Description
crates/trusted-server-core/src/migration_guards.rs enforces that no core source references the Fastly SDK except the deferred EC KV/ERL allowlist (ec/kv.rs, ec/rate_limiter.rs). It does this against two hand-maintained lists: checked_sources() and allowlisted_sources().
PR review on feature/edgezero-pr15-remove-fastly-core (round 4, non-blocking 🌱) flagged that these lists are hand-maintained, so a new core .rs file that imports the Fastly SDK but is not added to either list silently escapes the guard.
Two concrete items to address
-
Coverage gap (already real). Two source files currently exist in neither list and are unguarded:
crates/trusted-server-core/src/integrations/datadome/protection.rscrates/trusted-server-core/src/integrations/datadome/protection_scope.rs
They are clean of Fastly SDK usage today, but nothing prevents a regression. They should be added to checked_sources().
-
Automation. Add a test (or build-script-generated inventory) asserting that every src/**/*.rs appears in exactly one of checked_sources() / allowlisted_sources() (with migration_guards.rs itself exempt, since it embeds the banned pattern as a regex literal). The wasm/viceroy test sandbox limits std::fs, so the file list likely has to be generated from build.rs into OUT_DIR and include!-ed by the test rather than walked at test time.
A prototype of this approach was built and verified working (build.rs walks src, emits CORE_SOURCE_FILES, the test XOR-checks membership; the negative case panics correctly) but was reverted as too heavy for the PR — reconsider whether a lighter approach exists when implementing.
Done when
Affected area
CI / Tooling
Description
crates/trusted-server-core/src/migration_guards.rsenforces that no core source references the Fastly SDK except the deferred EC KV/ERL allowlist (ec/kv.rs,ec/rate_limiter.rs). It does this against two hand-maintained lists:checked_sources()andallowlisted_sources().PR review on
feature/edgezero-pr15-remove-fastly-core(round 4, non-blocking 🌱) flagged that these lists are hand-maintained, so a new core.rsfile that imports the Fastly SDK but is not added to either list silently escapes the guard.Two concrete items to address
Coverage gap (already real). Two source files currently exist in neither list and are unguarded:
crates/trusted-server-core/src/integrations/datadome/protection.rscrates/trusted-server-core/src/integrations/datadome/protection_scope.rsThey are clean of Fastly SDK usage today, but nothing prevents a regression. They should be added to
checked_sources().Automation. Add a test (or build-script-generated inventory) asserting that every
src/**/*.rsappears in exactly one ofchecked_sources()/allowlisted_sources()(withmigration_guards.rsitself exempt, since it embeds the banned pattern as a regex literal). The wasm/viceroy test sandbox limitsstd::fs, so the file list likely has to be generated frombuild.rsintoOUT_DIRandinclude!-ed by the test rather than walked at test time.A prototype of this approach was built and verified working (
build.rswalkssrc, emitsCORE_SOURCE_FILES, the test XOR-checks membership; the negative case panics correctly) but was reverted as too heavy for the PR — reconsider whether a lighter approach exists when implementing.Done when
protection.rs,protection_scope.rs) are guarded inchecked_sources().src/**/*.rsis added without being placed in exactly one of the two lists.cargo fmt,cargo clippy --all-targets --all-features -- -D warnings, andcargo test --workspaceall pass, including the wasm32-wasip1 / viceroy test target.Affected area
CI / Tooling