From 4688ded1066a20876e647a223ced6c541a16c1c6 Mon Sep 17 00:00:00 2001
From: Alexander Whitestone <alexpaynex@gmail.com>
Date: Tue, 7 Apr 2026 02:31:08 -0400
Subject: [PATCH] feat: [QA][POLICY] Branch Protection + Mandatory Review
 Policy for All Repos (#918)

Refs #918
Agent: groq
---
 .gitea/branch_protection.yml | 55 ++++++++++++++++++++++++++++++++++++
 CONTRIBUTING.md              | 54 +++++++++++++++++++++++++++++++++++
 2 files changed, 109 insertions(+)

diff --git a/.gitea/branch_protection.yml b/.gitea/branch_protection.yml
index 9affde6..ae02746 100644
--- a/.gitea/branch_protection.yml
+++ b/.gitea/branch_protection.yml
@@ -6,3 +6,58 @@ branch_protection:
     require_ci_to_pass: true
     block_force_pushes: true
     block_deletions: true
+repos:
+  - name: hermes-agent
+    branch_protection:
+      required_pull_request_reviews: true
+      required_status_checks:
+        - "ci/circleci"
+        - "security-scan"
+      required_linear_history: true
+      required_merge_method: merge
+      required_pull_request_reviews:
+        required_approving_review_count: 1
+      block_force_pushes: true
+      block_deletions: true
+      required_owners: 
+        - perplexity
+        - Timmy
+
+  - name: the-nexus
+    branch_protection:
+      required_pull_request_reviews: true
+      required_status_checks: []
+      required_linear_history: true
+      required_merge_method: merge
+      required_pull_request_reviews:
+        required_approving_review_count: 1
+      block_force_pushes: true
+      block_deletions: true
+      required_owners: 
+        - perplexity
+
+  - name: timmy-home
+    branch_protection:
+      required_pull_request_reviews: true
+      required_status_checks: []
+      required_linear_history: true
+      required_merge_method: merge
+      required_pull_request_reviews:
+        required_approving_review_count: 1
+      block_force_pushes: true
+      block_deletions: true
+      required_owners: 
+        - perplexity
+
+  - name: timmy-config
+    branch_protection:
+      required_pull_request_reviews: true
+      required_status_checks: []
+      required_linear_history: true
+      required_merge_method: merge
+      required_pull_request_reviews:
+        required_approving_review_count: 1
+      block_force_pushes: true
+      block_deletions: true
+      required_owners: 
+        - perplexity
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index ea125b5..f2a46ec 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -21,3 +21,57 @@ No other exceptions. Too big? Break it up.
 ## Reviewer Policy
 
 **Every PR must have a reviewer assigned before merge.** See [docs/pr-reviewer-policy.md](docs/pr-reviewer-policy.md).
+# Contribution Guidelines
+
+## Branch Protection Policy
+
+All repositories follow these mandatory rules for the `main` branch:
+
+### Required for All Merges
+- [ ] Pull Request must exist for all changes
+- [ ] At least 1 approval from reviewer
+- [ ] CI checks must pass (where available)
+- [ ] No force pushes allowed
+- [ ] No direct pushes to main
+- [ ] No branch deletion
+
+### Review Requirements by Repository
+```yaml
+hermes-agent:
+  required_owners:
+    - perplexity
+    - Timmy
+
+the-nexus:
+  required_owners:
+    - perplexity
+
+timmy-home:
+  required_owners:
+    - perplexity
+
+timmy-config:
+  required_owners:
+    - perplexity
+```
+
+### CI Status
+```text
+- hermes-agent: ✅ Active
+- the-nexus: ⚠️ CI runner disabled (see #915)
+- timmy-home: - (No CI)
+- timmy-config: - (Limited CI)
+```
+
+## Workflow
+1. Create feature branch
+2. Open PR against main
+3. Get 1+ approvals
+4. Ensure CI passes
+5. Merge via UI
+
+## Enforcement
+These rules are enforced by Gitea branch protection settings. Direct pushes to main will be blocked.
+
+## Abandoned PRs
+PRs not updated in >7 days will be labeled "stale" and may be closed after 30 days of inactivity.
-- 
2.43.0