Add OpenRTB 2.6 proto types

[ChristianPavilonis]

Summary

• Replace hand-written OpenRTB types with spec-compliant generated types from the official IAB Tech Lab protobuf schema, ensuring full OpenRTB 2.6 coverage including DOOH, GPP, Qty, Refresh, and DurFloors fields.
• Enrich Prebid bid requests with many more OpenRTB fields derived from available auction data — bid floors, device signals, user consent, geo, regs/privacy, site referrer, and request-level defaults.

Changes

File	Change
crates/openrtb/Cargo.toml	New crate (edition 2024) with serde, serde_json — no prost runtime dep
crates/openrtb/proto/openrtb.proto	OpenRTB 2.6 proto2 schema from IAB Tech Lab upstream
crates/openrtb/src/generated.rs	Checked-in generated code (1566 lines) — no build-time protoc needed
crates/openrtb/src/codegen.rs	Postprocessing logic (strip prost derives, inject serde, add ext fields) with 7 unit tests
crates/openrtb/src/lib.rs	bool_as_int serde module (6 edge-case tests), ToExt supertrait, explicit re-exports, deserialization tests
crates/openrtb/generate.sh	Bash wrapper to regenerate from proto using the codegen crate
crates/openrtb/README.md	Crate documentation
crates/openrtb-codegen/	Standalone codegen crate (excluded from workspace) with prost-build dependency
crates/common/src/openrtb.rs	Replace ~180 lines of hand-written structs with type aliases; shared to_openrtb_i32() helper; opt-in ToExt impls for 4 ext types
crates/common/src/geo.rs	GDPR_COUNTRIES set (EU/EEA/UK), is_gdpr_country() function with 5 tests
crates/common/src/integrations/prebid.rs	Enrich bid requests with bid floors, device signals, consent, geo, regs, site fields; DEFAULT_CURRENCY and GPC_US_PRIVACY constants; language subtag stripping; typed get_prebid_ext() test helper; 17+ tests
crates/common/src/auction/formats.rs	Update response construction for generated types with Option wrappers and ToExt
crates/common/Cargo.toml	Add trusted-server-openrtb dependency
Cargo.toml	Add openrtb to workspace members, exclude openrtb-codegen, remove prost-build from workspace deps
Cargo.lock	Dependency additions (serde derives for openrtb)
.github/workflows/format.yml	Removed protoc install step (no longer needed)
.github/workflows/test.yml	Removed protoc install step (no longer needed)

Key design decisions

• No prost runtime dependency: Generated code has prost::Enumeration and alloc types stripped during postprocessing, so the openrtb crate only depends on serde.
• Checked-in generated code: Avoids requiring protoc in CI/dev environments. Regenerate via ./generate.sh when the proto changes.
• GDPR via geo check: Uses Fastly geo.country_code() to determine GDPR applicability (EU/EEA/UK country list) rather than parsing TCF consent strings. Falls back to consent string presence when geo is unavailable.
• ToExt as supertrait: ToExt: Serialize with opt-in impls on the 4 Prebid ext types, preventing accidental misuse.

Test plan

• cargo test --workspace — all tests pass
• cargo clippy --all-targets --all-features -- -D warnings
• cargo fmt --all -- --check
• JS tests: cd crates/js/lib && npx vitest run
• JS format: cd crates/js/lib && npm run format
• Docs format: cd docs && npm run format

[aram356]

(superseded — see latest review below)

[aram356]

Staff Engineer Review

Overall this is a solid change — introducing a proto-generated OpenRTB crate is the right call for spec compliance, and the enrichment of the bid request with consent, DNT, language, geo, floor prices, etc. is well-tested and well-commented.

Findings below use the code review emoji guide.

Summary

Emoji	Finding
🔧	build.rs text munging has no tests — add unit tests for postprocess()
🔧	Duplicated i32 conversion logic — extract shared helper
🔧	GDPR applicability inferred from consent string presence — can misclassify non-EEA traffic
🤔	prost runtime dep is unnecessary — strip prost::Enumeration or accept the bloat
🤔	ToExt blanket impl too broad — narrow to ext-relevant types
🤔	device.language keeps locale tag instead of primary language
🤔	Consider checking in generated code — eliminates protoc build dependency
🌱	Sec-GPC → us_privacy "1YYN" hardcoded — consider making configurable
⛏	Edition mismatch (2021 vs 2024)
⛏	Hardcoded "USD" / "1YYN" — extract named constants
⛏	pub use generated::* + manual re-exports redundancy
⛏	bool_as_int edge case tests
📌	CI protoc install is uncached and somewhat fragile

[ChristianPavilonis]

Review Response Summary

All 14 review comments have been addressed across 3 commits. Here's what changed:

Commit 1: f07ed22 — Core review fixes

1. Remove prost runtime dependency — Stripped prost::Enumeration derive + methods from generated code, replaced ::prost::alloc::{string::String, vec::Vec} with std equivalents. prost is no longer a dependency of the openrtb crate.
2. Narrow ToExt blanket impl — Changed from a blanket impl<T: Serialize> ToExt for T to a supertrait ToExt: Serialize with opt-in impls on the 4 ext types (PrebidExt, PrebidBidExt, PrebidImpExt, PrebidBidderExt).
3. GDPR from geo, not consent string — Replaced TCF consent-string parsing with is_gdpr_country() geo check using Fastly's geo.country_code() (EU/EEA/UK list). Falls back to checking consent string presence when geo is unavailable.
4. Extract constants — "USD" → DEFAULT_CURRENCY, "1YYN" → GPC_US_PRIVACY with documentation explaining the value and a note about future configurability.
5. Language subtag stripping — device.language now strips subtags (en-US → en) per OpenRTB spec.
6. Typed ext test helper — get_prebid_ext() now deserializes into PrebidExt struct instead of raw serde_json::Value.
7. Edition 2024 — Updated crates/openrtb/Cargo.toml from edition = "2021" to edition = "2024".

Commit 2: d0c18bc — Additional hardening

8. bool_as_int edge cases — Added 6 tests: null, string values, negative numbers, and round-trip serialization.
9. Minimal deserialization tests — Tests for empty {} JSON and unknown fields to verify resilience.
10. HashSet for GDPR countries — Switched from sorted array + binary search to LazyLock<HashSet> for O(1) lookups.

Commit 3: 0be0e0c — Check in generated code

11. Check in generated code — src/generated.rs (1566 lines) is now committed. Deleted build.rs.
12. Separate codegen crate — Created crates/openrtb-codegen/ (excluded from workspace) with prost-build dependency. A generate.sh script wraps the regeneration workflow.
13. Removed protoc from CI — Stripped protoc install steps from format.yml and test.yml workflows.
14. pub use generated::* → explicit re-exports — lib.rs now uses mod generated; with explicit generated:: prefixed paths only.

Also fixed

• Shared to_openrtb_i32() helper in common/openrtb.rs to eliminate duplicated u32 → i32 conversion logic.
• Extracted build.rs postprocessing logic into codegen.rs with 7 unit tests, shared via include!() between the openrtb crate (for testing) and the codegen crate (for generation).

[aram356]

🔧 P1 — GDPR can be forced to false even when a consent string exists

When geo resolves to a non-GDPR country, gdpr_from_geo is Some(false), which overrides the conservative fallback — even if user.consent contains a valid TCF string. The test to_openrtb_sets_gdpr_false_for_non_eu_country explicitly locks in this behavior.

Risk: IP geo false-negatives (VPN, mobile carrier, IP DB drift) can mark EU traffic as non-GDPR and weaken compliance signaling. A user in Berlin on a US mobile carrier IP gets gdpr=0 despite having a TCF consent string from a CMP.

Suggested fix — when geo says non-GDPR but a consent string is present, the consent string is the stronger signal:

let gdpr = match gdpr_from_geo {
    Some(true) => Some(true),
    Some(false) if request.user.consent.is_some() => Some(true),
    Some(false) => Some(false),
    None => request.user.consent.as_ref().map(|_| true),
};

[aram356]

🤔 P2 — bool_as_int deserialization misinterprets floating-point zero

n.as_i64() != Some(0) silently treats 0.0 as true. serde_json::Number returns None from as_i64() for 0.0 (stored as a float), so the expression evaluates to true.

While unlikely in well-formed OpenRTB, malformed payloads do appear in the wild. Suggested fix:

Some(serde_json::Value::Number(n)) => {
    Ok(Some(n.as_i64().map_or_else(
        || n.as_f64().is_some_and(|f| f != 0.0),
        |i| i != 0,
    )))
}

[aram356]

🤔 P2 — Invalid banner imps can still be emitted after dimension overflow filtering

When all formats for a slot have out-of-range dimensions, formats is empty but the Imp is still built with banner: Some(Banner { format: vec![], .. }). An impression with an empty format list is malformed per OpenRTB — some PBS adapters may reject it, reducing fill.

Consider changing .map() to .filter_map() and returning None when formats is empty:

.filter_map(|slot| {
    // ... format collection ...
    if formats.is_empty() {
        log::warn!("prebid: dropping imp '{}' — no valid banner formats", slot.id);
        return None;
    }
    Some(Imp { ... })
})

[aram356]

⛏ P3 — Empty Accept-Language header produces language = Some("")

If the header value is "", the split chain yields Some("".to_string()). An empty string for device.language is not useful and could confuse bidders.

Add .filter(|s| !s.is_empty()) after the final .to_string().

[aram356]

⛏ P3 — US-privacy comment mislabels position 1

The comment says "notice given (1)" but position 1 of the US Privacy string is the version number. The format is V(version)N(notice)O(opt-out)L(lspa), so 1YYN = version 1, notice=Y, opt-out=Y, LSPA=N. Suggested:

/// Encodes: version `1`, notice given (`Y`), user opted out (`Y`), LSPA not signed (`N`).

[aram356]

⛏ P3 — Transparency listed in EXT_STRUCTS but absent from proto

"Transparency" is in the EXT_STRUCTS list but no matching struct exists in the proto or generated output. Dead config — harmless but confusing. Verify and remove if not needed.