Page MenuHomePhabricator
Create Task
Maniphest T395719

[BLOCKED] REST: Beta Modules - automatic discovery with config override
Closed, DeclinedPublic
Actions

Description

tl;dr

  • make all REST modules available and published in the REST Sandbox by default
  • add a config variable to override this in cases where it is not desired
NOTE: See T392149: [SPIKE] Research pattern for implementing 'beta' modules for full proposal and links to proof-of-concept changes.

Context

We seek to implement substantial improvements to our APIs over the next year (or more). This includes introducing new standardized patterns for how to build and structure API experiences, introducing new capabilities through API interfaces, and updating existing endpoints to follow the new structures. In many cases, these changes will be relatively high risk, with the expectation that they must remain stable once officially released.

We therefore need to create repeatable mechanisms that will enable easier and more consistent API experimentation. We propose code changes and conventions for "Beta" modules as the first step in achieving this. The overall plan for experimentation support includes changes to module paths and versions, testing patterns, and module registration/discoverability/configuration.

Today, experimentation is done in a haphazard manner across a limited set of teams. In many cases, the experimental state is only stated in documentation, which leads to some adoption in production applications.

Currently, making a new REST API module in core available to callers and visible in the REST Sandbox requires changes to two different configuration variables, and an associated config deploy. These extra steps unnecessarily complicate introduction and removal of experimental modules.

Description

Activating core modules via config is inconvenient and requires either deploy privileges (and the ability/confidence to use it), or scheduling for a deploy window. We've allowed activating extension endpoints/modules for some time without a config change, so there seems to be no process/policy/procedure reason to require it - it is just a consequence of our initial implementation.

Also, the current system requires core developers who wish to both activate their module and publish it to the REST Sandbox to modify two different config variables of different format. And extension developers have to do a config deploy to publish their modules in the REST Sandbox, which seems inconsistent and unnecessary - why should providing documentation be gated through a config deploy, when making the endpoint available in the first place is not?

However, for all its inconvenience, config is useful and powerful. The ability to control whether or not a module is enabled/published on a per-wiki basis is needed for WMF production (and is already being used today). Generally speaking, the system should make it easy to do the normal thing, while still allowing doing less common things when needed. It is okay if less common things require a reasonable amount of additional effort/inconvenience.

This leads to the following:

  • endpoints for all modules (both experimental and non-experimental) are by default available and published in the REST Sandbox
  • modules can be hidden from the REST Sandbox or disabled (their endpoints made unavailable) by a config change
  • the config change to disable/hide a module does not depend on the existence of that module (so that you can deploy the config first, then the code, thereby avoiding a race situation where the endpoints are briefly present)

Implementation

The above has two notable consequences:

  • enabling modules by default means that core modules must be automatically discoverable
  • we don't already have a config variable that would allow disabling an otherwise-available module, or hiding a module from the REST Sandbox that would otherwise appear there. So changes to our config approach will be necessary

There are are several ways we could go about making core modules discoverable, including:

  1. move module definition files into a specific directory, which core will scan at execution time (and cache the results)
  2. introduce a listing file, probably json, that points at module definition files
  3. use config defaults for core, given that core already knows about its own endpoints

#1 is simple for endpoint developers, and makes it easy to see all core module definition files (right now, they're mixed with other files in includes/Rest, which has always felt messy to the author of this task).
#2 feels like configuration within code, adds another thing for developers to remember to do, and introduces a new schema definition.
#3 is literally configuration within code, and adds a non-obvious thing for developers to do outside the Rest directory - modifying config defaults when making a code change isn't a typical pattern

We will therefore do #1. Efficient caching is essential.

For developers who need to disable/hide modules on a per-wiki basis, introduce a new config variables, "RestModuleOverride". This allows overriding the values detected from the module definition file. For example:

$wgRestModuleOverride['mymodule.v1-beta.json'] = [
	'enable' => false,
	'publish' => false
];

The existing config variables are still needed, at least for now. wgRestAPIAdditionalRouteFiles will continue to be used for includes/Rest/coreDevelopmentRoutes.json. wgRestSandboxSpecs will be useful for the default module (until all endpoints are in modules and the legacy ones are removed), but will also continue to be useful if we want to point the Rest Sandbox at things like services outside MediaWiki.

The code should refuse to (attempt to) publish a module that is not enabled. This could be logged at a non-intrusive level, to help identify the erroneous config, but should not display any user-visible error or create excessive logspam.

Future

We also discussed a checkbox allowing the user to choose whether or not they see experimental modules in the REST Sandbox. Or possibly just marking experimental modules in the selection list, maybe by appending "(Experimental)". This would require recognizing experimental modules, presumably the presence of a suffix. And maybe also v0.

None of this is necessary at this time. Given anticipated changes to the REST Sandbox implementation (Swagger UI => Codex), it is difficult to predict the best way that we would go about this. The implementation therefore does not need to make allowences for this.

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
REST: Beta Modules - automatic module activation/publishingmediawiki/coremaster+508 -81
REST: Introduce new RestModuleOverride config value.operations/mediawiki-configmaster+22 -55
REST: Beta Modules - automatic discovery with config overridemediawiki/coremaster+959 -477
Customize query in gerrit

Related Objects

Event Timeline

BPirkle created this task.May 30 2025, 10:21 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMay 30 2025, 10:21 PM
BPirkle updated the task description. (Show Details)May 30 2025, 10:30 PM
gerritbot added a comment.Jun 3 2025, 2:51 AM

Change #1152880 had a related patch set uploaded (by BPirkle; author: BPirkle):

[mediawiki/core@master] REST: Beta Modules - automatic discovery with config override

https://gerrit.wikimedia.org/r/1152880

gerritbot added a project: Patch-For-Review.Jun 3 2025, 2:51 AM
HCoplin-WMF moved this task from Incoming (Needs Triage) to To Refine on the MW-Interfaces-Team board.Jun 3 2025, 2:25 PM
HCoplin-WMF moved this task from To Refine to MWI-Sprint-11 (2025-06-03 to 2025-06-17) on the MW-Interfaces-Team board.Jun 3 2025, 2:31 PM
HCoplin-WMF edited projects, added: MW-Interfaces-Team (MWI-Sprint-11 (2025-06-03 to 2025-06-17)); removed: MW-Interfaces-Team.
BPirkle claimed this task.Jun 3 2025, 2:32 PM
BPirkle moved this task from Committed to In Progress on the MW-Interfaces-Team (MWI-Sprint-11 (2025-06-03 to 2025-06-17)) board.
HCoplin-WMF triaged this task as Medium priority.Jun 3 2025, 3:14 PM
HCoplin-WMF set the point value for this task to 5.
BPirkle removed the point value 5 for this task.Jun 3 2025, 4:30 PM

After some conversation with the team, there are concerns about directory scanning.

Here is section of the task description discussing the alternatives that were considered:

There are are several ways we could go about making core modules discoverable, including:

  1. move module definition files into a specific directory, which core will scan at execution time (and cache the results)
  2. introduce a listing file, probably json, that points at module definition files
  3. use config defaults for core, given that core already knows about its own endpoints

#1 is simple for endpoint developers, and makes it easy to see all core module definition files (right now, they're mixed with other files in includes/Rest, which has always felt messy to the author of this task).
#2 feels like configuration within code, adds another thing for developers to remember to do, and introduces a new schema definition.
#3 is literally configuration within code, and adds a non-obvious thing for developers to do outside the Rest directory - modifying config defaults when making a code change isn't a typical pattern

There are probably a lot more alternatives.

In order to keep the hypothesis on track, we need to decide on an approach pretty quickly. I've scheduled sync discussion, but everyone's schedule's are packed and there's little overlap, so it is unlikely everyone who wants to contribute to the discussion can attend. Feel free to discuss async in the comments here, especially if you can't attend the sync meeting, so that your feedback can be part of the conversation.

BPirkle added a comment.Jun 3 2025, 7:21 PM

I suppose the absolute simplest thing for enabling core modules is just to hard-code the module names, in the same way we already hard-code coreRoutes.json. This would make the first part of EntryPoint::getRouteFiles() look like this:

	private static function getRouteFiles( $conf ) {
		global $IP;
		$extensionsDir = $conf->get( MainConfigNames::ExtensionDirectory );
		// Always include the "official" routes. Include additional routes if specified.
		$routeFiles = array_merge(
			[
				'includes/Rest/coreRoutes.json',
				'includes/Rest/content.v1.json',
				'includes/Rest/specs.v0.json',
			],
			$conf->get( MainConfigNames::RestAPIAdditionalRouteFiles )
		);

Alternatively, we could make the array of core route files a private constant near the top of the file, which would be a little more visible.

BPirkle added a comment.Jun 4 2025, 5:35 AM

I tried out the hard-coding change as patch set 2. We can change again if we need to, but figured it'd be easier to evaluate with code to look at.

BPirkle added a comment.Jun 4 2025, 5:16 PM

Summary of sync meeting:

  • we like the hard-coding change for discovery. So discovery will not technically be "automatic" - developers will need to add an entry to the hard-coded array. This seems a small burden, and straightforward for people already making changes to core.
  • we see a need for a config variable to suppress modules on a per-wiki basis. This is along the idea of the RestModuleOverride config variable described in the task description, but can perhaps be a little simpler.
  • for module discovery in the REST Sandbox, we're going to pursue the idea of a RestModuleManager, similar to the existing Action API ApiModuleManager. The idea is to encapsulate the logic surrounding which modules are active, including the logic of which may be suppressed by the config variable. This information will be needed in both Router and SpecialRestSandbox, so putting it into an easily-instantiated class with minimal dependencies seems useful. But we are not entirely sure how this will play out, so it is possible we'll try it, hate the idea, and have to revisit this choice.

I'll put together a change in gerrit for review and further comment.

gerritbot added a comment.Jun 10 2025, 4:22 PM

Change #1155275 had a related patch set uploaded (by BPirkle; author: BPirkle):

[mediawiki/core@master] REST: Beta Modules - automatic module activation/publishing

https://gerrit.wikimedia.org/r/1155275

gerritbot added a comment.Jun 15 2025, 8:49 PM

Change #1152880 abandoned by BPirkle:

[mediawiki/core@master] REST: Beta Modules - automatic discovery with config override

Reason:

Abandoning in favor of https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1155275

https://gerrit.wikimedia.org/r/1152880

BPirkle added a comment.Jun 16 2025, 1:18 AM

Update:

I did not add a REST Module Manager in the proposed change. I experimented with it in the abandoned change, and decided that doing the way I'd like was a larger refactor than made sense for this task.

That may still be a good idea in the future, because it bothers me that getting information about a module requires all the same dependencies to be injected as executing that module would, when some of them should be unnecessary. But we're mixing dependencies necessary for getting information about things with dependencies necessary for executing them in other places (Handler, Router), so unwinding that isn't a small change. May still be worthwhile, but deserves its own task.

We need to be careful with deployment. If we merged it as-is right now, and it rode the train before we made config changes, then the specs.v0 and content.v1 modules, as well as the REST Sandbox, would become available on all wikis, and we don't want that.

My thoughts on deployment are one of:

  • add the new override config variable to the config repo and deploy that in advance of merging the core change. I think nothing will break if I add a config variable that doesn't exist in core, but I've never done it. So I'm not sure what would happen, or if that's frowned upon
  • break the patch up into two, one to introduce the override and a dependent patch for automatic activation/publishing

The second one is probably a better idea, but I'm open to suggestions.

(I also posted some of the above in Slack)

HCoplin-WMF edited projects, added: MW-Interfaces-Team (MWI-Sprint-12 (2025-06-17 to 2025-07-01)); removed: MW-Interfaces-Team (MWI-Sprint-11 (2025-06-03 to 2025-06-17)).Jun 17 2025, 2:36 PM
HCoplin-WMF moved this task from Committed to In Progress on the MW-Interfaces-Team (MWI-Sprint-12 (2025-06-17 to 2025-07-01)) board.
BPirkle moved this task from In Progress to Code Review on the MW-Interfaces-Team (MWI-Sprint-12 (2025-06-17 to 2025-07-01)) board.Jun 18 2025, 3:09 PM
gerritbot added a comment.Jun 23 2025, 2:27 PM

Change #1162919 had a related patch set uploaded (by BPirkle; author: BPirkle):

[operations/mediawiki-config@master] REST: Introduce new RestModuleOverride config value.

https://gerrit.wikimedia.org/r/1162919

HCoplin-WMF edited projects, added: MW-Interfaces-Team (MWI-Sprint-13 (2025-07-01 to 2025-07-15)); removed: MW-Interfaces-Team (MWI-Sprint-12 (2025-06-17 to 2025-07-01)).Jul 1 2025, 2:53 PM
HCoplin-WMF moved this task from Committed to Code Review on the MW-Interfaces-Team (MWI-Sprint-13 (2025-07-01 to 2025-07-15)) board.
OWresch-WMF edited projects, added: MW-Interfaces-Team (MWI-Sprint-14 (2025-07-15 to 2025-07-29)); removed: MW-Interfaces-Team (MWI-Sprint-13 (2025-07-01 to 2025-07-15)).Jul 15 2025, 2:56 PM
OWresch-WMF moved this task from Committed to Code Review on the MW-Interfaces-Team (MWI-Sprint-14 (2025-07-15 to 2025-07-29)) board.
HCoplin-WMF moved this task from Code Review to Blocked on the MW-Interfaces-Team (MWI-Sprint-14 (2025-07-15 to 2025-07-29)) board.Jul 15 2025, 5:28 PM
BPirkle mentioned this in T399512: Document how to preview changes to MediaWiki OpenAPI specs locally.Jul 16 2025, 1:26 PM
daniel mentioned this in T396684: Sitemaps API.Jul 16 2025, 1:57 PM
HCoplin-WMF edited projects, added: MW-Interfaces-Team (MWI-Sprint-15 (2025-07-29 to 2025-08-12)); removed: MW-Interfaces-Team (MWI-Sprint-14 (2025-07-15 to 2025-07-29)).Jul 29 2025, 3:06 PM
HCoplin-WMF moved this task from Committed to Blocked on the MW-Interfaces-Team (MWI-Sprint-15 (2025-07-29 to 2025-08-12)) board.
OWresch-WMF edited projects, added: MW-Interfaces-Team (MWI-Sprint-16 (2025-08-12 to 2025-08-26)); removed: MW-Interfaces-Team (MWI-Sprint-15 (2025-07-29 to 2025-08-12)).Aug 12 2025, 2:55 PM
OWresch-WMF moved this task from Committed to Blocked on the MW-Interfaces-Team (MWI-Sprint-16 (2025-08-12 to 2025-08-26)) board.
HCoplin-WMF renamed this task from REST: Beta Modules - automatic discovery with config override to [BLOCKED] REST: Beta Modules - automatic discovery with config override.Aug 26 2025, 3:30 PM
HCoplin-WMF edited projects, added: MW-Interfaces-Team; removed: MW-Interfaces-Team (MWI-Sprint-16 (2025-08-12 to 2025-08-26)).
HCoplin-WMF moved this task from MWI-Sprint-16 (2025-08-12 to 2025-08-26) to Backlog on the MW-Interfaces-Team board.
HCoplin-WMF moved this task from Backlog to To Refine on the MW-Interfaces-Team board.
BPirkle mentioned this in T409517: REST: API modules can be suppressed/opt-out of spec generation.Nov 13 2025, 3:47 AM
HCoplin-WMF added a comment.Mar 24 2026, 3:24 AM

Do we still need this ticket? Or do you plan to recreate/reshape stuff in response to the other audiences work?

BPirkle closed this task as Declined.Mar 24 2026, 1:46 PM

Closing in favor of T413443: [5.2.8 Epic] Include Audience designations on modules.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits