Test FastlyPlatformSecretStore read path and write stubs (PR4)

[prk-Jr]

Summary

• Adds three targeted tests to FastlyPlatformSecretStore in the Fastly adapter to prove the read path and write stubs satisfy issue Secret store trait (read-only) #485's "Done when" criteria
• Tests cover: store-open failure (maps to PlatformError::SecretStore), create() stub (PlatformError::NotImplemented), and delete() stub (PlatformError::NotImplemented)
• No implementation code is added — all production code already existed from prior PRs; this PR is tests only

Changes

File	Change
crates/trusted-server-adapter-fastly/src/platform.rs	Add three tests in the existing #[cfg(test)] block

Closes

Closes #485

Test plan

• cargo test --workspace
• cargo clippy --workspace --all-targets --all-features -- -D warnings
• cargo fmt --all -- --check
• JS tests: cd crates/js/lib && npx vitest run — N/A (no JS changes)
• JS format: cd crates/js/lib && npm run format — N/A (no JS changes)
• Docs format: cd docs && npm run format — N/A (no docs changes)
• WASM build: cargo build --package trusted-server-adapter-fastly --release --target wasm32-wasip1 — N/A (#[cfg(test)] code is excluded from WASM binary)
• Manual testing via fastly compute serve — N/A (tests only)

Checklist

• Changes follow CLAUDE.md conventions
• No unwrap() in production code — use expect("should ...")
• Uses tracing macros (not println!)
• New code has tests
• No secrets or credentials committed

[aram356]

Summary

This PR introduces a full platform abstraction layer (+2553/-530 lines, 25 files) including crates/trusted-server-core/src/platform/, a new storage module, RuntimeServices threading, geo refactor, backend validation, and config store hardening. The code is well-structured with good documentation and proper error handling. Main concerns are the PR description accuracy and code duplication between adapter and core storage.

Blocking

🔧 wrench

• PR description severely understates scope: The description claims "No implementation code is added — all production code already existed from prior PRs; this PR is tests only" touching one file. The actual diff is +2553/-530 across 25 files with significant production code changes (platform abstraction, storage module, RuntimeServices wiring, fastly_storage.rs deletion, geo refactor, backend validation). This makes the PR difficult to review accurately and could mislead approvers. Please rewrite the PR body to accurately describe the full scope.

• Code duplication between adapter and core storage: See inline comment on config_store.rs:17.

❓ question

• URL-encoding behavioral change: See inline comment on api_client.rs:22.

Non-blocking

🤔 thinking

• Unsupported vs NotImplemented distinction (platform/error.rs:27-32): Test doubles return Unsupported, adapter stubs return NotImplemented. The distinction is documented but callers may not realistically branch on it.

♻️ refactor

• LazyLock for trivial conversion (request_signing/jwks.rs:17-18): LazyLock for StoreName::from(JWKS_CONFIG_STORE_NAME) is heavyweight for a String from &str. Could be simplified if StoreName supported const fn or if get() accepted &str.

🌱 seedling

• PlatformHttpClient: Send + Sync with ?Send futures (platform/http.rs:203-204): Correct for wasm32 and well-documented. May need revisiting if a multi-threaded adapter (e.g., Axum) is added.

👍 praise

• Newtype StoreName/StoreId (platform/types.rs): Prevents accidental swaps between runtime edge names and management API identifiers. Clean implementation.
• Graceful KV store degradation (adapter-fastly/src/main.rs:66-79): Fallback to UnavailableKvStore keeps non-synthetic routes working when KV is unavailable.
• Control character validation in BackendConfig (backend.rs:107-116): Prevents log/header injection attacks. Good security hardening.
• Geo deduplication via geo_from_fastly (geo.rs): Eliminates duplication between legacy and new paths.
• Comprehensive test coverage: Platform stubs are well-tested including edge cases (empty host, custom timeout, nocert suffix, store failures).

⛏ nitpick

• PR checklist says "Uses tracing macros": Project convention in CLAUDE.md specifies log macros (with log-fastly backend), not tracing.

📝 note

• CLAUDE.md removes attach_with() guidance: attach_with() is a valid error-stack API for lazy attachment via closure. Fine to remove if unused in this project.
• test_support module is pub(crate) + #[cfg(test)]: Adapter crate can't reuse it, which is fine since it has its own stubs.

CI Status

• All checks: PASS

[ChristianPavilonis]

Clean, minimal test-only PR. All three tests are correct, follow project conventions, and provide meaningful coverage of the targeted code paths. LGTM.

[aram356]

Summary

Clean, small, test-only PR that correctly verifies the secret store open-failure path and both write-stub behaviors. Code follows project conventions consistently.

Non-blocking

👍 praise

• Consistent style and convention adherence: Tests follow all CLAUDE.md conventions — expect_err("should ...") messages, Arrange-Act-Assert pattern, descriptive assertions, section comment separators matching existing patterns, and consistent naming. Good mirroring of the existing config store and HTTP client test patterns. (platform.rs:537-575)

🌱 seedling

• Missing config store write-stub test symmetry: PR3 added FastlyPlatformConfigStore with put() and delete() stubs returning NotImplemented, but no tests for those. Consider adding fastly_platform_config_store_put_returns_not_implemented and fastly_platform_config_store_delete_returns_not_implemented in a follow-up.
• Happy-path test for get_secret_bytes: Two failure modes are tested (open failure, decrypt failure), but no success path. The StubSecretStore already supports Ok(Some(bytes)), so a happy-path test would be straightforward. The "key not found" path (Ok(None)) is also untested.
• StubSecretStore missing Lookup error variant: StubSecretReadError only has a Decrypt variant. Adding a Lookup variant would allow testing the lookup-failure path through the stub.

CI Status

• fmt: PASS
• clippy: PASS
• rust tests: PASS