This file provides context for AI coding agents (Claude Code, GitHub Copilot, Cursor, etc.) working in this repository.
- Product family: Classic (OC10)
- Primary language(s): PHP, JavaScript
- Build system: Composer, Make
- Test framework: PHPUnit
- CI system: GitHub Actions
lib/- PHP application logicappinfo/- ownCloud app metadata and registrationtemplates/- Server-side templatesjs/- Frontend JavaScriptl10n/- Translationsimg/- App iconsscreenshots/- App screenshotstests/- PHPUnit test suiteMakefile- Build and test automationcomposer.json- PHP dependenciesphpcs.xml- PHP_CodeSniffer configurationphpstan.neon- PHPStan configurationphpunit.xml- PHPUnit configuration
- Branching: master
- Commit messages: DCO sign-off required (
git commit -s) - Code style: PHP_CodeSniffer (phpcs.xml), ownCloud coding standard
- PR process: Open a PR against master. All CI checks must pass.
# Build
make
# Test
make test-php-unit
# Lint
make test-php-style
# Fix code style
make test-php-style-fix
# Static analysis
make test-php-phpstan- All code contributions must be compatible with the GPL-2.0 license
- Do not introduce new copyleft-licensed dependencies (GPL, AGPL, LGPL, MPL) without explicit discussion in an issue first. This is especially important for repos migrating to Apache 2.0.
- Do not introduce new dependencies without discussion in an issue first
- This is a security-sensitive app - changes should be reviewed carefully
- Only use actions owned by
owncloud, created by GitHub (actions/*), verified on the GitHub Marketplace, or verified by the ownCloud Maintainers. - Pin all actions to their full commit SHA (not tags):
uses: actions/checkout@<SHA> # vX.Y.Z - Never introduce actions from unverified third parties.
- Dependabot is configured for automated dependency updates.
- Review and merge Dependabot PRs as part of regular maintenance.
- Do not introduce new dependencies without discussion in an issue first.
- Rebase policy: Always rebase; never create merge commits. Use
git pull --rebaseandgit rebasebefore pushing. - Signed commits: All commits must be PGP/GPG signed (
git commit -S -s). - DCO sign-off: Every commit needs a
Signed-off-byline (git commit -s). - Conventional Commits & Squash Merge: Use the Conventional Commits format where the repository enforces it. Many repos use squash merge, where the PR title becomes the commit message on the default branch — apply Conventional Commits format to PR titles as well. A reusable GitHub Actions workflow enforces this.
- Match existing code style
- Do not refactor unrelated code in the same PR
- Write tests for new functionality
- Keep PRs focused and atomic
- Security-related code requires extra scrutiny