Sync EdgeZero PR #257 updates

[aram356]

Summary

Syncs this branch with the EdgeZero tooling/dependency updates and standardizes
crate naming, rebased on top of main. Since this branch was opened, main
landed its own HTTP-types migration (PR 12 / PR 13 — #624, #626) and additional
features (DataDome server-side protection #769, configurable integration proxy
paths #759, image proxy fixes, and several test-coverage additions). The
overlapping work has been reconciled in favor of main's newer architecture,
so this PR now carries only the changes that are genuinely additive over main.

EdgeZero dependency + toolchain

• Point the edgezero-* git dependencies at the upstream main branch
  (rather than a pinned rev), so this app tracks current EdgeZero.
• Bump fastly / log-fastly to 0.12 to match the version EdgeZero main
  pins.
• Forward-port to the newer EdgeZero / Fastly APIs:
  • edgezero_core::body::Body::into_bytes() now returns Option<Bytes>
    (None only for streaming bodies). Buffered-body call sites use
    .unwrap_or_default(), preserving prior Bytes semantics. For
    size-bounded reads, Body::into_bytes_bounded(max) is now available.
  • Fastly 0.12's get_tls_protocol() / get_tls_cipher_openssl_name() now
    return Result<Option<&str>>; adapter call sites use .ok().flatten().
• Update tool pins: Rust 1.91.1 → 1.95.0 (rust-toolchain.toml +
  .tool-versions), Fastly CLI 13.3.0 → 15.1.0, Viceroy 0.16.4 → 0.17.0,
  add Wasmtime 44.0.1.

Crate naming

• Standardize every crate on the trusted-server-* prefix:
  • crates/js → crates/trusted-server-js
  • crates/openrtb → crates/trusted-server-openrtb
  • crates/openrtb-codegen → crates/trusted-server-openrtb-codegen
  • crates/integration-tests → crates/trusted-server-integration-tests
  • Package names, workspace members, and internal references updated to match.
• Refresh clippy.toml to the EdgeZero-style configuration.

Reconciliation decisions (vs. the original PR intent)

• Integration HTTP code: main's HTTP-types migration supersedes this
  branch's older fastly::-based integration code, so the conflicted files take
  main's versions (the http:: / async EdgeZero platform surface).
• Clippy lint posture: the original branch enabled a strict
  restriction = "deny" workspace posture. That produced large, unrelated churn
  against main's current code, so the workspace lint levels stay at
  main's posture. (clippy.toml config is still refreshed; clippy -D warnings is green.)
• Lockfiles: root Cargo.lock and the excluded
  trusted-server-integration-tests/Cargo.lock are resynced to EdgeZero main
  • Fastly 0.12 and pass --locked.

Known limitation (tracked separately)

trusted-server-core is not yet platform-agnostic: it still has an
unconditional fastly dependency, with the coupling in compat.rs (a
fastly::Request ↔ http::Request bridge) and backend.rs
(fastly::backend::Backend). Only trusted-server-adapter-fastly exists today;
the workspace declares (currently unused) edgezero-adapter-axum /
edgezero-adapter-cloudflare, and there is no Spin adapter. Extracting the
Fastly coupling out of core so it can run on the other EdgeZero adapters
(Cloudflare Workers, Spin, Axum) is intentionally out of scope for this PR
and will be done separately.

Verification

• cargo fmt --all -- --check
• cargo clippy --workspace --all-targets --all-features -- -D warnings
• cargo test --workspace
• cargo build --package trusted-server-adapter-fastly --release --target wasm32-wasip1
• cargo metadata --locked (root)
• cargo metadata --locked (crates/trusted-server-integration-tests)
• cargo metadata --locked (crates/trusted-server-openrtb-codegen)
• cd crates/trusted-server-js/lib && npx vitest run
• cd crates/trusted-server-js/lib && npm run format
• cd docs && npm run format

References stackpop/edgezero#257

[ChristianPavilonis]

Automated review: I reviewed PR #761 against main, focusing on the EdgeZero/Fastly API update, crate/path renames, build and CI wiring, and the touched runtime code paths. CI is green and I did not find any blocking correctness, security, data-loss, authorization, or severe compatibility issues. I left one low-severity documentation/operational comment.

[ChristianPavilonis]

Automated review: I reviewed PR #761 against main, focusing on the EdgeZero/Fastly API migration, Body/TLS API call sites, crate renames, CI/script path updates, lockfiles, OpenRTB regeneration paths, and touched runtime/security-sensitive code. CI is green, existing CodeQL/README feedback has already been addressed or is non-blocking, and I did not find any blocking correctness, security, data-loss, authorization, or severe compatibility issues in this pass.

[ChristianPavilonis]

Review Summary

😃 Approved. I reviewed PR #761 against main, with another pass over the rename/tooling/doc fallout after the EdgeZero/Fastly sync. CI is green.

🔧 I left a few non-blocking inline doc suggestions using GitHub suggestion blocks so they can be applied directly.

📝 One additional cleanup is worth doing but could not be attached as an inline suggestion because those files are not part of the PR diff: tracked Claude helper files still reference the deleted crates/js/lib path (for example .claude/commands/check-ci.md, .claude/commands/verify.md, .claude/agents/verify-app.md, .claude/agents/build-validator.md). Please replace remaining crates/js references with crates/trusted-server-js so local/agent verification helpers keep working after the crate rename.

[ChristianPavilonis]

🔧 Docs: match the actual JS entrypoint discovery shape

The build discovers integration directories with an index.ts entrypoint (crates/trusted-server-js/lib/build-all.mjs), not arbitrary .ts files directly under src/integrations. Following the current example would create testlight.ts, which is not bundled.

Suggested change

Place any integration-specific JavaScript entrypoint under `crates/trusted-server-js/lib/src/integrations/` (for example, `crates/trusted-server-js/lib/src/integrations/testlight.ts`). The shared `npm run build` script automatically discovers every file in that directory and produces a bundle named `tsjs-<entry>.js`, which the Rust crate embeds as `/static/tsjs=tsjs-<entry>.min.js`.

Place any integration-specific JavaScript entrypoint under `crates/trusted-server-js/lib/src/integrations/<integration-id>/index.ts` (for example, `crates/trusted-server-js/lib/src/integrations/testlight/index.ts`). The shared `npm run build` script automatically discovers every integration directory with an `index.ts` file and produces a bundle named `tsjs-<integration-id>.js`, which the Rust crate embeds as `/static/tsjs=tsjs-<integration-id>.min.js`.

[ChristianPavilonis]

🔧 Docs: point at the real Testlight TS entrypoint

testlight.ts does not exist after the directory-entrypoint build layout; the actual bundle entry is testlight/index.ts.

Suggested change

	- `crates/trusted-server-js/lib/src/integrations/testlight.ts` - TypeScript shim
	- `crates/trusted-server-js/lib/src/integrations/testlight/index.ts` - TypeScript shim

[ChristianPavilonis]

🔧 Docs: fix the generated bundle output directory

build-all.mjs writes to the crate-level dist directory (crates/trusted-server-js/dist), not lib/dist.

Suggested change

	Each integration is built as a separate IIFE at compile time (`crates/trusted-server-js/lib/dist/`):
	Each integration is built as a separate IIFE at compile time (`crates/trusted-server-js/dist/`):