Upgrade to jline 3 (#2400)

jline 3 contains API breaking changes, necessitating changes in
ShellCommand.

core/build.gradle

@@ -199,7 +199,6 @@ dependencies {
   implementation deps['javax.persistence:javax.persistence-api']
   implementation deps['jakarta.servlet:jakarta.servlet-api']
   implementation deps['javax.xml.bind:jaxb-api']
-  implementation deps['jline:jline']
   implementation deps['joda-time:joda-time']
   implementation deps['org.apache.avro:avro']
   testImplementation deps['org.apache.beam:beam-runners-core-construction-java']
@@ -226,6 +225,7 @@ dependencies {
   implementation deps['org.hibernate:hibernate-core']
   implementation deps['org.hibernate:hibernate-hikaricp']
   implementation deps['org.jcommander:jcommander']
+  implementation deps['org.jline:jline']
   implementation deps['org.joda:joda-money']
   implementation deps['org.json:json']
   implementation deps['org.jsoup:jsoup']

core/gradle.lockfile

@@ -321,7 +321,6 @@ javax.servlet:servlet-api:2.5=compileClasspath,deploy_jar,nonprodCompileClasspat
 javax.validation:validation-api:1.0.0.GA=compileClasspath,deploy_jar,nonprodCompileClasspath,nonprodRuntimeClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
 javax.xml.bind:jaxb-api:2.3.1=compileClasspath,deploy_jar,nonprodCompileClasspath,nonprodRuntimeClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
 javax.xml.bind:jaxb-api:2.4.0-b180830.0359=jaxb
-jline:jline:1.0=compileClasspath,deploy_jar,nonprodCompileClasspath,nonprodRuntimeClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
 joda-time:joda-time:2.10.14=compileClasspath,deploy_jar,nonprodCompileClasspath,nonprodRuntimeClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
 junit:junit:4.13.2=nonprodCompileClasspath,nonprodRuntimeClasspath,testCompileClasspath,testRuntimeClasspath
 net.arnx:nashorn-promise:0.1.1=testRuntimeClasspath
@@ -442,6 +441,7 @@ org.jetbrains.kotlinx:kotlinx-serialization-core-jvm:1.0.1=deploy_jar,nonprodRun
 org.jetbrains.kotlinx:kotlinx-serialization-core:1.0.1=deploy_jar,nonprodRuntimeClasspath,runtimeClasspath,testRuntimeClasspath
 org.jetbrains:annotations:13.0=annotationProcessor,testAnnotationProcessor
 org.jetbrains:annotations:17.0.0=compileClasspath,deploy_jar,nonprodCompileClasspath,nonprodRuntimeClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
+org.jline:jline:3.25.1=compileClasspath,deploy_jar,nonprodCompileClasspath,nonprodRuntimeClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
 org.joda:joda-money:1.0.4=compileClasspath,deploy_jar,nonprodCompileClasspath,nonprodRuntimeClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
 org.json:json:20160212=soy
 org.json:json:20231013=compileClasspath,deploy_jar,nonprodCompileClasspath,nonprodRuntimeClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath

core/src/main/java/google/registry/bsa/BsaValidateAction.java

@@ -22,6 +22,7 @@ import static com.google.common.collect.ImmutableSet.toImmutableSet;
 import static google.registry.bsa.BsaTransactions.bsaQuery;
 import static google.registry.bsa.ReservedDomainsUtils.getAllReservedNames;
 import static google.registry.bsa.ReservedDomainsUtils.isReservedDomain;
+import static google.registry.bsa.persistence.BsaLabelUtils.isLabelBlocked;
 import static google.registry.bsa.persistence.Queries.batchReadBsaLabelText;
 import static google.registry.bsa.persistence.Queries.queryMissedRegisteredUnblockables;
 import static google.registry.bsa.persistence.Queries.queryUnblockableDomainByLabels;
@@ -299,7 +300,9 @@ public class BsaValidateAction implements Runnable {
   ImmutableList<String> checkForMissingReservedUnblockables(DateTime now) {
     ImmutableList.Builder<String> errors = new ImmutableList.Builder<>();
     try (Stream<ImmutableList<String>> reservedNames =
-        toBatches(getAllReservedNames(now), transactionBatchSize)) {
+        toBatches(
+            getAllReservedNames(now).filter(BsaValidateAction::isBlockedByBsa),
+            transactionBatchSize)) {
       reservedNames
           .map(this::checkOneBatchReservedDomainsForMissingUnblockables)
           .forEach(errors::addAll);
@@ -338,6 +341,11 @@ public class BsaValidateAction implements Runnable {
     return errors.build();
   }
 
+  static boolean isBlockedByBsa(String domainInBsaEnrolledTld) {
+    InternetDomainName domainName = InternetDomainName.from(domainInBsaEnrolledTld);
+    return isLabelBlocked(domainName.parts().get(0));
+  }
+
   static String parseBlockListLine(String line) {
     int firstComma = line.indexOf(',');
     checkArgument(firstComma > 0, "Invalid block list line: %s", line);

core/src/main/java/google/registry/tools/ShellCommand.java

@@ -16,7 +16,6 @@ package google.registry.tools;
 
 import static com.google.common.base.StandardSystemProperty.USER_HOME;
 import static com.google.common.collect.ImmutableList.toImmutableList;
-import static java.nio.charset.StandardCharsets.US_ASCII;
 import static java.nio.charset.StandardCharsets.UTF_8;
 
 import com.beust.jcommander.JCommander;
@@ -31,27 +30,31 @@ import com.google.common.escape.Escaper;
 import com.google.common.escape.Escapers;
 import google.registry.util.Clock;
 import google.registry.util.SystemClock;
-import java.io.BufferedReader;
 import java.io.ByteArrayOutputStream;
-import java.io.File;
 import java.io.FilterOutputStream;
 import java.io.IOException;
-import java.io.InputStream;
-import java.io.InputStreamReader;
 import java.io.OutputStream;
 import java.io.PrintStream;
 import java.io.StreamTokenizer;
 import java.io.StringReader;
+import java.nio.file.Path;
 import java.util.Arrays;
 import java.util.List;
 import java.util.Map.Entry;
 import java.util.Optional;
 import javax.annotation.Nullable;
-import jline.Completor;
-import jline.ConsoleReader;
-import jline.ConsoleReaderInputStream;
-import jline.FileNameCompletor;
-import jline.History;
+import org.jline.builtins.Completers.FileNameCompleter;
+import org.jline.reader.Candidate;
+import org.jline.reader.Completer;
+import org.jline.reader.EndOfFileException;
+import org.jline.reader.LineReader;
+import org.jline.reader.LineReaderBuilder;
+import org.jline.reader.ParsedLine;
+import org.jline.reader.UserInterruptException;
+import org.jline.reader.impl.LineReaderImpl;
+import org.jline.terminal.Terminal;
+import org.jline.terminal.TerminalBuilder;
+import org.jline.terminal.impl.DumbTerminal;
 import org.joda.time.DateTime;
 import org.joda.time.Duration;
 
@@ -89,73 +92,56 @@ public class ShellCommand implements Command {
    */
   private final CommandRunner originalRunner;
 
-  private final BufferedReader lineReader;
-  private final ConsoleReader consoleReader;
+  private final LineReader lineReader;
   private final Clock clock;
 
+  private String prompt = null;
+
   @Parameter(
       names = {"--dont_exit_on_idle"},
       description =
-          "Prevents the shell from exiting on PROD after the 1 hour idle delay. "
-              + "Will instead warn you and require re-running the command.")
+          """
+              Prevents the shell from exiting on PROD after the 1 hour idle delay.
+              Will instead warn you and require re-running the command.""")
   boolean dontExitOnIdle = false;
 
   @Parameter(
       names = {"--encapsulate_output"},
       description =
-          "Encapsulate command standard output and error by combining the two streams to standard "
-              + "output and inserting a prefix ('out:' or 'err:') at the beginning of every line "
-              + "of normal output and adding a line consisting of either 'SUCCESS' or "
-              + "'FAILURE <exception-name> <error-message>' at the end of the output for a "
-              + "command, allowing the output to be easily parsed by wrapper scripts.")
+          """
+              Encapsulate command standard output and error by combining the two streams to
+              standard output and inserting a prefix ('out:' or 'err:') at the beginning of every
+              line of normal output and adding a line consisting of either 'SUCCESS' or
+              'FAILURE <exception-name> <error-message>' at the end of the output for a
+              command, allowing the output to be easily parsed by wrapper scripts.""")
   boolean encapsulateOutput = false;
 
   ShellCommand(CommandRunner runner) throws IOException {
-    this.originalRunner = runner;
-    InputStream in = System.in;
-    if (System.console() != null) {
-      consoleReader = new ConsoleReader();
-      // There are 104 different commands. We want the threshold to be more than that
-      consoleReader.setAutoprintThreshhold(200);
-      consoleReader.setDefaultPrompt("nom > ");
-      consoleReader.setHistory(new History(new File(USER_HOME.value(), HISTORY_FILE)));
-      in = new ConsoleReaderInputStream(consoleReader);
-    } else {
-      consoleReader = null;
-    }
-    this.lineReader = new BufferedReader(new InputStreamReader(in, US_ASCII));
-    this.clock = new SystemClock();
+    this(TerminalBuilder.terminal(), new SystemClock(), runner);
+    prompt = "nom > ";
+    lineReader.variable(LineReader.HISTORY_FILE, Path.of(USER_HOME.value(), HISTORY_FILE));
   }
 
-  @VisibleForTesting
-  ShellCommand(BufferedReader bufferedReader, Clock clock, CommandRunner runner) {
+  ShellCommand(Terminal terminal, Clock clock, CommandRunner runner) {
     this.originalRunner = runner;
-    this.lineReader = bufferedReader;
+    this.lineReader = LineReaderBuilder.builder().terminal(terminal).build();
     this.clock = clock;
-    this.consoleReader = null;
   }
 
   private void setPrompt(RegistryToolEnvironment environment, boolean alert) {
-    if (consoleReader == null) {
+    // Do not set the prompt in tests.
+    if (lineReader.getTerminal() instanceof DumbTerminal) {
       return;
     }
-    if (alert) {
-      consoleReader.setDefaultPrompt(
-          String.format("nom@%s%s%s > ", ALERT_COLOR, environment, RESET));
-    } else {
-      consoleReader.setDefaultPrompt(
-          String.format(
-              "nom@%s%s%s > ", NON_ALERT_COLOR, Ascii.toLowerCase(environment.toString()), RESET));
-    }
+    prompt =
+        alert
+            ? String.format("nom@%s%s%s > ", ALERT_COLOR, environment, RESET)
+            : String.format(
+                "nom@%s%s%s > ", NON_ALERT_COLOR, Ascii.toLowerCase(environment.toString()), RESET);
   }
 
   public ShellCommand buildCompletions(JCommander jcommander) {
-    if (consoleReader != null) {
-      @SuppressWarnings("unchecked")
-      ImmutableList<Completor> completors = ImmutableList.copyOf(consoleReader.getCompletors());
-      completors.forEach(consoleReader::removeCompletor);
-      consoleReader.addCompletor(new JCommanderCompletor(jcommander));
-    }
+    ((LineReaderImpl) lineReader).setCompleter(new JCommanderCompleter(jcommander));
     return this;
   }
 
@@ -230,21 +216,28 @@ public class ShellCommand implements Command {
     setPrompt(RegistryToolEnvironment.get(), beExtraCareful);
     String line;
     DateTime lastTime = clock.nowUtc();
-    while ((line = getLine()) != null) {
+    while (true) {
+      try {
+        line = lineReader.readLine(prompt);
+      } catch (UserInterruptException | EndOfFileException e) {
+        break;
+      }
       // Make sure we're not idle for too long. Only relevant when we're "extra careful"
       if (!dontExitOnIdle
           && beExtraCareful
           && lastTime.plus(IDLE_THRESHOLD).isBefore(clock.nowUtc())) {
         throw new RuntimeException(
-            "Been idle for too long, while in 'extra careful' mode. "
-                + "The last command was saved in history. Please rerun the shell and try again.");
+            """
+                Been idle for too long, while in 'extra careful' mode.
+                The last command was saved in history. Please rerun the shell and try again.""");
       }
       lastTime = clock.nowUtc();
       String[] lineArgs = parseCommand(line);
       if (lineArgs.length == 0) {
         continue;
+      } else if (lineArgs.length == 1 && "exit".equals(lineArgs[0])) {
+        break;
       }
-
       try {
         runner.run(lineArgs);
       } catch (Exception e) {
@@ -257,14 +250,6 @@ public class ShellCommand implements Command {
     }
   }
 
-  private String getLine() {
-    try {
-      return lineReader.readLine();
-    } catch (IOException e) {
-      return null;
-    }
-  }
-
   @VisibleForTesting
   static String[] parseCommand(String line) {
     ImmutableList.Builder<String> resultBuilder = new ImmutableList.Builder<>();
@@ -288,7 +273,7 @@ public class ShellCommand implements Command {
     return resultBuilder.build().toArray(new String[0]);
   }
 
-  static class JCommanderCompletor implements Completor {
+  static class JCommanderCompleter implements Completer {
 
     private static final ParamDoc DEFAULT_PARAM_DOC =
         new ParamDoc("[No documentation available]", ImmutableList.of());
@@ -312,7 +297,7 @@ public class ShellCommand implements Command {
      */
     private final ImmutableTable<String, String, ParamDoc> commandFlagDocs;
 
-    private final FileNameCompletor filenameCompletor = new FileNameCompletor();
+    private final FileNameCompleter filenameCompleter = new FileNameCompleter();
 
     /**
      * Holds all the information about a parameter we need for completion.
@@ -351,9 +336,9 @@ public class ShellCommand implements Command {
      * Populates the completions and documentation based on the JCommander.
      *
      * <p>The input data is copied, so changing the jcommander after creation of the
-     * JCommanderCompletor doesn't change the completions.
+     * JCommanderCompleter doesn't change the completions.
      */
-    JCommanderCompletor(JCommander jcommander) {
+    JCommanderCompleter(JCommander jcommander) {
       ImmutableTable.Builder<String, String, ParamDoc> builder = new ImmutableTable.Builder<>();
 
       // Go over all the commands
@@ -384,53 +369,26 @@ public class ShellCommand implements Command {
     }
 
     @Override
-    @SuppressWarnings("unchecked")
-    public int complete(String buffer, int location, List completions) {
-      // We just defer to the other function because of the warnings (the use of a naked List by
-      // jline)
-      return completeInternal(buffer, location, completions);
-    }
-
-    /**
-     * Given a string, finds all the possible completions to the end of that string.
-     *
-     * @param buffer the command line.
-     * @param location the location in the command line we want to complete
-     * @param completions a list to fill with the completion results
-     * @return the number of characters back from the location that are part of the completions
-     */
-    int completeInternal(String buffer, int location, List<String> completions) {
-      String truncatedBuffer = buffer.substring(0, location);
-      String[] parsedBuffer = parseCommand(truncatedBuffer);
-      int argumentIndex = parsedBuffer.length - 1;
-
-      if (argumentIndex < 0 || !truncatedBuffer.endsWith(parsedBuffer[argumentIndex])) {
-        argumentIndex += 1;
-      }
+    public void complete(LineReader reader, ParsedLine line, List<Candidate> candidates) {
+      int argumentIndex = line.wordIndex();
       // The argument we want to complete (only partially written, might even be empty)
-      String partialArgument =
-          argumentIndex < parsedBuffer.length ? parsedBuffer[argumentIndex] : "";
-      int argumentStart = location - partialArgument.length();
+      String partialArgument = line.word();
       // The command name. Null if we're at the first argument
-      String command = argumentIndex == 0 ? null : parsedBuffer[0];
+      String command = argumentIndex == 0 ? null : line.words().getFirst();
       // The previous argument before it - used for context. Null if we're at the first argument
-      String previousArgument = argumentIndex <= 1 ? null : parsedBuffer[argumentIndex - 1];
+      String previousArgument = argumentIndex <= 1 ? null : line.words().get(argumentIndex - 1);
 
       // If it's obviously a file path (starts with something "file path like") - complete as a file
       if (partialArgument.startsWith("./")
           || partialArgument.startsWith("~/")
           || partialArgument.startsWith("/")) {
-        int offset =
-            filenameCompletor.complete(partialArgument, partialArgument.length(), completions);
-        if (offset >= 0) {
-          return argumentStart + offset;
-        }
-        return -1;
+        filenameCompleter.complete(reader, line, candidates);
       }
 
       // Complete based on flag data
-      completions.addAll(getCompletions(command, previousArgument, partialArgument));
-      return argumentStart;
+      getCompletions(command, previousArgument, partialArgument).stream()
+          .map(Candidate::new)
+          .forEach(candidates::add);
     }
 
     /**

core/src/test/java/google/registry/bsa/BsaValidateActionTest.java

@@ -337,6 +337,21 @@ public class BsaValidateActionTest {
         .containsExactly("Missing unblockable domain: reserved-missing-in-app.app is reserved.");
   }
 
+  @Test
+  void checkForMissingReservedUnblockables_unblockedReservedNotReported() {
+    persistResource(
+        createTld("app").asBuilder().setBsaEnrollStartTime(Optional.of(START_OF_TIME)).build());
+
+    createReservedList(
+        "rl",
+        Stream.of("reserved-only")
+            .collect(toImmutableMap(x -> x, x -> ReservationType.RESERVED_FOR_SPECIFIC_USE)));
+    addReservedListsToTld("app", ImmutableList.of("rl"));
+
+    ImmutableList<String> errors = action.checkForMissingReservedUnblockables(fakeClock.nowUtc());
+    assertThat(errors).isEmpty();
+  }
+
   @Test
   void checkForMissingRegisteredUnblockables_success() {
     persistResource(

core/src/test/java/google/registry/tools/ShellCommandTest.java

@@ -15,10 +15,9 @@
 package google.registry.tools;
 
 import static com.google.common.truth.Truth.assertThat;
-import static java.nio.charset.StandardCharsets.UTF_8;
+import static java.nio.charset.StandardCharsets.US_ASCII;
 import static org.junit.jupiter.api.Assertions.assertThrows;
 import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
 
 import com.beust.jcommander.JCommander;
 import com.beust.jcommander.MissingCommandException;
@@ -28,15 +27,20 @@ import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
 import google.registry.testing.FakeClock;
 import google.registry.testing.SystemPropertyExtension;
-import google.registry.tools.ShellCommand.JCommanderCompletor;
-import java.io.BufferedReader;
+import google.registry.tools.ShellCommand.JCommanderCompleter;
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
+import java.io.InputStream;
 import java.io.PrintStream;
-import java.util.ArrayDeque;
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.List;
+import org.jline.reader.Candidate;
+import org.jline.reader.LineReaderBuilder;
+import org.jline.reader.impl.DefaultParser;
+import org.jline.terminal.Terminal;
+import org.jline.terminal.impl.DumbTerminal;
 import org.joda.time.DateTime;
 import org.joda.time.Duration;
 import org.junit.jupiter.api.AfterEach;
@@ -52,6 +56,7 @@ class ShellCommandTest {
 
   CommandRunner cli = mock(CommandRunner.class);
   private final FakeClock clock = new FakeClock(DateTime.parse("2000-01-01TZ"));
+  private final DelayingByteArrayInputStream input = new DelayingByteArrayInputStream(clock);
 
   private PrintStream orgStdout;
   private PrintStream orgStderr;
@@ -61,6 +66,7 @@ class ShellCommandTest {
 
   @BeforeEach
   void beforeEach() {
+    RegistryToolEnvironment.UNITTEST.setup(systemPropertyExtension);
     orgStdout = System.out;
     orgStderr = System.err;
   }
@@ -82,27 +88,20 @@ class ShellCommandTest {
 
   private ShellCommand createShellCommand(
       CommandRunner commandRunner, Duration delay, String... commands) throws Exception {
-    ArrayDeque<String> queue = new ArrayDeque<>(ImmutableList.copyOf(commands));
-    BufferedReader bufferedReader = mock(BufferedReader.class);
-    when(bufferedReader.readLine())
-        .thenAnswer(
-            (x) -> {
-              clock.advanceBy(delay);
-              if (queue.isEmpty()) {
-                throw new IOException();
-              }
-              return queue.poll();
-            });
-    return new ShellCommand(bufferedReader, clock, commandRunner);
+    input.setInput(commands);
+    input.setDelay(delay);
+    Terminal terminal = new DumbTerminal(input, System.out);
+    return new ShellCommand(terminal, clock, commandRunner);
   }
 
   @Test
   void testCommandProcessing() throws Exception {
-    MockCli cli = new MockCli();
+    FakeCli cli = new FakeCli();
     ShellCommand shellCommand =
-        createShellCommand(cli, Duration.ZERO, "test1 foo bar", "test2 foo bar");
+        createShellCommand(cli, Duration.ZERO, "test1 foo bar", "test2 foo bar", "exit");
     shellCommand.run();
     assertThat(cli.calls)
+        // "exit" causes the shell to exit and does not call cli.run.
         .containsExactly(
             ImmutableList.of("test1", "foo", "bar"), ImmutableList.of("test2", "foo", "bar"))
         .inOrder();
@@ -111,7 +110,7 @@ class ShellCommandTest {
   @Test
   void testNoIdleWhenInAlpha() throws Exception {
     RegistryToolEnvironment.ALPHA.setup(systemPropertyExtension);
-    MockCli cli = new MockCli();
+    FakeCli cli = new FakeCli();
     ShellCommand shellCommand =
         createShellCommand(cli, Duration.standardDays(1), "test1 foo bar", "test2 foo bar");
     shellCommand.run();
@@ -120,7 +119,7 @@ class ShellCommandTest {
   @Test
   void testNoIdleWhenInSandbox() throws Exception {
     RegistryToolEnvironment.SANDBOX.setup(systemPropertyExtension);
-    MockCli cli = new MockCli();
+    FakeCli cli = new FakeCli();
     ShellCommand shellCommand =
         createShellCommand(cli, Duration.standardDays(1), "test1 foo bar", "test2 foo bar");
     shellCommand.run();
@@ -129,7 +128,7 @@ class ShellCommandTest {
   @Test
   void testIdleWhenOverHourInProduction() throws Exception {
     RegistryToolEnvironment.PRODUCTION.setup(systemPropertyExtension);
-    MockCli cli = new MockCli();
+    FakeCli cli = new FakeCli();
     ShellCommand shellCommand =
         createShellCommand(cli, Duration.standardMinutes(61), "test1 foo bar", "test2 foo bar");
     RuntimeException exception = assertThrows(RuntimeException.class, shellCommand::run);
@@ -139,7 +138,7 @@ class ShellCommandTest {
   @Test
   void testNoIdleWhenUnderHourInProduction() throws Exception {
     RegistryToolEnvironment.PRODUCTION.setup(systemPropertyExtension);
-    MockCli cli = new MockCli();
+    FakeCli cli = new FakeCli();
     ShellCommand shellCommand =
         createShellCommand(cli, Duration.standardMinutes(59), "test1 foo bar", "test2 foo bar");
     shellCommand.run();
@@ -149,7 +148,6 @@ class ShellCommandTest {
   void testMultipleCommandInvocations() throws Exception {
     RegistryCli cli =
         new RegistryCli("unittest", ImmutableMap.of("test_command", TestCommand.class));
-    RegistryToolEnvironment.UNITTEST.setup(systemPropertyExtension);
     cli.setEnvironment(RegistryToolEnvironment.UNITTEST);
     cli.run(new String[] {"test_command", "-x", "xval", "arg1", "arg2"});
     cli.run(new String[] {"test_command", "-x", "otherxval", "arg3"});
@@ -170,74 +168,72 @@ class ShellCommandTest {
     assertThrows(MissingCommandException.class, () -> cli.run(new String[] {"bad_command"}));
   }
 
-  private void performJCommanderCompletorTest(
-      String line, int expectedBackMotion, String... expectedCompletions) {
+  private void performJCommanderCompletorTest(String line, String... expectedCompletions) {
     JCommander jcommander = new JCommander();
+    List<Candidate> candidates = Arrays.stream(expectedCompletions).map(Candidate::new).toList();
     jcommander.setProgramName("test");
     jcommander.addCommand("help", new HelpCommand(jcommander));
     jcommander.addCommand("testCommand", new TestCommand());
     jcommander.addCommand("testAnotherCommand", new TestAnotherCommand());
-    List<String> completions = new ArrayList<>();
-    assertThat(
-            line.length()
-                - new JCommanderCompletor(jcommander)
-                    .completeInternal(line, line.length(), completions))
-        .isEqualTo(expectedBackMotion);
-    assertThat(completions).containsExactlyElementsIn(expectedCompletions);
+    List<Candidate> completions = new ArrayList<>();
+    new JCommanderCompleter(jcommander)
+        .complete(
+            LineReaderBuilder.builder().build(),
+            new DefaultParser().parse(line, line.length()),
+            completions);
+    assertThat(completions).containsExactlyElementsIn(candidates);
   }
 
   @Test
   void testCompletion_commands() {
-    performJCommanderCompletorTest("", 0, "testCommand ", "testAnotherCommand ", "help ");
-    performJCommanderCompletorTest("n", 1);
-    performJCommanderCompletorTest("test", 4, "testCommand ", "testAnotherCommand ");
-    performJCommanderCompletorTest(" test", 4, "testCommand ", "testAnotherCommand ");
-    performJCommanderCompletorTest("testC", 5, "testCommand ");
-    performJCommanderCompletorTest("testA", 5, "testAnotherCommand ");
+    performJCommanderCompletorTest("", "testCommand ", "testAnotherCommand ", "help ");
+    performJCommanderCompletorTest("n");
+    performJCommanderCompletorTest("test", "testCommand ", "testAnotherCommand ");
+    performJCommanderCompletorTest(" test", "testCommand ", "testAnotherCommand ");
+    performJCommanderCompletorTest("testC", "testCommand ");
+    performJCommanderCompletorTest("testA", "testAnotherCommand ");
   }
 
   @Test
   void testCompletion_help() {
-    performJCommanderCompletorTest("h", 1, "help ");
-    performJCommanderCompletorTest("help ", 0, "testCommand ", "testAnotherCommand ", "help ");
-    performJCommanderCompletorTest("help testC", 5, "testCommand ");
-    performJCommanderCompletorTest("help testCommand ", 0);
+    performJCommanderCompletorTest("h", "help ");
+    performJCommanderCompletorTest("help ", "testCommand ", "testAnotherCommand ", "help ");
+    performJCommanderCompletorTest("help testC", "testCommand ");
+    performJCommanderCompletorTest("help testCommand ");
   }
 
   @Test
   void testCompletion_documentation() {
     performJCommanderCompletorTest(
         "testCommand ",
-        0,
         "",
-        "Main parameter: normal argument\n  (java.util.List<java.lang.String>)");
-    performJCommanderCompletorTest("testAnotherCommand ", 0, "", "Main parameter: [None]");
+        "Main parameter: normal arguments\n  (java.util.List<java.lang.String>)");
+    performJCommanderCompletorTest("testAnotherCommand ", "", "Main parameter: [None]");
     performJCommanderCompletorTest(
-        "testCommand -x ", 0, "", "Flag documentation: test parameter\n  (java.lang.String)");
+        "testCommand -x ", "", "Flag documentation: test parameter\n  (java.lang.String)");
     performJCommanderCompletorTest(
-        "testAnotherCommand -x ", 0, "", "Flag documentation: [No documentation available]");
+        "testAnotherCommand -x ", "", "Flag documentation: [No documentation available]");
     performJCommanderCompletorTest(
         "testCommand x ",
-        0,
         "",
-        "Main parameter: normal argument\n  (java.util.List<java.lang.String>)");
-    performJCommanderCompletorTest("testAnotherCommand x ", 0, "", "Main parameter: [None]");
+        "Main parameter: normal arguments\n  (java.util.List<java.lang.String>)");
+    performJCommanderCompletorTest("testAnotherCommand x ", "", "Main parameter: [None]");
   }
 
   @Test
   void testCompletion_arguments() {
-    performJCommanderCompletorTest("testCommand -", 1, "-x ", "--xparam ", "--xorg ");
-    performJCommanderCompletorTest("testCommand --wrong", 7);
-    performJCommanderCompletorTest("testCommand noise  --", 2, "--xparam ", "--xorg ");
-    performJCommanderCompletorTest("testAnotherCommand --o", 3);
+    performJCommanderCompletorTest("testCommand -", "-x ", "--xparam ", "--xorg ");
+    performJCommanderCompletorTest("testCommand --wrong");
+    performJCommanderCompletorTest("testCommand noise  --", "--xparam ", "--xorg ");
+    performJCommanderCompletorTest("testAnotherCommand --o");
   }
 
   @Test
   void testCompletion_enum() {
-    performJCommanderCompletorTest("testCommand --xorg P", 1, "PRIVATE ", "PUBLIC ");
-    performJCommanderCompletorTest("testCommand --xorg PU", 2, "PUBLIC ");
+    performJCommanderCompletorTest("testCommand --xorg P", "PRIVATE ", "PUBLIC ");
+    performJCommanderCompletorTest("testCommand --xorg PU", "PUBLIC ");
     performJCommanderCompletorTest(
-        "testCommand --xorg ", 0, "", "Flag documentation: test organization\n  (PRIVATE, PUBLIC)");
+        "testCommand --xorg ", "", "Flag documentation: test organization\n  (PRIVATE, PUBLIC)");
   }
 
   @Test
@@ -248,7 +244,7 @@ class ShellCommandTest {
       out.println("first line");
       out.print("second line\ntrailing data");
     }
-    assertThat(backing.toString(UTF_8))
+    assertThat(backing.toString(US_ASCII))
         .isEqualTo("out: first line\nout: second line\nout: trailing data\n");
   }
 
@@ -256,27 +252,28 @@ class ShellCommandTest {
   void testEncapsulatedOutputStream_emptyStream() throws Exception {
     ByteArrayOutputStream backing = new ByteArrayOutputStream();
     new PrintStream(new ShellCommand.EncapsulatingOutputStream(backing, "out: ")).close();
-    assertThat(backing.toString(UTF_8)).isEqualTo("");
+    assertThat(backing.toString(US_ASCII)).isEqualTo("");
   }
 
   @Test
   void testEncapsulatedOutput_command() throws Exception {
-    RegistryToolEnvironment.ALPHA.setup(systemPropertyExtension);
     captureOutput();
     ShellCommand shellCommand =
-        new ShellCommand(
+        createShellCommand(
             args -> {
               System.out.println("first line");
               System.err.println("second line");
               System.out.print("fragmented ");
               System.err.println("surprise!");
               System.out.println("line");
-            });
+            },
+            Duration.ZERO,
+            "command1");
     shellCommand.encapsulateOutput = true;
 
     shellCommand.run();
-    assertThat(stderr.toString(UTF_8)).isEmpty();
-    assertThat(stdout.toString(UTF_8))
+    assertThat(stderr.toString(US_ASCII)).isEmpty();
+    assertThat(stdout.toString(US_ASCII))
         .isEqualTo(
             """
                 RUNNING "command1"
@@ -290,18 +287,19 @@ class ShellCommandTest {
 
   @Test
   void testEncapsulatedOutput_throws() throws Exception {
-    RegistryToolEnvironment.ALPHA.setup(systemPropertyExtension);
     captureOutput();
     ShellCommand shellCommand =
-        new ShellCommand(
+        createShellCommand(
             args -> {
               System.out.println("first line");
               throw new Exception("some error!");
-            });
+            },
+            Duration.ZERO,
+            "command1");
     shellCommand.encapsulateOutput = true;
     shellCommand.run();
-    assertThat(stderr.toString(UTF_8)).isEmpty();
-    assertThat(stdout.toString(UTF_8))
+    assertThat(stderr.toString(US_ASCII)).isEmpty();
+    assertThat(stdout.toString(US_ASCII))
         .isEqualTo(
             """
                 RUNNING "command1"
@@ -318,8 +316,8 @@ class ShellCommandTest {
             args -> System.out.println("first line"), Duration.ZERO, "", "do something");
     shellCommand.encapsulateOutput = true;
     shellCommand.run();
-    assertThat(stderr.toString(UTF_8)).isEmpty();
-    assertThat(stdout.toString(UTF_8))
+    assertThat(stderr.toString(US_ASCII)).isEmpty();
+    assertThat(stdout.toString(US_ASCII))
         .isEqualTo("RUNNING \"do\" \"something\"\nout: first line\nSUCCESS\n");
   }
 
@@ -329,10 +327,10 @@ class ShellCommandTest {
     stderr = new ByteArrayOutputStream();
     System.setOut(new PrintStream(stdout));
     System.setErr(new PrintStream(stderr));
-    System.setIn(new ByteArrayInputStream("command1\n".getBytes(UTF_8)));
+    System.setIn(new ByteArrayInputStream("command1\n".getBytes(US_ASCII)));
   }
 
-  static class MockCli implements CommandRunner {
+  static class FakeCli implements CommandRunner {
     public ArrayList<ImmutableList<String>> calls = new ArrayList<>();
 
     @Override
@@ -343,10 +341,12 @@ class ShellCommandTest {
 
   @Parameters(commandDescription = "Test command")
   static class TestCommand implements Command {
-    // List for recording command invocations by run().
-    //
-    // This has to be static because it gets populated by multiple TestCommand instances, which are
-    // created in RegistryCli by using reflection to call the constructor.
+    /**
+     * List for recording command invocations by {@link #run}.
+     *
+     * <p>This has to be static because it gets populated by multiple TestCommand instances, which
+     * are created in {@link RegistryCli} by using reflection to call the constructor.
+     */
     static final List<List<String>> commandInvocations = new ArrayList<>();
 
     @Parameter(
@@ -358,7 +358,8 @@ class ShellCommandTest {
         names = {"--xorg"},
         description = "test organization")
     OrgType orgType = OrgType.PRIVATE;
-    @Parameter(description = "normal argument")
+
+    @Parameter(description = "normal arguments")
     List<String> args;
 
     TestCommand() {}
@@ -384,4 +385,33 @@ class ShellCommandTest {
     @Override
     public void run() {}
   }
+
+  @SuppressWarnings("InputStreamSlowMultibyteRead")
+  private static class DelayingByteArrayInputStream extends InputStream {
+    private final FakeClock clock;
+    private ByteArrayInputStream stream;
+    private Duration delay;
+
+    DelayingByteArrayInputStream(FakeClock clock) {
+      this.clock = clock;
+    }
+
+    void setInput(String... commands) {
+      this.stream =
+          new ByteArrayInputStream((String.join("\n", commands) + "\n").getBytes(US_ASCII));
+    }
+
+    void setDelay(Duration delay) {
+      this.delay = delay;
+    }
+
+    @Override
+    public int read() throws IOException {
+      int nextByte = stream.read();
+      if (nextByte == '\n') {
+        clock.advanceBy(delay);
+      }
+      return nextByte;
+    }
+  }
 }

dependencies.gradle

@@ -45,8 +45,6 @@ ext {
       'com.google.apis:google-api-services-dns:v2beta1-rev99-1.25.0',
       // TODO: Migrate to v3
       'com.google.apis:google-api-services-drive:v2-rev393-1.25.0',
-      // TODO: Migrate to org.jline
-      'jline:jline:1.0',
 
       // TODO: Remove after the legacy console is deleted.
       'com.google.closure-stylesheets:closure-stylesheets:1.5.0',
@@ -220,6 +218,7 @@ ext {
       'org.hamcrest:hamcrest-library:[2.2,)',
       'org.hamcrest:hamcrest:[2.2,)',
       'org.jcommander:jcommander:[1.83,)',
+      'org.jline:jline:[3.0,)',
       'org.joda:joda-money:[1.0.1,)',
       'org.json:json:[20160810,)',
       'org.jsoup:jsoup:[1.13.1,)',

jetty/build.gradle

@@ -49,6 +49,15 @@ tasks.register('buildNomulusImage', Exec) {
     dependsOn(tasks.named('stage'))
 }
 
+tasks.register('tagNomulusImage', Exec) {
+    commandLine 'docker', 'tag', 'nomulus', "gcr.io/${rootProject.gcpProject}/nomulus"
+    dependsOn(tasks.named('buildNomulusImage'))
+}
+
+tasks.register('pushNomulusImage', Exec) {
+    commandLine 'docker', 'push', "gcr.io/${rootProject.gcpProject}/nomulus"
+}
+
 tasks.register('run', JavaExec) {
     // We do the check when the task actually runs, not when we define it.
     // This way if one doesn't set the value, one can still run other tasks.
@@ -66,4 +75,10 @@ tasks.register('run', JavaExec) {
     dependsOn(tasks.named('stage'))
 }
 
+tasks.register('deployNomulus', Exec) {
+    dependsOn(tasks.named('pushNomulusImage'), tasks.named(":proxy:pushProxyImage"))
+    configure verifyDeploymentConfig
+    commandLine './deploy-nomulus-for-env.sh', "${rootProject.environment}"
+}
+
 project.build.dependsOn(tasks.named('buildNomulusImage'))

jetty/deploy-nomulus-for-env.sh

@@ -0,0 +1,42 @@
+#!/bin/bash
+# Copyright 2024 The Nomulus Authors. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This script prepares the proxy k8s manifest, pushes it to the clusters, and
+# kills all running pods to force k8s to create new pods using the just-pushed
+# manifest.
+
+if [[ $# -ne 1 ]]; then
+  echo "Usage: $0 alpha|crash|qa"
+  exit 1
+fi
+
+environment=${1}
+project="domain-registry-"${environment}
+current_context=$(kubectl config current-context)
+while read line
+do
+  parts=(${line})
+  echo "Updating cluster ${parts[0]} in location ${parts[1]}..."
+  gcloud container clusters get-credentials "${parts[0]}" \
+    --project "${project}" --location "${parts[1]}"
+  sed s/GCP_PROJECT/${project}/g "./kubernetes/nomulus-deployment.yaml" | \
+  sed s/ENVIRONMENT/${environment}/g | \
+  kubectl apply -f -
+  kubectl apply -f "./kubernetes/nomulus-service.yaml"
+  #kubectl apply -f "./kubernetes/nomulus-gateway.yaml"
+  # Kills all running pods, new pods created will be pulling the new image.
+  kubectl delete pods --all
+done < <(gcloud container clusters list --project ${project} | grep nomulus)
+kubectl config use-context "$current_context"

jetty/gradle.lockfile

@@ -271,7 +271,6 @@ javax.persistence:javax.persistence-api:2.2=deploy_jar,runtimeClasspath,testRunt
 javax.servlet:servlet-api:2.5=deploy_jar,runtimeClasspath,testRuntimeClasspath
 javax.validation:validation-api:1.0.0.GA=deploy_jar,runtimeClasspath,testRuntimeClasspath
 javax.xml.bind:jaxb-api:2.3.1=deploy_jar,runtimeClasspath,testRuntimeClasspath
-jline:jline:1.0=deploy_jar,runtimeClasspath,testRuntimeClasspath
 joda-time:joda-time:2.10.14=deploy_jar,runtimeClasspath,testRuntimeClasspath
 junit:junit:4.13.2=testRuntimeClasspath
 net.bytebuddy:byte-buddy:1.12.18=deploy_jar,runtimeClasspath,testRuntimeClasspath
@@ -351,6 +350,7 @@ org.jetbrains.kotlinx:kotlinx-datetime:0.4.0=deploy_jar,runtimeClasspath,testRun
 org.jetbrains.kotlinx:kotlinx-serialization-core-jvm:1.0.1=deploy_jar,runtimeClasspath,testRuntimeClasspath
 org.jetbrains.kotlinx:kotlinx-serialization-core:1.0.1=deploy_jar,runtimeClasspath,testRuntimeClasspath
 org.jetbrains:annotations:17.0.0=deploy_jar,runtimeClasspath,testRuntimeClasspath
+org.jline:jline:3.25.1=deploy_jar,runtimeClasspath,testRuntimeClasspath
 org.joda:joda-money:1.0.4=deploy_jar,runtimeClasspath,testRuntimeClasspath
 org.json:json:20231013=deploy_jar,runtimeClasspath,testRuntimeClasspath
 org.jsoup:jsoup:1.17.2=deploy_jar,runtimeClasspath,testRuntimeClasspath

jetty/kubernetes/nomulus-deployment.yaml

@@ -0,0 +1,69 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nomulus
+  labels:
+    app: nomulus
+spec:
+  selector:
+    matchLabels:
+      app: nomulus
+  template:
+    metadata:
+      labels:
+        app: nomulus
+    spec:
+      containers:
+      - name: nomulus
+        image: gcr.io/GCP_PROJECT/nomulus
+        ports:
+        - containerPort: 8080
+          name: http
+        resources:
+          requests:
+            cpu: "500m"
+        args: [ENVIRONMENT]
+      - name: proxy
+        image: gcr.io/GCP_PROJECT/proxy
+        ports:
+        - containerPort: 30001
+          name: whois
+        - containerPort: 30002
+          name: epp
+        resources:
+          requests:
+            cpu: "500m"
+        args: [--env, ENVIRONMENT, --log, --local]
+        env:
+        - name: POD_ID
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.name
+        - name: NAMESPACE_ID
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        - name: CONTAINER_NAME
+          value: proxy
+---
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: nomulus
+  labels:
+    app: nomulus
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: nomulus
+  minReplicas: 1
+  maxReplicas: 20
+  metrics:
+    - type: Resource
+      resource:
+        name: cpu
+        target:
+          type: Utilization
+          averageUtilization: 100
+

jetty/kubernetes/nomulus-gateway.yaml

@@ -0,0 +1,31 @@
+kind: Gateway
+apiVersion: gateway.networking.k8s.io/v1beta1
+metadata:
+  name: nomulus
+spec:
+  gatewayClassName: gke-l7-global-external-managed-mc
+  listeners:
+  - name: http
+    protocol: HTTP
+    port: 80
+    allowedRoutes:
+      kinds:
+      - kind: HTTPRoute
+---
+kind: HTTPRoute
+apiVersion: gateway.networking.k8s.io/v1beta1
+metadata:
+  name: nomulus
+  labels:
+    app: nomulus
+spec:
+  parentRefs:
+  - kind: Gateway
+    name: nomulus
+  rules:
+  - backendRefs:
+    - group: net.gke.io
+      kind: ServiceImport
+      name: nomulus
+      port: 80
+

jetty/kubernetes/nomulus-service.yaml

@@ -0,0 +1,22 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: nomulus
+spec:
+  selector:
+    app: nomulus
+  ports:
+    - port: 80
+      targetPort: http
+      name: http
+    - port: 43
+      targetPort: whois
+      name: whois
+    - port: 700
+      targetPort: epp
+      name: epp
+#---
+#kind: ServiceExport
+#apiVersion: net.gke.io/v1
+#metadata:
+#  name: nomulus

proxy/build.gradle

@@ -18,19 +18,17 @@ task buildProxyImage(dependsOn: deployJar, type: Exec) {
   commandLine 'docker', 'build', '-t', 'proxy', '.'
 }
 
-task deployProxy(dependsOn: buildProxyImage) {
+task tagProxyImage(dependsOn: buildProxyImage, type: Exec) {
+  commandLine 'docker', 'tag', 'proxy', "gcr.io/${rootProject.gcpProject}/proxy"
+}
+
+task pushProxyImage(dependsOn: tagProxyImage, type: Exec) {
+  commandLine 'docker', 'push', "gcr.io/${rootProject.gcpProject}/proxy"
+}
+
+task deployProxy(dependsOn: pushProxyImage, type: Exec) {
   configure verifyDeploymentConfig
-  doLast {
-    exec {
-      commandLine 'docker', 'tag', 'proxy', "gcr.io/${rootProject.gcpProject}/proxy"
-    }
-    exec {
-      commandLine 'docker', 'push', "gcr.io/${rootProject.gcpProject}/proxy"
-    }
-    exec {
-      commandLine './deploy-proxy-for-env.sh', "${rootProject.environment}"
-    }
-  }
+  commandLine './deploy-proxy-for-env.sh', "${rootProject.environment}"
 }
 
 project.build.dependsOn buildProxyImage

proxy/deploy-proxy-for-env.sh

@@ -18,8 +18,8 @@
 # manifest.
 
 if [[ $# -ne 1 ]]; then
- echo "Usage: $0 alpha|crash"
- exit 1
+  echo "Usage: $0 alpha|crash|qa"
+  exit 1
 fi
 
 environment=${1}

proxy/src/main/java/google/registry/proxy/EppProtocolModule.java

@@ -70,12 +70,14 @@ public final class EppProtocolModule {
       ProxyConfig config,
       @EppProtocol int eppPort,
       @EppProtocol ImmutableList<Provider<? extends ChannelHandler>> handlerProviders,
-      @HttpsRelayProtocol BackendProtocol.Builder backendProtocolBuilder) {
+      @HttpsRelayProtocol BackendProtocol.Builder backendProtocolBuilder,
+      @HttpsRelayProtocol boolean localRelay) {
     return Protocol.frontendBuilder()
         .name(PROTOCOL_NAME)
         .port(eppPort)
         .handlerProviders(handlerProviders)
-        .relayProtocol(backendProtocolBuilder.host(config.epp.relayHost).build())
+        .relayProtocol(
+            backendProtocolBuilder.host(localRelay ? "localhost" : config.epp.relayHost).build())
         .build();
   }
 
@@ -114,7 +116,7 @@ public final class EppProtocolModule {
         config.epp.headerLengthBytes,
         // Adjustment applied to the header field value in order to obtain message length.
         -config.epp.headerLengthBytes,
-        // Initial bytes to strip (i.e. strip the length header).
+        // Initial bytes to strip (i.e., strip the length header).
         config.epp.headerLengthBytes);
   }
 
@@ -150,9 +152,14 @@ public final class EppProtocolModule {
       @Named("idToken") Supplier<String> idTokenSupplier,
       @Named("hello") byte[] helloBytes,
       FrontendMetrics metrics,
-      ProxyConfig config) {
+      ProxyConfig config,
+      @HttpsRelayProtocol boolean localRelay) {
     return new EppServiceHandler(
-        config.epp.relayHost, config.epp.relayPath, idTokenSupplier, helloBytes, metrics);
+        localRelay ? "localhost" : config.epp.relayHost,
+        config.epp.relayPath,
+        idTokenSupplier,
+        helloBytes,
+        metrics);
   }
 
   @Singleton

proxy/src/main/java/google/registry/proxy/HttpsRelayProtocolModule.java

@@ -35,11 +35,19 @@ import javax.inject.Provider;
 import javax.inject.Qualifier;
 
 /**
- * Module that provides a {@link BackendProtocol.Builder} for HTTPS protocol.
+ * Module that provides a {@link BackendProtocol.Builder} for HTTP(S) protocol.
  *
  * <p>Only a builder is provided because the client protocol itself depends on the remote host
  * address, which is provided in the server protocol module that relays to this client protocol
- * module, e. g. {@link WhoisProtocolModule}.
+ * module, e.g., {@link WhoisProtocolModule}.
+ *
+ * <p>The protocol can be configured without TLS. In this case, the remote host has to be
+ * "localhost". Plan HTTP is only expected to be used when communication with Nomulus is via local
+ * loopback (for security reasons), as is the case when both the proxy and Nomulus container live in
+ * the same Kubernetes pod.
+ *
+ * @see <a href=https://kubernetes.io/docs/concepts/services-networking/>The Kubernetes network
+ *     model</a>
  */
 @Module
 public class HttpsRelayProtocolModule {
@@ -54,10 +62,12 @@ public class HttpsRelayProtocolModule {
   @HttpsRelayProtocol
   static BackendProtocol.Builder provideProtocolBuilder(
       ProxyConfig config,
+      @HttpsRelayProtocol boolean localRelay,
       @HttpsRelayProtocol ImmutableList<Provider<? extends ChannelHandler>> handlerProviders) {
     return Protocol.backendBuilder()
         .name(PROTOCOL_NAME)
-        .port(config.httpsRelay.port)
+        .isLocal(localRelay)
+        .port(localRelay ? config.httpsRelay.localPort : config.httpsRelay.port)
         .handlerProviders(handlerProviders);
   }
 
@@ -74,6 +84,7 @@ public class HttpsRelayProtocolModule {
   @Provides
   @HttpsRelayProtocol
   static ImmutableList<Provider<? extends ChannelHandler>> provideHandlerProviders(
+      @HttpsRelayProtocol boolean localRelay,
       @HttpsRelayProtocol
           Provider<SslClientInitializer<NioSocketChannel>> sslClientInitializerProvider,
       Provider<HttpClientCodec> httpClientCodecProvider,
@@ -81,13 +92,17 @@ public class HttpsRelayProtocolModule {
       Provider<BackendMetricsHandler> backendMetricsHandlerProvider,
       Provider<LoggingHandler> loggingHandlerProvider,
       Provider<FullHttpResponseRelayHandler> relayHandlerProvider) {
-    return ImmutableList.of(
-        sslClientInitializerProvider,
-        httpClientCodecProvider,
-        httpObjectAggregatorProvider,
-        backendMetricsHandlerProvider,
-        loggingHandlerProvider,
-        relayHandlerProvider);
+    ImmutableList.Builder<Provider<? extends ChannelHandler>> builder =
+        new ImmutableList.Builder<>();
+    if (!localRelay) {
+      builder.add(sslClientInitializerProvider);
+    }
+    builder.add(httpClientCodecProvider);
+    builder.add(httpObjectAggregatorProvider);
+    builder.add(backendMetricsHandlerProvider);
+    builder.add(loggingHandlerProvider);
+    builder.add(relayHandlerProvider);
+    return builder.build();
   }
 
   @Provides

proxy/src/main/java/google/registry/proxy/Protocol.java

@@ -47,8 +47,9 @@ public interface Protocol {
     return new AutoValue_Protocol_FrontendProtocol.Builder().hasBackend(true);
   }
 
+  /** A builder for {@link FrontendProtocol}, by default it connects to a remote host. */
   static BackendProtocol.Builder backendBuilder() {
-    return new AutoValue_Protocol_BackendProtocol.Builder();
+    return new AutoValue_Protocol_BackendProtocol.Builder().isLocal(false);
   }
 
   /**
@@ -121,10 +122,26 @@ public interface Protocol {
     /** The hostname that the proxy connects to. */
     public abstract String host();
 
+    /** Whether the protocol is expected to connect to localhost. */
+    public abstract boolean isLocal();
+
     /** Builder of {@link BackendProtocol}. */
     @AutoValue.Builder
     public abstract static class Builder extends Protocol.Builder<Builder, BackendProtocol> {
       public abstract Builder host(String value);
+
+      public abstract Builder isLocal(boolean value);
+
+      abstract BackendProtocol autoBuild();
+
+      @Override
+      public BackendProtocol build() {
+        BackendProtocol protocol = autoBuild();
+        Preconditions.checkState(
+            !protocol.isLocal() || protocol.host().equals("localhost"),
+            "Local backend protocol must connect to localhost");
+        return autoBuild();
+      }
     }
   }
 }

proxy/src/main/java/google/registry/proxy/ProxyConfig.java

@@ -103,6 +103,7 @@ public class ProxyConfig {
   /** Configuration options that apply to HTTPS relay protocol. */
   public static class HttpsRelay {
     public int port;
+    public int localPort;
     public int maxMessageLengthBytes;
   }
 

proxy/src/main/java/google/registry/proxy/ProxyModule.java

@@ -37,6 +37,7 @@ import google.registry.networking.module.CertificateSupplierModule;
 import google.registry.networking.module.CertificateSupplierModule.Mode;
 import google.registry.proxy.EppProtocolModule.EppProtocol;
 import google.registry.proxy.HealthCheckProtocolModule.HealthCheckProtocol;
+import google.registry.proxy.HttpsRelayProtocolModule.HttpsRelayProtocol;
 import google.registry.proxy.Protocol.FrontendProtocol;
 import google.registry.proxy.ProxyConfig.Environment;
 import google.registry.proxy.WebWhoisProtocolsModule.HttpWhoisProtocol;
@@ -91,6 +92,13 @@ public class ProxyModule {
   @Parameter(names = "--https_whois", description = "Port for HTTPS WHOIS")
   private Integer httpsWhoisPort;
 
+  @Parameter(
+      names = "--local",
+      description =
+          "Whether EPP/WHOIS traffic should be forwarded to localhost using HTTP on port defined in"
+              + " httpsRelay.localPort")
+  private boolean local = false;
+
   @Parameter(names = "--env", description = "Environment to run the proxy in")
   private Environment env = Environment.LOCAL;
 
@@ -168,6 +176,13 @@ public class ProxyModule {
     return config.oauthClientId;
   }
 
+  @Provides
+  @HttpsRelayProtocol
+  @Singleton
+  boolean provideIsLocal() {
+    return local;
+  }
+
   @Provides
   @WhoisProtocol
   int provideWhoisPort(ProxyConfig config) {
@@ -204,7 +219,7 @@ public class ProxyModule {
   }
 
   /**
-   * Provides shared logging handler.
+   * Provides a shared logging handler.
    *
    * <p>Note that this handler always records logs at {@code LogLevel.DEBUG}, it is up to the JUL
    * logger that it contains to decide if logs at this level should actually be captured. The log

proxy/src/main/java/google/registry/proxy/WhoisProtocolModule.java

@@ -61,12 +61,14 @@ public final class WhoisProtocolModule {
       ProxyConfig config,
       @WhoisProtocol int whoisPort,
       @WhoisProtocol ImmutableList<Provider<? extends ChannelHandler>> handlerProviders,
-      @HttpsRelayProtocol BackendProtocol.Builder backendProtocolBuilder) {
+      @HttpsRelayProtocol BackendProtocol.Builder backendProtocolBuilder,
+      @HttpsRelayProtocol boolean localRelay) {
     return Protocol.frontendBuilder()
         .name(PROTOCOL_NAME)
         .port(whoisPort)
         .handlerProviders(handlerProviders)
-        .relayProtocol(backendProtocolBuilder.host(config.whois.relayHost).build())
+        .relayProtocol(
+            backendProtocolBuilder.host(localRelay ? "localhost" : config.whois.relayHost).build())
         .build();
   }
 
@@ -94,9 +96,13 @@ public final class WhoisProtocolModule {
   static WhoisServiceHandler provideWhoisServiceHandler(
       ProxyConfig config,
       @Named("idToken") Supplier<String> idTokenSupplier,
-      FrontendMetrics metrics) {
+      FrontendMetrics metrics,
+      @HttpsRelayProtocol boolean localRelay) {
     return new WhoisServiceHandler(
-        config.whois.relayHost, config.whois.relayPath, idTokenSupplier, metrics);
+        localRelay ? "localhost" : config.whois.relayHost,
+        config.whois.relayPath,
+        idTokenSupplier,
+        metrics);
   }
 
   @Provides

proxy/src/main/java/google/registry/proxy/config/default-config.yaml

@@ -177,7 +177,7 @@ healthCheck:
 
 httpsRelay:
   port: 443
-
+  localPort: 8080
   # Maximum size of an HTTP message in bytes.
   maxMessageLengthBytes: 524288
 

proxy/src/test/java/google/registry/proxy/ProtocolModuleTest.java

@@ -67,7 +67,7 @@ import org.junit.jupiter.api.BeforeEach;
 /**
  * Base class for end-to-end tests of a {@link Protocol}.
  *
- * <p>The end-to-end tests ensures that the business logic that a {@link Protocol} defines are
+ * <p>The end-to-end tests ensure that the business logic that a {@link Protocol} defines are
  * correctly performed by various handlers attached to its pipeline. Non-business essential handlers
  * should be excluded.
  *
@@ -91,7 +91,7 @@ public abstract class ProtocolModuleTest {
           // The PROXY protocol is only used when the proxy is behind the GCP load balancer. It is
           // not part of any business logic.
           ProxyProtocolHandler.class,
-          // SSL is part of the business logic for some protocol (EPP for example), but its
+          // SSL is part of the business logic for some protocol (EPP, for example), but its
           // impact is isolated. Including it makes tests much more complicated. It should be tested
           // separately in its own unit tests.
           SslClientInitializer.class,
@@ -152,7 +152,7 @@ public abstract class ProtocolModuleTest {
   void initializeChannel(Consumer<Channel> initializer) {
     channel =
         new EmbeddedChannel(
-            new ChannelInitializer<Channel>() {
+            new ChannelInitializer<>() {
               @Override
               protected void initChannel(Channel ch) {
                 initializer.accept(ch);
@@ -218,8 +218,8 @@ public abstract class ProtocolModuleTest {
    *
    * <p>Most of the binding provided in this module should be either a fake, or a {@link
    * ChannelHandler} that is excluded, and annotated with {@code @Singleton}. This module acts as a
-   * replacement for {@link ProxyModule} used in production component. Providing a handler that is
-   * part of the business logic of a {@link Protocol} from this module is a sign that the binding
+   * replacement for {@link ProxyModule} used in the production component. Providing a handler that
+   * is part of the business logic of a {@link Protocol} from this module is a sign that the binding
    * should be provided in the respective {@code ProtocolModule} instead.
    */
   @Module
@@ -306,12 +306,19 @@ public abstract class ProtocolModuleTest {
     }
 
     // This method is only here to satisfy Dagger binding, but is never used. In test environment,
-    // it is the self-signed certificate and its key that end up being used.
+    // it is the self-signed certificate and its key that ends up being used.
     @Singleton
     @Provides
     @Named("pemBytes")
     static byte[] providePemBytes() {
       return new byte[0];
     }
+
+    @Singleton
+    @Provides
+    @HttpsRelayProtocol
+    static boolean provideLocalRelay() {
+      return false;
+    }
   }
 }

services/backend/gradle.lockfile

@@ -253,7 +253,6 @@ javax.persistence:javax.persistence-api:2.2=compileClasspath,runtimeClasspath,te
 javax.servlet:servlet-api:2.5=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
 javax.validation:validation-api:1.0.0.GA=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
 javax.xml.bind:jaxb-api:2.3.1=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
-jline:jline:1.0=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
 joda-time:joda-time:2.10.14=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
 net.bytebuddy:byte-buddy:1.12.18=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
 net.java.dev.jna:jna:5.13.0=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
@@ -323,6 +322,7 @@ org.jetbrains.kotlinx:kotlinx-datetime:0.4.0=compileClasspath,runtimeClasspath,t
 org.jetbrains.kotlinx:kotlinx-serialization-core-jvm:1.0.1=runtimeClasspath,testRuntimeClasspath
 org.jetbrains.kotlinx:kotlinx-serialization-core:1.0.1=runtimeClasspath,testRuntimeClasspath
 org.jetbrains:annotations:17.0.0=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
+org.jline:jline:3.25.1=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
 org.joda:joda-money:1.0.4=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
 org.json:json:20231013=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
 org.jsoup:jsoup:1.17.2=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath

services/bsa/gradle.lockfile

@@ -253,7 +253,6 @@ javax.persistence:javax.persistence-api:2.2=compileClasspath,runtimeClasspath,te
 javax.servlet:servlet-api:2.5=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
 javax.validation:validation-api:1.0.0.GA=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
 javax.xml.bind:jaxb-api:2.3.1=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
-jline:jline:1.0=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
 joda-time:joda-time:2.10.14=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
 net.bytebuddy:byte-buddy:1.12.18=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
 net.java.dev.jna:jna:5.13.0=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
@@ -323,6 +322,7 @@ org.jetbrains.kotlinx:kotlinx-datetime:0.4.0=compileClasspath,runtimeClasspath,t
 org.jetbrains.kotlinx:kotlinx-serialization-core-jvm:1.0.1=runtimeClasspath,testRuntimeClasspath
 org.jetbrains.kotlinx:kotlinx-serialization-core:1.0.1=runtimeClasspath,testRuntimeClasspath
 org.jetbrains:annotations:17.0.0=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
+org.jline:jline:3.25.1=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
 org.joda:joda-money:1.0.4=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
 org.json:json:20231013=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
 org.jsoup:jsoup:1.17.2=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath

services/default/gradle.lockfile

@@ -253,7 +253,6 @@ javax.persistence:javax.persistence-api:2.2=compileClasspath,runtimeClasspath,te
 javax.servlet:servlet-api:2.5=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
 javax.validation:validation-api:1.0.0.GA=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
 javax.xml.bind:jaxb-api:2.3.1=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
-jline:jline:1.0=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
 joda-time:joda-time:2.10.14=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
 net.bytebuddy:byte-buddy:1.12.18=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
 net.java.dev.jna:jna:5.13.0=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
@@ -323,6 +322,7 @@ org.jetbrains.kotlinx:kotlinx-datetime:0.4.0=compileClasspath,runtimeClasspath,t
 org.jetbrains.kotlinx:kotlinx-serialization-core-jvm:1.0.1=runtimeClasspath,testRuntimeClasspath
 org.jetbrains.kotlinx:kotlinx-serialization-core:1.0.1=runtimeClasspath,testRuntimeClasspath
 org.jetbrains:annotations:17.0.0=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
+org.jline:jline:3.25.1=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
 org.joda:joda-money:1.0.4=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
 org.json:json:20231013=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
 org.jsoup:jsoup:1.17.2=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath

services/pubapi/gradle.lockfile

@@ -253,7 +253,6 @@ javax.persistence:javax.persistence-api:2.2=compileClasspath,runtimeClasspath,te
 javax.servlet:servlet-api:2.5=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
 javax.validation:validation-api:1.0.0.GA=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
 javax.xml.bind:jaxb-api:2.3.1=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
-jline:jline:1.0=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
 joda-time:joda-time:2.10.14=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
 net.bytebuddy:byte-buddy:1.12.18=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
 net.java.dev.jna:jna:5.13.0=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
@@ -323,6 +322,7 @@ org.jetbrains.kotlinx:kotlinx-datetime:0.4.0=compileClasspath,runtimeClasspath,t
 org.jetbrains.kotlinx:kotlinx-serialization-core-jvm:1.0.1=runtimeClasspath,testRuntimeClasspath
 org.jetbrains.kotlinx:kotlinx-serialization-core:1.0.1=runtimeClasspath,testRuntimeClasspath
 org.jetbrains:annotations:17.0.0=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
+org.jline:jline:3.25.1=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
 org.joda:joda-money:1.0.4=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
 org.json:json:20231013=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
 org.jsoup:jsoup:1.17.2=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath

services/tools/gradle.lockfile

@@ -253,7 +253,6 @@ javax.persistence:javax.persistence-api:2.2=compileClasspath,runtimeClasspath,te
 javax.servlet:servlet-api:2.5=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
 javax.validation:validation-api:1.0.0.GA=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
 javax.xml.bind:jaxb-api:2.3.1=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
-jline:jline:1.0=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
 joda-time:joda-time:2.10.14=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
 net.bytebuddy:byte-buddy:1.12.18=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
 net.java.dev.jna:jna:5.13.0=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
@@ -323,6 +322,7 @@ org.jetbrains.kotlinx:kotlinx-datetime:0.4.0=compileClasspath,runtimeClasspath,t
 org.jetbrains.kotlinx:kotlinx-serialization-core-jvm:1.0.1=runtimeClasspath,testRuntimeClasspath
 org.jetbrains.kotlinx:kotlinx-serialization-core:1.0.1=runtimeClasspath,testRuntimeClasspath
 org.jetbrains:annotations:17.0.0=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
+org.jline:jline:3.25.1=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
 org.joda:joda-money:1.0.4=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
 org.json:json:20231013=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
 org.jsoup:jsoup:1.17.2=compileClasspath,runtimeClasspath,testCompileClasspath,testRuntimeClasspath