diff --git a/gitea-branch-protection.js b/gitea-branch-protection.js
new file mode 100644
index 0000000..17897d7
--- /dev/null
+++ b/gitea-branch-protection.js
@@ -0,0 +1,49 @@
+const GiteaApiUrl = 'https://forge.alexanderwhitestone.com/api/v1';
+const token = 'your-gitea-access-token'; // Should be stored securely in environment variables
+const repos = ['hermes-agent', 'the-nexus', 'timmy-home', 'timmy-config'];
+
+const branchProtectionSettings = {
+  enablePush: false,
+  enableMerge: true,
+  requiredApprovals: 1,
+  dismissStaleApprovals: true,
+  requiredStatusChecks: true,
+  blockForcePush: true,
+  blockDelete: true
+};
+
+async function applyBranchProtection(repo) {
+  try {
+    const response = await fetch(`${giteaApiUrl}/repos/Timmy_Foundation/${repo}/branches/main/protection`, {
+      method: 'POST',
+      headers: {
+        'Authorization': `token ${token}`,
+        'Content-Type': 'application/json'
+      },
+      body: JSON.stringify({
+        ...branchProtectionSettings,
+        requiredApprovals: repo === 'hermes-agent' ? 2 : 1,
+        requiredStatusChecks: repo === 'the-nexus' ? false : true
+      })
+    });
+
+    if (!response.ok) {
+      throw new Error(`Failed to apply branch protection to ${repo}: ${await response.text()}`);
+    }
+
+    console.log(`✅ Branch protection applied to ${repo}`);
+  } catch (error) {
+    console.error(`❌ Error applying branch protection to ${repo}: ${error.message}`);
+  }
+}
+
+async function setupAllBranchProtections() {
+  console.log('🚀 Applying branch protections to all repositories...');
+  for (const repo of repos) {
+    await applyBranchProtection(repo);
+  }
+  console.log('✅ All branch protections applied successfully');
+}
+
+// Run the setup
+setupAllBranchProtections();