Movi | Review-first file organization docs

Golden Runner / Capability Contract

This document explains the current CI execution contract for the public repository. Do not treat this page as a live branch-protection dashboard. This document explains why the runner contract exists.

This repository is now Hosted-First:

1. Scope

2. Public Collaboration Safety Rules

  1. Fork PRs must never depend on repository-owned runners or private capacity.
  2. Fork PRs must never require protected secrets to get a basic review signal.
  3. Live / external / sensitive checks belong to manual-only paths guarded by a protected environment.
  4. Current docs, policy, workflow helpers, and validator logic must describe the same hosted-first model.

3. Hosted Execution Model

Think of the CI layout like a public building:

The repository should only invite outside contributors into the lobby. They should never be forced through private hallways just to open a pull request. GitHub org runner inventory no longer depends on fixed machine names.

Auto-generated: hosted CI mode, protected environments, and failure-domain facts live in generated governance reference, and required checks matrix.

4. How This Connects To Repository Gates

5. Runtime / Cleanup Boundary

Hosted-first does not mean “never clean anything.” It means cleanup should happen through repo-owned, documented rails:

Historical shared-runner cleanup tooling may still exist for forensic or migration reasons, but it is not part of the current public collaboration model.

6. Current Truth Routes

The live source of truth is: The only live source of truth is:

This page keeps the why behind the hosted-first contract. The question of “which checks are required today” should be answered by the generated projections above, not by stale prose.