Skip to content

Add Prebid error diagnostics#893

Merged
ChristianPavilonis merged 5 commits into
mainfrom
add-prebid-error-diagnostics
Jul 17, 2026
Merged

Add Prebid error diagnostics#893
ChristianPavilonis merged 5 commits into
mainfrom
add-prebid-error-diagnostics

Conversation

@ChristianPavilonis

@ChristianPavilonis ChristianPavilonis commented Jul 10, 2026

Copy link
Copy Markdown
Collaborator

Summary

  • Surface safe HTTP status and error classification when Prebid Server returns a non-2xx response.
  • Expose bounded, sanitized upstream messages only when Prebid debug mode is enabled.
  • Correlate bounded debug log previews with the auction ID and document the behavior.

Changes

File Change
crates/trusted-server-core/src/integrations/prebid.rs Add non-2xx metadata, debug-gated error extraction, correlated logging, and regression tests.
docs/guide/integrations/prebid.md Document upstream HTTP diagnostics and their security limits.

Closes

Closes #909.

Test plan

  • cargo test-fastly && cargo test-axum
  • cargo clippy-fastly && cargo clippy-axum
  • cargo fmt --all -- --check
  • JS tests: cd crates/trusted-server-js/lib && npx vitest run (JS unchanged)
  • JS format: cd crates/trusted-server-js/lib && npm run format (JS unchanged)
  • Docs format: cd docs && npm run format
  • WASM build: cargo build --package trusted-server-adapter-fastly --release --target wasm32-wasip1
  • Manual testing via fastly compute serve
  • Other: cargo test-cloudflare, cargo test-spin, Cloudflare/Spin native and WASM clippy aliases, and integration parity tests.

Checklist

  • Changes follow CLAUDE.md conventions
  • No unwrap() in production code — use expect("should ...")
  • Uses log macros (not println!), per CLAUDE.md
  • New code has tests
  • No secrets or credentials committed

@ChristianPavilonis

Copy link
Copy Markdown
Collaborator Author

Rebased onto #890 and linked tracking issue #909. Marking this ready for review.

@ChristianPavilonis
ChristianPavilonis marked this pull request as ready for review July 14, 2026 16:05
@ChristianPavilonis
ChristianPavilonis requested review from aram356 and prk-Jr and removed request for aram356 July 14, 2026 16:07
@ChristianPavilonis
ChristianPavilonis changed the base branch from main to issue-858-ssat-compression-offload July 15, 2026 15:20
@ChristianPavilonis
ChristianPavilonis changed the base branch from issue-858-ssat-compression-offload to feat/ssat-write-prebid-response-debug July 15, 2026 15:21

@aram356 aram356 left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Summary

The diagnostics are carefully debug-gated, sanitized, bounded, and correlated with escaped auction IDs. One correctness gap still allows oversized non-2xx bodies to bypass the new HTTP-status classification, so changes are requested.

Blocking

🔧 wrench

  • Preserve HTTP classification for oversized error bodies (crates/trusted-server-core/src/integrations/prebid.rs:1977): body collection can fail before the known non-2xx status is converted into provider metadata.

Non-blocking

🏕 camp site

  • Add a public /auction response-shape regression (crates/trusted-server-core/src/integrations/prebid.rs:5135): exercise the security contract through final response serialization.

CI Status

  • GitHub integration artifact preparation: PASS
  • GitHub integration tests: PASS
  • GitHub Fastly EC lifecycle tests: PASS
  • GitHub browser integration tests: PASS
  • Targeted native Prebid tests: PASS (163 tests)
  • Axum tests: PASS (12 tests)
  • fmt: PASS
  • Local Fastly runtime: BLOCKED by unavailable macOS certificate keychain after successful compilation
  • Local clippy-fastly: BLOCKED by local build-tool invocation error (Unrecognized option: 'p')

Comment thread crates/trusted-server-core/src/integrations/prebid.rs
Comment thread crates/trusted-server-core/src/integrations/prebid.rs

@aram356 aram356 left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Summary

The follow-up commit resolves the prior blocking issue: non-2xx HTTP classification now survives oversized or unreadable response bodies, with one-shot and streaming regressions. The public /auction response also has explicit debug-gating, normalization, and truncation coverage. No additional findings remain.

CI Status

  • GitHub integration artifact preparation: PASS
  • GitHub integration tests: PASS
  • GitHub Fastly EC lifecycle tests: PASS
  • GitHub browser integration tests: PASS
  • Targeted native Prebid tests: PASS (166 tests)
  • fmt: PASS
  • Fastly wasm32-wasip1 compilation: PASS

@aram356

aram356 commented Jul 16, 2026

Copy link
Copy Markdown
Collaborator

@ChristianPavilonis please resolve conflicts

@ChristianPavilonis
ChristianPavilonis force-pushed the add-prebid-error-diagnostics branch 2 times, most recently from c3143ab to 4ca09fa Compare July 17, 2026 16:44
@ChristianPavilonis
ChristianPavilonis changed the base branch from feat/ssat-write-prebid-response-debug to main July 17, 2026 16:46
Prebid non-2xx responses were reduced to bare provider errors, making intermittent failures difficult to diagnose. Surface safe HTTP metadata and bounded debug details while correlating server logs with the auction ID.
@ChristianPavilonis
ChristianPavilonis force-pushed the add-prebid-error-diagnostics branch from 4ca09fa to 7af7598 Compare July 17, 2026 16:47
@ChristianPavilonis
ChristianPavilonis merged commit fd2ab0f into main Jul 17, 2026
19 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Add safe Prebid upstream error diagnostics

2 participants