Skip to content

Implement consent forwarding pipeline#380

Draft
ChristianPavilonis wants to merge 4 commits intomainfrom
feature/consent-management
Draft

Implement consent forwarding pipeline#380
ChristianPavilonis wants to merge 4 commits intomainfrom
feature/consent-management

Conversation

@ChristianPavilonis
Copy link
Collaborator

@ChristianPavilonis ChristianPavilonis commented Feb 26, 2026

Summary

  • Wire CMP consent signals end-to-end from cookie/header extraction through OpenRTB bid requests, partner integrations, and KV Store persistence so publishers can comply with GDPR and US state privacy laws without additional integration work.
  • Adds configurable [consent] section with jurisdiction detection, per-partner forwarding modes, expiration checking, and GPC-to-US-Privacy construction.
  • Grows test coverage from 431 → 460 tests with comprehensive unit tests for every new module.

Note: Phase 1a (AC string extraction) and Phase 1b (TCF purpose helpers) were completed in prior commits already on this branch.

Changes

Phase 2 — OpenRTB integration

File Change
crates/common/src/openrtb.rs Populate regs/user consent fields with dual-placement (top-level 2.6 + ext for older exchanges); add Eid, Uid, ConsentedProvidersSettings structs

Phase 3 — Configuration & observability

File Change
crates/common/src/consent_config.rs Full [consent] config section: ConsentConfig, ConsentMode, ConsentForwardingMode, GdprConfig (31 countries), UsStatesConfig (20 states), conflict resolution, expiration checking
crates/common/src/consent/jurisdiction.rs Jurisdiction enum (Gdpr, UsState, NonRegulated, Unknown) + detect_jurisdiction() from geo + config
crates/common/src/consent/mod.rs Pipeline orchestrator: build_consent_context(), ConsentPipelineInput, KV fallback/write, expiration checking, GPC-to-US-Privacy, EID gating
crates/common/src/consent/types.rs TcfConsent helper methods (has_purpose_consent, has_storage_consent, etc.)
crates/common/src/settings.rs Added consent: ConsentConfig field
crates/common/src/lib.rs Module declaration for consent_config
crates/common/build.rs Include consent_config.rs in build inputs

Phase 4 — Partner integrations

File Change
crates/common/src/cookies.rs Cookie stripping utilities (strip_cookies, forward_cookie_header, CONSENT_COOKIE_NAMES)
crates/common/src/integrations/prebid.rs ConsentForwardingMode support, consent cookie stripping in OpenrtbOnly mode
crates/common/src/integrations/lockr.rs Always strips consent cookies via forward_cookie_header
crates/common/src/integrations/aps.rs ApsGdprConsent struct, consent fields in ApsBidRequest
crates/common/src/integrations/adserver_mock.rs Consent summary in mediation request ext

Phase 5 — KV Store persistence

File Change
crates/common/src/consent/kv.rs KvConsentEntry and ConsentKvMetadata types, SHA-256 fingerprint change detection, read fallback when cookies absent, write-on-change via Fastly KV Store API

Wiring & config

File Change
crates/common/src/auction/endpoints.rs Wire consent pipeline into /auction endpoint
crates/common/src/publisher.rs Wire consent pipeline with synthetic_id into publisher handler
fastly.toml Added consent_store KV store for local dev
trusted-server.toml Added commented [consent] config section with all options

Key design decisions

  • Dual-placement OpenRTB fields: consent values placed both at top-level (2.6 spec) and in ext for backward compatibility with older exchanges.
  • Consent cookie stripping: per-partner ConsentForwardingMode controls whether consent travels via OpenRTB body only (OpenrtbOnly strips cookies) or both cookies and body (CookiesAndBody).
  • Write-on-change KV persistence: SHA-256 fingerprint of consent signals avoids redundant KV writes; KV read used as fallback when cookies are absent (e.g., Safari ITP).

How to enable

  1. Uncomment the [consent] section in trusted-server.toml
  2. For KV persistence, configure consent_store in fastly.toml (already added for local dev)
  3. Optionally set mode = "proxy" or mode = "interpreter" depending on desired consent processing depth

Test plan

  • cargo fmt --all -- --check
  • cargo clippy --all-targets --all-features -- -D warnings
  • cargo test --workspace — 460 tests passing
  • npx vitest run — 111 JS tests passing
  • npm run format (js + docs) — clean

Checklist

  • Code compiles without warnings
  • All existing tests pass
  • New tests added for all new modules (29 new tests)
  • No secrets or credentials committed
  • Configuration is opt-in (commented out by default)

Closes #312

@ChristianPavilonis ChristianPavilonis self-assigned this Feb 26, 2026
@ChristianPavilonis ChristianPavilonis marked this pull request as draft February 26, 2026 00:41
@ChristianPavilonis
wip
ae4e332
@ChristianPavilonis
wip
aabd47b
@ChristianPavilonis
wip
4e9a4eb
@ChristianPavilonis
feat: implement consent forwarding pipeline (Phases 2-5)
3e8e3c5 
Wire consent signals into OpenRTB bid requests, add per-partner
forwarding modes, and persist consent to KV Store for returning users.

Phase 2 - OpenRTB integration: populate regs/user consent fields with
dual-placement (top-level 2.6 + ext), add EID consent gating, AC string
forwarding, and new Eid/Uid/ConsentedProvidersSettings structs.

Phase 3 - Configuration + observability: add [consent] config section
with jurisdiction detection, expiration checking, GPC-to-US-Privacy
construction, and structured logging.

Phase 4 - Partner integrations: cookie stripping via ConsentForwardingMode,
Prebid/Lockr consent cookie filtering, APS consent fields, adserver mock
consent summary.

Phase 5 - KV Store persistence: consent/kv.rs with KvConsentEntry and
ConsentKvMetadata types, SHA-256 fingerprint change detection, read
fallback when cookies absent, write-on-change via Fastly KV Store API.
@ChristianPavilonis ChristianPavilonis force-pushed the feature/consent-management branch from b4dfdde to 3e8e3c5 Compare February 26, 2026 00:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@ChristianPavilonis ChristianPavilonis

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

As publisher I want CMP consent passed to downstream providers

1 participant

@ChristianPavilonis