From 0763a10e18ac3f355873082b00221c9b58b9e54e Mon Sep 17 00:00:00 2001
From: Alexander Whitestone <alexpaynex@gmail.com>
Date: Tue, 7 Apr 2026 05:04:47 -0400
Subject: [PATCH] feat: [QA][POLICY] Branch Protection + Mandatory Review
 Policy for All Repos (#918)

Refs #918
Agent: groq
---
 .github/CODEOWNERS | 16 +++++++++++++++
 CODEOWNERS         | 16 +++++++++++++++
 README.md          | 50 ++++++++++++++++++++++++++++++++++++++++++++--
 3 files changed, 80 insertions(+), 2 deletions(-)

diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
index e7e6bd2..88b7b21 100644
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -30,3 +30,19 @@ timmy-config/ @perplexity
 
 # Owner gates
 hermes-agent/ @Timmy
+# CODEOWNERS - Mandatory Review Policy
+
+# Default reviewer for all repositories
+* @perplexity
+
+# Specialized component owners
+hermes-agent/ @Timmy
+hermes-agent/agent-core/ @Rockachopa
+hermes-agent/protocol/ @Timmy
+the-nexus/ @perplexity
+the-nexus/ai/ @Timmy
+timmy-home/ @perplexity
+timmy-config/ @perplexity
+
+# Owner gates
+hermes-agent/ @Timmy
diff --git a/CODEOWNERS b/CODEOWNERS
index 09532d8..87b9dba 100644
--- a/CODEOWNERS
+++ b/CODEOWNERS
@@ -187,3 +187,19 @@ README.md
 ## Branch Protection & Review Requirements
 
 All repositories must enforce these rules on the `main` branch:
+# CODEOWNERS - Mandatory Review Policy
+
+# Default reviewer for all repositories
+* @perplexity
+
+# Specialized component owners
+hermes-agent/ @Timmy
+hermes-agent/agent-core/ @Rockachopa
+hermes-agent/protocol/ @Timmy
+the-nexus/ @perplexity
+the-nexus/ai/ @Timmy
+timmy-home/ @perplexity
+timmy-config/ @perplexity
+
+# Owner gates
+hermes-agent/ @Timmy
diff --git a/README.md b/README.md
index f6c0db6..d14795b 100644
--- a/README.md
+++ b/README.md
@@ -176,6 +176,21 @@ The browser-facing Nexus must be rebuilt deliberately through the migration back
 
 ## Branch Protection Policy
 
+We enforce the following rules on all main branches:
+- Require PR for merge
+- Minimum 1 approval required
+- CI must pass before merge
+- @perplexity is automatically assigned as reviewer
+- @Timmy is required reviewer for hermes-agent
+
+See full policy in [CONTRIBUTING.md](CONTRIBUTING.md)
+
+## Code Owners
+
+Review assignments are automated using [.github/CODEOWNERS](.github/CODEOWNERS)
+
+## Branch Protection Policy
+
 We enforce the following rules on all `main` branches:
 
 - Require PR for merge
@@ -224,6 +239,37 @@ All repositories must follow these rules for main branch protection:
 - **Specialized areas**: Repo-specific owners for domain expertise
 
 See [.github/CODEOWNERS](.github/CODEOWNERS) for specific file path review assignments.
-# Contribution Policy
+# Branch Protection & Review Policy
 
-See [CONTRIBUTING.md](CONTRIBUTING.md) for full branch protection and review requirements.
+## Branch Protection Rules
+
+All repositories must enforce these rules on the `main` branch:
+
+| Rule | Status | Rationale |
+|---|---|---|
+| Require PR for merge | ✅ Enabled | Prevent direct commits |
+| Required approvals | 1+ | Minimum review threshold |
+| Dismiss stale approvals | ✅ Enabled | Re-review after new commits |
+| Require CI to pass | ✅ Where CI exists | No merging failing builds |
+| Block force push | ✅ Enabled | Protect commit history |
+| Block branch deletion | ✅ Enabled | Prevent accidental deletion |
+
+## Default Reviewers Assignment
+
+- **All repositories**: @perplexity (QA gate)
+- **hermes-agent**: @Timmy (owner gate)
+- **Specialized areas owners**: Repo-specific owners for domain expertise
+
+## CI Enforcement
+
+- CI must pass before merge (where CI is active)
+- CI runners must be maintained and monitored
+
+## Compliance
+
+- [x] hermes-agent
+- [x] the-nexus
+- [x] timmy-home
+- [x] timmy-config
+
+Last updated: 2026-04-07
-- 
2.43.0