docs(ospo): community health rollout v2 — README, agents.md, health files

[dj4oC]

Summary

This PR is part of the Kiteworks OSPO community health rollout (kiteworks.com/opensource), applied to all ~110 public ownCloud repositories starting May 5, 2026.

• README.md: Rewritten with v2 OSPO template
  • License-specific OSPO section with Apache 2.0 migration guidance
  • Mandatory Community & Support section: GitHub Discussions, Matrix, docs, enterprise support, OSPO home
  • Contributing workflow: Rebase Early/Often, Dependabot, PGP/GPG-signed commits, DCO sign-off, GitHub Actions policy
  • Security section pointing to security.owncloud.com + YesWeHack bug bounty
  • Translations link to Transifex (owncloud project)
• agents.md (new): AI agent context file with architecture, build commands, OSPO policy constraints
• CODE_OF_CONDUCT.md (new): Redirect to https://owncloud.com/contribute/code-of-conduct/
• CONTRIBUTING.md (new): Redirect to https://owncloud.com/contribute/
• SECURITY.md (new): Redirect to https://security.owncloud.com + YesWeHack
• SUPPORT.md (new): Redirect to https://owncloud.com/contact-us/ and support channels

Test plan

• README renders correctly on GitHub (badges, sections, links)
• All health file links resolve (CODE_OF_CONDUCT, CONTRIBUTING, SECURITY, SUPPORT)
• agents.md loads correctly in Claude Code and GitHub Copilot
• License referenced in README matches actual LICENSE file in repo

---

🤖 Generated with Claude Code as part of the ownCloud OSPO rollout.
Kiteworks OSPO: https://kiteworks.com/opensource

[DeepDiver1975]

🤖 Automated review by Claude Code review agent.

Overview

This PR applies the Kiteworks OSPO community-health v2 template to owncloud/docs: it rewrites README.md and adds five new files (agents.md, CODE_OF_CONDUCT.md, CONTRIBUTING.md, SECURITY.md, SUPPORT.md). Net +175 / -58 across 6 files. The change is documentation-only and carries no code/build risk. Overall this is well-structured and accurate. I verified the load-bearing claims against the repo and the substantive ones hold up. A few small inconsistencies are worth tightening before merge.

Verification performed

• LICENSE accuracy: Confirmed LICENSE in the repo is GNU AGPL-3.0. The README badge (AGPL-3.0), the License section, and the "Current license: AGPL-3.0" migration note are all correct.
• Relative links: All docs/*.md links in the new README resolve to real files (what-is-antora.md, what-is-asciidoc.md, doc-guidelines.md, antora-site-structure.md, extensions.md). The CONTRIBUTING.md / CODE_OF_CONDUCT.md / SECURITY.md links point at the files added in this PR. Good — no broken intra-repo links.
• agents.md paths: site.yml, package.json, ext-antora/, ext-asciidoc/, docs/, resources/, fonts/, book_templates/ all exist. supplemental/ exists too. All accurate.
• Build commands: npm run antora and npm run linkcheck (broken-link-checker) exist in package.json and match agents.md. npm run antora-local and npm run serve exist and match the README Getting Started block.

Code quality / style

• Consistent Markdown, good use of badges and sectioning. The README is a clear improvement in navigability over the old TOC-heavy version.
• The OSPO/license-migration section is informative and appropriately scoped ("LICENSE file reflects current status, not target").

Specific suggestions

1. agents.md Lint line is self-contradictory. It says Lint: broken-link-checker is the test framework, then under Lint says Not detected (Prettier config present for formatting). A .prettierrc does exist in the repo, so consider stating the Prettier formatting command explicitly (or at least not phrasing it as "Not detected" when the config is present).

2. Loss of useful, repo-specific guidance. The old README documented several things the new template drops: the node 22 LTS requirement, the pinned Antora 3.1.14 version, the backport workflow + backport script, the publish-trigger explanation, the .asciidoctorconfig / IntelliJ AsciiDoc plugin tip, and HTML-to-PDF notes. These are genuinely useful to docs contributors and are not captured elsewhere in this PR. Consider preserving them (e.g. linking to docs/build-the-docs.md / docs/getting-started.md#backporting, both of which still exist) rather than dropping them outright.

3. Conventional Commits guidance moved, not lost — verify intent. The old README prominently required Conventional Commits for commits and PR titles. The new README's Contributing section does not mention this; it only appears in agents.md. Since the repo enforces Conventional Commit PR titles, consider keeping a human-facing note in the README Contributing section, not just the agent file.

4. serve port claim. README states the site serves at http://localhost:8080. The serve script is http-server public/ -d -i, which defaults to 8080 but is not pinned. Minor — accurate today, but a hardcoded -p 8080 (or softening to "(default port 8080)") would make the doc robust.

5. Matrix link. https://app.element.io/#/room/#owncloud:matrix.org is an Element-client deep link rather than a canonical matrix.to URL. Functional, but https://matrix.to/#/#owncloud:matrix.org is the client-agnostic convention. Optional.

Potential issues / risks

• External links not auto-verified. Several external endpoints are asserted (security.owncloud.com, kiteworks.com/opensource, the YesWeHack program URL, owncloud.com/contribute/code-of-conduct/, owncloud.com/contribute/). These could not be checked from here and are sandboxed; please confirm each resolves (the test-plan checkbox for health-file links is still unchecked).
• agents.md filename casing. The de-facto emerging convention is AGENTS.md (uppercase). Lowercase agents.md works for most tools but some agent loaders look specifically for AGENTS.md. Worth confirming this matches the rollout standard used across the other ~110 repos for consistency.
• CONTRIBUTING.md circularity. It says "For development setup... see the README," while the README's Contributing section points back to CONTRIBUTING.md. Not broken, but the round-trip gives a contributor no concrete setup steps beyond the Getting Started block. Minor.

No blocking issues. The factual/license/link claims I could verify are correct; the suggestions above are about consistency and avoiding loss of repo-specific contributor guidance.

[DeepDiver1975]

🤖 Automated review by Claude Code review agent.

Overview

This is the v2 OSPO community-health rollout for owncloud/docs: a rewritten README.md plus new agents.md, CODE_OF_CONDUCT.md, CONTRIBUTING.md, SECURITY.md, and SUPPORT.md. The PR is well-structured, and I verified its claims against the live repo. Compared to common issues seen in earlier rollout PRs, most have been fixed here — but two notable items remain. Overall this is close to mergeable.

Verified-correct claims

• License is accurate. A LICENSE file exists at the repo root and is AGPL-3.0 (confirmed via GitHub's license API: spdx_id: AGPL-3.0, and the file header reads "GNU AFFERO GENERAL PUBLIC LICENSE Version 3"). The README badge, the "Current license: AGPL-3.0" statement, and the Apache-migration framing all match reality. The [LICENSE](LICENSE) relative link resolves. This fixes the "broken LICENSE link / missing LICENSE file" problem from prior PRs.
• All README doc links resolve. Every ./docs/*.md path referenced (what-is-antora, what-is-asciidoc, doc-guidelines, antora-site-structure, extensions) exists in docs/.
• Build commands are valid. npm run antora-local and npm run serve exist in package.json. serve runs http-server public/, which defaults to port 8080, so the "serves it at http://localhost:8080" claim is correct, as is the "builds the site to public/" claim.
• Primary language is correctly labeled. agents.md lists JavaScript as the primary language; the repo's language breakdown is JavaScript 47668 / Shell 10740 / Python 3495, so JavaScript is correct. This avoids the "agents.md mislabeling primary language" issue from prior PRs.
• Conventional Commits is correctly noted in agents.md. agents.md states Conventional Commits is enforced "where the repository enforces it" via "a reusable GitHub Actions workflow." This repo does enforce it — .github/workflows/lint-pr-title.yml runs amannn/action-semantic-pull-request (pinned to a full SHA, matching the PR's own Actions policy).

Code quality / style

• Markdown is clean and renders well; sections are sensible and the relative links use the correct GitHub-friendly form.
• The OSPO sections (license migration, Apache policy, Category X note) are detailed and accurate to AGPL-3.0's copyleft status.
• Redirect health files (CODE_OF_CONDUCT, CONTRIBUTING, SECURITY, SUPPORT) are appropriately minimal.

Potential issues / risks

1. Conventional Commits requirement was dropped from the README, but CI still enforces it (most important). The old README opened with a notice that the repo "uses Conventional Commits for commits and the Pull Request title." The new README's Contributing/Workflow section lists rebase, Dependabot, signed commits, DCO, and Actions policy — but no longer mentions Conventional Commits at all. Meanwhile .github/workflows/lint-pr-title.yml actively enforces semantic PR titles on every PR. A contributor reading only the README will not know their PR title must follow Conventional Commits and will hit a confusing CI failure. Recommend re-adding a Conventional Commits bullet to the README's Workflow section (agents.md alone is not enough, since human contributors read the README). This is the same "dropped Conventional-Commits notice still enforced by CI" regression flagged in earlier rollout PRs.

2. Filename is agents.md (lowercase) rather than the conventional AGENTS.md. The emerging cross-tool convention (and what most agent tooling looks for) is uppercase AGENTS.md. No AGENTS.md currently exists in the repo (confirmed 404), and the repo already uses CLAUDE.md in uppercase. Recommend renaming to AGENTS.md for discoverability and consistency with the other uppercase root files. Minor but worth fixing during the rollout for uniformity.

3. Minor — agents.md "Lint: Not detected" is slightly misleading. The Build & Test block lists npm run antora (build) and npm run linkcheck (test), both of which exist — good. But "Lint: Not detected" sits two lines below a note that .prettierrc is present. Consider stating the Prettier check command if one is intended, or removing the contradiction (low priority).

4. Minor — README "Star/Watch" marketing line in Community & Support is stylistic; harmless but slightly off-tone for a docs build repo. No action needed.

Summary

License, doc-link, build-command, and primary-language claims all verified correct against the repo — the prior recurring defects there are fixed. The two items worth addressing before merge are (1) re-adding the Conventional Commits note to the README since CI enforces it, and (2) renaming agents.md to AGENTS.md. Neither is strictly blocking, but (1) will save contributors a confusing CI failure.