# PR Reviewer Assignment Policy

**Effective: 2026-04-07** — Established after org-wide PR hygiene audit (issue #916).

## Rule: Every PR must have at least one reviewer assigned before merge.

No exceptions. Unreviewed PRs will not be merged.

## Who to assign

| PR type | Default reviewer |
|---|---|
| Security / auth changes | @perplexity |
| Infrastructure / fleet | @perplexity |
| Sovereignty / local inference | @perplexity |
| Documentation | any team member |
| Agent-generated PRs | @perplexity |

When in doubt, assign @perplexity.

## Why this policy exists

Audit on 2026-04-07 found 5 open PRs across the org — zero had a reviewer assigned.
Two PRs containing critical security and sovereignty work (hermes-agent #131, #170) drifted
400+ commits from `main` and became unmergeable because nobody reviewed them while main advanced.

The cost: weeks of rebase work to rescue two commits of actual changes.

## PR hygiene rules

1. **Assign a reviewer on open.** Don't open a PR without a reviewer.
2. **Rebase within 2 weeks.** If a PR sits for 2 weeks, rebase it or close it.
3. **Close zombie PRs.** A PR with 0 commits ahead of base should be closed immediately.
4. **Cherry-pick, don't rebase 400 commits.** When a branch drifts far, extract the actual
   changes onto a fresh branch rather than rebasing the entire history.

## Enforcement

Agent-opened PRs (Timmy, Claude, etc.) must include `reviewers` in the PR creation payload.
The forge API accepts `"reviewers": ["perplexity"]` in the PR body.

See: issue #916 for the audit that established this policy.