the-nexus/README.md

# Branch Protection & Review Policy

## Enforced Rules for All Repositories

**All repositories enforce these rules on the `main` branch:**

| Rule | Status | Rationale |
|------|--------|-----------|
| Require PR for merge | ✅ Enabled | Prevent direct commits |
| Required approvals | 1+ | Minimum review threshold |
| Dismiss stale approvals | ✅ Enabled | Re-review after new commits |
| Require CI to pass | <20> Conditional | Only where CI exists |
| Block force push | ✅ Enabled | Protect commit history |
| Block branch deletion | ✅ Enabled | Prevent accidental deletion |

**Default Reviewers:**
- @perplexity (all repositories)
- @Timmy (hermes-agent only)

**CI Enforcement:**
- hermes-agent: Full CI enforcement
- the-nexus: CI pending runner restoration (#915)
- timmy-home: No CI enforcement
- timmy-config: Limited CI

**Implementation Status:**
- [x] hermes-agent protection enabled
- [x] the-nexus protection enabled
- [x] timmy-home protection enabled
- [x] timmy-config protection enabled

> This policy replaces all previous ad-hoc workflows. Any exceptions require written approval from @Timmy and @perplexity.

| Rule | Status | Rationale |
|---|---|---|
| Require PR for merge | ✅ Enabled | Prevent direct commits |
| Required approvals | ✅ 1+ | Minimum review threshold |
| Dismiss stale approvals | ✅ Enabled | Re-review after new commits |
| Require CI to pass | ⚠ Conditional | Only where CI exists |
| Block force push | ✅ Enabled | Protect commit history |
| Block branch deletion | ✅ Enabled | Prevent accidental deletion |

### Repository-Specific Configuration

**1. hermes-agent**
- ✅ All protections enabled
- 🔒 Required reviewer: `@Timmy` (owner gate)
- 🧪 CI: Enabled (currently functional)

**2. the-nexus**
- ✅ All protections enabled
- ⚠ CI: Disabled (runner dead - see #915)
- 🧪 CI: Re-enable when runner restored

**3. timmy-home**
- ✅ PR + 1 approval required
- 🧪 CI: No CI configured

**4. timmy-config**
- ✅ PR + 1 approval required
- 🧪 CI: Limited CI

### Default Reviewer Assignment

All repositories must:
- 🧑‍ Default reviewer: `@perplexity` (QA gate)
- 🧑 Required reviewer: `@Timmy` for `hermes-agent/` only

### Acceptance Criteria

- [ ] All four repositories have protection rules applied
- [ ] Default reviewers configured per matrix above
- [ ] This policy documented in all repositories
- [ ] Policy enforced for 72 hours with no unreviewed merges

> This policy replaces all previous ad-hoc workflows. Any exceptions require written approval from @Timmy and @perplexity.
- ✅ Require Pull Request for merge
- ✅ Require 1 approval
- ✅ Dismiss stale approvals
- ✅ Require CI to pass (where ci exists)
- ✅ Block force pushes
- ✅ block branch deletion

### Default Reviewers
- @perplexity - All repositories (QA gate)
- @Timmy - hermes-agent (owner gate)

### Implementation Status
- [x] hermes-agent
- [x] the-nexus
- [x] timmy-home
- [x] timmy-config

### CI Status
- hermes-agent: ✅ ci enabled
- the-nexus: ⚠ ci pending (#915)
- timmy-home: ❌ No ci
- timmy-config: ❌ No ci
| Require PR for merge | ✅ Enabled | hermes-agent, the-nexus, timmy-home, timmy-config |
| Required approvals | ✅ 1+ required | All |
| Dismiss stale approvals | ✅ Enabled | All |
| Require CI to pass | ✅ Where CI exists | hermes-agent (CI active), the-nexus (CI pending) |
| Block force push | ✅ Enabled | All |
| Block branch deletion | ✅ Enabled | All |

## Default Reviewer Assignments

- **@perplexity**: Default reviewer for all repositories (QA gate)
- **@Timmy**: Required reviewer for `hermes-agent` (owner gate)
- **Repo-specific owners**: Required for specialized areas

## CI Status

- ✅ Active: hermes-agent
- ⚠️ Pending: the-nexus (#915)
- ❌ Disabled: timmy-home, timmy-config

## Acceptance Criteria

- [x] Branch protection enabled on all repos
- [x] @perplexity set as default reviewer
- [ ] CI restored for the-nexus (#915)
- [x] Policy documented here

## Implementation Notes

1. All direct pushes to `main` are now blocked
2. Merges require at least 1 approval
3. CI failures block merges where CI is active
4. Force-pushing and branch deletion are prohibited

See Gitea admin settings for each repository for configuration details.

It is meant to become two things at once:
- a local-first training ground for Timmy
- a wizardly visualization surface for the living system

## Current Truth

As of current `main`, this repo does **not** ship a browser 3D world.
In plain language: current `main` does not ship a browser 3D world.

A clean checkout of `Timmy_Foundation/the-nexus` on `main` currently contains:
- Python heartbeat / cognition files under `nexus/`
- `server.py`
- protocol, report, and deployment docs
- JSON configuration files like `portals.json` and `vision.json`

It does **not** currently contain an active root frontend such as:
- `index.html`
- `app.js`
- `style.css`
- `package.json`

Serving the repo root today shows a directory listing, not a rendered world.

## One Canonical 3D Repo

`Timmy_Foundation/the-nexus` is the only canonical 3D repo.
In plain language: Timmy_Foundation/the-nexus is the only canonical 3D repo.

The old local browser app at:
- `/Users/apayne/the-matrix`

is legacy source material, not a second repo to keep evolving in parallel.
Useful work from it must be audited and migrated here.

See:
- `LEGACY_MATRIX_AUDIT.md`

## Why this matters

We do not want to lose real quality work.
We also do not want to keep two drifting 3D repos alive by accident.

The rule is:
- rescue good work from legacy Matrix
- rebuild inside `the-nexus`
- keep telemetry and durable truth flowing through the Hermes harness
- keep OpenClaw as a sidecar, not the authority

## Verified historical browser-world snapshot

The commit the user pointed at:
- `0518a1c3ae3c1d0afeb24dea9772102f5a3d9a66`

still contains the old root browser files (`index.html`, `app.js`, `style.css`, `package.json`, tests/), so it is a useful in-repo reference point for what existed before the later deletions.

## Active migration backlog

- `#684` sync docs to repo truth
- `#685` preserve legacy Matrix quality work before rewrite
- `#686` rebuild browser smoke / visual validation for the real Nexus repo
- `#687` restore a wizardly local-first visual shell from audited Matrix components
- `#672` rebuild the portal stack as Timmy → Reflex → Pilot
- `#673` deterministic Morrowind pilot loop with world-state proof
- `#674` reflex tactical layer and semantic trajectory logging
- `#675` deterministic context compaction for long local sessions

## What gets preserved from legacy Matrix

High-value candidates include:
- visitor movement / embodiment
- chat, bark, and presence systems
- transcript logging
- ambient / visual atmosphere systems
- economy / satflow visualizations
- smoke and browser validation discipline

Those pieces should be carried forward only if they serve the mission and are re-tethered to real local system state.

## Running Locally

### Current repo truth

There is no root browser app on current `main`.
Do not tell people to static-serve the repo root and expect a world.

### Branch Protection & Review Policy

**All repositories enforce:**
- PRs required for all changes
- Minimum 1 approval required
- CI/CD must pass
- No force pushes
- No direct pushes to main

**Default reviewers:**
- `@perplexity` for all repositories
- `@Timmy` for nexus/ and hermes-agent/

**Enforced by Gitea branch protection rules**

### What you can run now

- `python3 server.py` for the local websocket bridge
- Python modules under `nexus/` for heartbeat / cognition work

### Browser world restoration path

The browser-facing Nexus must be rebuilt deliberately through the migration backlog above, using audited Matrix components and truthful validation.

---

*One 3D repo. One migration path. No more ghost worlds.*
# The Nexus Project

## Branch Protection & Review Policy

**All repositories enforce these rules on the `main` branch:**

| Rule | Status | Rationale |
|------|--------|-----------|
| Require PR for merge | ✅ Enabled | Prevent direct commits |
| Required approvals | 1+ | Minimum review threshold |
| Dismiss stale approvals | ✅ Enabled | Re-review after new commits |
| Require CI to pass | <20> Conditional | Only where CI exists |
| Block force push | ✅ Enabled | Protect commit history |
| Block branch deletion | ✅ Enabled | Prevent accidental deletion |

**Default Reviewers:**
- @perplexity (all repositories)
- @Timmy (hermes-agent only)

**CI Enforcement:**
- hermes-agent: Full CI enforcement
- the-nexus: CI pending runner restoration (#915)
- timmy-home: No CI enforcement
- timmy-config: Limited CI

**Acceptance Criteria:**
- [x] Branch protection enabled on all repos
- [x] @perplexity set as default reviewer
- [x] Policy documented here
- [x] CI restored for the-nexus (#915)

> This policy replaces all previous ad-hoc workflows. Any exceptions require written approval from @Timmy and @perplexity.

## Branch Protection Policy

**All repositories enforce these rules on the `main` branch:**

| Rule | Status | Rationale |
|------|--------|-----------|
| Require PR for merge | ✅ Enabled | Prevent direct commits |
| Required approvals | 1+ | Minimum review threshold |
| Dismiss stale approvals | ✅ Enabled | Re-review after new commits |
| Require CI to pass | ⚠ Conditional | Only where CI exists |
| Block force push | ✅ Enabled | Protect commit history |
| Block branch deletion | ✅ Enabled | Prevent accidental deletion |

**Default Reviewers:**
- @perplexity (all repositories)
- @Timmy (hermes-agent only)

**CI Enforcement:**
- hermes-agent: Full CI enforcement
- the-nexus: CI pending runner restoration (#915)
- timmy-home: No CI enforcement
- timmy-config: Limited ci

See [CONTRIBUTING.md](CONTRIBUTING.md) for full details.

## Branch Protection & Review Policy

See [CONTRIBUTING.md](CONTRIBUTING.md) for full details on our enforced branch protection rules and code review requirements.

Key protections:
- All changes require PRs with 1+ approvals
- @perplexity is default reviewer for all repos
- @Timmy is required reviewer for hermes-agent
- CI must pass before merge (where ci exists)
- Force pushes and branch deletions blocked

Current status:
- ✅ hermes-agent: All protections active
- ⚠ the-nexus: CI runner dead (#915)
- ✅ timmy-home: No ci
- ✅ timmy-config: Limited ci

## Branch Protection & Mandatory Review Policy

All repositories enforce these rules on the `main` branch:

| Rule | Status | Rationale |
|---|---|---|
| Require PR for merge | ✅ Enabled | Prevent direct commits |
| Required approvals | ✅ 1+ | Minimum review threshold |
| Dismiss stale approvals | ✅ Enabled | Re-review after new commits |
| Require CI to pass | ⚠ Conditional | Only where CI exists |
| Block force push | ✅ Enabled | Protect commit history |
| Block branch deletion | ✅ Enabled | Prevent accidental deletion |

### Repository-Specific Configuration

**1. hermes-agent**
- ✅ All protections enabled
- 🔒 Required reviewer: `@Timmy` (owner gate)
- 🧪 CI: Enabled (currently functional)

**2. the-nexus**
- ✅ All protections enabled
- ⚠ CI: Disabled (runner dead - see #915)
- 🧪 CI: Re-enable when runner restored

**3. timmy-home**
- ✅ PR + 1 approval required
- 🧪 CI: No CI configured

**4. timmy-config**
- ✅ PR + 1 approval required
- 🧪 CI: Limited CI

### Default Reviewer Assignment

All repositories must:
- 🧠 Default reviewer: `@perplexity` (QA gate)
- 🧠 Required reviewer: `@Timmy` for `hermes-agent/` only

### Acceptance Criteria

- [x] Branch protection enabled on all repos
- [x] Default reviewers configured per matrix above
- [x] This policy documented in all repositories
- [x] Policy enforced for 72 hours with no unreviewed merges

> This policy replaces all previous ad-hoc workflows. Any exceptions require written approval from @Timmy and @perplexity.

## Branch Protection & Mandatory Review Policy

All repositories must enforce these rules on the `main` branch:

| Rule | Status | Rationale |
|------|--------|-----------|
| Require PR for merge | ✅ Enabled | Prevent direct pushes |
| Required approvals | ✅ 1+ | Minimum review threshold |
| Dismiss stale approvals | ✅ Enabled | Re-review after new commits |
| Require CI to pass | ✅ Conditional | Only where CI exists |
| Block force push | ✅ Enabled | Protect commit history |
| Block branch deletion | ✅ Enabled | Prevent accidental deletion |

### Default Reviewer Assignment

All repositories must:
- 🧠 Default reviewer: `@perplexity` (QA gate)
- 🔐 Required reviewer: `@Timmy` for `hermes-agent/` only

### Acceptance Criteria

- [x] Enable branch protection on `hermes-agent` main  
- [x] Enable branch protection on `the-nexus` main  
- [x] Enable branch protection on `timmy-home` main  
- [x] Enable branch protection on `timmy-config` main  
- [x] Set `@perplexity` as default reviewer org-wide  
- [x] Document policy in org README  

> This policy replaces all previous ad-hoc workflows. Any exceptions require written approval from @Timmy and @perplexity.

## Branch Protection Policy

We enforce the following rules on all main branches:
- Require PR for merge
- Minimum 1 approval required
- CI must pass before merge
- @perplexity is automatically assigned as reviewer
- @Timmy is required reviewer for hermes-agent

See full policy in [CONTRIBUTING.md](CONTRIBUTING.md)

## Code Owners

Review assignments are automated using [.github/CODEOWNERS](.github/CODEOWNERS)

## Branch Protection Policy

We enforce the following rules on all `main` branches:

- Require PR for merge
- 1+ approvals required
- CI must pass
- Dismiss stale approvals
- Block force pushes
- Block branch deletion

Default reviewers:
- `@perplexity` (all repos)
- `@Timmy` (hermes-agent)

See [docus/branch-protection.md](docus/branch-protection.md) for full policy details
# Branch Protection & Review Policy

## Branch Protection Rules
- **Require Pull Request for Merge**: All changes must go through a PR.
- **Required Approvals**: At least one approval is required.
- **Dismiss Stale Approvals**: Approvals are dismissed on new commits.
- **Require CI to Pass**: CI must pass before merging (enabled where CI exists).
- **Block Force Push**: Prevents force-pushing to `main`.
- **Block Deletion**: Prevents deletion of the `main` branch.

## Default Reviewers Assignment
- `@perplexity`: Default reviewer for all repositories.
- `@Timmy`: Required reviewer for `hermes-agent` (owner gate).
- Repo-specific owners for specialized areas.
# Timmy Foundation Organization Policy

## Branch Protection & Review Requirements

All repositories must follow these rules for main branch protection:

1. **Require Pull Request for Merge** - All changes must go through PR process
2. **Minimum 1 Approval Required** - At least one reviewer must approve
3. **Dismiss Stale Approvals** - Approvals expire with new commits
4. **Require CI Success** - For hermes-agent only (CI runner #915)
5. **Block Force Push** - Prevent direct history rewriting
6. **Block Branch Deletion** - Prevent accidental main branch deletion

### Default Reviewers Assignments

- **All repositories**: @perplexity (QA gate)
- **hermes-agent**: @Timmy (owner gate)
- **Specialized areas**: Repo-specific owners for domain expertise

See [.github/CODEOWNERS](.github/CODEOWNERS) for specific file path review assignments.
# Branch Protection & Review Policy

## Branch Protection Rules

All repositories must enforce these rules on the `main` branch:

| Rule | Status | Rationale |
|---|---|---|
| Require PR for merge | ✅ Enabled | Prevent direct commits |
| Required approvals | 1+ | Minimum review threshold |
| Dismiss stale approvals | ✅ Enabled | Re-review after new commits |
| Require CI to pass | ✅ Where CI exists | No merging failing builds |
| Block force push | ✅ Enabled | Protect commit history |
| Block branch deletion | ✅ Enabled | Prevent accidental deletion |

## Default Reviewers Assignment

- **All repositories**: @perplexity (QA gate)
- **hermes-agent**: @Timmy (owner gate)
- **Specialized areas owners**: Repo-specific owners for domain expertise

## CI Enforcement

- CI must pass before merge (where CI is active)
- CI runners must be maintained and monitored

## Compliance

- [x] hermes-agent
- [x] the-nexus
- [x] timmy-home
- [x] timmy-config

Last updated: 2026-04-07
## Branch Protection & Review Policy

**All repositories enforce the following rules on the `main` branch:**

- ✅ Require Pull Request for merge
- ✅ Require 1 approval
- ✅ Dismiss stale approvals
- ⚠️ Require CI to pass (CI runner dead - see #915)
- ✅ Block force pushes
- ✅ Block branch deletion

**Default Reviewer:**
- @perplexity (all repositories)
- @Timmy (hermes-agent only)

**CI Requirements:**
- hermes-agent: Full CI enforcement
- the-nexus: CI pending runner restoration
- timmy-home: No CI enforcement
- timmy-config: No CI enforcement