docs(ospo): community health rollout v2 — README, agents.md, health files

[dj4oC]

Summary

This PR is part of the Kiteworks OSPO community health rollout (kiteworks.com/opensource), applied to all ~110 public ownCloud repositories starting May 5, 2026.

• README.md: Rewritten with v2 OSPO template
  • License-specific OSPO section with Apache 2.0 migration guidance
  • Mandatory Community & Support section: GitHub Discussions, Matrix, docs, enterprise support, OSPO home
  • Contributing workflow: Rebase Early/Often, Dependabot, PGP/GPG-signed commits, DCO sign-off, GitHub Actions policy
  • Security section pointing to security.owncloud.com + YesWeHack bug bounty
  • Translations link to Transifex (owncloud project)
• agents.md (new): AI agent context file with architecture, build commands, OSPO policy constraints
• CODE_OF_CONDUCT.md (new): Redirect to https://owncloud.com/contribute/code-of-conduct/
• CONTRIBUTING.md (new): Redirect to https://owncloud.com/contribute/
• SECURITY.md (new): Redirect to https://security.owncloud.com + YesWeHack
• SUPPORT.md (new): Redirect to https://owncloud.com/contact-us/ and support channels

Test plan

• README renders correctly on GitHub (badges, sections, links)
• All health file links resolve (CODE_OF_CONDUCT, CONTRIBUTING, SECURITY, SUPPORT)
• agents.md loads correctly in Claude Code and GitHub Copilot
• License referenced in README matches actual LICENSE file in repo

---

🤖 Generated with Claude Code as part of the ownCloud OSPO rollout.
Kiteworks OSPO: https://kiteworks.com/opensource

[DeepDiver1975]

🤖 Automated review by Claude Code review agent.

Overview

This PR rolls out the Kiteworks OSPO community health template v2 to docs-client-desktop: a rewritten README.md plus five new files (agents.md, CODE_OF_CONDUCT.md, CONTRIBUTING.md, SECURITY.md, SUPPORT.md). The structure is clean and consistent with the stated rollout, the redirect health files are correct, and the referenced internal docs (./docs/the-branching-workflow.md, ./docs/new-version-branch.md) and modules/ content path all exist. Most external links are valid.

However, there are a few accuracy issues around license metadata and a broken LICENSE link that should be fixed before merge, since the test plan explicitly calls out "License referenced in README matches actual LICENSE file in repo."

Code quality / style

• README is well organized; badges, sections, and Markdown render cleanly.
• Health files (CODE_OF_CONDUCT, CONTRIBUTING, SECURITY, SUPPORT) are simple, correct redirects.
• Build commands in Getting Started (npm install / npm run antora-local / npm run serve) match real scripts in package.json. serve runs http-server public/, and antora-local targets http://localhost:8080, so the localhost:8080 claim is consistent.

Specific suggestions

1. Broken LICENSE link (README). The repo has no LICENSE file (GitHub contents API returns 404). The README links [LICENSE](LICENSE) twice (License badge target and the License section) — both are dead links. Either add a LICENSE file or change these to non-link text until one exists.

2. License metadata is inconsistent and likely wrong. package.json declares "license": "AGPL-3.0", but:

   • README states "Current license: Not detected."
   • agents.md states the constraint "compatible with the the license specified in the repository license" and lists copyleft licenses (GPL/AGPL/LGPL/MPL) as ones to avoid adding.
     The "Not detected" wording overlooks the explicit package.json declaration. Recommend reconciling: the current license appears to be AGPL-3.0 per package.json. The copyleft warning in agents.md is also self-contradictory for an AGPL repo — worth a note that the repo's own license is copyleft.

3. agents.md grammar bug. Important Constraints line reads: "compatible with the the license specified in the repository license" — duplicated "the" and a trailing dangling "license". Reword to e.g. "compatible with the license specified in the repository."

4. agents.md linkcheck accuracy. Listed test framework is broken-link-checker and npm run linkcheck exists in package.json — good, this is accurate.

5. GitHub Actions / Dependabot claims. agents.md and README state Dependabot is configured; confirmed .github/dependabot.yml exists — accurate.

Potential issues / risks

• Test-plan item unmet: "License referenced in README matches actual LICENSE file" cannot pass — there is no LICENSE file and the README link is broken. This is the main blocker.
• DCO command in README shows git commit -s -S (sign-off + PGP) which is correct, but the surrounding bullet labels it only "DCO Sign-off"; the -S (PGP) flag is conflated into the DCO bullet. Minor, but the two requirements are listed separately elsewhere — consider keeping the example consistent with the bullet it illustrates.
• OSPO/relicensing language ("migrating to Apache 2.0", "Not detected") is templated boilerplate; for this repo it is partly inaccurate given the AGPL-3.0 declaration. Low risk but reduces documentation trustworthiness.

Overall: solid, low-risk documentation PR. Recommend addressing the missing/broken LICENSE reference and the license "Not detected" vs package.json: AGPL-3.0 inconsistency, plus the small agents.md grammar fix, before merge.

[DeepDiver1975]

🤖 Automated review by Claude Code review agent.

Overview

This is the v2 OSPO community-health rollout for owncloud/docs-client-desktop: a rewritten README.md plus five new files (agents.md, CODE_OF_CONDUCT.md, CONTRIBUTING.md, SECURITY.md, SUPPORT.md). The structure is clean and the redirect-style health files are appropriate for a docs component. Most paths referenced are accurate: docs/the-branching-workflow.md, docs/new-version-branch.md, antora.yml, site.yml, modules/, ext-antora/, ext-asciidoc/, pdf_web/, and .prettierrc all exist on master, and the npm run antora / npm run linkcheck commands in agents.md match real package.json scripts.

However, the three issues flagged in the prior review at the earlier commit are all still present at this head.

Potential issues / risks

1. No LICENSE file exists — broken links + misleading badge (NOT fixed). The repo root has no LICENSE file (verified via the GitHub contents API: 404). The README still links [LICENSE](LICENSE) twice (License section and the badge [![License]...](LICENSE)), both of which render as dead links on GitHub. Either add a LICENSE file in this PR or point the links/badge at the real license source.

2. "Current license: Not detected." contradicts package.json (NOT fixed). package.json on master declares "license": "AGPL-3.0". The README's OSPO section still states "Current license: Not detected." and asks readers to open an issue if they know the license. The information is already in the repo. This should read AGPL-3.0 (and, combined with issue #1, a matching LICENSE file should be committed). This also makes the PR's own test-plan item "License referenced in README matches actual LICENSE file" fail on two counts.

3. agents.md duplicated-"the" grammar bug (NOT fixed). Line under Important Constraints:

   All code contributions must be compatible with the the license specified in the repository license
   This is doubly broken: a duplicated "the" and a trailing dangling "license". Suggest: "All code contributions must be compatible with the license specified in the repository (AGPL-3.0)."

Code quality / style

• The Apache-2.0 "License Migration" section sits awkwardly next to AGPL reality. Until the license is correctly stated (issue #2), this section reads as if the current license is unknown, which it is not.
• SUPPORT.md mixes <...> autolinks with one bare URL ("Community discussions"); minor inconsistency within the file. The same bare-URL style appears in the README Community list, so it is at least internally consistent there.
• agents.md "Branching: master" and the README workflow guidance duplicate content from the existing docs/the-branching-workflow.md; acceptable for an agent context file but worth keeping in sync.

Specific suggestions

• Add a real LICENSE (AGPL-3.0) file in this PR, then the badge + both README links resolve and the test-plan checkbox passes.
• Replace "Current license: Not detected." with "Current license: AGPL-3.0."
• Fix the agents.md constraint sentence (remove the duplicate "the" and the trailing "license").
• Consider switching the License badge from the generic "See Repository" to an AGPL-3.0 badge once the LICENSE file lands.

Net: solid template rollout, but the three previously-reported issues remain unaddressed in the current commits, and two of them are factual/link-correctness problems the PR's own test plan calls out.

[DeepDiver1975]

🤖 Automated code review by Claude Code review agent

Scope: Documentation / community-health files only (README rewrite + new CODE_OF_CONDUCT, CONTRIBUTING, SECURITY, SUPPORT, agents.md). No code, CI, or secrets. All links point to legitimate owncloud / kiteworks / github / matrix / yeswehack domains — nothing malicious. Low risk.

Verified correct:

• This repo has no LICENSE file (confirmed via API — 404). The README correctly does NOT assert a license: badge reads "See Repository", License section says "See LICENSE for details", and the migration section honestly states "Current license: Not detected." This is the right call and the appropriate cross-repo divergence from the AGPL-3.0 sibling PRs (docs / docs-server / docs-main all have a real AGPL-3.0 LICENSE). No false license claim — good.
• Project name "ownCloud Desktop Client Documentation" and the source-code pointer to owncloud/client are correct.
• The 5 health files are identical to the other 3 rollout PRs — consistent.

Issues to address:

1. Grammar bug in agents.md — Important Constraints reads: "must be compatible with the the license specified in the repository license". Doubled "the" and a trailing stray "license". Suggest: "compatible with the license specified in the repository's LICENSE file."
2. Follow-up (out of scope but worth noting): the absence of a LICENSE file is itself a gap the OSPO migration text flags — consider opening a tracking issue so this repo gets a LICENSE.

Minor (non-blocking):

• SUPPORT.md: "Community discussions" bare URL vs <> autolinks elsewhere — cosmetic.

Verdict: Approve with nits. License handling is correctly conservative; please fix the agents.md doubled-word typo before merge.