diff --git a/.gitignore b/.gitignore
index 2556e45e..769e943d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,3 +2,4 @@ node_modules/
 test-results/
 nexus/__pycache__/
 tests/__pycache__/
+.aider*
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index d50e88fb..27b396c2 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -17,3 +17,53 @@ Removal is a first-class contribution. Baseline: 4,462 lines (2026-03-25). Goes
 Applies to every contributor: human, Timmy, Claude, Perplexity, Gemini, Kimi, Grok.
 Exception: initial dependency config files (requirements.txt, package.json).
 No other exceptions. Too big? Break it up.
+# Branch Protection & Review Policy
+
+## Overview
+
+All repositories under the `Timmy_Foundation` organization must enforce the following branch protection rules on the `main` branch to ensure code quality and prevent unreviewed changes from being merged.
+
+## Required Branch Protection Rules
+
+| Rule | Status | Description |
+|------|--------|-------------|
+| Require Pull Request for Merge | ✅ Enabled | Direct pushes to `main` are prohibited. |
+| Required Approvals | ✅ 1 Approval Required | At least one reviewer must approve the PR. |
+| Dismiss Stale Approvals | ✅ Enabled | Approvals are dismissed on new commits. |
+| Require CI to Pass | ✅ Enabled (where CI exists) | Merging is blocked on failing CI. |
+| Block Force Push | ✅ Enabled | Prevents rewriting of `main` history. |
+| Block Branch Deletion | ✅ Enabled | Prevents accidental deletion of `main`. |
+
+## Default Reviewer Assignment
+
+- `@perplexity`: Default reviewer for all repositories (QA gate).
+- `@Timmy`: Required reviewer for `hermes-agent` (owner gate).
+- Repo-specific owners: Required for specialized areas.
+
+## Implementation Status
+
+- [x] `hermes-agent` - All rules applied.
+- [x] `the-nexus` - All rules applied (CI pending).
+- [x] `timmy-home` - PR + 1 approval enforced.
+- [x] `timmy-config` - PR + 1 approval enforced.
+
+## Compliance
+
+All team members must:
+- Open a PR for any changes to `main`.
+- Ensure at least one reviewer approves the PR.
+- Ensure CI passes before merging.
+- Avoid force-pushing to `main`.
+
+## Exceptions
+
+Exceptions require explicit approval from `@Timmy` and must be documented in the PR description.
+
+## Enforcement
+
+This policy is enforced via Gitea branch protection rules. Violations will be blocked at the platform level.
+
+## References
+
+- [Gitea Branch Protection Docs](https://docs.gitea.io/en-us/dev/branch-protection/)
+- [Issue #918 - Policy Rationale](https://forge.alexanderwhitestone.com/Timmy_Foundation/the-nexus/issues/918)