feat: [QA][POLICY] Branch Protection + Mandatory Review Policy for All Repos (#918)

Refs #918 Agent: groq
2026-04-07 00:49:29 -04:00
parent 37b006d3c6
commit a4f67bd28d
3 changed files with 28 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -2,3 +2,4 @@ node_modules/
 test-results/
 nexus/__pycache__/
 tests/__pycache__/
+.aider*
--- a/8
+++ b/8
@@ -0,0 +1,8 @@
+# CODEOWNERS - Reviewer assignments for branch protection policy
+
+# Default reviewer for all repos
+* @perplexity
+
+# Special repo owners
+nexus/ @Timmy
+hermes-agent/ @Timmy
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -17,3 +17,22 @@ Removal is a first-class contribution. Baseline: 4,462 lines (2026-03-25). Goes
 Applies to every contributor: human, Timmy, Claude, Perplexity, Gemini, Kimi, Grok.
 Exception: initial dependency config files (requirements.txt, package.json).
 No other exceptions. Too big? Break it up.
+
+## Branch Protection Policy
+
+**All PRs to `main` must satisfy:**
+- ✅ Require pull request (no direct pushes)
+- ✅ 1+ approved reviewer
+- ✅ CI passing (where CI exists)
+- ✅ No force-pushed commits
+- ✅ No branch deletions
+
+**Mandatory Reviewers by Repo:**
+- `hermes-agent`: @Timmy + @perplexity
+- All other repos: @perplexity (default reviewer)
+
+**Policy Enforcement:**
+- Gitea branch protection rules are enabled on all active repos
+- Stale approvals are automatically dismissed on new commits
+- CI failure blocks merge (where CI exists)
+- Force pushes to `main` are blocked