graph TD
A["<workspace-root>/data/raw (input directory)"] --> B["Media scanner"]
B --> C["Analyze"]
C --> D["<workspace-root>/.movi/manifests/manifest.jsonl"]
D --> E["Apply (move / rename)"]
E --> F["<workspace-root>/data/organized/organized-images-* (output directory)"]
D --> G["Rollback"]
H["contracts/runtime/config.example.toml / --config"] --> C
H --> E
I["Logging (structured logs)"] --> C
I --> E
I --> G
J["ErrorCode"] --> C
J --> E
packages/infrastructure/media_scanner.py: file scanning and media-type detectionpackages/application/analyze_media.py: manifest generation, including concurrency and offline modepackages/application/apply_command.py: deterministic apply by manifest, with idempotent / recoverable behaviorpackages/infrastructure/manifest_store.py: manifest IO and schema validationpackages/observability/logging_utils.py: structured loggingpackages/infrastructure/config_loader.py: config loading| Layer | Directory | Responsibility | Key Files |
|---|---|---|---|
| CLI orchestration | apps/cli/ |
argument parsing, command routing, stage orchestration (analyze/apply/rollback/report) |
cli_app.py |
| Application core | packages/application/ |
media analysis, manifest generation, apply / rollback, error states | analyze_media.py, apply_command.py, reporting.py |
| Tooling distribution | tooling/gates/ + tooling/runtime/ + tooling/docs/ + tooling/cleanup/ + tooling/ci/ + tooling/upstreams/ |
public entrypoints for gates, runtime, docs, cleanup, CI support, and upstream governance | quality_gate.sh, pre_push_gate.sh, run_analyze.sh, docs_smoke.sh |
| Verification | tests/ |
unit / integration / E2E / live verification | tests/unit/, tests/integration/, tests/e2e/ |
| Documentation governance | docs/ |
architecture, operations, and render-only references | architecture.md, env_contract.md, reference/*.generated.md |
| Delivery automation | .github/workflows/ |
CI lanes, change detection, evidence upload | ci.yml, live-integration.yml |
graph LR
A["developer / terminal"] --> B["scripts/container_exec.sh"]
B --> C[docker-compose runtime]
C --> D[pipeline cli_app]
D --> E[<workspace-root>/data/raw -> <workspace-root>/.movi/manifests -> <workspace-root>/data/organized]
C --> F["tests + quality gates"]
F --> G[<workspace-root>/.movi/artifacts/evidence-bundle.json]
H[GitHub Actions] --> I[.github/workflows/ci.yml]
I --> C
I --> G
overlay -> resolved snapshot as the only legal path from human edits or rules to apply.apply or bypass preview.Movi Inbox stays intake-only, Strategy Packs stay template-only analyze defaults, Collection Intelligence v2 narrows review into batch slices, and Report routes people back into focused Review rather than creating a second decision surface.Movi MCP v1 is a stdio/local-first thin facade over the existing review-safe workflow, not a second execution engine or a bypass around apply.title / tags / notes for Chinese-only naming outputs so that illegal characters do not reach filesystem naming.strict_integrity=true, MOVI_ROLLBACK_HMAC_KEY is required; turning strict mode off is an explicit security downgrade.Auto-generated: current Web API facts come from
contracts/api/web_api.openapi.yaml; the full method/path list lives in generated reference.
/api/jobs, /api/jobs/history, /api/jobs/stream, /api/jobs/{job_id}, /api/jobs/{job_id}/review-queue, /api/jobs/{job_id}/review-queue/batch-triage, /api/jobs/{job_id}/review-rules/apply, /api/jobs/{job_id}/review-rules/from-examples, /api/jobs/{job_id}/review-rules/preview/api/jobs/{job_id}/events, /api/jobs/{job_id}/events/stream, /api/jobs/{job_id}/stream/api/jobs/{job_id}/manifest, /api/jobs/{job_id}/manifest/batch, /api/jobs/{job_id}/manifest/conflicts, /api/jobs/{job_id}/manifest/conflicts/resolve, /api/jobs/{job_id}/manifest/rows/{row_id}, /api/jobs/{job_id}/manifest/view, /api/jobs/{job_id}/manifest/{row_id}/preview/api/jobs/analyze, /api/jobs/apply, /api/jobs/rollback, /api/jobs/{job_id}/cancel, /api/jobs/{job_id}/retry/api/jobs/{job_id}/audit, /api/jobs/{job_id}/report/api/preferences/learned-rules, /api/preferences/naming-templates, /api/preferences/review-rules, /api/preferences/runtime, /api/preferences/runtime/validate, /api/preferences/strategy-packs, /api/preferences/views, /api/preferences/watch-sourcesoverlay / resolved snapshot are internal model and file-output concepts, not stable public HTTP routes.
analyze creates a manifest, while apply / rollback execute auditable local actions.dry-run, allowed-root, and manifest boundary validation reduce accidental blast radius.Movi now exposes four outward-facing surfaces, but they are still one system:
Think of it like one workshop with different doors for different visitors. The CLI is for operators, the WebUI is for humans, the Web API is for integration work, and Movi MCP is the guarded service window for agents. None of them gets to bypass manifest review.
This section documents where architecture truth converges. It is not meant to be a real-time CI weather report.
Auto-generated: delivery-complete truth, governance scorecard truth, hosted CI facts, and platform-alignment facts live in generated governance reference, required checks matrix, and runner contract.
bash tooling/gates/quality_gate.shbash tooling/gates/verify_repo_final.shbash tooling/gates/platform_alignment_gate.shgithub-hosted-onlyProtected sensitive environments: owner-approved-sensitive
quality_gate.sh is the final submission desk for delivery-complete truth; verify_repo_final.sh is the governance scorecard. Do not mix them.repo_root/
├─ apps/ # CLI / API / WebUI entry surfaces
├─ packages/ # core / observability
├─ contracts/ # machine truth sources
├─ tooling/ # governed tooling area; public entrypoints live under runtime|gates|docs|cleanup|ci|upstreams
├─ tests/ # unit / integration / e2e / live
├─ docs/ # repo-level documentation
├─ ops/ # compose / devcontainer / CI support
├─ <repo-runtime-cache>/ # the only legal repo-local temporary noise outlet
├─ sitecustomize.py # repo-level Python startup hygiene hook (machine-cache pycache)
└─ .env.example # runtime environment template
<workspace-root> as the placeholder for the user-chosen persistent workspace directory.<workspace-root>/data/raw.<workspace-root>/data/organized/organized-images-*.<workspace-root>/.movi/manifests/manifest.jsonl.Auto-generated: runtime services, default ports, runtime paths, and entrypoint facts live in generated runtime topology.
movi-ci, movi-web-api, movi-webuiloopback:18080loopback:5173<workspace-root>Repo-local cache docs alias: <repo-runtime-cache>
docs/env_contract.md, while the machine facts come from contracts/runtime/env_contract_registry.yaml and docs/reference/env_contract.generated.md.<workspace-root>/.movi/preferences/; review rules, saved views, naming templates, learned rules, and watch sources must not fall back to repo-root or repo-runtime-cache surfaces.env_contract.md; check_write_before_search.py keeps docs and implementation aligned.apply_command.py and analyze_media.py.Transition note: Generated blocks in this document remain the machine-truth overlays. Some lower-level localized terminology may still appear elsewhere in the repository during the transition, but this English architecture narrative is the canonical public explanation.