Release 4.7.0 (2025-02-11)

### Features

* [Private Aggregation] Limit contributions per adtech for private aggregation
* add TEE KV request response in EventMessage
* enable_tkv_v2_browser works in local startup scripts
* Handle interestGroups in TKV v2 adapter

### Bug Fixes

* Explicitly set confidential_instance_type
* Port patch fix for bidding server hash stability
* Remove common patch causing bidding server hash instability
* Remove value wrapper from signals fetched from KV V2 response
* Specify exception in except block
* Support Intel AMX CPUs in sandbox2
* udf metric error message
* Verify buyer clouds are in SFE public key list

Bug: 394878971
GitOrigin-RevId: 79bc08c6107de90b1c0f9f06111d34dd9639b711
Change-Id: Id41c4074854a1f994ddc702eb198523aef5784f7

CHANGELOG.md

@@ -2,6 +2,28 @@
 
 All notable changes to this project will be documented in this file. See [commit-and-tag-version](https://github.com/absolute-version/commit-and-tag-version) for commit guidelines.
 
+## 4.7.0 (2025-02-11)
+
+
+### Features
+
+* [Private Aggregation] Limit contributions per adtech for private aggregation
+* add TEE KV request response in EventMessage
+* enable_tkv_v2_browser works in local startup scripts
+* Handle interestGroups in TKV v2 adapter
+
+
+### Bug Fixes
+
+* Explicitly set confidential_instance_type
+* Port patch fix for bidding server hash stability
+* Remove common patch causing bidding server hash instability
+* Remove value wrapper from signals fetched from KV V2 response
+* Specify exception in except block
+* Support Intel AMX CPUs in sandbox2
+* udf metric error message
+* Verify buyer clouds are in SFE public key list
+
 ## 4.6.0 (2025-01-29)
 
 

WORKSPACE

@@ -15,13 +15,11 @@ python_register_toolchains("//builders/bazel")
 
 http_archive(
     name = "google_privacysandbox_servers_common",
-    patch_args = ["-p1"],
-    patches = ["//third_party:common_repo.patch"],
-    # 2025-1-22
-    sha256 = "dd3135177278f40320844e74aee9d6f5a65949ef8ba205d81b0f1617cb07fbc5",
-    strip_prefix = "data-plane-shared-libraries-f1792a8385e62773e858ad77b262b9dfc2f97bb1",
+    # 2025-02-10
+    sha256 = "ae91cd49c679f71346b6123768ff753234fc010c0dfce2847d6f3e4d6fa09ec9",
+    strip_prefix = "data-plane-shared-libraries-4e138f8c8b0204cf525660e53177ac5be5519dd1",
     urls = [
-        "https://github.com/privacysandbox/data-plane-shared-libraries/archive/f1792a8385e62773e858ad77b262b9dfc2f97bb1.zip",
+        "https://github.com/privacysandbox/data-plane-shared-libraries/archive/4e138f8c8b0204cf525660e53177ac5be5519dd1.zip",
     ],
 )
 

api/udf/generate_bid.proto

@@ -141,12 +141,9 @@ message ProtectedAudienceBrowserSignals {
 
   string top_level_seller = 3 [(privacysandbox.apis.roma.app_api.v1.roma_field_annotation) = {description: 'Top level seller origin/domain passed in case of component auctions.'}];
 
-  int64 join_count = 4 [(privacysandbox.apis.roma.app_api.v1.roma_field_annotation) = {description: 'Number of times the Interest Group was joined in the last 30 days.'}];
+  int64 join_count = 4 [(privacysandbox.apis.roma.app_api.v1.roma_field_annotation) = {description: 'Number of times the Interest Group was joined in the last "n" days.'}];
 
-  int64 bid_count = 5 [(privacysandbox.apis.roma.app_api.v1.roma_field_annotation) = {description:
-      'Number of times the Interest Group bid in an auction in the last 30'
-      ' days.'
-}];
+  int64 bid_count = 5 [(privacysandbox.apis.roma.app_api.v1.roma_field_annotation) = {description: 'Number of times the Interest Group bid in an auction in the last "n" days.'}];
 
   int64 recency = 6 [(privacysandbox.apis.roma.app_api.v1.roma_field_annotation) = {description:
       'The most recent join time for the Interest Group expressed in'
@@ -155,7 +152,7 @@ message ProtectedAudienceBrowserSignals {
 
   string prev_wins = 7 [(privacysandbox.apis.roma.app_api.v1.roma_field_annotation) = {description:
       'Tuple of time-ad pairs for a previous win for the Interest Group that'
-      ' occurred in the last 30 days. The time is specified in seconds'
+      ' occurred in the last "n" days. The time is specified in seconds'
       ' before the containing auctionBlob was requested.'
 }];
 
@@ -168,6 +165,12 @@ message ProtectedAudienceBrowserSignals {
       ' generateBid() execution per Interest Group. If the seller doesn\'t set'
       ' the limit, a default would be set by the Bidding server.'
 }];
+
+  string prev_wins_ms = 9 [(privacysandbox.apis.roma.app_api.v1.roma_field_annotation) = {description:
+      'Tuple of time-ad pairs for a previous win for the Interest Group that'
+      ' occurred in the last "n" days. The time is specified in milliseconds'
+      ' before the containing auctionBlob was requested.'
+}];
 }
 // (-- LINT.ThenChange(/api/bidding_auction_servers.proto:browser_signals_bidding) --)
 

production/deploy/aws/terraform/environment/demo/seller/seller.tf

@@ -82,16 +82,16 @@ locals {
     #     "protectedAppSignalsBuyerReportWinJsUrls": {"https://buyerA_origin.com":"https://buyerA.com/generateBid.js"}
 
     #  }"
-    ROMA_TIMEOUT_MS                        = "" # Example: "10000"
-    ENABLE_REPORT_WIN_INPUT_NOISING        = "" # Example: "true"
-    K_ANON_TOTAL_NUM_HASH                  = "" # Example: "1000"
-    EXPECTED_K_ANON_TO_NON_K_ANON_RATIO    = "" # Example: "1.0"
-    K_ANON_CLIENT_TIME_OUT_MS              = "" # Example: "60000"
-    NUM_K_ANON_SHARDS                      = "" # Example: "1"
-    NUM_NON_K_ANON_SHARDS                  = "" # Example: "1"
-    TEST_MODE_K_ANON_CACHE_TTL_SECONDS     = "" # Example: "180"
-    TEST_MODE_NON_K_ANON_CACHE_TTL_SECONDS = "" # Example: "180"
-    ENABLE_K_ANON_QUERY_CACHE              = "" # Example: "true"
+    ROMA_TIMEOUT_MS                     = "" # Example: "10000"
+    ENABLE_REPORT_WIN_INPUT_NOISING     = "" # Example: "true"
+    K_ANON_TOTAL_NUM_HASH               = "" # Example: "1000"
+    EXPECTED_K_ANON_TO_NON_K_ANON_RATIO = "" # Example: "1.0"
+    K_ANON_CLIENT_TIME_OUT_MS           = "" # Example: "60000"
+    NUM_K_ANON_SHARDS                   = "" # Example: "1"
+    NUM_NON_K_ANON_SHARDS               = "" # Example: "1"
+    TEST_MODE_K_ANON_CACHE_TTL_MS       = "" # Example: "180"
+    TEST_MODE_NON_K_ANON_CACHE_TTL_MS   = "" # Example: "180"
+    ENABLE_K_ANON_QUERY_CACHE           = "" # Example: "true"
 
     # Coordinator-based attestation flags.
     # These flags are production-ready and you do not need to change them.

production/deploy/gcp/terraform/environment/demo/seller/seller.tf

@@ -180,23 +180,23 @@ module "seller" {
     #                              "https://buyerC_origin.com":"https://buyerC.com/generateBid.js"},
     #     "protectedAppSignalsBuyerReportWinJsUrls": {"https://buyerA_origin.com":"https://buyerA.com/generateBid.js"}
     #  }"
-    UDF_NUM_WORKERS                        = "" # Example: "64" Must be <=vCPUs in auction_machine_type.
-    JS_WORKER_QUEUE_LEN                    = "" # Example: "200".
-    ROMA_TIMEOUT_MS                        = "" # Example: "10000"
-    TELEMETRY_CONFIG                       = "" # Example: "mode: EXPERIMENT"
-    COLLECTOR_ENDPOINT                     = "" # Example: "collector-seller-1-${each.key}.sfe-gcp.com:4317"
-    ENABLE_OTEL_BASED_LOGGING              = "" # Example: "false"
-    CONSENTED_DEBUG_TOKEN                  = "" # Example: "<unique_id>". Consented debugging requests increase server load in production. A high QPS of these requests can lead to unhealthy servers.
-    DEBUG_SAMPLE_RATE_MICRO                = "0"
-    ENABLE_REPORT_WIN_INPUT_NOISING        = "" # Example: "true"
-    K_ANON_TOTAL_NUM_HASH                  = "" # Example: "1000"
-    EXPECTED_K_ANON_TO_NON_K_ANON_RATIO    = "" # Example: "1.0"
-    K_ANON_CLIENT_TIME_OUT_MS              = "" # Example: "60000"
-    NUM_K_ANON_SHARDS                      = "" # Example: "1"
-    NUM_NON_K_ANON_SHARDS                  = "" # Example: "1"
-    TEST_MODE_K_ANON_CACHE_TTL_SECONDS     = "" # Example: "180"
-    TEST_MODE_NON_K_ANON_CACHE_TTL_SECONDS = "" # Example: "180"
-    ENABLE_K_ANON_QUERY_CACHE              = "" # Example: "true"
+    UDF_NUM_WORKERS                     = "" # Example: "64" Must be <=vCPUs in auction_machine_type.
+    JS_WORKER_QUEUE_LEN                 = "" # Example: "200".
+    ROMA_TIMEOUT_MS                     = "" # Example: "10000"
+    TELEMETRY_CONFIG                    = "" # Example: "mode: EXPERIMENT"
+    COLLECTOR_ENDPOINT                  = "" # Example: "collector-seller-1-${each.key}.sfe-gcp.com:4317"
+    ENABLE_OTEL_BASED_LOGGING           = "" # Example: "false"
+    CONSENTED_DEBUG_TOKEN               = "" # Example: "<unique_id>". Consented debugging requests increase server load in production. A high QPS of these requests can lead to unhealthy servers.
+    DEBUG_SAMPLE_RATE_MICRO             = "0"
+    ENABLE_REPORT_WIN_INPUT_NOISING     = "" # Example: "true"
+    K_ANON_TOTAL_NUM_HASH               = "" # Example: "1000"
+    EXPECTED_K_ANON_TO_NON_K_ANON_RATIO = "" # Example: "1.0"
+    K_ANON_CLIENT_TIME_OUT_MS           = "" # Example: "60000"
+    NUM_K_ANON_SHARDS                   = "" # Example: "1"
+    NUM_NON_K_ANON_SHARDS               = "" # Example: "1"
+    TEST_MODE_K_ANON_CACHE_TTL_MS       = "" # Example: "180"
+    TEST_MODE_NON_K_ANON_CACHE_TTL_MS   = "" # Example: "180"
+    ENABLE_K_ANON_QUERY_CACHE           = "" # Example: "true"
     # Coordinator-based attestation flags.
     # These flags are production-ready and you do not need to change them.
     # Reach out to the Privacy Sandbox B&A team to enroll with Coordinators.

production/deploy/gcp/terraform/services/autoscaling/main.tf

@@ -67,6 +67,7 @@ resource "google_compute_instance_template" "frontends" {
     enable_vtpm                 = true
   }
   confidential_instance_config {
+    confidential_instance_type  = "SEV"
     enable_confidential_compute = true
   }
 
@@ -223,6 +224,7 @@ resource "google_compute_instance_template" "backends" {
     enable_vtpm                 = true
   }
   confidential_instance_config {
+    confidential_instance_type  = "SEV"
     enable_confidential_compute = true
   }
 

services/bidding_service/byob/generate_bid_byob_dispatch_client.cc

@@ -51,29 +51,22 @@ absl::Status GenerateBidByobDispatchClient::LoadSync(std::string version,
 
   // Get UDF blob for the given code and register it with the BYOB service.
   PS_ASSIGN_OR_RETURN(UdfBlob udf_blob, UdfBlob::Create(std::move(code)));
-  absl::Notification notif;
-  absl::Status load_status;
-  PS_ASSIGN_OR_RETURN(
-      std::string new_code_token,
-      byob_service_.Register(udf_blob(), notif, load_status, num_workers_));
-  // TODO(b/368624844): Make duration configurable by taking in this in Create.
-  notif.WaitForNotificationWithTimeout(absl::Seconds(120));
+  PS_ASSIGN_OR_RETURN(std::string new_code_token,
+                      byob_service_.Register(udf_blob(), num_workers_));
 
-  if (load_status.ok()) {
-    // Acquire lock before updating info about the most recently loaded code
-    // blob.
-    if (code_mutex_.TryLock()) {
-      code_token_ = std::move(new_code_token);
-      code_version_ = std::move(version);
-      code_hash_ = new_code_hash;
-      code_mutex_.Unlock();
-    }
+  // Acquire lock before updating info about the most recently loaded code
+  // blob.
+  if (code_mutex_.TryLock()) {
+    code_token_ = std::move(new_code_token);
+    code_version_ = std::move(version);
+    code_hash_ = new_code_hash;
+    code_mutex_.Unlock();
   }
-  return load_status;
+  return absl::OkStatus();
 }
 
 absl::Status GenerateBidByobDispatchClient::Execute(
-    roma_service::GenerateProtectedAudienceBidRequest request,
+    const roma_service::GenerateProtectedAudienceBidRequest& request,
     absl::Duration timeout,
     absl::AnyInvocable<
         void(absl::StatusOr<
@@ -88,7 +81,7 @@ absl::Status GenerateBidByobDispatchClient::Execute(
                   response) mutable {
             std::move(callback)(std::move(response));
           },
-          std::move(request), /*metadata=*/{}, code_token_)
+          request, /*metadata=*/{}, code_token_)
       .status();
 }
 

services/bidding_service/byob/generate_bid_byob_dispatch_client.h

@@ -67,7 +67,7 @@ class GenerateBidByobDispatchClient
   //         processed by the implementing class. This should not be confused
   //         with the output of the execution itself, which is sent to callback.
   absl::Status Execute(
-      roma_service::GenerateProtectedAudienceBidRequest request,
+      const roma_service::GenerateProtectedAudienceBidRequest& request,
       absl::Duration timeout,
       absl::AnyInvocable<
           void(absl::StatusOr<

services/bidding_service/generate_bids_binary_reactor.cc

@@ -64,31 +64,35 @@ BuildProtectedAudienceBidRequest(RawRequest& raw_request,
       std::move(*ig_for_bidding.mutable_trusted_bidding_signals());
 
   // Populate (oneof) device signals.
-  if (ig_for_bidding.has_android_signals() &&
-      ig_for_bidding.android_signals().IsInitialized()) {
+  if (ig_for_bidding.has_android_signals_for_bidding() &&
+      ig_for_bidding.android_signals_for_bidding().IsInitialized()) {
     roma_service::ProtectedAudienceAndroidSignals* android_signals =
         bid_request.mutable_android_signals();
     android_signals->set_top_level_seller(raw_request.top_level_seller());
-  } else if (ig_for_bidding.has_browser_signals() &&
-             ig_for_bidding.browser_signals().IsInitialized()) {
+  } else if (ig_for_bidding.has_browser_signals_for_bidding() &&
+             ig_for_bidding.browser_signals_for_bidding().IsInitialized()) {
     roma_service::ProtectedAudienceBrowserSignals* browser_signals =
         bid_request.mutable_browser_signals();
     browser_signals->set_top_window_hostname(raw_request.publisher_name());
     browser_signals->set_seller(raw_request.seller());
     browser_signals->set_top_level_seller(raw_request.top_level_seller());
     browser_signals->set_join_count(
-        ig_for_bidding.browser_signals().join_count());
+        ig_for_bidding.browser_signals_for_bidding().join_count());
     browser_signals->set_bid_count(
-        ig_for_bidding.browser_signals().bid_count());
-    if (ig_for_bidding.browser_signals().has_recency_ms()) {
+        ig_for_bidding.browser_signals_for_bidding().bid_count());
+    if (ig_for_bidding.browser_signals_for_bidding().has_recency_ms()) {
       browser_signals->set_recency(
-          ig_for_bidding.browser_signals().recency_ms());
+          ig_for_bidding.browser_signals_for_bidding().recency_ms());
     } else {
-      browser_signals->set_recency(ig_for_bidding.browser_signals().recency() *
-                                   1000);
+      browser_signals->set_recency(
+          ig_for_bidding.browser_signals_for_bidding().recency() * 1000);
     }
-    *browser_signals->mutable_prev_wins() = std::move(
-        *ig_for_bidding.mutable_browser_signals()->mutable_prev_wins());
+    *browser_signals->mutable_prev_wins() =
+        std::move(*ig_for_bidding.mutable_browser_signals_for_bidding()
+                       ->mutable_prev_wins());
+    *browser_signals->mutable_prev_wins_ms() =
+        std::move(*ig_for_bidding.mutable_browser_signals_for_bidding()
+                       ->mutable_prev_wins_ms());
     browser_signals->set_multi_bid_limit(raw_request.multi_bid_limit() > 0
                                              ? raw_request.multi_bid_limit()
                                              : kDefaultMultiBidLimit);
@@ -287,7 +291,7 @@ void GenerateBidsBinaryReactor::ExecuteForInterestGroup(int ig_index) {
   // Make asynchronous execute call using the BYOB client.
   PS_VLOG(kNoisyInfo) << "Starting UDF execution for IG: " << ig_name;
   absl::Status execute_status = byob_client_->Execute(
-      std::move(bid_request), roma_timeout_duration_,
+      bid_request, roma_timeout_duration_,
       [this, ig_index, ig_name, logging_enabled, debug_reporting_enabled](
           absl::StatusOr<roma_service::GenerateProtectedAudienceBidResponse>
               bid_response_status) mutable {