Summary
trusted-server.example.toml is the source-controlled config template (ts config init, and embedded into the Cloudflare/Spin adapters via include_str!). Over time it drifted from the supported config schema: it dropped several sections that still exist in the Rust config structs, and it doesn't clearly distinguish the required minimum config from optional/vendor settings.
Problems
- No clear "minimum config". Nothing in the file signals that only
[publisher], [ec].passphrase, and an admin-covering [[handlers]] are required to boot/validate. [ec] in particular is easy to assume optional, but an omitted/empty passphrase fails validation.
- Dropped-but-still-supported sections. The following map to live structs yet were missing from the template:
[tester_cookie], [rewrite], the [consent] tree, [image_optimizer], [tinybird], [integrations.osano], publisher.max_buffered_body_bytes, sourcepoint.auth_cookie_name, DataDome protection fields, Prebid override rules.
- Sparse descriptions. Most keys have no explanation of what they do or their defaults.
Proposed change
- Keep the required trio active with per-key descriptions.
- Comment out every optional section/integration, each with a one-line description, so a fresh deploy starts minimal and safe.
- Re-add the dropped-but-supported sections as documented (commented) blocks.
- Keep the four
ts audit-patched integrations (gpt, didomi, datadome, google_tag_manager) active with enabled = false so the audit CLI can still flip them.
- Keep all example hosts as
example.com (no real vendor domains).
Acceptance
- File deserializes and passes
Settings::from_toml validation (verified with real secrets substituted for the intentional placeholders).
ts audit draft-config patching still works (run_audit_writes_selected_outputs_and_summary).
- Config schema in the file matches the actual Rust structs.
Summary
trusted-server.example.tomlis the source-controlled config template (ts config init, and embedded into the Cloudflare/Spin adapters viainclude_str!). Over time it drifted from the supported config schema: it dropped several sections that still exist in the Rust config structs, and it doesn't clearly distinguish the required minimum config from optional/vendor settings.Problems
[publisher],[ec].passphrase, and an admin-covering[[handlers]]are required to boot/validate.[ec]in particular is easy to assume optional, but an omitted/empty passphrase fails validation.[tester_cookie],[rewrite], the[consent]tree,[image_optimizer],[tinybird],[integrations.osano],publisher.max_buffered_body_bytes,sourcepoint.auth_cookie_name, DataDome protection fields, Prebid override rules.Proposed change
ts audit-patched integrations (gpt,didomi,datadome,google_tag_manager) active withenabled = falseso the audit CLI can still flip them.example.com(no real vendor domains).Acceptance
Settings::from_tomlvalidation (verified with real secrets substituted for the intentional placeholders).ts auditdraft-config patching still works (run_audit_writes_selected_outputs_and_summary).