CODEOWNERS

@@ -67,7 +67,7 @@ the-nexus/ai/ @Timmy
 timmy-home/ @perplexity
 timmy-config/ @perplexity
 
-# Owner gates
+# Owner gates for critical systems
 hermes-agent/ @Timmy
 
 # Owner gates
@@ -89,9 +89,36 @@ CONTRIBUTING.md
 <<<<<<< search
 # Contribution & Code Review Policy
 
-## Branch Protection & Review Policy
+## Branch Protection & Mandatory Review Policy
 
-All repositories must enforce these rules on the `main` branch:
+**Enforced rules for all repositories:**
+
+| Rule | Status | Rationale |
+|------|--------|-----------|
+| Require PR for merge | ✅ Enabled | Prevent direct commits |
+| Required approvals | 1+ | Minimum review threshold |
+| Dismiss stale approvals | ✅ Enabled | Re-review after new commits |
+| Require CI to pass | ⚠ Conditional | Only where CI exists |
+| Block force push | ✅ Enabled | Protect commit history |
+| Block branch deletion | ✅ Enabled | Prevent accidental deletion |
+
+**Default Reviewers:**
+- @perplexity (all repositories - QA gate)
+- @Timmy (hermes-agent only - owner gate)
+
+**CI Enforcement:**
+- hermes-agent: Full CI enforcement
+- the-nexus: CI pending runner restoration (#915)
+- timmy-home: No CI enforcement
+- timmy-config: Limited CI
+
+**Implementation Status:**
+- [x] hermes-agent protection enabled
+- [x] the-nexus protection enabled
+- [x] timmy-home protection enabled
+- [x] timmy-config protection enabled
+
+> This policy replaces all previous ad-hoc workflows. Any exceptions require written approval from @Timmy and @perplexity.
 
 | Rule | Status | Rationale |
 |---|---|---|