Intent to Implement System Add-on: SHIELD/Normandy

Gijs Kruitbosch gijskruitbosch at
Mon Sep 26 21:05:09 UTC 2016


 From this, I'm assuming Firefox peers/owners will be asked to review 
the add-on code before landing it in m-c. Can you confirm if that's correct?
Stating the obvious and related point: it might be worth giving them a 
heads up (if that hasn't already happened) if you're planning to dump a 
big load of code in their queue...

Secondly... are the actions / server-side things going to be subject to 
Firefox reviews, given that they directly affect the user experience of 
the product in ways that normally require such reviews? There's some 
unfortunate history in that area that I would really like to avoid 
repetitions of.

~ Gijs

On 26/09/2016 21:44, Michael Kelly wrote:
> Hi!
> This is a notice of our intent to implement a system add-on to handle
> the client-side logic for SHIELD. And by intent, I mean our team[1] has
> been working on it since before the Intent to Implement email was part
> of the Go Faster release process. Surprise! :P
> (FYI SHIELD is the initiative, Normandy is the codename used on Github
> for the service, add-on, etc. that support the initiative)
> Reference links
> ---------------
> Tracking bug[2]:
> Wiki:
> Add-on Repo:
> Add-on Overview
> ---------------
> SHIELD is a product delivery system that we use for things that require
> customizable behavior with a very short update cycle. We currently use
> it for gathering feedback and sentiment from users via Heartbeat
> surveys, as well as for enrolling users in feature experiments via
> SHIELD Studies.
> Right now we do this using the hidden self-repair iframe that loads
> on Firefox start-up. The self-repair page
> fetches "recipes" from the service, which have a set of filters for
> targeting types of users, JavaScript that implements their behavior, and
> configuration that is passed to the JavaScript when it is executed.
> These recipes are then filtered and executed within the iframe.
> The Normandy system add-on will replace (and disable) this iframe, and
> instead directly fetch the recipes and execute them in a JS sandbox.
> With the system add-on, we will be able to add new functionality for
> recipes instead of being limited by the iframe, and will also be able to
> target recipes based on more information, such as the data in Telemetry.
> We've worked with the Services Ops security team and the Platform
> security team to ensure that the downloading and execution of recipes is
> as safe as possible. Recipes are signed using autograph[3] to prevent
> tampering, and the sandbox implementation has been preliminarily reviewed.
> Timeline
> --------
> We're very close to finishing implementation, and expect to have the
> code ready for review within a week or so. We are working with QA to
> come up with a test plan and timeline for testing.
> Our current plan is to get merged into mozilla-central and get uplifted
> to 51.0/Aurora shortly after, as the Strategy and Insights team doesn't
> really have any specific surveys or studies they'd like to run on
> Nightly that we can use for testing.
> ---
> Let me know if you have any questions. Mythmon is the lead developer on
> the add-on and can also answer questions.
> Thanks!
> - Mike Kelly
> [1] Michael Cooper (Mythmon), Brittany Storoz, Rehan Dalal, and Benton
> Case, AKA Run the Tools, working on web-based tools that support Firefox.
> [2] Those dates in the first comment? Way off. We shifted priorities for
> a bit to focus on the service.
> [3]
> _______________________________________________
> firefox-dev mailing list
> firefox-dev at

More information about the firefox-dev mailing list