feat: implement comprehensive branch protection rules

- Added CODEOWNERS file for mandatory code reviews
- Created branch protection configuration for main and develop branches
- Added automated setup script for branch protection rules
- Created PR template with quality gate checklist
- Added issue templates for bugs and feature requests
- Comprehensive documentation for branch protection setup

Quality gates enforced:
- Required status checks: lint, build, test, security, performance
- Mandatory PR reviews with code owner approval
- Conversation resolution required
- Force pushes and deletions disabled
- Admin enforcement enabled for main branch

This ensures all code changes go through proper quality validation before merge.

Author: d-oit

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,38 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: '[BUG] '
+labels: bug
+assignees: ''
+
+---
+
+## 🐛 Bug Description
+A clear and concise description of what the bug is.
+
+## 🔄 To Reproduce
+Steps to reproduce the behavior:
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+## ✅ Expected behavior
+A clear and concise description of what you expected to happen.
+
+## 📸 Screenshots
+If applicable, add screenshots to help explain your problem.
+
+## 🖥️ Environment
+- OS: [e.g. Ubuntu 22.04, Windows 11, macOS 13]
+- Rust version: [e.g. 1.75.0]
+- Code Guardian version: [e.g. 0.1.0]
+
+## 📋 Additional context
+Add any other context about the problem here.
+
+## 🔍 Quality Gate Impact
+- [ ] This bug affects build process
+- [ ] This bug affects test execution
+- [ ] This bug affects security scanning
+- [ ] This bug affects performance

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,40 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: '[FEATURE] '
+labels: enhancement
+assignees: ''
+
+---
+
+## 🚀 Feature Description
+A clear and concise description of what the feature is.
+
+## 💡 Motivation
+Is your feature request related to a problem? Please describe.
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+## 📝 Proposed Solution
+A clear and concise description of what you want to happen.
+
+## 🔄 Alternatives Considered
+A clear and concise description of any alternative solutions or features you've considered.
+
+## 📋 Implementation Checklist
+- [ ] Core logic implementation
+- [ ] Unit tests added
+- [ ] Integration tests added
+- [ ] Documentation updated
+- [ ] Performance impact assessed
+- [ ] Security implications reviewed
+
+## 🎯 Quality Gates
+How will this feature be tested?
+- [ ] Linting requirements met
+- [ ] Build process updated (if needed)
+- [ ] Test coverage maintained
+- [ ] Security scanning passes
+- [ ] Performance benchmarks updated (if applicable)
+
+## 📋 Additional context
+Add any other context or screenshots about the feature request here.

.github/branch-protection-config.json

@@ -0,0 +1,59 @@
+{
+  "main": {
+    "required_status_checks": {
+      "strict": true,
+      "contexts": [
+        "Test (ubuntu-latest, stable)",
+        "Test (windows-latest, stable)", 
+        "Test (macos-latest, stable)",
+        "Coverage",
+        "Security Audit",
+        "Performance Benchmark",
+        "CodeQL / Analyze (rust)",
+        "CodeQL / Analyze (javascript)",
+        "Lint",
+        "Build"
+      ]
+    },
+    "enforce_admins": true,
+    "required_pull_request_reviews": {
+      "required_approving_review_count": 1,
+      "dismiss_stale_reviews": true,
+      "require_code_owner_reviews": true,
+      "require_last_push_approval": false
+    },
+    "restrictions": null,
+    "allow_force_pushes": false,
+    "allow_deletions": false,
+    "block_creations": false,
+    "required_conversation_resolution": true,
+    "lock_branch": false,
+    "allow_fork_syncing": true
+  },
+  "develop": {
+    "required_status_checks": {
+      "strict": true,
+      "contexts": [
+        "Test (ubuntu-latest, stable)",
+        "Coverage",
+        "Security Audit",
+        "Lint",
+        "Build"
+      ]
+    },
+    "enforce_admins": false,
+    "required_pull_request_reviews": {
+      "required_approving_review_count": 1,
+      "dismiss_stale_reviews": true,
+      "require_code_owner_reviews": false,
+      "require_last_push_approval": false
+    },
+    "restrictions": null,
+    "allow_force_pushes": false,
+    "allow_deletions": false,
+    "block_creations": false,
+    "required_conversation_resolution": true,
+    "lock_branch": false,
+    "allow_fork_syncing": true
+  }
+}

.github/pull_request_template.md

@@ -0,0 +1,51 @@
+## Pull Request Checklist
+
+### 🔍 Quality Gates
+Please ensure all quality gates pass before requesting review:
+
+- [ ] **Lint**: Code passes `cargo fmt` and `cargo clippy` checks
+- [ ] **Build**: All crates build successfully (`cargo build --workspace`)
+- [ ] **Test**: All tests pass (`cargo test --workspace`)
+- [ ] **Security**: No security vulnerabilities detected
+- [ ] **Performance**: Performance impact assessed (if applicable)
+- [ ] **Documentation**: Code is properly documented
+
+### 📝 Description
+<!-- Provide a brief description of the changes -->
+
+### 🎯 Type of Change
+- [ ] Bug fix (non-breaking change which fixes an issue)
+- [ ] New feature (non-breaking change which adds functionality)
+- [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
+- [ ] Documentation update
+- [ ] Performance improvement
+- [ ] Security enhancement
+
+### 🧪 Testing
+<!-- Describe the tests you ran and how to reproduce them -->
+
+- [ ] Unit tests added/updated
+- [ ] Integration tests added/updated
+- [ ] Manual testing performed
+
+### 📚 Documentation
+- [ ] Code comments added/updated
+- [ ] API documentation updated
+- [ ] User documentation updated (if applicable)
+- [ ] CHANGELOG.md updated
+
+### 🔒 Security Considerations
+- [ ] No sensitive data exposed
+- [ ] Security implications reviewed
+- [ ] Dependencies are secure and up-to-date
+
+### 📋 Additional Notes
+<!-- Any additional information, breaking changes, or considerations -->
+
+---
+
+**By submitting this PR, I confirm that:**
+- [ ] I have read and followed the contributing guidelines
+- [ ] My code follows the project's style guidelines
+- [ ] I have performed a self-review of my own code
+- [ ] All quality gates are passing

CODEOWNERS

@@ -0,0 +1,26 @@
+# Global code owners for the code-guardian project
+# These users will be requested for review when anyone opens a pull request
+
+# Global owners - will be requested for review on all files
+* @d-oit
+
+# Core library changes require core team review
+/crates/core/ @d-oit
+
+# CLI changes require CLI maintainer review  
+/crates/cli/ @d-oit
+
+# GitHub workflows and CI/CD require DevOps review
+/.github/ @d-oit
+/scripts/ @d-oit
+/Makefile @d-oit
+
+# Documentation changes
+/docs/ @d-oit
+/README.md @d-oit
+/CONTRIBUTING.md @d-oit
+
+# Security and configuration files
+/deny.toml @d-oit
+/Cargo.toml @d-oit
+/.gitignore @d-oit

docs/BRANCH_PROTECTION_SETUP.md

@@ -0,0 +1,145 @@
+# Branch Protection Setup Guide
+
+This guide provides instructions for setting up branch protection rules to enforce the quality gates in the code-guardian project.
+
+## 🎯 Overview
+
+Branch protection rules ensure that all code changes go through proper quality gates before being merged into protected branches. This maintains code quality, security, and stability.
+
+## 🔧 Automated Setup
+
+### Prerequisites
+- GitHub CLI (`gh`) installed and authenticated
+- Repository admin permissions
+- All workflows successfully running
+
+### Quick Setup
+```bash
+# Run the automated setup script
+./scripts/setup-branch-protection.sh
+```
+
+## 📱 Manual Setup (GitHub Web Interface)
+
+If the automated script fails due to permissions, follow these manual steps:
+
+### 1. Navigate to Branch Settings
+1. Go to your repository on GitHub
+2. Click **Settings** tab
+3. Click **Branches** in the left sidebar
+
+### 2. Configure Main Branch Protection
+
+Click **Add rule** or edit existing rule for `main` branch:
+
+#### Required Status Checks
+- ✅ **Require status checks to pass before merging**
+- ✅ **Require branches to be up to date before merging**
+
+**Required checks:**
+- `Test (ubuntu-latest, stable)`
+- `Test (windows-latest, stable)`
+- `Test (macos-latest, stable)`
+- `Coverage`
+- `Security Audit`
+- `Performance Benchmark`
+- `CodeQL / Analyze (rust)`
+- `CodeQL / Analyze (javascript)`
+- `Lint`
+- `Build`
+
+#### Pull Request Reviews
+- ✅ **Require a pull request before merging**
+- ✅ **Require approvals: 1**
+- ✅ **Dismiss stale reviews when new commits are pushed**
+- ✅ **Require review from code owners**
+
+#### Additional Settings
+- ✅ **Restrict pushes that create files**
+- ✅ **Require conversation resolution before merging**
+- ✅ **Include administrators**
+- ❌ **Allow force pushes**
+- ❌ **Allow deletions**
+
+### 3. Configure Develop Branch Protection
+
+Create a similar rule for `develop` branch with these differences:
+- Fewer required status checks (core quality gates only)
+- ❌ **Include administrators** (disabled for flexibility)
+- Same review requirements
+
+#### Required Status Checks for Develop
+- `Test (ubuntu-latest, stable)`
+- `Coverage`
+- `Security Audit`
+- `Lint`
+- `Build`
+
+## 🛡️ Quality Gates Enforced
+
+### Code Quality
+- **Linting**: `cargo fmt` and `cargo clippy` must pass
+- **Building**: All workspace crates must build successfully
+- **Testing**: All tests must pass on multiple platforms
+
+### Security
+- **Security Audit**: No known vulnerabilities in dependencies
+- **CodeQL Analysis**: Static analysis for security issues
+- **License Compliance**: All dependencies have approved licenses
+
+### Performance
+- **Benchmarks**: Performance regressions are detected
+- **Coverage**: Code coverage requirements are met
+
+## 🔍 Verification
+
+After setup, verify the protection rules:
+
+```bash
+# Check current protection status
+gh api repos/:owner/:repo/branches/main/protection
+
+# List required status checks
+gh api repos/:owner/:repo/branches/main/protection/required_status_checks
+```
+
+## 🚫 Common Issues
+
+### Permission Errors
+- Ensure you have admin permissions on the repository
+- Check that your GitHub token has the `repo` scope
+
+### Missing Status Checks
+- Ensure all workflows have run at least once
+- Status check names must match exactly (case-sensitive)
+
+### Code Owner Issues
+- Verify `CODEOWNERS` file is in the repository root
+- Check that specified users/teams exist and have access
+
+## 📋 Maintenance
+
+### Adding New Status Checks
+When adding new workflows:
+1. Update `.github/branch-protection-config.json`
+2. Run `./scripts/setup-branch-protection.sh` or update manually
+3. Test with a test PR
+
+### Updating Code Owners
+Edit the `CODEOWNERS` file in the repository root to modify review requirements.
+
+## 🎉 Best Practices
+
+1. **Start with develop branch** - Test protection rules on develop before applying to main
+2. **Gradual rollout** - Add protection rules incrementally
+3. **Monitor impact** - Watch for blocked PRs and adjust as needed
+4. **Regular review** - Periodically review and update protection rules
+5. **Team communication** - Ensure all team members understand the quality gates
+
+## 📞 Support
+
+If you encounter issues with branch protection setup:
+1. Check the GitHub documentation on branch protection
+2. Verify your permissions and token scopes
+3. Test with a simple PR to identify specific failing checks
+4. Review workflow logs for detailed error messages