agents/ — Restructure sub-stages as subagents (
.opencode/agents/) instead of skills. OpenCode's agent system supports subagent delegation, which would give the pipeline router explicit control. Requires updating the dispatching logic inaudit-pipeline/SKILL.md.Convention-based approach — Define a frontmatter field or naming convention (e.g.,
_scoping.mdprefix, or adispatch-only: truefield) that all tool integrations agree to honor. Requires cross-tool coordination.Acceptance criteria
module/copies are updated to match canonical sourcesContext