Movi | Review-first file organization docs

Open Source Runbook

This runbook is canonical for public, release, and platform-boundary semantics. Repository docs are not a live platform dashboard. Product-positioning shorthand in public surfaces should stay: Movi as the brand, movi-organizer as the repo/CLI, a local-first review-first workbench rather than a hosted SaaS or autonomous organizer, and Movi MCP v1 as a repo-local stdio extension surface rather than a hosted agent platform.

The target public shape is:

In short: limited-maintenance open source + a GitHub source repo + GitHub Releases.

Platform Truth Surfaces (Dynamic Projection)

Do not freeze platform state inside a long-lived document. Platform state is like an airport departure board: check the live screen, not a copied note in a travel guide.

Auto-generated: public-surface and platform-state policy facts live in generated governance reference, and required checks matrix.

To inspect the live GitHub platform state directly, run:

gh repo view --json nameWithOwner,url,isPrivate,defaultBranchRef
gh api repos/<owner>/<repo>/private-vulnerability-reporting
gh api repos/<owner>/<repo>/branches/main/protection
gh release list --limit 5

What you actually need to verify:

Do not mistake a repo-mode pass for full platform closure. repo-side only proves that the repository-facing public surface is ready; it does not prove that GitHub has aligned required checks, PVR, or default-branch reality. If branch protection or required checks return 404/permission-limited responses in the current gh session, treat that as platform-side-query-blocked, not as a silent pass. Snapshot scope labels used here: repo-side-only and platform-side-not-fresh.

Minimum Pre-Release Checks

bash tooling/runtime/bootstrap_env.sh
bash tooling/gates/public_readiness_gate.sh repo
bash tooling/gates/public_readiness_gate.sh release
bash tooling/gates/platform_alignment_gate.sh
bash tooling/gates/sensitive_surface_gate.sh --mode all
bash tooling/gates/public_artifact_audit.sh
bash tooling/docs/check_docs_scope.sh
bash tooling/docs/docs_smoke.sh --install-smoke
bash tooling/gates/quality_gate.sh
bash tooling/gates/history_secret_scan.sh

Release Truth

Use these entrypoints for release-facing facts:

npm run release:draft
npm run release:evidence
npm run release:truth

Treat npm run release:truth as the operator-facing entrypoint for current-head release truth.

Only published_release_verified counts as a verified published closure.

Manual Platform Checklist

  1. Confirm the repository is public and the default branch is main
  2. Verify branch protection and required checks on GitHub
  3. Verify Private Vulnerability Reporting when the platform supports it
  4. Confirm CODEOWNERS, issue templates, SECURITY.md, and SUPPORT.md are live on the default branch
  5. Verify the release draft or published release against the current tag and assets

Public / release / platform readiness is not the same thing as product-value maturity.