docs(ospo): community health rollout v2 — README, agents.md, health files

[dj4oC]

Summary

This PR is part of the Kiteworks OSPO community health rollout (kiteworks.com/opensource), applied to all ~110 public ownCloud repositories starting May 5, 2026.

• README.md: Rewritten with v2 OSPO template
  • License-specific OSPO section with Apache 2.0 migration guidance
  • Mandatory Community & Support section: GitHub Discussions, Matrix, docs, enterprise support, OSPO home
  • Contributing workflow: Rebase Early/Often, Dependabot, PGP/GPG-signed commits, DCO sign-off, GitHub Actions policy
  • Security section pointing to security.owncloud.com + YesWeHack bug bounty
  • Translations link to Transifex (owncloud project)
• agents.md (new): AI agent context file with architecture, build commands, OSPO policy constraints
• CODE_OF_CONDUCT.md (new): Redirect to https://owncloud.com/contribute/code-of-conduct/
• CONTRIBUTING.md (new): Redirect to https://owncloud.com/contribute/
• SECURITY.md (new): Redirect to https://security.owncloud.com + YesWeHack
• SUPPORT.md (new): Redirect to https://owncloud.com/contact-us/ and support channels

Test plan

• README renders correctly on GitHub (badges, sections, links)
• All health file links resolve (CODE_OF_CONDUCT, CONTRIBUTING, SECURITY, SUPPORT)
• agents.md loads correctly in Claude Code and GitHub Copilot
• License referenced in README matches actual LICENSE file in repo

---

🤖 Generated with Claude Code as part of the ownCloud OSPO rollout.
Kiteworks OSPO: https://kiteworks.com/opensource

[DeepDiver1975]

🤖 Automated review by Claude Code review agent.

Overview

This PR applies the Kiteworks/ownCloud OSPO "community health v2" template to docs-ui: it rewrites README.md and adds five new files (agents.md, CODE_OF_CONDUCT.md, CONTRIBUTING.md, SECURITY.md, SUPPORT.md). The change is documentation-only, well-structured, and the new README is considerably more readable than the previous procedural one. I verified the key technical claims against the actual repository contents on master — most check out. A few accuracy/consistency issues are noted below.

Code quality / style

• The README is clear and the table-based npm command list is a nice improvement. Section ordering (Getting Started → Documentation → Development Reference → Community → Contributing → Security → License → OSPO) is sensible.
• Redirect-style health files (CODE_OF_CONDUCT, CONTRIBUTING, SECURITY, SUPPORT) are consistent in tone and correctly point at owncloud.com / security.owncloud.com.
• Minor inconsistency: SUPPORT.md and agents.md use bare URLs for the Discussions link (https://github.com/orgs/owncloud/discussions) while every other link in the same lists uses the <...> autolink form. Wrap it for consistency.

Specific suggestions

Verified-accurate claims (no action needed):

• License badge / "Current license: AGPL-3.0" — confirmed: repo LICENSE is GNU AGPL v3 and package.json declares "license": "AGPL-3.0". Good — the README license matches the actual LICENSE file (one of the PR's own test-plan items).
• npm run bundle produces the zip in build/ — confirmed: gulpfile.js sets buildDir = 'build' and bundleName = 'ui', so build/ui-bundle.zip is correct.
• npm scripts lint, preview, bundle — confirmed they exist in package.json.
• src/ structure (layouts, partials, css, js) and tasks/ Gulp tasks — confirmed; the agents.md "Architecture & Key Paths" description is accurate.

Items to fix or reconsider:

1. npm install then npm run preview in Getting Started may mislead. npm run preview runs the full clean → lint → build → pack → build:preview → serve:site chain and serves at http://localhost:5252, which is fine — but it does NOT just "preview the UI" lightly; it rebuilds the bundle. The current wording is acceptable, just be aware the demo content is what's served, not real docs. (Lower priority.)
2. npm run antora-dev-bundle is referenced as a repo command but does not exist in this repo. The "Preview with ownCloud Documentation" section says "Run npm run antora-dev-bundle in the docs repo" — the phrase "in the docs repo" is correct (it's a script in owncloud/docs, not here), but please double-check that script name still exists there, since the old README referenced the same and it's easy for it to drift.
3. engines claim — "npm >= 11.11.0" and "Node v22 LTS". package.json in this repo has no engines field, so these are advisory only. That's fine for a README, but consider adding an engines block to package.json if you want the constraint enforced rather than just documented.
4. agents.md "Test framework: Gulp lint task" / duplicated Test+Lint commands. Under "Build & Test Commands" both the "Test" and "Lint" entries are npm run lint. There is no real test suite here (only lint), so labeling lint as the "Test framework" overstates it. Suggest collapsing to a single Lint entry and dropping the Test heading, or noting "no automated test suite; lint only."
5. agents.md "Primary language(s): CSS" is a thin characterization — the UI is primarily Handlebars templates + CSS + JS. Consider "Handlebars, CSS, JavaScript" to match the actual src/ layout you describe two lines later.
6. GitHub Actions policy vs. actual CI. Both README and agents.md state "CI system: GitHub Actions" and describe a GitHub Actions pinning policy, but the repo root still contains a .drone.star-era pipeline reference in the old README and the publish pipeline historically used Drone. Please confirm CI has actually migrated to GitHub Actions for this repo; otherwise the agents.md "CI system: GitHub Actions" line is inaccurate for docs-ui specifically.
7. Signing guidance shows git commit -s -S in README but agents.md lists -S -s / -s separately. Harmless, but standardizing on one example (git commit -s -S -m ...) across both files avoids confusion.

Potential issues / risks

• Broken-link risk (cannot fully verify offline): the rollout introduces several external URLs — https://security.owncloud.com, https://yeswehack.com/programs/owncloud-bug-bounty-program, https://owncloud.com/contribute/code-of-conduct/, https://owncloud.com/contribute/, https://kiteworks.com/opensource, and the Antora UI docs link https://docs.antora.org/antora-ui-default/. These are exactly the PR's own test-plan checkboxes; please confirm each resolves (the Antora docs URL in particular has changed structure historically).
• Template genericity: a few lines read as generic template output rather than repo-specific facts ("Code style: Not detected", "Test framework: Gulp lint task"). Since agents.md is meant to give agents accurate context, replacing "Not detected" with the real tooling (.eslintrc, .stylelintrc, .prettierignore all exist in the repo) would materially improve it.
• License-migration section is accurate and appropriately scoped (clearly states LICENSE reflects current, not target, license). No risk; good disclaimer.
• No security, secret, or executable-config changes — risk surface is limited to documentation accuracy.

Overall: solid, accurate documentation rollout. The verified technical claims (license, bundle path, scripts, source layout) are correct. Recommend addressing the agents.md genericity items (#4, #5, #6, plugin/CI accuracy) and confirming the external links before merge.