diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index d50e88f..ea125b5 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -17,3 +17,7 @@ Removal is a first-class contribution. Baseline: 4,462 lines (2026-03-25). Goes Applies to every contributor: human, Timmy, Claude, Perplexity, Gemini, Kimi, Grok. Exception: initial dependency config files (requirements.txt, package.json). No other exceptions. Too big? Break it up. + +## Reviewer Policy + +**Every PR must have a reviewer assigned before merge.** See [docs/pr-reviewer-policy.md](docs/pr-reviewer-policy.md). diff --git a/docs/pr-reviewer-policy.md b/docs/pr-reviewer-policy.md new file mode 100644 index 0000000..952b4ea --- /dev/null +++ b/docs/pr-reviewer-policy.md @@ -0,0 +1,42 @@ +# PR Reviewer Assignment Policy + +**Effective: 2026-04-07** — Established after org-wide PR hygiene audit (issue #916). + +## Rule: Every PR must have at least one reviewer assigned before merge. + +No exceptions. Unreviewed PRs will not be merged. + +## Who to assign + +| PR type | Default reviewer | +|---|---| +| Security / auth changes | @perplexity | +| Infrastructure / fleet | @perplexity | +| Sovereignty / local inference | @perplexity | +| Documentation | any team member | +| Agent-generated PRs | @perplexity | + +When in doubt, assign @perplexity. + +## Why this policy exists + +Audit on 2026-04-07 found 5 open PRs across the org — zero had a reviewer assigned. +Two PRs containing critical security and sovereignty work (hermes-agent #131, #170) drifted +400+ commits from `main` and became unmergeable because nobody reviewed them while main advanced. + +The cost: weeks of rebase work to rescue two commits of actual changes. + +## PR hygiene rules + +1. **Assign a reviewer on open.** Don't open a PR without a reviewer. +2. **Rebase within 2 weeks.** If a PR sits for 2 weeks, rebase it or close it. +3. **Close zombie PRs.** A PR with 0 commits ahead of base should be closed immediately. +4. **Cherry-pick, don't rebase 400 commits.** When a branch drifts far, extract the actual + changes onto a fresh branch rather than rebasing the entire history. + +## Enforcement + +Agent-opened PRs (Timmy, Claude, etc.) must include `reviewers` in the PR creation payload. +The forge API accepts `"reviewers": ["perplexity"]` in the PR body. + +See: issue #916 for the audit that established this policy.