Add CODEOWNERS and document branch protection rules #45
Description
Problem
There is no CODEOWNERS file, so PRs don't automatically request reviews from the right people. Branch protection rules for main are either not set or not documented, leaving the main branch vulnerable to force pushes or unreviewed merges.
Scope of Work
1. Create .github/CODEOWNERS
Define code ownership for automatic PR review requests:
# Default owner for everything
* @The-Read-Onlys/maintainers
# Frontend
src/ @The-Read-Onlys/frontend
src/components/catalyst/ @The-Read-Onlys/frontend
# Backend
backend/ @The-Read-Onlys/backend
# CI/CD
.github/ @The-Read-Onlys/maintainers
Adjust teams/usernames to match actual GitHub team structure.
2. Document recommended branch protection rules
Add a section to README or a new docs/branch-protection.md documenting the recommended settings for the main branch:
- Require PR reviews before merging (1 reviewer minimum)
- Require status checks to pass (CI workflow)
- Require branches to be up to date before merging
- Require conversation resolution before merging
- Do not allow force pushes
- Do not allow deletions
3. Apply branch protection (manual step)
Branch protection must be configured in GitHub Settings > Branches. Document the steps so a repo admin can apply them.
Acceptance Criteria
-
.github/CODEOWNERSexists with appropriate ownership mappings - CODEOWNERS syntax is valid (test by creating a PR and verifying reviewers are requested)
- Branch protection rules are documented in the repository
- Documentation includes step-by-step instructions for a repo admin to apply the rules
- Required status checks reference the actual CI workflow name