# Branch Protection & Mandatory Review Policy

## Overview

This policy ensures that all changes to the `main` branch are reviewed and tested before being merged. It applies to all repositories in the organization.

## Enforced Rules

| Rule | Description |
|------|-------------|
| ✅ Require Pull Request | Direct pushes to `main` are blocked |
| ✅ Require 1 Approval | At least one reviewer must approve |
| ✅ Dismiss Stale Approvals | Approvals are dismissed on new commits |
| ✅ Require CI to Pass | Merges are blocked if CI fails |
| ✅ Block Force Push | Prevents rewriting of `main` history |
| ✅ Block Branch Deletion | Prevents accidental deletion of `main` |

## Default Reviewers

- `@perplexity` is the default reviewer for all repositories
- `@Timmy` is a required reviewer for `hermes-agent`

## Compliance

This policy is enforced via automation using the `bin/enforce_branch_protection.py` script, which applies these rules to all repositories.

## Exceptions

No exceptions are currently defined. All repositories must comply with this policy.

## Audit

This policy is audited quarterly to ensure compliance and effectiveness.