Intent to Implement System Add-on: SHIELD/Normandy

Michael Kelly mkelly at
Wed Sep 28 21:56:45 UTC 2016

The add-on itself does not require localization yet. All strings that
might be localized are fetched as part of the configuration for actions
that's entered in the admin interface and stored in the server's
database. We can target recipes by locale, so sending out a localized
survey would involve creating a new recipe targeted to the locale in
question, and using localized strings for the config.

For the time being we are only sending out recipes in en-*. When the S&I
team starts to talk about sending out non-en-* recipes, we'll be sure to
loop in the l10n team and come up with a process for submitting and
translating strings.

- Mike Kelly

On 9/26/16 9:30 PM, Francesco Lodolo [:flod] wrote:
> Hi,
> Can you clarify if this add-on requires localization and what's the plan
> for it?
> I quickly looked at the add-on repo, I see references to messages but
> not the actual strings.
> Francesco
>> Hi!
>> This is a notice of our intent to implement a system add-on to handle
>> the client-side logic for SHIELD. And by intent, I mean our team[1] has
>> been working on it since before the Intent to Implement email was part
>> of the Go Faster release process. Surprise! :P
>> (FYI SHIELD is the initiative, Normandy is the codename used on Github
>> for the service, add-on, etc. that support the initiative)
>> Reference links
>> ---------------
>> Tracking bug[2]:
>> Wiki:
>> Add-on Repo:
>> Add-on Overview
>> ---------------
>> SHIELD is a product delivery system that we use for things that require
>> customizable behavior with a very short update cycle. We currently use
>> it for gathering feedback and sentiment from users via Heartbeat
>> surveys, as well as for enrolling users in feature experiments via
>> SHIELD Studies.
>> Right now we do this using the hidden self-repair iframe that loads
>> on Firefox start-up. The self-repair page
>> fetches "recipes" from the service, which have a set of filters for
>> targeting types of users, JavaScript that implements their behavior, and
>> configuration that is passed to the JavaScript when it is executed.
>> These recipes are then filtered and executed within the iframe.
>> The Normandy system add-on will replace (and disable) this iframe, and
>> instead directly fetch the recipes and execute them in a JS sandbox.
>> With the system add-on, we will be able to add new functionality for
>> recipes instead of being limited by the iframe, and will also be able to
>> target recipes based on more information, such as the data in Telemetry.
>> We've worked with the Services Ops security team and the Platform
>> security team to ensure that the downloading and execution of recipes is
>> as safe as possible. Recipes are signed using autograph[3] to prevent
>> tampering, and the sandbox implementation has been preliminarily
>> reviewed.
>> Timeline
>> --------
>> We're very close to finishing implementation, and expect to have the
>> code ready for review within a week or so. We are working with QA to
>> come up with a test plan and timeline for testing.
>> Our current plan is to get merged into mozilla-central and get uplifted
>> to 51.0/Aurora shortly after, as the Strategy and Insights team doesn't
>> really have any specific surveys or studies they'd like to run on
>> Nightly that we can use for testing.
>> ---
>> Let me know if you have any questions. Mythmon is the lead developer on
>> the add-on and can also answer questions.
>> Thanks!
>> - Mike Kelly
>> [1] Michael Cooper (Mythmon), Brittany Storoz, Rehan Dalal, and Benton
>> Case, AKA Run the Tools, working on web-based tools that support Firefox.
>> [2] Those dates in the first comment? Way off. We shifted priorities for
>> a bit to focus on the service.
>> [3]
>> _______________________________________________
>> release-drivers mailing list
>> release-drivers at

More information about the firefox-dev mailing list