# Branch Protection Rules for All Repositories # Applied to main branch in all repositories rules: # Common base rules applied to all repositories base: required_status_checks: strict: true contexts: - "ci/unit-tests" - "ci/integration" required_pull_request_reviews: required_approving_review_count: 1 dismiss_stale_reviews: true require_code_owner_reviews: true restrictions: team_whitelist: - perplexity - timmy-core block_force_pushes: true block_create: false block_delete: true # Repository-specific overrides hermes-agent: <<: *base required_status_checks: contexts: - "ci/unit-tests" - "ci/integration" - "ci/performance" the-nexus: <<: *base required_status_checks: contexts: [] strict: false timmy-home: <<: *base required_status_checks: contexts: [] strict: false timmy-config: <<: *base required_status_checks: contexts: [] strict: false >>>>>>> replace ``` .github/CODEOWNERS ```txt <<<<<<< search # CODEOWNERS - Mandatory Review Policy # Default reviewer for all repositories * @perplexity # Specialized component owners hermes-agent/ @Timmy hermes-agent/agent-core/ @Rockachopa hermes-agent/protocol/ @Timmy the-nexus/ @perplexity the-nexus/ai/ @Timmy timmy-home/ @perplexity timmy-config/ @perplexity # Owner gates hermes-agent/ @Timmy # Owner gates for critical systems hermes-agent/ @Timmy # Owner gates hermes-agent/ @Timmy # QA reviewer for all PRs * @perplexity # Specialized component owners hermes-agent/agent-core/ @Rockachopa hermes-agent/protocol/ @Timmy the-nexus/portals/ @perplexity the-nexus/ai/ @Timmy >>>>>>> replace ``` CONTRIBUTING.md ```diff <<<<<<< search # Contribution & Code Review Policy ## Branch Protection & Mandatory Review Policy **Enforced rules for all repositories:** | Rule | Status | Rationale | |------|--------|-----------| | Require PR for merge | ✅ Enabled | Prevent direct commits | | Required approvals | 1+ | Minimum review threshold | | Dismiss stale approvals | ✅ Enabled | Re-review after new commits | | Require CI to pass | ⚠ Conditional | Only where CI exists | | Block force push | ✅ Enabled | Protect commit history | | Block branch deletion | ✅ Enabled | Prevent accidental deletion | **Default Reviewers:** - @perplexity (all repositories - QA gate) - @Timmy (hermes-agent only - owner gate) **CI Enforcement:** - hermes-agent: Full CI enforcement - the-nexus: CI pending runner restoration (#915) - timmy-home: No CI enforcement - timmy-config: Limited CI **Implementation Status:** - [x] hermes-agent protection enabled - [x] the-nexus protection enabled - [x] timmy-home protection enabled - [x] timmy-config protection enabled > This policy replaces all previous ad-hoc workflows. Any exceptions require written approval from @Timmy and @perplexity. | Rule | Status | Rationale | |---|---|---| | Require PR for merge | ✅ Enabled | Prevent direct commits | | Required approvals | ✅ 1+ | Minimum review threshold | | Dismiss stale approvals | ✅ Enabled | Re-review after new commits | | Require CI to pass | � Conditional | Only where CI exists | | Block force push | ✅ Enabled | Protect commit history | | Block branch deletion | ✅ Enabled | Prevent accidental deletion | ### Repository-Specific Configuration **1. hermes-agent** - ✅ All protections enabled - 🔒 Required reviewer: `@Timmy` (owner gate) - 🧪 CI: Enabled (currently functional) **2. the-nexus** - ✅ All protections enabled - � CI: Disabled (runner dead - see #915) - 🧪 CI: Re-enable when runner restored **3. timmy-home** - ✅ PR + 1 approval required - 🧪 CI: No CI configured **4. timmy-config** - ✅ PR + 1 approval required - 🧪 CI: Limited CI ### Default Reviewer Assignment All repositories must: - 🧑‍ Default reviewer: `@perplexity` (QA gate) - 🧑 Required reviewer: `@Timmy` for `hermes-agent/` only ### Implementation Steps 1. Go to Gitea > Settings > Branches > Branch Protection 2. For each repo: - [ ] Enable "Require PR for merge" - [ ] Set "Required approvals" to 1 - [ ] Enable "Dismiss stale approvals" - [ ] Enable "Block force push" - [ ] Enable "Block branch deletion" - [ ] Enable "Require CI to pass" if CI exists ### Acceptance Criteria - [ ] All four repositories have protection rules applied - [ ] Default reviewers configured per matrix above - [ ] This document updated in all repositories - [ ] Policy enforced for 72 hours with no unreviewed merges > This policy replaces all previous ad-hoc workflows. Any exceptions require written approval from @Timmy and @perplexity. # Default reviewer for all repositories * @perplexity # Specialized component owners hermes-agent/ @Timmy hermes-agent/agent-core/ @Rockachopa hermes-agent/protocol/ @Timmy the-nexus/ @perplexity the-nexus/ai/ @Timmy timmy-home/ @perplexity timmy-config/ @perplexity >>>>>>> replace ```` --- ### ✅ Updated `README.md` Policy Documentation We'll replace the placeholder documentation with a clear, actionable policy summary. `README.md` ```` <<<<<<< search # Specialized component owners hermes-agent/ @Timmy hermes-agent/protocol/ @Timmy the-nexus/portals/ @perplexity the-nexus/ai/ @Timmy # Specialized component owners hermes-agent/agent-core/ @Rockachopa hermes-agent/protocol/ @Timmy the-nexus/portals/ @perplexity the-nexus/ai/ @Timmy # CODEOWNERS - Mandatory Review Policy # Default reviewer for all repositories * @perplexity # Specialized component owners hermes-agent/ @Timmy hermes-agent/protocol/ @Timmy the-nexus/ @perplexity the-nexus/ai/ @Timmy timmy-home/ @perplexity timmy-config/ @perplexity # Owner gates hermes-agent/ @Timmy # CODEOWNERS - Mandatory Review Policy # Default reviewer for all repositories * @perplexity # Specialized component owners hermes-agent/ @Timmy hermes-agent/agent-core/ @Rockachopa hermes-agent/protocol/ @Timmy the-nexus/ @perplexity the-nexus/ai/ @Timmy timmy-home/ @perplexity timmy-config/ @perplexity # Owner gates hermes-agent/ @Timmy >>>>>>> replace README.md <<<<<<< search # The Nexus Project # CODEOWNERS - Mandatory Review Policy # Default reviewer for all repositories * @perplexity # Specialized component owners hermes-agent/ @Timmy hermes-agent/agent-core/ @Rockachopa hermes-agent/protocol/ @Timmy the-nexus/ @perplexity the-nexus/ai/ @Timmy timmy-home/ @perplexity timmy-config/ @perplexity >>>>>>> replace ``` README.md ```markdown <<<<<<< search # Nexus Organization Policy ## Branch Protection & Review Requirements All repositories must enforce these rules on the `main` branch: # CODEOWNERS - Mandatory Review Policy # Default reviewer for all repositories * @perplexity # Specialized component owners hermes-agent/ @Timmy hermes-agent/agent-core/ @Rockachopa hermes-agent/protocol/ @Timmy the-nexus/ @perplexity the-nexus/ai/ @Timmy timmy-home/ @perplexity timmy-config/ @perplexity # Owner gates hermes-agent/ @Timmy # CODEOWNERS - Mandatory Review Policy # Default reviewer for all repositories * @perplexity # Specialized component owners hermes-agent/ @Timmy hermes-agent/agent-core/ @Rockachopa hermes-agent/protocol/ @Timmy the-nexus/ @perplexity the-nexus/ai/ @Timmy timmy-home/ @perplexity timmy-config/ @perplexity # CODEOWNERS - Mandatory Review Policy # Default reviewer for all repositories * @perplexity # Specialized component owners hermes-agent/ @Timmy hermes-agent/agent-core/ @Rockachopa hermes-agent/protocol/ @Timmy the-nexus/ @perplexity the-nexus/ai/ @Timmy timmy-home/ @perplexity timmy-config/ @perplexity # Owner gates hermes-agent/ @Timmy # CODEOWNERS - Mandatory Review Policy # Default reviewer for all repositories * @perplexity # Specialized component owners hermes-agent/ @Timmy hermes-agent/agent-core/ @Rockachopa hermes-agent/protocol/ @Timmy the-nexus/ @perplexity the-nexus/ai/ @Timmy timmy-home/ @perplexity timmy-config/ @perplexity