Privacy
The core rule
Every file is private by default. Only files with publish: true in frontmatter appear on your site.
A file without publish: true never enters the build — not as HTML, not in RSS feeds, not in the sitemap, and not in the Pagefind search index.
When the SEO module is enabled and site is set, karaoke-public-content.json lists only pages that actually shipped as HTML (metadata scraped from those files). It does not read unpublished vault files.
What “private” means in practice
| Frontmatter | Builds to HTML? | In search index? | In RSS? | In sitemap? |
|---|---|---|---|---|
publish: true | Yes | Yes | Yes | Yes |
publish: false | No | No | No | No |
| field missing | No | No | No | No |
What enforces it
Two independent layers protect your private notes on every build:
1. Astro content filter
All collection queries filter at the query level:
getCollection('blog', ({ data }) => data.publish === true)Pages only receive entries that passed the filter. Private files are never loaded into a route.
2. assert-privacy CI check
After the build completes, assert-privacy scans the dist/ output for known private note titles and content. If any private content leaked into the build output, the check fails and the deploy is blocked.
Run it manually at any time:
node scripts/assert-privacy.js distWhat happens if I accidentally publish a private note?
If a file without publish: true somehow reached the HTML output, the assert-privacy check would catch it before the Cloudflare Pages deploy runs. The CI job fails, the deploy does not happen, and the private content is never served publicly.
The two layers are independent: the content filter prevents private files from entering the build graph, and assert-privacy acts as a post-build audit in case anything slipped through. Both must pass before a deploy succeeds.
Collection modes
Some content sections only exist in development. The karaoke-cms/ handbook folder is a dev-only collection — it is excluded from makeCollections() entirely when building for production. Even if a handbook file had publish: true, it would never appear in a production build. The collection itself is not present in the build graph.
This is separate from the per-file privacy rule. Collection mode is a site-level switch; publish: true is a per-file switch. Both must allow a file for it to ship.