basic docs site setup with some ai docs

Author: ChristianPavilonis

.github/workflows/deploy-docs.yml

@@ -0,0 +1,67 @@
+name: Deploy VitePress Docs
+
+on:
+  push:
+    branches: [main]
+    paths:
+      - 'docs/**'
+      - '.github/workflows/deploy-docs.yml'
+  workflow_dispatch:  # Allow manual triggers
+
+# Sets permissions for GitHub Pages deployment
+permissions:
+  contents: read
+  pages: write
+  id-token: write
+
+# Prevent concurrent deployments
+concurrency:
+  group: pages
+  cancel-in-progress: false
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0  # For lastUpdated feature
+
+      - name: Retrieve Node.js version
+        id: node-version
+        run: echo "node-version=$(grep '^nodejs ' .tool-versions | awk '{print $2}')" >> $GITHUB_OUTPUT
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: ${{ steps.node-version.outputs.node-version }}
+          cache: 'npm'
+          cache-dependency-path: docs/package-lock.json
+
+      - name: Setup Pages
+        uses: actions/configure-pages@v4
+
+      - name: Install dependencies
+        working-directory: docs
+        run: npm ci
+
+      - name: Build with VitePress
+        working-directory: docs
+        run: npm run build
+
+      - name: Upload artifact
+        uses: actions/upload-pages-artifact@v3
+        with:
+          path: docs/.vitepress/dist
+
+  deploy:
+    environment:
+      name: github-pages
+      url: ${{ steps.deployment.outputs.page_url }}
+    needs: build
+    runs-on: ubuntu-latest
+    steps:
+      - name: Deploy to GitHub Pages
+        id: deployment
+        uses: actions/deploy-pages@v4

docs/.gitignore

@@ -0,0 +1,3 @@
+node_modules
+.vitepress/dist
+.vitepress/cache

docs/.vitepress/config.mts

@@ -0,0 +1,56 @@
+import { defineConfig } from 'vitepress'
+
+// https://vitepress.dev/reference/site-config
+export default defineConfig({
+  title: "Trusted Server",
+  description: "Privacy-preserving edge computing for ad serving and synthetic ID generation",
+  themeConfig: {
+    // https://vitepress.dev/reference/default-theme-config
+    nav: [
+      { text: 'Home', link: '/' },
+      { text: 'Guide', link: '/guide/getting-started' },
+    ],
+
+    sidebar: [
+      {
+        text: 'Introduction',
+        items: [
+          { text: 'What is Trusted Server?', link: '/guide/what-is-trusted-server' },
+          { text: 'Getting Started', link: '/guide/getting-started' }
+        ]
+      },
+      {
+        text: 'Core Concepts',
+        items: [
+          { text: 'Synthetic IDs', link: '/guide/synthetic-ids' },
+          { text: 'GDPR Compliance', link: '/guide/gdpr-compliance' },
+          { text: 'Ad Serving', link: '/guide/ad-serving' }
+        ]
+      },
+      {
+        text: 'Security',
+        items: [
+          { text: 'Request Signing', link: '/guide/request-signing' },
+          { text: 'Key Rotation', link: '/guide/key-rotation' }
+        ]
+      },
+      {
+        text: 'Development',
+        items: [
+          { text: 'Architecture', link: '/guide/architecture' },
+          { text: 'Configuration', link: '/guide/configuration' },
+          { text: 'Testing', link: '/guide/testing' }
+        ]
+      }
+    ],
+
+    socialLinks: [
+      { icon: 'github', link: 'https://github.com/IABTechLab/trusted-server' }
+    ],
+
+    footer: {
+      message: 'Released under the Apache License 2.0.',
+      copyright: 'Copyright © 2018-present IAB Technology Laboratory'
+    }
+  }
+})

docs/guide/ad-serving.md

@@ -0,0 +1,115 @@
+# Ad Serving
+
+Learn how Trusted Server handles privacy-compliant ad serving.
+
+## Overview
+
+Trusted Server provides edge-based ad serving with built-in GDPR compliance and real-time bidding support.
+
+## Supported Integrations
+
+### Equativ
+
+Primary ad server integration with support for:
+- Direct ad requests
+- Creative proxying
+- Click tracking
+- Impression tracking
+
+### Prebid
+
+Real-time bidding integration:
+- Header bidding support
+- Bid caching
+- Timeout management
+- Winner selection
+
+## Ad Request Flow
+
+1. Request validation
+2. GDPR consent check
+3. Synthetic ID generation (if consented)
+4. Ad server request
+5. Response processing
+6. Creative delivery
+
+## Configuration
+
+Configure ad servers in `trusted-server.toml`:
+
+```toml
+[ad_servers.equativ]
+endpoint = "https://ad-server.example.com"
+timeout_ms = 1000
+enabled = true
+
+[prebid]
+timeout_ms = 1500
+cache_ttl = 300
+```
+
+## Creative Handling
+
+### Proxy Mode
+
+Creatives can be proxied through Trusted Server for:
+- Security scanning
+- Content modification
+- Click tracking injection
+- GDPR compliance
+
+### Direct Mode
+
+Creatives served directly from ad server:
+- Lower latency
+- Reduced edge load
+- Less control over content
+
+## Tracking
+
+### Impression Tracking
+
+```javascript
+// Placeholder example
+trustedServer.trackImpression({
+    adId: 'ad-123',
+    syntheticId: 'synthetic-xyz',
+    consent: true
+});
+```
+
+### Click Tracking
+
+Click tracking with privacy preservation:
+- No PII in URLs
+- Synthetic ID only (with consent)
+- Encrypted parameters
+
+## Performance
+
+### Edge Caching
+
+- Bid responses cached at edge
+- Creative assets cached
+- Configuration cached
+- Reduced origin requests
+
+### Timeouts
+
+Configurable timeouts for:
+- Ad server requests
+- Prebid auctions
+- Creative fetching
+
+## Best Practices
+
+1. Set appropriate timeouts for your use case
+2. Enable caching for frequently requested ads
+3. Monitor ad server response times
+4. Use proxy mode for security-sensitive content
+5. Implement fallback ads
+
+## Next Steps
+
+- Review [Architecture](/guide/architecture)
+- Configure [Testing](/guide/testing)

docs/guide/architecture.md

@@ -0,0 +1,122 @@
+# Architecture
+
+Understanding the architecture of Trusted Server.
+
+## High-Level Overview
+
+Trusted Server is built as a Rust-based edge computing application that runs on Fastly Compute platform.
+
+```
+┌─────────────┐
+│   Browser   │
+└──────┬──────┘
+       │
+       ▼
+┌─────────────────────┐
+│  Trusted Server     │
+│  (Fastly Edge)      │
+│  ┌───────────────┐  │
+│  │ GDPR Check    │  │
+│  │ Synthetic IDs │  │
+│  │ Ad Serving    │  │
+│  └───────────────┘  │
+└──────┬──────────────┘
+       │
+       ▼
+┌─────────────────────┐
+│   Ad Servers        │
+│   KV Stores         │
+│   External APIs     │
+└─────────────────────┘
+```
+
+## Core Components
+
+### trusted-server-common
+
+Core library containing shared functionality:
+- Synthetic ID generation
+- Cookie handling
+- HTTP abstractions
+- GDPR consent management
+- Ad server integrations
+
+### trusted-server-fastly
+
+Fastly-specific implementation:
+- Main application entry point
+- Fastly SDK integration
+- Request/response handling
+- KV store access
+
+## Design Patterns
+
+### RequestWrapper Trait
+
+Abstracts HTTP request handling to support different backends:
+
+```rust
+// Placeholder example
+pub trait RequestWrapper {
+    fn get_header(&self, name: &str) -> Option<String>;
+    fn get_cookie(&self, name: &str) -> Option<String>;
+    // ...
+}
+```
+
+### Settings-Driven Configuration
+
+External configuration via `trusted-server.toml` allows deployment-time customization without code changes.
+
+### Privacy-First Design
+
+All tracking operations require explicit GDPR consent checks before execution.
+
+## Data Flow
+
+1. **Request Ingress** - Request arrives at Fastly edge
+2. **Consent Validation** - GDPR consent checked
+3. **ID Generation** - Synthetic ID generated (if consented)
+4. **Ad Request** - Backend ad server called
+5. **Response Processing** - Creative processed and modified
+6. **Response Egress** - Response sent to browser
+
+## Storage
+
+### Fastly KV Store
+
+Used for:
+- Counter storage
+- Domain mappings
+- Configuration cache
+- Synthetic ID state
+
+### No User Data Persistence
+
+User data is not persisted in storage - only processed in-flight at the edge.
+
+## Performance Characteristics
+
+- **Low Latency** - Edge execution near users
+- **High Throughput** - Parallel request processing
+- **Global Distribution** - Fastly's global network
+- **Caching** - Aggressive edge caching
+
+## Security
+
+- **HMAC-based IDs** - Cryptographically secure identifiers
+- **No PII Storage** - Privacy by design
+- **Request Signing** - Optional request authentication
+- **Content Security** - Creative scanning and modification
+
+## WebAssembly Target
+
+Compiled to `wasm32-wasip1` for Fastly Compute:
+- Sandboxed execution
+- Fast cold starts
+- Efficient resource usage
+
+## Next Steps
+
+- Learn about [Configuration](/guide/configuration)
+- Set up [Testing](/guide/testing)