Summary
Complete the legacy consent_store removal described and closed in #666.
The current code still contains consent KV load/save/delete helpers and ConsentPipelineInput plumbing, but production EcContext construction passes ec_id: None and kv_store: None, so those operations are not used. On the Fastly EdgeZero path, a configured consent_store can still be opened as a fail-closed route dependency even though the opened store is not wired into consent load/save.
This leaves dead persistence code, misleading documentation/configuration, and a store availability dependency that does not provide the advertised consent continuity.
Proposed direction
Follow the decision already recorded in #666: request cookies/headers/geo are the live consent source, while EC identity lifecycle and withdrawal state live in the EC identity store. Remove the remaining separate consent-KV path rather than accidentally wiring its read-before-write behavior onto the request hot path.
If persisted consent continuity has become a product requirement since #666, stop and define that contract explicitly before implementation instead of preserving the current half-wired state.
Acceptance criteria
- Remove
consent_store from active configuration, examples, manifests, and adapter route dependencies.
- Remove unused consent KV fields and branches from
ConsentPipelineInput and build_consent_context.
- Remove
crates/trusted-server-core/src/storage/kv_store.rs and tests when no live caller remains.
- EdgeZero consent-dependent routes no longer open an otherwise-unused consent KV store.
- Documentation clearly states the authoritative sources for live consent and withdrawal enforcement.
- Existing consent gating and EC tombstone behavior remain unchanged.
- Migration/config parsing behavior for deployments that still contain
consent_store is documented and tested.
Relevant code
crates/trusted-server-core/src/consent/mod.rs
crates/trusted-server-core/src/consent_config.rs
crates/trusted-server-core/src/storage/kv_store.rs
crates/trusted-server-core/src/ec/mod.rs
crates/trusted-server-adapter-fastly/src/app.rs
Summary
Complete the legacy
consent_storeremoval described and closed in #666.The current code still contains consent KV load/save/delete helpers and
ConsentPipelineInputplumbing, but productionEcContextconstruction passesec_id: Noneandkv_store: None, so those operations are not used. On the Fastly EdgeZero path, a configuredconsent_storecan still be opened as a fail-closed route dependency even though the opened store is not wired into consent load/save.This leaves dead persistence code, misleading documentation/configuration, and a store availability dependency that does not provide the advertised consent continuity.
Proposed direction
Follow the decision already recorded in #666: request cookies/headers/geo are the live consent source, while EC identity lifecycle and withdrawal state live in the EC identity store. Remove the remaining separate consent-KV path rather than accidentally wiring its read-before-write behavior onto the request hot path.
If persisted consent continuity has become a product requirement since #666, stop and define that contract explicitly before implementation instead of preserving the current half-wired state.
Acceptance criteria
consent_storefrom active configuration, examples, manifests, and adapter route dependencies.ConsentPipelineInputandbuild_consent_context.crates/trusted-server-core/src/storage/kv_store.rsand tests when no live caller remains.consent_storeis documented and tested.Relevant code
crates/trusted-server-core/src/consent/mod.rscrates/trusted-server-core/src/consent_config.rscrates/trusted-server-core/src/storage/kv_store.rscrates/trusted-server-core/src/ec/mod.rscrates/trusted-server-adapter-fastly/src/app.rs