This repository is a reference architecture showcase extracted from a real, long-running production system. It focuses exclusively on architectural structure, execution boundaries, and modernization strategy --- not on business-specific logic or a ready-to-deploy application.
The full system context, constraints, and outcomes are described in the corresponding case study: 👉 https://rocketdeploy.dev/en/case-studies/commerce-platform-modernization/
Business logic, proprietary rules, customer data, and sensitive identifiers have been removed or anonymized. This repository is provided for architectural review and educational purposes only.
This system is a long-running PHP-based modular monolith built on an MVC framework and continuously used in production for approximately a decade.
The architecture combines:
- Interactive web-based operational workflows
- Scheduled automation scripts
- Direct integrations with external service providers
- Shared relational persistence and filesystem artifacts
The current engineering objective is controlled architectural evolution:
Preserve operational continuity while progressively formalizing boundaries, isolating responsibilities, and preparing the system for service-level extraction, a dedicated BFF layer, SPA frontend migration, and future AI-assisted operational augmentation.
This document focuses on architecture, boundaries, and modernization trajectory --- not on business logic.
At runtime, the platform exposes:
- A primary operational web surface
- A secondary scoped administrative surface (separate namespace/session context)
- Multiple scheduler-triggered entry scripts
- Direct external-provider integrations (HTTP/XML/SDK-based)
The repository also includes containerized deployment configuration and CI/CD validation pipelines.
Evidence: The codebase defines two separate HTTP front controllers and separate rewrite rules, each bootstrapping a web application runtime with its own surface configuration (namespace/base URL/session scope).
Evidence: Multiple standalone scripts instantiate the same web
application container and execute internal actions directly (interactive
run() vs scheduled runAction(...)).
For architectural analysis:
- Application bootstrap and configuration merge
- Module composition and component registration
- HTTP controllers as entry adapters
- Domain entities and orchestration-heavy methods
- Scheduler entry scripts and automation paths
- Integration adapters and external-provider contracts
- Containerization and CI pipelines
Evidence: Both HTTP surfaces and scheduler scripts load the same autoload/bootstrap stack and compose runtime configuration via explicit merge steps (common + surface-specific).
The current system can be described as a stabilized modular monolith:
- Single process runtime
- Shared relational database
- MVC-based presentation layer
- Active Record domain modeling
- Embedded integration adapters
- Script-triggered background automation
Controllers orchestrate domain state transitions. Domain models frequently coordinate persistence and integration calls. Automation scripts reuse application runtime and action logic.
Evidence: Scheduler entry scripts bootstrap the same application container as HTTP and dispatch internal actions directly rather than running an isolated worker runtime.
Evidence: Controllers serve both server-rendered HTML responses and JSON responses by switching response format and returning structured payloads.
Modernization focuses on explicit boundary formalization rather than replacement.
Logical boundaries currently identifiable:
- Presentation Boundary --- MVC controllers and views
- Application Orchestration Boundary --- state transitions, queue writes, downstream calls
- Domain Boundary --- entity modeling and persistence
- Integration Boundary --- provider-specific adapters and communication layers
- Execution Boundary --- HTTP lifecycle vs scheduler-triggered execution
Physical deployment remains single-unit; logical separation is visible and incrementally formalized.
Functional grouping includes:
- Core shared configuration and base models
- Primary operational module
- Secondary scoped module with separate session/base URL
- Infrastructure layer (runtime, containerization, CI definitions)
- Embedded provider SDK layer
Namespace-level modularization exists without runtime isolation.
Integration strategies include:
- Direct HTTP invocation
- XML-based request/response contracts
- Embedded SDK calls
- Environment-configured transport mechanisms
Evidence: External-provider integrations are implemented through direct HTTP calls, XML request/response handling, and embedded SDK inclusions; invocations occur both from controller-level orchestration and from domain-model methods, with error handling largely local to operations.
Modernization aims to formalize contracts and isolate integration density.
- HTTP request enters controller
- Application bootstraps configuration
- Access-control rules evaluated
- Domain mutation performed
- Optional integration invoked
- Response returned (HTML or JSON)
- Scheduler executes standalone script
- Full application runtime bootstrapped
- Internal action dispatched
- Batch operation executed
Evidence: Scheduled scripts invoke internal actions via direct dispatch after bootstrapping the full web application container.
- Operational action writes queue entry
- Queue-processing action reads and deserializes payload
- Event dispatched and processed
- Entry removed from storage
Evidence: A persistent queue entity stores event metadata and serialized parameters in a database table; a dedicated queue-processing action deserializes payloads, dispatches by type/event, and deletes processed entries.
Primary persistence:
- Relational database
- Active Record entities
- Status-driven workflow state
Secondary state:
- Filesystem artifacts
- Deferred execution queue
Queue payload uses serialized parameter blobs and compact item lists to support deferred orchestration.
Reliability mechanisms are primarily localized:
- Application-level logging
- Inline integration error handling
- Conditional fallback logic
- Queue preprocessing to reduce grouped-operation inconsistency
Modernization objectives include standardized retry policies, explicit idempotence boundaries, and centralized observability.
Security controls include:
- Session isolation between surfaces
- Controller-level access rules
- Request validation components
- Environment-based credential handling
Future evolution targets boundary-level policy centralization.
Historical strengths:
- Single deployable unit simplified operations
- In-process orchestration reduced duplication
- Shared runtime enabled rapid feature evolution
Trade-offs:
- Increasing integration density raised coupling
- Scheduler reuse blends execution contexts
- Cross-cutting orchestration spans multiple layers
These characteristics reflect natural system evolution under sustained operational load.
Recommended review approach:
- Inventory entry points
- Map orchestration paths
- Identify integration density clusters
- Separate domain transitions from I/O side effects
- Locate implicit boundary crossings
- Prioritize extraction candidates by coupling and I/O exposure
Transformation follows a staged model:
- Phase 0 --- Stabilized Modular Monolith
- Phase 1 --- Boundary Formalization
- Phase 2 --- High I/O Domain Extraction
- Phase 3 --- BFF Introduction
- Phase 4 --- SPA Migration
- Phase 5 --- AI-Assisted Operational Augmentation
Extraction sequencing is guided by integration density and orchestration complexity rather than UI structure.
Target characteristics:
- Domain services with explicit interfaces
- Isolated integration adapters
- Dedicated worker execution context
- Clear BFF boundary
- Separation of domain logic and side effects
- Centralized observability and retry semantics
Future AI integration is positioned as a decision-support augmentation layer:
- Operates on structured operational data
- Generates recommendations or summaries
- Does not mutate state directly
- Does not call providers directly
- Respects explicit orchestration contracts
AI augments operational tooling without replacing deterministic workflow execution.
This repository reflects a realistic modernization stage:
A production-proven modular monolith whose domain model has demonstrated long-term viability and is now being systematically evolved toward service isolation, boundary clarity, and frontend decoupling.
The transformation is incremental, contract-driven, and operationally safe.
If you are dealing with a similar challenge --- modernizing a legacy operational platform, extracting services from a modular monolith, or evolving a production system without disrupting business continuity ---