Release 1.0.0 (2024-10-14)

### ⚠ BREAKING CHANGES

* GA release

### Features

* Add 64 bit int sets support to key value cache
* Add CBOR conversion for v2 objects
* Add CBOR support to multi-partition flows in V2
* add CORS headers for envoy config
* Add data loading support for uint64 sets
* Add documentation for uint64 sets
* Add internal lookup rpc for uint64 sets
* Add parameter notifier to get parameter update notification
* Add partition-level metadata to UDF execution metadata
* Add runSetQueryUInt64 udf hook
* Add support for reading and writing uint64 sets to csv files
* Add uint64 bitset wrapper.
* CBOR conversion for Compresion Group
* CborDecodeToProto implementation
* Convert http ContentType header to a custom header in GCP
* Download pre-built aws-otel-collector.rpm
* Encode cbor content as bytestring and add partitionOutputs to CBOR converter
* Fix release script
* Flag to control chaffing for sharding for nonprod
* GA release
* Implement CBOR for validator
* Implement internal GetUInt64ValueSet functionality
* Implement InternalRunSetQueryUInt64 rpc (local lookup)
* Implement InternalRunSetQueryUInt64 rpc (sharded lookup)
* multiple partition support
* Pass partition level metadata to UDF
* Process v2 padded requests
* Put server logs in the response DebugInfo for consented requests
* Refactor cache logic for bitsets into it's own class
* Set up AWS terraform resources for logging verbosity parameter notification
* Start parameter notifier to get logging verbosity updates
* Support dataVersion field in PA partition output
* Support set operations for 64 bit int sets
* Update AWS sqs cleanup function to clean up sqs for parameter updates
* Update common repo and set the verbosity level for PS_VLOG with new API
* Update v2 contract
* Update v2 headers
* Upgrade common repo to 9c5c93e
* Upgrade rules_oci to 2.0 and deprecate rules_docker
* Use proper ohttp media types for encryption
* When using the wrong inline set type in query, resolve the result

### Bug Fixes

* Add missing include directive
* Add missing internal testing parameters
* Allow CORS OPTIONS for preflight
* Correct fork logic
* Correct output_filter typo
* Destroy terraform before doing perfgate exporting
* Enable a second kv on aws deployment.
* fix AppMesh health check.
* logMessage should us PS LOGS
* Make AL2023 work.
* Remove "k" from ReceivedLowLatencyNotificationsCount metric name
* Remove version from header
* Rename BUILD to BUILD.bazel
* Resolve proxy subnet resources collision issue.
* Response partition id should come from the request
* Temporary GCP V2 HTTP envoy fix
* Update common repo to pick up the server crash fix
* Update V2 handler and docs with proper ohttp response label.
* Upgrade builders version to 0.69.0
* Use specified release branch to cut release.
* V2 should not return error status on UDF failure

### Dependencies

* **deps:** Upgrade build-system to 0.66.1
* **deps:** Upgrade data-plane-shared-libraries to 144264c 2024-07-31

### Documentation

* Add aws update-function-code lambda update command to the AWS deployment doc
* Add readme doc for diagnostic tool
* Add screenshot for gcp server prod log location
* Update docs to use docker compose instead of docker-compose
* Update gcp deployment doc about console logging
* Update playbook

Bug: N/A
Change-Id: I32efc1adcb97f084887036ae43cc1621be10add3
GitOrigin-RevId: abf40df08fbc441017e08f0d3ba03899fd1a2fd2

.bazelignore

@@ -1,3 +1,4 @@
 bazel-kv-server
 tools/wasm_example/
 google_internal/piper/
+node_modules

.bazelrc

@@ -1,9 +1,8 @@
 build --announce_rc
 build --verbose_failures
 build --compilation_mode=opt
-build --output_filter='^//((?!(third_party):).)*$'`
+build --output_filter='^//((?!(third_party):).)*$'
 build --color=yes
-build --@io_bazel_rules_docker//transitions:enable=false
 build --workspace_status_command="bash tools/get_workspace_status"
 build --copt=-Werror=thread-safety
 build --config=clang

CHANGELOG.md

@@ -2,14 +2,97 @@
 
 All notable changes to this project will be documented in this file. See [commit-and-tag-version](https://github.com/absolute-version/commit-and-tag-version) for commit guidelines.
 
-## 0.17.1 (2024-08-26)
+## 1.0.0 (2024-10-14)
+
+
+### ⚠ BREAKING CHANGES
+
+* GA release
+
+### Features
+
+* Add 64 bit int sets support to key value cache
+* Add CBOR conversion for v2 objects
+* Add CBOR support to multi-partition flows in V2
+* add CORS headers for envoy config
+* Add data loading support for uint64 sets
+* Add documentation for uint64 sets
+* Add internal lookup rpc for uint64 sets
+* Add parameter notifier to get parameter update notification
+* Add partition-level metadata to UDF execution metadata
+* Add runSetQueryUInt64 udf hook
+* Add support for reading and writing uint64 sets to csv files
+* Add uint64 bitset wrapper.
+* CBOR conversion for Compresion Group
+* CborDecodeToProto implementation
+* Convert http ContentType header to a custom header in GCP
+* Download pre-built aws-otel-collector.rpm
+* Encode cbor content as bytestring and add partitionOutputs to CBOR converter
+* Fix release script
+* Flag to control chaffing for sharding for nonprod
+* GA release
+* Implement CBOR for validator
+* Implement internal GetUInt64ValueSet functionality
+* Implement InternalRunSetQueryUInt64 rpc (local lookup)
+* Implement InternalRunSetQueryUInt64 rpc (sharded lookup)
+* multiple partition support
+* Pass partition level metadata to UDF
+* Process v2 padded requests
+* Put server logs in the response DebugInfo for consented requests
+* Refactor cache logic for bitsets into it's own class
+* Set up AWS terraform resources for logging verbosity parameter notification
+* Start parameter notifier to get logging verbosity updates
+* Support dataVersion field in PA partition output
+* Support set operations for 64 bit int sets
+* Update AWS sqs cleanup function to clean up sqs for parameter updates
+* Update common repo and set the verbosity level for PS_VLOG with new API
+* Update v2 contract
+* Update v2 headers
+* Upgrade common repo to 9c5c93e
+* Upgrade rules_oci to 2.0 and deprecate rules_docker
+* Use proper ohttp media types for encryption
+* When using the wrong inline set type in query, resolve the result
 
 
 ### Bug Fixes
 
+* Add missing include directive
+* Add missing internal testing parameters
+* Allow CORS OPTIONS for preflight
+* Correct fork logic
+* Correct output_filter typo
+* Destroy terraform before doing perfgate exporting
 * Enable a second kv on aws deployment.
 * fix AppMesh health check.
+* logMessage should us PS LOGS
+* Make AL2023 work.
+* Remove "k" from ReceivedLowLatencyNotificationsCount metric name
+* Remove version from header
+* Rename BUILD to BUILD.bazel
 * Resolve proxy subnet resources collision issue.
+* Response partition id should come from the request
+* Temporary GCP V2 HTTP envoy fix
+* Update common repo to pick up the server crash fix
+* Update V2 handler and docs with proper ohttp response label.
+* Upgrade builders version to 0.69.0
+* Use specified release branch to cut release.
+* V2 should not return error status on UDF failure
+
+
+### Dependencies
+
+* **deps:** Upgrade build-system to 0.66.1
+* **deps:** Upgrade data-plane-shared-libraries to 144264c 2024-07-31
+
+
+### Documentation
+
+* Add aws update-function-code lambda update command to the AWS deployment doc
+* Add readme doc for diagnostic tool
+* Add screenshot for gcp server prod log location
+* Update docs to use docker compose instead of docker-compose
+* Update gcp deployment doc about console logging
+* Update playbook
 
 ## 0.17.0 (2024-07-08)
 
@@ -89,6 +172,11 @@ All notable changes to this project will be documented in this file. See [commit
 * Use aws_platform bazel config
 * Use local_{platform,instance} bazel configs
 
+### Image digests and PCR0s
+
+GCP: sha256:d09d5a6d340a8829df03213b71b74d4b431e4d5a138525c77269c347a367b004
+AWS: {"PCR0":"1e28ac4b72600ea40d61e1756e14f453a3d923a1bf94c360ae48d9777bff0714923d9322ed380823591859e357d2f825"}
+
 ## 0.16.0 (2024-04-05)
 
 

README.md

@@ -11,47 +11,27 @@
 
 ---
 
-# ![Privacy Sandbox Logo](docs/assets/privacy_sandbox_logo.png) FLEDGE Key/Value service
+# ![Privacy Sandbox Logo](docs/assets/privacy_sandbox_logo.png) Protected Auction Key/Value service
 
-# Background
-
-FLEDGE API is a proposal to serve remarketing and other custom-audience ads without third-party
-cookies. FLEDGE executes the ad auction between the buyers (DSP) and the sellers (SSP) locally, and
-receives real-time signals from the FLEDGE K/V servers. To learn more about
+# State of the project
 
--   FLEDGE for the Web: [explainer](https://developer.chrome.com/en/docs/privacy-sandbox/fledge/)
-    and the [developer guide](https://developer.chrome.com/blog/fledge-api/).
--   FLEDGE on Android:
-    [design proposal](https://developer.android.com/design-for-safety/privacy-sandbox/fledge) and
-    the
-    [developer guide](https://developer.android.com/design-for-safety/privacy-sandbox/guides/fledge).
+The current codebase represents the implementation of the TEE-based Key/Value service by Privacy
+Sandbox.
 
-When the auction is executed, separate
-[FLEDGE K/V servers](https://github.com/WICG/turtledove/blob/main/FLEDGE_Key_Value_Server_API.md)
-are queried for the buyers and sellers. When a buyer is making a bid, the DSP K/V server can be
-queried to receive real-time information to help determine the bid. To help the seller pick an
-auction winner, the SSP K/V server can be queried to receive any information about the creative to
-help score the ad.
+For
+[Protected Audience](https://developers.google.com/privacy-sandbox/private-advertising/protected-audience),
+the service can be used as a BYOS KV server. Soon it can be used to communicate with Chrome and the
+Bidding and Auction services using
+[V2 protocol](https://github.com/WICG/turtledove/blob/main/FLEDGE_Key_Value_Server_API.md).
 
-# State of the project
+For
+[Protected App Signals](https://developers.google.com/privacy-sandbox/private-advertising/protected-audience/android/protected-app-signals),
+the service should be used as the ad retrieval server.
 
-The current codebase represents the initial implementation and setup of the Key/Value server. It can
-be integrated with Chrome and Android with the
+It can be integrated with Chrome and Android with the
 [Privacy Sandbox unified origin trial](https://developer.chrome.com/blog/expanding-privacy-sandbox-testing/)
 and
 [Privacy Sandbox on Android Developer Preview](https://developer.android.com/design-for-safety/privacy-sandbox/program-overview).
-Our goal is to present the foundation of the project in a publicly visible way for early feedback.
-This feedback will help us shape the future versions.
-
-The implementation, and in particular the APIs, are in rapid development and may change as new
-versions are released. The query API conforms to the
-[API explainer](https://github.com/WICG/turtledove/blob/main/FLEDGE_Key_Value_Server_API.md). At the
-moment, to load data, instead of calling the mutation API, you would place the data as files into a
-location that can be directly read by the server. See more details in the
-[data loading guide](/docs/data_loading/loading_data.md).
-
-Currently, this service can be deployed to 1 region of your choice. Multi-region configuration is up
-to the service owner to configure.
 
 ## Current features
 
@@ -120,6 +100,7 @@ products.
 
 <!-- markdownlint-disable no-inline-html -->
 <!-- markdownlint-disable line-length -->
+
 <table>
   <tr>
    <td>
@@ -193,6 +174,7 @@ The implementation supports live traffic at scale
    </td>
   </tr>
 </table>
+
 <!-- markdownlint-enable no-inline-html -->
 <!-- markdownlint-enable line-length -->
 
@@ -270,14 +252,7 @@ The implementation supports live traffic at scale
 
 ## Breaking changes
 
-While we make efforts to not introduce breaking changes, we expect that to happen occasionally.
-
-The release version follows the `[major change]-[minor change]-[patch]` scheme. All 0.x.x versions
-may contain breaking changes without notice. Refer to the [release changelog](/CHANGELOG.md) for the
-details of the breaking changes.
-
-At GA the version will become 1.0.0, we will establish additional channels for announcing breaking
-changes and major version will always be incremented for breaking changes.
+Backward-incompatible changes are expected to be rare and will result in a major version change.
 
 # Key documents
 
@@ -304,8 +279,8 @@ changes and major version will always be incremented for breaking changes.
 
 Contributions are welcome, and we will publish more detailed guidelines soon. In the meantime, if
 you are interested,
-[open a new Issue](https://github.com/privacysandbox/fledge-key-value-service/issues) in the GitHub
-repository.
+[open a new Issue](https://github.com/privacysandbox/protected-auction-key-value-service/issues) in
+the GitHub repository.
 
 # Feedback
 

WORKSPACE

@@ -7,17 +7,19 @@ local_repository(
     path = "testing/functionaltest-system",
 )
 
-load("//builders/bazel:deps.bzl", "python_deps")
+load("//builders/bazel:deps.bzl", "python_deps", "python_register_toolchains")
 
-python_deps("//builders/bazel")
+python_deps()
+
+python_register_toolchains("//builders/bazel")
 
 http_archive(
     name = "google_privacysandbox_servers_common",
-    # commit 34445c1 2024-07-01
-    sha256 = "ce300bc178b1eedd88d7545b89d1d672b3b9bfb62c138ab3f4a845f159436285",
-    strip_prefix = "data-plane-shared-libraries-37522d6ac55c8592060f636d68f50feddcb9598a",
+    # commit cc49da3 2024-10-09
+    sha256 = "7a0337420161304c7429c727b1f82394bc27e1e2586d2da30e6d6100ba92b437",
+    strip_prefix = "data-plane-shared-libraries-158593616a63df924af1cb689f3915b8d32e9db1",
     urls = [
-        "https://github.com/privacysandbox/data-plane-shared-libraries/archive/37522d6ac55c8592060f636d68f50feddcb9598a.zip",
+        "https://github.com/privacysandbox/data-plane-shared-libraries/archive/158593616a63df924af1cb689f3915b8d32e9db1.zip",
     ],
 )
 
@@ -51,28 +53,10 @@ load(
 
 cpp_repositories()
 
-http_archive(
-    name = "io_bazel_rules_docker",
-    sha256 = "b1e80761a8a8243d03ebca8845e9cc1ba6c82ce7c5179ce2b295cd36f7e394bf",
-    urls = ["https://github.com/bazelbuild/rules_docker/releases/download/v0.25.0/rules_docker-v0.25.0.tar.gz"],
-)
-
-load("@io_bazel_rules_docker//repositories:repositories.bzl", container_repositories = "repositories")
-
-container_repositories()
-
-load("@io_bazel_rules_docker//repositories:deps.bzl", io_bazel_rules_docker_deps = "deps")
-
-io_bazel_rules_docker_deps()
-
 load("//third_party_deps:container_deps.bzl", "container_deps")
 
 container_deps()
 
-load("@io_bazel_rules_docker//go:image.bzl", go_image_repos = "repositories")
-
-go_image_repos()
-
 # googleapis
 http_archive(
     name = "com_google_googleapis",  # master branch from 26.04.2022
@@ -88,6 +72,16 @@ http_archive(
     urls = ["https://github.com/google/distributed_point_functions/archive/45da5f54836c38b73a1392e846c9db999c548711.tar.gz"],
 )
 
+http_archive(
+    name = "libcbor",
+    build_file = "//third_party_deps:libcbor.BUILD",
+    patch_args = ["-p1"],
+    patches = ["//third_party_deps:libcbor.patch"],
+    sha256 = "9fec8ce3071d5c7da8cda397fab5f0a17a60ca6cbaba6503a09a47056a53a4d7",
+    strip_prefix = "libcbor-0.10.2/src",
+    urls = ["https://github.com/PJK/libcbor/archive/refs/tags/v0.10.2.zip"],
+)
+
 # Dependencies for Flex/Bison build rules
 http_archive(
     name = "rules_m4",
@@ -132,6 +126,15 @@ latency_benchmark_install_deps()
 
 word2vec_install_deps()
 
+http_archive(
+    name = "io_bazel_rules_go",
+    sha256 = "16e9fca53ed6bd4ff4ad76facc9b7b651a89db1689a2877d6fd7b82aa824e366",
+    urls = [
+        "https://mirror.bazel.build/github.com/bazelbuild/rules_go/releases/download/v0.34.0/rules_go-v0.34.0.zip",
+        "https://github.com/bazelbuild/rules_go/releases/download/v0.34.0/rules_go-v0.34.0.zip",
+    ],
+)
+
 # Use nogo to run `go vet` with bazel
 load("@io_bazel_rules_go//go:deps.bzl", "go_register_toolchains", "go_rules_dependencies")
 

builders/.pre-commit-config.yaml

@@ -47,7 +47,7 @@ repos:
   - id: shellcheck
 
 - repo: https://github.com/pre-commit/mirrors-clang-format
-  rev: v18.1.4
+  rev: v18.1.5
   hooks:
   - id: clang-format
     types_or:

builders/.profiler.bazelrc

@@ -0,0 +1,5 @@
+build:profiler --compilation_mode=opt
+build:profiler --dynamic_mode=off
+build:profiler --copt=-gmlt
+build:profiler --copt=-fno-omit-frame-pointer
+build:profiler --strip=never