diff --git a/CODEOWNERS b/CODEOWNERS
index a36fbd4..0448e3a 100644
--- a/CODEOWNERS
+++ b/CODEOWNERS
@@ -32,3 +32,25 @@ the-nexus/ai/ @Timmy
 CONTRIBUTING.md
 ```diff
 <<<<<<< search
+# CODEOWNERS file for repository review requirements
+
+# Default reviewer for all repositories
+* @perplexity
+
+# Specialized component owners
+hermes-agent/ @Timmy
+the-nexus/ @perplexity
+timmy-home/ @perplexity
+timmy-config/ @perplexity
+
+# Specialized component owners
+hermes-agent/ @Timmy
+hermes-agent/protocol/ @Timmy
+the-nexus/portals/ @perplexity
+the-nexus/ai/ @Timmy
+
+# Specialized component owners
+hermes-agent/agent-core/ @Rockachopa
+hermes-agent/protocol/ @Timmy
+the-nexus/portals/ @perplexity
+the-nexus/ai/ @Timmy
diff --git a/README.md b/README.md
index d3d1af4..d3487e3 100644
--- a/README.md
+++ b/README.md
@@ -185,3 +185,23 @@ See [docus/branch-protection.md](docus/branch-protection.md) for full policy det
 - `@perplexity`: Default reviewer for all repositories.
 - `@Timmy`: Required reviewer for `hermes-agent` (owner gate).
 - Repo-specific owners for specialized areas.
+# Timmy Foundation Organization Policy
+
+## Branch Protection & Review Requirements
+
+All repositories must follow these rules for main branch protection:
+
+1. **Require Pull Request for Merge** - All changes must go through PR process
+2. **Minimum 1 Approval Required** - At least one reviewer must approve
+3. **Dismiss Stale Approvals** - Approvals expire with new commits
+4. **Require CI Success** - For hermes-agent only (CI runner #915)
+5. **Block Force Push** - Prevent direct history rewriting
+6. **Block Branch Deletion** - Prevent accidental main branch deletion
+
+### Default Reviewers Assignments
+
+- **All repositories**: @perplexity (QA gate)
+- **hermes-agent**: @Timmy (owner gate)
+- **Specialized areas**: Repo-specific owners for domain expertise
+
+See [.github/CODEOWNERS](.github/CODEOWNERS) for specific file path review assignments.
diff --git a/gitea-branch-protection.sh b/gitea-branch-protection.sh
index 930d9e5..09f43d4 100644
--- a/gitea-branch-protection.sh
+++ b/gitea-branch-protection.sh
@@ -17,3 +17,28 @@ do
         "block_deletions": true
       }'
 done
+#!/bin/bash
+
+# Gitea API credentials
+GITEA_TOKEN="your-personal-access-token"
+GITEA_API="https://forge.alexanderwhitestone.com/api/v1"
+
+# Repos to protect
+REPOS=("hermes-agent" "the-nexus" "timmy-home" "timmy-config")
+
+for REPO in "${REPO[@]}"; do
+  echo "Configuring branch protection for $REPO..."
+  
+  curl -X POST -H "Authorization: token $GITEA_TOKEN" \
+    -H "Content-Type: application/json" \
+    -d '{
+          "name": "main",
+          "require_pull_request": true,
+          "required_approvals": 1,
+          "dismiss_stale_approvals": true,
+          "required_status_checks": '"$(test "$REPO" = "hermes-agent" && echo "true" || echo "false")"',
+          "block_force_push": true,
+          "block_delete": true
+        }' \
+    "$GITEA_API/repos/Timmy_Foundation/$REPO/branch_protection"
+done