In creating and maintaining the public-facing structure of a foundation service, you should hold yourself to several first-order goals:
Below we outline concrete standards that aid in achieving the above goals.
Strive to give your service a name that makes it immediately obvious what the service is for (“network”, “metrics”).
Avoid the usage of “Service” in interface names. While the term “Service” is overloaded in Chromium, in the context of //services it has a very specific meaning and should not be overloaded.
Strive to avoid conceptual layering violations in naming -- e.g., references to Blink or //content.
Use the names “FooClient” and “FooObserver” consistently in interfaces. If there is an expected 1:1 correspondence between Foo and its counterpart, that counterpart should be called FooClient. If there is an expected 1:many correspondence between Foo and its counterparts, those counterparts should be called FooObservers.
Every service should have a top-level README.md that explains the purpose and supported usage models of the service.
Every public interface should be documented at the interface (class) level and at the method level.
Interface documentation should be complete enough to serve as test specifications. If the method returns information of a user's accounts, what happens if the user is not signed in? If the method makes a request for an access token, what happens if a client makes a second method call before a first one has completed? If the method returns a nullable object, under which conditions will it be null?
Strive to avoid your documentation being too specific to a given client.
Strive to avoid molding your API shape too specifically to the needs of a given client. Most foundational services should make sense even in a Chrome-less system environment. A good test is: Would your service‘s APIs seem sensible to users who don’t have knowledge of Chrome's specific needs?
If a given interface Foo requires “construction parameters” (e.g., the client must give it a FooClient before calling any methods), provide a FooProvider interface with a GetFoo() method that takes in the relevant construction parameters. This approach eliminates the possibility of a badly-written (or malevolent) client calling methods on a partially-constructed Foo. To be concrete:
// NO: Client will have access to partially-constructed Foo.
interface Foo {
SetClient(FooClient client);
...
};
// YES: Foo will be completely constructed before client has access.
interface FooProvider {
GetFoo(Foo& request, FooClient client);
};
interface Foo { ... };
In the absence of specific guidance, strive for consistency with surrounding interfaces and with interfaces in other services.
Use service tests to test the public interfaces exposed by your service.
Every public method should be covered by at least one service test. Strive to have your tests enforce your documentation (corollary: if you can enforce your documentation without any tests, improve your documentation :).
Think of these tests as a form of “compliance tests”: They should be written in such a way that engineers with a distinct implementation of your APIs should trivially be able to run your tests against their implementation. Notably, try to avoid relying on implementation details of the service in its tests.
Related to the above, aim for a high degree of coverage with these tests. If a reimplementation passes your tests, you should have a high degree of confidence that it will be usable by your consumers.
The responsibility for holding these standards is shared across //services/OWNERS, individual service OWNERS, and services developers:
We expect that these standards will evolve over time. If you encounter a tricky situation not covered here, please send an email to services-dev@. Similarly, if you see inconsistency or violations of the standards, please file a bug and CC relevant OWNERS (i.e., of the service in question and/or //services/OWNERS).