From 0ccae4c7c55ab0305d9aefc89b8f2759cd81650e Mon Sep 17 00:00:00 2001
From: Alexander Whitestone <alexpaynex@gmail.com>
Date: Tue, 7 Apr 2026 02:23:19 -0400
Subject: [PATCH] docs: establish mandatory PR reviewer assignment policy
 (#916)

Add docs/pr-reviewer-policy.md defining org-wide rules:
- Every PR must have a reviewer assigned before merge
- Default reviewer: @perplexity
- Rebase or close PRs that drift more than 2 weeks
- Close zombie PRs (0 commits ahead of base)

Add reference to reviewer policy in CONTRIBUTING.md.

Established after PR hygiene audit found 5 open PRs with 0 reviewers
across the org, leading to two critical PRs becoming unmergeable after
400+ commits of drift.

Refs #916
---
 CONTRIBUTING.md            |  4 ++++
 docs/pr-reviewer-policy.md | 42 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 46 insertions(+)
 create mode 100644 docs/pr-reviewer-policy.md

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index d50e88f..ea125b5 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -17,3 +17,7 @@ Removal is a first-class contribution. Baseline: 4,462 lines (2026-03-25). Goes
 Applies to every contributor: human, Timmy, Claude, Perplexity, Gemini, Kimi, Grok.
 Exception: initial dependency config files (requirements.txt, package.json).
 No other exceptions. Too big? Break it up.
+
+## Reviewer Policy
+
+**Every PR must have a reviewer assigned before merge.** See [docs/pr-reviewer-policy.md](docs/pr-reviewer-policy.md).
diff --git a/docs/pr-reviewer-policy.md b/docs/pr-reviewer-policy.md
new file mode 100644
index 0000000..952b4ea
--- /dev/null
+++ b/docs/pr-reviewer-policy.md
@@ -0,0 +1,42 @@
+# PR Reviewer Assignment Policy
+
+**Effective: 2026-04-07** — Established after org-wide PR hygiene audit (issue #916).
+
+## Rule: Every PR must have at least one reviewer assigned before merge.
+
+No exceptions. Unreviewed PRs will not be merged.
+
+## Who to assign
+
+| PR type | Default reviewer |
+|---|---|
+| Security / auth changes | @perplexity |
+| Infrastructure / fleet | @perplexity |
+| Sovereignty / local inference | @perplexity |
+| Documentation | any team member |
+| Agent-generated PRs | @perplexity |
+
+When in doubt, assign @perplexity.
+
+## Why this policy exists
+
+Audit on 2026-04-07 found 5 open PRs across the org — zero had a reviewer assigned.
+Two PRs containing critical security and sovereignty work (hermes-agent #131, #170) drifted
+400+ commits from `main` and became unmergeable because nobody reviewed them while main advanced.
+
+The cost: weeks of rebase work to rescue two commits of actual changes.
+
+## PR hygiene rules
+
+1. **Assign a reviewer on open.** Don't open a PR without a reviewer.
+2. **Rebase within 2 weeks.** If a PR sits for 2 weeks, rebase it or close it.
+3. **Close zombie PRs.** A PR with 0 commits ahead of base should be closed immediately.
+4. **Cherry-pick, don't rebase 400 commits.** When a branch drifts far, extract the actual
+   changes onto a fresh branch rather than rebasing the entire history.
+
+## Enforcement
+
+Agent-opened PRs (Timmy, Claude, etc.) must include `reviewers` in the PR creation payload.
+The forge API accepts `"reviewers": ["perplexity"]` in the PR body.
+
+See: issue #916 for the audit that established this policy.
-- 
2.43.0