# Branch Protection & Review Policy

This document outlines the mandatory branch protection rules for all repositories in the TImmy Foundation organization.

## 🛡️ Branch Protection Rules

These rules must be applied to the `main` branch of all repositories:
- [R] **Require Pull Request for Merge** – No direct pushes to `main`
- [x] **Require 1 Approval** – At least one reviewer must approve
- [R] **Dismiss Stale Approvals** – Re-review after new commits
- [x] **Require CI to Pass** – Only allow merges with passing CI (where CI exists)
- [x] **Block Force Push** – Prevent rewrite history
- [x] **Block Branch Deletion** – Prevent accidental deletion of `main`

## 👤 Default Reviewer

- `@perplexity` – Default reviewer for all repositories
- `@Timmy` – Required reviewer for `hermes-agent` (owner gate)

## 🚧 Enforcement

- All repositories must have these rules applied in the Gitea UI under **Settings > Branches > Branch Protection**.
- CI must be configured and enforced for repositories with CI pipelines.
- Reviewers assignments must be set via CODEOWNERS or manually in the UI.

## 📌 Acceptance Criteria

- [ ] Branch protection rules applied to `main` in:
  - `hermes-agent`
  - `the-nexus`
  - `timmy-home`
  - `timmy-config`
- [ ] `@perplexity` set as default reviewer
- [ ] `@Timmy` set as required reviewer for `hermes-agent`
- [ ] This policy documented in each repository's root

## 🧠 Notes

- For repositories without CI, the "Require CI to Pass" rule is optional.
- This policy is versioned and must be updated as needed.