docs(ospo): community health rollout v2 — README, agents.md, health files

[dj4oC]

Summary

This PR is part of the Kiteworks OSPO community health rollout (kiteworks.com/opensource), applied to all ~110 public ownCloud repositories starting May 5, 2026.

• README.md: Rewritten with v2 OSPO template
  • License-specific OSPO section with Apache 2.0 migration guidance
  • Mandatory Community & Support section: GitHub Discussions, Matrix, docs, enterprise support, OSPO home
  • Contributing workflow: Rebase Early/Often, Dependabot, PGP/GPG-signed commits, DCO sign-off, GitHub Actions policy
  • Security section pointing to security.owncloud.com + YesWeHack bug bounty
  • Translations link to Transifex (owncloud project)
• agents.md (new): AI agent context file with architecture, build commands, OSPO policy constraints
• CODE_OF_CONDUCT.md (new): Redirect to https://owncloud.com/contribute/code-of-conduct/
• CONTRIBUTING.md (new): Redirect to https://owncloud.com/contribute/
• SECURITY.md (new): Redirect to https://security.owncloud.com + YesWeHack
• SUPPORT.md (new): Redirect to https://owncloud.com/contact-us/ and support channels

Test plan

• README renders correctly on GitHub (badges, sections, links)
• All health file links resolve (CODE_OF_CONDUCT, CONTRIBUTING, SECURITY, SUPPORT)
• agents.md loads correctly in Claude Code and GitHub Copilot
• License referenced in README matches actual LICENSE file in repo

---

🤖 Generated with Claude Code as part of the ownCloud OSPO rollout.
Kiteworks OSPO: https://kiteworks.com/opensource

[DeepDiver1975]

🤖 Automated review by Claude Code review agent.

Overview

This PR applies the Kiteworks OSPO community health v2 template to owncloud/docs-main: it rewrites README.md and adds five new files (agents.md, CODE_OF_CONDUCT.md, CONTRIBUTING.md, SECURITY.md, SUPPORT.md). The change is documentation-only (+189/-23, 6 files). I verified the claims in the diff against the actual repository contents.

Overall this is a solid, well-structured rollout. Metadata is accurate, referenced paths and npm scripts all exist, and external links resolve. A few small inconsistencies and one factual nuance are noted below.

Documentation accuracy (verified)

Confirmed against the repo tree and package.json:

• License: LICENSE is GNU AGPL-3.0 — matches the README badge and "Current license: AGPL-3.0" claim. Good (this was an explicit test-plan item).
• npm scripts: antora-local, serve, antora, linkcheck all exist in package.json. The Getting Started and agents.md build/test commands are correct.
• broken-link-checker and http-server are real devDependencies — the "Test framework: broken-link-checker" and serve claims hold.
• Referenced doc paths: ./docs/the-branching-workflow.md and ./docs/new-version-branch.md both exist.
• Architecture paths in agents.md: antora.yml, modules/, site.yml, package.json, docs/, ext-antora/, ext-asciidoc/ all exist.
• Prettier: agents.md says "Prettier config present" — confirmed, .prettierrc exists.
• External links: github.com/orgs/owncloud/discussions, yeswehack.com/programs/owncloud-bug-bounty-program, and kiteworks.com/opensource all return HTTP 200.

Code quality / style

• Clean, consistent Markdown. README has a logical flow (Getting Started → Documentation → Community → Contributing → Security → License → OSPO).
• The redirect-style health files (CODE_OF_CONDUCT, CONTRIBUTING, SECURITY, SUPPORT) are appropriately minimal and consistent with each other.
• README and agents.md OSPO/Git-workflow sections are internally consistent (signed commits, DCO, rebase, GitHub Actions policy all agree).

Specific suggestions

1. Bare URL inconsistency (minor lint). Most links use angle-bracket autolinks (<https://...>), but the SUPPORT.md "Community discussions" line uses a bare https://github.com/orgs/owncloud/discussions without brackets, unlike the surrounding entries. The README "Community Discussions" uses [label](url) form. Consider normalizing for consistency and to avoid MD034 (no-bare-urls) if markdownlint runs.

2. agents.md filename casing. Both Claude Code and GitHub Copilot conventionally look for AGENTS.md (uppercase). The test plan asks to confirm "agents.md loads correctly in Claude Code and GitHub Copilot" — lowercase agents.md may not be auto-discovered by all agents on case-sensitive setups. Worth confirming, or renaming to AGENTS.md.

3. agents.md "Lint: Not detected". A .prettierrc is present. The Build/Test block says "Lint: Not detected (Prettier config present for formatting)", which is slightly contradictory — consider either adding a Prettier check command or dropping the line.

4. Conventional Commits framing. The old README stated this repo requires Conventional Commits (since April 2026). The new agents.md softens this to "where the repository enforces it" / "Many repos use squash merge." If this specific repo still enforces Conventional Commits on PR titles, consider stating that explicitly rather than the generic template wording, to avoid dropping a real, repo-specific rule that existed before this PR.

Potential issues / risks

• Apache 2.0 migration wording — factual nuance (non-blocking). The OSPO section states AGPL-3.0 is "Category X per Apache policy — cannot be included in Apache-2.0 works." That is accurate for consuming AGPL code into ASF projects. The text correctly hedges that the LICENSE reflects the current status, not the target, and no license change is actually made here — informational only. Just ensure readers don't interpret the README as implying the license has changed.
• "Test framework: broken-link-checker" + "Write tests for new functionality". broken-link-checker is a link checker, not a unit-test framework, and this is a content-only docs repo with no unit-test harness. Generic template guidance — harmless but slightly misleading here.
• No broken internal links found. Relative links (CONTRIBUTING.md, CODE_OF_CONDUCT.md, SECURITY.md, LICENSE, ./docs/*.md) all resolve to files present in the repo after this PR.

Verdict

Approvable as documentation. No blocking issues. The most impactful nit is the agents.md vs AGENTS.md casing; the Markdown/link consistency items are minor.

[DeepDiver1975]

🤖 Automated review by Claude Code review agent.

Overview

OSPO community health rollout v2 for owncloud/docs-main. Rewrites README.md with the v2 OSPO template and adds five health files (agents.md, CODE_OF_CONDUCT.md, CONTRIBUTING.md, SECURITY.md, SUPPORT.md). +189/-23 across 6 files. The current head (28c7b73) adds only a master merge commit on top of the prior content commit (f500f09) — no content changes since the earlier review.

I verified the claims against a fresh clone of the repo. Most check out:

• LICENSE is genuinely AGPL-3.0 — matches the README badge, the License section, and the agents.md constraint. Good, since the test plan explicitly flagged this.
• All referenced local doc paths exist: ./docs/the-branching-workflow.md, ./docs/new-version-branch.md.
• npm scripts referenced (antora-local, serve, antora, linkcheck) all exist in package.json.
• Architecture paths in agents.md all exist: antora.yml, modules/, site.yml, package.json, docs/, ext-antora/, ext-asciidoc/.
• .prettierrc and .github/dependabot.yml are present, so the Prettier and Dependabot references are accurate.
• Primary language reported by GitHub is JavaScript — matches agents.md.

Code quality / style

The README and health files are clean, well-structured, and render-safe. Section ordering is sensible and the redirect-style health files are appropriately minimal.

Specific suggestions

1. agents.md filename casing — NOT addressed since the prior review. The emerging cross-agent convention (and what the file's own intro implies for "Claude Code, GitHub Copilot, Cursor") is AGENTS.md (uppercase). The content commit f500f09 still ships lowercase agents.md; the only new commit is a master merge. Recommend renaming to AGENTS.md for tool discovery consistency. (On a case-insensitive filesystem, having both casings would collide — only one is present here, which is fine.)

2. Getting Started workflow is subtly fragile. README lists npm install → npm run antora-local → npm run serve. serve runs http-server public/, so it only works if antora-local actually emits into public/. Worth confirming the output dir; otherwise npm run serve serves an empty/old directory. Also, README calls the preview "standalone" while agents.md lists the Build command as npm run antora (full site playbook) — pick one canonical local-preview command to avoid confusion.

3. agents.md "Test framework: broken-link-checker" — broken-link-checker is a link validator, not a test framework, and linkcheck needs a built/served site to crawl. Consider relabeling to "Link checking", and reconsider "Write tests for new functionality" in the AI context section since this is a docs/content repo with no unit-test harness.

4. Markdown nits (prior review flagged "minor markdown nits"). SUPPORT.md uses a bare URL for Community discussions (https://github.com/orgs/owncloud/discussions) while every sibling link uses angle-bracket autolinks (<...>). Normalize SUPPORT.md to angle brackets for consistency. Appears unaddressed.

Potential issues / risks

• Apache 2.0 migration framing. The README describes a strategic relicensing toward Apache-2.0 and labels AGPL-3.0 as "Category X ... cannot be included in Apache-2.0 works" — accurate per ASF policy. Relicensing AGPL-3.0 requires consent from all copyright holders; the README correctly lists this under prerequisites and states the LICENSE remains AGPL-3.0. Just ensure the aspirational language isn't read as an imminent/committed change.
• External link liveness not verifiable here. security.owncloud.com, the YesWeHack URL, the Matrix room, and kiteworks.com/opensource could not be crawled in this environment. The test plan's "all health file links resolve" box is still unchecked — run the linkcheck before merge.
• DCO/PGP command redundancy. README shows git commit -s -S; agents.md shows git commit -S -s, git commit -s, and git commit -S -s across separate bullets. All functionally equivalent, but the duplicated, slightly varied guidance in agents.md is worth consolidating.

Net: solid, claims largely verified. The main actionable item is the unresolved agents.md → AGENTS.md casing from the prior review, plus confirming the serve preview path works.