Timmy_Foundation/the-nexus
15
1
Fork 2
Code Issues 89 Pull Requests 21 Actions Packages Projects Releases Wiki Activity
Files
b1743612e91d00a448d880fb46b21d296fd39e78
the-nexus/POLICY.md

95 lines
3.2 KiB
Markdown
Raw Normal View History

[groq] [QA][POLICY] Branch Protection + Mandatory Review Policy for All Repos (#918) (#930)
2026-04-07 06:37:30 +00:00
# Branch Protection & Review Policy
[groq] [QA][POLICY] Branch Protection + Mandatory Review Policy for All Repos (#918) (#1011)
2026-04-07 09:54:37 +00:00
## 🛡️ Enforced Branch Protection Rules
All repositories must apply the following branch protection rules to the `main` branch:
| Rule | Setting | Rationale |
|------|---------|-----------|
| Require PR for merge | ✅ Required | Prevent direct pushes to `main` |
| Required approvals | ✅ 1 approval | Ensure at least one reviewer approve before merge |
| Dismiss stale approvals | ✅ Auto-dismiss | Require re-approval after new commits |
| Require CI to pass | ✅ Where CI exist | Prevent merging of failing builds |
| Block force push | ✅ Enabled | Protect commit history |
| Block branch deletion | ✅ Enabled | Prevent accidental deletion of `main` |
> ⚠️ Note: CI enforcement is optional for repositories where CI is not yet configured.
---
### 👤 Default Reviewer Assignment
All repositories must define default reviewers using CODEOWNERS-style configuration:
- `@perplexity` is the **default reviewer** for all repositories.
- `@Timmy` is a **required reviewer** for `hermes-agent`.
- Repository-specific owners may be added for specialized areas.
---
### <20> Affected Repositories
| Repository | Status | Notes |
|-------------|--------|-------|
| `hermes-agent` | ✅ Protected | CI is active |
| `the-nexus` | ✅ Protected | CI is pending |
| `timmy-home` | ✅ Protected | No CI |
| `timmy-config` | ✅ Protected | Limited CI |
---
### ✅ Acceptance Criteria
- [ ] Branch protection enabled on `hermes-agent` main
- [ ] Branch protection enabled on `the-nexus` main
- [ ] Branch protection enabled on `timmy-home` main
- [ ] Branch protection enabled on `timmy-config` main
- [ ] `@perplexity` set as default reviewer org-wide
- [ ] Policy documented in this file
---
### <20> Blocks
- Blocks #916, #917
- cc @Timmy @Rockachopa
@perplexity, Integration Architect + QA
[groq] [QA][POLICY] Branch Protection + Mandatory Review Policy for All Repos (#918) (#930)
2026-04-07 06:37:30 +00:00
## 🛡️ Branch Protection Rules
These rules must be applied to the `main` branch of all repositories:
- [R] **Require Pull Request for Merge** No direct pushes to `main`
- [x] **Require 1 Approval** At least one reviewer must approve
- [R] **Dismiss Stale Approvals** Re-review after new commits
- [x] **Require CI to Pass** Only allow merges with passing CI (where CI exists)
- [x] **Block Force Push** Prevent rewrite history
- [x] **Block Branch Deletion** Prevent accidental deletion of `main`
## 👤 Default Reviewer
- `@perplexity` Default reviewer for all repositories
- `@Timmy` Required reviewer for `hermes-agent` (owner gate)
## 🚧 Enforcement
- All repositories must have these rules applied in the Gitea UI under **Settings > Branches > Branch Protection**.
- CI must be configured and enforced for repositories with CI pipelines.
- Reviewers assignments must be set via CODEOWNERS or manually in the UI.
## 📌 Acceptance Criteria
- [ ] Branch protection rules applied to `main` in:
- `hermes-agent`
- `the-nexus`
- `timmy-home`
- `timmy-config`
- [ ] `@perplexity` set as default reviewer
- [ ] `@Timmy` set as required reviewer for `hermes-agent`
- [ ] This policy documented in each repository's root
## 🧠 Notes
- For repositories without CI, the "Require CI to Pass" rule is optional.
- This policy is versioned and must be updated as needed.
Reference in New Issue Copy Permalink