Add focused coverage for production readiness test gaps

[ChristianPavilonis]

Summary

• Add focused unit coverage for production-readiness backlog test gaps under Production readiness #396.
• Cover error status mapping, bare-host rewrite boundaries, TSJS script tag/source generation, and auction format conversion behavior.
• Document the current banner-only auction request conversion behavior without changing runtime behavior.
• Supersedes Add test coverage for error mapping and tsjs helpers #648 for the overlapping Add tests for TrustedServerError HTTP status mapping #448/Add unit tests for tsjs script source and tag generation #450 coverage.

Changes

File	Change
crates/trusted-server-core/src/error.rs	Added direct status-code mapping coverage for every current TrustedServerError variant, including a compile-time exhaustive match guard for new variants.
crates/trusted-server-core/src/host_rewrite.rs	Added direct boundary tests for exact hosts, paths, punctuation, multiple occurrences, subdomains, suffixes, empty inputs, and ports.
crates/trusted-server-core/src/tsjs.rs	Added tests for unified/deferred script source formatting, hash shape, script tag attributes, empty deferred output, and deferred order preservation.
crates/trusted-server-core/src/auction/formats.rs	Added request/response conversion tests for banner formats, bidder params, context allowlisting, malformed sizes, unsupported media skip behavior, OpenRTB response fields, mediation strategy, missing prices, and out-of-range dimensions.

Closes

Closes #448
Closes #449
Closes #450
Closes #453

Note: #455 references the old synthetic-template path, which no longer exists on current main after the EC ID migration. It should be triaged separately rather than auto-closed by this PR.

Test plan

• cargo test --workspace
• cargo clippy --workspace --all-targets --all-features -- -D warnings
• cargo fmt --all -- --check
• JS tests: cd crates/js/lib && npx vitest run
• JS format: cd crates/js/lib && npm run format
• Docs format: cd docs && npm run format
• WASM build: cargo build --package trusted-server-adapter-fastly --release --target wasm32-wasip1
• Manual testing via fastly compute serve
• Other: cargo test -p trusted-server-core status_code_maps_each_error_variant_to_expected_http_response -- --nocapture; cargo test -p trusted-server-core tsjs_ -- --nocapture; cargo test -p trusted-server-core rewrite -- --nocapture; cargo test -p trusted-server-core convert_tsjs_to_auction_request -- --nocapture; cargo test -p trusted-server-core convert_to_openrtb_response -- --nocapture

Checklist

• Changes follow CLAUDE.md conventions
• No unwrap() in production code — use expect("should ...")
• Uses log macros (not println!)
• New code has tests
• No secrets or credentials committed

[prk-Jr]

Summary

Pure test additions across four files — error.rs, host_rewrite.rs, tsjs.rs, and auction/formats.rs. No production code changed. All CI checks pass. Test quality is high overall; a few missing edge cases and one misleading helper message noted inline.

Non-blocking

🏕 camp site

• Forbidden and AllowlistViolation user_message untested — Both variants fall into the _ catch-all in user_message and return "An internal error occurred" despite being 4xx responses. The existing server_errors_return_generic_message test does not include them. Worth adding both to explicitly document (and lock in) the intended behavior — or, if a more descriptive message is preferred for 403s, this is the place to catch it.

🌱 seedling

• Host-in-path-segment behavior unspecified (host_rewrite.rs) — Input https://cdn.example.com/assets/origin.example.com/image.png will be rewritten because / is not a is_host_char. This may be intentional for Next.js __next_f payloads but is undocumented and untested. A test explicitly asserting current behavior would prevent silent regressions.

• Empty module list edge case (tsjs.rs) — tsjs_script_src(&[]) behavior is unspecified. What does concatenated_hash(&[]) return? Low risk but a documentation test would lock in the contract.

CI Status

• cargo fmt: PASS
• cargo clippy: PASS
• cargo test: PASS
• vitest: PASS
• integration tests: PASS
• browser integration tests: PASS

[aram356]

Summary

Follow-up to the prior review on the same head commit — only new findings missed last pass. Still no blocking items; verdict is COMMENT.

• 3 🌱 seedling — coverage gaps: hash order/dedup invariants, empty winning_bids response, height out-of-range symmetry.
• 2 ⛏ nitpick — redundant use in the test module; mixed *.example / example.com test-fixture TLDs.
• 2 👍 praise — compile-time exhaustiveness guard pattern; banner-only behavior pinned by a test.

The prior review's findings remain open (no commits since 2a3edb77) — they're tracked there, not re-posted here.

CI Status

• cargo fmt: PASS
• cargo clippy: PASS
• cargo test: PASS
• vitest: PASS
• integration tests: PASS
• browser integration tests: PASS

[aram356]

Requesting changes to address the 5 non-praise findings (3 🌱 + 2 ⛏) in my prior review — and the 9 still-open items from the earlier review that haven't been addressed yet.

[aram356]

Summary

This test-coverage PR was branched from a stale main (merge-base f275aba5). Since then, #621 (Edge Cookie identity system) reshaped the auction APIs, and the PR no longer compiles against current main — which is why the cargo test CI job is failing. cargo fmt is also red on the merged tree. host_rewrite.rs and tsjs.rs are sound and land cleanly; auction/formats.rs and error.rs need a rebase and rework. Requesting changes on the three blocking items below.

Blocking

🔧 wrench

• Duplicate mod tests + stale auction API: main already has a test module at formats.rs:339; the new module collides (E0428) and is written against pre-#621 signatures (7-arg conversion, UserInfo.fresh_id, missing AdRequest.eids, removed HEADER_X_TS_EC/_FRESH). (auction/formats.rs:353)
• Undisclosed runtime behavior change: convert_to_openrtb_response now emits explicit empty seatbid/adomain arrays via a second serialization pass, contradicting the PR's "without changing runtime behavior" claim. (auction/formats.rs:310)
• Exhaustive error guard out of date: references removed TrustedServerError::Ec and omits new EdgeCookie/PartnerNotFound/InsecureDefault. (error.rs:229)

Non-blocking

🤔 thinking

• Double serialization on response path: if the explicit-empty-array contract is required, customize serialization on the OpenRTB response types rather than re-walking the JSON tree (to_value + to_vec) on every auction response. (auction/formats.rs:310)

♻️ refactor

• On rebase: fold both new test modules into the existing mod tests; update to UserInfo { id: Some(...), .. } (no fresh_id), AdRequest { eids: None, .. }, the 5-arg convert_tsjs_to_auction_request, and assert the current HEADER_X_TS_EC_CONSENT/HEADER_X_TS_EIDS headers.

🌱 seedling

• Unknown-module hash: tsjs_deferred_script_src_uses_empty_hash_for_unknown_module characterizes "unknown module → ?v= with empty hash." Worth a follow-up on whether that should instead be rejected. (tsjs.rs)

📝 note

• tsjs.rs tests are independent of the EC migration and should merge + compile unchanged.

CI Status

• fmt: FAIL
• clippy: PASS
• rust tests: FAIL (compile errors against merged main — see blocking findings)
• js tests (vitest): PASS

[prk-Jr]

Summary

Third-pass review of head 8d63e24 — all findings from the two prior review rounds are addressed. Only new findings below; nothing blocking. Verdict remains COMMENT.

• 2 ⛏ nitpick — redundant HeaderValue::from_str, under-enumerated user_message doc
• 1 🏕 camp site — stale # Errors doc on convert_tsjs_to_auction_request (below)
• 1 📌 out of scope — misleading generic message now pinned for 403/404 variants
• 3 🌱 seedling — ec_id: None propagation, empty banner sizes, host-rewrite case sensitivity
• 1 👍 praise — order-insensitive multi-winner assertions

Non-blocking (body-level)

🏕 camp site

• Stale # Errors doc on convert_tsjs_to_auction_request (crates/trusted-server-core/src/auction/formats.rs:82, outside this diff): the entry "Fresh EC ID generation fails" is stale — the function never generates EC IDs; the caller does, per the doc paragraph at lines 76–77, and the only error path is the invalid-banner-size ensure!. Since this PR's purpose is documenting this function's behavior, removing the stale bullet fits here:

  /// # Errors
  ///
  /// Returns an error if the request contains invalid banner sizes
  /// (must be `[width, height]`).
  

CI Status

• fmt: PASS
• clippy (Analyze rust): PASS
• rust tests (cargo test): PASS
• js tests (vitest): PASS
• integration + browser integration: PASS

[aram356]

Summary

Re-review of the production-readiness test-coverage PR. The diff is now test-only plus two doc/comment corrections — verified that convert_to_openrtb_response's body is unchanged, so the "no runtime behavior change" claim holds. All three blocking items from the 2026-06-03 review are resolved, and every test assertion was cross-checked against the production source it pins. CI is fully green on the head commit. Approving.

Prior blocking items — resolved

• Duplicate mod tests + stale 7-arg auction API → single test module on the current 5-arg signature (no fresh_id, AdRequest.eids present, asserts HEADER_X_TS_EC_CONSENT).
• Undisclosed runtime change (explicit empty seatbid/adomain via a second serialization pass) → reverted; tests now characterize the existing omit-when-empty wire format as spec.
• Exhaustive error guard → updated to current variants (EdgeCookie/PartnerNotFound/InsecureDefault, no Ec).

Non-blocking

🌱 seedling

• Unknown-module empty hash: an unknown module ID yields a ?v= (empty hash) URL to a non-existent bundle. Test documents it; worth a follow-up on whether to reject instead. (tsjs.rs:182)
• nurl/burl uncovered: always None in make_bid, so their response-serialization branch is untested. (auction/formats.rs:405)

⛏ nitpick

• make_settings() passthrough: one-line wrapper over create_test_settings(); could be inlined. (auction/formats.rs:352)

CI Status

• cargo fmt: PASS
• cargo clippy: PASS
• cargo test: PASS
• vitest: PASS
• integration tests: PASS
• browser integration tests: PASS