overthinkos/ov-full
ov-coder/skills/ov-full/SKILL.md
Full ov toolchain composition with CLI, virtualization, encrypted storage, and console access. Works identically on container/pod targets AND on host/local/bootc targets via the unified virtualization layer's mixed-`service:` schema. The previous ov-full-host sibling was deleted in the 2026-05 init-system-polymorphism cutover.
tools
Updated May 10, 2026
$ install --global
skillsauthnpx skillsauth add overthinkos/overthink-plugins ov-fullInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 10, 2026, 5:23 AM219.3s1 file scanned
SKILL.md
- name:
- ov-full
- description:
- |
- virtualization layer's mixed-`service:
- ` schema. The previous ov-full-host sibling was
ov-full -- Full ov toolchain (single layer for both pod and host targets)
Layer Properties
| Property | Value |
|----------|-------|
| Layers (composition) | ov, virtualization, gocryptfs, socat |
| Install files | none (pure composition) |
| Target context | works for kind: image (container/pod), kind: vm (bootc/cloud_image), AND kind: local (host install) — the underlying virtualization layer handles init-system polymorphism via the mixed-entry service: pattern |
What changed in the 2026-05 polymorphism cutover
Before: two sibling layers — ov-full (container/pod, used virtualization + gvisor-tap-vsock + podman-machine) and ov-full-host (host installs, used virtualization-host and dropped the container-only artifacts). They drifted because every change had to be applied twice.
After: ONE ov-full layer for both contexts. The container-only gvisor-tap-vsock + podman-machine packages were dropped entirely (legacy/unused per audit; nothing in the codebase invoked them). The unified virtualization layer carries BOTH a supervisord-rendered form (custom exec: for virtqemud/virtnetworkd) AND a systemd-rendered form (use_packaged: virtqemud.socket / virtnetworkd.socket) under the same name: — the init system at deploy time picks the matching form. See CLAUDE.md "Init-system polymorphism via mixed service: entries" for the rule and /ov-foundation:virtualization for the canonical worked example.
Usage
# overthink.yml
image:
my-vm-host:
layers:
- ov-full # works on pod images
local:
my-host-profile:
layers:
- ov-full # works on host installs (target: local)
The same layer reference works for both shapes; no -host variant is needed or available.
Related Layers
/ov-foundation:ov-- ov CLI binary (included)/ov-foundation:virtualization-- QEMU/KVM/libvirt stack with mixed-entryservice:for both supervisord and systemd (included; canonical worked example of the polymorphism pattern)/ov-foundation:gocryptfs-- encrypted filesystem forov configencrypted volumes (included)/ov-foundation:socat-- socket relay for console access and port_relay (included)/ov-foundation:bootc-base-- often paired for OS images
Used In Images
/ov-coder:arch-ov/ov-foundation:fedora-ov/ov-foundation:githubrunner/ov-foundation:aurora(disabled)- Operator host install via the
ov-cachyoskind:local template (post-2026-05)
When to Use This Skill
Use when the user asks about:
- Running ov inside containers, VMs, or directly on a host
- VM management toolchain composition
- Encrypted storage support
- The "I need ov tools available" composition
- Why the previous
ov-full-hostno longer exists
Related
/ov-build:layer— layer authoring; "Service Declaration" + "Anti-pattern:<name>-host/<name>-podsibling layers" subsections/ov-foundation:supervisord— init system documentation for container-side rendering/ov-build:eval— declarative testing (eval:block,ov eval image,ov eval live)- CLAUDE.md "Init-system polymorphism via mixed
service:entries" Key Rule
Related Skills
overthinkos/agents
development
VerifiedTrustedCommunity
Claude Code multi-agent support in Overthink — sub-agents, dynamic workflows, and agent teams, and how each drives the existing `ov eval` disposable beds to test and verify. MUST be invoked before authoring or invoking an ov sub-agent / dynamic workflow / agent team, wiring agent-lifecycle hooks, or asking "which primitive should drive the R10 beds?".
SKILL.mdUpdated May 31, 2026
overthinkos/workspace-mount
tools
VerifiedTrustedCommunity
Mounts a virtiofs share tagged `workspace` at /workspace inside a VM guest via a systemd .mount unit. Use when a kind:vm entity shares a host directory into the guest and you need it auto-mounted (and re-mounted at every boot).
SKILL.mdUpdated May 30, 2026
overthinkos/android
development
VerifiedTrustedCommunity
MUST be invoked before any work involving: the `kind: android` schema kind, a `target: android` deploy, the `apk:` layer package format (installing Android apps declaratively), AndroidDeployTarget, an in-pod emulator OR a remote/physical adb-endpoint device, or nested `pod → android` deployment. The first-class Android device + app surface that sits above `ov eval adb`/`appium`.
SKILL.mdUpdated May 26, 2026
overthinkos/git-workflow
tools
VerifiedTrustedCommunity
Use when committing, branching, pushing, merging, tagging, creating PRs, or approving/merging PRs with gh — the feat/-branch, R10-gated, never-force-push landing workflow across the main repo + the plugins submodule + image/<distro> submodules. Covers sync-to-upstream, branch/worktree pruning, the fork+PR path for contributors without write access, and cross-repo @github landing order.
SKILL.mdUpdated May 25, 2026