@valkyrianlabs/payload-markdown-docs 0.3.1 → 0.4.1

package/dist/collections/docsSets.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../src/collections/docsSets.ts"],"sourcesContent":["import type { CollectionConfig } from 'payload'\n\nimport { DOCS_SET_MANAGER_COMPONENT } from '../constants.js'\n\nexport type CreateDocsSetsCollectionOptions = {\n  docsCollectionSlug?: string\n  docsGroupsCollectionSlug: string\n  slug: string\n  syncRunsCollectionSlug?: string\n}\n\nexport const createDocsSetsCollection = ({\n  slug,\n  docsCollectionSlug,\n  docsGroupsCollectionSlug,\n  syncRunsCollectionSlug,\n}: CreateDocsSetsCollectionOptions): CollectionConfig => ({\n  slug,\n  admin: {\n    defaultColumns: ['title', 'sourceId', 'routeBase', 'updatedAt'],\n    group: 'Docs',\n    useAsTitle: 'title',\n  },\n  fields: [\n    {\n      name: 'title',\n      type: 'text',\n      required: true,\n    },\n    {\n      name: 'slug',\n      type: 'text',\n      index: true,\n      required: true,\n    },\n    {\n      name: 'sourceId',\n      type: 'text',\n      index: true,\n      required: true,\n      unique: true,\n    },\n    {\n      name: 'sourceRoot',\n      type: 'text',\n      defaultValue: 'docs',\n    },\n    {\n      name: 'group',\n      type: 'relationship',\n      relationTo: docsGroupsCollectionSlug,\n    },\n    {\n      name: 'routeBase',\n      type: 'text',\n      index: true,\n      required: true,\n      unique: true,\n    },\n    {\n      name: 'description',\n      type: 'textarea',\n    },\n    {\n      name: 'navTitle',\n      type: 'text',\n    },\n    {\n      name: 'order',\n      type: 'number',\n      defaultValue: 0,\n    },\n    {\n      name: 'auth',\n      type: 'group',\n      admin: {\n        description:\n          'Source-specific sync authentication policy. Use this instead of hardcoding docs sources in payload.config.ts.',\n      },\n      fields: [\n        {\n          name: 'ed25519',\n          type: 'group',\n          fields: [\n            {\n              name: 'keys',\n              type: 'array',\n              admin: {\n                description:\n                  'Public keys allowed to sync this docs set from local machines or non-GitHub CI.',\n              },\n              fields: [\n                {\n                  name: 'keyId',\n                  type: 'text',\n                  required: true,\n                },\n                {\n                  name: 'publicKey',\n                  type: 'textarea',\n                  required: true,\n                },\n              ],\n            },\n            {\n              name: 'maxSkewSeconds',\n              type: 'number',\n            },\n            {\n              name: 'nonceTtlSeconds',\n              type: 'number',\n            },\n          ],\n        },\n        {\n          name: 'githubOidc',\n          type: 'group',\n          fields: [\n            {\n              name: 'enabled',\n              type: 'checkbox',\n              defaultValue: false,\n            },\n            {\n              name: 'audience',\n              type: 'text',\n              admin: {\n                description:\n                  'Optional override. Defaults to the plugin-level GitHub OIDC audience.',\n              },\n            },\n            {\n              name: 'allowedRepositories',\n              type: 'array',\n              admin: {\n                description:\n                  'GitHub repositories allowed to sync this docs set, for example valkyrianlabs/payload-markdown-docs.',\n              },\n              fields: [\n                {\n                  name: 'value',\n                  type: 'text',\n                  required: true,\n                },\n              ],\n            },\n            {\n              name: 'allowedRepositoryOwners',\n              type: 'array',\n              fields: [\n                {\n                  name: 'value',\n                  type: 'text',\n                  required: true,\n                },\n              ],\n            },\n            {\n              name: 'allowedRefs',\n              type: 'array',\n              admin: {\n                description:\n                  'Exact Git refs such as refs/heads/main or refs/tags/v0.2.1.',\n              },\n              fields: [\n                {\n                  name: 'value',\n                  type: 'text',\n                  required: true,\n                },\n              ],\n            },\n            {\n              name: 'allowedWorkflows',\n              type: 'array',\n              fields: [\n                {\n                  name: 'value',\n                  type: 'text',\n                  required: true,\n                },\n              ],\n            },\n            {\n              name: 'allowedWorkflowRefs',\n              type: 'array',\n              fields: [\n                {\n                  name: 'value',\n                  type: 'text',\n                  required: true,\n                },\n              ],\n            },\n            {\n              name: 'allowedEnvironments',\n              type: 'array',\n              fields: [\n                {\n                  name: 'value',\n                  type: 'text',\n                  required: true,\n                },\n              ],\n            },\n            {\n              name: 'allowPullRequests',\n              type: 'checkbox',\n              defaultValue: false,\n            },\n            {\n              name: 'issuer',\n              type: 'text',\n            },\n            {\n              name: 'jwksUrl',\n              type: 'text',\n            },\n            {\n              name: 'maxSkewSeconds',\n              type: 'number',\n            },\n          ],\n        },\n      ],\n    },\n    {\n      name: 'defaults',\n      type: 'group',\n      fields: [\n        {\n          name: 'theme',\n          type: 'text',\n        },\n        {\n          name: 'heroEyebrow',\n          type: 'text',\n        },\n        {\n          name: 'heroTitle',\n          type: 'text',\n        },\n        {\n          name: 'heroDescription',\n          type: 'textarea',\n        },\n        {\n          name: 'seoTitle',\n          type: 'text',\n        },\n        {\n          name: 'seoDescription',\n          type: 'textarea',\n        },\n        {\n          name: 'sidebarMode',\n          type: 'select',\n          options: ['auto', 'manual', 'hidden'],\n        },\n      ],\n    },\n    {\n      name: 'aiExport',\n      type: 'json',\n      admin: {\n        description:\n          'Parsed index.ai.yml control data for the raw Markdown AI export route.',\n      },\n    },\n    {\n      name: 'sync',\n      type: 'group',\n      fields: [\n        {\n          name: 'lastSyncedAt',\n          type: 'date',\n        },\n        ...(syncRunsCollectionSlug\n          ? [\n              {\n                name: 'lastSyncRunId',\n                type: 'relationship' as const,\n                relationTo: syncRunsCollectionSlug,\n              },\n            ]\n          : []),\n        {\n          name: 'lastStatus',\n          type: 'select',\n          options: ['failed', 'pending', 'success'],\n        },\n        {\n          name: 'docsCount',\n          type: 'number',\n          defaultValue: 0,\n        },\n      ],\n    },\n    ...(docsCollectionSlug\n      ? [\n          {\n            name: 'docsSetManager',\n            type: 'ui' as const,\n            admin: {\n              components: {\n                Field: DOCS_SET_MANAGER_COMPONENT,\n              },\n              custom: {\n                docsCollectionSlug,\n                docsSetsCollectionSlug: slug,\n              },\n            },\n          },\n        ]\n      : []),\n  ],\n})\n"],"names":["DOCS_SET_MANAGER_COMPONENT","createDocsSetsCollection","slug","docsCollectionSlug","docsGroupsCollectionSlug","syncRunsCollectionSlug","admin","defaultColumns","group","useAsTitle","fields","name","type","required","index","unique","defaultValue","relationTo","description","options","components","Field","custom","docsSetsCollectionSlug"],"mappings":"AAEA,SAASA,0BAA0B,QAAQ,kBAAiB;AAS5D,OAAO,MAAMC,2BAA2B,CAAC,EACvCC,IAAI,EACJC,kBAAkB,EAClBC,wBAAwB,EACxBC,sBAAsB,EACU,GAAwB,CAAA;QACxDH;QACAI,OAAO;YACLC,gBAAgB;gBAAC;gBAAS;gBAAY;gBAAa;aAAY;YAC/DC,OAAO;YACPC,YAAY;QACd;QACAC,QAAQ;YACN;gBACEC,MAAM;gBACNC,MAAM;gBACNC,UAAU;YACZ;YACA;gBACEF,MAAM;gBACNC,MAAM;gBACNE,OAAO;gBACPD,UAAU;YACZ;YACA;gBACEF,MAAM;gBACNC,MAAM;gBACNE,OAAO;gBACPD,UAAU;gBACVE,QAAQ;YACV;YACA;gBACEJ,MAAM;gBACNC,MAAM;gBACNI,cAAc;YAChB;YACA;gBACEL,MAAM;gBACNC,MAAM;gBACNK,YAAYb;YACd;YACA;gBACEO,MAAM;gBACNC,MAAM;gBACNE,OAAO;gBACPD,UAAU;gBACVE,QAAQ;YACV;YACA;gBACEJ,MAAM;gBACNC,MAAM;YACR;YACA;gBACED,MAAM;gBACNC,MAAM;YACR;YACA;gBACED,MAAM;gBACNC,MAAM;gBACNI,cAAc;YAChB;YACA;gBACEL,MAAM;gBACNC,MAAM;gBACNN,OAAO;oBACLY,aACE;gBACJ;gBACAR,QAAQ;oBACN;wBACEC,MAAM;wBACNC,MAAM;wBACNF,QAAQ;4BACN;gCACEC,MAAM;gCACNC,MAAM;gCACNN,OAAO;oCACLY,aACE;gCACJ;gCACAR,QAAQ;oCACN;wCACEC,MAAM;wCACNC,MAAM;wCACNC,UAAU;oCACZ;oCACA;wCACEF,MAAM;wCACNC,MAAM;wCACNC,UAAU;oCACZ;iCACD;4BACH;4BACA;gCACEF,MAAM;gCACNC,MAAM;4BACR;4BACA;gCACED,MAAM;gCACNC,MAAM;4BACR;yBACD;oBACH;oBACA;wBACED,MAAM;wBACNC,MAAM;wBACNF,QAAQ;4BACN;gCACEC,MAAM;gCACNC,MAAM;gCACNI,cAAc;4BAChB;4BACA;gCACEL,MAAM;gCACNC,MAAM;gCACNN,OAAO;oCACLY,aACE;gCACJ;4BACF;4BACA;gCACEP,MAAM;gCACNC,MAAM;gCACNN,OAAO;oCACLY,aACE;gCACJ;gCACAR,QAAQ;oCACN;wCACEC,MAAM;wCACNC,MAAM;wCACNC,UAAU;oCACZ;iCACD;4BACH;4BACA;gCACEF,MAAM;gCACNC,MAAM;gCACNF,QAAQ;oCACN;wCACEC,MAAM;wCACNC,MAAM;wCACNC,UAAU;oCACZ;iCACD;4BACH;4BACA;gCACEF,MAAM;gCACNC,MAAM;gCACNN,OAAO;oCACLY,aACE;gCACJ;gCACAR,QAAQ;oCACN;wCACEC,MAAM;wCACNC,MAAM;wCACNC,UAAU;oCACZ;iCACD;4BACH;4BACA;gCACEF,MAAM;gCACNC,MAAM;gCACNF,QAAQ;oCACN;wCACEC,MAAM;wCACNC,MAAM;wCACNC,UAAU;oCACZ;iCACD;4BACH;4BACA;gCACEF,MAAM;gCACNC,MAAM;gCACNF,QAAQ;oCACN;wCACEC,MAAM;wCACNC,MAAM;wCACNC,UAAU;oCACZ;iCACD;4BACH;4BACA;gCACEF,MAAM;gCACNC,MAAM;gCACNF,QAAQ;oCACN;wCACEC,MAAM;wCACNC,MAAM;wCACNC,UAAU;oCACZ;iCACD;4BACH;4BACA;gCACEF,MAAM;gCACNC,MAAM;gCACNI,cAAc;4BAChB;4BACA;gCACEL,MAAM;gCACNC,MAAM;4BACR;4BACA;gCACED,MAAM;gCACNC,MAAM;4BACR;4BACA;gCACED,MAAM;gCACNC,MAAM;4BACR;yBACD;oBACH;iBACD;YACH;YACA;gBACED,MAAM;gBACNC,MAAM;gBACNF,QAAQ;oBACN;wBACEC,MAAM;wBACNC,MAAM;oBACR;oBACA;wBACED,MAAM;wBACNC,MAAM;oBACR;oBACA;wBACED,MAAM;wBACNC,MAAM;oBACR;oBACA;wBACED,MAAM;wBACNC,MAAM;oBACR;oBACA;wBACED,MAAM;wBACNC,MAAM;oBACR;oBACA;wBACED,MAAM;wBACNC,MAAM;oBACR;oBACA;wBACED,MAAM;wBACNC,MAAM;wBACNO,SAAS;4BAAC;4BAAQ;4BAAU;yBAAS;oBACvC;iBACD;YACH;YACA;gBACER,MAAM;gBACNC,MAAM;gBACNN,OAAO;oBACLY,aACE;gBACJ;YACF;YACA;gBACEP,MAAM;gBACNC,MAAM;gBACNF,QAAQ;oBACN;wBACEC,MAAM;wBACNC,MAAM;oBACR;uBACIP,yBACA;wBACE;4BACEM,MAAM;4BACNC,MAAM;4BACNK,YAAYZ;wBACd;qBACD,GACD,EAAE;oBACN;wBACEM,MAAM;wBACNC,MAAM;wBACNO,SAAS;4BAAC;4BAAU;4BAAW;yBAAU;oBAC3C;oBACA;wBACER,MAAM;wBACNC,MAAM;wBACNI,cAAc;oBAChB;iBACD;YACH;eACIb,qBACA;gBACE;oBACEQ,MAAM;oBACNC,MAAM;oBACNN,OAAO;wBACLc,YAAY;4BACVC,OAAOrB;wBACT;wBACAsB,QAAQ;4BACNnB;4BACAoB,wBAAwBrB;wBAC1B;oBACF;gBACF;aACD,GACD,EAAE;SACP;IACH,CAAA,EAAE"}
+{"version":3,"sources":["../../src/collections/docsSets.ts"],"sourcesContent":["import type { CollectionConfig } from 'payload'\n\nimport {\n  DOCS_GLOBALS_ADMIN_GROUP,\n  DOCS_SET_MANAGER_COMPONENT,\n} from '../constants.js'\n\nexport type CreateDocsSetsCollectionOptions = {\n  docsCollectionSlug?: string\n  docsGroupsCollectionSlug: string\n  slug: string\n  syncRunsCollectionSlug?: string\n}\n\nexport const createDocsSetsCollection = ({\n  slug,\n  docsCollectionSlug,\n  docsGroupsCollectionSlug,\n  syncRunsCollectionSlug,\n}: CreateDocsSetsCollectionOptions): CollectionConfig => ({\n  slug,\n  admin: {\n    defaultColumns: ['title', 'slug', 'branch', 'updatedAt'],\n    group: DOCS_GLOBALS_ADMIN_GROUP,\n    useAsTitle: 'title',\n  },\n  fields: [\n    {\n      name: 'title',\n      type: 'text',\n      required: true,\n    },\n    {\n      name: 'slug',\n      type: 'text',\n      index: true,\n      required: true,\n      unique: true,\n    },\n    {\n      name: 'group',\n      type: 'relationship',\n      relationTo: docsGroupsCollectionSlug,\n    },\n    {\n      name: 'branch',\n      type: 'text',\n      admin: {\n        description:\n          'Git branch allowed to publish this docs set. The full Git ref is handled internally.',\n      },\n      defaultValue: 'main',\n    },\n    {\n      name: 'allowPullRequests',\n      type: 'checkbox',\n      admin: {\n        description:\n          'Allow GitHub pull request events to dry-run or publish this docs set.',\n      },\n      defaultValue: false,\n    },\n    {\n      name: 'description',\n      type: 'textarea',\n    },\n    {\n      name: 'advancedSecurity',\n      type: 'group',\n      admin: {\n        description:\n          'Optional workflow lock-down. Leave disabled to allow any workflow from a trusted GitHub owner/repository and branch.',\n      },\n      fields: [\n        {\n          name: 'enabled',\n          type: 'checkbox',\n          admin: {\n            description:\n              'When enabled, only the workflow refs listed below can publish this docs set.',\n          },\n          defaultValue: false,\n        },\n        {\n          name: 'allowedWorkflowRefs',\n          type: 'array',\n          admin: {\n            condition: (_data, siblingData) => siblingData?.enabled === true,\n            description:\n              'Exact GitHub workflow refs, for example owner/repo/.github/workflows/publish-docs.yml@refs/heads/main.',\n          },\n          fields: [\n            {\n              name: 'value',\n              type: 'text',\n              required: true,\n            },\n          ],\n          validate: (value, { siblingData }) => {\n            const advancedSecurityData =\n              typeof siblingData === 'object' && siblingData !== null\n                ? (siblingData as { enabled?: unknown })\n                : undefined\n\n            if (\n              advancedSecurityData?.enabled === true &&\n              (!Array.isArray(value) || value.length === 0)\n            ) {\n              return 'Add at least one workflow ref or disable advanced security.'\n            }\n\n            return true\n          },\n        },\n      ],\n    },\n    {\n      name: 'aiExport',\n      type: 'json',\n      admin: {\n        description:\n          'Parsed index.ai.yml control data for the raw Markdown AI export route.',\n      },\n    },\n    {\n      name: 'sync',\n      type: 'group',\n      fields: [\n        {\n          name: 'lastSyncedAt',\n          type: 'date',\n        },\n        ...(syncRunsCollectionSlug\n          ? [\n              {\n                name: 'lastSyncRunId',\n                type: 'relationship' as const,\n                relationTo: syncRunsCollectionSlug,\n              },\n            ]\n          : []),\n        {\n          name: 'lastStatus',\n          type: 'select',\n          options: ['failed', 'pending', 'success'],\n        },\n        {\n          name: 'docsCount',\n          type: 'number',\n          defaultValue: 0,\n        },\n      ],\n    },\n    ...(docsCollectionSlug\n      ? [\n          {\n            name: 'docsSetManager',\n            type: 'ui' as const,\n            admin: {\n              components: {\n                Field: DOCS_SET_MANAGER_COMPONENT,\n              },\n              custom: {\n                docsCollectionSlug,\n                docsGroupsCollectionSlug,\n                docsSetsCollectionSlug: slug,\n              },\n            },\n          },\n        ]\n      : []),\n  ],\n  labels: {\n    plural: 'Sets',\n    singular: 'Set',\n  },\n})\n"],"names":["DOCS_GLOBALS_ADMIN_GROUP","DOCS_SET_MANAGER_COMPONENT","createDocsSetsCollection","slug","docsCollectionSlug","docsGroupsCollectionSlug","syncRunsCollectionSlug","admin","defaultColumns","group","useAsTitle","fields","name","type","required","index","unique","relationTo","description","defaultValue","condition","_data","siblingData","enabled","validate","value","advancedSecurityData","undefined","Array","isArray","length","options","components","Field","custom","docsSetsCollectionSlug","labels","plural","singular"],"mappings":"AAEA,SACEA,wBAAwB,EACxBC,0BAA0B,QACrB,kBAAiB;AASxB,OAAO,MAAMC,2BAA2B,CAAC,EACvCC,IAAI,EACJC,kBAAkB,EAClBC,wBAAwB,EACxBC,sBAAsB,EACU,GAAwB,CAAA;QACxDH;QACAI,OAAO;YACLC,gBAAgB;gBAAC;gBAAS;gBAAQ;gBAAU;aAAY;YACxDC,OAAOT;YACPU,YAAY;QACd;QACAC,QAAQ;YACN;gBACEC,MAAM;gBACNC,MAAM;gBACNC,UAAU;YACZ;YACA;gBACEF,MAAM;gBACNC,MAAM;gBACNE,OAAO;gBACPD,UAAU;gBACVE,QAAQ;YACV;YACA;gBACEJ,MAAM;gBACNC,MAAM;gBACNI,YAAYZ;YACd;YACA;gBACEO,MAAM;gBACNC,MAAM;gBACNN,OAAO;oBACLW,aACE;gBACJ;gBACAC,cAAc;YAChB;YACA;gBACEP,MAAM;gBACNC,MAAM;gBACNN,OAAO;oBACLW,aACE;gBACJ;gBACAC,cAAc;YAChB;YACA;gBACEP,MAAM;gBACNC,MAAM;YACR;YACA;gBACED,MAAM;gBACNC,MAAM;gBACNN,OAAO;oBACLW,aACE;gBACJ;gBACAP,QAAQ;oBACN;wBACEC,MAAM;wBACNC,MAAM;wBACNN,OAAO;4BACLW,aACE;wBACJ;wBACAC,cAAc;oBAChB;oBACA;wBACEP,MAAM;wBACNC,MAAM;wBACNN,OAAO;4BACLa,WAAW,CAACC,OAAOC,cAAgBA,aAAaC,YAAY;4BAC5DL,aACE;wBACJ;wBACAP,QAAQ;4BACN;gCACEC,MAAM;gCACNC,MAAM;gCACNC,UAAU;4BACZ;yBACD;wBACDU,UAAU,CAACC,OAAO,EAAEH,WAAW,EAAE;4BAC/B,MAAMI,uBACJ,OAAOJ,gBAAgB,YAAYA,gBAAgB,OAC9CA,cACDK;4BAEN,IACED,sBAAsBH,YAAY,QACjC,CAAA,CAACK,MAAMC,OAAO,CAACJ,UAAUA,MAAMK,MAAM,KAAK,CAAA,GAC3C;gCACA,OAAO;4BACT;4BAEA,OAAO;wBACT;oBACF;iBACD;YACH;YACA;gBACElB,MAAM;gBACNC,MAAM;gBACNN,OAAO;oBACLW,aACE;gBACJ;YACF;YACA;gBACEN,MAAM;gBACNC,MAAM;gBACNF,QAAQ;oBACN;wBACEC,MAAM;wBACNC,MAAM;oBACR;uBACIP,yBACA;wBACE;4BACEM,MAAM;4BACNC,MAAM;4BACNI,YAAYX;wBACd;qBACD,GACD,EAAE;oBACN;wBACEM,MAAM;wBACNC,MAAM;wBACNkB,SAAS;4BAAC;4BAAU;4BAAW;yBAAU;oBAC3C;oBACA;wBACEnB,MAAM;wBACNC,MAAM;wBACNM,cAAc;oBAChB;iBACD;YACH;eACIf,qBACA;gBACE;oBACEQ,MAAM;oBACNC,MAAM;oBACNN,OAAO;wBACLyB,YAAY;4BACVC,OAAOhC;wBACT;wBACAiC,QAAQ;4BACN9B;4BACAC;4BACA8B,wBAAwBhC;wBAC1B;oBACF;gBACF;aACD,GACD,EAAE;SACP;QACDiC,QAAQ;YACNC,QAAQ;YACRC,UAAU;QACZ;IACF,CAAA,EAAE"}

package/dist/collections/docsTrusted.d.ts

@@ -0,0 +1,5 @@
+import type { CollectionConfig } from 'payload';
+export type CreateDocsTrustedCollectionOptions = {
+    slug: string;
+};
+export declare const createDocsTrustedCollection: ({ slug, }: CreateDocsTrustedCollectionOptions) => CollectionConfig;

package/dist/collections/docsTrusted.js

@@ -0,0 +1,60 @@
+import { DOCS_GLOBALS_ADMIN_GROUP } from '../constants.js';
+export const createDocsTrustedCollection = ({ slug })=>({
+        slug,
+        admin: {
+            defaultColumns: [
+                'title',
+                'owner',
+                'limitRepos',
+                'updatedAt'
+            ],
+            group: DOCS_GLOBALS_ADMIN_GROUP,
+            useAsTitle: 'title'
+        },
+        fields: [
+            {
+                name: 'title',
+                type: 'text',
+                required: true
+            },
+            {
+                name: 'owner',
+                type: 'text',
+                admin: {
+                    description: 'GitHub owner or organization trusted to publish docs through OIDC.'
+                },
+                index: true,
+                required: true,
+                unique: true
+            },
+            {
+                name: 'limitRepos',
+                type: 'checkbox',
+                admin: {
+                    description: 'Leave off to trust every repository owned by this GitHub owner. Enable to list specific repositories.'
+                },
+                defaultValue: false
+            },
+            {
+                name: 'repositories',
+                type: 'array',
+                admin: {
+                    condition: (_data, siblingData)=>siblingData?.limitRepos === true,
+                    description: 'Repository names or owner/repository pairs allowed when repo limiting is enabled.'
+                },
+                fields: [
+                    {
+                        name: 'value',
+                        type: 'text',
+                        required: true
+                    }
+                ]
+            }
+        ],
+        labels: {
+            plural: 'Trusted',
+            singular: 'Trusted'
+        }
+    });
+
+//# sourceMappingURL=docsTrusted.js.map

package/dist/collections/docsTrusted.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/collections/docsTrusted.ts"],"sourcesContent":["import type { CollectionConfig } from 'payload'\n\nimport { DOCS_GLOBALS_ADMIN_GROUP } from '../constants.js'\n\nexport type CreateDocsTrustedCollectionOptions = {\n  slug: string\n}\n\nexport const createDocsTrustedCollection = ({\n  slug,\n}: CreateDocsTrustedCollectionOptions): CollectionConfig => ({\n  slug,\n  admin: {\n    defaultColumns: ['title', 'owner', 'limitRepos', 'updatedAt'],\n    group: DOCS_GLOBALS_ADMIN_GROUP,\n    useAsTitle: 'title',\n  },\n  fields: [\n    {\n      name: 'title',\n      type: 'text',\n      required: true,\n    },\n    {\n      name: 'owner',\n      type: 'text',\n      admin: {\n        description:\n          'GitHub owner or organization trusted to publish docs through OIDC.',\n      },\n      index: true,\n      required: true,\n      unique: true,\n    },\n    {\n      name: 'limitRepos',\n      type: 'checkbox',\n      admin: {\n        description:\n          'Leave off to trust every repository owned by this GitHub owner. Enable to list specific repositories.',\n      },\n      defaultValue: false,\n    },\n    {\n      name: 'repositories',\n      type: 'array',\n      admin: {\n        condition: (_data, siblingData) => siblingData?.limitRepos === true,\n        description:\n          'Repository names or owner/repository pairs allowed when repo limiting is enabled.',\n      },\n      fields: [\n        {\n          name: 'value',\n          type: 'text',\n          required: true,\n        },\n      ],\n    },\n  ],\n  labels: {\n    plural: 'Trusted',\n    singular: 'Trusted',\n  },\n})\n"],"names":["DOCS_GLOBALS_ADMIN_GROUP","createDocsTrustedCollection","slug","admin","defaultColumns","group","useAsTitle","fields","name","type","required","description","index","unique","defaultValue","condition","_data","siblingData","limitRepos","labels","plural","singular"],"mappings":"AAEA,SAASA,wBAAwB,QAAQ,kBAAiB;AAM1D,OAAO,MAAMC,8BAA8B,CAAC,EAC1CC,IAAI,EAC+B,GAAwB,CAAA;QAC3DA;QACAC,OAAO;YACLC,gBAAgB;gBAAC;gBAAS;gBAAS;gBAAc;aAAY;YAC7DC,OAAOL;YACPM,YAAY;QACd;QACAC,QAAQ;YACN;gBACEC,MAAM;gBACNC,MAAM;gBACNC,UAAU;YACZ;YACA;gBACEF,MAAM;gBACNC,MAAM;gBACNN,OAAO;oBACLQ,aACE;gBACJ;gBACAC,OAAO;gBACPF,UAAU;gBACVG,QAAQ;YACV;YACA;gBACEL,MAAM;gBACNC,MAAM;gBACNN,OAAO;oBACLQ,aACE;gBACJ;gBACAG,cAAc;YAChB;YACA;gBACEN,MAAM;gBACNC,MAAM;gBACNN,OAAO;oBACLY,WAAW,CAACC,OAAOC,cAAgBA,aAAaC,eAAe;oBAC/DP,aACE;gBACJ;gBACAJ,QAAQ;oBACN;wBACEC,MAAM;wBACNC,MAAM;wBACNC,UAAU;oBACZ;iBACD;YACH;SACD;QACDS,QAAQ;YACNC,QAAQ;YACRC,UAAU;QACZ;IACF,CAAA,EAAE"}

package/dist/collections/index.d.ts

@@ -2,8 +2,12 @@ export { createDocsCollection } from './docs.js';
 export type { CreateDocsCollectionOptions } from './docs.js';
 export { createDocsGroupsCollection } from './docsGroups.js';
 export type { CreateDocsGroupsCollectionOptions } from './docsGroups.js';
+export { createDocsKeysCollection } from './docsKeys.js';
+export type { CreateDocsKeysCollectionOptions } from './docsKeys.js';
 export { createDocsSetsCollection } from './docsSets.js';
 export type { CreateDocsSetsCollectionOptions } from './docsSets.js';
+export { createDocsTrustedCollection } from './docsTrusted.js';
+export type { CreateDocsTrustedCollectionOptions } from './docsTrusted.js';
 export { createNoncesCollection } from './nonces.js';
 export type { CreateNoncesCollectionOptions } from './nonces.js';
 export { createSyncRunsCollection } from './syncRuns.js';

package/dist/collections/index.js

@@ -1,6 +1,8 @@
 export { createDocsCollection } from './docs.js';
 export { createDocsGroupsCollection } from './docsGroups.js';
+export { createDocsKeysCollection } from './docsKeys.js';
 export { createDocsSetsCollection } from './docsSets.js';
+export { createDocsTrustedCollection } from './docsTrusted.js';
 export { createNoncesCollection } from './nonces.js';
 export { createSyncRunsCollection } from './syncRuns.js';
 

package/dist/collections/index.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../src/collections/index.ts"],"sourcesContent":["export { createDocsCollection } from './docs.js'\nexport type { CreateDocsCollectionOptions } from './docs.js'\nexport { createDocsGroupsCollection } from './docsGroups.js'\nexport type { CreateDocsGroupsCollectionOptions } from './docsGroups.js'\nexport { createDocsSetsCollection } from './docsSets.js'\nexport type { CreateDocsSetsCollectionOptions } from './docsSets.js'\nexport { createNoncesCollection } from './nonces.js'\nexport type { CreateNoncesCollectionOptions } from './nonces.js'\nexport { createSyncRunsCollection } from './syncRuns.js'\nexport type { CreateSyncRunsCollectionOptions } from './syncRuns.js'\n"],"names":["createDocsCollection","createDocsGroupsCollection","createDocsSetsCollection","createNoncesCollection","createSyncRunsCollection"],"mappings":"AAAA,SAASA,oBAAoB,QAAQ,YAAW;AAEhD,SAASC,0BAA0B,QAAQ,kBAAiB;AAE5D,SAASC,wBAAwB,QAAQ,gBAAe;AAExD,SAASC,sBAAsB,QAAQ,cAAa;AAEpD,SAASC,wBAAwB,QAAQ,gBAAe"}
+{"version":3,"sources":["../../src/collections/index.ts"],"sourcesContent":["export { createDocsCollection } from './docs.js'\nexport type { CreateDocsCollectionOptions } from './docs.js'\nexport { createDocsGroupsCollection } from './docsGroups.js'\nexport type { CreateDocsGroupsCollectionOptions } from './docsGroups.js'\nexport { createDocsKeysCollection } from './docsKeys.js'\nexport type { CreateDocsKeysCollectionOptions } from './docsKeys.js'\nexport { createDocsSetsCollection } from './docsSets.js'\nexport type { CreateDocsSetsCollectionOptions } from './docsSets.js'\nexport { createDocsTrustedCollection } from './docsTrusted.js'\nexport type { CreateDocsTrustedCollectionOptions } from './docsTrusted.js'\nexport { createNoncesCollection } from './nonces.js'\nexport type { CreateNoncesCollectionOptions } from './nonces.js'\nexport { createSyncRunsCollection } from './syncRuns.js'\nexport type { CreateSyncRunsCollectionOptions } from './syncRuns.js'\n"],"names":["createDocsCollection","createDocsGroupsCollection","createDocsKeysCollection","createDocsSetsCollection","createDocsTrustedCollection","createNoncesCollection","createSyncRunsCollection"],"mappings":"AAAA,SAASA,oBAAoB,QAAQ,YAAW;AAEhD,SAASC,0BAA0B,QAAQ,kBAAiB;AAE5D,SAASC,wBAAwB,QAAQ,gBAAe;AAExD,SAASC,wBAAwB,QAAQ,gBAAe;AAExD,SAASC,2BAA2B,QAAQ,mBAAkB;AAE9D,SAASC,sBAAsB,QAAQ,cAAa;AAEpD,SAASC,wBAAwB,QAAQ,gBAAe"}

package/dist/constants.d.ts

@@ -1,9 +1,11 @@
 export declare const DEFAULT_DOCS_COLLECTION_SLUG = "docs";
 export declare const DEFAULT_DOCS_GROUPS_COLLECTION_SLUG = "docs-groups";
+export declare const DEFAULT_DOCS_KEYS_COLLECTION_SLUG = "docs-keys";
 export declare const DEFAULT_DOCS_ROUTE_BASE = "/docs";
 export declare const DEFAULT_DOCS_SETS_COLLECTION_SLUG = "docs-sets";
 export declare const DEFAULT_DOCS_SYNC_NONCES_COLLECTION_SLUG = "docs-sync-nonces";
 export declare const DEFAULT_DOCS_SYNC_RUNS_COLLECTION_SLUG = "docs-sync-runs";
+export declare const DEFAULT_DOCS_TRUSTED_COLLECTION_SLUG = "docs-trusted";
 export declare const DEFAULT_DOCS_SYNC_ENDPOINT_PATH = "/payload-markdown-docs/sync";
 export declare const DEFAULT_MARKDOWN_FIELD_NAME = "content";
 export declare const DOCS_SET_MANAGER_COMPONENT = "@valkyrianlabs/payload-markdown-docs/admin#DocsSetManager";
@@ -16,6 +18,6 @@ export declare const DEFAULT_MAX_DOCS_TOTAL_BYTES = 5000000;
 export declare const DEFAULT_MAX_BODY_BYTES = 5000000;
 export declare const DEFAULT_MAX_SKEW_SECONDS = 300;
 export declare const DEFAULT_NONCE_TTL_SECONDS = 600;
-export declare const DEFAULT_GITHUB_OIDC_AUDIENCE = "payload-markdown-docs";
 export declare const DEFAULT_GITHUB_OIDC_ISSUER = "https://token.actions.githubusercontent.com";
 export declare const MANAGED_BY = "payload-markdown-docs";
+export declare const DOCS_GLOBALS_ADMIN_GROUP = "Docs Globals";

package/dist/constants.js

@@ -1,9 +1,11 @@
 export const DEFAULT_DOCS_COLLECTION_SLUG = 'docs';
 export const DEFAULT_DOCS_GROUPS_COLLECTION_SLUG = 'docs-groups';
+export const DEFAULT_DOCS_KEYS_COLLECTION_SLUG = 'docs-keys';
 export const DEFAULT_DOCS_ROUTE_BASE = '/docs';
 export const DEFAULT_DOCS_SETS_COLLECTION_SLUG = 'docs-sets';
 export const DEFAULT_DOCS_SYNC_NONCES_COLLECTION_SLUG = 'docs-sync-nonces';
 export const DEFAULT_DOCS_SYNC_RUNS_COLLECTION_SLUG = 'docs-sync-runs';
+export const DEFAULT_DOCS_TRUSTED_COLLECTION_SLUG = 'docs-trusted';
 export const DEFAULT_DOCS_SYNC_ENDPOINT_PATH = '/payload-markdown-docs/sync';
 export const DEFAULT_MARKDOWN_FIELD_NAME = 'content';
 export const DOCS_SET_MANAGER_COMPONENT = '@valkyrianlabs/payload-markdown-docs/admin#DocsSetManager';
@@ -16,8 +18,8 @@ export const DEFAULT_MAX_DOCS_TOTAL_BYTES = 5_000_000;
 export const DEFAULT_MAX_BODY_BYTES = 5_000_000;
 export const DEFAULT_MAX_SKEW_SECONDS = 300;
 export const DEFAULT_NONCE_TTL_SECONDS = 600;
-export const DEFAULT_GITHUB_OIDC_AUDIENCE = 'payload-markdown-docs';
 export const DEFAULT_GITHUB_OIDC_ISSUER = 'https://token.actions.githubusercontent.com';
 export const MANAGED_BY = 'payload-markdown-docs';
+export const DOCS_GLOBALS_ADMIN_GROUP = 'Docs Globals';
 
 //# sourceMappingURL=constants.js.map

package/dist/constants.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../src/constants.ts"],"sourcesContent":["export const DEFAULT_DOCS_COLLECTION_SLUG = 'docs'\nexport const DEFAULT_DOCS_GROUPS_COLLECTION_SLUG = 'docs-groups'\nexport const DEFAULT_DOCS_ROUTE_BASE = '/docs'\nexport const DEFAULT_DOCS_SETS_COLLECTION_SLUG = 'docs-sets'\nexport const DEFAULT_DOCS_SYNC_NONCES_COLLECTION_SLUG = 'docs-sync-nonces'\nexport const DEFAULT_DOCS_SYNC_RUNS_COLLECTION_SLUG = 'docs-sync-runs'\nexport const DEFAULT_DOCS_SYNC_ENDPOINT_PATH = '/payload-markdown-docs/sync'\nexport const DEFAULT_MARKDOWN_FIELD_NAME = 'content'\nexport const DOCS_SET_MANAGER_COMPONENT =\n  '@valkyrianlabs/payload-markdown-docs/admin#DocsSetManager'\nexport const DEFAULT_PAGES_BRIDGE_FIELD = 'docsBridge'\nexport const DEFAULT_PAGES_COLLECTION_SLUG = 'pages'\nexport const DEFAULT_PAGES_ROUTE_FIELD = 'slug'\nexport const DEFAULT_MAX_DOCS_FILE_BYTES = 500_000\nexport const DEFAULT_MAX_DOCS_FILES = 500\nexport const DEFAULT_MAX_DOCS_TOTAL_BYTES = 5_000_000\nexport const DEFAULT_MAX_BODY_BYTES = 5_000_000\nexport const DEFAULT_MAX_SKEW_SECONDS = 300\nexport const DEFAULT_NONCE_TTL_SECONDS = 600\nexport const DEFAULT_GITHUB_OIDC_AUDIENCE = 'payload-markdown-docs'\nexport const DEFAULT_GITHUB_OIDC_ISSUER =\n  'https://token.actions.githubusercontent.com'\nexport const MANAGED_BY = 'payload-markdown-docs'\n"],"names":["DEFAULT_DOCS_COLLECTION_SLUG","DEFAULT_DOCS_GROUPS_COLLECTION_SLUG","DEFAULT_DOCS_ROUTE_BASE","DEFAULT_DOCS_SETS_COLLECTION_SLUG","DEFAULT_DOCS_SYNC_NONCES_COLLECTION_SLUG","DEFAULT_DOCS_SYNC_RUNS_COLLECTION_SLUG","DEFAULT_DOCS_SYNC_ENDPOINT_PATH","DEFAULT_MARKDOWN_FIELD_NAME","DOCS_SET_MANAGER_COMPONENT","DEFAULT_PAGES_BRIDGE_FIELD","DEFAULT_PAGES_COLLECTION_SLUG","DEFAULT_PAGES_ROUTE_FIELD","DEFAULT_MAX_DOCS_FILE_BYTES","DEFAULT_MAX_DOCS_FILES","DEFAULT_MAX_DOCS_TOTAL_BYTES","DEFAULT_MAX_BODY_BYTES","DEFAULT_MAX_SKEW_SECONDS","DEFAULT_NONCE_TTL_SECONDS","DEFAULT_GITHUB_OIDC_AUDIENCE","DEFAULT_GITHUB_OIDC_ISSUER","MANAGED_BY"],"mappings":"AAAA,OAAO,MAAMA,+BAA+B,OAAM;AAClD,OAAO,MAAMC,sCAAsC,cAAa;AAChE,OAAO,MAAMC,0BAA0B,QAAO;AAC9C,OAAO,MAAMC,oCAAoC,YAAW;AAC5D,OAAO,MAAMC,2CAA2C,mBAAkB;AAC1E,OAAO,MAAMC,yCAAyC,iBAAgB;AACtE,OAAO,MAAMC,kCAAkC,8BAA6B;AAC5E,OAAO,MAAMC,8BAA8B,UAAS;AACpD,OAAO,MAAMC,6BACX,4DAA2D;AAC7D,OAAO,MAAMC,6BAA6B,aAAY;AACtD,OAAO,MAAMC,gCAAgC,QAAO;AACpD,OAAO,MAAMC,4BAA4B,OAAM;AAC/C,OAAO,MAAMC,8BAA8B,QAAO;AAClD,OAAO,MAAMC,yBAAyB,IAAG;AACzC,OAAO,MAAMC,+BAA+B,UAAS;AACrD,OAAO,MAAMC,yBAAyB,UAAS;AAC/C,OAAO,MAAMC,2BAA2B,IAAG;AAC3C,OAAO,MAAMC,4BAA4B,IAAG;AAC5C,OAAO,MAAMC,+BAA+B,wBAAuB;AACnE,OAAO,MAAMC,6BACX,8CAA6C;AAC/C,OAAO,MAAMC,aAAa,wBAAuB"}
+{"version":3,"sources":["../src/constants.ts"],"sourcesContent":["export const DEFAULT_DOCS_COLLECTION_SLUG = 'docs'\nexport const DEFAULT_DOCS_GROUPS_COLLECTION_SLUG = 'docs-groups'\nexport const DEFAULT_DOCS_KEYS_COLLECTION_SLUG = 'docs-keys'\nexport const DEFAULT_DOCS_ROUTE_BASE = '/docs'\nexport const DEFAULT_DOCS_SETS_COLLECTION_SLUG = 'docs-sets'\nexport const DEFAULT_DOCS_SYNC_NONCES_COLLECTION_SLUG = 'docs-sync-nonces'\nexport const DEFAULT_DOCS_SYNC_RUNS_COLLECTION_SLUG = 'docs-sync-runs'\nexport const DEFAULT_DOCS_TRUSTED_COLLECTION_SLUG = 'docs-trusted'\nexport const DEFAULT_DOCS_SYNC_ENDPOINT_PATH = '/payload-markdown-docs/sync'\nexport const DEFAULT_MARKDOWN_FIELD_NAME = 'content'\nexport const DOCS_SET_MANAGER_COMPONENT =\n  '@valkyrianlabs/payload-markdown-docs/admin#DocsSetManager'\nexport const DEFAULT_PAGES_BRIDGE_FIELD = 'docsBridge'\nexport const DEFAULT_PAGES_COLLECTION_SLUG = 'pages'\nexport const DEFAULT_PAGES_ROUTE_FIELD = 'slug'\nexport const DEFAULT_MAX_DOCS_FILE_BYTES = 500_000\nexport const DEFAULT_MAX_DOCS_FILES = 500\nexport const DEFAULT_MAX_DOCS_TOTAL_BYTES = 5_000_000\nexport const DEFAULT_MAX_BODY_BYTES = 5_000_000\nexport const DEFAULT_MAX_SKEW_SECONDS = 300\nexport const DEFAULT_NONCE_TTL_SECONDS = 600\nexport const DEFAULT_GITHUB_OIDC_ISSUER =\n  'https://token.actions.githubusercontent.com'\nexport const MANAGED_BY = 'payload-markdown-docs'\nexport const DOCS_GLOBALS_ADMIN_GROUP = 'Docs Globals'\n"],"names":["DEFAULT_DOCS_COLLECTION_SLUG","DEFAULT_DOCS_GROUPS_COLLECTION_SLUG","DEFAULT_DOCS_KEYS_COLLECTION_SLUG","DEFAULT_DOCS_ROUTE_BASE","DEFAULT_DOCS_SETS_COLLECTION_SLUG","DEFAULT_DOCS_SYNC_NONCES_COLLECTION_SLUG","DEFAULT_DOCS_SYNC_RUNS_COLLECTION_SLUG","DEFAULT_DOCS_TRUSTED_COLLECTION_SLUG","DEFAULT_DOCS_SYNC_ENDPOINT_PATH","DEFAULT_MARKDOWN_FIELD_NAME","DOCS_SET_MANAGER_COMPONENT","DEFAULT_PAGES_BRIDGE_FIELD","DEFAULT_PAGES_COLLECTION_SLUG","DEFAULT_PAGES_ROUTE_FIELD","DEFAULT_MAX_DOCS_FILE_BYTES","DEFAULT_MAX_DOCS_FILES","DEFAULT_MAX_DOCS_TOTAL_BYTES","DEFAULT_MAX_BODY_BYTES","DEFAULT_MAX_SKEW_SECONDS","DEFAULT_NONCE_TTL_SECONDS","DEFAULT_GITHUB_OIDC_ISSUER","MANAGED_BY","DOCS_GLOBALS_ADMIN_GROUP"],"mappings":"AAAA,OAAO,MAAMA,+BAA+B,OAAM;AAClD,OAAO,MAAMC,sCAAsC,cAAa;AAChE,OAAO,MAAMC,oCAAoC,YAAW;AAC5D,OAAO,MAAMC,0BAA0B,QAAO;AAC9C,OAAO,MAAMC,oCAAoC,YAAW;AAC5D,OAAO,MAAMC,2CAA2C,mBAAkB;AAC1E,OAAO,MAAMC,yCAAyC,iBAAgB;AACtE,OAAO,MAAMC,uCAAuC,eAAc;AAClE,OAAO,MAAMC,kCAAkC,8BAA6B;AAC5E,OAAO,MAAMC,8BAA8B,UAAS;AACpD,OAAO,MAAMC,6BACX,4DAA2D;AAC7D,OAAO,MAAMC,6BAA6B,aAAY;AACtD,OAAO,MAAMC,gCAAgC,QAAO;AACpD,OAAO,MAAMC,4BAA4B,OAAM;AAC/C,OAAO,MAAMC,8BAA8B,QAAO;AAClD,OAAO,MAAMC,yBAAyB,IAAG;AACzC,OAAO,MAAMC,+BAA+B,UAAS;AACrD,OAAO,MAAMC,yBAAyB,UAAS;AAC/C,OAAO,MAAMC,2BAA2B,IAAG;AAC3C,OAAO,MAAMC,4BAA4B,IAAG;AAC5C,OAAO,MAAMC,6BACX,8CAA6C;AAC/C,OAAO,MAAMC,aAAa,wBAAuB;AACjD,OAAO,MAAMC,2BAA2B,eAAc"}

package/dist/endpoints/sync.d.ts

@@ -3,7 +3,7 @@ import type { DocsPublishMode } from '../payload/index.js';
 import type { FetchJson } from '../security/index.js';
 import type { DocsDeleteBehavior } from '../sync/index.js';
 import type { PayloadMarkdownDocsAuthConfig } from '../types.js';
-export type DocsSyncEndpointErrorCode = 'audit_unavailable' | 'auth_disabled' | 'body_hash_mismatch' | 'delete_behavior_not_implemented' | 'draft_behavior_not_available' | 'dry_run_required_not_implemented' | 'hard_delete_disabled' | 'invalid_body' | 'invalid_manifest' | 'invalid_method' | 'invalid_signature' | 'invalid_timestamp' | 'manual_edit_conflict' | 'missing_header' | 'nonce_replay' | 'oidc_environment_not_allowed' | 'oidc_expired' | 'oidc_invalid_audience' | 'oidc_invalid_issuer' | 'oidc_invalid_token' | 'oidc_jwks_unavailable' | 'oidc_missing_claim' | 'oidc_missing_jti' | 'oidc_not_yet_valid' | 'oidc_owner_not_allowed' | 'oidc_pull_request_not_allowed' | 'oidc_ref_not_allowed' | 'oidc_replay' | 'oidc_repository_not_allowed' | 'oidc_workflow_not_allowed' | 'publish_disabled' | 'publish_not_available' | 'replay_protection_unavailable' | 'route_collision' | 'source_not_allowed' | 'sync_apply_failed' | 'sync_mode_not_implemented' | 'sync_writes_disabled' | 'unknown_key';
+export type DocsSyncEndpointErrorCode = 'audit_unavailable' | 'auth_disabled' | 'body_hash_mismatch' | 'delete_behavior_not_implemented' | 'draft_behavior_not_available' | 'dry_run_required_not_implemented' | 'hard_delete_disabled' | 'invalid_body' | 'invalid_manifest' | 'invalid_method' | 'invalid_signature' | 'invalid_timestamp' | 'manual_edit_conflict' | 'missing_header' | 'nonce_replay' | 'oidc_expired' | 'oidc_invalid_audience' | 'oidc_invalid_issuer' | 'oidc_invalid_token' | 'oidc_jwks_unavailable' | 'oidc_missing_claim' | 'oidc_missing_jti' | 'oidc_not_yet_valid' | 'oidc_owner_not_allowed' | 'oidc_pull_request_not_allowed' | 'oidc_ref_not_allowed' | 'oidc_replay' | 'oidc_repository_not_allowed' | 'oidc_workflow_not_allowed' | 'publish_disabled' | 'publish_not_available' | 'replay_protection_unavailable' | 'route_collision' | 'source_not_allowed' | 'sync_apply_failed' | 'sync_mode_not_implemented' | 'sync_writes_disabled' | 'unknown_key';
 export type CreateSyncEndpointOptions = {
     allowHardDelete?: boolean;
     allowPublish?: boolean;
@@ -14,8 +14,13 @@ export type CreateSyncEndpointOptions = {
     docsCollectionSlug: string;
     docsEnabled: boolean;
     docsEnableDrafts: boolean;
+    docsGroupsCollectionSlug: string;
+    docsKeysCollectionSlug: string;
+    docsKeysEnabled: boolean;
     docsSetsCollectionSlug: string;
     docsSetsEnabled: boolean;
+    docsTrustedCollectionSlug: string;
+    docsTrustedEnabled: boolean;
     endpointPath: string;
     getNow?: () => Date;
     markdownFieldName: string;
@@ -26,7 +31,6 @@ export type CreateSyncEndpointOptions = {
     nonceTtlSeconds?: number;
     oidcFetchJson?: FetchJson;
     requireDryRunBeforeApply?: boolean;
-    routeBase?: string;
     routing?: {
         pages?: {
             allowBridgePages: boolean;
@@ -36,11 +40,6 @@ export type CreateSyncEndpointOptions = {
             routeField: string;
         };
     };
-    sources?: {
-        id: string;
-        root?: string;
-        routeBase: string;
-    }[];
     syncRunsCollectionSlug: string;
     syncRunsEnabled: boolean;
 };

package/dist/endpoints/sync.js

@@ -1,5 +1,5 @@
-import { DEFAULT_DOCS_ROUTE_BASE, DEFAULT_MAX_BODY_BYTES, DEFAULT_MAX_SKEW_SECONDS, DEFAULT_NONCE_TTL_SECONDS } from '../constants.js';
-import { applyDocsSync, assertApplyDeleteBehaviorSupported, createSyncRunAudit, findConfiguredPagesRouteCollisions, findDocsSetBySourceId, findDocsSyncConflicts, findDuplicateDesiredRouteCollisions, findExistingDocsRouteCollisions, findExistingPayloadDocsRecords, getRecordId, toExistingDocsRecord, updateDocsSetAfterSync, updateSyncRunAudit } from '../payload/index.js';
+import { DEFAULT_MAX_BODY_BYTES, DEFAULT_MAX_SKEW_SECONDS, DEFAULT_NONCE_TTL_SECONDS } from '../constants.js';
+import { applyDocsSync, assertApplyDeleteBehaviorSupported, createSyncRunAudit, findConfiguredPagesRouteCollisions, findDocsKeyById, findDocsSetBySlug, findDocsSyncConflicts, findDuplicateDesiredRouteCollisions, findExistingDocsRouteCollisions, findExistingPayloadDocsRecords, findTrustedGitHubSources, getRecordId, isEd25519AuthEnabled, isGitHubOidcAuthEnabled, toExistingDocsRecord, updateDocsSetAfterSync, updateSyncRunAudit } from '../payload/index.js';
 import { assertNonceNotReplayed, buildCanonicalSigningString, extractSyncRequestHeaders, getCanonicalPathFromRequestUrl, storeAcceptedNonce, validateTimestampSkew, verifyBodySha256, verifyEd25519Signature, verifyGitHubOidcToken } from '../security/index.js';
 import { planDocsSync, validateDocsManifest } from '../sync/index.js';
 const jsonResponse = (body, status = 200)=>Response.json(body, {
@@ -22,63 +22,30 @@ const parseManifestBody = (rawBody)=>{
         return undefined;
     }
 };
-const findSourceConfig = (sourceId, sources)=>sources?.find((source)=>source.id === sourceId);
-const getAllowedSourceIds = (sources)=>{
-    if (!sources || sources.length === 0) {
-        return undefined;
-    }
-    return sources.map((source)=>source.id);
-};
 const resolveSyncSource = async ({ manifest, options, payload })=>{
     const sourceId = manifest.source?.id;
     if (!sourceId) {
         return {
-            source: {
-                allowedSourceIds: getAllowedSourceIds(options.sources),
-                routeBase: options.routeBase ?? DEFAULT_DOCS_ROUTE_BASE
-            }
+            response: errorResponse('source_not_allowed', 'Manifest source.id is required and must match a docs set slug.', 400)
         };
     }
-    const docsSet = options.docsSetsEnabled ? await findDocsSetBySourceId({
+    const docsSet = options.docsSetsEnabled ? await findDocsSetBySlug({
+        slug: sourceId,
         collectionSlug: options.docsSetsCollectionSlug,
-        payload,
-        sourceId
+        docsGroupsCollectionSlug: options.docsGroupsCollectionSlug,
+        payload
     }) : undefined;
     if (docsSet) {
-        if (docsSet.sourceRoot && manifest.source.root && docsSet.sourceRoot !== manifest.source.root) {
-            return {
-                response: errorResponse('source_not_allowed', `Manifest source.root "${manifest.source.root}" is not allowed for docs set source "${sourceId}".`, 400)
-            };
-        }
         return {
             source: {
-                allowedSourceIds: [
-                    sourceId
-                ],
-                auth: docsSet.auth,
                 docsSet,
                 routeBase: docsSet.routeBase,
-                sourceRoot: docsSet.sourceRoot
+                sourceId
             }
         };
     }
-    const sourceConfig = findSourceConfig(sourceId, options.sources);
-    if ((options.docsSetsEnabled || options.sources && options.sources.length > 0) && !sourceConfig) {
-        return {
-            response: errorResponse('source_not_allowed', options.docsSetsEnabled ? `No docs set exists for manifest source.id "${sourceId}". Create a docs set in Payload Admin before syncing this source.` : `Manifest source.id "${sourceId}" is not configured for this endpoint.`, 400)
-        };
-    }
-    if (sourceConfig?.root && manifest.source.root && sourceConfig.root !== manifest.source.root) {
-        return {
-            response: errorResponse('source_not_allowed', `Manifest source.root "${manifest.source.root}" is not allowed for source "${sourceId}".`, 400)
-        };
-    }
     return {
-        source: {
-            allowedSourceIds: getAllowedSourceIds(options.sources),
-            routeBase: sourceConfig?.routeBase ?? options.routeBase ?? DEFAULT_DOCS_ROUTE_BASE,
-            sourceRoot: sourceConfig?.root
-        }
+        response: errorResponse('source_not_allowed', `No docs set exists for source "${sourceId}". Create a docs set with slug "${sourceId}" in Payload Admin before syncing this source.`, 400)
     };
 };
 const summarizePlan = (plan)=>({
@@ -193,72 +160,24 @@ const getBearerToken = (headers)=>{
     return token;
 };
 const hasEd25519AuthHeaders = (headers)=>getRequiredHeader(headers, 'x-vl-md-docs-key-id') !== undefined || getRequiredHeader(headers, 'x-vl-md-docs-signature') !== undefined || getRequiredHeader(headers, 'x-vl-md-docs-timestamp') !== undefined || getRequiredHeader(headers, 'x-vl-md-docs-nonce') !== undefined;
-const getGlobalEd25519AuthConfig = (auth)=>{
-    if (!auth || auth.mode === 'disabled' || auth.mode === 'github-oidc') {
-        return undefined;
-    }
-    if (auth.mode === 'ed25519') {
-        return auth;
-    }
-    return auth.ed25519 ? {
-        ...auth.ed25519,
-        mode: 'ed25519'
-    } : undefined;
-};
-const getEd25519AuthConfig = ({ auth, sourceAuth })=>{
-    const globalAuth = getGlobalEd25519AuthConfig(auth);
-    if (sourceAuth?.ed25519?.keys.length) {
-        return {
-            ...globalAuth,
-            ...sourceAuth.ed25519,
-            keys: sourceAuth.ed25519.keys,
-            mode: 'ed25519'
-        };
-    }
-    return globalAuth;
-};
-const getGlobalGitHubOidcAuthConfig = (auth)=>{
-    if (!auth || auth.mode === 'disabled' || auth.mode === 'ed25519') {
-        return undefined;
-    }
-    if (auth.mode === 'github-oidc') {
-        return auth;
-    }
-    return auth.githubOidc ? {
-        ...auth.githubOidc,
-        mode: 'github-oidc'
-    } : undefined;
-};
-const getGitHubOidcAuthConfig = ({ auth, sourceAuth })=>{
-    const globalAuth = getGlobalGitHubOidcAuthConfig(auth);
-    const sourceOidc = sourceAuth?.githubOidc;
-    if (!sourceOidc) {
-        return globalAuth;
-    }
-    if (sourceOidc.enabled === false) {
-        return globalAuth;
-    }
-    const { enabled: _enabled, ...sourceOptions } = sourceOidc;
-    const audience = sourceOptions.audience ?? globalAuth?.audience;
-    if (!audience) {
-        return globalAuth;
-    }
-    return {
-        ...globalAuth,
-        ...sourceOptions,
-        audience,
-        mode: 'github-oidc'
-    };
-};
 const assertReplayProtectionAvailable = (options)=>options.noncesEnabled ? undefined : errorResponse('replay_protection_unavailable', 'Sync endpoint requires nonce replay protection.', 500);
-const authenticateEd25519Request = async ({ auth, now, options, rawBody, req })=>{
+const authenticateEd25519Request = async ({ now, options, rawBody, req })=>{
     const headersResult = extractSyncRequestHeaders(req.headers);
     if (!headersResult.ok) {
         return {
             response: errorResponse('missing_header', `Missing required sync header: ${headersResult.header}.`, 401)
         };
     }
-    const keyConfig = auth.keys.find((key)=>key.id === headersResult.headers.keyId);
+    if (!options.docsKeysEnabled) {
+        return {
+            response: errorResponse('auth_disabled', 'Signed sync authentication requires the docs Keys collection.', 401)
+        };
+    }
+    const keyConfig = await findDocsKeyById({
+        collectionSlug: options.docsKeysCollectionSlug,
+        keyId: headersResult.headers.keyId,
+        payload: req.payload
+    });
     if (!keyConfig) {
         return {
             response: errorResponse('unknown_key', 'Unknown sync request key id.', 401)
@@ -274,7 +193,7 @@ const authenticateEd25519Request = async ({ auth, now, options, rawBody, req })=
         };
     }
     const timestampValidation = validateTimestampSkew({
-        maxSkewSeconds: auth.maxSkewSeconds ?? options.maxSkewSeconds ?? DEFAULT_MAX_SKEW_SECONDS,
+        maxSkewSeconds: options.maxSkewSeconds ?? DEFAULT_MAX_SKEW_SECONDS,
         now,
         timestamp: headersResult.headers.timestamp
     });
@@ -321,7 +240,7 @@ const authenticateEd25519Request = async ({ auth, now, options, rawBody, req })=
             response: errorResponse('invalid_signature', 'Invalid sync request signature.', 401)
         };
     }
-    const nonceTtlSeconds = auth.nonceTtlSeconds ?? options.nonceTtlSeconds ?? DEFAULT_NONCE_TTL_SECONDS;
+    const nonceTtlSeconds = options.nonceTtlSeconds ?? DEFAULT_NONCE_TTL_SECONDS;
     return {
         identity: {
             bodyHash: bodyHash.computedHash,
@@ -331,7 +250,7 @@ const authenticateEd25519Request = async ({ auth, now, options, rawBody, req })=
         }
     };
 };
-const authenticateGitHubOidcRequest = async ({ auth, now, options, rawBody, req })=>{
+const authenticateGitHubOidcRequest = async ({ docsSet, now, options, rawBody, req })=>{
     const token = getBearerToken(req.headers);
     if (token === undefined) {
         return {
@@ -358,8 +277,27 @@ const authenticateGitHubOidcRequest = async ({ auth, now, options, rawBody, req
             response: errorResponse('body_hash_mismatch', 'Sync request body hash does not match the OIDC header.', 401)
         };
     }
+    if (!options.docsTrustedEnabled) {
+        return {
+            response: errorResponse('auth_disabled', 'GitHub OIDC sync authentication requires the docs Trusted collection.', 401)
+        };
+    }
+    const trustedSources = await findTrustedGitHubSources({
+        collectionSlug: options.docsTrustedCollectionSlug,
+        payload: req.payload
+    });
+    const allowedRef = docsSet.branch.startsWith('refs/') ? docsSet.branch : `refs/heads/${docsSet.branch}`;
     const verified = await verifyGitHubOidcToken({
-        config: auth,
+        config: {
+            allowedRefs: [
+                allowedRef
+            ],
+            allowedWorkflowRefs: docsSet.advancedSecurity?.allowedWorkflowRefs,
+            allowPullRequests: docsSet.allowPullRequests,
+            audience: docsSet.slug,
+            enforceWorkflowRefs: docsSet.advancedSecurity?.enabled === true,
+            trustedSources
+        },
         fetchJson: options.oidcFetchJson,
         now,
         token
@@ -400,43 +338,36 @@ const authenticateGitHubOidcRequest = async ({ auth, now, options, rawBody, req
         }
     };
 };
-const authenticateSyncRequest = async ({ now, options, rawBody, req, sourceAuth })=>{
-    const ed25519Auth = getEd25519AuthConfig({
-        auth: options.auth,
-        sourceAuth
-    });
-    const githubOidcAuth = getGitHubOidcAuthConfig({
-        auth: options.auth,
-        sourceAuth
-    });
-    if (!ed25519Auth && !githubOidcAuth) {
+const authenticateSyncRequest = async ({ docsSet, now, options, rawBody, req })=>{
+    const ed25519Enabled = isEd25519AuthEnabled(options.auth);
+    const githubOidcEnabled = isGitHubOidcAuthEnabled(options.auth);
+    if (!ed25519Enabled && !githubOidcEnabled) {
         return {
             response: errorResponse('auth_disabled', 'Sync authentication is not configured for this endpoint.', 401)
         };
     }
     const bearerToken = getBearerToken(req.headers);
     if (bearerToken !== undefined) {
-        if (!githubOidcAuth) {
+        if (!githubOidcEnabled) {
             return {
                 response: errorResponse('auth_disabled', 'GitHub OIDC sync authentication is not configured for this endpoint.', 401)
             };
         }
         return authenticateGitHubOidcRequest({
-            auth: githubOidcAuth,
+            docsSet,
             now,
             options,
             rawBody,
             req
         });
     }
-    if (hasEd25519AuthHeaders(req.headers) || !githubOidcAuth) {
-        if (!ed25519Auth) {
+    if (hasEd25519AuthHeaders(req.headers) || !githubOidcEnabled) {
+        if (!ed25519Enabled) {
             return {
                 response: errorResponse('auth_disabled', 'Signed sync authentication is not configured for this endpoint.', 401)
             };
         }
         return authenticateEd25519Request({
-            auth: ed25519Auth,
             now,
             options,
             rawBody,
@@ -444,7 +375,7 @@ const authenticateSyncRequest = async ({ now, options, rawBody, req, sourceAuth
         });
     }
     return authenticateGitHubOidcRequest({
-        auth: githubOidcAuth,
+        docsSet,
         now,
         options,
         rawBody,
@@ -477,17 +408,19 @@ const createSyncEndpointHandler = (options)=>async (req)=>{
             return sourceResolution.response;
         }
         const authentication = await authenticateSyncRequest({
+            docsSet: sourceResolution.source.docsSet,
             now: startedAt,
             options,
             rawBody,
-            req,
-            sourceAuth: sourceResolution.source.auth
+            req
         });
         if (authentication.response) {
             return authentication.response;
         }
         const validation = validateDocsManifest(manifest, {
-            allowedSourceIds: sourceResolution.source.allowedSourceIds,
+            allowedSourceIds: [
+                sourceResolution.source.sourceId
+            ],
             maxTotalBytes: maxBodyBytes,
             routeBase: sourceResolution.source.routeBase
         });