Route KV access through RuntimeServices (PR 5)

[prk-Jr]

Summary

• Route the remaining live core KV usage through the generic RuntimeServices::kv_store path so PR5 matches the EdgeZero portability design instead of a Fastly-specific side channel.
• Lazily inject the configured Fastly consent KV store only for consent-dependent routes, keeping discovery, admin, and unrelated traffic unaffected when that store is unavailable.
• Move the trait-backed KV implementation into storage/kv_store.rs, add adapter regression coverage, and align the migration spec with the current repo scope.

Changes

File	Change
crates/trusted-server-adapter-fastly/src/main.rs	Replace the consent-specific runtime KV wiring with the generic kv_store slot and lazily swap in the configured consent store only on consent-dependent routes.
crates/trusted-server-adapter-fastly/src/route_tests.rs	Add adapter-level regression coverage proving a missing configured consent store only breaks consent-dependent routes.
crates/trusted-server-core/src/auction/README.md	Update examples and docs to reflect the RuntimeServices-backed handler signatures.
crates/trusted-server-core/src/auction/endpoints.rs	Pass the generic runtime KV store into the consent pipeline for auction requests.
crates/trusted-server-core/src/consent/mod.rs	Re-export the moved KV module through consent::kv and update consent pipeline docs.
crates/trusted-server-core/src/platform/mod.rs	Add tests covering cloneability and with_kv_store replacement semantics on RuntimeServices.
crates/trusted-server-core/src/platform/types.rs	Expose RuntimeServices::kv_store() and RuntimeServices::with_kv_store(...) for portable KV injection.
crates/trusted-server-core/src/publisher.rs	Consume the generic runtime KV service for consent fallback and revoke cleanup.
crates/trusted-server-core/src/consent/kv.rs -> crates/trusted-server-core/src/storage/kv_store.rs	Move the trait-backed consent KV implementation under storage, preserving the public consent::kv API via re-export.
crates/trusted-server-core/src/storage/mod.rs	Export the new kv_store module.
docs/superpowers/specs/2026-03-19-edgezero-migration-design.md	Align the PR5 migration notes with the current live KV scope in the repository.

Closes

Closes #486

Test plan

• cargo test --workspace
• cargo clippy --workspace --all-targets --all-features -- -D warnings
• cargo fmt --all -- --check
• JS tests: cd crates/js/lib && npx vitest run
• JS format: cd crates/js/lib && npm run format
• Docs format: cd docs && npm run format
• WASM build: cargo build --package trusted-server-adapter-fastly --release --target wasm32-wasip1
• Manual testing via fastly compute serve
• Other: cargo doc --no-deps --all-features (passes with existing rustdoc warnings unrelated to this PR)

JS tests are currently failing in the workspace with a pre-existing Vitest worker startup error rooted in ERR_REQUIRE_ESM between html-encoding-sniffer and @exodus/bytes/encoding-lite.js. This PR does not touch JS code.

Checklist

• Changes follow CLAUDE.md conventions
• No unwrap() in production code — use expect("should ...")
• Uses log macros (not println!)
• New code has tests
• No secrets or credentials committed

[aram356]

Summary

Well-structured PR that cleanly routes remaining KV usage through RuntimeServices for EdgeZero portability. The key design decisions are sound.

Non-blocking

⛏ nitpick

• Stale #[allow(dead_code)] on open_kv_store (platform.rs): open_kv_store now has a live call site in main.rs (runtime_services_for_consent_route), so #[allow(dead_code)] is no longer needed and would mask future regressions.
• match ... Err(e) => Err(e) pattern (main.rs:156): Could use ? to propagate, though the current form is arguably more readable with the async Ok branch.

♻️ refactor

• Duplicate make_test_context() helper (storage/kv_store.rs): Defined identically in both mod tests and mod new_api_tests. Could be extracted to a shared #[cfg(test)] helper within the file.

🤔 thinking

• open_kv_store called per-request: Not a regression (old code did the same), but the store could be opened once at startup since settings.consent.consent_store is static for the process lifetime. The lazy injection pattern is nice for fault isolation though — just worth considering.

🌱 seedling

• consent_store config checked in two places: Both handle_auction (auction/endpoints.rs) and handle_publisher_request (publisher.rs) re-check settings.consent.consent_store, but the adapter already performs this check in runtime_services_for_consent_route. Future PR could simplify by signaling "consent KV available" at the RuntimeServices level.

📝 note

• Fingerprint moved from KV metadata to body: Old code stored fingerprint in Fastly KV metadata (platform-specific). New code embeds fp in JSON body with #[serde(default)] for backward compat — entries without fp trigger self-healing re-write. Clean migration path.

👍 praise

• Lazy consent store injection: Starting with UnavailableKvStore and lazily replacing only for consent-dependent routes — misconfigured store only breaks /auction and publisher while health, discovery, and admin remain functional.
• Thorough route test coverage: configured_missing_consent_store_only_breaks_consent_routes validates four distinct route categories and directly proves the fault isolation claim.

CI Status

All checks pass.