Talk:Wikimedia Engineering Architecture Principles

What's the relationship with Architecture guidelines? Should that be archived now? Or interlinked with this document?

You are right that the Architecture guidelines should be mentioned and the relationship clarified. The guidelines are more concrete, and mostly about how to make changes to MediaWiki core. They are less about what we are trying to achieve. So I think they are much closer to what I have been writing on User:DKinzler (WMF)/Software Design Practices than to the principles. I'll look into consolidating these (as well as Manual:Coding_conventions/PHP).

I have added a link from the guidelines here. I'll link back to them from the non-normative section of the principles.

Agreed. This struck me right away when reading the document. As a reflection of current reality, it seems pretty accurate, but if it's meant to be prescriptive (as I assume is the case), I'd like to see stronger stands, or at least some written justification of why SHOULDs are SHOULDs and not MUSTs.

Personally, I consider at least the following current SHOULDs to be MUSTs:

• All points under the heading "To ensure the data integrity of the content on WMF systems, and protect the privacy of our users"
• software that interacts with users MUST be designed to make key functionality available on devices with a variety of capability and restrictions [I'd also add form factors], as well as potentially limited connectivity
• software that interacts with users MUST follow accessibility guidelines
• data formats and APIs that provide access to user generated content MUST be designed to ensure verifiability through the integration of provenance information
• data formats and APIs that provide access to user generated content MUST be designed to provide easy access to all necessary licensing information

Would be nice to change "comprehensive documentation SHOULD be maintained along with the code" to MUST. I don't think that would be controversial. I don't agree with MHolloway about making "follow accessibility guidelines" a MUST. There are rare cases where other considerations (including accessibility) override accessibility guidelines.

What does 'MUST' mean in this case? Is there teeth to it?

> What does 'MUST' mean in this case? Is there teeth to it?

The "teeth" depend on the people enforcing this. At the very minimum, RFCs that violate a MUST will not be approved. Ideally, no code that violates a MUST is deployed.

If we are serious about the MUST, any code that is currently live but violates a MUST would have to be pulled. If we made everything suggested in this thread a MUST and pulled everything that doesn't comply, we'd have to shut down the site tomorrow. That's actually the reason for having a lot of SHOULD and not that many MUSTs.

Maybe it makes more sense to go with a softer interpretation on MUST, that essentially only applies it to new code and major changes and rewrites. If we interpret it that way, we can have a lot more MUSTs. Does that sound good?

I think it would be better to write the standard that the working group wants even if there are parts that are aspirational. A list of "grandfathered" applications with known violations could be offered as an appendix if needed and be footnoted into the standard when appropriate.

Uppercase MUST invokes RfC 2119 (MUST: This word, or the terms "REQUIRED" or "SHALL", mean that the definition is an absolute requirement of the specification.) to anyone familiar with it. I'd rather use it less often than water it up. We can make allowances for legacy code that's already in production, but for new code or changes to existing code MUST should really mean that anything violating that will not be merged or deployed ever, even if there's a deadline or a grant or a mob of editors with pitchforks at the WMF office entrance or whatever.

Also, maybe it would be a worthwhile exercise to list what existing practice (ie. not legacy code but development practices we follow today) violate any of the MUSTs? E.g. "data we offer for re-use MUST use clearly specified data schemas" is probably not true for most things (wikitext? Action API response formats? file metadata? ...I guess it comes down to what exactly is meant by data schema).

I'm happy with more MUST if we are really serious about enforcing it, and nobody comes crying once we do...

I changed a number of MUSTs to SHOULDs now. The document now has 43 SHOULDs and 21 MUSTs.

The document now says "When existing code is discovered to violate a MUST or SHOULD principle, steps for making the code compliant with the architecture principles need to be planned." which is ambitious, but maybe that's a good thing :) Any plans on how this should work in practice? If I find such code, where do I report it, who is responsible for planning the steps, who is responsible for actually making it happen?

Also comprehensive documentation is now a MUST. While most other things can be enforced in the planning or code review phase, documentation normally only happens when the code is live (at which point code authors often lose interest). How do we ensure that it does not get forgotten?

Documentation of architecture and information flow should ideally be written before the code (as specifications, plans, RFCs, etc). They should be required to be merged into the repo along with the code, just like test, and just like method-level and class-level documentation. Documentation (and testing) should not be an afterthought.

Documentation for end-users and wiki-owners will generally not live in the same repo as the code, since it's less "bound" to the code, but it should, ideally, also be written *before* the code, as user stories, UI designs, etc. Turning the plan into proper documentation may happen after the fact, but then it's the responsibility of the team who deployed the feature to make it happen.

In my mind though, the architecture principles don't really apply to documentation for end-users and wiki-owners. Combined with the lead sentence of the section, the principles reads: "To maintain a code base that can be modified with confidence and readily understood, comprehensive documentation MUST be maintained along with the code." I think it's pretty clear that this refers to documentation of the code. Do you think this should be made more explicite?

We’ve consulted with the engineering units in the Audiences department at the Wikimedia Foundation and following are our recommendations. We generally agree with the sentiment of the document, although want to express our strong support for a heightened emphasis on security and user privacy, as well as our consensus view on re-use and contemporary deployability.

-Audiences Engineering leads: Runa Bhattacharjee, Ryan Kaldari, Adam Baso

Before we dig into other items, first, the phrase “MediaWiki Platform Architecture Principles” should be changed to “Wikimedia Engineering Architecture Principles”.

Major Considerations

The framing of the document should make clear that the goal is not to stop all software development, but instead these principles describe the sort of architecture we’d like in the future. We suggest that the “Application” section be amended to note that investment in improving engineering sustainability should be in a healthy balance with investment in feature development.

The following three items should be changed to MUSTs:

• our software and infrastructure SHOULD be designed in such a way to prevent unauthorized access to sensitive information, and to minimize the the impact of individual components getting compromised.
• resilience against data corruption SHOULD be a design goal for our system architecture, and be built into the software we write.
• our software systems SHOULD be designed to only collect data we need, and retain it only as long as necessary.

The requirement “software components SHOULD be designed to be reusable, and be published for re-use” should be changed to “software components with broad applicability MUST be designed and published for re-use; software components limited to Wikimedia project-specific use MAY be designed without the need for re-use but MUST be published for auditability”.

The requirements “the MediaWiki stack SHOULD be easy to deploy on standard hosting platforms” and “small MediaWiki instances SHOULD function in low-budget hosting environments” should be amended to reflect the Wikimedia Technical Conference 2018 decision about shared hosting. Additionally, they should be amended to ensure that for each component the target audience and platform should be specified.

We’re unsure how this should be worded, but we believe that observability and analytic instrumentation should always be considered for Wikimedia project components. Not all new or changing components will require observability and analytic instrumentation, but there ought to be a pause to consider this.

The phrase “as well as potentially limited connectivity” should be changed to “with tradeoffs explicitly considered in design for mobile form factors and connectivity.”

Terminology Updates

“scripting languages” should be changed to “programming languages”.

The term “domain model” should be clarified where used.

“(annotated HTML)” should be changed to “(e.g., annotated HTML)”.

Follow Up Actions

As a follow on after ratification of the principles: there is a desire for more concrete examples. For example, there’s a desire for standards on “high granularity” and versioning of web APIs, defined test coverage targets, and guidance on processing existing/discovered technical debt. There is some consideration for these specific examples in Foundation planning, although more concrete examples and some uniformity would be welcome.

Thanks for the feedback! This all sounds pretty reasonable. I'll probably get around to incorporating this and some of the other feedback next week. I'll let you know once that is done, and we can discuss whether the changes I made seem sufficient to you.

Thanks!

You wrote:

The requirements “the MediaWiki stack SHOULD be easy to deploy on standard hosting platforms” and “small MediaWiki instances SHOULD function in low-budget hosting environments” should be amended to reflect the Wikimedia Technical Conference 2018 decision about shared hosting. Additionally, they should be amended to ensure that for each component the target audience and platform should be specified.

I now added:

for every component and feature, the intended target audience and supported target platform MUST be clearly defined.

However, I'm unsure how to incorporate the decision made at TechConf. It reads:

If we commit to an easy-to-use tool for MW platform installation, configuration, and maintenance, then we can drop support of "one-click installs" on shared hosting environments; A special interest group is necessary to further these goals and facilitate implementation (see Wikimedia Technical Conference/2018/Session notes/Choosing installation methods and environments for 3rd party users#Decisions)

The "if" part has not happened, there is no such commitment, and no such special interest group exists. I would be very happy to see this happening, but until then, the policy should document the status quo: MediaWiki has to run on shared hosting.

IMO the current wording is generic enough to incorporate that - if we provided, say, easy-to-use docker containers with a long-term support commitment, that would be a stack that's easy to deploy on standard low-budget hosting platforms (cloud providers being reasonably standard and low-budget these days).

The one thing I'd maybe change is "SHOULD be easy to deploy and maintain" as containers often tend to be easier to deploy than to operate over an extended period of time and sufficient thought is not always given to how they can be kept up-to-date with OS security updates etc.

Ease of maintainance is I think covered by the subsequent bullet points:

• it SHOULD be possible to install and upgrade MediaWiki without much technical knowledge.
• it MUST be possible to upgrade MediaWiki without the risk of losing content or disrupting operation.

Some things maybe worth mentioning:

• interfaces should be written with ease of extensibility without B/C breaks in mind. (E.g. use an option array instead a list of arguments, return an associative array instead of a scalar.)
• APIs (or published data, more generally) should support the use case of history reconstruction, to the extent it is feasible. (E.g. think of all the reasons creating the edit dataset was hard.) The same generic principle is relevant to other use cases as well (e.g. page_props being hard to match to revisions), not sure how to articulate it. Data that gets exposed should always be versioned? (Not in the "schema version" sense, but individually.)

Re "ease of extensibility": We already have "our software architecture SHOULD be modular, with components exposing narrow interfaces, to allow components to be replaced and refactored while maintaining a stable interface towards other components as well as 3rd party extensions." Maybe we can add "Extension points MUST be clearly documented as such, and SHOULD be designed in a way that allows them to remain stable over time".

Re "history construction": I know what you mean, but I see no good way of phrasing this as a principle. Maybe "APIs SHOULD provide mechanisms that allow consistent data sets to be retrieved with multiple requests"? This would certainly be nice, but hard to do in general. This seems really aspirational...

Thanks Bryan -- that was one of my concerns as well. Similarly, it talks about "software that interacts with users", but it's unclear to me what that is envisioned to be. Is it wiki-users, third-party MediaWiki users (so e.g. sysadmins), users of third-party MediaWiki installs, API consumers, development communities, Cloud Services users etc. etc.

"software that interacts with users" should perhaps be clarified by adding "though a graphical user interface".

The idea is that this document should govern all engineering decisions, including all the areas mentioned by Bryan - but of course, not all principles are applicable in all contexts. dynamicproxy doesn't need internationalization, and puppet code doesn't need to be re-usable as a library.

Are developers considered users in this context? For example, should API sandboxes support i18n? Or things like Quarry? If the answer is yes I'm not sure a MUST requirement is realistic (although we should certainly strive for it more than we do now).

Yes, developers should be considered users, and the UIs of developer tools should be localized. The Special:ApiSandbox is already fully localized (yay!). Quarry should be, at least if it's an official WMF tool. For tools written by volunteers, the principles can of course not be enforced, but following them should still be encouraged.

@DKinzler (WMF) What is an "abstract domain model"? Would it be possible to use less jargony language here?

I came here to say something similar; in general, one useful addition to many of these principles would be specific examples where SHOULD/MUST have been followed correctly and places where we could improve.

I think I understand what is meant by "APIs geared towards a specific user interface MUST be considered part of the component that implements that user interface, and MAY be considered private to that component" but I'm not sure what specific instances/examples (if any) this statement was written in response to.

> What is an "abstract domain model"?

For example, "title", "page", and "revision" are entities in mediawiki's abstract domain model. APIs should be built around such concepts. In contrast, and API that exposes internals, like the database schema, should be avoided. APIs that cater to a specific client are OK (e.g. CategoryTree has an API foe returning rendered sub-trees), but should not be used by anything else (they are "private to that component").

I'm not sure how to rephrase these points to make them clearer. We can add examples, I just fear that it will clutter the page too much. Suggestions?

> I'm not sure how to rephrase these points to make them clearer.

Link to Wikipedia articles on the first use of each "term of art" in the doc? If you are using terms of art that are so obscure to not be covered at least as a sub-topic on an enwiki article then that might be a good guide on rewording. Unless of course the term of art is purely of local origin; in that case I would hope there is a mw.o or wikitech page you could link to for clarification.

Ok, I'll add links.

For the case at hand, see domain model.

yes ;)

Ideally yes, but see my comment about the interpretation of MUST in the "More MUST, less SHOULD" thread.