POLICY.md

@@ -0,0 +1,40 @@
+# Branch Protection & Review Policy
+
+This document outlines the mandatory branch protection rules for all repositories in the TImmy Foundation organization.
+
+## 🛡️ Branch Protection Rules
+
+These rules must be applied to the `main` branch of all repositories:
+- [R] **Require Pull Request for Merge** – No direct pushes to `main`
+- [x] **Require 1 Approval** – At least one reviewer must approve
+- [R] **Dismiss Stale Approvals** – Re-review after new commits
+- [x] **Require CI to Pass** – Only allow merges with passing CI (where CI exists)
+- [x] **Block Force Push** – Prevent rewrite history
+- [x] **Block Branch Deletion** – Prevent accidental deletion of `main`
+
+## 👤 Default Reviewer
+
+- `@perplexity` – Default reviewer for all repositories
+- `@Timmy` – Required reviewer for `hermes-agent` (owner gate)
+
+## 🚧 Enforcement
+
+- All repositories must have these rules applied in the Gitea UI under **Settings > Branches > Branch Protection**.
+- CI must be configured and enforced for repositories with CI pipelines.
+- Reviewers assignments must be set via CODEOWNERS or manually in the UI.
+
+## 📌 Acceptance Criteria
+
+- [ ] Branch protection rules applied to `main` in:
+  - `hermes-agent`
+  - `the-nexus`
+  - `timmy-home`
+  - `timmy-config`
+- [ ] `@perplexity` set as default reviewer
+- [ ] `@Timmy` set as required reviewer for `hermes-agent`
+- [ ] This policy documented in each repository's root
+
+## 🧠 Notes
+
+- For repositories without CI, the "Require CI to Pass" rule is optional.
+- This policy is versioned and must be updated as needed.