import type { CollectionConfig } from 'payload' /** * A central collection to manage which AI Tools/MCPs a User or Role is allowed to use. */ export const AIChatPermissionsCollection: CollectionConfig = { slug: 'ai-chat-permissions', labels: { singular: 'AI Chat Permission', plural: 'AI Chat Permissions', }, admin: { useAsTitle: 'description', group: 'AI & Tools', }, fields: [ { name: 'description', type: 'text', required: true, admin: { description: 'E.g. "Editors default AI permissions"', }, }, { type: 'row', fields: [ { name: 'targetUser', type: 'relationship', relationTo: 'users', hasMany: false, admin: { description: 'Apply these permissions to a specific user (optional).', }, }, { name: 'targetRole', type: 'select', options: [ { label: 'Admin', value: 'admin' }, { label: 'Editor', value: 'editor' }, ], // Ideally this is dynamically populated in a real scenario, but we hardcode standard roles for now admin: { description: 'Apply these permissions to all users with this role.', }, }, ], }, { name: 'allowedCollections', type: 'select', hasMany: true, options: [], // Will be populated dynamically in the plugin init based on actual collections admin: { description: 'Which Payload collections is the AI allowed to read/write on behalf of this user?', }, }, { name: 'allowedMcpServers', type: 'select', hasMany: true, options: [], // Will be populated dynamically based on plugin config admin: { description: 'Which external MCP Servers is the AI allowed to execute tools from?', }, } ], }