Change regex format in release cb file (#2854)

* Change release cb file

* Add brackets around tag variable

* Redo tag matching

* Have tag matcher like the one in cb dev

.gitignore

@@ -18,6 +18,13 @@ gjf.out
 # virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml
 hs_err_pid*
 
+# Environment-specific configuration files
+core/src/main/java/google/registry/config/files/nomulus-config-alpha.yaml
+core/src/main/java/google/registry/config/files/nomulus-config-crash.yaml
+core/src/main/java/google/registry/config/files/nomulus-config-production.yaml
+core/src/main/java/google/registry/config/files/nomulus-config-qa.yaml
+core/src/main/java/google/registry/config/files/nomulus-config-sandbox.yaml
+
 ######################################################################
 # Eclipse Ignores
 

config/nom_build.py

@@ -56,7 +56,7 @@ PROPERTIES_HEADER = """\
 # nom_build), run ./nom_build --help.
 #
 # DO NOT EDIT THIS FILE BY HAND
-org.gradle.jvmargs=-Xmx1024m
+org.gradle.jvmargs=-Xmx2048m
 org.gradle.caching=true
 org.gradle.parallel=true
 """

console-webapp/src/app/history/historyList.component.ts

@@ -56,7 +56,7 @@ export class HistoryListComponent {
       return { main: 'N/A', detail: null };
     }
     const parts = description.split('|');
-    const detail = parts.length > 1 ? parts[1].replace(/_/g, ' ') : null;
+    const detail = parts.length > 1 ? parts[1].replace(/_/g, ' ') : parts[0];
 
     return {
       main: parts[0],

console-webapp/src/app/settings/contact/contactDetails.component.html

@@ -57,6 +57,11 @@
           [(ngModel)]="contactService.contactInEdit.emailAddress"
           [ngModelOptions]="{ standalone: true }"
           [disabled]="emailAddressIsDisabled()"
+          [matTooltip]="
+            emailAddressIsDisabled()
+              ? 'Reach out to registry customer support to update email address'
+              : ''
+          "
         />
       </mat-form-field>
 
@@ -84,6 +89,7 @@
       <h1>Contact Type</h1>
       <p class="console-app__contact-required">
         <mat-icon color="accent">error</mat-icon>Required to select at least one
+        (primary contact can't be updated)
       </p>
       <div class="">
         <ng-container

core/src/main/java/google/registry/batch/BatchModule.java

@@ -29,9 +29,11 @@ import static google.registry.request.RequestParameters.extractRequiredParameter
 import static google.registry.request.RequestParameters.extractSetOfDatetimeParameters;
 
 import com.google.common.collect.ImmutableSet;
+import com.google.common.util.concurrent.RateLimiter;
 import dagger.Module;
 import dagger.Provides;
 import google.registry.request.Parameter;
+import jakarta.inject.Named;
 import jakarta.servlet.http.HttpServletRequest;
 import java.util.Optional;
 import org.joda.time.DateTime;
@@ -137,4 +139,18 @@ public class BatchModule {
   static boolean provideIsFast(HttpServletRequest req) {
     return extractBooleanParameter(req, PARAM_FAST);
   }
+
+  private static final int DEFAULT_MAX_QPS = 10;
+
+  @Provides
+  @Parameter("maxQps")
+  static int provideMaxQps(HttpServletRequest req) {
+    return extractOptionalIntParameter(req, "maxQps").orElse(DEFAULT_MAX_QPS);
+  }
+
+  @Provides
+  @Named("removeAllDomainContacts")
+  static RateLimiter provideRemoveAllDomainContactsRateLimiter(@Parameter("maxQps") int maxQps) {
+    return RateLimiter.create(maxQps);
+  }
 }

core/src/main/java/google/registry/batch/RemoveAllDomainContactsAction.java

@@ -30,6 +30,7 @@ import com.google.common.base.Ascii;
 import com.google.common.collect.ImmutableMap;
 import com.google.common.collect.ImmutableSet;
 import com.google.common.flogger.FluentLogger;
+import com.google.common.util.concurrent.RateLimiter;
 import google.registry.config.RegistryConfig.Config;
 import google.registry.flows.EppController;
 import google.registry.flows.EppRequestSource;
@@ -48,6 +49,7 @@ import google.registry.request.Response;
 import google.registry.request.auth.Auth;
 import google.registry.request.lock.LockHandler;
 import jakarta.inject.Inject;
+import jakarta.inject.Named;
 import java.util.List;
 import java.util.concurrent.Callable;
 import java.util.logging.Level;
@@ -79,6 +81,7 @@ public class RemoveAllDomainContactsAction implements Runnable {
   private final EppController eppController;
   private final String registryAdminClientId;
   private final LockHandler lockHandler;
+  private final RateLimiter rateLimiter;
   private final Response response;
   private final String updateDomainXml;
   private int successes = 0;
@@ -91,10 +94,12 @@ public class RemoveAllDomainContactsAction implements Runnable {
       EppController eppController,
       @Config("registryAdminClientId") String registryAdminClientId,
       LockHandler lockHandler,
+      @Named("removeAllDomainContacts") RateLimiter rateLimiter,
       Response response) {
     this.eppController = eppController;
     this.registryAdminClientId = registryAdminClientId;
     this.lockHandler = lockHandler;
+    this.rateLimiter = rateLimiter;
     this.response = response;
     this.updateDomainXml =
         readResourceUtf8(RemoveAllDomainContactsAction.class, "domain_remove_contacts.xml");
@@ -146,7 +151,10 @@ public class RemoveAllDomainContactsAction implements Runnable {
                           .setMaxResults(BATCH_SIZE)
                           .getResultList());
 
-      domainRepoIdsBatch.forEach(this::runDomainUpdateFlow);
+      for (String domainRepoId : domainRepoIdsBatch) {
+        rateLimiter.acquire();
+        runDomainUpdateFlow(domainRepoId);
+      }
     } while (!domainRepoIdsBatch.isEmpty());
     String msg =
         String.format(
@@ -159,12 +167,18 @@ public class RemoveAllDomainContactsAction implements Runnable {
   private void runDomainUpdateFlow(String repoId) {
     // Create a new transaction that the flow's execution will be enlisted in that loads the domain
     // transactionally. This way we can ensure that nothing else has modified the domain in question
-    // in the intervening period since the query above found it.
-    boolean success = tm().transact(() -> runDomainUpdateFlowInner(repoId));
-    if (success) {
-      successes++;
-    } else {
-      failures++;
+    // in the intervening period since the query above found it. If a single domain update fails
+    // permanently, log it and move on to not block processing all the other domains.
+    try {
+      boolean success = tm().transact(() -> runDomainUpdateFlowInner(repoId));
+      if (success) {
+        successes++;
+      } else {
+        failures++;
+      }
+    } catch (Throwable t) {
+      logger.atWarning().withCause(t).log(
+          "Failed updating domain with repoId %s; skipping.", repoId);
     }
   }
 

core/src/main/java/google/registry/config/files/README.md

@@ -0,0 +1,13 @@
+# Nomulus Environment Configuration
+
+The configuration files for the different Nomulus environments are not included in this repository. To configure and run a specific environment, you will need to create the corresponding YAML configuration file in this directory.
+
+The following is a list of the environment configuration files that you may need to create:
+
+*   `nomulus-config-alpha.yaml`
+*   `nomulus-config-crash.yaml`
+*   `nomulus-config-qa.yaml`
+*   `nomulus-config-sandbox.yaml`
+*   `nomulus-config-production.yaml`
+
+Please create the relevant file for the environment you intend to use and populate it with the necessary configuration details.

core/src/main/java/google/registry/config/files/nomulus-config-alpha.yaml

@@ -1 +0,0 @@
-# Add environment-specific configuration here.

core/src/main/java/google/registry/config/files/nomulus-config-crash.yaml

@@ -1 +0,0 @@
-# Add environment-specific configuration here.

core/src/main/java/google/registry/config/files/nomulus-config-production.yaml

@@ -1 +0,0 @@
-# Add environment-specific configuration here.

core/src/main/java/google/registry/config/files/nomulus-config-qa.yaml

@@ -1 +0,0 @@
-# Add environment-specific configuration here.

core/src/main/java/google/registry/config/files/nomulus-config-sandbox.yaml

@@ -1 +0,0 @@
-# Add environment-specific configuration here.

core/src/main/java/google/registry/flows/FlowUtils.java

@@ -56,9 +56,10 @@ public final class FlowUtils {
     }
   }
 
-  /** Persists the saves and deletes in an {@link EntityChanges} to the DB. */
+  /** Persists the inserts, updates, and deletes in an {@link EntityChanges} to the DB. */
   public static void persistEntityChanges(EntityChanges entityChanges) {
-    tm().putAll(entityChanges.getSaves());
+    tm().insertAll(entityChanges.getInserts());
+    tm().updateAll(entityChanges.getUpdates());
     tm().delete(entityChanges.getDeletes());
   }
 

core/src/main/java/google/registry/flows/custom/EntityChanges.java

@@ -19,25 +19,30 @@ import com.google.common.collect.ImmutableSet;
 import google.registry.model.ImmutableObject;
 import google.registry.persistence.VKey;
 
-/** A record that encapsulates database entities to both save and delete. */
+/** A record that encapsulates database entities to insert, update, and delete. */
 public record EntityChanges(
-    ImmutableSet<ImmutableObject> saves, ImmutableSet<VKey<ImmutableObject>> deletes) {
+    ImmutableSet<ImmutableObject> inserts,
+    ImmutableSet<ImmutableObject> updates,
+    ImmutableSet<VKey<ImmutableObject>> deletes) {
 
-  public ImmutableSet<ImmutableObject> getSaves() {
-    return saves;
+  public ImmutableSet<ImmutableObject> getInserts() {
+    return inserts;
+  }
+
+  public ImmutableSet<ImmutableObject> getUpdates() {
+    return updates;
   }
-  ;
 
   public ImmutableSet<VKey<ImmutableObject>> getDeletes() {
     return deletes;
   }
-  ;
 
   public static Builder newBuilder() {
-    // Default both entities to save and entities to delete to empty sets, so that the build()
-    // method won't subsequently throw an exception if one doesn't end up being applicable.
+    // Default inserts, updates, and deletes to empty sets, so that the build() method won't
+    // subsequently throw an exception if one doesn't end up being applicable.
     return new AutoBuilder_EntityChanges_Builder()
-        .setSaves(ImmutableSet.of())
+        .setInserts(ImmutableSet.of())
+        .setUpdates(ImmutableSet.of())
         .setDeletes(ImmutableSet.of());
   }
 
@@ -45,12 +50,21 @@ public record EntityChanges(
   @AutoBuilder
   public interface Builder {
 
-    Builder setSaves(ImmutableSet<ImmutableObject> entitiesToSave);
+    Builder setInserts(ImmutableSet<ImmutableObject> entitiesToInsert);
 
-    ImmutableSet.Builder<ImmutableObject> savesBuilder();
+    ImmutableSet.Builder<ImmutableObject> insertsBuilder();
 
-    default Builder addSave(ImmutableObject entityToSave) {
-      savesBuilder().add(entityToSave);
+    default Builder addInsert(ImmutableObject entityToInsert) {
+      insertsBuilder().add(entityToInsert);
+      return this;
+    }
+
+    Builder setUpdates(ImmutableSet<ImmutableObject> entitiesToUpdate);
+
+    ImmutableSet.Builder<ImmutableObject> updatesBuilder();
+
+    default Builder addUpdate(ImmutableObject entityToUpdate) {
+      updatesBuilder().add(entityToUpdate);
       return this;
     }
 

core/src/main/java/google/registry/flows/domain/DomainCreateFlow.java

@@ -18,7 +18,6 @@ import static com.google.common.collect.ImmutableSet.toImmutableSet;
 import static google.registry.dns.DnsUtils.requestDomainDnsRefresh;
 import static google.registry.flows.FlowUtils.persistEntityChanges;
 import static google.registry.flows.FlowUtils.validateRegistrarIsLoggedIn;
-import static google.registry.flows.ResourceFlowUtils.verifyResourceDoesNotExist;
 import static google.registry.flows.domain.DomainFlowUtils.COLLISION_MESSAGE;
 import static google.registry.flows.domain.DomainFlowUtils.checkAllowedAccessToTld;
 import static google.registry.flows.domain.DomainFlowUtils.checkHasBillingAccount;
@@ -224,6 +223,7 @@ public final class DomainCreateFlow implements MutatingFlow {
   @Inject DomainCreateFlowCustomLogic flowCustomLogic;
   @Inject DomainFlowTmchUtils tmchUtils;
   @Inject DomainPricingLogic pricingLogic;
+  @Inject DomainDeletionTimeCache domainDeletionTimeCache;
 
   @Inject DomainCreateFlow() {}
 
@@ -239,13 +239,13 @@ public final class DomainCreateFlow implements MutatingFlow {
     validateRegistrarIsLoggedIn(registrarId);
     verifyRegistrarIsActive(registrarId);
     extensionManager.validate();
+    verifyDomainDoesNotExist();
     DateTime now = tm().getTransactionTime();
     DomainCommand.Create command = cloneAndLinkReferences((Create) resourceCommand, now);
     Period period = command.getPeriod();
     verifyUnitIsYears(period);
     int years = period.getValue();
     validateRegistrationPeriod(years);
-    verifyResourceDoesNotExist(Domain.class, targetId, now, registrarId);
     // Validate that this is actually a legal domain name on a TLD that the registrar has access to.
     InternetDomainName domainName = validateDomainName(command.getDomainName());
     String domainLabel = domainName.parts().getFirst();
@@ -357,11 +357,11 @@ public final class DomainCreateFlow implements MutatingFlow {
             domainHistoryId, registrationExpirationTime, isAnchorTenant, allocationToken);
     PollMessage.Autorenew autorenewPollMessage =
         createAutorenewPollMessage(domainHistoryId, registrationExpirationTime);
-    ImmutableSet.Builder<ImmutableObject> entitiesToSave = new ImmutableSet.Builder<>();
-    entitiesToSave.add(createBillingEvent, autorenewBillingEvent, autorenewPollMessage);
+    ImmutableSet.Builder<ImmutableObject> entitiesToInsert = new ImmutableSet.Builder<>();
+    entitiesToInsert.add(createBillingEvent, autorenewBillingEvent, autorenewPollMessage);
     // Bill for EAP cost, if any.
     if (!feesAndCredits.getEapCost().isZero()) {
-      entitiesToSave.add(createEapBillingEvent(feesAndCredits, createBillingEvent));
+      entitiesToInsert.add(createEapBillingEvent(feesAndCredits, createBillingEvent));
     }
 
     ImmutableSet<ReservationType> reservationTypes = getReservationTypes(domainName);
@@ -404,12 +404,13 @@ public final class DomainCreateFlow implements MutatingFlow {
     DomainHistory domainHistory =
         buildDomainHistory(domain, tld, now, period, tld.getAddGracePeriodLength());
     if (reservationTypes.contains(NAME_COLLISION)) {
-      entitiesToSave.add(
+      entitiesToInsert.add(
           createNameCollisionOneTimePollMessage(targetId, domainHistory, registrarId, now));
     }
-    entitiesToSave.add(domain, domainHistory);
+    entitiesToInsert.add(domain, domainHistory);
+    ImmutableSet.Builder<ImmutableObject> entitiesToUpdate = new ImmutableSet.Builder<>();
     if (allocationToken.isPresent() && allocationToken.get().getTokenType().isOneTimeUse()) {
-      entitiesToSave.add(
+      entitiesToUpdate.add(
           AllocationTokenFlowUtils.redeemToken(
               allocationToken.get(), domainHistory.getHistoryEntryId()));
     }
@@ -422,7 +423,10 @@ public final class DomainCreateFlow implements MutatingFlow {
                 .setNewDomain(domain)
                 .setHistoryEntry(domainHistory)
                 .setEntityChanges(
-                    EntityChanges.newBuilder().setSaves(entitiesToSave.build()).build())
+                    EntityChanges.newBuilder()
+                        .setInserts(entitiesToInsert.build())
+                        .setUpdates(entitiesToUpdate.build())
+                        .build())
                 .setYears(years)
                 .build());
     persistEntityChanges(entityChanges);
@@ -649,6 +653,15 @@ public final class DomainCreateFlow implements MutatingFlow {
         .build();
   }
 
+  private void verifyDomainDoesNotExist() throws ResourceCreateContentionException {
+    Optional<DateTime> previousDeletionTime =
+        domainDeletionTimeCache.getDeletionTimeForDomain(targetId);
+    if (previousDeletionTime.isPresent()
+        && !tm().getTransactionTime().isAfter(previousDeletionTime.get())) {
+      throw new ResourceCreateContentionException(targetId);
+    }
+  }
+
   private static BillingEvent createEapBillingEvent(
       FeesAndCredits feesAndCredits, BillingEvent createBillingEvent) {
     return new BillingEvent.Builder()

core/src/main/java/google/registry/flows/domain/DomainDeleteFlow.java

@@ -151,7 +151,7 @@ public final class DomainDeleteFlow implements MutatingFlow, SqlStatementLogging
     verifyDeleteAllowed(existingDomain, tld, now);
     flowCustomLogic.afterValidation(
         AfterValidationParameters.newBuilder().setExistingDomain(existingDomain).build());
-    ImmutableSet.Builder<ImmutableObject> entitiesToSave = new ImmutableSet.Builder<>();
+    ImmutableSet.Builder<ImmutableObject> entitiesToInsert = new ImmutableSet.Builder<>();
     Domain.Builder builder;
     if (existingDomain.getStatusValues().contains(StatusValue.PENDING_TRANSFER)) {
       builder =
@@ -221,7 +221,7 @@ public final class DomainDeleteFlow implements MutatingFlow, SqlStatementLogging
       } else {
         PollMessage.OneTime deletePollMessage =
             createDeletePollMessage(existingDomain, domainHistoryId, deletionTime);
-        entitiesToSave.add(deletePollMessage);
+        entitiesToInsert.add(deletePollMessage);
         builder.setDeletePollMessage(deletePollMessage.createVKey());
       }
     }
@@ -230,7 +230,7 @@ public final class DomainDeleteFlow implements MutatingFlow, SqlStatementLogging
     // registrar other than the sponsoring registrar (which will necessarily be a superuser).
     if (durationUntilDelete.isLongerThan(Duration.ZERO)
         && !registrarId.equals(existingDomain.getPersistedCurrentSponsorRegistrarId())) {
-      entitiesToSave.add(
+      entitiesToInsert.add(
           createImmediateDeletePollMessage(existingDomain, domainHistoryId, now, deletionTime));
     }
 
@@ -239,7 +239,7 @@ public final class DomainDeleteFlow implements MutatingFlow, SqlStatementLogging
     for (GracePeriod gracePeriod : existingDomain.getGracePeriods()) {
       // No cancellation is written if the grace period was not for a billable event.
       if (gracePeriod.hasBillingEvent()) {
-        entitiesToSave.add(
+        entitiesToInsert.add(
             BillingCancellation.forGracePeriod(gracePeriod, now, domainHistoryId, targetId));
         if (gracePeriod.getBillingEvent() != null) {
           // Take the amount of registration time being refunded off the expiration time.
@@ -271,7 +271,7 @@ public final class DomainDeleteFlow implements MutatingFlow, SqlStatementLogging
     // ResourceDeleteFlow since it's listed in serverApproveEntities.
     requestDomainDnsRefresh(existingDomain.getDomainName());
 
-    entitiesToSave.add(newDomain, domainHistory);
+    entitiesToInsert.add(domainHistory);
     EntityChanges entityChanges =
         flowCustomLogic.beforeSave(
             BeforeSaveParameters.newBuilder()
@@ -279,7 +279,10 @@ public final class DomainDeleteFlow implements MutatingFlow, SqlStatementLogging
                 .setNewDomain(newDomain)
                 .setHistoryEntry(domainHistory)
                 .setEntityChanges(
-                    EntityChanges.newBuilder().setSaves(entitiesToSave.build()).build())
+                    EntityChanges.newBuilder()
+                        .setInserts(entitiesToInsert.build())
+                        .addUpdate(newDomain)
+                        .build())
                 .build());
     BeforeResponseReturnData responseData =
         flowCustomLogic.beforeResponse(

core/src/main/java/google/registry/flows/domain/DomainDeletionTimeCache.java

@@ -0,0 +1,133 @@
+// Copyright 2025 The Nomulus Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package google.registry.flows.domain;
+
+import static google.registry.persistence.transaction.TransactionManagerFactory.tm;
+
+import com.github.benmanes.caffeine.cache.CacheLoader;
+import com.github.benmanes.caffeine.cache.Caffeine;
+import com.github.benmanes.caffeine.cache.Expiry;
+import com.github.benmanes.caffeine.cache.LoadingCache;
+import com.github.benmanes.caffeine.cache.Ticker;
+import com.google.common.collect.ImmutableSet;
+import google.registry.model.ForeignKeyUtils;
+import google.registry.model.domain.Domain;
+import google.registry.util.DateTimeUtils;
+import java.util.Optional;
+import org.joda.time.DateTime;
+
+/**
+ * Functionally-static loading cache that keeps track of deletion (AKA drop) times for domains.
+ *
+ * <p>Some domain names may have many create requests issued shortly before (and directly after) the
+ * name is released due to a previous registrant deleting it. In those cases, caching the deletion
+ * time of the existing domain allows us to short-circuit the request and avoid any load on the
+ * database checking the existing domain (at least, in cases where the request hits a particular
+ * node more than once).
+ *
+ * <p>The cache is fairly short-lived (as we're concerned about many requests at basically the same
+ * time), and entries also expire when the drop actually happens. If the domain is re-created after
+ * a drop, the next load attempt will populate the cache with a deletion time of END_OF_TIME, which
+ * will be read from the cache by subsequent attempts.
+ *
+ * <p>We take advantage of the fact that Caffeine caches don't store nulls returned from the
+ * CacheLoader, so a null result (meaning the domain doesn't exist) won't affect future calls (this
+ * avoids a stale-cache situation where the cache "thinks" the domain doesn't exist, but it does).
+ * Put another way, if a domain really doesn't exist, we'll re-attempt the database load every time.
+ *
+ * <p>We don't explicitly set the cache inside domain create/delete flows, in case the transaction
+ * fails at commit time. It's better to have stale data, or to require an additional database load,
+ * than to have incorrect data.
+ *
+ * <p>Note: this should be injected as a singleton -- it's essentially static, but we have it as a
+ * non-static object for concurrent testing purposes.
+ */
+public class DomainDeletionTimeCache {
+
+  // Max expiry time is ten minutes
+  private static final long NANOS_IN_ONE_MILLISECOND = 100000L;
+  private static final long MAX_EXPIRY_NANOS = 10L * 60L * 1000L * NANOS_IN_ONE_MILLISECOND;
+  private static final int MAX_ENTRIES = 500;
+
+  /**
+   * Expire after the max duration, or after the domain is set to drop (whichever comes first).
+   *
+   * <p>If the domain has already been deleted (the deletion time is <= now), the entry will
+   * immediately be expired/removed.
+   *
+   * <p>NB: the Expiry class requires the return value in <b>nanoseconds</b>, not milliseconds
+   */
+  private static final Expiry<String, DateTime> EXPIRY_POLICY =
+      new Expiry<>() {
+        @Override
+        public long expireAfterCreate(String key, DateTime value, long currentTime) {
+          // Watch out for Long overflow
+          long deletionTimeNanos =
+              value.equals(DateTimeUtils.END_OF_TIME)
+                  ? Long.MAX_VALUE
+                  : value.getMillis() * NANOS_IN_ONE_MILLISECOND;
+          long nanosUntilDeletion = deletionTimeNanos - currentTime;
+          return Math.max(0L, Math.min(MAX_EXPIRY_NANOS, nanosUntilDeletion));
+        }
+
+        /** Reset the time entirely on update, as if we were creating the entry anew. */
+        @Override
+        public long expireAfterUpdate(
+            String key, DateTime value, long currentTime, long currentDuration) {
+          return expireAfterCreate(key, value, currentTime);
+        }
+
+        /** Reads do not change the expiry duration. */
+        @Override
+        public long expireAfterRead(
+            String key, DateTime value, long currentTime, long currentDuration) {
+          return currentDuration;
+        }
+      };
+
+  /** Attempt to load the domain's deletion time if the domain exists. */
+  private static final CacheLoader<String, DateTime> CACHE_LOADER =
+      (domainName) -> {
+        ForeignKeyUtils.MostRecentResource mostRecentResource =
+            ForeignKeyUtils.loadMostRecentResources(
+                    Domain.class, ImmutableSet.of(domainName), false)
+                .get(domainName);
+        return mostRecentResource == null ? null : mostRecentResource.deletionTime();
+      };
+
+  // Unfortunately, maintenance tasks aren't necessarily already in a transaction
+  private static final Ticker TRANSACTION_TIME_TICKER =
+      () -> tm().reTransact(() -> tm().getTransactionTime().getMillis() * NANOS_IN_ONE_MILLISECOND);
+
+  public static DomainDeletionTimeCache create() {
+    return new DomainDeletionTimeCache(
+        Caffeine.newBuilder()
+            .ticker(TRANSACTION_TIME_TICKER)
+            .expireAfter(EXPIRY_POLICY)
+            .maximumSize(MAX_ENTRIES)
+            .build(CACHE_LOADER));
+  }
+
+  private final LoadingCache<String, DateTime> cache;
+
+  private DomainDeletionTimeCache(LoadingCache<String, DateTime> cache) {
+    this.cache = cache;
+  }
+
+  /** Returns the domain's deletion time, or null if it doesn't currently exist. */
+  public Optional<DateTime> getDeletionTimeForDomain(String domainName) {
+    return Optional.ofNullable(cache.get(domainName));
+  }
+}

core/src/main/java/google/registry/flows/domain/DomainDeletionTimeCacheModule.java

@@ -0,0 +1,30 @@
+// Copyright 2025 The Nomulus Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package google.registry.flows.domain;
+
+import dagger.Module;
+import dagger.Provides;
+import jakarta.inject.Singleton;
+
+/** Dagger module to provide the {@link DomainDeletionTimeCache}. */
+@Module
+public class DomainDeletionTimeCacheModule {
+
+  @Provides
+  @Singleton
+  public static DomainDeletionTimeCache provideDomainDeletionTimeCache() {
+    return DomainDeletionTimeCache.create();
+  }
+}

core/src/main/java/google/registry/flows/domain/DomainFlowUtils.java

@@ -711,7 +711,7 @@ public class DomainFlowUtils {
 
     BillingRecurrence newBillingRecurrence =
         existingBillingRecurrence.asBuilder().setRecurrenceEndTime(newEndTime).build();
-    tm().put(newBillingRecurrence);
+    tm().update(newBillingRecurrence);
     return newBillingRecurrence;
   }
 

core/src/main/java/google/registry/flows/domain/DomainRenewFlow.java

@@ -245,11 +245,13 @@ public final class DomainRenewFlow implements MutatingFlow {
             .build();
     DomainHistory domainHistory =
         buildDomainHistory(newDomain, now, command.getPeriod(), tld.getRenewGracePeriodLength());
-    ImmutableSet.Builder<ImmutableObject> entitiesToSave = new ImmutableSet.Builder<>();
-    entitiesToSave.add(
-        newDomain, domainHistory, explicitRenewEvent, newAutorenewEvent, newAutorenewPollMessage);
+    ImmutableSet.Builder<ImmutableObject> entitiesToInsert = new ImmutableSet.Builder<>();
+    ImmutableSet.Builder<ImmutableObject> entitiesToUpdate = new ImmutableSet.Builder<>();
+    entitiesToInsert.add(
+        domainHistory, explicitRenewEvent, newAutorenewEvent, newAutorenewPollMessage);
+    entitiesToUpdate.add(newDomain);
     if (allocationToken.isPresent() && allocationToken.get().getTokenType().isOneTimeUse()) {
-      entitiesToSave.add(
+      entitiesToUpdate.add(
           AllocationTokenFlowUtils.redeemToken(
               allocationToken.get(), domainHistory.getHistoryEntryId()));
     }
@@ -262,7 +264,10 @@ public final class DomainRenewFlow implements MutatingFlow {
                 .setYears(years)
                 .setHistoryEntry(domainHistory)
                 .setEntityChanges(
-                    EntityChanges.newBuilder().setSaves(entitiesToSave.build()).build())
+                    EntityChanges.newBuilder()
+                        .setInserts(entitiesToInsert.build())
+                        .setUpdates(entitiesToUpdate.build())
+                        .build())
                 .build());
     BeforeResponseReturnData responseData =
         flowCustomLogic.beforeResponse(

core/src/main/java/google/registry/flows/domain/DomainRestoreRequestFlow.java

@@ -146,18 +146,18 @@ public final class DomainRestoreRequestFlow implements MutatingFlow {
     verifyRestoreAllowed(command, existingDomain, feeUpdate, feesAndCredits, now);
     HistoryEntryId domainHistoryId = createHistoryEntryId(existingDomain);
     historyBuilder.setRevisionId(domainHistoryId.getRevisionId());
-    ImmutableSet.Builder<ImmutableObject> entitiesToSave = new ImmutableSet.Builder<>();
+    ImmutableSet.Builder<ImmutableObject> entitiesToInsert = new ImmutableSet.Builder<>();
 
     DateTime newExpirationTime =
         existingDomain.getRegistrationExpirationTime().plusYears(isExpired ? 1 : 0);
     // Restore the expiration time on the deleted domain, except if that's already passed, then add
     // a year and bill for it immediately, with no grace period.
     if (isExpired) {
-      entitiesToSave.add(
+      entitiesToInsert.add(
           createRenewBillingEvent(domainHistoryId, feesAndCredits.getRenewCost(), now));
     }
     // Always bill for the restore itself.
-    entitiesToSave.add(
+    entitiesToInsert.add(
         createRestoreBillingEvent(domainHistoryId, feesAndCredits.getRestoreCost(), now));
 
     BillingRecurrence autorenewEvent =
@@ -166,12 +166,14 @@ public final class DomainRestoreRequestFlow implements MutatingFlow {
             .setRecurrenceEndTime(END_OF_TIME)
             .setDomainHistoryId(domainHistoryId)
             .build();
+    entitiesToInsert.add(autorenewEvent);
     PollMessage.Autorenew autorenewPollMessage =
         newAutorenewPollMessage(existingDomain)
             .setEventTime(newExpirationTime)
             .setAutorenewEndTime(END_OF_TIME)
             .setDomainHistoryId(domainHistoryId)
             .build();
+    entitiesToInsert.add(autorenewPollMessage);
     Domain newDomain =
         performRestore(
             existingDomain,
@@ -181,8 +183,9 @@ public final class DomainRestoreRequestFlow implements MutatingFlow {
             now,
             registrarId);
     DomainHistory domainHistory = buildDomainHistory(newDomain, now);
-    entitiesToSave.add(newDomain, domainHistory, autorenewEvent, autorenewPollMessage);
-    tm().putAll(entitiesToSave.build());
+    entitiesToInsert.add(domainHistory);
+    tm().update(newDomain);
+    tm().insertAll(entitiesToInsert.build());
     if (existingDomain.getDeletePollMessage() != null) {
       tm().delete(existingDomain.getDeletePollMessage());
     }

core/src/main/java/google/registry/flows/domain/DomainTransferApproveFlow.java

@@ -172,7 +172,7 @@ public final class DomainTransferApproveFlow implements MutatingFlow {
                     .setDomainHistoryId(domainHistoryId)
                     .build());
 
-    ImmutableList.Builder<ImmutableObject> entitiesToSave = new ImmutableList.Builder<>();
+    ImmutableList.Builder<ImmutableObject> entitiesToInsert = new ImmutableList.Builder<>();
     // If we are within an autorenew grace period, cancel the autorenew billing event and don't
     // increase the registration time, since the transfer subsumes the autorenew's extra year.
     GracePeriod autorenewGrace =
@@ -184,7 +184,7 @@ public final class DomainTransferApproveFlow implements MutatingFlow {
       // then the gaining registrar is not charged for the one-year renewal and the losing registrar
       // still needs to be charged for the auto-renew.
       if (billingEvent.isPresent()) {
-        entitiesToSave.add(
+        entitiesToInsert.add(
             BillingCancellation.forGracePeriod(autorenewGrace, now, domainHistoryId, targetId));
       }
     }
@@ -259,14 +259,11 @@ public final class DomainTransferApproveFlow implements MutatingFlow {
     PollMessage gainingClientPollMessage =
         createGainingTransferPollMessage(
             targetId, newDomain.getTransferData(), newExpirationTime, now, domainHistoryId);
-    billingEvent.ifPresent(entitiesToSave::add);
-    entitiesToSave.add(
-        autorenewEvent,
-        gainingClientPollMessage,
-        gainingClientAutorenewPollMessage,
-        newDomain,
-        domainHistory);
-    tm().putAll(entitiesToSave.build());
+    billingEvent.ifPresent(entitiesToInsert::add);
+    entitiesToInsert.add(
+        autorenewEvent, gainingClientPollMessage, gainingClientAutorenewPollMessage, domainHistory);
+    tm().update(newDomain);
+    tm().insertAll(entitiesToInsert.build());
     // Delete the billing event and poll messages that were written in case the transfer would have
     // been implicitly server approved.
     tm().delete(existingDomain.getTransferData().getServerApproveEntities());

core/src/main/java/google/registry/flows/domain/DomainTransferCancelFlow.java

@@ -110,8 +110,8 @@ public final class DomainTransferCancelFlow implements MutatingFlow {
     Domain newDomain =
         denyPendingTransfer(existingDomain, TransferStatus.CLIENT_CANCELLED, now, registrarId);
     DomainHistory domainHistory = buildDomainHistory(newDomain, tld, now);
-    tm().putAll(
-            newDomain,
+    tm().update(newDomain);
+    tm().insertAll(
             domainHistory,
             createLosingTransferPollMessage(
                 targetId, newDomain.getTransferData(), null, domainHistoryId));

core/src/main/java/google/registry/flows/domain/DomainTransferRejectFlow.java

@@ -109,8 +109,8 @@ public final class DomainTransferRejectFlow implements MutatingFlow {
     Domain newDomain =
         denyPendingTransfer(existingDomain, TransferStatus.CLIENT_REJECTED, now, registrarId);
     DomainHistory domainHistory = buildDomainHistory(newDomain, tld, now);
-    tm().putAll(
-            newDomain,
+    tm().update(newDomain);
+    tm().insertAll(
             domainHistory,
             createGainingTransferPollMessage(
                 targetId, newDomain.getTransferData(), null, now, domainHistoryId));

core/src/main/java/google/registry/flows/domain/DomainTransferRequestFlow.java

@@ -283,11 +283,9 @@ public final class DomainTransferRequestFlow implements MutatingFlow {
 
     asyncTaskEnqueuer.enqueueAsyncResave(
         newDomain.createVKey(), now, ImmutableSortedSet.of(automaticTransferTime));
-    tm().putAll(
-            new ImmutableSet.Builder<>()
-                .add(newDomain, domainHistory, requestPollMessage)
-                .addAll(serverApproveEntities)
-                .build());
+    tm().put(newDomain);
+    tm().putAll(serverApproveEntities);
+    tm().insertAll(domainHistory, requestPollMessage);
     return responseBuilder
         .setResultFromCode(SUCCESS_WITH_ACTION_PENDING)
         .setResData(createResponse(period, existingDomain, newDomain, now))

core/src/main/java/google/registry/flows/domain/DomainUpdateFlow.java

@@ -190,14 +190,16 @@ public final class DomainUpdateFlow implements MutatingFlow {
     if (requiresDnsUpdate(existingDomain, newDomain)) {
       requestDomainDnsRefresh(targetId);
     }
-    ImmutableSet.Builder<ImmutableObject> entitiesToSave = new ImmutableSet.Builder<>();
-    entitiesToSave.add(newDomain, domainHistory);
+    ImmutableSet.Builder<ImmutableObject> entitiesToInsert = new ImmutableSet.Builder<>();
+    ImmutableSet.Builder<ImmutableObject> entitiesToUpdate = new ImmutableSet.Builder<>();
+    entitiesToUpdate.add(newDomain);
+    entitiesToInsert.add(domainHistory);
     Optional<BillingEvent> statusUpdateBillingEvent =
         createBillingEventForStatusUpdates(existingDomain, newDomain, domainHistory, now);
-    statusUpdateBillingEvent.ifPresent(entitiesToSave::add);
+    statusUpdateBillingEvent.ifPresent(entitiesToInsert::add);
     Optional<PollMessage.OneTime> serverStatusUpdatePollMessage =
         createPollMessageForServerStatusUpdates(existingDomain, newDomain, domainHistory, now);
-    serverStatusUpdatePollMessage.ifPresent(entitiesToSave::add);
+    serverStatusUpdatePollMessage.ifPresent(entitiesToInsert::add);
     EntityChanges entityChanges =
         flowCustomLogic.beforeSave(
             BeforeSaveParameters.newBuilder()
@@ -205,7 +207,10 @@ public final class DomainUpdateFlow implements MutatingFlow {
                 .setNewDomain(newDomain)
                 .setExistingDomain(existingDomain)
                 .setEntityChanges(
-                    EntityChanges.newBuilder().setSaves(entitiesToSave.build()).build())
+                    EntityChanges.newBuilder()
+                        .setInserts(entitiesToInsert.build())
+                        .setUpdates(entitiesToUpdate.build())
+                        .build())
                 .build());
     persistEntityChanges(entityChanges);
     return responseBuilder.build();

core/src/main/java/google/registry/flows/host/HostCreateFlow.java

@@ -126,7 +126,8 @@ public final class HostCreateFlow implements MutatingFlow {
             .setSuperordinateDomain(superordinateDomain.map(Domain::createVKey).orElse(null))
             .build();
     historyBuilder.setType(HOST_CREATE).setHost(newHost);
-    ImmutableSet<ImmutableObject> entitiesToSave = ImmutableSet.of(newHost, historyBuilder.build());
+    ImmutableSet<ImmutableObject> entitiesToInsert =
+        ImmutableSet.of(newHost, historyBuilder.build());
     if (superordinateDomain.isPresent()) {
       tm().update(
               superordinateDomain
@@ -138,7 +139,7 @@ public final class HostCreateFlow implements MutatingFlow {
       // they are only written as NS records from the referencing domain.
       requestHostDnsRefresh(targetId);
     }
-    tm().insertAll(entitiesToSave);
+    tm().insertAll(entitiesToInsert);
     return responseBuilder.setResData(HostCreateData.create(targetId, now)).build();
   }
 

core/src/main/java/google/registry/flows/host/HostUpdateFlow.java

@@ -52,7 +52,6 @@ import google.registry.flows.annotations.ReportingSpec;
 import google.registry.flows.exceptions.ResourceHasClientUpdateProhibitedException;
 import google.registry.model.EppResource;
 import google.registry.model.ForeignKeyUtils;
-import google.registry.model.ImmutableObject;
 import google.registry.model.domain.Domain;
 import google.registry.model.domain.metadata.MetadataExtension;
 import google.registry.model.eppcommon.StatusValue;
@@ -198,16 +197,12 @@ public final class HostUpdateFlow implements MutatingFlow {
             .setPersistedCurrentSponsorRegistrarId(newPersistedRegistrarId)
             .build();
     verifyHasIpsIffIsExternal(command, existingHost, newHost);
-    ImmutableSet.Builder<ImmutableObject> entitiesToInsert = new ImmutableSet.Builder<>();
-    ImmutableSet.Builder<ImmutableObject> entitiesToUpdate = new ImmutableSet.Builder<>();
-    entitiesToUpdate.add(newHost);
     if (isHostRename) {
       updateSuperordinateDomains(existingHost, newHost);
     }
     enqueueTasks(existingHost, newHost);
-    entitiesToInsert.add(historyBuilder.setType(HOST_UPDATE).setHost(newHost).build());
-    tm().updateAll(entitiesToUpdate.build());
-    tm().insertAll(entitiesToInsert.build());
+    tm().update(newHost);
+    tm().insert(historyBuilder.setType(HOST_UPDATE).setHost(newHost).build());
     return responseBuilder.build();
   }
 
@@ -290,7 +285,7 @@ public final class HostUpdateFlow implements MutatingFlow {
         && newHost.isSubordinate()
         && Objects.equals(
             existingHost.getSuperordinateDomain(), newHost.getSuperordinateDomain())) {
-      tm().put(
+      tm().update(
               tm().loadByKey(existingHost.getSuperordinateDomain())
                   .asBuilder()
                   .removeSubordinateHost(existingHost.getHostName())
@@ -299,14 +294,14 @@ public final class HostUpdateFlow implements MutatingFlow {
       return;
     }
     if (existingHost.isSubordinate()) {
-      tm().put(
+      tm().update(
               tm().loadByKey(existingHost.getSuperordinateDomain())
                   .asBuilder()
                   .removeSubordinateHost(existingHost.getHostName())
                   .build());
     }
     if (newHost.isSubordinate()) {
-      tm().put(
+      tm().update(
               tm().loadByKey(newHost.getSuperordinateDomain())
                   .asBuilder()
                   .addSubordinateHost(newHost.getHostName())

core/src/main/java/google/registry/model/ForeignKeyUtils.java

@@ -86,7 +86,7 @@ public final class ForeignKeyUtils {
    */
   public static <E extends EppResource> ImmutableMap<String, VKey<E>> load(
       Class<E> clazz, Collection<String> foreignKeys, final DateTime now) {
-    return load(clazz, foreignKeys, false).entrySet().stream()
+    return loadMostRecentResources(clazz, foreignKeys, false).entrySet().stream()
         .filter(e -> now.isBefore(e.getValue().deletionTime()))
         .collect(toImmutableMap(Entry::getKey, e -> VKey.create(clazz, e.getValue().repoId())));
   }
@@ -104,8 +104,9 @@ public final class ForeignKeyUtils {
    * same max {@code deleteTime}, usually {@code END_OF_TIME}, lest this method throws an error due
    * to duplicate keys.
    */
-  private static <E extends EppResource> ImmutableMap<String, MostRecentResource> load(
-      Class<E> clazz, Collection<String> foreignKeys, boolean useReplicaTm) {
+  public static <E extends EppResource>
+      ImmutableMap<String, MostRecentResource> loadMostRecentResources(
+          Class<E> clazz, Collection<String> foreignKeys, boolean useReplicaTm) {
     String fkProperty = RESOURCE_TYPE_TO_FK_PROPERTY.get(clazz);
     JpaTransactionManager tmToUse = useReplicaTm ? replicaTm() : tm();
     return tmToUse.reTransact(
@@ -148,7 +149,7 @@ public final class ForeignKeyUtils {
               ImmutableList<String> foreignKeys =
                   keys.stream().map(key -> (String) key.getKey()).collect(toImmutableList());
               ImmutableMap<String, MostRecentResource> existingKeys =
-                  ForeignKeyUtils.load(clazz, foreignKeys, true);
+                  ForeignKeyUtils.loadMostRecentResources(clazz, foreignKeys, true);
               // The above map only contains keys that exist in the database, so we re-add the
               // missing ones with Optional.empty() values for caching.
               return Maps.asMap(
@@ -234,7 +235,7 @@ public final class ForeignKeyUtils {
                 e -> VKey.create(clazz, e.getValue().get().repoId())));
   }
 
-  record MostRecentResource(String repoId, DateTime deletionTime) {
+  public record MostRecentResource(String repoId, DateTime deletionTime) {
 
     static MostRecentResource create(String repoId, DateTime deletionTime) {
       return new MostRecentResource(repoId, deletionTime);

core/src/main/java/google/registry/model/tmch/ClaimsListDao.java

@@ -15,7 +15,6 @@
 package google.registry.model.tmch;
 
 import static google.registry.config.RegistryConfig.getClaimsListCacheDuration;
-import static google.registry.persistence.transaction.QueryComposer.Comparator.EQ;
 import static google.registry.persistence.transaction.TransactionManagerFactory.tm;
 import static google.registry.util.DateTimeUtils.START_OF_TIME;
 
@@ -79,14 +78,11 @@ public class ClaimsListDao {
    */
   private static ClaimsList getUncached() {
     return tm().reTransact(
-            () -> {
-              Long revisionId =
-                  tm().query("SELECT MAX(revisionId) FROM ClaimsList", Long.class)
-                      .getSingleResult();
-              return tm().createQueryComposer(ClaimsList.class)
-                  .where("revisionId", EQ, revisionId)
-                  .first();
-            })
+            () ->
+                tm().query("FROM ClaimsList ORDER BY revisionId DESC", ClaimsList.class)
+                    .setMaxResults(1)
+                    .getResultStream()
+                    .findFirst())
         .orElse(ClaimsList.create(START_OF_TIME, ImmutableMap.of()));
   }
 

core/src/main/java/google/registry/module/RegistryComponent.java

@@ -30,6 +30,7 @@ import google.registry.export.DriveModule;
 import google.registry.export.sheet.SheetsServiceModule;
 import google.registry.flows.ServerTridProviderModule;
 import google.registry.flows.custom.CustomLogicFactoryModule;
+import google.registry.flows.domain.DomainDeletionTimeCacheModule;
 import google.registry.groups.DirectoryModule;
 import google.registry.groups.GmailModule;
 import google.registry.groups.GroupsModule;
@@ -66,6 +67,7 @@ import jakarta.inject.Singleton;
       CredentialModule.class,
       CustomLogicFactoryModule.class,
       DirectoryModule.class,
+      DomainDeletionTimeCacheModule.class,
       DriveModule.class,
       GmailModule.class,
       GroupsModule.class,

core/src/main/java/google/registry/module/backend/BackendComponent.java

@@ -26,6 +26,7 @@ import google.registry.export.DriveModule;
 import google.registry.export.sheet.SheetsServiceModule;
 import google.registry.flows.ServerTridProviderModule;
 import google.registry.flows.custom.CustomLogicFactoryModule;
+import google.registry.flows.domain.DomainDeletionTimeCacheModule;
 import google.registry.groups.DirectoryModule;
 import google.registry.groups.GmailModule;
 import google.registry.groups.GroupsModule;
@@ -56,6 +57,7 @@ import jakarta.inject.Singleton;
       CloudTasksUtilsModule.class,
       CredentialModule.class,
       CustomLogicFactoryModule.class,
+      DomainDeletionTimeCacheModule.class,
       DirectoryModule.class,
       DriveModule.class,
       GmailModule.class,

core/src/main/java/google/registry/module/frontend/FrontendComponent.java

@@ -22,6 +22,7 @@ import google.registry.config.CredentialModule;
 import google.registry.config.RegistryConfig.ConfigModule;
 import google.registry.flows.ServerTridProviderModule;
 import google.registry.flows.custom.CustomLogicFactoryModule;
+import google.registry.flows.domain.DomainDeletionTimeCacheModule;
 import google.registry.groups.DirectoryModule;
 import google.registry.groups.GmailModule;
 import google.registry.groups.GroupsModule;
@@ -50,6 +51,7 @@ import jakarta.inject.Singleton;
       CustomLogicFactoryModule.class,
       CloudTasksUtilsModule.class,
       DirectoryModule.class,
+      DomainDeletionTimeCacheModule.class,
       FrontendRequestComponentModule.class,
       GmailModule.class,
       GroupsModule.class,

core/src/main/java/google/registry/module/tools/ToolsComponent.java

@@ -23,6 +23,7 @@ import google.registry.config.RegistryConfig.ConfigModule;
 import google.registry.export.DriveModule;
 import google.registry.flows.ServerTridProviderModule;
 import google.registry.flows.custom.CustomLogicFactoryModule;
+import google.registry.flows.domain.DomainDeletionTimeCacheModule;
 import google.registry.groups.DirectoryModule;
 import google.registry.groups.GroupsModule;
 import google.registry.groups.GroupssettingsModule;
@@ -47,6 +48,7 @@ import jakarta.inject.Singleton;
       CustomLogicFactoryModule.class,
       CloudTasksUtilsModule.class,
       DirectoryModule.class,
+      DomainDeletionTimeCacheModule.class,
       DriveModule.class,
       GroupsModule.class,
       GroupssettingsModule.class,

core/src/main/java/google/registry/tools/CreateCdnsTld.java

@@ -47,6 +47,11 @@ final class CreateCdnsTld extends ConfirmingCommand {
   )
   String name;
 
+  @Parameter(
+      names = "--skip_sandbox_tld_check",
+      description = "In Sandbox, skip the dns_name format check.")
+  boolean skipSandboxTldCheck;
+
   @Inject
   @Config("projectId")
   String projectId;
@@ -61,10 +66,15 @@ final class CreateCdnsTld extends ConfirmingCommand {
   protected void init() {
     // Sandbox talks to production Cloud DNS.  As a result, we can't configure any domains with a
     // suffix that might be used by customers on the same nameserver set.  Limit the user to setting
-    // up *.test TLDs.
-    if (RegistryToolEnvironment.get() == RegistryToolEnvironment.SANDBOX
-        && !dnsName.endsWith(".test.")) {
-      throw new IllegalArgumentException("Sandbox TLDs must be of the form \"*.test.\"");
+    // up *.test TLDs unless the user declares that the name is approved.
+    //
+    // The name format check simply provides a user-friendly error message. If the user wrongly
+    // declares name approval, the request to the Cloud DNS API will still fail.
+    if (RegistryToolEnvironment.get() == RegistryToolEnvironment.SANDBOX) {
+      if (!skipSandboxTldCheck && !dnsName.endsWith(".test.")) {
+        throw new IllegalArgumentException(
+            "Sandbox TLDs must be approved or in the form \"*.test.\"");
+      }
     }
 
     managedZone =

core/src/main/java/google/registry/tools/GenerateAllocationTokensCommand.java

@@ -15,6 +15,7 @@
 package google.registry.tools;
 
 import static com.google.common.base.Preconditions.checkArgument;
+import static com.google.common.collect.ImmutableList.toImmutableList;
 import static com.google.common.collect.ImmutableSet.toImmutableSet;
 import static com.google.common.collect.Sets.difference;
 import static google.registry.model.billing.BillingBase.RenewalPriceBehavior.DEFAULT;
@@ -46,6 +47,9 @@ import google.registry.model.domain.token.AllocationToken;
 import google.registry.model.domain.token.AllocationToken.RegistrationBehavior;
 import google.registry.model.domain.token.AllocationToken.TokenStatus;
 import google.registry.model.domain.token.AllocationToken.TokenType;
+import google.registry.model.registrar.Registrar;
+import google.registry.model.tld.Tld;
+import google.registry.model.tld.Tlds;
 import google.registry.persistence.VKey;
 import google.registry.tools.params.MoneyParameter;
 import google.registry.tools.params.TransitionListParameter.TokenStatusTransitions;
@@ -291,10 +295,12 @@ class GenerateAllocationTokensCommand implements Command {
         !ImmutableList.of("").equals(allowedClientIds),
         "Either omit --allowed_client_ids if all registrars are allowed, or include a"
             + " comma-separated list");
+    verifyAllRegistrarIdsExist(allowedClientIds);
 
     checkArgument(
         !ImmutableList.of("").equals(allowedTlds),
         "Either omit --allowed_tlds if all TLDs are allowed, or include a comma-separated list");
+    verifyAllTldsExist(allowedTlds);
 
     if (ImmutableList.of("").equals(allowedEppActions)) {
       allowedEppActions = ImmutableList.of();
@@ -326,6 +332,34 @@ class GenerateAllocationTokensCommand implements Command {
     }
   }
 
+  static void verifyAllRegistrarIdsExist(@Nullable List<String> allowedClientIds) {
+    // a null/empty list means that all registrars are allowed
+    if (isNullOrEmpty(allowedClientIds)) {
+      return;
+    }
+    ImmutableSet<String> allRegistrarIds =
+        Registrar.loadAllKeysCached().stream()
+            .map(VKey::getKey)
+            .map(Object::toString)
+            .collect(toImmutableSet());
+    ImmutableList<String> badRegistrarIds =
+        allowedClientIds.stream()
+            .filter(id -> !allRegistrarIds.contains(id))
+            .collect(toImmutableList());
+    checkArgument(badRegistrarIds.isEmpty(), "Unknown registrar ID(s) %s", badRegistrarIds);
+  }
+
+  static void verifyAllTldsExist(@Nullable List<String> allowedTlds) {
+    // a null/empty list means that all TLDs are allowed
+    if (isNullOrEmpty(allowedTlds)) {
+      return;
+    }
+    ImmutableSet<String> allTlds = Tlds.getTldsOfType(Tld.TldType.REAL);
+    ImmutableList<String> badTlds =
+        allowedTlds.stream().filter(tld -> !allTlds.contains(tld)).collect(toImmutableList());
+    checkArgument(badTlds.isEmpty(), "Unknown REAL TLD(s) %s", badTlds);
+  }
+
   private void verifyTokenStringsDoNotExist() {
     ImmutableSet<String> existingTokenStrings =
         getExistingTokenStrings(ImmutableSet.copyOf(tokenStrings));

core/src/main/java/google/registry/tools/UpdateAllocationTokensCommand.java

@@ -157,6 +157,9 @@ final class UpdateAllocationTokensCommand extends UpdateOrDeleteAllocationTokens
       endToken = true;
     }
 
+    GenerateAllocationTokensCommand.verifyAllRegistrarIdsExist(allowedClientIds);
+    GenerateAllocationTokensCommand.verifyAllTldsExist(allowedTlds);
+
     tokensToSave =
         tm().transact(
                 () ->

core/src/main/java/google/registry/ui/server/console/ConsoleHistoryDataAction.java

@@ -15,15 +15,19 @@
 package google.registry.ui.server.console;
 
 import static com.google.common.base.Preconditions.checkArgument;
+import static com.google.common.collect.ImmutableList.toImmutableList;
 import static google.registry.persistence.transaction.TransactionManagerFactory.tm;
 import static google.registry.request.Action.Method.GET;
 import static jakarta.servlet.http.HttpServletResponse.SC_BAD_REQUEST;
 import static jakarta.servlet.http.HttpServletResponse.SC_OK;
 
 import com.google.common.base.Strings;
+import google.registry.config.RegistryConfig.Config;
 import google.registry.model.console.ConsolePermission;
 import google.registry.model.console.ConsoleUpdateHistory;
+import google.registry.model.console.GlobalRole;
 import google.registry.model.console.User;
+import google.registry.model.console.UserRoles;
 import google.registry.request.Action;
 import google.registry.request.Action.GaeService;
 import google.registry.request.Action.GkeService;
@@ -43,8 +47,8 @@ public class ConsoleHistoryDataAction extends ConsoleApiAction {
 
   private static final String SQL_USER_HISTORY =
       """
-            SELECT * FROM "ConsoleUpdateHistory"
-            WHERE acting_user = :actingUser
+        SELECT * FROM "ConsoleUpdateHistory"
+        WHERE acting_user = :actingUser
       """;
 
   private static final String SQL_REGISTRAR_HISTORY =
@@ -59,14 +63,18 @@ public class ConsoleHistoryDataAction extends ConsoleApiAction {
   private final String registrarId;
   private final Optional<String> consoleUserEmail;
 
+  private final String supportEmail;
+
   @Inject
   public ConsoleHistoryDataAction(
       ConsoleApiParams consoleApiParams,
+      @Config("supportEmail") String supportEmail,
       @Parameter("registrarId") String registrarId,
       @Parameter("consoleUserEmail") Optional<String> consoleUserEmail) {
     super(consoleApiParams);
     this.registrarId = registrarId;
     this.consoleUserEmail = consoleUserEmail;
+    this.supportEmail = supportEmail;
   }
 
   @Override
@@ -95,7 +103,9 @@ public class ConsoleHistoryDataAction extends ConsoleApiAction {
                         .setHint("org.hibernate.fetchSize", 1000)
                         .getResultList());
 
-    consoleApiParams.response().setPayload(consoleApiParams.gson().toJson(queryResult));
+    List<ConsoleUpdateHistory> formattedHistoryList =
+        replaceActiveUserIfNecessary(queryResult, user);
+    consoleApiParams.response().setPayload(consoleApiParams.gson().toJson(formattedHistoryList));
     consoleApiParams.response().setStatus(SC_OK);
   }
 
@@ -110,7 +120,39 @@ public class ConsoleHistoryDataAction extends ConsoleApiAction {
                         .setParameter("registrarId", registrarId)
                         .setHint("org.hibernate.fetchSize", 1000)
                         .getResultList());
-    consoleApiParams.response().setPayload(consoleApiParams.gson().toJson(queryResult));
+
+    List<ConsoleUpdateHistory> formattedHistoryList =
+        replaceActiveUserIfNecessary(queryResult, user);
+    consoleApiParams.response().setPayload(consoleApiParams.gson().toJson(formattedHistoryList));
     consoleApiParams.response().setStatus(SC_OK);
   }
+
+  /** Anonymizes support users in history logs if the user viewing the log is a registrar user. */
+  private List<ConsoleUpdateHistory> replaceActiveUserIfNecessary(
+      List<ConsoleUpdateHistory> historyList, User requestingUser) {
+    // Check if the user *viewing* the history is a registrar user (not a support user)
+    if (GlobalRole.NONE.equals(requestingUser.getUserRoles().getGlobalRole())) {
+      User genericSupportUser = // Fixed typo
+          new User.Builder()
+              .setEmailAddress(this.supportEmail)
+              .setUserRoles(new UserRoles.Builder().build()) // Simplified roles
+              .build();
+
+      return historyList.stream()
+          .map(
+              history -> {
+                // Check if the user who performed the action was a support user
+                if (!GlobalRole.NONE.equals(
+                    history.getActingUser().getUserRoles().getGlobalRole())) {
+                  return history.asBuilder().setActingUser(genericSupportUser).build();
+                }
+                // If acting user was a registrar user show them as-is
+                return history;
+              })
+          .collect(toImmutableList());
+    }
+
+    // If the viewing user is a support user, return the list unmodified
+    return historyList;
+  }
 }

core/src/main/java/google/registry/ui/server/console/ConsoleUpdateRegistrarAction.java

@@ -23,6 +23,7 @@ import static org.apache.http.HttpStatus.SC_OK;
 
 import com.google.common.base.Strings;
 import com.google.common.collect.ImmutableSet;
+import com.google.common.flogger.FluentLogger;
 import google.registry.model.console.ConsolePermission;
 import google.registry.model.console.ConsoleUpdateHistory;
 import google.registry.model.console.User;
@@ -47,6 +48,8 @@ import org.joda.time.DateTime;
     method = {POST},
     auth = Auth.AUTH_PUBLIC_LOGGED_IN)
 public class ConsoleUpdateRegistrarAction extends ConsoleApiAction {
+  private static final FluentLogger logger = FluentLogger.forEnclosingClass();
+  private static final String CHANGE_LOG_ENTRY = "%s updated on %s, old -> %s, new -> %s";
   static final String PATH = "/console-api/registrar";
   private final Optional<Registrar> registrar;
 
@@ -124,6 +127,9 @@ public class ConsoleUpdateRegistrarAction extends ConsoleApiAction {
                   new ConsoleUpdateHistory.Builder()
                       .setType(ConsoleUpdateHistory.Type.REGISTRAR_UPDATE)
                       .setDescription(updatedRegistrar.getRegistrarId()));
+
+              logConsoleChangesIfNecessary(updatedRegistrar, existingRegistrar.get());
+
               sendExternalUpdatesIfNecessary(
                   EmailInfo.create(
                       existingRegistrar.get(),
@@ -134,4 +140,25 @@ public class ConsoleUpdateRegistrarAction extends ConsoleApiAction {
 
     consoleApiParams.response().setStatus(SC_OK);
   }
+
+  private void logConsoleChangesIfNecessary(
+      Registrar updatedRegistrar, Registrar existingRegistrar) {
+    if (!updatedRegistrar.getAllowedTlds().containsAll(existingRegistrar.getAllowedTlds())) {
+      logger.atInfo().log(
+          CHANGE_LOG_ENTRY,
+          "Allowed TLDs",
+          updatedRegistrar.getRegistrarId(),
+          existingRegistrar.getAllowedTlds(),
+          updatedRegistrar.getAllowedTlds());
+    }
+
+    if (updatedRegistrar.isRegistryLockAllowed() != existingRegistrar.isRegistryLockAllowed()) {
+      logger.atInfo().log(
+          CHANGE_LOG_ENTRY,
+          "Registry lock",
+          updatedRegistrar.getRegistrarId(),
+          existingRegistrar.isRegistryLockAllowed(),
+          updatedRegistrar.isRegistryLockAllowed());
+    }
+  }
 }

core/src/test/java/google/registry/batch/RemoveAllDomainContactsActionTest.java

@@ -23,9 +23,11 @@ import static google.registry.testing.DatabaseHelper.newDomain;
 import static google.registry.testing.DatabaseHelper.persistActiveContact;
 import static google.registry.testing.DatabaseHelper.persistResource;
 import static google.registry.util.DateTimeUtils.START_OF_TIME;
+import static org.mockito.Mockito.mock;
 
 import com.google.common.collect.ImmutableSet;
 import com.google.common.collect.ImmutableSortedMap;
+import com.google.common.util.concurrent.RateLimiter;
 import google.registry.flows.DaggerEppTestComponent;
 import google.registry.flows.EppController;
 import google.registry.flows.EppTestComponent.FakesAndMocksModule;
@@ -51,6 +53,7 @@ class RemoveAllDomainContactsActionTest {
       new JpaTestExtensions.Builder().buildIntegrationTestExtension();
 
   private final FakeResponse response = new FakeResponse();
+  private final RateLimiter rateLimiter = mock(RateLimiter.class);
   private RemoveAllDomainContactsAction action;
 
   @BeforeEach
@@ -69,7 +72,7 @@ class RemoveAllDomainContactsActionTest {
             .eppController();
     action =
         new RemoveAllDomainContactsAction(
-            eppController, "NewRegistrar", new FakeLockHandler(true), response);
+            eppController, "NewRegistrar", new FakeLockHandler(true), rateLimiter, response);
   }
 
   @Test

core/src/test/java/google/registry/flows/EppTestComponent.java

@@ -25,6 +25,7 @@ import google.registry.config.RegistryConfig.ConfigModule;
 import google.registry.config.RegistryConfig.ConfigModule.TmchCaMode;
 import google.registry.flows.custom.CustomLogicFactory;
 import google.registry.flows.custom.TestCustomLogicFactory;
+import google.registry.flows.domain.DomainDeletionTimeCache;
 import google.registry.flows.domain.DomainFlowTmchUtils;
 import google.registry.monitoring.whitebox.EppMetric;
 import google.registry.request.RequestScope;
@@ -126,6 +127,11 @@ public interface EppTestComponent {
     ServerTridProvider provideServerTridProvider() {
       return new FakeServerTridProvider();
     }
+
+    @Provides
+    DomainDeletionTimeCache provideDomainDeletionTimeCache() {
+      return DomainDeletionTimeCache.create();
+    }
   }
 
   class FakeServerTridProvider implements ServerTridProvider {

core/src/test/java/google/registry/flows/custom/TestDomainCreateFlowCustomLogic.java

@@ -40,8 +40,9 @@ public class TestDomainCreateFlowCustomLogic extends DomainCreateFlowCustomLogic
               .setMsg("Custom logic was triggered")
               .build();
       return EntityChanges.newBuilder()
-          .setSaves(parameters.entityChanges().getSaves())
-          .addSave(extraPollMessage)
+          .setInserts(parameters.entityChanges().getInserts())
+          .addInsert(extraPollMessage)
+          .setUpdates(parameters.entityChanges().getUpdates())
           .setDeletes(parameters.entityChanges().getDeletes())
           .build();
     }

core/src/test/java/google/registry/flows/domain/DomainCreateFlowTest.java

@@ -149,7 +149,6 @@ import google.registry.flows.domain.token.AllocationTokenFlowUtils.AlreadyRedeem
 import google.registry.flows.domain.token.AllocationTokenFlowUtils.NonexistentAllocationTokenException;
 import google.registry.flows.exceptions.ContactsProhibitedException;
 import google.registry.flows.exceptions.OnlyToolCanPassMetadataException;
-import google.registry.flows.exceptions.ResourceAlreadyExistsForThisClientException;
 import google.registry.flows.exceptions.ResourceCreateContentionException;
 import google.registry.model.billing.BillingBase;
 import google.registry.model.billing.BillingBase.Flag;
@@ -1238,8 +1237,8 @@ class DomainCreateFlowTest extends ResourceFlowTestCase<DomainCreateFlow, Domain
   void testFailure_alreadyExists() throws Exception {
     persistContactsAndHosts();
     persistActiveDomain(getUniqueIdFromCommand());
-    ResourceAlreadyExistsForThisClientException thrown =
-        assertThrows(ResourceAlreadyExistsForThisClientException.class, this::runFlow);
+    ResourceCreateContentionException thrown =
+        assertThrows(ResourceCreateContentionException.class, this::runFlow);
     assertAboutEppExceptions()
         .that(thrown)
         .marshalsToXml()

core/src/test/java/google/registry/flows/domain/DomainDeletionTimeCacheTest.java

@@ -0,0 +1,97 @@
+// Copyright 2025 The Nomulus Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package google.registry.flows.domain;
+
+import static com.google.common.truth.Truth.assertThat;
+import static google.registry.persistence.transaction.TransactionManagerFactory.tm;
+import static google.registry.testing.DatabaseHelper.persistActiveDomain;
+import static google.registry.testing.DatabaseHelper.persistDomainAsDeleted;
+import static google.registry.util.DateTimeUtils.END_OF_TIME;
+
+import google.registry.model.domain.Domain;
+import google.registry.persistence.transaction.JpaTestExtensions;
+import google.registry.testing.DatabaseHelper;
+import google.registry.testing.FakeClock;
+import java.util.Optional;
+import org.joda.time.DateTime;
+import org.joda.time.Duration;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.RegisterExtension;
+
+/** Tests for {@link DomainDeletionTimeCache}. */
+public class DomainDeletionTimeCacheTest {
+
+  private final FakeClock clock = new FakeClock(DateTime.parse("2025-10-01T00:00:00.000Z"));
+  private final DomainDeletionTimeCache cache = DomainDeletionTimeCache.create();
+
+  @RegisterExtension
+  final JpaTestExtensions.JpaIntegrationTestExtension jpa =
+      new JpaTestExtensions.Builder().withClock(clock).buildIntegrationTestExtension();
+
+  @BeforeEach
+  void beforeEach() {
+    DatabaseHelper.createTld("tld");
+  }
+
+  @Test
+  void testDomainAvailable_null() {
+    assertThat(getDeletionTimeFromCache("nonexistent.tld")).isEmpty();
+  }
+
+  @Test
+  void testDomainNotAvailable_notDeleted() {
+    persistActiveDomain("active.tld");
+    assertThat(getDeletionTimeFromCache("active.tld")).hasValue(END_OF_TIME);
+  }
+
+  @Test
+  void testDomainAvailable_deletedInFuture() {
+    persistDomainAsDeleted(persistActiveDomain("domain.tld"), clock.nowUtc().plusDays(1));
+    assertThat(getDeletionTimeFromCache("domain.tld")).hasValue(clock.nowUtc().plusDays(1));
+  }
+
+  @Test
+  void testCache_returnsOldData() {
+    Domain domain = persistActiveDomain("domain.tld");
+    assertThat(getDeletionTimeFromCache("domain.tld")).hasValue(END_OF_TIME);
+    persistDomainAsDeleted(domain, clock.nowUtc().plusDays(1));
+    // Without intervention, the cache should have the old data, even if a few minutes have passed
+    clock.advanceBy(Duration.standardMinutes(5));
+    assertThat(getDeletionTimeFromCache("domain.tld")).hasValue(END_OF_TIME);
+  }
+
+  @Test
+  void testCache_returnsNewDataAfterDomainCreate() {
+    // Null deletion dates (meaning an avilable domain) shouldn't be cached
+    assertThat(getDeletionTimeFromCache("domain.tld")).isEmpty();
+    persistDomainAsDeleted(persistActiveDomain("domain.tld"), clock.nowUtc().plusDays(1));
+    assertThat(getDeletionTimeFromCache("domain.tld")).hasValue(clock.nowUtc().plusDays(1));
+  }
+
+  @Test
+  void testCache_expires() {
+    Domain domain = persistActiveDomain("domain.tld");
+    assertThat(getDeletionTimeFromCache("domain.tld")).hasValue(END_OF_TIME);
+    DateTime elevenMinutesFromNow = clock.nowUtc().plusMinutes(11);
+    persistDomainAsDeleted(domain, elevenMinutesFromNow);
+    clock.advanceBy(Duration.standardMinutes(30));
+    assertThat(getDeletionTimeFromCache("domain.tld")).hasValue(elevenMinutesFromNow);
+  }
+
+  private Optional<DateTime> getDeletionTimeFromCache(String domainName) {
+    return tm().transact(() -> cache.getDeletionTimeForDomain(domainName));
+  }
+}

core/src/test/java/google/registry/module/frontend/FrontendTestComponent.java

@@ -20,6 +20,7 @@ import google.registry.config.CredentialModule;
 import google.registry.config.RegistryConfig;
 import google.registry.flows.ServerTridProviderModule;
 import google.registry.flows.custom.CustomLogicFactoryModule;
+import google.registry.flows.domain.DomainDeletionTimeCacheModule;
 import google.registry.groups.GmailModule;
 import google.registry.groups.GroupsModule;
 import google.registry.groups.GroupssettingsModule;
@@ -43,6 +44,7 @@ import jakarta.inject.Singleton;
       CredentialModule.class,
       CustomLogicFactoryModule.class,
       CloudTasksUtilsModule.class,
+      DomainDeletionTimeCacheModule.class,
       FrontendRequestComponent.FrontendRequestComponentModule.class,
       GmailModule.class,
       GroupsModule.class,

core/src/test/java/google/registry/tools/CreateCdnsTldTest.java

@@ -76,11 +76,37 @@ class CreateCdnsTldTest extends CommandTestCase<CreateCdnsTld> {
 
   @Test
   @MockitoSettings(strictness = Strictness.LENIENT)
-  void testSandboxTldRestrictions() {
+  void testSandboxTldRestrictions_Disallowed() {
     IllegalArgumentException thrown =
         assertThrows(
             IllegalArgumentException.class,
-            () -> runCommandInEnvironment(RegistryToolEnvironment.SANDBOX, "--dns_name=foobar."));
-    assertThat(thrown).hasMessageThat().contains("Sandbox TLDs must be of the form \"*.test.\"");
+            () ->
+                runCommandInEnvironment(
+                    RegistryToolEnvironment.SANDBOX,
+                    "--dns_name=foobar.",
+                    "--description=test run",
+                    "--force"));
+    assertThat(thrown)
+        .hasMessageThat()
+        .contains("Sandbox TLDs must be approved or in the form \"*.test.\"");
+  }
+
+  @Test
+  void testSandboxTldRestrictions_tldCheckSkipped() throws Exception {
+    runCommandInEnvironment(
+        RegistryToolEnvironment.SANDBOX,
+        "--dns_name=foobar.",
+        "--description=test run",
+        "--force",
+        "--skip_sandbox_tld_check");
+  }
+
+  @Test
+  void testSandboxTldRestrictions_testTld() throws Exception {
+    runCommandInEnvironment(
+        RegistryToolEnvironment.SANDBOX,
+        "--dns_name=abc.test.",
+        "--description=test run",
+        "--force");
   }
 }

core/src/test/java/google/registry/tools/GenerateAllocationTokensCommandTest.java

@@ -39,6 +39,7 @@ import google.registry.model.domain.fee.FeeQueryCommandExtensionItem.CommandName
 import google.registry.model.domain.token.AllocationToken;
 import google.registry.model.domain.token.AllocationToken.TokenStatus;
 import google.registry.model.reporting.HistoryEntry.HistoryEntryId;
+import google.registry.testing.DatabaseHelper;
 import google.registry.testing.DeterministicStringGenerator;
 import google.registry.testing.DeterministicStringGenerator.Rule;
 import google.registry.util.StringGenerator.Alphabets;
@@ -56,6 +57,7 @@ class GenerateAllocationTokensCommandTest extends CommandTestCase<GenerateAlloca
 
   @BeforeEach
   void beforeEach() {
+    DatabaseHelper.createTlds("tld", "example");
     command.stringGenerator = new DeterministicStringGenerator(Alphabets.BASE_58);
   }
 
@@ -531,6 +533,26 @@ class GenerateAllocationTokensCommandTest extends CommandTestCase<GenerateAlloca
         .isEqualTo("For DEFAULT_PROMO tokens, must specify --token_status_transitions");
   }
 
+  @Test
+  void testFailure_badTld() {
+    assertThat(
+            assertThrows(
+                IllegalArgumentException.class,
+                () -> runCommand("--number", "10", "--allowed_tlds", "badtld")))
+        .hasMessageThat()
+        .isEqualTo("Unknown REAL TLD(s) [badtld]");
+  }
+
+  @Test
+  void testFailure_badRegistrar() {
+    assertThat(
+            assertThrows(
+                IllegalArgumentException.class,
+                () -> runCommand("--number", "10", "--allowed_client_ids", "badregistrar")))
+        .hasMessageThat()
+        .isEqualTo("Unknown registrar ID(s) [badregistrar]");
+  }
+
   private AllocationToken createToken(
       String token,
       @Nullable HistoryEntryId redemptionHistoryEntryId,

core/src/test/java/google/registry/tools/UpdateAllocationTokensCommandTest.java

@@ -40,14 +40,21 @@ import google.registry.model.domain.fee.FeeQueryCommandExtensionItem.CommandName
 import google.registry.model.domain.token.AllocationToken;
 import google.registry.model.domain.token.AllocationToken.RegistrationBehavior;
 import google.registry.model.domain.token.AllocationToken.TokenStatus;
+import google.registry.testing.DatabaseHelper;
 import org.joda.money.CurrencyUnit;
 import org.joda.money.Money;
 import org.joda.time.DateTime;
+import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 
 /** Unit tests for {@link UpdateAllocationTokensCommand}. */
 class UpdateAllocationTokensCommandTest extends CommandTestCase<UpdateAllocationTokensCommand> {
 
+  @BeforeEach
+  void beforeEach() {
+    DatabaseHelper.createTlds("tld", "example");
+  }
+
   @Test
   void testUpdateTlds_setTlds() throws Exception {
     AllocationToken token =
@@ -64,14 +71,24 @@ class UpdateAllocationTokensCommandTest extends CommandTestCase<UpdateAllocation
     assertThat(reloadResource(token).getAllowedTlds()).isEmpty();
   }
 
+  @Test
+  void testUpdateTlds_badTlds() {
+    persistResource(builderWithPromo().build());
+    assertThat(
+            assertThrows(
+                IllegalArgumentException.class, () -> runCommandForced("--allowed_tlds=badtld")))
+        .hasMessageThat()
+        .isEqualTo("Unknown REAL TLD(s) [badtld]");
+  }
+
   @Test
   void testUpdateClientIds_setClientIds() throws Exception {
     AllocationToken token =
         persistResource(
             builderWithPromo().setAllowedRegistrarIds(ImmutableSet.of("toRemove")).build());
-    runCommandForced("--prefix", "token", "--allowed_client_ids", "clientone,clienttwo");
+    runCommandForced("--prefix", "token", "--allowed_client_ids", "TheRegistrar,NewRegistrar");
     assertThat(reloadResource(token).getAllowedRegistrarIds())
-        .containsExactly("clientone", "clienttwo");
+        .containsExactly("TheRegistrar", "NewRegistrar");
   }
 
   @Test
@@ -83,6 +100,17 @@ class UpdateAllocationTokensCommandTest extends CommandTestCase<UpdateAllocation
     assertThat(reloadResource(token).getAllowedRegistrarIds()).isEmpty();
   }
 
+  @Test
+  void testUpdateClientIds_badClientId() {
+    persistResource(builderWithPromo().build());
+    assertThat(
+            assertThrows(
+                IllegalArgumentException.class,
+                () -> runCommandForced("--allowed_client_ids=badregistrar")))
+        .hasMessageThat()
+        .isEqualTo("Unknown registrar ID(s) [badregistrar]");
+  }
+
   @Test
   void testUpdateEppActions_setEppActions() throws Exception {
     AllocationToken token =

core/src/test/java/google/registry/ui/server/console/ConsoleHistoryDataActionTest.java

@@ -40,8 +40,10 @@ import org.junit.jupiter.api.Test;
 
 class ConsoleHistoryDataActionTest extends ConsoleActionBaseTestCase {
 
+  private static final String SUPPORT_EMAIL = "supportEmailTest@test.com";
   private static final Gson GSON = new Gson();
   private User noPermissionUser;
+  private User registrarPrimaryUser;
 
   @BeforeEach
   void beforeEach() {
@@ -56,6 +58,17 @@ class ConsoleHistoryDataActionTest extends ConsoleActionBaseTestCase {
                         .build())
                 .build());
 
+    registrarPrimaryUser =
+        DatabaseHelper.persistResource(
+            new User.Builder()
+                .setEmailAddress("primary@example.com")
+                .setUserRoles(
+                    new UserRoles.Builder()
+                        .setRegistrarRoles(
+                            ImmutableMap.of("TheRegistrar", RegistrarRole.PRIMARY_CONTACT))
+                        .build())
+                .build());
+
     DatabaseHelper.persistResources(
         ImmutableList.of(
             new ConsoleUpdateHistory.Builder()
@@ -85,7 +98,7 @@ class ConsoleHistoryDataActionTest extends ConsoleActionBaseTestCase {
   }
 
   @Test
-  void testSuccess_getByRegistrar() {
+  void testSuccess_getByRegistrar_notAnonymizedForSupportUser() {
     ConsoleHistoryDataAction action =
         createAction(AuthResult.createUser(fteUser), "TheRegistrar", Optional.empty());
     action.run();
@@ -93,6 +106,35 @@ class ConsoleHistoryDataActionTest extends ConsoleActionBaseTestCase {
     List<Map<String, Object>> payload = GSON.fromJson(response.getPayload(), List.class);
     assertThat(payload.stream().map(record -> record.get("description")).collect(toImmutableList()))
         .containsExactly("TheRegistrar|Some change", "TheRegistrar|Another change");
+
+    // Assert that the support user sees the real acting users
+    List<String> actingUserEmails =
+        payload.stream()
+            .map(record -> (Map<String, Object>) record.get("actingUser"))
+            .map(userMap -> (String) userMap.get("emailAddress"))
+            .collect(toImmutableList());
+
+    assertThat(actingUserEmails).containsExactly("fte@email.tld", "no.perms@example.com");
+  }
+
+  @Test
+  void testSuccess_getByRegistrar_anonymizedForRegistrarUser() {
+    ConsoleHistoryDataAction action =
+        createAction(AuthResult.createUser(registrarPrimaryUser), "TheRegistrar", Optional.empty());
+    action.run();
+    assertThat(response.getStatus()).isEqualTo(SC_OK);
+    List<Map<String, Object>> payload = GSON.fromJson(response.getPayload(), List.class);
+    assertThat(payload.stream().map(record -> record.get("description")).collect(toImmutableList()))
+        .containsExactly("TheRegistrar|Some change", "TheRegistrar|Another change");
+
+    // Assert that the registrar user sees the anonymized support user
+    List<String> actingUserEmails =
+        payload.stream()
+            .map(record -> (Map<String, Object>) record.get("actingUser"))
+            .map(userMap -> (String) userMap.get("emailAddress"))
+            .collect(toImmutableList());
+
+    assertThat(actingUserEmails).containsExactly(SUPPORT_EMAIL, "no.perms@example.com");
   }
 
   @Test
@@ -104,6 +146,13 @@ class ConsoleHistoryDataActionTest extends ConsoleActionBaseTestCase {
     List<Map<String, Object>> payload = GSON.fromJson(response.getPayload(), List.class);
     assertThat(payload.stream().map(record -> record.get("description")).collect(toImmutableList()))
         .containsExactly("TheRegistrar|Some change", "OtherRegistrar|Some change");
+
+    List<String> actingUserEmails =
+        payload.stream()
+            .map(record -> (Map<String, Object>) record.get("actingUser"))
+            .map(userMap -> (String) userMap.get("emailAddress"))
+            .collect(toImmutableList());
+    assertThat(actingUserEmails).containsExactly("fte@email.tld", "fte@email.tld");
   }
 
   @Test
@@ -148,6 +197,7 @@ class ConsoleHistoryDataActionTest extends ConsoleActionBaseTestCase {
     consoleApiParams = ConsoleApiParamsUtils.createFake(authResult);
     when(consoleApiParams.request().getMethod()).thenReturn("GET");
     response = (FakeResponse) consoleApiParams.response();
-    return new ConsoleHistoryDataAction(consoleApiParams, registrarId, consoleUserEmail);
+    return new ConsoleHistoryDataAction(
+        consoleApiParams, SUPPORT_EMAIL, registrarId, consoleUserEmail);
   }
 }

db/build.gradle

@@ -260,7 +260,7 @@ if (project.baseSchemaTag != '') {
 
   // Checks if Flyway scripts can be deployed to an existing database with
   // an older release. Please refer to SchemaTest.java for more information.
-  task schemaIncrementalDeployTest(dependsOn: processResources, type: Test) {
+  task schemaIncrementalDeployTest(dependsOn: processTestResources, type: Test) {
     useJUnitPlatform()
     include 'google/registry/sql/flyway/SchemaTest.*'
     classpath = configurations.testRuntimeClasspath

db/src/main/resources/sql/er_diagram/brief_er_diagram.html

@@ -261,11 +261,11 @@ td.section {
     </tr>
     <tr>
      <td class="property_name">generated on</td>
-     <td class="property_value">2025-09-29 21:19:42</td>
+     <td class="property_value">2025-10-10 17:24:50</td>
     </tr>
     <tr>
      <td class="property_name">last flyway file</td>
-     <td id="lastFlywayFile" class="property_value">V209__poll_message_hash.sql</td>
+     <td id="lastFlywayFile" class="property_value">V213__graceperiodhistory_history_revision_id_hash.sql</td>
     </tr>
    </tbody>
   </table>
@@ -273,7 +273,7 @@ td.section {
   <p>&nbsp;</p>
   <svg viewBox="0.00 0.00 4903.00 3732.00" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" id="erDiagram" style="overflow: hidden; width: 100%; height: 800px">
    <g id="graph0" class="graph" transform="scale(1 1) rotate(0) translate(4 3728)">
-    <title>SchemaCrawler_Diagram</title> <polygon fill="white" stroke="transparent" points="-4,4 -4,-3728 4899,-3728 4899,4 -4,4" /> <text text-anchor="start" x="4655" y="-29.8" font-family="Helvetica,sans-Serif" font-size="14.00">generated by</text> <text text-anchor="start" x="4738" y="-29.8" font-family="Helvetica,sans-Serif" font-size="14.00">SchemaCrawler 16.27.1</text> <text text-anchor="start" x="4654" y="-10.8" font-family="Helvetica,sans-Serif" font-size="14.00">generated on</text> <text text-anchor="start" x="4738" y="-10.8" font-family="Helvetica,sans-Serif" font-size="14.00">2025-09-29 21:19:42</text> <polygon fill="none" stroke="#888888" points="4651,-4 4651,-44 4887,-44 4887,-4 4651,-4" /> <!-- allocationtoken_a08ccbef -->
+    <title>SchemaCrawler_Diagram</title> <polygon fill="white" stroke="transparent" points="-4,4 -4,-3728 4899,-3728 4899,4 -4,4" /> <text text-anchor="start" x="4655" y="-29.8" font-family="Helvetica,sans-Serif" font-size="14.00">generated by</text> <text text-anchor="start" x="4738" y="-29.8" font-family="Helvetica,sans-Serif" font-size="14.00">SchemaCrawler 16.27.1</text> <text text-anchor="start" x="4654" y="-10.8" font-family="Helvetica,sans-Serif" font-size="14.00">generated on</text> <text text-anchor="start" x="4738" y="-10.8" font-family="Helvetica,sans-Serif" font-size="14.00">2025-10-10 17:24:50</text> <polygon fill="none" stroke="#888888" points="4651,-4 4651,-44 4887,-44 4887,-4 4651,-4" /> <!-- allocationtoken_a08ccbef -->
     <g id="node1" class="node">
      <title>allocationtoken_a08ccbef</title> <polygon fill="#e9c2f2" stroke="transparent" points="481.5,-978 481.5,-997 667.5,-997 667.5,-978 481.5,-978" /> <text text-anchor="start" x="483.5" y="-984.8" font-family="Helvetica,sans-Serif" font-weight="bold" font-style="italic" font-size="14.00">public."AllocationToken"</text> <polygon fill="#e9c2f2" stroke="transparent" points="667.5,-978 667.5,-997 741.5,-997 741.5,-978 667.5,-978" /> <text text-anchor="start" x="702.5" y="-983.8" font-family="Helvetica,sans-Serif" font-size="14.00">[table]</text> <text text-anchor="start" x="483.5" y="-965.8" font-family="Helvetica,sans-Serif" font-weight="bold" font-style="italic" font-size="14.00">token</text> <text text-anchor="start" x="661.5" y="-964.8" font-family="Helvetica,sans-Serif" font-size="14.00"> </text> <text text-anchor="start" x="669.5" y="-964.8" font-family="Helvetica,sans-Serif" font-size="14.00">text not null</text> <text text-anchor="start" x="483.5" y="-945.8" font-family="Helvetica,sans-Serif" font-size="14.00">domain_name</text> <text text-anchor="start" x="661.5" y="-945.8" font-family="Helvetica,sans-Serif" font-size="14.00"> </text> <text text-anchor="start" x="669.5" y="-945.8" font-family="Helvetica,sans-Serif" font-size="14.00">text</text> <text text-anchor="start" x="483.5" y="-926.8" font-family="Helvetica,sans-Serif" font-size="14.00">redemption_domain_repo_id</text> <text text-anchor="start" x="661.5" y="-926.8" font-family="Helvetica,sans-Serif" font-size="14.00"> </text> <text text-anchor="start" x="669.5" y="-926.8" font-family="Helvetica,sans-Serif" font-size="14.00">text</text> <text text-anchor="start" x="483.5" y="-907.8" font-family="Helvetica,sans-Serif" font-size="14.00">token_type</text> <text text-anchor="start" x="661.5" y="-907.8" font-family="Helvetica,sans-Serif" font-size="14.00"> </text> <text text-anchor="start" x="669.5" y="-907.8" font-family="Helvetica,sans-Serif" font-size="14.00">text</text> <polygon fill="none" stroke="#888888" points="480.5,-901.5 480.5,-998.5 742.5,-998.5 742.5,-901.5 480.5,-901.5" />
     </g>

db/src/main/resources/sql/flyway.txt

@@ -207,3 +207,7 @@ V206__grace_period_hash.sql
 V207__grace_period_history_hash.sql
 V208__host_hash.sql
 V209__poll_message_hash.sql
+V210__allocationtoken_token_hash.sql
+V211__domainhistoryhost_history_revision_id_hash.sql
+V212__domaindsdatahistory_history_revision_id_hash.sql
+V213__graceperiodhistory_history_revision_id_hash.sql

db/src/main/resources/sql/flyway/V210__allocationtoken_token_hash.sql

@@ -0,0 +1,16 @@
+-- Copyright 2025 The Nomulus Authors. All Rights Reserved.
+--
+-- Licensed under the Apache License, Version 2.0 (the "License");
+-- you may not use this file except in compliance with the License.
+-- You may obtain a copy of the License at
+--
+--     http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing, software
+-- distributed under the License is distributed on an "AS IS" BASIS,
+-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+-- See the License for the specific language governing permissions and
+-- limitations under the License.
+
+-- Add hash indexes on columns that are commonly queried with a direct equals
+CREATE INDEX CONCURRENTLY IF NOT EXISTS allocationtoken_token_hash ON "AllocationToken" USING hash (token);

db/src/main/resources/sql/flyway/V211__domainhistoryhost_history_revision_id_hash.sql

@@ -0,0 +1,17 @@
+-- Copyright 2025 The Nomulus Authors. All Rights Reserved.
+--
+-- Licensed under the Apache License, Version 2.0 (the "License");
+-- you may not use this file except in compliance with the License.
+-- You may obtain a copy of the License at
+--
+--     http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing, software
+-- distributed under the License is distributed on an "AS IS" BASIS,
+-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+-- See the License for the specific language governing permissions and
+-- limitations under the License.
+
+-- Add hash indexes on columns that are commonly queried with a direct equals
+CREATE INDEX CONCURRENTLY IF NOT EXISTS domainhistoryhost_domain_history_history_revision_id_hash ON "DomainHistoryHost"
+  USING hash (domain_history_history_revision_id);

db/src/main/resources/sql/flyway/V212__domaindsdatahistory_history_revision_id_hash.sql

@@ -0,0 +1,17 @@
+-- Copyright 2025 The Nomulus Authors. All Rights Reserved.
+--
+-- Licensed under the Apache License, Version 2.0 (the "License");
+-- you may not use this file except in compliance with the License.
+-- You may obtain a copy of the License at
+--
+--     http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing, software
+-- distributed under the License is distributed on an "AS IS" BASIS,
+-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+-- See the License for the specific language governing permissions and
+-- limitations under the License.
+
+-- Add hash indexes on columns that are commonly queried with a direct equals
+CREATE INDEX CONCURRENTLY IF NOT EXISTS domaindsdatahistory_domain_history_revision_id_hash ON "DomainDsDataHistory"
+  USING hash (domain_history_revision_id);

db/src/main/resources/sql/flyway/V213__graceperiodhistory_history_revision_id_hash.sql

@@ -0,0 +1,17 @@
+-- Copyright 2025 The Nomulus Authors. All Rights Reserved.
+--
+-- Licensed under the Apache License, Version 2.0 (the "License");
+-- you may not use this file except in compliance with the License.
+-- You may obtain a copy of the License at
+--
+--     http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing, software
+-- distributed under the License is distributed on an "AS IS" BASIS,
+-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+-- See the License for the specific language governing permissions and
+-- limitations under the License.
+
+-- Add hash indexes on columns that are commonly queried with a direct equals
+CREATE INDEX CONCURRENTLY IF NOT EXISTS graceperiodhistory_domain_history_revision_id_hash ON "GracePeriodHistory" USING
+  hash (domain_history_revision_id);

db/src/main/resources/sql/schema/nomulus.golden.sql

@@ -1924,6 +1924,13 @@ ALTER TABLE ONLY public."User"
 CREATE INDEX allocation_token_domain_name_idx ON public."AllocationToken" USING btree (domain_name);
 
 
+--
+-- Name: allocationtoken_token_hash; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX allocationtoken_token_hash ON public."AllocationToken" USING hash (token);
+
+
 --
 -- Name: billingcancellation_billing_cancellation_id_hash; Type: INDEX; Schema: public; Owner: -
 --
@@ -1980,6 +1987,13 @@ CREATE INDEX domain_history_to_ds_data_history_idx ON public."DomainDsDataHistor
 CREATE INDEX domain_history_to_transaction_record_idx ON public."DomainTransactionRecord" USING btree (domain_repo_id, history_revision_id);
 
 
+--
+-- Name: domaindsdatahistory_domain_history_revision_id_hash; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX domaindsdatahistory_domain_history_revision_id_hash ON public."DomainDsDataHistory" USING hash (domain_history_revision_id);
+
+
 --
 -- Name: domainhistory_domain_repo_id_hash; Type: INDEX; Schema: public; Owner: -
 --
@@ -1994,6 +2008,13 @@ CREATE INDEX domainhistory_domain_repo_id_hash ON public."DomainHistory" USING h
 CREATE INDEX domainhistory_history_revision_id_hash ON public."DomainHistory" USING hash (history_revision_id);
 
 
+--
+-- Name: domainhistoryhost_domain_history_history_revision_id_hash; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX domainhistoryhost_domain_history_history_revision_id_hash ON public."DomainHistoryHost" USING hash (domain_history_history_revision_id);
+
+
 --
 -- Name: domainhost_domain_repo_id_hash; Type: INDEX; Schema: public; Owner: -
 --
@@ -2029,6 +2050,13 @@ CREATE INDEX graceperiod_domain_repo_id_hash ON public."GracePeriod" USING hash
 CREATE INDEX graceperiod_grace_period_id_hash ON public."GracePeriod" USING hash (grace_period_id);
 
 
+--
+-- Name: graceperiodhistory_domain_history_revision_id_hash; Type: INDEX; Schema: public; Owner: -
+--
+
+CREATE INDEX graceperiodhistory_domain_history_revision_id_hash ON public."GracePeriodHistory" USING hash (domain_history_revision_id);
+
+
 --
 -- Name: graceperiodhistory_grace_period_history_revision_id_hash; Type: INDEX; Schema: public; Owner: -
 --

gradle.properties

@@ -7,7 +7,7 @@
 # nom_build), run ./nom_build --help.
 #
 # DO NOT EDIT THIS FILE BY HAND
-org.gradle.jvmargs=-Xmx1024m
+org.gradle.jvmargs=-Xmx2048m
 org.gradle.caching=true
 org.gradle.parallel=true
 mavenUrl=

release/cloudbuild-release.yaml

@@ -42,6 +42,20 @@ steps:
     rm -rf .git && rm -rf nomulus-internal/.git
     cp -rf nomulus-internal/* .
     rm -rf nomulus-internal
+# Remove environment configs from .gitignore
+- name: 'gcr.io/cloud-builders/git'
+  entrypoint: /bin/bash
+  args:
+  - -c
+  - |
+    set -e
+    sed -i \
+        -e '\#core/src/main/java/google/registry/config/files/nomulus-config-alpha.yaml#d' \
+        -e '\#core/src/main/java/google/registry/config/files/nomulus-config-crash.yaml#d' \
+        -e '\#core/src/main/java/google/registry/config/files/nomulus-config-production.yaml#d' \
+        -e '\#core/src/main/java/google/registry/config/files/nomulus-config-qa.yaml#d' \
+        -e '\#core/src/main/java/google/registry/config/files/nomulus-config-sandbox.yaml#d' \
+        .gitignore
 # Build the builder image and pull the base images, them upload them to GCR.
 - name: 'gcr.io/cloud-builders/docker'
   entrypoint: /bin/bash
@@ -266,27 +280,25 @@ steps:
     rm ${gradle_bin}
     sed -i s%services.gradle.org/distributions%storage.googleapis.com/${gcs_loc}% \
       gradle/wrapper/gradle-wrapper.properties
-# Check out the release repo.
+# Conditionally trigger the appropriate build based on the tag format.
 - name: 'gcr.io/cloud-builders/gcloud'
-  args: ['source', 'repos', 'clone', 'nomulus-release']
-# Tag and check in the release repo.
-- name: 'gcr.io/cloud-builders/git'
-  entrypoint: /bin/bash
+  entrypoint: 'bash'
   args:
   - -c
   - |
     set -e
-    rm -rf gcompute-tools
-    cp -rf nomulus-release/.git .
-    rm -rf nomulus-release
-    git config --global user.name "Cloud Build"
-    git config --global user.email \
-      $(gcloud auth list --format='get(account)' --filter=active)
-    git add .
-    git commit -m "Release commit for tag ${TAG_NAME}"
-    git push -o nokeycheck origin master
-    git tag ${TAG_NAME}
-    git push -o nokeycheck origin ${TAG_NAME}
+    # Check for a nomulus release tag (e.g., "v1.2.3")
+    if [[ "${TAG_NAME}" =~ ^nomulus-20[0-9]{2}[0-1][0-9][0-3][0-9]-RC[0-9]{2}$ ]]; then
+      echo "Tag format matches a nomulus release. Triggering nomulus build..."
+      gcloud builds submit . --config=release/cloudbuild-nomulus.yaml --substitutions=TAG_NAME=$TAG_NAME
+    # Check for a proxy release tag (e.g., "proxy-v1.2.3")
+    elif [[ "${TAG_NAME}" =~ ^proxy-20[0-9]{2}[0-1][0-9][0-3][0-9]-RC[0-9]{2}$ ]]; then
+      echo "Tag format matches a proxy release. Triggering proxy build..."
+      gcloud builds submit . --config=release/cloudbuild-proxy.yaml --substitutions=TAG_NAME=$TAG_NAME
+    else
+      echo "Tag format '$TAG_NAME' does not match a known release type. Exiting."
+      exit 1
+    fi
 timeout: 3600s
 options:
   machineType: 'E2_HIGHCPU_32'