Skip to content

Add opt-in SSAT compression offload#884

Open
ChristianPavilonis wants to merge 2 commits into
refactor/ssat-streamingfrom
issue-858-ssat-compression-offload
Open

Add opt-in SSAT compression offload#884
ChristianPavilonis wants to merge 2 commits into
refactor/ssat-streamingfrom
issue-858-ssat-compression-offload

Conversation

@ChristianPavilonis

Copy link
Copy Markdown
Collaborator

Summary

  • add a disabled-by-default publisher.ssat_compression_offload_enabled rollout guard
  • explicitly declare delivery-compression capability at each adapter boundary so only Fastly can activate the offload path
  • request identity HTML from the origin, process supported origin encodings to identity output, and let Fastly dynamically compress delivery with X-Compress-Hint: on
  • preserve current mirror compression for disabled, non-SSAT, and non-Fastly paths
  • preserve SSAT private cache behavior and document the origin bandwidth/10 MiB raw-body tradeoff

Decision and measurement

The staging experiment found that identity-origin plus Fastly delivery compression reduced guest processing from approximately 44.6 ms to 9.0 ms and Fastly vCPU from 47 ms to 19 ms on the measured page. Browser delivery remained Brotli-compressed.

Because identity origin responses are substantially larger and still count against the current Fastly 10 MiB raw origin-response limit, this PR exposes the behavior as a publisher-level opt-in rather than changing the global default.

Behavior

When all three conditions are true:

  1. publisher.ssat_compression_offload_enabled = true
  2. the adapter declares Fastly dynamic delivery compression
  3. the existing server-side ad stack eligibility gates pass

Trusted Server sends Accept-Encoding: identity to the publisher origin. Supported gzip, deflate, or Brotli responses from origins that ignore the request are still decoded safely. Processed HTML leaves the guest without Content-Encoding, carries X-Compress-Hint: on, and varies on Accept-Encoding for Fastly delivery.

Axum, Cloudflare, and Spin explicitly declare the capability unavailable and retain existing compression behavior even when the shared setting is enabled.

Validation

  • cargo fmt --all -- --check
  • cargo test-fastly
  • cargo test-axum
  • cargo test-cloudflare
  • cargo test-spin
  • cargo clippy-fastly
  • cargo clippy-axum
  • cargo clippy-cloudflare
  • cargo clippy-cloudflare-wasm
  • cargo clippy-spin-native
  • cargo clippy-spin-wasm
  • cargo test --manifest-path crates/trusted-server-integration-tests/Cargo.toml --test parity
  • cd crates/trusted-server-js/lib && npx vitest run
  • cd crates/trusted-server-js/lib && npm run format
  • cd crates/trusted-server-js/lib && node build-all.mjs
  • npx --yes prettier@3.8.1 --check docs

Closes #858

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant