Summary
Make the SSAT publisher HTML assembly path truly streaming and parser-safe.
The cache-control spec now defers origin-template caching and compression offload, but the architecture review found that the current publisher path still materializes origin bodies before client bytes can flow. This issue tracks the streaming/correctness work separately from the cache-header PR.
Problem
Current behavior has several streaming/correctness gaps:
- Fastly publisher origin fetches can materialize the full origin response body in WASM heap before the client sees bytes.
- EdgeZero/non-Fastly paths buffer the assembled publisher response.
- The SSAT bid hold currently relies on a raw-byte
</body search, which can false-positive inside inline scripts/JSON.
- HTML post-processors can force full-document buffering, which undermines the intended SSAT streaming model.
These issues affect TTFB/FCP and make the SSAT assembly path more fragile, but they are broader than the initial cache-header policy work.
Proposed scope
- Add/finish true publisher origin streaming with a cumulative response cap.
- Ensure SSAT HTML can stream head/body while holding only the parser-confirmed body-close tail needed for bid injection.
- Replace raw-byte
</body detection with parser-context-aware close-body handling.
- Review integrations/post-processors that force full-document buffering and either make them streaming-safe or explicitly route/document them as buffered mode.
- Port or document equivalent behavior for EdgeZero/non-Fastly adapters.
Acceptance criteria
Out of scope
- Origin-template caching.
- Transformed-template caching.
- Compression offload via
Accept-Encoding: identity / X-Compress-Hint.
- Auction backend timeout/name fixes.
Reference
See docs/superpowers/specs/2026-07-06-cache-control-header-design.md for the cache-control scope split and deferred follow-up list.
Summary
Make the SSAT publisher HTML assembly path truly streaming and parser-safe.
The cache-control spec now defers origin-template caching and compression offload, but the architecture review found that the current publisher path still materializes origin bodies before client bytes can flow. This issue tracks the streaming/correctness work separately from the cache-header PR.
Problem
Current behavior has several streaming/correctness gaps:
</bodysearch, which can false-positive inside inline scripts/JSON.These issues affect TTFB/FCP and make the SSAT assembly path more fragile, but they are broader than the initial cache-header policy work.
Proposed scope
</bodydetection with parser-context-aware close-body handling.Acceptance criteria
</bodyliterals inside inline scripts/JSON.</bodyliterals, missing body close tags, and normal bid injection.private, max-age=0SSAT privacy behavior remains unchanged.Out of scope
Accept-Encoding: identity/X-Compress-Hint.Reference
See
docs/superpowers/specs/2026-07-06-cache-control-header-design.mdfor the cache-control scope split and deferred follow-up list.