Module web_push 

WebPush client for RFC 8030 push + RFC 8444 VAPID.

Implementation decision

Dependencies chosen: p256 (ECDSA key generation/loading), jsonwebtoken (ES256 JWT signing — already a workspace dep with rust_crypto feature which pulls in p256), reqwest (HTTP POST), base64 (URL-safe encoding).

The web-push crate was NOT used: it pulls in openssl-sys via openssl as a transitive dependency on some targets, violating the COOLJAPAN Pure Rust policy. All chosen crates are 100% Pure Rust.

RFC 8291 encryption

Message-Encryption (RFC 8291 — AES-128-GCM + ECDH + HKDF) is deferred. When a subscription includes keys, the server still sends an unencrypted “tickle” (zero-byte body) so the client is woken up. RFC 8291 encryption will be implemented in a follow-up slice once the key-agreement primitives are fully stabilised in the workspace. The PushSubscription.keys field is preserved in storage so the feature can be enabled without breaking existing subscriptions.

Structs

WebPushClient

WebPush client.

Enums

WebPushError

Errors that can occur during WebPush operations.