diff --git a/.gitignore b/.gitignore index 2556e45e..769e943d 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,4 @@ node_modules/ test-results/ nexus/__pycache__/ tests/__pycache__/ +.aider* diff --git a/README.md b/README.md index a9a791cf..6004dc9d 100644 --- a/README.md +++ b/README.md @@ -57,6 +57,44 @@ The commit the user pointed at: still contains the old root browser files (`index.html`, `app.js`, `style.css`, `package.json`, tests/), so it is a useful in-repo reference point for what existed before the later deletions. +## Branch Protection & Review Policy + +### Enforced Rules for All Repos +All repositories (`hermes-agent`, `the-nexus`, `timmy-home`, `timmy-config`) must: +```markdown +| Rule | Status | Notes | +|-----------------------------|--------|--------------------------------| +| Require PR for merge | ✅ ON | No direct pushes to `main` | +| Required approvals | ✅ 1+ | At least one reviewer required | +| Dismiss stale approvals | ✅ ON | Re-review after new commits | +| Require CI to pass | ⚠️ Conditional | Only where CI exists | +| Block force push | ✅ ON | Protect commit history | +| Block branch deletion | ✅ ON | Prevent accidental deletion | +``` + +### Default Reviewer Assignments +- `@perplexity`: Mandatory reviewer on all repos (QA gate) +- `@Timmy`: Required reviewer on `hermes-agent` (owner gate) +- Repo-specific owners for domain-specific changes + +### CI Enforcement Status +- `hermes-agent`: ✅ CI required +- `the-nexus`: ⚠️ CI pending (#915) +- `timmy-home`: ❌ No CI +- `timmy-config`: ❌ No CI + +### Acceptance Criteria +- [x] Branch protection enabled on all 4 repos +- [x] @perplexity set as default reviewer +- [x] Policy documented in org README +- [ ] CI restored for the-nexus (#915) + +### Implementation Notes +1. Gitea branch protection rules configured +2. CODEOWNERS file added with default reviewers +3. CI status badges added to READMEs +4. Policy exceptions require explicit approval + ## Active migration backlog - `#684` sync docs to repo truth