I'm jumping in (by request! ;) to give my recommendation: I would 100% go with VueJS on this, even only for the reason that recently this was the framework adopted by the foundation for our frontend modernization.

Also, this shouldn't act as a gadget; we did not officially release it as such and it is not optimized to be that. We're supporting it as a browser extension, and we're (ab)using the ResourceLoader queue "feature" to insert ourselves as if we're a gadget,but still working from the browser.

IIRC, we need to ask for the translated message for the button/link, and while we're at it we're asking for the rest of the messages. I don't think we can get away with not calling it at all and still have the link appear? (though admittedly I need to delve into the code again to see if it's a timing issue)

In T255504#6266193, @dbarratt wrote:

@Mooeypoo brings up an important point of separating the concerns (separating the config from the translations). However, it seems like it might be a slight abuse of the translation system to use it for config, even though, as @Tchanders point out, it's already being used that way. I wasn't able to find any other messages being used in a JSON format (they all seem to use a custom format).

@Marostegui (feel free to tag anyone else that may need to participate here?), we've discussed this extensively in the team after running into some challenges, and ran some analysis on the usage of the watchlist table. We want to see if we can reframe the problem and make sure we can find a viable way forward.

Another idea, followup from conversations in the team:

There's an issue here we should account for, or at least be aware of, that may make this block action less impactful than we'd think. If we go with @DannyS712 idea, we could probably block the actual action of moving a page (when you hit the menu action item for "move") but there are other ways to move pages manually.

In T249259#6158741, @Krinkle wrote:

The module to bundle this is with would be that same module (the watch JS module). See packageFiles.

It looks like the output should be added to the table entry for the page rather than just the rows outputted for a single change, in "EnhancedRecentChanges". Good catch, @Scardenasmolinar

In T249259#6148287, @dom_walden wrote:

On StructuredDiscussion talk pages, I am seeing inconsistent popup behaviour when clicking the watch star.

Watching talk page

1. Visit a talk page which is unwatched and has StructuredDiscussions enabled (go to Special:Preferences#mw-prefsection-betafeatures, check "Structured Discussions on user talk" and Save).
2. Click the watch star. You will see the usual watch message:
   
3. Click the watch star again. You will see the usual unwatch message:
   
4. Click the watch star again. You will see the special StructuredDiscussion message:
   

With watchlist expiry disabled, you see the special StructuredDiscussion message when you first click watch (step 2).

Unwatching talk page

1. Visit a talk page which is watched and has SD enabled.
2. Click the watch star. You will see the SD message telling you you have subscribed to the page (even though you have not):
   

I can reproduce both of the above on beta, which has watchlist expiry enabled ($wgWatchlistExpiry = true).

I have not been able to reproduce either of the above with watchlist expiry disabled (on my local version).

@Scardenasmolinar I know @Mooeypoo worked on StructuredDiscussion, so she might know more about this.

In T249259#6150283, @Krinkle wrote:

From Gerrit:

This should not be output in the <head> of every production page view.

The information is static and identical side-wide. Bundle it with the module that neeeds it instead. This avoids delaying article rendering.

We definitely rely on user rights when we show (and not show) the information when a revision is suppressed or deleted, by feature (not bug) so it sounds reasonable that if the revision was deleted, you'd get a popup with hidden details.

Can you check if this happened at a specific revision? I just tried it now, and I see the entire text highlighted, given credit to your username as have written 100% of the page.

Today I learned ;) https://phabricator.wikimedia.org/source/mediawiki/browse/master/includes/htmlform/HTMLForm.php$95

In T217363#6103219, @Prtksxna wrote:

In T217363#5860532, @DannyS712 wrote:

Using HTML form's hide-if should take care of accessibility concerns

@Mooeypoo @Volker_E I don't know much about hide-if. Is it implemented in an accessible way?

In T251894#6108725, @Tchanders wrote:

Tagging @aezell in case manager approval is needed.

@Mooeypoo do you need access too?

In T251590#6100879, @Volker_E wrote:

Hmmmm, we really don't want inline labels at most. They are bad, bad, bad. User research (I'd need to google it for you) has shown that inline labels and text inputs make it really hard to quickly navigate/skim forms for users. Haven't yet come across the combination of text input and inline.

Sure, but there are exceptions to this rule, and when those exist, we do need a way to do it.

I think that the question of which "upstream" is a good one; ideally, this actually could be generic enough to be in OOUI tiself, but I agree that it probably just increases complexity and size for probably very low usage.

That's weird; we do have inline forms with text fields, I'd have expected this to be found as a bug before.... :\
If FieldLayout allows for an inline config, then it should respect inline settings.

After a bit of back and forth with @Catrope and examining the challenges here with an OOUI popup, Roan made a good point about at least testing whether the alternative is viable.

Thank you everyone for all the feedback and back and forth, and I apologize for any misunderstandings here.

@Nuria I'm a little confused, and I'd like to clarify something.

Split to two tickets:

(egh, my screenshot didn't work, but--) w00t, it works now!

Sweet, I think this should fix it. I +2'ed, so it should be available on beta soon to test.

Following up since @Etonkovidova has asked me to look into why it's not working:

I would avoid doing things that have no (or huge) limit. Honestly, I think it's a product problem more than a performance one, but since we are checking more than one target (unlike the original) I'd be slightly more careful, and go with pagination.

This looks great. Let's just make sure we don't literally copy over what RecentChanges is doing, because the way it is constructing its lines is pretty horrific, and uses monospace-font single-spaces to align tags per each line, etc.

In T246958#5950354, @Tchanders wrote:

@Mooeypoo Thanks yes, that sounds the same as what's described in T246958#5949448. (Prioritize requires over exists; show errors accordingly.)

Oh, I'm sorry if I misrepresented. I got confused with the table showing different messaging exists=true and exists=false... which is different than the suggestion. Sorry, it's really confusing -- I'm just glad we are on the same page!

My main concern was about changing the behaviour of a long-standing and widely-used widget - if that's ok then let's go ahead with this.

Thank you for the thorough analysis, @Tchanders !

Clarification: The cap should be configurable per wiki (per the conversations with DBAs), with a default (for now) of 20,000 items.

Thank you for the excellent detailed reply, @EvanYou. This is a great summary of the points, and gives a good perspective to this RFC and the entire modernization endeavor in general.

Looks good to me. Thank you for figuring it out, @matmarex !

Thanks @Dzahn ; I signed the document, and my public ED25519 key is:

The general idea of this specific task is to provide the full coverage for the Services, not so much for the special page, which seemed to be more focused and doable. We've added the use cases to guide/inform the approach to the testing.

A couple of small clarifications from the meeting. The third option is the one that's laid out in the description of this ticket, including the product implications.

Confirmed; on Firefox v73, even on not too large of a screen.

We don't have that in production so far, so I'm not sure, especially due to security concerns. We might need to have a gadget where each user must whitelist the toolforge URL individually for security and privacy.

PRU is now available on all test wikis:

The table has been created. Thank you for all the advice and guidance and help @Marostegui! And thanks, @Anomie, for the input and guidance on the best ways to approach the purging.

Investigation resolved. Next steps on followup tickets. Thank you for everyone's input!

Investigation is done; we will await next steps to create followup tickets.

Will do, @Marostegui ; FYI, I'm also tracking the creation of the table through this ticket: T244631: Create `watchlist_expiry` table in production after wmf.19 is available.

In T245082#5884033, @aezell wrote:

How will the relative bits work with translation and localization if this is truly configurable per wiki?

Just to clarify for engineering related thing, am I right to say that, basically, the message ("Both username and email address are required to receive a temporary password via email.") should never appear anywhere, @ifried ?

The product we're discussing (an expansion to CheckUser) deals with potentially large chunks of data from the database, which triggers a number of problems with regard to performance. Regardless of what method we use, we have to come up with a good way to deal with that. After discussing with the team and talking things with @Catrope for some advice around how CheckUser has historically extracted potentially large chunks of information to process, I think we have a slightly changed strategy, and have a plan.

Thank you for the analysis, @HMonroy, this is super helpful!

That's a good point also for the no-JS version.

In T244804#5870343, @Reedy wrote:

The purging operation should be done every X edits, where X is a configuration variable that has a default but can be set separately per wiki.

I would suggest adding a maintenance script (as a thin wrapper around whatever code you write) that can be cronjob'd/similar too like we do in other situations

https://github.com/wikimedia/mediawiki/blob/master/maintenance/purgeExpiredUserrights.php and https://github.com/wikimedia/puppet/blob/b347052863d4d2e87b37d6c2d9f44f833cfd9dc2/modules/mediawiki/manifests/maintenance/purge_expired_userrights.pp

Note: This process is already implemented for the RecentChanges table, which is being purged every few edits. see: https://gerrit.wikimedia.org/g/mediawiki/core/+/799eeb583a6747ad96888ec0fef8f76e45079129/includes/Storage/DerivedPageDataUpdater.php#1493

These look great, @Prtksxna !

In T240094#5847622, @Marostegui wrote:

Not sure I get this, if we move to a model where we'd be purging based on the number of edits, we should be good now?
Say we purge every 1000 edits, if that operation fails, we'd be purging once it reaches 2000?

I think one retry at least is always good, servers can be overloaded, they could be connection issues, contention issues etc...so at least a retry should be attempted I believe.

To clarify -- the wl_id was already added to the table. When we checked into this feature, we believed this RFC to be done because the details (wl_id in the watchlist table) were done, even though the original proposers then deprioritized the work on the feature. When we consulted, we were told no RFC is needed for the actual feature.

We're working on this as part of the wishlist items. We're going with the strategy of adding a new table that references the watchlist item and has an expiration.

Thank you for the quick response, @Marostegui.

In T240094#5825657, @Marostegui wrote:

In T240094#5724068, @aezell wrote:

Our hope was that having this data in a separate table would allow us to tune the automated deletions that will happen as part of expiration. If we do this in the existing watchlist table, we risk causing table locks that could significantly affect app performance.

How are you going to determine the size of the DELETE batches. Deleting is an expensive operation in MySQL, so ideally we'd prefer often but smaller transaction rather than less but bigger ones.
I also assume normal "wait for replication protections" will be used on the scripts.

Thank you for the kind words, I'm really glad you like this, and very happy to see the positive reactions overall.

The patch as written by @dbarratt looks good to me, but I'd like to make sure this complies with your recommendations, @sbassett, especially in regards to the given packages and the versioning. Since this is going to be what we base the rest of the product on, can you be so kind to do a quick pass, @sbassett https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/554229

Now that we have things organized and settled, I'm tagging DBA for assistance. Please let us know if there's anything we need to further expand on, explain, or help with. Your help is super appreciated, thank you!

After some thinking, I unfortunately think that the extension route might actually not be feasible because of the external API request (I don't think we allow for any of that in extensions in production) but either way, a question -- @MusikAnimal

This is a weird bug, but I don't think it's a problem of the character, I think there might be an issue in WhoColor with this specific article?

There is another option we should add to the investigation, @MusikAnimal -- let's also check into making WWT into a MediaWiki extension.

In T233091#5820323, @ifried wrote:

Okay, thanks, Dom. I'll keep it in the 'to be estimated/discussed' column for now, and we'll check in again at a later time to see if the behavior resurfaces.

Also, @Mooeypoo, do you think this issue was fixed in the process of the refactor work in T241004? Thanks!

Added as part of https://github.com/wikimedia/WhoWroteThat/pull/138

OK I fixed the comments, and also fixed up the request from T242954: WWT Popup: Padding changes [x-small] so this is ready for re-review.

Perfect. This can be fixed / added to the ongoing PR https://github.com/wikimedia/WhoWroteThat/pull/138