diff --git a/CODEOWNERS b/CODEOWNERS index b7ddcda..32afab2 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -41,67 +41,64 @@ CONTRIBUTING.md <<<<<<< search # Contribution & Code Review Policy -## Branch Protection Rules (Enforced via Gitea) -All repositories must have the following branch protection rules enabled on the `main` branch: +## Branch Protection & Review Policy -| Rule | Status | Applies To | -|------|--------|------------| -| Require Pull Request for merge | ✅ Enabled | All | -| Required approvals | ✅ 1+ required | All | -| Dismiss stale approvals on new commits | ✅ Enabled | All | -| Require CI to pass (where CI exists) | ⚠ Conditional | All | -| Block force pushes to `main` | ✅ Enabled | All | -| Block deletion of `main` branch | ✅ Enabled | All | +All repositories must enforce these rules on the `main` branch: -## Default Reviewer Assignments +| Rule | Status | Rationale | +|---|---|---| +| Require PR for merge | ✅ Enabled | Prevent direct commits | +| Required approvals | ✅ 1+ | Minimum review threshold | +| Dismiss stale approvals | ✅ Enabled | Re-review after new commits | +| Require CI to pass | � Conditional | Only where CI exists | +| Block force push | ✅ Enabled | Protect commit history | +| Block branch deletion | ✅ Enabled | Prevent accidental deletion | -| Repository | Required Reviewers | -|------------|------------------| -| `hermes-agent` | `@perplexity`, `@Timmy` | -| `the-nexus` | `@perplexity` | -| `timmy-home` | `@perplexity` | -| `timmy-config` | `@perplexity` | +### Repository-Specific Configuration -## CI Enforcement Status +**1. hermes-agent** +- ✅ All protections enabled +- 🔒 Required reviewer: `@Timmy` (owner gate) +- 🧪 CI: Enabled (currently functional) -| Repository | CI Status | -|------------|-----------| -| `hermes-agent` | ✅ Active | -| `the-nexus` | ⚠ CI runner pending (#915) | -| `timmy-home` | ❌ No CI | -| `timmy-config` | ❌ Limited CI | +**2. the-nexus** +- ✅ All protections enabled +- � CI: Disabled (runner dead - see #915) +- 🧪 CI: Re-enable when runner restored -## Review Workflow +**3. timmy-home** +- ✅ PR + 1 approval required +- 🧪 CI: No CI configured -### For All Contributors -- Create feature branches from `main` -- Open PR with clear description -- `@perplexity` will be automatically assigned as reviewer -- For `hermes-agent`: `@Timmy` must review critical changes +**4. timmy-config** +- ✅ PR + 1 approval required +- 🧪 CI: Limited CI -### For Maintainers -- Review all PRs within 24h -- Require at least 1 approval before merge -- Dismiss stale approvals on new commits +### Default Reviewer Assignment -## Enforcement -- Direct pushes to main: ❌ Prohibited -- Unreviewed merges: ❌ Prohibited -- Failing CI merges: ❌ Prohibited +All repositories must: +- 🧑‍ Default reviewer: `@perplexity` (QA gate) +- 🧑 Required reviewer: `@Timmy` for `hermes-agent/` only -## Exceptions -Emergency hotfixes require: -- `@Timmy` approval -- Post-merge documentation -- Follow-up PR for full review +### Implementation Steps -## Policy Enforcement -This document is the source of truth for: -- Branch protection settings -- Reviewer assignments -- Merge requirements +1. Go to Gitea > Settings > Branches > Branch Protection +2. For each repo: + - [ ] Enable "Require PR for merge" + - [ ] Set "Required approvals" to 1 + - [ ] Enable "Dismiss stale approvals" + - [ ] Enable "Block force push" + - [ ] Enable "Block branch deletion" + - [ ] Enable "Require CI to pass" if CI exists -See Gitea admin settings for each repo to verify protection rules are enabled. +### Acceptance Criteria + +- [ ] All four repositories have protection rules applied +- [ ] Default reviewers configured per matrix above +- [ ] This document updated in all repositories +- [ ] Policy enforced for 72 hours with no unreviewed merges + +> This policy replaces all previous ad-hoc workflows. Any exceptions require written approval from @Timmy and @perplexity. # Default reviewer for all repositories * @perplexity