Add PlatformHttpClient and PlatformBackend traits (EdgeZero PR6) (#581)

* Rename crates to trusted-server-core and trusted-server-adapter-fastly

Rename crates/common → crates/trusted-server-core and crates/fastly →
crates/trusted-server-adapter-fastly following the EdgeZero naming
convention. Add EdgeZero workspace dependencies pinned to rev 170b74b.
Update all references across docs, CI workflows, scripts, agent files,
and configuration.

* Add platform abstraction layer with traits and RuntimeServices

Introduces trusted-server-core::platform with PlatformConfigStore,
PlatformSecretStore, PlatformKvStore, PlatformBackend, PlatformHttpClient,
and PlatformGeo traits alongside ClientInfo, PlatformError, and
RuntimeServices. Wires the Fastly adapter implementations and threads
RuntimeServices into route_request. Moves GeoInfo to platform/types as
platform-neutral data and adds geo_from_fastly for field mapping.

* Address platform layer review feedback

- Defer KV store opening: replace early error return with a local
  UnavailableKvStore fallback so routes that do not need synthetic ID
  access succeed when the KV store is missing or temporarily unavailable
- Use ConfigStore::try_open + try_get and SecretStore::try_get throughout
  FastlyPlatformConfigStore and FastlyPlatformSecretStore to honour the
  Result contract instead of panicking on open/lookup failure
- Encapsulate RuntimeServices service fields as pub(crate) with public
  getter methods (config_store, secret_store, backend, http_client, geo)
  and a pub new() constructor; adapter updated to use new()
- Reference #487 in FastlyPlatformHttpClient stub (PR 6 implements it)
- Remove unused KvPage re-export from platform/mod.rs
- Use super::KvHandle shorthand in RuntimeServices::kv_handle()

* Reject host strings containing control characters in BackendConfig

* Fix clippy error

* Validate scheme and host for control characters in BackendConfig

* Address review findings on platform abstraction layer

* Address review findings on platform abstraction layer

* Add config store read path and storage module split

- Split fastly_storage.rs into storage/{config_store,secret_store,api_client,mod}.rs
- Add PlatformConfigStore read path via FastlyPlatformConfigStore::get using ConfigStore::try_open/try_get
- Add PlatformError::NotImplemented variant; stub write methods on FastlyPlatformConfigStore and FastlyPlatformSecretStore
- Add StoreName/StoreId newtypes with From<String>, From<&str>, AsRef<str>
- Add UnavailableKvStore to core platform module
- Add RuntimeServicesBuilder replacing 7-arg constructor
- Migrate get_active_jwks and handle_trusted_server_discovery to use &RuntimeServices
- Update call sites in signing.rs, rotation.rs, main.rs
- Add success-path test for handle_trusted_server_discovery using StubJwksConfigStore
- Fix test_parse_cookies_to_jar_empty typo (was emtpy)

* Harden legacy config-store reads and align Fastly adapter stubs

* Address storage review feedback

* Resolved github-advanced-security bot problems

* Address PR review feedback on platform abstraction layer

- Make StoreName and StoreId inner fields private; From/AsRef provide all
  needed construction and access
- Add #[deprecated] to GeoInfo::from_request with #[allow(deprecated)] at
  the three legacy call sites to track migration progress
- Enumerate the six platform traits in the platform module doc comment
- Extract backend_config_from_spec helper to remove duplicate BackendConfig
  construction in predict_name and ensure
- Replace .into_iter().collect() with .to_vec() on secret plaintext bytes
- Remove unused bytes dependency from trusted-server-adapter-fastly
- Add comment on SecretStore::open clarifying it already returns Result
  (unlike ConfigStore::open which panics)

* Add PR 4 design spec for secret store trait (read-only)

* Clarify test scope and deferred branches in PR 4 spec

* Add implementation plan for PR 4 secret store trait

* Add test for get_secret_bytes open-failure path

* Add NotImplemented tests for FastlyPlatformSecretStore write stubs

* Inline StoreId binding and add section comment in write-stub tests

* Remove plan

* Add PR 6 design spec for backend and HTTP client traits

* Address spec review findings on PR 6 design

* Implement PlatformHttpClient and thread RuntimeServices through proxy layer

- Add PlatformHttpClient trait with send(), send_async(), and select() methods
- Add PlatformBackend trait with predict_name() and ensure() methods
- Add PlatformResponse wrapper around EdgeZero HTTP responses
- Add PlatformPendingRequest and PlatformSelectResult for auction fan-out
- Thread RuntimeServices through IntegrationProxy::handle(), IntegrationRegistry::handle_proxy(),
  and all first-party proxy endpoints so handlers can reach the HTTP client
- Add StubHttpClient and StubBackend test stubs with build_services_with_http_client helper
- Add proxy_request_calls_platform_http_client_send integration test
- Fix proxy_with_redirects to stay within 7-arg clippy limit via ProxyRequestHeaders struct
- Document Body::Stream limitation in edge_request_to_fastly with warning log
- Document intentional duplication of platform_response_to_fastly across proxy and orchestrator
- Remove spec file (promoted to plan + implementation)

* Address pr review findings

* Resolve pr review findings

* Fix ci test and format failure

* Address review findings

* Address PR review findings

* Address review findings

* Extract client IP and TLS info once at adapter boundary (PR7) (#599)

* Add PR7 design spec for geo lookup + client info extract-once

Documents the call site migration plan: five Fastly SDK extraction
points in trusted-server-core replaced by RuntimeServices::client_info
reads, following Phase 1 injection pattern from the EdgeZero migration design.

* Fix spec review issues in PR7 design doc

- Correct erroneous claim about generate_synthetic_id being called twice
  via DeviceInfo; it is called once (line 91 for fresh_id), DeviceInfo.ip
  is a separate req.get_client_ip_addr() call fixed independently
- Add before/after snippet for handle_publisher_request call site in main.rs
- Add noop_services import instruction for http_util.rs test module
- Clarify _services rename (drop underscore, not add new param) in didomi.rs
- Clarify nextjs #[allow(deprecated)] annotations are out of scope (different function)

* Update PR7 spec to address all five agent review findings

- Change RequestInfo::from_request signature to &ClientInfo (not
  &RuntimeServices) so prebid can call it with context.client_info
- Scope SDK-call acceptance criteria to active non-deprecated code only
- List all six AuctionContext construction sites including two production
  sites in orchestrator.rs and three test helpers in orchestrator/prebid
- Add explicit warn-and-continue pattern for publisher.rs geo lookup
- Correct testing table: formats.rs and endpoints.rs have no test modules;
  add orchestrator.rs and prebid.rs test helper update rows

* Add PR7 implementation plan and address plan review findings

Plan covers 6 tasks in compilation-safe order: AuctionContext struct change
first, then from_request signature, then synthetic.rs cascade, then publisher
geo, then didomi. Includes two new copy_headers unit tests (Some/None).

Spec fixes: clarify injection pattern exceptions for &ClientInfo and
Option<IpAddr>; reword acceptance criterion to reflect that provider-layer
reads flow through AuctionContext.client_info.

* Fix three plan review findings and two open questions

- Finding 1 (High): Add missing publisher.rs test call site at line ~695
  for get_or_generate_synthetic_id — was omitted from Task 3 Step 6
- Finding 2 (Medium): Remove crate::geo::GeoInfo import from endpoints.rs
  rather than replacing it — type is not used by name after the change,
  keeping any import fails clippy -D warnings
- Finding 3 (Low): Replace interactive git add -p in Task 6 with explicit
  file staging instruction
- Open Q1: Add Task 2 step to update stale handle_publisher_request
  signature in auction/README.md
- Open Q2: Add Task 2 step to update from_request doc comment to reflect
  ClientInfo-based TLS detection instead of Fastly SDK calls

* Broaden two low-severity doc cleanup steps in PR7 plan

- Step 7: cover all four stale Fastly-SDK-specific locations in
  http_util.rs (SPOOFABLE_FORWARDED_HEADERS doc, RequestInfo struct doc,
  from_request doc, detect_request_scheme doc)
- Step 8: replace the whole routing snippet in auction/README.md, not
  just the one handle_publisher_request line — handle_auction and
  integration_registry.handle_proxy are also stale in that snippet

* Fix two remaining low findings in PR7 plan

- Add missing Location 2 (RequestInfo.scheme field doc, line ~67) to
  Step 7; renumber subsequent locations 3-5
- Replace &runtime_services with runtime_services in Step 5 and README
  snippet — runtime_services is already &RuntimeServices in route_request

* Fix count drift in Step 7: four → five locations

* Add client_info field to AuctionContext and fix all construction sites

* Change RequestInfo::from_request to take &ClientInfo, thread services into handle_publisher_request

* Add Task 2 follow-up coverage and README route fixes

* Add services param to generate_synthetic_id, remove Fastly IP/geo calls in formats and endpoints

* Revert premature publisher geo change from Task 3

* Replace deprecated GeoInfo::from_request in publisher.rs with services.geo().lookup()

* Remove Fastly IP extraction from Didomi copy_headers, use ClientInfo instead

* Move IpAddr import to test module level in didomi.rs

* Apply rustfmt formatting to didomi.rs, publisher.rs, and synthetic.rs

Fix multi-line function call style in didomi.rs, line-break wrapping in
publisher.rs test, and import ordering in synthetic.rs test module.

* Add test coverage for generate_synthetic_id with concrete client IP

Adds noop_services_with_client_ip helper to test_support and a new
test that verifies the client_ip path through generate_synthetic_id
by asserting the HMAC differs when the IP changes.

* Align geo lookup warn log format with codebase convention ({e} not {e:?})

* Apply Prettier formatting to PR7 plan and spec docs

* Verify content rewriting pipeline is platform-agnostic (PR 8) (#600)

* Document content rewriting as platform-agnostic in platform module

* Document html_processor as platform-agnostic

* Document streaming_processor as platform-agnostic

* Fix unresolved doc link: replace EdgeRequest with edgezero_core::http::Request


- Fix intra-doc link syntax and restore missing blank line in `html_processor`
- Replace opaque PR number references with descriptive context labels
- Move HTTP-type coupling caveat from `platform` module down to `publisher.rs`
- Convert `StreamingPipeline::process` plain-text generics to an intra-doc link

Author: prk-Jr

crates/trusted-server-adapter-fastly/src/main.rs

@@ -161,16 +161,20 @@ async fn route_request(
         }
 
         // tsjs endpoints
-        (Method::GET, "/first-party/proxy") => handle_first_party_proxy(settings, req).await,
-        (Method::GET, "/first-party/click") => handle_first_party_click(settings, req).await,
+        (Method::GET, "/first-party/proxy") => {
+            handle_first_party_proxy(settings, runtime_services, req).await
+        }
+        (Method::GET, "/first-party/click") => {
+            handle_first_party_click(settings, runtime_services, req).await
+        }
         (Method::GET, "/first-party/sign") | (Method::POST, "/first-party/sign") => {
-            handle_first_party_proxy_sign(settings, req).await
+            handle_first_party_proxy_sign(settings, runtime_services, req).await
         }
         (Method::POST, "/first-party/proxy-rebuild") => {
-            handle_first_party_proxy_rebuild(settings, req).await
+            handle_first_party_proxy_rebuild(settings, runtime_services, req).await
         }
         (m, path) if integration_registry.has_route(&m, path) => integration_registry
-            .handle_proxy(&m, path, settings, req)
+            .handle_proxy(&m, path, settings, runtime_services, req)
             .await
             .unwrap_or_else(|| {
                 Err(Report::new(TrustedServerError::BadRequest {

crates/trusted-server-adapter-fastly/src/platform.rs

@@ -187,45 +187,147 @@ impl PlatformBackend for FastlyPlatformBackend {
 }
 
 // ---------------------------------------------------------------------------
-// FastlyPlatformHttpClient
+// FastlyPlatformHttpClient — helpers
 // ---------------------------------------------------------------------------
 
-/// Placeholder Fastly implementation of [`PlatformHttpClient`].
+/// Convert a platform-neutral [`edgezero_core::http::Request`] to a [`fastly::Request`].
+///
+/// Only buffered `Body::Once` bodies are supported on this path.
 ///
-/// The Fastly-backed `send` / `send_async` / `select` behavior lands in a
-/// follow-up PR once the orchestrator migration is complete. Until then all
-/// methods return [`PlatformError::Unsupported`].
+/// # Errors
 ///
-/// Implementation lands in #487 (PR 6: Backend + HTTP client traits).
+/// Returns [`PlatformError::HttpClient`] when the request body is streaming.
+fn edge_request_to_fastly(
+    request: edgezero_core::http::Request,
+) -> Result<fastly::Request, Report<PlatformError>> {
+    let (parts, body) = request.into_parts();
+    let mut fastly_req = fastly::Request::new(parts.method, parts.uri.to_string());
+    for (name, value) in parts.headers.iter() {
+        fastly_req.append_header(name.as_str(), value.as_bytes());
+    }
+    match body {
+        edgezero_core::body::Body::Once(bytes) => {
+            if !bytes.is_empty() {
+                fastly_req.set_body(bytes.to_vec());
+            }
+        }
+        edgezero_core::body::Body::Stream(_) => {
+            return Err(Report::new(PlatformError::HttpClient)
+                .attach("streaming request body is not supported by Fastly request conversion"));
+        }
+    }
+    Ok(fastly_req)
+}
+
+/// Convert a [`fastly::Response`] to a [`PlatformResponse`] with the given backend name.
+fn fastly_response_to_platform(
+    mut resp: fastly::Response,
+    backend_name: impl Into<String>,
+) -> Result<PlatformResponse, Report<PlatformError>> {
+    let status = resp.get_status();
+    let mut builder = edgezero_core::http::response_builder().status(status);
+    for (name, value) in resp.get_headers() {
+        builder = builder.header(name.as_str(), value.as_bytes());
+    }
+    let body_bytes = resp.take_body_bytes();
+    let edge_response = builder
+        .body(edgezero_core::body::Body::from(body_bytes))
+        .change_context(PlatformError::HttpClient)?;
+    Ok(PlatformResponse::new(edge_response).with_backend_name(backend_name))
+}
+
+// ---------------------------------------------------------------------------
+// FastlyPlatformHttpClient
+// ---------------------------------------------------------------------------
+
+/// Fastly implementation of [`PlatformHttpClient`].
+///
+/// - [`send`](PlatformHttpClient::send) — converts the platform request to a
+///   `fastly::Request`, calls `.send()`, and wraps the response.
+/// - [`send_async`](PlatformHttpClient::send_async) — same conversion but
+///   calls `.send_async()` and wraps the `fastly::PendingRequest`.
+/// - [`select`](PlatformHttpClient::select) — downcasts each
+///   [`PlatformPendingRequest`] back to `fastly::PendingRequest` and calls
+///   `fastly::http::request::select()`.
 pub struct FastlyPlatformHttpClient;
 
 #[async_trait::async_trait(?Send)]
 impl PlatformHttpClient for FastlyPlatformHttpClient {
     async fn send(
         &self,
-        _request: PlatformHttpRequest,
+        request: PlatformHttpRequest,
     ) -> Result<PlatformResponse, Report<PlatformError>> {
-        log::warn!("FastlyPlatformHttpClient::send called before #487 lands");
-        Err(Report::new(PlatformError::Unsupported)
-            .attach("FastlyPlatformHttpClient::send is not yet implemented"))
+        let backend_name = request.backend_name.clone();
+        let fastly_req = edge_request_to_fastly(request.request)?;
+        let fastly_resp = fastly_req
+            .send(&backend_name)
+            .change_context(PlatformError::HttpClient)?;
+        fastly_response_to_platform(fastly_resp, backend_name)
     }
 
     async fn send_async(
         &self,
-        _request: PlatformHttpRequest,
+        request: PlatformHttpRequest,
     ) -> Result<PlatformPendingRequest, Report<PlatformError>> {
-        log::warn!("FastlyPlatformHttpClient::send_async called before #487 lands");
-        Err(Report::new(PlatformError::Unsupported)
-            .attach("FastlyPlatformHttpClient::send_async is not yet implemented"))
+        let backend_name = request.backend_name.clone();
+        let fastly_req = edge_request_to_fastly(request.request)?;
+        let pending = fastly_req
+            .send_async(&backend_name)
+            .change_context(PlatformError::HttpClient)?;
+        Ok(PlatformPendingRequest::new(pending).with_backend_name(backend_name))
     }
 
     async fn select(
         &self,
-        _pending_requests: Vec<PlatformPendingRequest>,
+        pending_requests: Vec<PlatformPendingRequest>,
     ) -> Result<PlatformSelectResult, Report<PlatformError>> {
-        log::warn!("FastlyPlatformHttpClient::select called before #487 lands");
-        Err(Report::new(PlatformError::Unsupported)
-            .attach("FastlyPlatformHttpClient::select is not yet implemented"))
+        use fastly::http::request::{select, PendingRequest};
+
+        if pending_requests.is_empty() {
+            return Err(Report::new(PlatformError::HttpClient)
+                .attach("select called with an empty pending_requests list"));
+        }
+
+        let mut fastly_pending: Vec<PendingRequest> = Vec::with_capacity(pending_requests.len());
+
+        for platform_req in pending_requests {
+            let inner = platform_req.downcast::<PendingRequest>().map_err(|platform_req| {
+                let backend_name = platform_req.backend_name().unwrap_or("<unknown>");
+                Report::new(PlatformError::HttpClient).attach(format!(
+                    "PlatformPendingRequest inner type is not fastly::PendingRequest for backend '{backend_name}'"
+                ))
+            })?;
+            fastly_pending.push(inner);
+        }
+
+        let (result, remaining_fastly) = select(fastly_pending);
+
+        // Fastly's select() does not preserve input order for remaining requests,
+        // so positional backend-name re-association is unreliable. Backend names
+        // are re-derived from get_backend_name() when each remaining request completes.
+        let remaining: Vec<PlatformPendingRequest> = remaining_fastly
+            .into_iter()
+            .map(PlatformPendingRequest::new)
+            .collect();
+
+        let ready = match result {
+            Ok(fastly_resp) => {
+                let backend_name = fastly_resp
+                    .get_backend_name()
+                    .unwrap_or_else(|| {
+                        log::warn!("select: response has no backend name, correlation will fail");
+                        ""
+                    })
+                    .to_string();
+                fastly_response_to_platform(fastly_resp, backend_name)
+            }
+            Err(e) => {
+                Err(Report::new(PlatformError::HttpClient)
+                    .attach(format!("fastly select error: {e}")))
+            }
+        };
+
+        Ok(PlatformSelectResult { ready, remaining })
     }
 }
 
@@ -296,9 +398,12 @@ pub fn open_kv_store(store_name: &str) -> Result<Arc<dyn PlatformKvStore>, KvErr
 
 #[cfg(test)]
 mod tests {
+    use std::io;
     use std::sync::Arc;
     use std::time::Duration;
 
+    use edgezero_core::body::Body;
+    use edgezero_core::http::request_builder;
     use edgezero_core::key_value_store::NoopKvStore;
 
     use super::*;
@@ -417,4 +522,132 @@ mod tests {
             "should preserve client_ip through clone"
         );
     }
+
+    // --- FastlyPlatformHttpClient -------------------------------------------
+
+    #[test]
+    fn fastly_platform_http_client_send_returns_error_for_unregistered_backend() {
+        let client = FastlyPlatformHttpClient;
+        let request = request_builder()
+            .method("GET")
+            .uri("https://example.com/")
+            .body(Body::empty())
+            .expect("should build test request");
+        let err = futures::executor::block_on(
+            client.send(PlatformHttpRequest::new(request, "nonexistent-backend")),
+        )
+        .expect_err("should return error for unregistered backend");
+
+        assert!(
+            matches!(err.current_context(), &PlatformError::HttpClient),
+            "should be HttpClient error, got: {:?}",
+            err.current_context()
+        );
+    }
+
+    #[test]
+    fn fastly_platform_http_client_send_async_returns_error_for_unregistered_backend() {
+        let client = FastlyPlatformHttpClient;
+        let request = request_builder()
+            .method("GET")
+            .uri("https://example.com/")
+            .body(Body::empty())
+            .expect("should build test request");
+        let err = futures::executor::block_on(
+            client.send_async(PlatformHttpRequest::new(request, "nonexistent-backend")),
+        )
+        .expect_err("should return error for unregistered backend");
+
+        assert!(
+            matches!(err.current_context(), &PlatformError::HttpClient),
+            "should be HttpClient error, got: {:?}",
+            err.current_context()
+        );
+    }
+
+    #[test]
+    fn fastly_platform_http_client_select_returns_error_for_empty_list() {
+        let client = FastlyPlatformHttpClient;
+        let err = futures::executor::block_on(client.select(vec![]))
+            .expect_err("should return error for empty pending list");
+
+        assert!(
+            matches!(err.current_context(), &PlatformError::HttpClient),
+            "should be HttpClient error, got: {:?}",
+            err.current_context()
+        );
+    }
+
+    #[test]
+    fn fastly_platform_http_client_select_returns_error_for_wrong_inner_type() {
+        let client = FastlyPlatformHttpClient;
+        // Wrap a non-PendingRequest type to trigger the downcast failure.
+        let wrong = PlatformPendingRequest::new(42u32).with_backend_name("origin-a");
+        let err = futures::executor::block_on(client.select(vec![wrong]))
+            .expect_err("should return error for wrong inner type");
+
+        assert!(
+            matches!(err.current_context(), &PlatformError::HttpClient),
+            "should be HttpClient error, got: {:?}",
+            err.current_context()
+        );
+        assert!(
+            format!("{err:?}").contains("origin-a"),
+            "should include backend name in error report: {err:?}"
+        );
+    }
+
+    #[test]
+    fn fastly_platform_http_client_send_returns_error_for_streaming_body() {
+        let client = FastlyPlatformHttpClient;
+        let request = request_builder()
+            .method("POST")
+            .uri("https://example.com/")
+            .body(Body::from_stream(futures::stream::empty::<
+                Result<_, io::Error>,
+            >()))
+            .expect("should build streaming test request");
+
+        let err = futures::executor::block_on(
+            client.send(PlatformHttpRequest::new(request, "nonexistent-backend")),
+        )
+        .expect_err("should reject streaming request bodies before sending");
+
+        assert!(
+            matches!(err.current_context(), &PlatformError::HttpClient),
+            "should be HttpClient error, got: {:?}",
+            err.current_context()
+        );
+        assert!(
+            format!("{err:?}").contains("streaming request body"),
+            "should describe the unsupported streaming body: {err:?}"
+        );
+    }
+
+    #[test]
+    fn fastly_platform_http_client_send_async_returns_error_for_streaming_body() {
+        let client = FastlyPlatformHttpClient;
+        let request = request_builder()
+            .method("POST")
+            .uri("https://example.com/")
+            .body(Body::from_stream(futures::stream::empty::<
+                Result<_, io::Error>,
+            >()))
+            .expect("should build streaming test request");
+
+        let err = futures::executor::block_on(
+            client.send_async(PlatformHttpRequest::new(request, "nonexistent-backend")),
+        )
+        .expect_err("should reject streaming request bodies before launching async send");
+
+        assert!(
+            matches!(err.current_context(), &PlatformError::HttpClient),
+            "should be HttpClient error, got: {:?}",
+            err.current_context()
+        );
+        assert!(
+            format!("{err:?}").contains("streaming request body"),
+            "should describe the unsupported streaming body: {err:?}"
+        );
+    }
 }