Create a catalog list of private APIs #66558
Conversation
jsnajdr
requested review from
ajitbohra,
juanmaguitar,
fabiankaegy and
ndiego
as code owners
|
The following accounts have interacted with this PR and/or linked issues. I will continue to update these lists as activity occurs. You can also manually ask me to refresh this list by adding the If you're merging code through a pull request on GitHub, copy and paste the following into the bottom of the merge commit message. To understand the WordPress project's expectations around crediting contributors, please review the Contributor Attribution page in the Core Handbook. |
docs/private-apis.md
Outdated
| Gutenberg packages currently export 237 private APIs: | ||
| - 42 store actions | ||
| - 57 store selectors | ||
| - 66 React components | ||
| - 30 React hooks |
There was a problem hiding this comment.
Do the numbers have any specific utility? I'd refrain from adding those numbers because it will be very easy for them to get obsolete.
There was a problem hiding this comment.
I don't understand this feedback. Is is about the usefulness of the numbers (I think they are very interesting!) or about them being placed in the document, rather than is some (interesting) GitHub comment?
There was a problem hiding this comment.
The numbers can be useful; we agree there. However, it will be difficult/extra effort to keep them up to date, which invalidates their usefulness IMHO.
| @@ -0,0 +1,348 @@ | |||
| # Gutenberg Private APIs | |||
There was a problem hiding this comment.
Might make sense to add context to the document, explaining why it exists and why we need to catalog those private APIs.
My thinking is that this is something that is going to exist forever, and also it's a form of documentation. So it should be a document in the repo. Issues are transient and they are supposed to be eventually closed. An inspiration is the TC39 repo where the info about proposals and theirs status is also committed in version control, as |
That makes sense 👍 I like the TC39 table view of different stage proposals. |
|
While I encourage this initiative, it's important to note that not all private APIs are meant to be "stabilized". Private APIs are in fact stable APIs but they are internal to Core. While we'd probably want to open some of them as public APIs, it's not their purpose to be used as "experimental APIs" |
jsnajdr
force-pushed
the
add/private-apis-catalog
branch
from
bb9e0e8 to
b0d46bc
Compare
|
Flaky tests detected in d7a59ed. 🔍 Workflow run URL: https://github.com/WordPress/gutenberg/actions/runs/12256321622
|
|
I resolved the review feedback and incorporated a few changes that happened recently. I believe this PR should be mergeable now.
@tyxla I removed the stats from the document, keeping only the list of APIs.
Added some motivational text at the beginning of the document.
@youknowriad That's fine, my takeaway is that we should consistently call them "private" and avoid using the term "experimental" or "unstable". Which APIs do you think currently are of this type? Private by design? Let's mark them as such in this document. |
Hard to tell, there's so much but I think the majority is like that. |
|
Part of me wonders if having this catalog would actually encourage users to use these (usurp some unloaded package to get access to these) |
That's not necessarily a bad thing. If these APIs are valuable to plugin authors, and they help them build something valuable, then why are they private? The question is whether we have a way to learn about these usages.
Let's start flagging specific ones. |
That is definitely a bad thing for me. Plugin authors should absolutely not use these APIs. This is the reason we introduce the private APIs concept in the first place. I think you're conflating "experimental APIs" which we don't have any concept of at the moment and for which we want to discovery with private APIs which we do have a concept for today and we want them to stay private. |
My issue with this is that the private-ness of many of these APIs is going to be hard to defend and self-contradictory. Especially when they are long-term stable. If a plugin goes through the trouble to access a stable private API, they probably do it because they are implementing something valuable with it. The API is interesting and useful for plugins. Then, if it's stable and useful, why are we keeping it private? The Gutenberg plugin obviously also finds that particular private API useful and valuable, because it uses it to implement things. Core blocks use private APIs from For example, #67209 discusses the
Yes, I am conflating them because at this moment they are the same thing. There was a proposal in #47785 to also have "plugin-only" APIs, but it was never implemented. It seems that we are going to implement that only now. Also I don't believe the boundary between private and experimental is going to be that strict. I think that will show when we start discussing individual endpoints one by one. |
For me writing a stable internal API and writing a stable public API is two completely different things with different tradeoffs. A private API that is stable for users doesn't mean it should be public. Think of it as private property in a class or a function that is not exported in a JS module. It's not because this function or property hasn't changed for years that it's meant to be used by plugins.
I have no doubt that some of these APIs are valuable for plugins, but instead of just highlighting the wrong thing to do, we should be encouraging the plugins to require public APIs. At that moment we can discuss whether to build a public API, think of whether the function/class/component that was private has the correct tradeoffs in place to be made stable. We should find ways to make it even more strict to access these APIs and not the opposite.
This is actually a good example of what I'm trying to say. This API should never be public, the plugin author shared its use-case and it's not something that should be addressed by making contentRef public, in most situations, the public API needed (in this case, a labels/messages API) is very different from the way plugin authors are trying to use these private APIs. |
jsnajdr
force-pushed
the
add/private-apis-catalog
branch
from
b0d46bc to
302e9d4
Compare
I totally agree with this and I plan to propose to lock the truly private APIs even more, using some private symbol as key or by a key uniquely generated on every build. But to make this work we need to address the private APIs that are currently used by plugins. Because the workarounds like when WooCommerce pretends to be I see a pattern where anyone who wants to build a custom block editor is using some private API to do that. The P2 editor, MailPoet, WooCommerce product editor. Even the Drupal integration does something similar to That shows that the
What strikes me as odd is how many features in Gutenberg rely on
In short, there is a long list of functionality that is interested in looking directly at the DOM elements in the block editor, measure them or attach event handlers. It doesn't sound very likely that it could be all addressed with specialized public API. But I believe we're already very off-topic in the context of this PR 🙂 Can I merge the current list of private APIs or is there any blocker? |
|
For me, I don't think we should merge this PR as is as it frames things as APIs that belong to different stages of stabilisation. This only makes the problem worse as plugin authors will expect these APIs to move to another stage while they shouldn't. |
jsnajdr
force-pushed
the
add/private-apis-catalog
branch
from
302e9d4 to
d7a59ed
Compare
I rewrote the introductory paragraphs to point out that many of them are permanently private. Let me know if it looks better now. And I'm looking forward to some actionable feedback in case it still doesn't. My goal is to present a picture of the current status quo, without creating any expectations or making promises about what will happen in the future. |
|
It's better but personally I think we should just not do this at all. (just my opinion) It makes it sound like the number of private APIs is something that we should be careful about? I think that's wrong, no counts how many private functions or classes they have in their code base. Do we list all private PHP class properties, functions in WordPress docs? Whether we like or not, this highlights these APIs more and plugin authors will use this document as a way to discover these APIs, which we don't want to. |
|
To clarify my thoughts, I think a catalog like proposed here is very valuable for actual "experimental" APIs. But as of today, we don't have any (I actually think we have two, the ones hidden behind IS_GUTENBERG_PLUGIN to register actions and fields). |
Yes, we do. The private functions with a
I disagree that the document makes any judgments about the APIs. It just lists them. Someone might consider it fine, someone else might find it embarrassing or whatever, but that's always their judgment, it's not in the text.
Is this really how plugin authors discover Gutenberg APIs, by reading their documentation? I don't think that our docs are that good. From what I've seen in 3rd party plugin code, their authors almost certainly must have read the actual Gutenberg sources and draw inspiration and examples from there. And often they are already very well aware about the private/experimental APIs. I disagree that merely describing something can possibly make things worse.
I'm all for that, but currently none of the APIs are designated as experimental. And even the private API catalog is useful for Gutenberg contributors: there are over 200 private APIs now and are widely used (I see 560 |
|
If we really want to ship this I would remove these two sentences:
The differences between the APIs exposed here and the ones you mention as documented is the fact that both of these two random examples are actually publicly accessible APIs (regardless of whether they're marked as private). In the case of our private APIs in Gutenberg, they're not just marked as private, we do our best to prevent access as well. I don't see personally any difference between these and any random function or component that is not exported from the packages, so why are we listing just the private APIs that "leak" through the packages. |
One of these examples is a
Because they mention that some private APIs could become eventually public, and therefore they set expectations and encourage their use? That's fair. I'm also OK with posting this info in a GitHub issue, I just want to have the list at some place that has a public URL so that folks can refer to it. But I guess that having an issue suggests that private APIs are a "problem to be solved", something that we want to avoid. A |
Yes, that's my main concern with these sentences. |
jsnajdr
force-pushed
the
add/private-apis-catalog
branch
from
d7a59ed to
89f5906
Compare
I rewrote the introductory text trying to convey the following two ideas:
|
It could be eventually automated, in a very similar way how we now generate docs for the public APIs. How I created this list in the first place: I instrumented the |
* Create a catalog list of private APIs * Document some private components * Rewrite the introduction * Rewrite the introduction again
* Create a catalog list of private APIs * Document some private components * Rewrite the introduction * Rewrite the introduction again
This PR adds a list of all private APIs in Gutenberg packages. Next steps: