2026-04-07 06:37:30 +00:00
|
|
|
# Branch Protection & Review Policy
|
|
|
|
|
|
2026-04-07 09:54:37 +00:00
|
|
|
## 🛡️ Enforced Branch Protection Rules
|
|
|
|
|
|
|
|
|
|
All repositories must apply the following branch protection rules to the `main` branch:
|
|
|
|
|
|
|
|
|
|
| Rule | Setting | Rationale |
|
|
|
|
|
|------|---------|-----------|
|
|
|
|
|
| Require PR for merge | ✅ Required | Prevent direct pushes to `main` |
|
|
|
|
|
| Required approvals | ✅ 1 approval | Ensure at least one reviewer approve before merge |
|
|
|
|
|
| Dismiss stale approvals | ✅ Auto-dismiss | Require re-approval after new commits |
|
|
|
|
|
| Require CI to pass | ✅ Where CI exist | Prevent merging of failing builds |
|
|
|
|
|
| Block force push | ✅ Enabled | Protect commit history |
|
|
|
|
|
| Block branch deletion | ✅ Enabled | Prevent accidental deletion of `main` |
|
|
|
|
|
|
|
|
|
|
> ⚠️ Note: CI enforcement is optional for repositories where CI is not yet configured.
|
|
|
|
|
|
|
|
|
|
---
|
|
|
|
|
|
|
|
|
|
### 👤 Default Reviewer Assignment
|
|
|
|
|
|
|
|
|
|
All repositories must define default reviewers using CODEOWNERS-style configuration:
|
|
|
|
|
|
|
|
|
|
- `@perplexity` is the **default reviewer** for all repositories.
|
|
|
|
|
- `@Timmy` is a **required reviewer** for `hermes-agent`.
|
|
|
|
|
- Repository-specific owners may be added for specialized areas.
|
|
|
|
|
|
|
|
|
|
---
|
|
|
|
|
|
2026-04-13 21:44:26 -04:00
|
|
|
### 📋 Affected Repositories
|
2026-04-07 09:54:37 +00:00
|
|
|
|
|
|
|
|
| Repository | Status | Notes |
|
|
|
|
|
|-------------|--------|-------|
|
|
|
|
|
| `hermes-agent` | ✅ Protected | CI is active |
|
|
|
|
|
| `the-nexus` | ✅ Protected | CI is pending |
|
|
|
|
|
| `timmy-home` | ✅ Protected | No CI |
|
|
|
|
|
| `timmy-config` | ✅ Protected | Limited CI |
|
|
|
|
|
|
|
|
|
|
---
|
|
|
|
|
|
|
|
|
|
### ✅ Acceptance Criteria
|
|
|
|
|
|
|
|
|
|
- [ ] Branch protection enabled on `hermes-agent` main
|
|
|
|
|
- [ ] Branch protection enabled on `the-nexus` main
|
|
|
|
|
- [ ] Branch protection enabled on `timmy-home` main
|
|
|
|
|
- [ ] Branch protection enabled on `timmy-config` main
|
|
|
|
|
- [ ] `@perplexity` set as default reviewer org-wide
|
|
|
|
|
- [ ] Policy documented in this file
|
|
|
|
|
|
|
|
|
|
---
|
|
|
|
|
|
2026-04-13 21:44:26 -04:00
|
|
|
### 🚧 Enforcement
|
2026-04-07 06:37:30 +00:00
|
|
|
|
|
|
|
|
- All repositories must have these rules applied in the Gitea UI under **Settings > Branches > Branch Protection**.
|
|
|
|
|
- CI must be configured and enforced for repositories with CI pipelines.
|
|
|
|
|
- Reviewers assignments must be set via CODEOWNERS or manually in the UI.
|
|
|
|
|
|
2026-04-13 21:44:26 -04:00
|
|
|
---
|
2026-04-07 06:37:30 +00:00
|
|
|
|
2026-04-13 21:44:26 -04:00
|
|
|
### 🧠 Notes
|
2026-04-07 06:37:30 +00:00
|
|
|
|
|
|
|
|
- For repositories without CI, the "Require CI to Pass" rule is optional.
|
2026-04-13 21:44:26 -04:00
|
|
|
- This policy is versioned and must be updated as needed.
|
