diff --git a/CODEOWNERS b/CODEOWNERS
index 5d8d336..b7ddcda 100644
--- a/CODEOWNERS
+++ b/CODEOWNERS
@@ -39,32 +39,69 @@ the-nexus/ai/ @Timmy
 CONTRIBUTING.md
 ```diff
 <<<<<<< search
-# Contribution Policy for The Nexus Organization
+# Contribution & Code Review Policy
 
-## Branch Protection Rules
+## Branch Protection Rules (Enforced via Gitea)
+All repositories must have the following branch protection rules enabled on the `main` branch:
 
-All repositories must enforce:
-- Require Pull Request for merge
-- 1+ approvals required
-- Dismiss stale approvals
-- Require CI to pass (where CI exists)
-- Block force pushes
-- Block branch deletion
+| Rule | Status | Applies To |
+|------|--------|------------|
+| Require Pull Request for merge | ✅ Enabled | All |
+| Required approvals | ✅ 1+ required | All |
+| Dismiss stale approvals on new commits | ✅ Enabled | All |
+| Require CI to pass (where CI exists) | ⚠ Conditional | All |
+| Block force pushes to `main` | ✅ Enabled | All |
+| Block deletion of `main` branch | ✅ Enabled | All |
 
-## Review Requirements
+## Default Reviewer Assignments
 
-- @perplexity - Default reviewer for all repositories (QA gate)
-- @Timmy - Required reviewer for hermes-agent (owner gate)
-- Repo-specific owners for specialized areas
+| Repository | Required Reviewers |
+|------------|------------------|
+| `hermes-agent` | `@perplexity`, `@Timmy` |
+| `the-nexus` | `@perplexity` |
+| `timmy-home` | `@perplexity` |
+| `timmy-config` | `@perplexity` |
 
-For full reviewer assignments, see [CODEOWNERS](CODEOWNERS)
+## CI Enforcement Status
 
-## CI Status
+| Repository | CI Status |
+|------------|-----------|
+| `hermes-agent` | ✅ Active |
+| `the-nexus` | ⚠ CI runner pending (#915) |
+| `timmy-home` | ❌ No CI |
+| `timmy-config` | ❌ Limited CI |
 
-- ✅ hermes-agent (CI active)
-- ⚠ the-nexus (CI pending #915)
-- ❌ timmy-home (no CI)
-- ❌ timmy-config (no CI)
+## Review Workflow
+
+### For All Contributors
+- Create feature branches from `main`
+- Open PR with clear description
+- `@perplexity` will be automatically assigned as reviewer
+- For `hermes-agent`: `@Timmy` must review critical changes
+
+### For Maintainers
+- Review all PRs within 24h
+- Require at least 1 approval before merge
+- Dismiss stale approvals on new commits
+
+## Enforcement
+- Direct pushes to main: ❌ Prohibited
+- Unreviewed merges: ❌ Prohibited
+- Failing CI merges: ❌ Prohibited
+
+## Exceptions
+Emergency hotfixes require:
+- `@Timmy` approval
+- Post-merge documentation
+- Follow-up PR for full review
+
+## Policy Enforcement
+This document is the source of truth for:
+- Branch protection settings
+- Reviewer assignments
+- Merge requirements
+
+See Gitea admin settings for each repo to verify protection rules are enabled.
 
 # Default reviewer for all repositories
 * @perplexity