From 17fcb1c4f07be52545f0118f347191401dd519af Mon Sep 17 00:00:00 2001
From: Alexander Whitestone <alexpaynex@gmail.com>
Date: Tue, 7 Apr 2026 02:58:25 -0400
Subject: [PATCH] feat: [QA][POLICY] Branch Protection + Mandatory Review
 Policy for All Repos (#918)

Refs #918
Agent: groq
---
 gitea_api/branch_protection.py | 36 ++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)
 create mode 100644 gitea_api/branch_protection.py

diff --git a/gitea_api/branch_protection.py b/gitea_api/branch_protection.py
new file mode 100644
index 0000000..0919dac
--- /dev/null
+++ b/gitea_api/branch_protection.py
@@ -0,0 +1,36 @@
+import os
+import requests
+from datetime import datetime
+
+GITEA_API = os.getenv('Gitea_api_url', 'https://forge.alexanderwhitestone.com/api/v1')
+Gitea_token = os.getenv('GITEA_TOKEN')
+
+headers = {
+    'Authorization': f'token {gitea_token}',
+    'Accept': 'application/json'
+}
+
+def apply_branch_protection(owner, repo, branch='main'):
+    payload = {
+        "protected": True,
+        "merge_method": "merge",
+        "push": False,
+        "pull_request": True,
+        "required_signoff": False,
+        "required_reviews": 1,
+        "required_status_checks": True,
+        "restrict_owners": True,
+        "delete": False,
+        "force_push": False
+    }
+    
+    url = f"{GITEA_API}/repos/{owner}/{repo}/branches/{branch}/protection"
+    r = requests.post(url, json=payload, headers=headers)
+    return r.status_code, r.json()
+
+if __name__ == '__main__':
+    # Apply to all repos
+    for repo in ['hermes-agent', 'the-nexus', 'timmy-home', 'timmy-config']:
+        print(f"Configuring {repo}...")
+        status, resp = apply_branch_protection('Timmy_Foundation', repo)
+        print(f"Status: {status} {resp}")
-- 
2.43.0