Fix remaining SSC naming vestiges, CI formatting, and dependency sync

- Rename allows_ssc_creation → allows_ec_creation and update all doc
  comments, test names, and assertion messages to use Edge Cookie (EC)
- Fix intra-doc link [`ec`] → [`edge_cookie`] in lib.rs
- Downgrade test log from info to debug in edge_cookie.rs for consistency
- Add fallback comment and wire-protocol breaking-change doc in openrtb.rs
- Run prettier --write on 3 doc files to fix format-docs CI
- Update integration-tests Cargo.lock to sync derive_more 2.1.1

Author: ChristianPavilonis

crates/common/src/consent/kv.rs

@@ -362,7 +362,7 @@ pub fn save_consent_to_kv(store_name: &str, ec_id: &str, ctx: &ConsentContext, m
 
 /// Deletes a consent entry from the KV Store for a given EC ID.
 ///
-/// Used when a user revokes consent — the existing SSC cookie is being
+/// Used when a user revokes consent — the existing EC cookie is being
 /// expired, so the persisted consent data must also be removed.
 ///
 /// Errors are logged but never propagated — KV Store failures must not

crates/common/src/consent/mod.rs

@@ -463,22 +463,22 @@ pub fn gate_eids_by_consent<T>(
 }
 
 // ---------------------------------------------------------------------------
-// SSC consent gating
+// EC consent gating
 // ---------------------------------------------------------------------------
 
-/// Determines whether SSC (Synthetic Session Cookie) creation is permitted
-/// based on the user's consent and detected jurisdiction.
+/// Determines whether Edge Cookie (EC) creation is permitted based on the
+/// user's consent and detected jurisdiction.
 ///
 /// The decision follows the jurisdiction's consent model:
 ///
 /// - **GDPR (EU/UK)**: opt-in required — TCF Purpose 1 (store/access
 ///   information on a device) must be explicitly consented. If no TCF data is
-///   available under GDPR, consent is assumed absent and SSC is blocked.
-/// - **US state privacy**: opt-out model — SSC is allowed unless the user has
+///   available under GDPR, consent is assumed absent and EC is blocked.
+/// - **US state privacy**: opt-out model — EC is allowed unless the user has
 ///   explicitly opted out via the US Privacy string or Global Privacy Control.
-/// - **Non-regulated / Unknown**: SSC is allowed (no consent requirement).
+/// - **Non-regulated / Unknown**: EC is allowed (no consent requirement).
 #[must_use]
-pub fn allows_ssc_creation(ctx: &ConsentContext) -> bool {
+pub fn allows_ec_creation(ctx: &ConsentContext) -> bool {
     match &ctx.jurisdiction {
         jurisdiction::Jurisdiction::Gdpr => {
             // EU/UK: explicit opt-in required (TCF Purpose 1 = store/access device).
@@ -610,7 +610,7 @@ mod tests {
     use fastly::Request;
 
     use super::{
-        allows_ssc_creation, apply_expiration_check, apply_tcf_conflict_resolution,
+        allows_ec_creation, apply_expiration_check, apply_tcf_conflict_resolution,
         build_consent_context, build_context_from_signals, should_try_kv_fallback,
         ConsentPipelineInput,
     };
@@ -882,7 +882,7 @@ mod tests {
     }
 
     // -----------------------------------------------------------------------
-    // allows_ssc_creation tests
+    // allows_ec_creation tests
     // -----------------------------------------------------------------------
 
     /// Helper: builds a TCF consent with configurable Purpose 1 (storage).
@@ -891,35 +891,35 @@ mod tests {
     }
 
     #[test]
-    fn ssc_allowed_gdpr_with_storage_consent() {
+    fn ec_allowed_gdpr_with_storage_consent() {
         let ctx = ConsentContext {
             jurisdiction: Jurisdiction::Gdpr,
             tcf: Some(make_tcf_with_storage(true)),
             gdpr_applies: true,
             ..ConsentContext::default()
         };
         assert!(
-            allows_ssc_creation(&ctx),
-            "GDPR + TCF Purpose 1 consented should allow SSC"
+            allows_ec_creation(&ctx),
+            "GDPR + TCF Purpose 1 consented should allow EC"
         );
     }
 
     #[test]
-    fn ssc_blocked_gdpr_without_storage_consent() {
+    fn ec_blocked_gdpr_without_storage_consent() {
         let ctx = ConsentContext {
             jurisdiction: Jurisdiction::Gdpr,
             tcf: Some(make_tcf_with_storage(false)),
             gdpr_applies: true,
             ..ConsentContext::default()
         };
         assert!(
-            !allows_ssc_creation(&ctx),
-            "GDPR + TCF Purpose 1 not consented should block SSC"
+            !allows_ec_creation(&ctx),
+            "GDPR + TCF Purpose 1 not consented should block EC"
         );
     }
 
     #[test]
-    fn ssc_blocked_gdpr_no_tcf_data() {
+    fn ec_blocked_gdpr_no_tcf_data() {
         let ctx = ConsentContext {
             jurisdiction: Jurisdiction::Gdpr,
             tcf: None,
@@ -928,13 +928,13 @@ mod tests {
             ..ConsentContext::default()
         };
         assert!(
-            !allows_ssc_creation(&ctx),
-            "GDPR with no TCF data should block SSC"
+            !allows_ec_creation(&ctx),
+            "GDPR with no TCF data should block EC"
         );
     }
 
     #[test]
-    fn ssc_allowed_gdpr_via_gpp_embedded_tcf() {
+    fn ec_allowed_gdpr_via_gpp_embedded_tcf() {
         let ctx = ConsentContext {
             jurisdiction: Jurisdiction::Gdpr,
             tcf: None,
@@ -947,13 +947,13 @@ mod tests {
             ..ConsentContext::default()
         };
         assert!(
-            allows_ssc_creation(&ctx),
-            "GDPR + GPP embedded TCF with P1 consent should allow SSC"
+            allows_ec_creation(&ctx),
+            "GDPR + GPP embedded TCF with P1 consent should allow EC"
         );
     }
 
     #[test]
-    fn ssc_allowed_us_state_no_optout() {
+    fn ec_allowed_us_state_no_optout() {
         let ctx = ConsentContext {
             jurisdiction: Jurisdiction::UsState("CA".to_owned()),
             us_privacy: Some(UsPrivacy {
@@ -965,13 +965,13 @@ mod tests {
             ..ConsentContext::default()
         };
         assert!(
-            allows_ssc_creation(&ctx),
-            "US state + no opt-out should allow SSC"
+            allows_ec_creation(&ctx),
+            "US state + no opt-out should allow EC"
         );
     }
 
     #[test]
-    fn ssc_blocked_us_state_opted_out() {
+    fn ec_blocked_us_state_opted_out() {
         let ctx = ConsentContext {
             jurisdiction: Jurisdiction::UsState("CA".to_owned()),
             us_privacy: Some(UsPrivacy {
@@ -983,65 +983,65 @@ mod tests {
             ..ConsentContext::default()
         };
         assert!(
-            !allows_ssc_creation(&ctx),
-            "US state + opt-out should block SSC"
+            !allows_ec_creation(&ctx),
+            "US state + opt-out should block EC"
         );
     }
 
     #[test]
-    fn ssc_blocked_us_state_gpc_implies_optout() {
+    fn ec_blocked_us_state_gpc_implies_optout() {
         let ctx = ConsentContext {
             jurisdiction: Jurisdiction::UsState("CA".to_owned()),
             us_privacy: None,
             gpc: true,
             ..ConsentContext::default()
         };
         assert!(
-            !allows_ssc_creation(&ctx),
-            "US state + GPC=true with no US Privacy string should block SSC"
+            !allows_ec_creation(&ctx),
+            "US state + GPC=true with no US Privacy string should block EC"
         );
     }
 
     #[test]
-    fn ssc_allowed_us_state_no_signals() {
+    fn ec_allowed_us_state_no_signals() {
         let ctx = ConsentContext {
             jurisdiction: Jurisdiction::UsState("CA".to_owned()),
             us_privacy: None,
             gpc: false,
             ..ConsentContext::default()
         };
         assert!(
-            allows_ssc_creation(&ctx),
-            "US state + no opt-out signals should allow SSC (opt-out model)"
+            allows_ec_creation(&ctx),
+            "US state + no opt-out signals should allow EC (opt-out model)"
         );
     }
 
     #[test]
-    fn ssc_allowed_non_regulated() {
+    fn ec_allowed_non_regulated() {
         let ctx = ConsentContext {
             jurisdiction: Jurisdiction::NonRegulated,
             ..ConsentContext::default()
         };
         assert!(
-            allows_ssc_creation(&ctx),
-            "non-regulated jurisdiction should always allow SSC"
+            allows_ec_creation(&ctx),
+            "non-regulated jurisdiction should always allow EC"
         );
     }
 
     #[test]
-    fn ssc_allowed_unknown_jurisdiction() {
+    fn ec_allowed_unknown_jurisdiction() {
         let ctx = ConsentContext {
             jurisdiction: Jurisdiction::Unknown,
             ..ConsentContext::default()
         };
         assert!(
-            allows_ssc_creation(&ctx),
-            "unknown jurisdiction should allow SSC (no geo data available)"
+            allows_ec_creation(&ctx),
+            "unknown jurisdiction should allow EC (no geo data available)"
         );
     }
 
     #[test]
-    fn ssc_us_privacy_not_applicable_allows_ssc() {
+    fn ec_us_privacy_not_applicable_allows_ec() {
         let ctx = ConsentContext {
             jurisdiction: Jurisdiction::UsState("VA".to_owned()),
             us_privacy: Some(UsPrivacy {
@@ -1053,8 +1053,8 @@ mod tests {
             ..ConsentContext::default()
         };
         assert!(
-            allows_ssc_creation(&ctx),
-            "US Privacy with opt_out=N/A should allow SSC"
+            allows_ec_creation(&ctx),
+            "US Privacy with opt_out=N/A should allow EC"
         );
     }
 }

crates/common/src/edge_cookie.rs

@@ -69,6 +69,8 @@ pub fn generate_ec_id(
     settings: &Settings,
     req: &Request,
 ) -> Result<String, Report<TrustedServerError>> {
+    // Fallback to "unknown" when client IP is unavailable (e.g., local testing).
+    // All such requests share the same HMAC base; the random suffix provides uniqueness.
     let client_ip = req
         .get_client_ip_addr()
         .map(normalize_ip)
@@ -232,7 +234,7 @@ mod tests {
         let req = create_test_request(vec![]);
 
         let ec_id = generate_ec_id(&settings, &req).expect("should generate EC ID");
-        log::info!("Generated EC ID: {}", ec_id);
+        log::debug!("Generated EC ID: {}", ec_id);
         assert!(
             is_ec_id_format(&ec_id),
             "should match EC ID format: {{64hex}}.{{6alnum}}"

crates/common/src/lib.rs

@@ -16,7 +16,7 @@
 //! - [`privacy`]: Privacy utilities and helpers
 //! - [`settings`]: Configuration management and validation
 //! - [`streaming_replacer`]: Streaming URL replacement for large responses
-//! - [`ec`]: Edge Cookie (EC) ID generation using HMAC
+//! - [`edge_cookie`]: Edge Cookie (EC) ID generation using HMAC
 //! - [`test_support`]: Testing utilities and mocks
 //! - [`why`]: Debugging and introspection utilities
 

crates/common/src/openrtb.rs

@@ -49,6 +49,10 @@ pub struct UserExt {
     /// Gated by TCF Purpose 1 (storage) and Purpose 4 (personalized ads).
     #[serde(skip_serializing_if = "Option::is_none")]
     pub eids: Option<Vec<Eid>>,
+    /// Whether this EC ID was freshly generated for this request.
+    ///
+    /// **Breaking change:** this wire field was previously named `synthetic_fresh`.
+    /// Downstream PBS modules or analytics reading the old name must be updated.
     #[serde(skip_serializing_if = "Option::is_none")]
     pub ec_fresh: Option<String>,
 }

crates/common/src/publisher.rs

@@ -3,7 +3,7 @@ use fastly::http::{header, StatusCode};
 use fastly::{Body, Request, Response};
 
 use crate::backend::BackendConfig;
-use crate::consent::{allows_ssc_creation, build_consent_context, ConsentPipelineInput};
+use crate::consent::{allows_ec_creation, build_consent_context, ConsentPipelineInput};
 use crate::constants::{COOKIE_TS_EC, HEADER_X_COMPRESS_HINT, HEADER_X_TS_EC};
 use crate::cookies::{expire_ec_cookie, handle_request_cookies, set_ec_cookie};
 use crate::edge_cookie::get_or_generate_ec_id;
@@ -264,7 +264,7 @@ pub fn handle_publisher_request(
         geo: geo.as_ref(),
         ec_id: Some(ec_id.as_str()),
     });
-    let ec_allowed = allows_ssc_creation(&consent_context);
+    let ec_allowed = allows_ec_creation(&consent_context);
     log::debug!("Proxy EC ID: {}, ec_allowed: {}", ec_id, ec_allowed,);
 
     let backend_name = BackendConfig::from_url(