Remove the concept of a GAE service endpoint (#2869)

We don't need to support the mix of GAE and GKE any more so we can get
rid of the GaeService bits and unify everything under one constant
service. This also allows us to reduce the number of services down to
four (FE, BE, PUBAPI, console) which is nice.

.gitignore

@@ -121,9 +121,5 @@ core/**/registrar_dbg*.js
 core/**/registrar_bin*.css
 core/**/registrar_dbg*.css
 
-# Appengine generated files
-core/WEB-INF/appengine-generated/*.bin
-core/WEB-INF/appengine-generated/*.xml
-
 # jEnv
 .java-version

appengine_war.gradle

@@ -1,108 +0,0 @@
-// Copyright 2019 The Nomulus Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-apply plugin: 'war'
-
-def environment = rootProject.environment
-def gcpProject = rootProject.gcpProject
-
-// Set this directory before applying the appengine plugin so that the
-// plugin will recognize this as an app-engine standard app (and also
-// obtains the appengine-web.xml from the correct location)
-project.convention.plugins['war'].webAppDirName =
-        "../../core/src/main/java/google/registry/env/${environment}/${project.name}"
-
-apply plugin: 'com.google.cloud.tools.appengine'
-
-def coreResourcesDir = "${rootDir}/core/build/resources/main"
-def coreLibsDir = "${rootDir}/core/build/libs"
-
-// Get the web.xml file for the service.
-war {
-    webInf {
-        from "../../core/src/main/java/google/registry/env/common/${project.name}/WEB-INF"
-    }
-}
-
-war {
-    from("${coreResourcesDir}/google/registry/ui/html") {
-        include "*.html"
-    }
-    from("${coreLibsDir}") {
-        include "core.jar"
-        into("WEB-INF/lib")
-    }
-}
-
-if (project.path == ":services:default") {
-    war {
-        from("${coreResourcesDir}/google/registry/ui/html") {
-            include "*.html"
-            into("registrar")
-        }
-    }
-}
-
-appengine {
-    deploy {
-        // appengineDeployAll task requires the version to be set. So,
-        // this config lets gcloud select a version name when deploying
-        // to alpha or sandbox from our workstation.
-        if (!rootProject.prodOrSandboxEnv) {
-            version = 'GCLOUD_CONFIG'
-        }
-
-        // Don't set gcpProject directly, it gets overriden in ./build.gradle.
-        // Do -P environment={crash,alpha} instead.  For sandbox/production,
-        // use Spinnaker.
-        projectId = gcpProject
-    }
-}
-
-dependencies {
-    implementation project(path: ':core', configuration: 'deploy_jar')
-}
-
-// The tools.jar file gets pulled in from the java environment and for some
-// reason gets exploded "readonly", causing subsequent builds to fail when
-// they can't overwrite it.  The hack below makes the file writable after
-// we're done exploding it.
-//
-// Fun fact: We only use this jar for documentation generation and as such we
-// don't need it in our warfile, as it is not used by the application at
-// runtime.  But it's not clear how to exclude it, as we seem to be
-// constructing the jar from the entire WEB-INF directory and per-file
-// exclude rules don't seem to work on it.  Better solutions are welcome :-)
-explodeWar.doLast {
-    file("${it.explodedAppDirectory}/WEB-INF/lib/tools.jar").setWritable(true)
-}
-
-appengineDeployAll.mustRunAfter ':console-webapp:deploy'
-appengineDeployAll.finalizedBy ':deployCloudSchedulerAndQueue'
-
-rootProject.stage.dependsOn appengineStage
-tasks['war'].dependsOn ':core:processResources'
-tasks['war'].dependsOn ':core:jar'
-
-// Impose verification for all of the deployment tasks.  We haven't found a
-// better way to do this other than to apply to each of them independently.
-// If a new task gets added, it will still fail if "environment"  is not defined
-// because gcpProject is null.  We just won't get as friendly an error message.
-appengineDeployAll.configure rootProject.verifyDeploymentConfig
-appengineDeploy.configure rootProject.verifyDeploymentConfig
-appengineDeployCron.configure rootProject.verifyDeploymentConfig
-appengineDeployDispatch.configure rootProject.verifyDeploymentConfig
-appengineDeployDos.configure rootProject.verifyDeploymentConfig
-appengineDeployIndex.configure rootProject.verifyDeploymentConfig
-appengineDeployQueue.configure rootProject.verifyDeploymentConfig

build.gradle

@@ -331,9 +331,6 @@ subprojects {
 
   // Set up all of the deployment projects.
   if (services.contains(project.path)) {
-
-    apply from: "${rootDir.path}/appengine_war.gradle"
-
     // Return early, do not apply the settings below.
     return
   }
@@ -380,17 +377,6 @@ subprojects {
   }
 }
 
-// Force SDK download and deployment to be sequential, otherwise parallel tasks
-// will fail. For SDK download, they will try to write to the same location to
-// upgrade gcloud. For deployment, they will try to deploy different services to
-// the same project at the same time.
-for (int i = 1; i < services.size(); i++) {
-  project("${services[i]}").downloadCloudSdk
-          .dependsOn(project("${services[i - 1]}").downloadCloudSdk)
-  project("${services[i]}").appengineDeployAll
-          .dependsOn(project("${services[i - 1]}").appengineDeployAll)
-}
-
 // If "-P verboseTestOutput=true" is passed in, configure all subprojects to dump all of their
 // output and final test status (pass/fail, errors) for each test class.
 //

config/nom_build.py

@@ -56,7 +56,7 @@ PROPERTIES_HEADER = """\
 # nom_build), run ./nom_build --help.
 #
 # DO NOT EDIT THIS FILE BY HAND
-org.gradle.jvmargs=-Xmx1024m
+org.gradle.jvmargs=-Xmx2048m
 org.gradle.caching=true
 org.gradle.parallel=true
 """

config/presubmits.py

@@ -105,9 +105,8 @@ PRESUBMITS = {
     # System.(out|err).println should only appear in tools/ or load-testing/
     PresubmitCheck(
         r".*\bSystem\.(out|err)\.print", "java", {
-            "StackdriverDashboardBuilder.java", "/tools/", "/example/",
-            "/load-testing/", "RegistryTestServerMain.java",
-            "TestServerExtension.java", "FlowDocumentationTool.java"
+            "/tools/", "/example/", "/load-testing/",
+            "RegistryTestServerMain.java", "TestServerExtension.java"
         }):
         "System.(out|err).println is only allowed in tools/ packages. Please "
         "use a logger instead.",
@@ -120,7 +119,7 @@ PRESUBMITS = {
     ):
         "In SOY please use the ({@param name: string} /** User name. */) style"
         " parameter passing instead of the ( * @param name User name.) style "
-        "parameter pasing.",
+        "parameter passing.",
     PresubmitCheck(
         r'.*\{[^}]+\w+:\s+"',
         "soy",
@@ -139,41 +138,6 @@ PRESUBMITS = {
         {},
     ):
         "All soy templates must use strict autoescaping",
-
-    # various JS linting checks
-    PresubmitCheck(
-        r".*goog\.base\(",
-        "js",
-        {"/node_modules/"},
-    ):
-        "Use of goog.base is not allowed.",
-    PresubmitCheck(
-        r".*goog\.dom\.classes",
-        "js",
-        {"/node_modules/"},
-    ):
-        "Instead of goog.dom.classes, use goog.dom.classlist which is smaller "
-        "and faster.",
-    PresubmitCheck(
-        r".*goog\.getMsg",
-        "js",
-        {"/node_modules/"},
-    ):
-        "Put messages in Soy, instead of using goog.getMsg().",
-    PresubmitCheck(
-        r".*(innerHTML|outerHTML)\s*(=|[+]=)([^=]|$)",
-        "js",
-        {"/node_modules/", "registrar_bin."},
-    ):
-        "Do not assign directly to the dom. Use goog.dom.setTextContent to set"
-        " to plain text, goog.dom.removeChildren to clear, or "
-        "soy.renderElement to render anything else",
-    PresubmitCheck(
-        r".*console\.(log|info|warn|error)",
-        "js",
-        {"/node_modules/", "google/registry/ui/js/util.js", "registrar_bin."},
-    ):
-        "JavaScript files should not include console logging.",
     PresubmitCheck(
         r".*\nimport (static )?.*\.shaded\..*",
         "java",
@@ -303,26 +267,6 @@ def verify_flyway_index():
   return not success
 
 
-def verify_javascript_deps():
-  """Verifies that we haven't introduced any new javascript dependencies."""
-  with open('package.json') as f:
-    package = json.load(f)
-
-  deps = list(package['dependencies'].keys())
-  if deps != EXPECTED_JS_PACKAGES:
-    print('Unexpected javascript dependencies.  Was expecting '
-          '%s, got %s.' % (EXPECTED_JS_PACKAGES, deps))
-    print(textwrap.dedent("""
-        * If the new dependencies are intentional, please verify that the
-        * license is one of the allowed licenses (see
-        * config/dependency-license/allowed_licenses.json) and add an entry
-        * for the package (with the license in a comment) to the
-        * EXPECTED_JS_PACKAGES variable in config/presubmits.py.
-        """))
-    return True
-  return False
-
-
 def get_files():
   for root, dirnames, filenames in os.walk("."):
     for filename in filenames:
@@ -347,8 +291,5 @@ if __name__ == "__main__":
   # when we put it here it fails fast before all of the tests are run.
   failed |= verify_flyway_index()
 
-  # Make sure we haven't introduced any javascript dependencies.
-  failed |= verify_javascript_deps()
-
   if failed:
     sys.exit(1)

console-webapp/src/app/history/historyList.component.ts

@@ -56,7 +56,7 @@ export class HistoryListComponent {
       return { main: 'N/A', detail: null };
     }
     const parts = description.split('|');
-    const detail = parts.length > 1 ? parts[1].replace(/_/g, ' ') : null;
+    const detail = parts.length > 1 ? parts[1].replace(/_/g, ' ') : parts[0];
 
     return {
       main: parts[0],

console-webapp/src/app/settings/contact/contact.service.ts

@@ -47,9 +47,9 @@ export interface Contact {
   registrarId?: string;
   faxNumber?: string;
   types: Array<contactType>;
-  visibleInWhoisAsAdmin?: boolean;
-  visibleInWhoisAsTech?: boolean;
-  visibleInDomainWhoisAsAbuse?: boolean;
+  visibleInRdapAsAdmin?: boolean;
+  visibleInRdapAsTech?: boolean;
+  visibleInDomainRdapAsAbuse?: boolean;
 }
 
 export interface ViewReadyContact extends Contact {

console-webapp/src/app/settings/contact/contactDetails.component.html

@@ -57,6 +57,11 @@
           [(ngModel)]="contactService.contactInEdit.emailAddress"
           [ngModelOptions]="{ standalone: true }"
           [disabled]="emailAddressIsDisabled()"
+          [matTooltip]="
+            emailAddressIsDisabled()
+              ? 'Reach out to registry customer support to update email address'
+              : ''
+          "
         />
       </mat-form-field>
 
@@ -84,6 +89,7 @@
       <h1>Contact Type</h1>
       <p class="console-app__contact-required">
         <mat-icon color="accent">error</mat-icon>Required to select at least one
+        (primary contact can't be updated)
       </p>
       <div class="">
         <ng-container
@@ -105,7 +111,7 @@
       <h1>RDAP Preferences</h1>
       <div>
         <mat-checkbox
-          [(ngModel)]="contactService.contactInEdit.visibleInWhoisAsAdmin"
+          [(ngModel)]="contactService.contactInEdit.visibleInRdapAsAdmin"
           [ngModelOptions]="{ standalone: true }"
           >Show in Registrar RDAP record as admin contact</mat-checkbox
         >
@@ -113,7 +119,7 @@
 
       <div>
         <mat-checkbox
-          [(ngModel)]="contactService.contactInEdit.visibleInWhoisAsTech"
+          [(ngModel)]="contactService.contactInEdit.visibleInRdapAsTech"
           [ngModelOptions]="{ standalone: true }"
           >Show in Registrar RDAP record as technical contact</mat-checkbox
         >
@@ -121,7 +127,7 @@
 
       <div>
         <mat-checkbox
-          [(ngModel)]="contactService.contactInEdit.visibleInDomainWhoisAsAbuse"
+          [(ngModel)]="contactService.contactInEdit.visibleInDomainRdapAsAbuse"
           [ngModelOptions]="{ standalone: true }"
           >Show Phone and Email in Domain RDAP Record as registrar abuse contact
           (per CL&D requirements)</mat-checkbox
@@ -183,24 +189,24 @@
         <mat-list-item role="listitem">
           <h2>RDAP Preferences</h2>
         </mat-list-item>
-        @if(contactService.contactInEdit.visibleInWhoisAsAdmin) {
+        @if(contactService.contactInEdit.visibleInRdapAsAdmin) {
         <mat-divider></mat-divider>
         <mat-list-item role="listitem">
           <span class="console-app__list-value"
             >Show in Registrar RDAP record as admin contact</span
           >
         </mat-list-item>
-        } @if(contactService.contactInEdit.visibleInWhoisAsTech) {
+        } @if(contactService.contactInEdit.visibleInRdapAsTech) {
         <mat-divider></mat-divider>
         <mat-list-item
           role="listitem"
-          *ngIf="contactService.contactInEdit.visibleInWhoisAsTech"
+          *ngIf="contactService.contactInEdit.visibleInRdapAsTech"
         >
           <span class="console-app__list-value"
             >Show in Registrar RDAP record as technical contact</span
           >
         </mat-list-item>
-        } @if(contactService.contactInEdit.visibleInDomainWhoisAsAbuse) {
+        } @if(contactService.contactInEdit.visibleInDomainRdapAsAbuse) {
         <mat-divider></mat-divider>
         <mat-list-item role="listitem">
           <span class="console-app__list-value"

console-webapp/src/app/users/userEditForm.component.html

@@ -29,7 +29,7 @@
           ></mat-label
         >
         <mat-select [(ngModel)]="user().role" name="userRole">
-          <mat-option value="PRIMARY_CONTACT">Editor</mat-option>
+          <mat-option value="TECH_CONTACT">Editor</mat-option>
           <mat-option value="ACCOUNT_MANAGER">Viewer</mat-option>
         </mat-select>
       </mat-form-field>

core/build.gradle

@@ -30,7 +30,6 @@ def screenshotsForGoldensDir = "${project.buildDir}/screenshots_for_goldens"
 def newGoldensDir = "${project.buildDir}/new_golden_images"
 def goldensDir =
   "${javaTestDir}/google/registry/webdriver/goldens/chrome-linux"
-def jsDir = "${project.projectDir}/src/main/javascript"
 
 // Tests that fail when running Gradle in a docker container, e. g. when
 // building the release artifacts in Google Cloud Build.
@@ -55,9 +54,6 @@ def dockerIncompatibleTestPatterns = [
 // objects retained by frameworks.
 // TODO(weiminyu): identify cause and fix offending tests.
 def fragileTestPatterns = [
-    // Changes cache timeouts and for some reason appears to have contention
-    // with other tests.
-    "google/registry/whois/WhoisCommandFactoryTest.*",
     // Breaks random other tests when running with standardTests.
     "google/registry/bsa/UploadBsaUnavailableDomainsActionTest.*",
     // Currently changes a global configuration parameter that for some reason

core/src/main/java/google/registry/batch/CannedScriptExecutionAction.java

@@ -20,7 +20,6 @@ import static java.nio.charset.StandardCharsets.UTF_8;
 
 import com.google.common.flogger.FluentLogger;
 import google.registry.request.Action;
-import google.registry.request.Action.GaeService;
 import google.registry.request.Parameter;
 import google.registry.request.Response;
 import google.registry.request.UrlConnectionService;
@@ -43,7 +42,7 @@ import javax.net.ssl.HttpsURLConnection;
  * --service BACKEND -X POST -u '/_dr/task/executeCannedScript}'}
  */
 @Action(
-    service = GaeService.BACKEND,
+    service = Action.Service.BACKEND,
     path = "/_dr/task/executeCannedScript",
     method = {POST, GET},
     automaticallyPrintOk = true,

core/src/main/java/google/registry/batch/CheckBulkComplianceAction.java

@@ -27,7 +27,6 @@ import google.registry.model.domain.token.AllocationToken;
 import google.registry.model.domain.token.BulkPricingPackage;
 import google.registry.model.registrar.Registrar;
 import google.registry.request.Action;
-import google.registry.request.Action.GaeService;
 import google.registry.request.auth.Auth;
 import google.registry.ui.server.SendEmailUtils;
 import google.registry.util.Clock;
@@ -39,7 +38,10 @@ import org.joda.time.Days;
  * An action that checks all {@link BulkPricingPackage} objects for compliance with their max create
  * limit.
  */
-@Action(service = GaeService.BACKEND, path = CheckBulkComplianceAction.PATH, auth = Auth.AUTH_ADMIN)
+@Action(
+    service = Action.Service.BACKEND,
+    path = CheckBulkComplianceAction.PATH,
+    auth = Auth.AUTH_ADMIN)
 public class CheckBulkComplianceAction implements Runnable {
 
   public static final String PATH = "/_dr/task/checkBulkCompliance";

core/src/main/java/google/registry/batch/CloudTasksUtils.java

@@ -43,7 +43,6 @@ import google.registry.config.CredentialModule.ApplicationDefaultCredential;
 import google.registry.config.RegistryConfig.Config;
 import google.registry.request.Action;
 import google.registry.request.Action.Method;
-import google.registry.request.Action.Service;
 import google.registry.util.Clock;
 import google.registry.util.CollectionUtils;
 import google.registry.util.GoogleCredentialsBundle;
@@ -175,7 +174,7 @@ public class CloudTasksUtils implements Serializable {
    *     the worker service</a>
    */
   protected Task createTask(
-      String path, Method method, Service service, Multimap<String, String> params) {
+      String path, Method method, Action.Service service, Multimap<String, String> params) {
     checkArgument(
         path != null && !path.isEmpty() && path.charAt(0) == '/',
         "The path must start with a '/'.");
@@ -231,9 +230,7 @@ public class CloudTasksUtils implements Serializable {
         method,
         actionClazz.getSimpleName(),
         allowedMethods);
-    Service service =
-        RegistryEnvironment.isOnJetty() ? Action.ServiceGetter.get(action) : action.service();
-    return createTask(path, method, service, params);
+    return createTask(path, method, action.service(), params);
   }
 
   /**
@@ -256,7 +253,7 @@ public class CloudTasksUtils implements Serializable {
   public Task createTaskWithJitter(
       String path,
       Method method,
-      Service service,
+      Action.Service service,
       Multimap<String, String> params,
       Optional<Integer> jitterSeconds) {
     if (jitterSeconds.isEmpty() || jitterSeconds.get() <= 0) {
@@ -297,9 +294,7 @@ public class CloudTasksUtils implements Serializable {
         "Action class %s is not annotated with @Action",
         actionClazz.getSimpleName());
     String path = action.path();
-    Service service =
-        RegistryEnvironment.isOnJetty() ? Action.ServiceGetter.get(action) : action.service();
-    return createTaskWithJitter(path, method, service, params, jitterSeconds);
+    return createTaskWithJitter(path, method, action.service(), params, jitterSeconds);
   }
 
   /**
@@ -319,7 +314,7 @@ public class CloudTasksUtils implements Serializable {
   private Task createTaskWithDelay(
       String path,
       Method method,
-      Service service,
+      Action.Service service,
       Multimap<String, String> params,
       Duration delay) {
     if (delay.isEqual(Duration.ZERO)) {
@@ -354,9 +349,7 @@ public class CloudTasksUtils implements Serializable {
       Duration delay) {
     Action action = getAction(actionClazz);
     String path = action.path();
-    Service service =
-        RegistryEnvironment.isOnJetty() ? Action.ServiceGetter.get(action) : action.service();
-    return createTaskWithDelay(path, method, service, params, delay);
+    return createTaskWithDelay(path, method, action.service(), params, delay);
   }
 
   private static Action getAction(Class<? extends Runnable> actionClazz) {

core/src/main/java/google/registry/batch/DeleteExpiredDomainsAction.java

@@ -37,7 +37,6 @@ import google.registry.model.eppcommon.ProtocolDefinition;
 import google.registry.model.eppoutput.EppOutput;
 import google.registry.persistence.transaction.QueryComposer.Comparator;
 import google.registry.request.Action;
-import google.registry.request.Action.GaeService;
 import google.registry.request.Response;
 import google.registry.request.auth.Auth;
 import google.registry.request.lock.LockHandler;
@@ -68,7 +67,7 @@ import org.joda.time.Duration;
  * this action runs, thus alerting us that human action is needed to correctly process the delete.
  */
 @Action(
-    service = GaeService.BACKEND,
+    service = Action.Service.BACKEND,
     path = DeleteExpiredDomainsAction.PATH,
     auth = Auth.AUTH_ADMIN)
 public class DeleteExpiredDomainsAction implements Runnable {

core/src/main/java/google/registry/batch/DeleteLoadTestDataAction.java

@@ -37,7 +37,6 @@ import google.registry.model.reporting.HistoryEntry;
 import google.registry.model.reporting.HistoryEntryDao;
 import google.registry.persistence.VKey;
 import google.registry.request.Action;
-import google.registry.request.Action.GaeService;
 import google.registry.request.Parameter;
 import google.registry.request.auth.Auth;
 import google.registry.util.Clock;
@@ -55,7 +54,7 @@ import jakarta.inject.Inject;
  * production.
  */
 @Action(
-    service = GaeService.BACKEND,
+    service = Action.Service.BACKEND,
     path = "/_dr/task/deleteLoadTestData",
     method = POST,
     auth = Auth.AUTH_ADMIN)

core/src/main/java/google/registry/batch/DeleteProberDataAction.java

@@ -42,7 +42,6 @@ import google.registry.model.domain.Domain;
 import google.registry.model.domain.DomainHistory;
 import google.registry.model.tld.Tld.TldType;
 import google.registry.request.Action;
-import google.registry.request.Action.GaeService;
 import google.registry.request.Parameter;
 import google.registry.request.auth.Auth;
 import google.registry.util.RegistryEnvironment;
@@ -59,7 +58,7 @@ import org.joda.time.Duration;
  * billing events, along with their ForeignKeyDomainIndex entities.
  */
 @Action(
-    service = GaeService.BACKEND,
+    service = Action.Service.BACKEND,
     path = "/_dr/task/deleteProberData",
     method = POST,
     auth = Auth.AUTH_ADMIN)

core/src/main/java/google/registry/batch/ExpandBillingRecurrencesAction.java

@@ -35,7 +35,6 @@ import google.registry.model.billing.BillingEvent;
 import google.registry.model.billing.BillingRecurrence;
 import google.registry.model.common.Cursor;
 import google.registry.request.Action;
-import google.registry.request.Action.GaeService;
 import google.registry.request.Parameter;
 import google.registry.request.Response;
 import google.registry.request.auth.Auth;
@@ -51,7 +50,7 @@ import org.joda.time.DateTime;
  * BillingRecurrence} billing events into synthetic {@link BillingEvent} events.
  */
 @Action(
-    service = GaeService.BACKEND,
+    service = Action.Service.BACKEND,
     path = "/_dr/task/expandBillingRecurrences",
     auth = Auth.AUTH_ADMIN)
 public class ExpandBillingRecurrencesAction implements Runnable {

core/src/main/java/google/registry/batch/RelockDomainAction.java

@@ -32,7 +32,6 @@ import google.registry.model.eppcommon.StatusValue;
 import google.registry.model.tld.RegistryLockDao;
 import google.registry.persistence.VKey;
 import google.registry.request.Action;
-import google.registry.request.Action.GaeService;
 import google.registry.request.Parameter;
 import google.registry.request.Response;
 import google.registry.request.auth.Auth;
@@ -47,7 +46,7 @@ import org.joda.time.Duration;
 
 /** Task that re-locks a previously-Registry-Locked domain after a predetermined period of time. */
 @Action(
-    service = GaeService.BACKEND,
+    service = Action.Service.BACKEND,
     path = RelockDomainAction.PATH,
     method = POST,
     automaticallyPrintOk = true,

core/src/main/java/google/registry/batch/RemoveAllDomainContactsAction.java

@@ -44,7 +44,6 @@ import google.registry.model.eppcommon.ProtocolDefinition;
 import google.registry.model.eppoutput.EppOutput;
 import google.registry.persistence.VKey;
 import google.registry.request.Action;
-import google.registry.request.Action.GaeService;
 import google.registry.request.Response;
 import google.registry.request.auth.Auth;
 import google.registry.request.lock.LockHandler;
@@ -67,7 +66,7 @@ import org.joda.time.Duration;
  * leaving behind a record recording that update.
  */
 @Action(
-    service = GaeService.BACKEND,
+    service = Action.Service.BACKEND,
     path = RemoveAllDomainContactsAction.PATH,
     method = Action.Method.POST,
     auth = Auth.AUTH_ADMIN)

core/src/main/java/google/registry/batch/ResaveAllEppResourcesPipelineAction.java

@@ -28,7 +28,6 @@ import com.google.common.flogger.FluentLogger;
 import com.google.common.net.MediaType;
 import google.registry.config.RegistryConfig.Config;
 import google.registry.request.Action;
-import google.registry.request.Action.GaeService;
 import google.registry.request.Parameter;
 import google.registry.request.Response;
 import google.registry.request.auth.Auth;
@@ -54,7 +53,7 @@ import jakarta.inject.Inject;
  * <p>This runs the {@link google.registry.beam.resave.ResaveAllEppResourcesPipeline}.
  */
 @Action(
-    service = GaeService.BACKEND,
+    service = Action.Service.BACKEND,
     path = ResaveAllEppResourcesPipelineAction.PATH,
     auth = Auth.AUTH_ADMIN)
 public class ResaveAllEppResourcesPipelineAction implements Runnable {

core/src/main/java/google/registry/batch/ResaveEntityAction.java

@@ -25,7 +25,6 @@ import com.google.common.flogger.FluentLogger;
 import google.registry.model.EppResource;
 import google.registry.persistence.VKey;
 import google.registry.request.Action;
-import google.registry.request.Action.GaeService;
 import google.registry.request.Action.Method;
 import google.registry.request.Parameter;
 import google.registry.request.Response;
@@ -40,7 +39,7 @@ import org.joda.time.DateTime;
  * <p>{@link EppResource}s will be projected forward to the current time.
  */
 @Action(
-    service = GaeService.BACKEND,
+    service = Action.Service.BACKEND,
     path = ResaveEntityAction.PATH,
     auth = Auth.AUTH_ADMIN,
     method = Method.POST)

core/src/main/java/google/registry/batch/SendExpiringCertificateNotificationEmailAction.java

@@ -35,7 +35,6 @@ import google.registry.model.registrar.Registrar;
 import google.registry.model.registrar.RegistrarPoc;
 import google.registry.model.registrar.RegistrarPoc.Type;
 import google.registry.request.Action;
-import google.registry.request.Action.GaeService;
 import google.registry.request.Response;
 import google.registry.request.auth.Auth;
 import google.registry.util.EmailMessage;
@@ -50,7 +49,7 @@ import org.joda.time.format.DateTimeFormatter;
 
 /** An action that sends notification emails to registrars whose certificates are expiring soon. */
 @Action(
-    service = GaeService.BACKEND,
+    service = Action.Service.BACKEND,
     path = SendExpiringCertificateNotificationEmailAction.PATH,
     auth = Auth.AUTH_ADMIN)
 public class SendExpiringCertificateNotificationEmailAction implements Runnable {

core/src/main/java/google/registry/batch/WipeOutContactHistoryPiiAction.java

@@ -30,7 +30,6 @@ import google.registry.beam.wipeout.WipeOutContactHistoryPiiPipeline;
 import google.registry.config.RegistryConfig.Config;
 import google.registry.model.contact.ContactHistory;
 import google.registry.request.Action;
-import google.registry.request.Action.GaeService;
 import google.registry.request.Parameter;
 import google.registry.request.Response;
 import google.registry.request.auth.Auth;
@@ -49,7 +48,7 @@ import org.joda.time.DateTime;
  * time.
  */
 @Action(
-    service = GaeService.BACKEND,
+    service = Action.Service.BACKEND,
     path = WipeOutContactHistoryPiiAction.PATH,
     auth = Auth.AUTH_ADMIN)
 public class WipeOutContactHistoryPiiAction implements Runnable {

core/src/main/java/google/registry/bsa/BsaDownloadAction.java

@@ -41,7 +41,6 @@ import google.registry.bsa.persistence.DownloadScheduler;
 import google.registry.config.RegistryConfig.Config;
 import google.registry.model.tld.Tlds;
 import google.registry.request.Action;
-import google.registry.request.Action.GaeService;
 import google.registry.request.Response;
 import google.registry.request.auth.Auth;
 import google.registry.util.Clock;
@@ -51,7 +50,7 @@ import java.util.Optional;
 import java.util.stream.Stream;
 
 @Action(
-    service = GaeService.BSA,
+    service = Action.Service.BACKEND,
     path = BsaDownloadAction.PATH,
     method = {GET, POST},
     auth = Auth.AUTH_ADMIN)

core/src/main/java/google/registry/bsa/BsaRefreshAction.java

@@ -31,7 +31,6 @@ import google.registry.bsa.persistence.RefreshScheduler;
 import google.registry.config.RegistryConfig.Config;
 import google.registry.model.tld.Tlds;
 import google.registry.request.Action;
-import google.registry.request.Action.GaeService;
 import google.registry.request.Response;
 import google.registry.request.auth.Auth;
 import google.registry.util.BatchedStreams;
@@ -42,7 +41,7 @@ import java.util.stream.Stream;
 import org.joda.time.Duration;
 
 @Action(
-    service = GaeService.BSA,
+    service = Action.Service.BACKEND,
     path = BsaRefreshAction.PATH,
     method = {GET, POST},
     auth = Auth.AUTH_ADMIN)

core/src/main/java/google/registry/bsa/BsaValidateAction.java

@@ -28,7 +28,6 @@ import static google.registry.bsa.persistence.Queries.queryMissedRegisteredUnblo
 import static google.registry.bsa.persistence.Queries.queryUnblockableDomainByLabels;
 import static google.registry.model.tld.Tld.isEnrolledWithBsa;
 import static google.registry.model.tld.Tlds.getTldEntitiesOfType;
-import static google.registry.persistence.transaction.TransactionManagerFactory.replicaTm;
 import static google.registry.request.Action.Method.GET;
 import static google.registry.request.Action.Method.POST;
 import static google.registry.util.BatchedStreams.toBatches;
@@ -53,9 +52,7 @@ import google.registry.model.ForeignKeyUtils;
 import google.registry.model.domain.Domain;
 import google.registry.model.tld.Tld;
 import google.registry.model.tld.Tld.TldType;
-import google.registry.persistence.VKey;
 import google.registry.request.Action;
-import google.registry.request.Action.GaeService;
 import google.registry.request.Response;
 import google.registry.request.auth.Auth;
 import google.registry.util.Clock;
@@ -68,7 +65,7 @@ import org.joda.time.Duration;
 
 /** Validates the BSA data in the database against the most recent block lists. */
 @Action(
-    service = GaeService.BSA,
+    service = Action.Service.BACKEND,
     path = BsaValidateAction.PATH,
     method = {GET, POST},
     auth = Auth.AUTH_ADMIN)
@@ -185,8 +182,8 @@ public class BsaValidateAction implements Runnable {
     ImmutableList<UnblockableDomain> batch;
     do {
       batch = Queries.batchReadUnblockableDomains(lastRead, transactionBatchSize);
-      ImmutableMap<String, VKey<Domain>> activeDomains =
-          ForeignKeyUtils.load(
+      ImmutableMap<String, Domain> activeDomains =
+          ForeignKeyUtils.loadResources(
               Domain.class,
               batch.stream().map(UnblockableDomain::domainName).collect(toImmutableList()),
               clock.nowUtc());
@@ -201,7 +198,7 @@ public class BsaValidateAction implements Runnable {
   }
 
   Optional<String> verifyDomainStillUnblockableWithReason(
-      UnblockableDomain domain, ImmutableMap<String, VKey<Domain>> activeDomains) {
+      UnblockableDomain domain, ImmutableMap<String, Domain> activeDomains) {
     DateTime now = clock.nowUtc();
     boolean isRegistered = activeDomains.containsKey(domain.domainName());
     boolean isReserved = isReservedDomain(domain.domainName(), now);
@@ -230,10 +227,8 @@ public class BsaValidateAction implements Runnable {
             domain.reason()));
   }
 
-  boolean isStalenessAllowed(VKey<Domain> domainVKey) {
-    Domain domain = bsaQuery(() -> replicaTm().loadByKey(domainVKey));
-    var now = clock.nowUtc();
-    return domain.getCreationTime().plus(maxStaleness).isAfter(now);
+  boolean isStalenessAllowed(Domain domain) {
+    return domain.getCreationTime().plus(maxStaleness).isAfter(clock.nowUtc());
   }
 
   /** Returns unique labels across all block lists in the download specified by {@code jobName}. */

core/src/main/java/google/registry/bsa/UploadBsaUnavailableDomainsAction.java

@@ -42,7 +42,6 @@ import google.registry.model.tld.Tld;
 import google.registry.model.tld.Tld.TldType;
 import google.registry.model.tld.label.ReservedList;
 import google.registry.request.Action;
-import google.registry.request.Action.GaeService;
 import google.registry.request.auth.Auth;
 import google.registry.util.Clock;
 import jakarta.inject.Inject;
@@ -78,7 +77,7 @@ import org.joda.time.DateTime;
  * <p>The file is also uploaded to GCS to preserve it as a record for ourselves.
  */
 @Action(
-    service = GaeService.BSA,
+    service = Action.Service.BACKEND,
     path = "/_dr/task/uploadBsaUnavailableNames",
     method = {GET, POST},
     auth = Auth.AUTH_ADMIN)

core/src/main/java/google/registry/bsa/persistence/DomainsRefresher.java

@@ -156,7 +156,7 @@ public final class DomainsRefresher {
             .collect(toImmutableSet());
     ImmutableSet<String> currRegistered =
         ImmutableSet.copyOf(
-            ForeignKeyUtils.load(Domain.class, nameToEntity.keySet(), now).keySet());
+            ForeignKeyUtils.loadKeys(Domain.class, nameToEntity.keySet(), now).keySet());
     SetView<String> noLongerRegistered = Sets.difference(prevRegistered, currRegistered);
     SetView<String> newlyRegistered = Sets.difference(currRegistered, prevRegistered);
 

core/src/main/java/google/registry/bsa/persistence/LabelDiffUpdates.java

@@ -145,11 +145,10 @@ public final class LabelDiffUpdates {
 
     ImmutableSet<String> validDomainNames =
         labels.stream()
-            .map(label -> validDomainNamesForLabel(label, idnChecker))
-            .flatMap(x -> x)
+            .flatMap(label -> validDomainNamesForLabel(label, idnChecker))
             .collect(toImmutableSet());
     ImmutableSet<String> registeredDomainNames =
-        ImmutableSet.copyOf(ForeignKeyUtils.load(Domain.class, validDomainNames, now).keySet());
+        ForeignKeyUtils.loadKeys(Domain.class, validDomainNames, now).keySet();
     for (String domain : registeredDomainNames) {
       nonBlockedDomains.add(new UnblockableDomain(domain, Reason.REGISTERED));
       tm().put(BsaUnblockableDomain.of(domain, BsaUnblockableDomain.Reason.REGISTERED));

core/src/main/java/google/registry/config/RegistryConfig.java

@@ -37,7 +37,7 @@ import google.registry.bsa.UploadBsaUnavailableDomainsAction;
 import google.registry.dns.ReadDnsRefreshRequestsAction;
 import google.registry.model.common.DnsRefreshRequest;
 import google.registry.persistence.transaction.JpaTransactionManager;
-import google.registry.request.Action.GkeService;
+import google.registry.request.Action.Service;
 import google.registry.util.RegistryEnvironment;
 import google.registry.util.YamlUtils;
 import jakarta.inject.Named;
@@ -976,17 +976,6 @@ public final class RegistryConfig {
       return config.misc.transientFailureRetries;
     }
 
-    /**
-     * Amount of time public HTTP proxies are permitted to cache our WHOIS responses.
-     *
-     * @see google.registry.whois.WhoisHttpAction
-     */
-    @Provides
-    @Config("whoisHttpExpires")
-    public static Duration provideWhoisHttpExpires() {
-      return Duration.standardDays(1);
-    }
-
     /**
      * Maximum number of results to return for an RDAP search query
      *
@@ -998,39 +987,6 @@ public final class RegistryConfig {
       return 100;
     }
 
-    /**
-     * Redaction text for email address in WHOIS
-     *
-     * @see google.registry.whois.WhoisResponse
-     */
-    @Provides
-    @Config("whoisRedactedEmailText")
-    public static String provideWhoisRedactedEmailText(RegistryConfigSettings config) {
-      return config.registryPolicy.whoisRedactedEmailText;
-    }
-
-    /**
-     * Disclaimer displayed at the end of WHOIS query results.
-     *
-     * @see google.registry.whois.WhoisResponse
-     */
-    @Provides
-    @Config("whoisDisclaimer")
-    public static String provideWhoisDisclaimer(RegistryConfigSettings config) {
-      return config.registryPolicy.whoisDisclaimer;
-    }
-
-    /**
-     * Message template for whois response when queried domain is blocked by BSA.
-     *
-     * @see google.registry.whois.WhoisResponse
-     */
-    @Provides
-    @Config("domainBlockedByBsaTemplate")
-    public static String provideDomainBlockedByBsaTemplate(RegistryConfigSettings config) {
-      return config.registryPolicy.domainBlockedByBsaTemplate;
-    }
-
     /**
      * Maximum QPS for the Google Cloud Monitoring V3 (aka Stackdriver) API. The QPS limit can be
      * adjusted by contacting Cloud Support.
@@ -1105,12 +1061,6 @@ public final class RegistryConfig {
       return config.registryPolicy.customLogicFactoryClass;
     }
 
-    @Provides
-    @Config("whoisCommandFactoryClass")
-    public static String provideWhoisCommandFactoryClass(RegistryConfigSettings config) {
-      return config.registryPolicy.whoisCommandFactoryClass;
-    }
-
     @Provides
     @Config("dnsCountQueryCoordinatorClass")
     public static String dnsCountQueryCoordinatorClass(RegistryConfigSettings config) {
@@ -1494,7 +1444,7 @@ public final class RegistryConfig {
     return CONFIG_SETTINGS.get().gcpProject.baseDomain;
   }
 
-  public static URL getServiceUrl(GkeService service) {
+  public static URL getServiceUrl(Service service) {
     return makeUrl(String.format("https://%s.%s", service.getServiceId(), getBaseDomain()));
   }
 
@@ -1606,12 +1556,7 @@ public final class RegistryConfig {
     return CONFIG_SETTINGS.get().gSuite.outgoingEmailDisplayName;
   }
 
-  /**
-   * Returns default WHOIS server to use when {@code Registrar#getWhoisServer()} is {@code null}.
-   *
-   * @see "google.registry.whois.DomainWhoisResponse"
-   * @see "google.registry.whois.RegistrarWhoisResponse"
-   */
+  /** Returns default WHOIS server to use when {@code Registrar#getWhoisServer()} is null. */
   public static String getDefaultRegistrarWhoisServer() {
     return CONFIG_SETTINGS.get().registryPolicy.defaultRegistrarWhoisServer;
   }

core/src/main/java/google/registry/config/RegistryConfigSettings.java

@@ -90,7 +90,6 @@ public class RegistryConfigSettings {
     public String contactAndHostRoidSuffix;
     public String productName;
     public String customLogicFactoryClass;
-    public String whoisCommandFactoryClass;
     public String dnsCountQueryCoordinatorClass;
     public int contactAutomaticTransferDays;
     public String greetingServerId;
@@ -102,9 +101,6 @@ public class RegistryConfigSettings {
     public String registryAdminClientId;
     public String premiumTermsExportDisclaimer;
     public String reservedTermsExportDisclaimer;
-    public String whoisRedactedEmailText;
-    public String whoisDisclaimer;
-    public String domainBlockedByBsaTemplate;
     public String rdapTos;
     public String rdapTosStaticUrl;
     public String registryName;

core/src/main/java/google/registry/config/files/default-config.yaml

@@ -65,10 +65,6 @@ registryPolicy:
   # See flows/custom/CustomLogicFactory.java
   customLogicFactoryClass: google.registry.flows.custom.CustomLogicFactory
 
-  # WHOIS command factory fully-qualified class name.
-  # See whois/WhoisCommandFactory.java
-  whoisCommandFactoryClass: google.registry.whois.WhoisCommandFactory
-
   # Custom logic class for handling DNS query count reporting for ICANN.
   # See reporting/icann/DnsCountQueryCoordinator.java
   dnsCountQueryCoordinatorClass: google.registry.reporting.icann.DummyDnsCountQueryCoordinator
@@ -114,31 +110,6 @@ registryPolicy:
     to publish. This list is subject to change. The most up-to-date source
     is always the registry itself, by sending domain check EPP commands.
 
-  # Redaction text for email address in WHOIS
-  whoisRedactedEmailText: |
-    Please query the WHOIS server of the owning registrar identified in this
-    output for information on how to contact the Registrant, Admin, or Tech
-    contact of the queried domain name.
-
-  # Disclaimer at the top of WHOIS results.
-  whoisDisclaimer: |
-    WHOIS information is provided by the registry solely for query-based,
-    informational purposes. Any information provided is "as is" without any
-    guarantee of accuracy. You may not use such information to (a) allow,
-    enable, or otherwise support the transmission of mass unsolicited,
-    commercial advertising or solicitations; (b) enable high volume, automated,
-    electronic processes that access the registry's systems or any
-    ICANN-Accredited Registrar, except as reasonably necessary to register
-    domain names or modify existing registrations; or (c) engage in or support
-    unlawful behavior. We reserve the right to restrict or deny your access to
-    the WHOIS database, and may modify these terms at any time.
-
-  # BSA blocked domain name template.
-  domainBlockedByBsaTemplate: |
-    Domain Name: %s
-    >>> This name is not available for registration.
-    >>> This name has been blocked by a GlobalBlock service.
-
   # RDAP Terms of Service text displayed at the /rdap/help/tos endpoint.
   rdapTos: >
     By querying our Domain Database as part of the RDAP pilot program (RDAP

core/src/main/java/google/registry/config/files/tld/example.yaml

@@ -5,7 +5,6 @@
 
 addGracePeriodLength: "PT432000S"
 allowedFullyQualifiedHostNames: []
-allowedRegistrantContactIds: []
 anchorTenantAddGracePeriodLength: "PT2592000S"
 autoRenewGracePeriodLength: "PT3888000S"
 automaticTransferLength: "PT432000S"

core/src/main/java/google/registry/cron/TldFanoutAction.java

@@ -40,14 +40,12 @@ import com.google.common.collect.Streams;
 import com.google.common.flogger.FluentLogger;
 import google.registry.batch.CloudTasksUtils;
 import google.registry.request.Action;
-import google.registry.request.Action.GaeService;
-import google.registry.request.Action.GkeService;
+import google.registry.request.Action.Service;
 import google.registry.request.Parameter;
 import google.registry.request.ParameterMap;
 import google.registry.request.RequestParameters;
 import google.registry.request.Response;
 import google.registry.request.auth.Auth;
-import google.registry.util.RegistryEnvironment;
 import jakarta.inject.Inject;
 import java.util.Optional;
 import java.util.stream.Stream;
@@ -80,7 +78,7 @@ import java.util.stream.Stream;
  * </ul>
  */
 @Action(
-    service = GaeService.BACKEND,
+    service = Service.BACKEND,
     path = "/_dr/cron/fanout",
     automaticallyPrintOk = true,
     auth = Auth.AUTH_ADMIN)
@@ -160,10 +158,6 @@ public final class TldFanoutAction implements Runnable {
       params.put(RequestParameters.PARAM_TLD, tld);
     }
     return cloudTasksUtils.createTaskWithJitter(
-        endpoint,
-        Action.Method.POST,
-        RegistryEnvironment.isOnJetty() ? GkeService.BACKEND : GaeService.BACKEND,
-        params,
-        jitterSeconds);
+        endpoint, Action.Method.POST, Service.BACKEND, params, jitterSeconds);
   }
 }

core/src/main/java/google/registry/dns/PublishDnsUpdatesAction.java

@@ -25,7 +25,6 @@ import static google.registry.dns.DnsModule.PARAM_REFRESH_REQUEST_TIME;
 import static google.registry.dns.DnsUtils.DNS_PUBLISH_PUSH_QUEUE_NAME;
 import static google.registry.dns.DnsUtils.requestDomainDnsRefresh;
 import static google.registry.dns.DnsUtils.requestHostDnsRefresh;
-import static google.registry.model.EppResourceUtils.loadByForeignKey;
 import static google.registry.persistence.transaction.TransactionManagerFactory.tm;
 import static google.registry.request.Action.Method.POST;
 import static google.registry.request.RequestParameters.PARAM_TLD;
@@ -46,13 +45,13 @@ import google.registry.dns.DnsMetrics.CommitStatus;
 import google.registry.dns.DnsMetrics.PublishStatus;
 import google.registry.dns.writer.DnsWriter;
 import google.registry.groups.GmailClient;
+import google.registry.model.ForeignKeyUtils;
 import google.registry.model.domain.Domain;
 import google.registry.model.host.Host;
 import google.registry.model.registrar.Registrar;
 import google.registry.model.registrar.RegistrarPoc;
 import google.registry.model.tld.Tld;
 import google.registry.request.Action;
-import google.registry.request.Action.GaeService;
 import google.registry.request.Header;
 import google.registry.request.HttpException.ServiceUnavailableException;
 import google.registry.request.Parameter;
@@ -72,7 +71,7 @@ import org.joda.time.Duration;
 
 /** Task that sends domain and host updates to the DNS server. */
 @Action(
-    service = GaeService.BACKEND,
+    service = Action.Service.BACKEND,
     path = PublishDnsUpdatesAction.PATH,
     method = POST,
     automaticallyPrintOk = true,
@@ -237,7 +236,8 @@ public final class PublishDnsUpdatesAction implements Runnable, Callable<Void> {
             .findFirst()
             .ifPresent(
                 dn -> {
-                  Optional<Domain> domain = loadByForeignKey(Domain.class, dn, clock.nowUtc());
+                  Optional<Domain> domain =
+                      ForeignKeyUtils.loadResource(Domain.class, dn, clock.nowUtc());
                   if (domain.isPresent()) {
                     notifyWithEmailAboutDnsUpdateFailure(
                         domain.get().getCurrentSponsorRegistrarId(), dn, false);
@@ -250,7 +250,8 @@ public final class PublishDnsUpdatesAction implements Runnable, Callable<Void> {
             .findFirst()
             .ifPresent(
                 hn -> {
-                  Optional<Host> host = loadByForeignKey(Host.class, hn, clock.nowUtc());
+                  Optional<Host> host =
+                      ForeignKeyUtils.loadResource(Host.class, hn, clock.nowUtc());
                   if (host.isPresent()) {
                     notifyWithEmailAboutDnsUpdateFailure(
                         host.get().getPersistedCurrentSponsorRegistrarId(), hn, true);

core/src/main/java/google/registry/dns/ReadDnsRefreshRequestsAction.java

@@ -45,7 +45,6 @@ import google.registry.dns.DnsUtils.TargetType;
 import google.registry.model.common.DnsRefreshRequest;
 import google.registry.model.tld.Tld;
 import google.registry.request.Action;
-import google.registry.request.Action.GaeService;
 import google.registry.request.Parameter;
 import google.registry.request.auth.Auth;
 import google.registry.util.Clock;
@@ -60,7 +59,7 @@ import org.joda.time.Duration;
  * table.
  */
 @Action(
-    service = GaeService.BACKEND,
+    service = Action.Service.BACKEND,
     path = "/_dr/task/readDnsRefreshRequests",
     automaticallyPrintOk = true,
     method = POST,

core/src/main/java/google/registry/dns/RefreshDnsAction.java

@@ -16,17 +16,16 @@ package google.registry.dns;
 
 import static google.registry.dns.DnsUtils.requestDomainDnsRefresh;
 import static google.registry.dns.DnsUtils.requestHostDnsRefresh;
-import static google.registry.model.EppResourceUtils.loadByForeignKey;
 import static google.registry.persistence.transaction.TransactionManagerFactory.tm;
 
 import google.registry.dns.DnsUtils.TargetType;
 import google.registry.model.EppResource;
 import google.registry.model.EppResource.ForeignKeyedEppResource;
+import google.registry.model.ForeignKeyUtils;
 import google.registry.model.annotations.ExternalMessagingName;
 import google.registry.model.domain.Domain;
 import google.registry.model.host.Host;
 import google.registry.request.Action;
-import google.registry.request.Action.GaeService;
 import google.registry.request.HttpException.BadRequestException;
 import google.registry.request.HttpException.NotFoundException;
 import google.registry.request.Parameter;
@@ -36,7 +35,7 @@ import jakarta.inject.Inject;
 
 /** Action that manually triggers refresh of DNS information. */
 @Action(
-    service = GaeService.BACKEND,
+    service = Action.Service.BACKEND,
     path = "/_dr/task/dnsRefresh",
     automaticallyPrintOk = true,
     auth = Auth.AUTH_ADMIN)
@@ -79,7 +78,7 @@ public final class RefreshDnsAction implements Runnable {
 
   private <T extends EppResource & ForeignKeyedEppResource>
       T loadAndVerifyExistence(Class<T> clazz, String foreignKey) {
-    return loadByForeignKey(clazz, foreignKey, clock.nowUtc())
+    return ForeignKeyUtils.loadResource(clazz, foreignKey, clock.nowUtc())
         .orElseThrow(
             () ->
                 new NotFoundException(

core/src/main/java/google/registry/dns/RefreshDnsOnHostRenameAction.java

@@ -26,7 +26,6 @@ import google.registry.model.domain.Domain;
 import google.registry.model.host.Host;
 import google.registry.persistence.VKey;
 import google.registry.request.Action;
-import google.registry.request.Action.GaeService;
 import google.registry.request.Parameter;
 import google.registry.request.Response;
 import google.registry.request.auth.Auth;
@@ -34,7 +33,7 @@ import jakarta.inject.Inject;
 import org.joda.time.DateTime;
 
 @Action(
-    service = GaeService.BACKEND,
+    service = Action.Service.BACKEND,
     path = PATH,
     method = Action.Method.POST,
     auth = Auth.AUTH_ADMIN)

core/src/main/java/google/registry/dns/writer/clouddns/CloudDnsWriter.java

@@ -17,7 +17,6 @@ package google.registry.dns.writer.clouddns;
 import static com.google.common.base.Preconditions.checkArgument;
 import static com.google.common.collect.ImmutableSet.toImmutableSet;
 import static google.registry.dns.DnsUtils.getDnsAPlusAAAATtlForHost;
-import static google.registry.model.EppResourceUtils.loadByForeignKey;
 import static google.registry.util.DomainNameUtils.getSecondLevelDomain;
 
 import com.google.api.client.googleapis.json.GoogleJsonError;
@@ -37,6 +36,7 @@ import google.registry.config.RegistryConfig.Config;
 import google.registry.dns.writer.BaseDnsWriter;
 import google.registry.dns.writer.DnsWriter;
 import google.registry.dns.writer.DnsWriterZone;
+import google.registry.model.ForeignKeyUtils;
 import google.registry.model.domain.Domain;
 import google.registry.model.domain.secdns.DomainDsData;
 import google.registry.model.host.Host;
@@ -123,7 +123,8 @@ public class CloudDnsWriter extends BaseDnsWriter {
     String absoluteDomainName = getAbsoluteHostName(domainName);
 
     // Load the target domain. Note that it can be absent if this domain was just deleted.
-    Optional<Domain> domain = loadByForeignKey(Domain.class, domainName, clock.nowUtc());
+    Optional<Domain> domain =
+        ForeignKeyUtils.loadResource(Domain.class, domainName, clock.nowUtc());
 
     // Return early if no DNS records should be published.
     // desiredRecordsBuilder is populated with an empty set to indicate that all existing records
@@ -189,7 +190,7 @@ public class CloudDnsWriter extends BaseDnsWriter {
     // Load the target host. Note that it can be absent if this host was just deleted.
     // desiredRecords is populated with an empty set to indicate that all existing records
     // should be deleted.
-    Optional<Host> host = loadByForeignKey(Host.class, hostName, clock.nowUtc());
+    Optional<Host> host = ForeignKeyUtils.loadResource(Host.class, hostName, clock.nowUtc());
 
     // Return early if the host is deleted.
     if (host.isEmpty()) {

core/src/main/java/google/registry/dns/writer/dnsupdate/DnsUpdateWriter.java

@@ -19,7 +19,6 @@ import static com.google.common.base.Verify.verify;
 import static com.google.common.collect.Sets.intersection;
 import static com.google.common.collect.Sets.union;
 import static google.registry.dns.DnsUtils.getDnsAPlusAAAATtlForHost;
-import static google.registry.model.EppResourceUtils.loadByForeignKey;
 
 import com.google.common.base.Joiner;
 import com.google.common.collect.ImmutableList;
@@ -28,6 +27,7 @@ import com.google.common.net.InternetDomainName;
 import google.registry.config.RegistryConfig.Config;
 import google.registry.dns.writer.BaseDnsWriter;
 import google.registry.dns.writer.DnsWriterZone;
+import google.registry.model.ForeignKeyUtils;
 import google.registry.model.domain.Domain;
 import google.registry.model.domain.secdns.DomainDsData;
 import google.registry.model.host.Host;
@@ -129,7 +129,8 @@ public class DnsUpdateWriter extends BaseDnsWriter {
    *     this domain refresh request
    */
   private void publishDomain(String domainName, String requestingHostName) {
-    Optional<Domain> domainOptional = loadByForeignKey(Domain.class, domainName, clock.nowUtc());
+    Optional<Domain> domainOptional =
+        ForeignKeyUtils.loadResource(Domain.class, domainName, clock.nowUtc());
     update.delete(toAbsoluteName(domainName), Type.ANY);
     // If the domain is now deleted, then don't update DNS for it.
     if (domainOptional.isPresent()) {
@@ -218,7 +219,7 @@ public class DnsUpdateWriter extends BaseDnsWriter {
   private void addInBailiwickNameServerSet(Domain domain, Update update) {
     for (String hostName :
         intersection(domain.loadNameserverHostNames(), domain.getSubordinateHosts())) {
-      Optional<Host> host = loadByForeignKey(Host.class, hostName, clock.nowUtc());
+      Optional<Host> host = ForeignKeyUtils.loadResource(Host.class, hostName, clock.nowUtc());
       checkState(host.isPresent(), "Host %s cannot be loaded", hostName);
       update.add(makeAddressSet(host.get()));
       update.add(makeV6AddressSet(host.get()));

core/src/main/java/google/registry/env/alpha/backend/WEB-INF/appengine-web.xml

@@ -1,28 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<appengine-web-app xmlns="http://appengine.google.com/ns/1.0">
-
-  <runtime>java21</runtime>
-  <service>backend</service>
-  <app-engine-apis>true</app-engine-apis>
-  <sessions-enabled>true</sessions-enabled>
-  <instance-class>B4</instance-class>
-  <basic-scaling>
-    <max-instances>100</max-instances>
-    <idle-timeout>10m</idle-timeout>
-  </basic-scaling>
-
-  <system-properties>
-    <property name="java.util.logging.config.file"
-              value="WEB-INF/logging.properties"/>
-    <property name="google.registry.environment"
-              value="alpha"/>
-  </system-properties>
-
-  <env-variables>
-    <env-var name="GOOGLE_APPLICATION_CREDENTIALS_SKIP_APP_ENGINE" value="true"/>
-  </env-variables>
-
-  <static-files>
-    <include path="/*.html" expiration="1m"/>
-  </static-files>
-</appengine-web-app>

core/src/main/java/google/registry/env/alpha/bsa/WEB-INF/appengine-web.xml

@@ -1,34 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<appengine-web-app xmlns="http://appengine.google.com/ns/1.0">
-
-  <runtime>java21</runtime>
-  <service>bsa</service>
-  <app-engine-apis>true</app-engine-apis>
-  <sessions-enabled>true</sessions-enabled>
-  <instance-class>B4</instance-class>
-  <basic-scaling>
-    <max-instances>100</max-instances>
-    <idle-timeout>10m</idle-timeout>
-  </basic-scaling>
-
-  <system-properties>
-    <property name="java.util.logging.config.file"
-              value="WEB-INF/logging.properties"/>
-    <property name="google.registry.environment"
-              value="alpha"/>
-  </system-properties>
-
-  <env-variables>
-    <env-var name="GOOGLE_APPLICATION_CREDENTIALS_SKIP_APP_ENGINE" value="true"/>
-  </env-variables>
-
-  <!-- Enable external traffic to go through VPC, required for static ip -->
-  <vpc-access-connector>
-    <name>projects/domain-registry-alpha/locations/us-central1/connectors/appengine-connector</name>
-    <egress-setting>all-traffic</egress-setting>
-  </vpc-access-connector>
-
-  <static-files>
-    <include path="/*.html" expiration="1m"/>
-  </static-files>
-</appengine-web-app>

core/src/main/java/google/registry/env/alpha/default/WEB-INF/appengine-web.xml

@@ -1,30 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<appengine-web-app xmlns="http://appengine.google.com/ns/1.0">
-
-  <runtime>java21</runtime>
-  <service>default</service>
-  <app-engine-apis>true</app-engine-apis>
-  <sessions-enabled>true</sessions-enabled>
-  <instance-class>B4</instance-class>
-  <basic-scaling>
-    <max-instances>8</max-instances>
-    <idle-timeout>30m</idle-timeout>
-  </basic-scaling>
-
-  <system-properties>
-    <property name="java.util.logging.config.file"
-              value="WEB-INF/logging.properties"/>
-    <property name="google.registry.environment"
-              value="alpha"/>
-  </system-properties>
-
-  <env-variables>
-    <env-var name="GOOGLE_APPLICATION_CREDENTIALS_SKIP_APP_ENGINE" value="true"/>
-  </env-variables>
-
-  <static-files>
-    <include path="/*.html" expiration="1m"/>
-    <include path="/registrar/*.html" expiration="1m"/>
-
-  </static-files>
-</appengine-web-app>

core/src/main/java/google/registry/env/alpha/pubapi/WEB-INF/appengine-web.xml

@@ -1,31 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<appengine-web-app xmlns="http://appengine.google.com/ns/1.0">
-
-  <runtime>java21</runtime>
-  <service>pubapi</service>
-  <app-engine-apis>true</app-engine-apis>
-  <sessions-enabled>true</sessions-enabled>
-  <instance-class>B4</instance-class>
-  <basic-scaling>
-    <max-instances>8</max-instances>
-    <idle-timeout>10m</idle-timeout>
-  </basic-scaling>
-
-  <system-properties>
-    <property name="java.util.logging.config.file"
-              value="WEB-INF/logging.properties"/>
-    <property name="google.registry.environment"
-              value="alpha"/>
-  </system-properties>
-
-  <env-variables>
-    <env-var name="GOOGLE_APPLICATION_CREDENTIALS_SKIP_APP_ENGINE" value="true"/>
-  </env-variables>
-
-  <static-files>
-    <include path="/*.html" expiration="1m"/>
-    <include path="/assets/js/**" expiration="1m"/>
-    <include path="/assets/css/**" expiration="1m"/>
-    <include path="/assets/images/**" expiration="1m"/>
-  </static-files>
-</appengine-web-app>

core/src/main/java/google/registry/env/alpha/tools/WEB-INF/appengine-web.xml

@@ -1,31 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<appengine-web-app xmlns="http://appengine.google.com/ns/1.0">
-
-  <runtime>java21</runtime>
-  <service>tools</service>
-  <app-engine-apis>true</app-engine-apis>
-  <sessions-enabled>true</sessions-enabled>
-  <instance-class>B4</instance-class>
-  <basic-scaling>
-    <max-instances>5</max-instances>
-    <idle-timeout>5m</idle-timeout>
-  </basic-scaling>
-
-  <system-properties>
-    <property name="java.util.logging.config.file"
-              value="WEB-INF/logging.properties"/>
-    <property name="google.registry.environment"
-              value="alpha"/>
-  </system-properties>
-
-  <env-variables>
-    <env-var name="GOOGLE_APPLICATION_CREDENTIALS_SKIP_APP_ENGINE" value="true"/>
-  </env-variables>
-
-  <static-files>
-    <include path="/*.html" expiration="1m"/>
-    <include path="/assets/js/**" expiration="1m"/>
-    <include path="/assets/css/**" expiration="1m"/>
-    <include path="/assets/images/**" expiration="1m"/>
-  </static-files>
-</appengine-web-app>

core/src/main/java/google/registry/env/common/META-INF/appengine-application.xml

@@ -1,4 +0,0 @@
-<?xml version="1.0" encoding="utf-8" standalone="no"?>
-<appengine-application xmlns="http://appengine.google.com/ns/1.0">
-  <application>domain-registry</application>
-</appengine-application>

core/src/main/java/google/registry/env/common/META-INF/application.xml

@@ -1,46 +0,0 @@
-<?xml version="1.0"
-encoding="UTF-8"?>
-
-<application
-  xmlns="http://java.sun.com/xml/ns/javaee"
-  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-  xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
-                      http://java.sun.com/xml/ns/javaee/application_5.xsd"
-  version="5">
-
-  <description>Google Registry</description>
-  <display-name>Google Registry</display-name>
-
-  <!-- Modules -->
-  <!-- The default module should be listed first -->
-  <module>
-    <web>
-      <web-uri>default</web-uri>
-      <context-root>default</context-root>
-    </web>
-  </module>
-  <module>
-    <web>
-      <web-uri>pubapi</web-uri>
-      <context-root>pubapi</context-root>
-    </web>
-  </module>
-  <module>
-    <web>
-      <web-uri>backend</web-uri>
-      <context-root>backend</context-root>
-    </web>
-  </module>
-  <module>
-    <web>
-      <web-uri>bsa</web-uri>
-      <context-root>bsa</context-root>
-    </web>
-  </module>
-  <module>
-    <web>
-      <web-uri>tools</web-uri>
-      <context-root>tools</context-root>
-    </web>
-  </module>
-</application>

core/src/main/java/google/registry/env/common/backend/WEB-INF/logging.properties

@@ -1,17 +0,0 @@
-# A default java.util.logging configuration.
-# (All App Engine logging is through java.util.logging by default).
-#
-# To use this configuration, copy it into your application's WEB-INF
-# folder and add the following to your appengine-web.xml:
-#
-# <system-properties>
-#   <property name="java.util.logging.config.file" value="WEB-INF/logging.properties"/>
-# </system-properties>
-#
-
-# Set the default logging level for all loggers to INFO.
-.level = INFO
-
-# Turn off logging in Hibernate classes for misleading ERROR-level logs
-org.hibernate.orm.jdbc.batch.level=OFF
-org.hibernate.engine.jdbc.spi.SqlExceptionHelper.level=OFF

core/src/main/java/google/registry/env/common/backend/WEB-INF/web.xml

@@ -1,333 +0,0 @@
-<web-app xmlns="https://jakarta.ee/xml/ns/jakartaee"
-  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-  xsi:schemaLocation="https://jakarta.ee/xml/ns/jakartaee https://jakarta.ee/xml/ns/jakartaee/web-app_6_0.xsd"
-  version="6.0">
-  <!-- Servlets -->
-
-  <!-- Servlet for injected backends actions -->
-  <servlet>
-    <display-name>BackendServlet</display-name>
-    <servlet-name>backend-servlet</servlet-name>
-    <servlet-class>google.registry.module.backend.BackendServlet</servlet-class>
-    <load-on-startup>1</load-on-startup>
-  </servlet>
-
-  <!-- RDE -->
-
-  <!--
-    Responsible for scanning the database to create a full deposit for a single TLD
-    and streaming it to cloud storage. Requests are sent here by App Engine after
-    `RdeCreateCronServlet` enqueues a task specifying a URL that points to this servlet.
-  -->
-  <servlet-mapping>
-    <servlet-name>backend-servlet</servlet-name>
-    <url-pattern>/_dr/task/rdeStaging</url-pattern>
-  </servlet-mapping>
-
-  <!--
-    Once `rdeCreateFullCron` finishes writing a deposit file to cloud storage, it'll
-    launch this task with the cloud filename so it can be uploaded to Iron Mountain
-    via SFTP. The file is deleted once the upload completes. This should be run via
-    `rde-upload-backend`.
-  -->
-  <servlet-mapping>
-    <servlet-name>backend-servlet</servlet-name>
-    <url-pattern>/_dr/task/rdeUpload</url-pattern>
-  </servlet-mapping>
-
-  <!-- Sends an XML RDE report to ICANN's HTTP server after rdeUploadTask finishes. -->
-  <servlet-mapping>
-    <servlet-name>backend-servlet</servlet-name>
-    <url-pattern>/_dr/task/rdeReport</url-pattern>
-  </servlet-mapping>
-
-  <!--
-    Bulk Registration Data Access. This task creates a thin escrow deposit
-    and saves it to cloud storage, where a separate script owned by the SREs
-    uploads it to ICANN.
-  -->
-  <servlet-mapping>
-    <servlet-name>backend-servlet</servlet-name>
-    <url-pattern>/_dr/task/brdaCopy</url-pattern>
-  </servlet-mapping>
-
-  <!-- Billing -->
-
-  <!--
-    Generates the invoice CSV for the month, which we send to billing to charge
-    registrars for their registrations.
-  -->
-  <servlet-mapping>
-    <servlet-name>backend-servlet</servlet-name>
-    <url-pattern>/_dr/task/generateInvoices</url-pattern>
-  </servlet-mapping>
-
-  <!--
-    Emails the month's invoice CSV to the internal billing team, and publishes
-    the detail reports to the individual registrars' drive accounts.
-  -->
-  <servlet-mapping>
-    <servlet-name>backend-servlet</servlet-name>
-    <url-pattern>/_dr/task/publishInvoices</url-pattern>
-  </servlet-mapping>
-
-  <!--
-    Copies invoice detail reports from GCS to the associated registrar's Drive folder.
-  -->
-  <servlet-mapping>
-    <servlet-name>backend-servlet</servlet-name>
-    <url-pattern>/_dr/task/copyDetailReports</url-pattern>
-  </servlet-mapping>
-
-  <!-- ICANN Monthly Reporting -->
-
-  <!--
-    Monthly ICANN transaction and activity reports. This task generates report
-    files (in CSV format) and stores them in GCS under
-    gs://domain-registry-reporting/icann/monthly/YYYY-MM
-    by default.
-  -->
-  <servlet-mapping>
-    <servlet-name>backend-servlet</servlet-name>
-    <url-pattern>/_dr/task/icannReportingStaging</url-pattern>
-  </servlet-mapping>
-
-  <!--
-    Monthly ICANN transaction and activity reports. This task uploads the generated
-    report files (in CSV format) via an HTTP PUT to ICANN's endpoint.
-  -->
-  <servlet-mapping>
-    <servlet-name>backend-servlet</servlet-name>
-    <url-pattern>/_dr/task/icannReportingUpload</url-pattern>
-  </servlet-mapping>
-
-  <!--
-    Generates the Spec11 report for the month, storing it on GCS.
-  -->
-  <servlet-mapping>
-    <servlet-name>backend-servlet</servlet-name>
-    <url-pattern>/_dr/task/generateSpec11</url-pattern>
-  </servlet-mapping>
-
-  <!--
-    Publishes the Spec11 report for the month, emailing registrars about their
-    registrations which were flagged by the SafeBrowsing API.
-  -->
-  <servlet-mapping>
-    <servlet-name>backend-servlet</servlet-name>
-    <url-pattern>/_dr/task/publishSpec11</url-pattern>
-  </servlet-mapping>
-
-  <!-- Trademark Clearinghouse -->
-
-  <!-- Downloads TMCH DNL data from MarksDB. -->
-  <servlet-mapping>
-    <servlet-name>backend-servlet</servlet-name>
-    <url-pattern>/_dr/task/tmchDnl</url-pattern>
-  </servlet-mapping>
-
-  <!-- Downloads TMCH SMDRL data from MarksDB. -->
-  <servlet-mapping>
-    <servlet-name>backend-servlet</servlet-name>
-    <url-pattern>/_dr/task/tmchSmdrl</url-pattern>
-  </servlet-mapping>
-
-  <!-- Downloads TMCH CRL data from MarksDB. -->
-  <servlet-mapping>
-    <servlet-name>backend-servlet</servlet-name>
-    <url-pattern>/_dr/task/tmchCrl</url-pattern>
-  </servlet-mapping>
-
-  <!-- Reads the LORDN queues and uploads CSV data for sunrise and claims marks to MarksDB. -->
-  <servlet-mapping>
-    <servlet-name>backend-servlet</servlet-name>
-    <url-pattern>/_dr/task/nordnUpload</url-pattern>
-  </servlet-mapping>
-
-  <!-- Verifies upload of LORDN data to MarksDB. -->
-  <servlet-mapping>
-    <servlet-name>backend-servlet</servlet-name>
-    <url-pattern>/_dr/task/nordnVerify</url-pattern>
-  </servlet-mapping>
-
-  <!-- Reads the DNS refresh requests and kick off the appropriate tasks to update zone. -->
-  <servlet-mapping>
-    <servlet-name>backend-servlet</servlet-name>
-    <url-pattern>/_dr/task/readDnsRefreshRequests</url-pattern>
-  </servlet-mapping>
-
-  <!-- Publishes DNS updates. -->
-  <servlet-mapping>
-    <servlet-name>backend-servlet</servlet-name>
-    <url-pattern>/_dr/task/publishDnsUpdates</url-pattern>
-  </servlet-mapping>
-
-  <!-- Manually refreshes DNS information. -->
-  <servlet-mapping>
-    <servlet-name>backend-servlet</servlet-name>
-    <url-pattern>/_dr/task/dnsRefresh</url-pattern>
-  </servlet-mapping>
-
-  <!-- Fans out a cron task over an adjustable range of TLDs. -->
-  <servlet-mapping>
-    <servlet-name>backend-servlet</servlet-name>
-    <url-pattern>/_dr/cron/fanout</url-pattern>
-  </servlet-mapping>
-
-  <!-- Syncs registrars to the registrar spreadsheet.  -->
-  <servlet-mapping>
-    <servlet-name>backend-servlet</servlet-name>
-    <url-pattern>/_dr/task/syncRegistrarsSheet</url-pattern>
-  </servlet-mapping>
-
-  <!-- Exports TLD premium terms. -->
-  <servlet-mapping>
-    <servlet-name>backend-servlet</servlet-name>
-    <url-pattern>/_dr/task/exportPremiumTerms</url-pattern>
-  </servlet-mapping>
-
-  <!-- Exports TLD reserved terms. -->
-  <servlet-mapping>
-    <servlet-name>backend-servlet</servlet-name>
-    <url-pattern>/_dr/task/exportReservedTerms</url-pattern>
-  </servlet-mapping>
-
-  <!-- Syncs RegistrarContact changes to Google Groups. -->
-  <servlet-mapping>
-    <servlet-name>backend-servlet</servlet-name>
-    <url-pattern>/_dr/task/syncGroupMembers</url-pattern>
-  </servlet-mapping>
-
-  <servlet-mapping>
-    <servlet-name>backend-servlet</servlet-name>
-    <url-pattern>/_dr/task/exportDomainLists</url-pattern>
-  </servlet-mapping>
-
-  <!--  Action to delete all prober data. -->
-  <servlet-mapping>
-    <servlet-name>backend-servlet</servlet-name>
-    <url-pattern>/_dr/task/deleteProberData</url-pattern>
-  </servlet-mapping>
-
-  <!--  Action to delete load test data. -->
-  <servlet-mapping>
-    <servlet-name>backend-servlet</servlet-name>
-    <url-pattern>/_dr/task/deleteLoadTestData</url-pattern>
-  </servlet-mapping>
-
-  <!--  Dataflow pipeline to re-save all EPP resources. -->
-  <servlet-mapping>
-    <servlet-name>backend-servlet</servlet-name>
-    <url-pattern>/_dr/task/resaveAllEppResourcesPipeline</url-pattern>
-  </servlet-mapping>
-
-  <!--  Reread all Registrar RDAP Base Urls from the ICANN endpoint. -->
-  <servlet-mapping>
-    <servlet-name>backend-servlet</servlet-name>
-    <url-pattern>/_dr/task/updateRegistrarRdapBaseUrls</url-pattern>
-  </servlet-mapping>
-
-  <!--  Action to re-save a given entity. -->
-  <servlet-mapping>
-    <servlet-name>backend-servlet</servlet-name>
-    <url-pattern>/_dr/task/resaveEntity</url-pattern>
-  </servlet-mapping>
-
-  <!-- Enqueues DNS update tasks following a host rename. -->
-  <servlet-mapping>
-    <servlet-name>backend-servlet</servlet-name>
-    <url-pattern>/_dr/task/refreshDnsOnHostRename</url-pattern>
-  </servlet-mapping>
-
-  <!-- Action to expand BillingRecurrences into BillingEvents. -->
-  <servlet-mapping>
-    <servlet-name>backend-servlet</servlet-name>
-    <url-pattern>/_dr/task/expandBillingRecurrences</url-pattern>
-  </servlet-mapping>
-
-  <!-- Background action to delete domains past end of autorenewal. -->
-  <servlet-mapping>
-    <servlet-name>backend-servlet</servlet-name>
-    <url-pattern>/_dr/task/deleteExpiredDomains</url-pattern>
-  </servlet-mapping>
-
-  <!-- Background action to send notification emails to registrars with expiring certificate. -->
-  <servlet-mapping>
-    <servlet-name>backend-servlet</servlet-name>
-    <url-pattern>/_dr/task/sendExpiringCertificateNotificationEmail</url-pattern>
-  </servlet-mapping>
-
-  <!-- Action to automatically re-lock a domain after unlocking it -->
-  <servlet-mapping>
-    <servlet-name>backend-servlet</servlet-name>
-    <url-pattern>/_dr/task/relockDomain</url-pattern>
-  </servlet-mapping>
-
-  <!-- Background action to wipe out PII fields of ContactHistory entities that
-have been in the database for a certain period of time. -->
-  <servlet-mapping>
-    <servlet-name>backend-servlet</servlet-name>
-    <url-pattern>/_dr/task/wipeOutContactHistoryPii</url-pattern>
-  </servlet-mapping>
-
-  <!-- Action to wipeout Cloud SQL data -->
-  <servlet-mapping>
-    <servlet-name>backend-servlet</servlet-name>
-    <url-pattern>/_dr/task/wipeOutCloudSql</url-pattern>
-  </servlet-mapping>
-
-  <!-- Action to execute canned scripts -->
-  <servlet-mapping>
-    <servlet-name>backend-servlet</servlet-name>
-    <url-pattern>/_dr/task/executeCannedScript</url-pattern>
-  </servlet-mapping>
-
-  <!-- Security config -->
-  <security-constraint>
-    <web-resource-collection>
-      <web-resource-name>Internal</web-resource-name>
-      <description>
-        Admin-only internal section. Requests for paths covered by the URL patterns below will be
-        checked for a logged-in user account that's allowed to access the AppEngine admin console
-        (NOTE: this includes Editor/Viewer permissions in addition to Owner and the new IAM
-        App Engine Admin role. See https://cloud.google.com/appengine/docs/java/access-control
-        specifically the "Access handlers that have a login:admin restriction" line.)
-
-        TODO(b/28219927): lift some of these restrictions so that we can allow OAuth authentication
-        for endpoints that need to be accessed by open-source automated processes.
-      </description>
-
-      <!-- Internal AppEngine endpoints.  The '_ah' is short for app hosting.  -->
-      <url-pattern>/_ah/*</url-pattern>
-
-      <!-- Registrar console (should not be available on non-default module). -->
-      <url-pattern>/registrar*</url-pattern>
-
-      <!-- Verbatim JavaScript sources (only visible to admins for debugging). -->
-      <url-pattern>/assets/sources/*</url-pattern>
-
-    </web-resource-collection>
-    <auth-constraint>
-      <role-name>admin</role-name>
-    </auth-constraint>
-
-    <!-- Repeated here since catch-all rule below is not inherited. -->
-    <user-data-constraint>
-      <transport-guarantee>CONFIDENTIAL</transport-guarantee>
-    </user-data-constraint>
-  </security-constraint>
-
-  <!-- Require TLS on all requests. -->
-  <security-constraint>
-    <web-resource-collection>
-      <web-resource-name>Secure</web-resource-name>
-      <description>
-        Require encryption for all paths. http URLs will be redirected to https.
-      </description>
-      <url-pattern>/*</url-pattern>
-    </web-resource-collection>
-    <user-data-constraint>
-      <transport-guarantee>CONFIDENTIAL</transport-guarantee>
-    </user-data-constraint>
-  </security-constraint>
-</web-app>

core/src/main/java/google/registry/env/common/bsa/WEB-INF/logging.properties

@@ -1,17 +0,0 @@
-# A default java.util.logging configuration.
-# (All App Engine logging is through java.util.logging by default).
-#
-# To use this configuration, copy it into your application's WEB-INF
-# folder and add the following to your appengine-web.xml:
-#
-# <system-properties>
-#   <property name="java.util.logging.config.file" value="WEB-INF/logging.properties"/>
-# </system-properties>
-#
-
-# Set the default logging level for all loggers to INFO.
-.level = INFO
-
-# Turn off logging in Hibernate classes for misleading ERROR-level logs
-org.hibernate.orm.jdbc.batch.level=OFF
-org.hibernate.engine.jdbc.spi.SqlExceptionHelper.level=OFF

core/src/main/java/google/registry/env/common/bsa/WEB-INF/web.xml

@@ -1,87 +0,0 @@
-<web-app xmlns="https://jakarta.ee/xml/ns/jakartaee"
-  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-  xsi:schemaLocation="https://jakarta.ee/xml/ns/jakartaee https://jakarta.ee/xml/ns/jakartaee/web-app_6_0.xsd"
-  version="6.0">
-  <!-- Servlets -->
-
-  <!-- Servlet for injected backends actions -->
-  <servlet>
-    <display-name>BsaServlet</display-name>
-    <servlet-name>bsa-servlet</servlet-name>
-    <servlet-class>google.registry.module.bsa.BsaServlet</servlet-class>
-    <load-on-startup>1</load-on-startup>
-  </servlet>
-
-  <!-- Download action -->
-  <servlet-mapping>
-    <servlet-name>bsa-servlet</servlet-name>
-    <url-pattern>/_dr/task/bsaDownload</url-pattern>
-  </servlet-mapping>
-
-  <!-- Refresh action -->
-  <servlet-mapping>
-    <servlet-name>bsa-servlet</servlet-name>
-    <url-pattern>/_dr/task/bsaRefresh</url-pattern>
-  </servlet-mapping>
-
-  <!-- Refresh action -->
-  <servlet-mapping>
-    <servlet-name>bsa-servlet</servlet-name>
-    <url-pattern>/_dr/task/bsaValidate</url-pattern>
-  </servlet-mapping>
-
-  <!-- Upload unavailable domains to BSA action -->
-  <servlet-mapping>
-    <servlet-name>bsa-servlet</servlet-name>
-    <url-pattern>/_dr/task/uploadBsaUnavailableNames</url-pattern>
-  </servlet-mapping>
-
-  <!-- Security config -->
-  <security-constraint>
-    <web-resource-collection>
-      <web-resource-name>Internal</web-resource-name>
-      <description>
-        Admin-only internal section. Requests for paths covered by the URL patterns below will be
-        checked for a logged-in user account that's allowed to access the AppEngine admin console
-        (NOTE: this includes Editor/Viewer permissions in addition to Owner and the new IAM
-        App Engine Admin role. See https://cloud.google.com/appengine/docs/java/access-control
-        specifically the "Access handlers that have a login:admin restriction" line.)
-
-        TODO(b/28219927): lift some of these restrictions so that we can allow OAuth authentication
-        for endpoints that need to be accessed by open-source automated processes.
-      </description>
-
-      <!-- Internal AppEngine endpoints.  The '_ah' is short for app hosting.  -->
-      <url-pattern>/_ah/*</url-pattern>
-
-      <!-- Registrar console (should not be available on non-default module). -->
-      <url-pattern>/registrar*</url-pattern>
-
-      <!-- Verbatim JavaScript sources (only visible to admins for debugging). -->
-      <url-pattern>/assets/sources/*</url-pattern>
-
-    </web-resource-collection>
-    <auth-constraint>
-      <role-name>admin</role-name>
-    </auth-constraint>
-
-    <!-- Repeated here since catch-all rule below is not inherited. -->
-    <user-data-constraint>
-      <transport-guarantee>CONFIDENTIAL</transport-guarantee>
-    </user-data-constraint>
-  </security-constraint>
-
-  <!-- Require TLS on all requests. -->
-  <security-constraint>
-    <web-resource-collection>
-      <web-resource-name>Secure</web-resource-name>
-      <description>
-        Require encryption for all paths. http URLs will be redirected to https.
-      </description>
-      <url-pattern>/*</url-pattern>
-    </web-resource-collection>
-    <user-data-constraint>
-      <transport-guarantee>CONFIDENTIAL</transport-guarantee>
-    </user-data-constraint>
-  </security-constraint>
-</web-app>

core/src/main/java/google/registry/env/common/default/WEB-INF/dispatch.xml

@@ -1,28 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<dispatch-entries>
-  <!-- Send all public-facing unauthenticated traffic to the pubapi service. -->
-  <dispatch>
-    <url>*/rdap/*</url>
-    <module>pubapi</module>
-  </dispatch>
-  <dispatch>
-    <url>*/whois/*</url>
-    <module>pubapi</module>
-  </dispatch>
-  <dispatch>
-    <url>*/_dr/whois</url>
-    <module>pubapi</module>
-  </dispatch>
-  <dispatch>
-    <url>*/check</url>
-    <module>pubapi</module>
-  </dispatch>
-  <dispatch>
-    <url>*/console/*</url>
-    <module>console</module>
-  </dispatch>
-  <dispatch>
-    <url>*/console</url>
-    <module>console</module>
-  </dispatch>
-</dispatch-entries>

core/src/main/java/google/registry/env/common/default/WEB-INF/logging.properties

@@ -1,17 +0,0 @@
-# A default java.util.logging configuration.
-# (All App Engine logging is through java.util.logging by default).
-#
-# To use this configuration, copy it into your application's WEB-INF
-# folder and add the following to your appengine-web.xml:
-#
-# <system-properties>
-#   <property name="java.util.logging.config.file" value="WEB-INF/logging.properties"/>
-# </system-properties>
-#
-
-# Set the default logging level for all loggers to INFO.
-.level = INFO
-
-# Turn off logging in Hibernate classes for misleading ERROR-level logs
-org.hibernate.orm.jdbc.batch.level=OFF
-org.hibernate.engine.jdbc.spi.SqlExceptionHelper.level=OFF

core/src/main/java/google/registry/env/common/default/WEB-INF/web.xml

@@ -1,66 +0,0 @@
-<web-app xmlns="https://jakarta.ee/xml/ns/jakartaee"
-  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-  xsi:schemaLocation="https://jakarta.ee/xml/ns/jakartaee https://jakarta.ee/xml/ns/jakartaee/web-app_6_0.xsd"
-  version="6.0">
-  <!-- Servlets -->
-
-  <!-- Servlet for injected frontend actions -->
-  <servlet>
-    <display-name>FrontendServlet</display-name>
-    <servlet-name>frontend-servlet</servlet-name>
-    <servlet-class>google.registry.module.frontend.FrontendServlet</servlet-class>
-    <load-on-startup>1</load-on-startup>
-  </servlet>
-
-  <!-- The primary EPP endpoint for the Registry, which accepts EPP requests from our TLS proxy. -->
-  <servlet-mapping>
-    <servlet-name>frontend-servlet</servlet-name>
-    <url-pattern>/_dr/epp</url-pattern>
-  </servlet-mapping>
-
-  <!-- Registrar console endpoints -->
-  <servlet-mapping>
-    <servlet-name>frontend-servlet</servlet-name>
-    <url-pattern>/console-api/*</url-pattern>
-  </servlet-mapping>
-
-  <!-- Security config -->
-  <security-constraint>
-    <web-resource-collection>
-      <web-resource-name>Internal</web-resource-name>
-      <description>
-        Admin-only internal section.  Requests for paths covered by the URL patterns below will be
-        checked for a logged-in user account that's allowed to access the AppEngine admin console
-        (NOTE: this includes Editor/Viewer permissions in addition to Owner and the new IAM
-        App Engine Admin role. See https://cloud.google.com/appengine/docs/java/access-control
-        specifically the "Access handlers that have a login:admin restriction" line.)
-
-        TODO(b/28219927): lift some of these restrictions so that we can allow OAuth authentication
-        for endpoints that need to be accessed by open-source automated processes.
-      </description>
-      <!-- Internal AppEngine endpoints.  The '_ah' is short for app hosting.  -->
-      <url-pattern>/_ah/*</url-pattern>
-    </web-resource-collection>
-    <auth-constraint>
-      <role-name>admin</role-name>
-    </auth-constraint>
-    <!-- Repeated here since catch-all rule below is not inherited. -->
-    <user-data-constraint>
-      <transport-guarantee>CONFIDENTIAL</transport-guarantee>
-    </user-data-constraint>
-  </security-constraint>
-
-  <!-- Require TLS on all requests. -->
-  <security-constraint>
-    <web-resource-collection>
-      <web-resource-name>Secure</web-resource-name>
-      <description>
-        Require encryption for all paths. http URLs will be redirected to https.
-      </description>
-      <url-pattern>/*</url-pattern>
-    </web-resource-collection>
-    <user-data-constraint>
-      <transport-guarantee>CONFIDENTIAL</transport-guarantee>
-    </user-data-constraint>
-  </security-constraint>
-</web-app>

core/src/main/java/google/registry/env/common/pubapi/WEB-INF/logging.properties

@@ -1,17 +0,0 @@
-# A default java.util.logging configuration.
-# (All App Engine logging is through java.util.logging by default).
-#
-# To use this configuration, copy it into your application's WEB-INF
-# folder and add the following to your appengine-web.xml:
-#
-# <system-properties>
-#   <property name="java.util.logging.config.file" value="WEB-INF/logging.properties"/>
-# </system-properties>
-#
-
-# Set the default logging level for all loggers to INFO.
-.level = INFO
-
-# Turn off logging in Hibernate classes for misleading ERROR-level logs
-org.hibernate.orm.jdbc.batch.level=OFF
-org.hibernate.engine.jdbc.spi.SqlExceptionHelper.level=OFF

core/src/main/java/google/registry/env/common/pubapi/WEB-INF/web.xml

@@ -1,107 +0,0 @@
-<web-app xmlns="https://jakarta.ee/xml/ns/jakartaee"
-  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-  xsi:schemaLocation="https://jakarta.ee/xml/ns/jakartaee https://jakarta.ee/xml/ns/jakartaee/web-app_6_0.xsd"
-  version="6.0">
-  <!-- Servlets -->
-
-  <!-- Servlet for injected frontend actions -->
-  <servlet>
-    <display-name>PubApiServlet</display-name>
-    <servlet-name>pubapi-servlet</servlet-name>
-    <servlet-class>google.registry.module.pubapi.PubApiServlet</servlet-class>
-    <load-on-startup>1</load-on-startup>
-  </servlet>
-
-  <!-- HTTP WHOIS. -->
-  <servlet-mapping>
-    <servlet-name>pubapi-servlet</servlet-name>
-    <url-pattern>/whois/*</url-pattern>
-  </servlet-mapping>
-
-  <!-- Protocol WHOIS. -->
-  <servlet-mapping>
-    <servlet-name>pubapi-servlet</servlet-name>
-    <url-pattern>/_dr/whois</url-pattern>
-  </servlet-mapping>
-
-  <!-- RDAP (new WHOIS). -->
-  <servlet-mapping>
-    <servlet-name>pubapi-servlet</servlet-name>
-    <url-pattern>/rdap/*</url-pattern>
-  </servlet-mapping>
-
-  <!-- Public API to do availability checks -->
-  <servlet-mapping>
-    <servlet-name>pubapi-servlet</servlet-name>
-    <url-pattern>/check</url-pattern>
-  </servlet-mapping>
-
-  <!-- Security config -->
-  <security-constraint>
-    <web-resource-collection>
-      <web-resource-name>Internal</web-resource-name>
-      <description>
-        Admin-only internal section.  Requests for paths covered by the URL patterns below will be
-        checked for a logged-in user account that's allowed to access the AppEngine admin console
-        (NOTE: this includes Editor/Viewer permissions in addition to Owner and the new IAM
-        App Engine Admin role.  See https://cloud.google.com/appengine/docs/java/access-control
-        specifically the "Access handlers that have a login:admin restriction" line.)
-
-        TODO(b/28219927): lift some of these restrictions so that we can allow OAuth authentication
-        for endpoints that need to be accessed by open-source automated processes.
-      </description>
-
-      <!-- Internal AppEngine endpoints.  The '_ah' is short for app hosting.  -->
-      <url-pattern>/_ah/*</url-pattern>
-
-      <!-- Verbatim JavaScript sources (only visible to admins for debugging). -->
-      <url-pattern>/assets/sources/*</url-pattern>
-
-      <!-- TODO(b/26776367): Move these files to /assets/sources. -->
-      <url-pattern>/assets/js/registrar_bin.js.map</url-pattern>
-      <url-pattern>/assets/js/registrar_dbg.js</url-pattern>
-      <url-pattern>/assets/css/registrar_dbg.css</url-pattern>
-
-    </web-resource-collection>
-    <auth-constraint>
-      <role-name>admin</role-name>
-    </auth-constraint>
-
-    <!-- Repeated here since catch-all rule below is not inherited. -->
-    <user-data-constraint>
-      <transport-guarantee>CONFIDENTIAL</transport-guarantee>
-    </user-data-constraint>
-  </security-constraint>
-
-  <security-constraint>
-    <web-resource-collection>
-      <web-resource-name>Registrar console</web-resource-name>
-      <description>
-        Registrar console requires user login.  This is in addition to the
-        code-level "requireLogin" configuration on individual @Actions.
-      </description>
-      <url-pattern>/registrar*</url-pattern>
-    </web-resource-collection>
-    <auth-constraint>
-      <role-name>*</role-name>
-    </auth-constraint>
-    <!-- Repeated here since catch-all rule below is not inherited. -->
-    <user-data-constraint>
-      <transport-guarantee>CONFIDENTIAL</transport-guarantee>
-    </user-data-constraint>
-  </security-constraint>
-
-  <!-- Require TLS on all requests. -->
-  <security-constraint>
-    <web-resource-collection>
-      <web-resource-name>Secure</web-resource-name>
-      <description>
-        Require encryption for all paths. http URLs will be redirected to https.
-      </description>
-      <url-pattern>/*</url-pattern>
-    </web-resource-collection>
-    <user-data-constraint>
-      <transport-guarantee>CONFIDENTIAL</transport-guarantee>
-    </user-data-constraint>
-  </security-constraint>
-</web-app>

core/src/main/java/google/registry/env/common/tools/WEB-INF/logging.properties

@@ -1,17 +0,0 @@
-# A default java.util.logging configuration.
-# (All App Engine logging is through java.util.logging by default).
-#
-# To use this configuration, copy it into your application's WEB-INF
-# folder and add the following to your appengine-web.xml:
-#
-# <system-properties>
-#   <property name="java.util.logging.config.file" value="WEB-INF/logging.properties"/>
-# </system-properties>
-#
-
-# Set the default logging level for all loggers to INFO.
-.level = INFO
-
-# Turn off logging in Hibernate classes for misleading ERROR-level logs
-org.hibernate.orm.jdbc.batch.level=OFF
-org.hibernate.engine.jdbc.spi.SqlExceptionHelper.level=OFF

core/src/main/java/google/registry/env/common/tools/WEB-INF/web.xml

@@ -1,120 +0,0 @@
-<web-app xmlns="https://jakarta.ee/xml/ns/jakartaee"
-  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-  xsi:schemaLocation="https://jakarta.ee/xml/ns/jakartaee https://jakarta.ee/xml/ns/jakartaee/web-app_6_0.xsd"
-  version="6.0">
-  <!-- Servlets -->
-
-  <!-- Servlet for injected tools actions -->
-  <servlet>
-    <display-name>ToolsServlet</display-name>
-    <servlet-name>tools-servlet</servlet-name>
-    <servlet-class>google.registry.module.tools.ToolsServlet</servlet-class>
-    <load-on-startup>1</load-on-startup>
-  </servlet>
-
-  <servlet-mapping>
-    <servlet-name>tools-servlet</servlet-name>
-    <url-pattern>/_dr/admin/updateUserGroup</url-pattern>
-  </servlet-mapping>
-
-  <servlet-mapping>
-    <servlet-name>tools-servlet</servlet-name>
-    <url-pattern>/_dr/admin/verifyOte</url-pattern>
-  </servlet-mapping>
-
-  <servlet-mapping>
-    <servlet-name>tools-servlet</servlet-name>
-    <url-pattern>/_dr/admin/createGroups</url-pattern>
-  </servlet-mapping>
-
-  <servlet-mapping>
-    <servlet-name>tools-servlet</servlet-name>
-    <url-pattern>/_dr/admin/createPremiumList</url-pattern>
-  </servlet-mapping>
-
-  <servlet-mapping>
-    <servlet-name>tools-servlet</servlet-name>
-    <url-pattern>/_dr/admin/list/*</url-pattern>
-  </servlet-mapping>
-
-  <servlet-mapping>
-    <servlet-name>tools-servlet</servlet-name>
-    <url-pattern>/_dr/admin/deleteEntity</url-pattern>
-  </servlet-mapping>
-
-  <servlet-mapping>
-    <servlet-name>tools-servlet</servlet-name>
-    <url-pattern>/_dr/admin/updatePremiumList</url-pattern>
-  </servlet-mapping>
-
-  <servlet-mapping>
-    <servlet-name>tools-servlet</servlet-name>
-    <url-pattern>/_dr/loadtest</url-pattern>
-  </servlet-mapping>
-
-  <!--  ExecuteEppCommand uses this to execute remotely. -->
-  <servlet-mapping>
-    <servlet-name>tools-servlet</servlet-name>
-    <url-pattern>/_dr/epptool</url-pattern>
-  </servlet-mapping>
-
-  <!-- Refreshes all active domains in DNS -->
-  <servlet-mapping>
-    <servlet-name>tools-servlet</servlet-name>
-    <url-pattern>/_dr/task/refreshDnsForAllDomains</url-pattern>
-  </servlet-mapping>
-
-  <servlet-mapping>
-    <servlet-name>tools-servlet</servlet-name>
-    <url-pattern>/_dr/task/generateZoneFiles</url-pattern>
-  </servlet-mapping>
-
-  <!-- Security config -->
-  <security-constraint>
-    <web-resource-collection>
-      <web-resource-name>Internal</web-resource-name>
-      <description>
-        Admin-only internal section.  Requests for paths covered by the URL patterns below will be
-        checked for a logged-in user account that's allowed to access the AppEngine admin console
-        (NOTE: this includes Editor/Viewer permissions in addition to Owner and the new IAM
-        App Engine Admin role.  See https://cloud.google.com/appengine/docs/java/access-control
-        specifically the "Access handlers that have a login:admin restriction" line.)
-
-        TODO(b/28219927): lift some of these restrictions so that we can allow OAuth authentication
-        for endpoints that need to be accessed by open-source automated processes.
-     </description>
-
-      <!-- Internal AppEngine endpoints.  The '_ah' is short for app hosting.  -->
-      <url-pattern>/_ah/*</url-pattern>
-
-      <!-- Registrar console (should not be available on non-default module). -->
-      <url-pattern>/registrar*</url-pattern>
-
-      <!-- Verbatim JavaScript sources (only visible to admins for debugging). -->
-      <url-pattern>/assets/sources/*</url-pattern>
-
-    </web-resource-collection>
-    <auth-constraint>
-      <role-name>admin</role-name>
-    </auth-constraint>
-
-    <!-- Repeated here since catch-all rule below is not inherited. -->
-    <user-data-constraint>
-      <transport-guarantee>CONFIDENTIAL</transport-guarantee>
-    </user-data-constraint>
-  </security-constraint>
-
-  <!-- Require TLS on all requests. -->
-  <security-constraint>
-    <web-resource-collection>
-      <web-resource-name>Secure</web-resource-name>
-      <description>
-        Require encryption for all paths. http URLs will be redirected to https.
-      </description>
-      <url-pattern>/*</url-pattern>
-    </web-resource-collection>
-    <user-data-constraint>
-      <transport-guarantee>CONFIDENTIAL</transport-guarantee>
-    </user-data-constraint>
-  </security-constraint>
-</web-app>

core/src/main/java/google/registry/env/crash/backend/WEB-INF/appengine-web.xml

@@ -1,28 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<appengine-web-app xmlns="http://appengine.google.com/ns/1.0">
-
-  <runtime>java21</runtime>
-  <service>backend</service>
-  <app-engine-apis>true</app-engine-apis>
-  <sessions-enabled>true</sessions-enabled>
-  <instance-class>B4</instance-class>
-  <basic-scaling>
-    <max-instances>10</max-instances>
-    <idle-timeout>10m</idle-timeout>
-  </basic-scaling>
-
-  <system-properties>
-    <property name="java.util.logging.config.file"
-              value="WEB-INF/logging.properties"/>
-    <property name="google.registry.environment"
-              value="crash"/>
-  </system-properties>
-
-  <env-variables>
-    <env-var name="GOOGLE_APPLICATION_CREDENTIALS_SKIP_APP_ENGINE" value="true"/>
-  </env-variables>
-
-  <static-files>
-    <include path="/*.html" expiration="1m"/>
-  </static-files>
-</appengine-web-app>

core/src/main/java/google/registry/env/crash/bsa/WEB-INF/appengine-web.xml

@@ -1,34 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<appengine-web-app xmlns="http://appengine.google.com/ns/1.0">
-
-  <runtime>java21</runtime>
-  <service>bsa</service>
-  <app-engine-apis>true</app-engine-apis>
-  <sessions-enabled>true</sessions-enabled>
-  <instance-class>B4</instance-class>
-  <basic-scaling>
-    <max-instances>10</max-instances>
-    <idle-timeout>10m</idle-timeout>
-  </basic-scaling>
-
-  <system-properties>
-    <property name="java.util.logging.config.file"
-              value="WEB-INF/logging.properties"/>
-    <property name="google.registry.environment"
-              value="crash"/>
-  </system-properties>
-
-  <env-variables>
-    <env-var name="GOOGLE_APPLICATION_CREDENTIALS_SKIP_APP_ENGINE" value="true"/>
-  </env-variables>
-
-  <!-- Enable external traffic to go through VPC, required for static ip -->
-  <vpc-access-connector>
-    <name>projects/domain-registry-crash/locations/us-central1/connectors/appengine-connector</name>
-    <egress-setting>all-traffic</egress-setting>
-  </vpc-access-connector>
-
-  <static-files>
-    <include path="/*.html" expiration="1m"/>
-  </static-files>
-</appengine-web-app>

core/src/main/java/google/registry/env/crash/default/WEB-INF/appengine-web.xml

@@ -1,29 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<appengine-web-app xmlns="http://appengine.google.com/ns/1.0">
-
-  <runtime>java21</runtime>
-  <service>default</service>
-  <app-engine-apis>true</app-engine-apis>
-  <sessions-enabled>true</sessions-enabled>
-  <instance-class>B4_1G</instance-class>
-  <basic-scaling>
-    <max-instances>10</max-instances>
-    <idle-timeout>30m</idle-timeout>
-  </basic-scaling>
-
-  <system-properties>
-    <property name="java.util.logging.config.file"
-              value="WEB-INF/logging.properties"/>
-    <property name="google.registry.environment"
-              value="crash"/>
-  </system-properties>
-
-  <env-variables>
-    <env-var name="GOOGLE_APPLICATION_CREDENTIALS_SKIP_APP_ENGINE" value="true"/>
-  </env-variables>
-
-  <static-files>
-    <include path="/*.html" expiration="1m"/>
-    <include path="/registrar/*.html" expiration="1m"/>
-  </static-files>
-</appengine-web-app>

core/src/main/java/google/registry/env/crash/pubapi/WEB-INF/appengine-web.xml

@@ -1,31 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<appengine-web-app xmlns="http://appengine.google.com/ns/1.0">
-
-  <runtime>java21</runtime>
-  <service>pubapi</service>
-  <app-engine-apis>true</app-engine-apis>
-  <sessions-enabled>true</sessions-enabled>
-  <instance-class>B4</instance-class>
-  <basic-scaling>
-    <max-instances>8</max-instances>
-    <idle-timeout>10m</idle-timeout>
-  </basic-scaling>
-
-  <system-properties>
-    <property name="java.util.logging.config.file"
-              value="WEB-INF/logging.properties"/>
-    <property name="google.registry.environment"
-              value="crash"/>
-  </system-properties>
-
-  <env-variables>
-    <env-var name="GOOGLE_APPLICATION_CREDENTIALS_SKIP_APP_ENGINE" value="true"/>
-  </env-variables>
-
-  <static-files>
-    <include path="/*.html" expiration="1m"/>
-    <include path="/assets/js/**" expiration="1m"/>
-    <include path="/assets/css/**" expiration="1m"/>
-    <include path="/assets/images/**" expiration="1m"/>
-  </static-files>
-</appengine-web-app>

core/src/main/java/google/registry/env/crash/tools/WEB-INF/appengine-web.xml

@@ -1,31 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<appengine-web-app xmlns="http://appengine.google.com/ns/1.0">
-
-  <runtime>java21</runtime>
-  <service>tools</service>
-  <app-engine-apis>true</app-engine-apis>
-  <sessions-enabled>true</sessions-enabled>
-  <instance-class>B4</instance-class>
-  <basic-scaling>
-    <max-instances>10</max-instances>
-    <idle-timeout>10m</idle-timeout>
-  </basic-scaling>
-
-  <system-properties>
-    <property name="java.util.logging.config.file"
-              value="WEB-INF/logging.properties"/>
-    <property name="google.registry.environment"
-              value="crash"/>
-  </system-properties>
-
-  <env-variables>
-    <env-var name="GOOGLE_APPLICATION_CREDENTIALS_SKIP_APP_ENGINE" value="true"/>
-  </env-variables>
-
-  <static-files>
-    <include path="/*.html" expiration="1m"/>
-    <include path="/assets/js/**" expiration="1m"/>
-    <include path="/assets/css/**" expiration="1m"/>
-    <include path="/assets/images/**" expiration="1m"/>
-  </static-files>
-</appengine-web-app>

core/src/main/java/google/registry/env/local/backend/WEB-INF/appengine-web.xml

@@ -1,32 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<appengine-web-app xmlns="http://appengine.google.com/ns/1.0">
-
-  <runtime>java21</runtime>
-  <service>backend</service>
-  <app-engine-apis>true</app-engine-apis>
-  <sessions-enabled>true</sessions-enabled>
-  <instance-class>B4</instance-class>
-  <basic-scaling>
-    <max-instances>10</max-instances>
-    <idle-timeout>10m</idle-timeout>
-  </basic-scaling>
-
-  <system-properties>
-    <property name="java.util.logging.config.file"
-              value="WEB-INF/logging.properties"/>
-    <property name="google.registry.environment"
-              value="local"/>
-    <property name="appengine.generated.dir"
-              value="/tmp/domain-registry-appengine-generated/local/"/>
-  </system-properties>
-
-  <env-variables>
-    <env-var name="GOOGLE_APPLICATION_CREDENTIALS_SKIP_APP_ENGINE" value="true"/>
-  </env-variables>
-
-  <static-files>
-    <include path="/*.html">
-      <http-header name="Cache-Control" value="max-age=0,must-revalidate" />
-    </include>
-  </static-files>
-</appengine-web-app>

core/src/main/java/google/registry/env/local/bsa/WEB-INF/appengine-web.xml

@@ -1,32 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<appengine-web-app xmlns="http://appengine.google.com/ns/1.0">
-
-  <runtime>java21</runtime>
-  <service>bsa</service>
-  <app-engine-apis>true</app-engine-apis>
-  <sessions-enabled>true</sessions-enabled>
-  <instance-class>B4</instance-class>
-  <basic-scaling>
-    <max-instances>10</max-instances>
-    <idle-timeout>10m</idle-timeout>
-  </basic-scaling>
-
-  <system-properties>
-    <property name="java.util.logging.config.file"
-              value="WEB-INF/logging.properties"/>
-    <property name="google.registry.environment"
-              value="local"/>
-    <property name="appengine.generated.dir"
-              value="/tmp/domain-registry-appengine-generated/local/"/>
-  </system-properties>
-
-  <env-variables>
-    <env-var name="GOOGLE_APPLICATION_CREDENTIALS_SKIP_APP_ENGINE" value="true"/>
-  </env-variables>
-
-  <static-files>
-    <include path="/*.html">
-      <http-header name="Cache-Control" value="max-age=0,must-revalidate" />
-    </include>
-  </static-files>
-</appengine-web-app>

core/src/main/java/google/registry/env/local/default/WEB-INF/appengine-web.xml

@@ -1,35 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<appengine-web-app xmlns="http://appengine.google.com/ns/1.0">
-
-  <runtime>java21</runtime>
-  <service>default</service>
-  <app-engine-apis>true</app-engine-apis>
-  <sessions-enabled>true</sessions-enabled>
-  <instance-class>B4_1G</instance-class>
-  <basic-scaling>
-    <max-instances>10</max-instances>
-    <idle-timeout>10m</idle-timeout>
-  </basic-scaling>
-
-  <system-properties>
-    <property name="java.util.logging.config.file"
-              value="WEB-INF/logging.properties"/>
-    <property name="google.registry.environment"
-              value="local"/>
-    <property name="appengine.generated.dir"
-              value="/tmp/domain-registry-appengine-generated/local/"/>
-  </system-properties>
-
-  <env-variables>
-    <env-var name="GOOGLE_APPLICATION_CREDENTIALS_SKIP_APP_ENGINE" value="true"/>
-  </env-variables>
-
-  <static-files>
-    <include path="/*.html">
-      <http-header name="Cache-Control" value="max-age=0,must-revalidate" />
-    </include>
-    <include path="/registrar/*.html">
-      <http-header name="Cache-Control" value="max-age=0,must-revalidate" />
-    </include>
-  </static-files>
-</appengine-web-app>

core/src/main/java/google/registry/env/local/pubapi/WEB-INF/appengine-web.xml

@@ -1,41 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<appengine-web-app xmlns="http://appengine.google.com/ns/1.0">
-
-  <runtime>java21</runtime>
-  <service>pubapi</service>
-  <app-engine-apis>true</app-engine-apis>
-  <sessions-enabled>true</sessions-enabled>
-  <instance-class>B4</instance-class>
-  <basic-scaling>
-    <max-instances>8</max-instances>
-    <idle-timeout>10m</idle-timeout>
-  </basic-scaling>
-
-  <system-properties>
-    <property name="java.util.logging.config.file"
-              value="WEB-INF/logging.properties"/>
-    <property name="google.registry.environment"
-              value="local"/>
-    <property name="appengine.generated.dir"
-              value="/tmp/domain-registry-appengine-generated/local/"/>
-  </system-properties>
-
-  <env-variables>
-    <env-var name="GOOGLE_APPLICATION_CREDENTIALS_SKIP_APP_ENGINE" value="true"/>
-  </env-variables>
-
-  <static-files>
-    <include path="/*.html">
-      <http-header name="Cache-Control" value="max-age=0,must-revalidate" />
-    </include>
-    <include path="/assets/js/**">
-      <http-header name="Cache-Control" value="max-age=0,must-revalidate" />
-    </include>
-    <include path="/assets/css/**">
-      <http-header name="Cache-Control" value="max-age=0,must-revalidate" />
-    </include>
-    <include path="/assets/images/**">
-      <http-header name="Cache-Control" value="max-age=0,must-revalidate" />
-    </include>
-  </static-files>
-</appengine-web-app>

core/src/main/java/google/registry/env/local/tools/WEB-INF/appengine-web.xml

@@ -1,41 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<appengine-web-app xmlns="http://appengine.google.com/ns/1.0">
-
-  <runtime>java21</runtime>
-  <service>tools</service>
-  <app-engine-apis>true</app-engine-apis>
-  <sessions-enabled>true</sessions-enabled>
-  <instance-class>B4</instance-class>
-  <basic-scaling>
-    <max-instances>10</max-instances>
-    <idle-timeout>10m</idle-timeout>
-  </basic-scaling>
-
-  <system-properties>
-    <property name="java.util.logging.config.file"
-              value="WEB-INF/logging.properties"/>
-    <property name="google.registry.environment"
-              value="local"/>
-    <property name="appengine.generated.dir"
-              value="/tmp/domain-registry-appengine-generated/local/"/>
-  </system-properties>
-
-  <env-variables>
-    <env-var name="GOOGLE_APPLICATION_CREDENTIALS_SKIP_APP_ENGINE" value="true"/>
-  </env-variables>
-
-  <static-files>
-    <include path="/*.html">
-      <http-header name="Cache-Control" value="max-age=0,must-revalidate" />
-    </include>
-    <include path="/assets/js/**">
-      <http-header name="Cache-Control" value="max-age=0,must-revalidate" />
-    </include>
-    <include path="/assets/css/**">
-      <http-header name="Cache-Control" value="max-age=0,must-revalidate" />
-    </include>
-    <include path="/assets/images/**">
-      <http-header name="Cache-Control" value="max-age=0,must-revalidate" />
-    </include>
-  </static-files>
-</appengine-web-app>

core/src/main/java/google/registry/env/production/backend/WEB-INF/appengine-web.xml

@@ -1,33 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<appengine-web-app xmlns="http://appengine.google.com/ns/1.0">
-
-  <runtime>java21</runtime>
-  <service>backend</service>
-  <app-engine-apis>true</app-engine-apis>
-  <sessions-enabled>true</sessions-enabled>
-  <instance-class>B4_1G</instance-class>
-  <basic-scaling>
-    <max-instances>100</max-instances>
-    <idle-timeout>10m</idle-timeout>
-  </basic-scaling>
-
-  <system-properties>
-    <property name="java.util.logging.config.file"
-              value="WEB-INF/logging.properties"/>
-    <property name="google.registry.environment"
-              value="production"/>
-  </system-properties>
-
-  <env-variables>
-    <env-var name="GOOGLE_APPLICATION_CREDENTIALS_SKIP_APP_ENGINE" value="true"/>
-  </env-variables>
-
-  <static-files>
-    <include path="/*.html" expiration="1d"/>
-  </static-files>
-
-  <!-- Prevent uncaught servlet errors from leaking a stack trace. -->
-  <static-error-handlers>
-    <handler file="error.html"/>
-  </static-error-handlers>
-</appengine-web-app>

core/src/main/java/google/registry/env/production/bsa/WEB-INF/appengine-web.xml

@@ -1,39 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<appengine-web-app xmlns="http://appengine.google.com/ns/1.0">
-
-  <runtime>java21</runtime>
-  <service>bsa</service>
-  <app-engine-apis>true</app-engine-apis>
-  <sessions-enabled>true</sessions-enabled>
-  <instance-class>B4_1G</instance-class>
-  <basic-scaling>
-    <max-instances>3</max-instances>
-    <idle-timeout>60m</idle-timeout>
-  </basic-scaling>
-
-  <system-properties>
-    <property name="java.util.logging.config.file"
-              value="WEB-INF/logging.properties"/>
-    <property name="google.registry.environment"
-              value="production"/>
-  </system-properties>
-
-  <env-variables>
-    <env-var name="GOOGLE_APPLICATION_CREDENTIALS_SKIP_APP_ENGINE" value="true"/>
-  </env-variables>
-
-  <!-- Enable external traffic to go through VPC, required for static ip -->
-  <vpc-access-connector>
-    <name>projects/domain-registry/locations/us-central1/connectors/appengine-connector</name>
-    <egress-setting>all-traffic</egress-setting>
-  </vpc-access-connector>
-
-  <static-files>
-    <include path="/*.html" expiration="1d"/>
-  </static-files>
-
-  <!-- Prevent uncaught servlet errors from leaking a stack trace. -->
-  <static-error-handlers>
-    <handler file="error.html"/>
-  </static-error-handlers>
-</appengine-web-app>

core/src/main/java/google/registry/env/production/default/WEB-INF/appengine-web.xml

@@ -1,33 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<appengine-web-app xmlns="http://appengine.google.com/ns/1.0">
-
-  <runtime>java21</runtime>
-  <service>default</service>
-  <app-engine-apis>true</app-engine-apis>
-  <sessions-enabled>true</sessions-enabled>
-  <instance-class>B4_1G</instance-class>
-  <manual-scaling>
-    <instances>24</instances>
-  </manual-scaling>
-
-  <system-properties>
-    <property name="java.util.logging.config.file"
-              value="WEB-INF/logging.properties"/>
-    <property name="google.registry.environment"
-              value="production"/>
-  </system-properties>
-
-  <env-variables>
-    <env-var name="GOOGLE_APPLICATION_CREDENTIALS_SKIP_APP_ENGINE" value="true"/>
-  </env-variables>
-
-  <static-files>
-    <include path="/*.html" expiration="1d"/>
-    <include path="/registrar/*.html" expiration="1d"/>
-  </static-files>
-
-  <!-- Prevent uncaught servlet errors from leaking a stack trace. -->
-  <static-error-handlers>
-    <handler file="error.html"/>
-  </static-error-handlers>
-</appengine-web-app>

core/src/main/java/google/registry/env/production/pubapi/WEB-INF/appengine-web.xml

@@ -1,35 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<appengine-web-app xmlns="http://appengine.google.com/ns/1.0">
-
-  <runtime>java21</runtime>
-  <service>pubapi</service>
-  <app-engine-apis>true</app-engine-apis>
-  <sessions-enabled>true</sessions-enabled>
-  <instance-class>B4_1G</instance-class>
-  <manual-scaling>
-    <instances>24</instances>
-  </manual-scaling>
-
-  <system-properties>
-    <property name="java.util.logging.config.file"
-              value="WEB-INF/logging.properties"/>
-    <property name="google.registry.environment"
-              value="production"/>
-  </system-properties>
-
-  <env-variables>
-    <env-var name="GOOGLE_APPLICATION_CREDENTIALS_SKIP_APP_ENGINE" value="true"/>
-  </env-variables>
-
-  <static-files>
-    <include path="/*.html" expiration="1d"/>
-    <include path="/assets/js/**" expiration="1d"/>
-    <include path="/assets/css/**" expiration="1d"/>
-    <include path="/assets/images/**" expiration="1d"/>
-  </static-files>
-
-  <!-- Prevent uncaught servlet errors from leaking a stack trace. -->
-  <static-error-handlers>
-    <handler file="error.html"/>
-  </static-error-handlers>
-</appengine-web-app>

core/src/main/java/google/registry/env/production/tools/WEB-INF/appengine-web.xml

@@ -1,36 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<appengine-web-app xmlns="http://appengine.google.com/ns/1.0">
-
-  <runtime>java21</runtime>
-  <service>tools</service>
-  <app-engine-apis>true</app-engine-apis>
-  <sessions-enabled>true</sessions-enabled>
-  <instance-class>B4_1G</instance-class>
-  <basic-scaling>
-    <max-instances>5</max-instances>
-    <idle-timeout>60m</idle-timeout>
-  </basic-scaling>
-
-  <system-properties>
-    <property name="java.util.logging.config.file"
-              value="WEB-INF/logging.properties"/>
-    <property name="google.registry.environment"
-              value="production"/>
-  </system-properties>
-
-  <env-variables>
-    <env-var name="GOOGLE_APPLICATION_CREDENTIALS_SKIP_APP_ENGINE" value="true"/>
-  </env-variables>
-
-  <static-files>
-    <include path="/*.html" expiration="1d"/>
-    <include path="/assets/js/**" expiration="1d"/>
-    <include path="/assets/css/**" expiration="1d"/>
-    <include path="/assets/images/**" expiration="1d"/>
-  </static-files>
-
-  <!-- Prevent uncaught servlet errors from leaking a stack trace. -->
-  <static-error-handlers>
-    <handler file="error.html"/>
-  </static-error-handlers>
-</appengine-web-app>

core/src/main/java/google/registry/env/qa/backend/WEB-INF/appengine-web.xml

@@ -1,33 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<appengine-web-app xmlns="http://appengine.google.com/ns/1.0">
-
-  <runtime>java21</runtime>
-  <service>backend</service>
-  <app-engine-apis>true</app-engine-apis>
-  <sessions-enabled>true</sessions-enabled>
-  <instance-class>B4</instance-class>
-  <basic-scaling>
-    <max-instances>10</max-instances>
-    <idle-timeout>10m</idle-timeout>
-  </basic-scaling>
-
-  <system-properties>
-    <property name="java.util.logging.config.file"
-              value="WEB-INF/logging.properties"/>
-    <property name="google.registry.environment"
-              value="qa"/>
-  </system-properties>
-
-  <env-variables>
-    <env-var name="GOOGLE_APPLICATION_CREDENTIALS_SKIP_APP_ENGINE" value="true"/>
-  </env-variables>
-
-  <static-files>
-    <include path="/*.html" expiration="1h"/>
-  </static-files>
-
-  <!-- Prevent uncaught servlet errors from leaking a stack trace. -->
-  <static-error-handlers>
-    <handler file="error.html"/>
-  </static-error-handlers>
-</appengine-web-app>

core/src/main/java/google/registry/env/qa/bsa/WEB-INF/appengine-web.xml

@@ -1,39 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<appengine-web-app xmlns="http://appengine.google.com/ns/1.0">
-
-  <runtime>java21</runtime>
-  <service>bsa</service>
-  <app-engine-apis>true</app-engine-apis>
-  <sessions-enabled>true</sessions-enabled>
-  <instance-class>B4</instance-class>
-  <basic-scaling>
-    <max-instances>10</max-instances>
-    <idle-timeout>10m</idle-timeout>
-  </basic-scaling>
-
-  <system-properties>
-    <property name="java.util.logging.config.file"
-              value="WEB-INF/logging.properties"/>
-    <property name="google.registry.environment"
-              value="qa"/>
-  </system-properties>
-
-  <env-variables>
-    <env-var name="GOOGLE_APPLICATION_CREDENTIALS_SKIP_APP_ENGINE" value="true"/>
-  </env-variables>
-
-  <static-files>
-    <include path="/*.html" expiration="1h"/>
-  </static-files>
-
-    <!-- Enable external traffic to go through VPC, required for static ip -->
-  <vpc-access-connector>
-    <name>projects/domain-registry-qa/locations/us-central1/connectors/appengine-connector</name>
-    <egress-setting>all-traffic</egress-setting>
-  </vpc-access-connector>
-
-  <!-- Prevent uncaught servlet errors from leaking a stack trace. -->
-  <static-error-handlers>
-    <handler file="error.html"/>
-  </static-error-handlers>
-</appengine-web-app>

core/src/main/java/google/registry/env/qa/default/WEB-INF/appengine-web.xml

@@ -1,37 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<appengine-web-app xmlns="http://appengine.google.com/ns/1.0">
-
-  <runtime>java21</runtime>
-  <service>default</service>
-  <app-engine-apis>true</app-engine-apis>
-  <sessions-enabled>true</sessions-enabled>
-  <instance-class>F4_1G</instance-class>
-  <automatic-scaling>
-    <min-idle-instances>1</min-idle-instances>
-    <max-idle-instances>automatic</max-idle-instances>
-    <min-pending-latency>automatic</min-pending-latency>
-    <max-pending-latency>100ms</max-pending-latency>
-    <max-concurrent-requests>10</max-concurrent-requests>
-  </automatic-scaling>
-
-  <system-properties>
-    <property name="java.util.logging.config.file"
-              value="WEB-INF/logging.properties"/>
-    <property name="google.registry.environment"
-              value="qa"/>
-  </system-properties>
-
-  <env-variables>
-    <env-var name="GOOGLE_APPLICATION_CREDENTIALS_SKIP_APP_ENGINE" value="true"/>
-  </env-variables>
-
-  <static-files>
-    <include path="/*.html" expiration="1h"/>
-    <include path="/registrar/*.html" expiration="1h"/>
-  </static-files>
-
-  <!-- Prevent uncaught servlet errors from leaking a stack trace. -->
-  <static-error-handlers>
-    <handler file="error.html"/>
-  </static-error-handlers>
-</appengine-web-app>

core/src/main/java/google/registry/env/qa/pubapi/WEB-INF/appengine-web.xml

@@ -1,36 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<appengine-web-app xmlns="http://appengine.google.com/ns/1.0">
-
-  <runtime>java21</runtime>
-  <service>pubapi</service>
-  <app-engine-apis>true</app-engine-apis>
-  <sessions-enabled>true</sessions-enabled>
-  <instance-class>B4</instance-class>
-  <basic-scaling>
-    <max-instances>10</max-instances>
-    <idle-timeout>10m</idle-timeout>
-  </basic-scaling>
-
-  <system-properties>
-    <property name="java.util.logging.config.file"
-              value="WEB-INF/logging.properties"/>
-    <property name="google.registry.environment"
-              value="qa"/>
-  </system-properties>
-
-  <env-variables>
-    <env-var name="GOOGLE_APPLICATION_CREDENTIALS_SKIP_APP_ENGINE" value="true"/>
-  </env-variables>
-
-  <static-files>
-    <include path="/*.html" expiration="1h"/>
-    <include path="/assets/js/**" expiration="1h"/>
-    <include path="/assets/css/**" expiration="1h"/>
-    <include path="/assets/images/**" expiration="1h"/>
-  </static-files>
-
-  <!-- Prevent uncaught servlet errors from leaking a stack trace. -->
-  <static-error-handlers>
-    <handler file="error.html"/>
-  </static-error-handlers>
-</appengine-web-app>

core/src/main/java/google/registry/env/qa/tools/WEB-INF/appengine-web.xml

@@ -1,36 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<appengine-web-app xmlns="http://appengine.google.com/ns/1.0">
-
-  <runtime>java21</runtime>
-  <service>tools</service>
-  <app-engine-apis>true</app-engine-apis>
-  <sessions-enabled>true</sessions-enabled>
-  <instance-class>B4</instance-class>
-  <basic-scaling>
-    <max-instances>10</max-instances>
-    <idle-timeout>10m</idle-timeout>
-  </basic-scaling>
-
-  <system-properties>
-    <property name="java.util.logging.config.file"
-              value="WEB-INF/logging.properties"/>
-    <property name="google.registry.environment"
-              value="qa"/>
-  </system-properties>
-
-  <env-variables>
-    <env-var name="GOOGLE_APPLICATION_CREDENTIALS_SKIP_APP_ENGINE" value="true"/>
-  </env-variables>
-
-  <static-files>
-    <include path="/*.html" expiration="1h"/>
-    <include path="/assets/js/**" expiration="1h"/>
-    <include path="/assets/css/**" expiration="1h"/>
-    <include path="/assets/images/**" expiration="1h"/>
-  </static-files>
-
-  <!-- Prevent uncaught servlet errors from leaking a stack trace. -->
-  <static-error-handlers>
-    <handler file="error.html"/>
-  </static-error-handlers>
-</appengine-web-app>

core/src/main/java/google/registry/env/sandbox/backend/WEB-INF/appengine-web.xml

@@ -1,33 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<appengine-web-app xmlns="http://appengine.google.com/ns/1.0">
-
-  <runtime>java21</runtime>
-  <service>backend</service>
-  <app-engine-apis>true</app-engine-apis>
-  <sessions-enabled>true</sessions-enabled>
-  <instance-class>B4</instance-class>
-  <basic-scaling>
-    <max-instances>100</max-instances>
-    <idle-timeout>10m</idle-timeout>
-  </basic-scaling>
-
-  <system-properties>
-    <property name="java.util.logging.config.file"
-              value="WEB-INF/logging.properties"/>
-    <property name="google.registry.environment"
-              value="sandbox"/>
-  </system-properties>
-
-  <env-variables>
-    <env-var name="GOOGLE_APPLICATION_CREDENTIALS_SKIP_APP_ENGINE" value="true"/>
-  </env-variables>
-
-  <static-files>
-    <include path="/*.html" expiration="1d"/>
-  </static-files>
-
-  <!-- Prevent uncaught servlet errors from leaking a stack trace. -->
-  <static-error-handlers>
-    <handler file="error.html"/>
-  </static-error-handlers>
-</appengine-web-app>

core/src/main/java/google/registry/env/sandbox/bsa/WEB-INF/appengine-web.xml

@@ -1,39 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<appengine-web-app xmlns="http://appengine.google.com/ns/1.0">
-
-  <runtime>java21</runtime>
-  <service>bsa</service>
-  <app-engine-apis>true</app-engine-apis>
-  <sessions-enabled>true</sessions-enabled>
-  <instance-class>B4</instance-class>
-  <basic-scaling>
-    <max-instances>3</max-instances>
-    <idle-timeout>60m</idle-timeout>
-  </basic-scaling>
-
-  <system-properties>
-    <property name="java.util.logging.config.file"
-              value="WEB-INF/logging.properties"/>
-    <property name="google.registry.environment"
-              value="sandbox"/>
-  </system-properties>
-
-  <env-variables>
-    <env-var name="GOOGLE_APPLICATION_CREDENTIALS_SKIP_APP_ENGINE" value="true"/>
-  </env-variables>
-
-  <static-files>
-    <include path="/*.html" expiration="1d"/>
-  </static-files>
-
-  <!-- Enable external traffic to go through VPC, required for static ip -->
-  <vpc-access-connector>
-    <name>projects/domain-registry-sandbox/locations/us-central1/connectors/appengine-connector</name>
-    <egress-setting>all-traffic</egress-setting>
-  </vpc-access-connector>
-
-  <!-- Prevent uncaught servlet errors from leaking a stack trace. -->
-  <static-error-handlers>
-    <handler file="error.html"/>
-  </static-error-handlers>
-</appengine-web-app>

core/src/main/java/google/registry/env/sandbox/default/WEB-INF/appengine-web.xml

@@ -1,33 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<appengine-web-app xmlns="http://appengine.google.com/ns/1.0">
-
-  <runtime>java21</runtime>
-  <service>default</service>
-  <app-engine-apis>true</app-engine-apis>
-  <sessions-enabled>true</sessions-enabled>
-  <instance-class>B4_1G</instance-class>
-  <manual-scaling>
-    <instances>6</instances>
-  </manual-scaling>
-
-  <system-properties>
-    <property name="java.util.logging.config.file"
-              value="WEB-INF/logging.properties"/>
-    <property name="google.registry.environment"
-              value="sandbox"/>
-  </system-properties>
-
-  <env-variables>
-    <env-var name="GOOGLE_APPLICATION_CREDENTIALS_SKIP_APP_ENGINE" value="true"/>
-  </env-variables>
-
-  <static-files>
-    <include path="/*.html" expiration="1d"/>
-    <include path="/registrar/*.html" expiration="1d"/>
-  </static-files>
-
-  <!-- Prevent uncaught servlet errors from leaking a stack trace. -->
-  <static-error-handlers>
-    <handler file="error.html"/>
-  </static-error-handlers>
-</appengine-web-app>

core/src/main/java/google/registry/env/sandbox/pubapi/WEB-INF/appengine-web.xml

@@ -1,35 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<appengine-web-app xmlns="http://appengine.google.com/ns/1.0">
-
-  <runtime>java21</runtime>
-  <service>pubapi</service>
-  <app-engine-apis>true</app-engine-apis>
-  <sessions-enabled>true</sessions-enabled>
-  <instance-class>B4_1G</instance-class>
-  <manual-scaling>
-    <instances>5</instances>
-  </manual-scaling>
-
-  <system-properties>
-    <property name="java.util.logging.config.file"
-              value="WEB-INF/logging.properties"/>
-    <property name="google.registry.environment"
-              value="sandbox"/>
-  </system-properties>
-
-  <env-variables>
-    <env-var name="GOOGLE_APPLICATION_CREDENTIALS_SKIP_APP_ENGINE" value="true"/>
-  </env-variables>
-
-  <static-files>
-    <include path="/*.html" expiration="1d"/>
-    <include path="/assets/js/**" expiration="1d"/>
-    <include path="/assets/css/**" expiration="1d"/>
-    <include path="/assets/images/**" expiration="1d"/>
-  </static-files>
-
-  <!-- Prevent uncaught servlet errors from leaking a stack trace. -->
-  <static-error-handlers>
-    <handler file="error.html"/>
-  </static-error-handlers>
-</appengine-web-app>

core/src/main/java/google/registry/env/sandbox/tools/WEB-INF/appengine-web.xml

@@ -1,36 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<appengine-web-app xmlns="http://appengine.google.com/ns/1.0">
-
-  <runtime>java21</runtime>
-  <service>tools</service>
-  <app-engine-apis>true</app-engine-apis>
-  <sessions-enabled>true</sessions-enabled>
-  <instance-class>B4</instance-class>
-  <basic-scaling>
-    <max-instances>5</max-instances>
-    <idle-timeout>60m</idle-timeout>
-  </basic-scaling>
-
-  <system-properties>
-    <property name="java.util.logging.config.file"
-              value="WEB-INF/logging.properties"/>
-    <property name="google.registry.environment"
-              value="sandbox"/>
-  </system-properties>
-
-  <env-variables>
-    <env-var name="GOOGLE_APPLICATION_CREDENTIALS_SKIP_APP_ENGINE" value="true"/>
-  </env-variables>
-
-  <static-files>
-    <include path="/*.html" expiration="1d"/>
-    <include path="/assets/js/**" expiration="1d"/>
-    <include path="/assets/css/**" expiration="1d"/>
-    <include path="/assets/images/**" expiration="1d"/>
-  </static-files>
-
-  <!-- Prevent uncaught servlet errors from leaking a stack trace. -->
-  <static-error-handlers>
-    <handler file="error.html"/>
-  </static-error-handlers>
-</appengine-web-app>

core/src/main/java/google/registry/export/ExportDomainListsAction.java

@@ -36,7 +36,6 @@ import google.registry.model.eppcommon.StatusValue;
 import google.registry.model.tld.Tld;
 import google.registry.model.tld.Tld.TldType;
 import google.registry.request.Action;
-import google.registry.request.Action.GaeService;
 import google.registry.request.auth.Auth;
 import google.registry.storage.drive.DriveConnection;
 import google.registry.util.Clock;
@@ -58,7 +57,7 @@ import org.joda.time.DateTimeZone;
  * name TLD.txt into the domain-lists bucket. Note that this overwrites the files in place.
  */
 @Action(
-    service = GaeService.BACKEND,
+    service = Action.Service.BACKEND,
     path = "/_dr/task/exportDomainLists",
     method = POST,
     auth = Auth.AUTH_ADMIN)

core/src/main/java/google/registry/export/ExportPremiumTermsAction.java

@@ -33,7 +33,6 @@ import google.registry.model.tld.Tld;
 import google.registry.model.tld.label.PremiumList.PremiumEntry;
 import google.registry.model.tld.label.PremiumListDao;
 import google.registry.request.Action;
-import google.registry.request.Action.GaeService;
 import google.registry.request.Parameter;
 import google.registry.request.RequestParameters;
 import google.registry.request.Response;
@@ -46,7 +45,7 @@ import java.util.SortedSet;
 
 /** Action that exports the premium terms list for a TLD to Google Drive. */
 @Action(
-    service = GaeService.BACKEND,
+    service = Action.Service.BACKEND,
     path = "/_dr/task/exportPremiumTerms",
     method = POST,
     auth = Auth.AUTH_ADMIN)

core/src/main/java/google/registry/export/ExportReservedTermsAction.java

@@ -25,7 +25,6 @@ import com.google.common.flogger.FluentLogger;
 import com.google.common.net.MediaType;
 import google.registry.model.tld.Tld;
 import google.registry.request.Action;
-import google.registry.request.Action.GaeService;
 import google.registry.request.Parameter;
 import google.registry.request.RequestParameters;
 import google.registry.request.Response;
@@ -35,7 +34,7 @@ import jakarta.inject.Inject;
 
 /** Action that exports the publicly viewable reserved terms list for a TLD to Google Drive. */
 @Action(
-    service = GaeService.BACKEND,
+    service = Action.Service.BACKEND,
     path = "/_dr/task/exportReservedTerms",
     method = POST,
     auth = Auth.AUTH_ADMIN)

core/src/main/java/google/registry/export/SyncGroupMembersAction.java

@@ -34,7 +34,6 @@ import google.registry.groups.GroupsConnection.Role;
 import google.registry.model.registrar.Registrar;
 import google.registry.model.registrar.RegistrarPoc;
 import google.registry.request.Action;
-import google.registry.request.Action.GaeService;
 import google.registry.request.Response;
 import google.registry.request.auth.Auth;
 import google.registry.util.Retrier;
@@ -53,7 +52,7 @@ import javax.annotation.Nullable;
  * <p>This uses the <a href="https://developers.google.com/admin-sdk/directory/">Directory API</a>.
  */
 @Action(
-    service = GaeService.BACKEND,
+    service = Action.Service.BACKEND,
     path = "/_dr/task/syncGroupMembers",
     method = POST,
     auth = Auth.AUTH_ADMIN)

core/src/main/java/google/registry/export/sheet/SyncRegistrarsSheet.java

@@ -128,10 +128,10 @@ class SyncRegistrarsSheet {
                   builder.put("billingContacts", convertContacts(contacts, byType(BILLING)));
                   builder.put(
                       "contactsMarkedAsWhoisAdmin",
-                      convertContacts(contacts, RegistrarPoc::getVisibleInWhoisAsAdmin));
+                      convertContacts(contacts, RegistrarPoc::getVisibleInRdapAsAdmin));
                   builder.put(
                       "contactsMarkedAsWhoisTech",
-                      convertContacts(contacts, RegistrarPoc::getVisibleInWhoisAsTech));
+                      convertContacts(contacts, RegistrarPoc::getVisibleInRdapAsTech));
                   builder.put("emailAddress", convert(registrar.getEmailAddress()));
                   builder.put("address.street", convert(address.getStreet()));
                   builder.put("address.city", convert(address.getCity()));

core/src/main/java/google/registry/export/sheet/SyncRegistrarsSheetAction.java

@@ -24,7 +24,6 @@ import static jakarta.servlet.http.HttpServletResponse.SC_OK;
 import com.google.common.flogger.FluentLogger;
 import google.registry.config.RegistryConfig.Config;
 import google.registry.request.Action;
-import google.registry.request.Action.GaeService;
 import google.registry.request.Parameter;
 import google.registry.request.Response;
 import google.registry.request.auth.Auth;
@@ -55,7 +54,7 @@ import org.joda.time.Duration;
  * @see SyncRegistrarsSheet
  */
 @Action(
-    service = GaeService.BACKEND,
+    service = Action.Service.BACKEND,
     path = SyncRegistrarsSheetAction.PATH,
     method = POST,
     auth = Auth.AUTH_ADMIN)

core/src/main/java/google/registry/flows/CheckApiAction.java

@@ -38,7 +38,6 @@ import static google.registry.pricing.PricingEngineProxy.isDomainPremium;
 import static google.registry.util.DomainNameUtils.canonicalizeHostname;
 import static org.json.simple.JSONValue.toJSONString;
 
-import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
 import com.google.common.collect.ImmutableSet;
 import com.google.common.flogger.FluentLogger;
@@ -55,7 +54,6 @@ import google.registry.model.tld.label.ReservationType;
 import google.registry.monitoring.whitebox.CheckApiMetric;
 import google.registry.monitoring.whitebox.CheckApiMetric.Availability;
 import google.registry.request.Action;
-import google.registry.request.Action.GaeService;
 import google.registry.request.Parameter;
 import google.registry.request.RequestParameters;
 import google.registry.request.Response;
@@ -73,7 +71,7 @@ import org.joda.time.DateTime;
  * user controlled, lest it open an XSS vector. Do not modify this to return the domain name in the
  * response.
  */
-@Action(service = GaeService.PUBAPI, path = "/check", auth = Auth.AUTH_PUBLIC)
+@Action(service = Action.Service.PUBAPI, path = "/check", auth = Auth.AUTH_PUBLIC)
 public class CheckApiAction implements Runnable {
 
   private static final FluentLogger logger = FluentLogger.forEnclosingClass();
@@ -185,8 +183,7 @@ public class CheckApiAction implements Runnable {
   }
 
   private boolean checkExists(String domainString, DateTime now) {
-    return !ForeignKeyUtils.loadByCache(Domain.class, ImmutableList.of(domainString), now)
-        .isEmpty();
+    return ForeignKeyUtils.loadKeyByCache(Domain.class, domainString, now).isPresent();
   }
 
   private Optional<String> checkReserved(InternetDomainName domainName) {

core/src/main/java/google/registry/flows/EppTlsAction.java

@@ -15,7 +15,6 @@
 package google.registry.flows;
 
 import google.registry.request.Action;
-import google.registry.request.Action.GaeService;
 import google.registry.request.Action.Method;
 import google.registry.request.Payload;
 import google.registry.request.auth.Auth;
@@ -27,7 +26,7 @@ import jakarta.servlet.http.HttpServletRequest;
  * to RFC 5730. Commands must be requested via POST.
  */
 @Action(
-    service = GaeService.DEFAULT,
+    service = Action.Service.FRONTEND,
     path = "/_dr/epp",
     method = Method.POST,
     auth = Auth.AUTH_ADMIN)

core/src/main/java/google/registry/flows/EppToolAction.java

@@ -22,7 +22,6 @@ import dagger.Module;
 import dagger.Provides;
 import google.registry.model.eppcommon.ProtocolDefinition;
 import google.registry.request.Action;
-import google.registry.request.Action.GaeService;
 import google.registry.request.Action.Method;
 import google.registry.request.Parameter;
 import google.registry.request.auth.Auth;
@@ -31,7 +30,7 @@ import jakarta.servlet.http.HttpServletRequest;
 
 /** Runs EPP commands directly without logging in, verifying an XSRF token from the tool. */
 @Action(
-    service = GaeService.TOOLS,
+    service = Action.Service.BACKEND,
     path = EppToolAction.PATH,
     method = Method.POST,
     auth = Auth.AUTH_ADMIN)

core/src/main/java/google/registry/flows/FlowUtils.java

@@ -56,9 +56,10 @@ public final class FlowUtils {
     }
   }
 
-  /** Persists the saves and deletes in an {@link EntityChanges} to the DB. */
+  /** Persists the inserts, updates, and deletes in an {@link EntityChanges} to the DB. */
   public static void persistEntityChanges(EntityChanges entityChanges) {
-    tm().putAll(entityChanges.getSaves());
+    tm().insertAll(entityChanges.getInserts());
+    tm().updateAll(entityChanges.getUpdates());
     tm().delete(entityChanges.getDeletes());
   }
 

core/src/main/java/google/registry/flows/ResourceFlowUtils.java

@@ -16,7 +16,6 @@ package google.registry.flows;
 
 import static com.google.common.collect.Sets.intersection;
 import static google.registry.model.EppResourceUtils.isLinked;
-import static google.registry.model.EppResourceUtils.loadByForeignKey;
 import static google.registry.persistence.transaction.TransactionManagerFactory.tm;
 
 import com.google.common.collect.ImmutableSet;
@@ -72,10 +71,9 @@ public final class ResourceFlowUtils {
    */
   public static <R extends EppResource> void checkLinkedDomains(
       final String targetId, final DateTime now, final Class<R> resourceClass) throws EppException {
-    VKey<R> key = ForeignKeyUtils.load(resourceClass, targetId, now);
-    if (key == null) {
-      throw new ResourceDoesNotExistException(resourceClass, targetId);
-    }
+    VKey<R> key =
+        ForeignKeyUtils.loadKey(resourceClass, targetId, now)
+            .orElseThrow(() -> new ResourceDoesNotExistException(resourceClass, targetId));
     if (isLinked(key, now)) {
       throw new ResourceToDeleteIsReferencedException();
     }
@@ -97,7 +95,7 @@ public final class ResourceFlowUtils {
 
   public static <R extends EppResource & ForeignKeyedEppResource> R loadAndVerifyExistence(
       Class<R> clazz, String targetId, DateTime now) throws ResourceDoesNotExistException {
-    return verifyExistence(clazz, targetId, loadByForeignKey(clazz, targetId, now));
+    return verifyExistence(clazz, targetId, ForeignKeyUtils.loadResource(clazz, targetId, now));
   }
 
   public static <R extends EppResource> R verifyExistence(
@@ -107,11 +105,10 @@ public final class ResourceFlowUtils {
 
   public static <R extends EppResource> void verifyResourceDoesNotExist(
       Class<R> clazz, String targetId, DateTime now, String registrarId) throws EppException {
-    VKey<R> key = ForeignKeyUtils.load(clazz, targetId, now);
-    if (key != null) {
-      R resource = tm().loadByKey(key);
+    Optional<R> resource = ForeignKeyUtils.loadResource(clazz, targetId, now);
+    if (resource.isPresent()) {
       // These are similar exceptions, but we can track them internally as log-based metrics.
-      if (Objects.equals(registrarId, resource.getPersistedCurrentSponsorRegistrarId())) {
+      if (Objects.equals(registrarId, resource.get().getPersistedCurrentSponsorRegistrarId())) {
         throw new ResourceAlreadyExistsForThisClientException(targetId);
       } else {
         throw new ResourceCreateContentionException(targetId);

core/src/main/java/google/registry/flows/contact/ContactCheckFlow.java

@@ -16,7 +16,6 @@ package google.registry.flows.contact;
 
 import static google.registry.flows.FlowUtils.validateRegistrarIsLoggedIn;
 import static google.registry.flows.ResourceFlowUtils.verifyTargetIdCount;
-import static google.registry.model.EppResourceUtils.checkResourcesExist;
 
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableSet;
@@ -26,6 +25,7 @@ import google.registry.flows.ExtensionManager;
 import google.registry.flows.FlowModule.RegistrarId;
 import google.registry.flows.TransactionalFlow;
 import google.registry.flows.annotations.ReportingSpec;
+import google.registry.model.ForeignKeyUtils;
 import google.registry.model.contact.Contact;
 import google.registry.model.contact.ContactCommand.Check;
 import google.registry.model.eppinput.ResourceCommand;
@@ -62,7 +62,7 @@ public final class ContactCheckFlow implements TransactionalFlow {
     ImmutableList<String> targetIds = ((Check) resourceCommand).getTargetIds();
     verifyTargetIdCount(targetIds, maxChecks);
     ImmutableSet<String> existingIds =
-        checkResourcesExist(Contact.class, targetIds, clock.nowUtc());
+        ForeignKeyUtils.loadKeys(Contact.class, targetIds, clock.nowUtc()).keySet();
     ImmutableList.Builder<ContactCheck> checks = new ImmutableList.Builder<>();
     for (String id : targetIds) {
       boolean unused = !existingIds.contains(id);

core/src/main/java/google/registry/flows/custom/EntityChanges.java

@@ -19,25 +19,30 @@ import com.google.common.collect.ImmutableSet;
 import google.registry.model.ImmutableObject;
 import google.registry.persistence.VKey;
 
-/** A record that encapsulates database entities to both save and delete. */
+/** A record that encapsulates database entities to insert, update, and delete. */
 public record EntityChanges(
-    ImmutableSet<ImmutableObject> saves, ImmutableSet<VKey<ImmutableObject>> deletes) {
+    ImmutableSet<ImmutableObject> inserts,
+    ImmutableSet<ImmutableObject> updates,
+    ImmutableSet<VKey<ImmutableObject>> deletes) {
 
-  public ImmutableSet<ImmutableObject> getSaves() {
-    return saves;
+  public ImmutableSet<ImmutableObject> getInserts() {
+    return inserts;
+  }
+
+  public ImmutableSet<ImmutableObject> getUpdates() {
+    return updates;
   }
-  ;
 
   public ImmutableSet<VKey<ImmutableObject>> getDeletes() {
     return deletes;
   }
-  ;
 
   public static Builder newBuilder() {
-    // Default both entities to save and entities to delete to empty sets, so that the build()
-    // method won't subsequently throw an exception if one doesn't end up being applicable.
+    // Default inserts, updates, and deletes to empty sets, so that the build() method won't
+    // subsequently throw an exception if one doesn't end up being applicable.
     return new AutoBuilder_EntityChanges_Builder()
-        .setSaves(ImmutableSet.of())
+        .setInserts(ImmutableSet.of())
+        .setUpdates(ImmutableSet.of())
         .setDeletes(ImmutableSet.of());
   }
 
@@ -45,12 +50,21 @@ public record EntityChanges(
   @AutoBuilder
   public interface Builder {
 
-    Builder setSaves(ImmutableSet<ImmutableObject> entitiesToSave);
+    Builder setInserts(ImmutableSet<ImmutableObject> entitiesToInsert);
 
-    ImmutableSet.Builder<ImmutableObject> savesBuilder();
+    ImmutableSet.Builder<ImmutableObject> insertsBuilder();
 
-    default Builder addSave(ImmutableObject entityToSave) {
-      savesBuilder().add(entityToSave);
+    default Builder addInsert(ImmutableObject entityToInsert) {
+      insertsBuilder().add(entityToInsert);
+      return this;
+    }
+
+    Builder setUpdates(ImmutableSet<ImmutableObject> entitiesToUpdate);
+
+    ImmutableSet.Builder<ImmutableObject> updatesBuilder();
+
+    default Builder addUpdate(ImmutableObject entityToUpdate) {
+      updatesBuilder().add(entityToUpdate);
       return this;
     }
 

core/src/main/java/google/registry/flows/domain/DomainCheckFlow.java

@@ -181,7 +181,7 @@ public final class DomainCheckFlow implements TransactionalFlow {
             .setAsOfDate(now)
             .build());
     ImmutableMap<String, VKey<Domain>> existingDomains =
-        ForeignKeyUtils.load(Domain.class, domainNames, now);
+        ForeignKeyUtils.loadKeys(Domain.class, domainNames, now);
     // Check block labels only when there are unregistered domains, since "In use" goes before
     // "Blocked by BSA".
     ImmutableSet<InternetDomainName> bsaBlockedDomainNames =

core/src/main/java/google/registry/flows/domain/DomainCreateFlow.java

@@ -18,7 +18,6 @@ import static com.google.common.collect.ImmutableSet.toImmutableSet;
 import static google.registry.dns.DnsUtils.requestDomainDnsRefresh;
 import static google.registry.flows.FlowUtils.persistEntityChanges;
 import static google.registry.flows.FlowUtils.validateRegistrarIsLoggedIn;
-import static google.registry.flows.ResourceFlowUtils.verifyResourceDoesNotExist;
 import static google.registry.flows.domain.DomainFlowUtils.COLLISION_MESSAGE;
 import static google.registry.flows.domain.DomainFlowUtils.checkAllowedAccessToTld;
 import static google.registry.flows.domain.DomainFlowUtils.checkHasBillingAccount;
@@ -196,7 +195,6 @@ import org.joda.time.Duration;
  * @error {@link DomainFlowUtils.NameserversNotAllowedForTldException}
  * @error {@link DomainFlowUtils.NameserversNotSpecifiedForTldWithNameserverAllowListException}
  * @error {@link DomainFlowUtils.PremiumNameBlockedException}
- * @error {@link DomainFlowUtils.RegistrantNotAllowedException}
  * @error {@link RegistrantProhibitedException}
  * @error {@link DomainFlowUtils.RegistrarMustBeActiveForThisOperationException}
  * @error {@link DomainFlowUtils.TldDoesNotExistException}
@@ -224,6 +222,7 @@ public final class DomainCreateFlow implements MutatingFlow {
   @Inject DomainCreateFlowCustomLogic flowCustomLogic;
   @Inject DomainFlowTmchUtils tmchUtils;
   @Inject DomainPricingLogic pricingLogic;
+  @Inject DomainDeletionTimeCache domainDeletionTimeCache;
 
   @Inject DomainCreateFlow() {}
 
@@ -239,13 +238,13 @@ public final class DomainCreateFlow implements MutatingFlow {
     validateRegistrarIsLoggedIn(registrarId);
     verifyRegistrarIsActive(registrarId);
     extensionManager.validate();
+    verifyDomainDoesNotExist();
     DateTime now = tm().getTransactionTime();
     DomainCommand.Create command = cloneAndLinkReferences((Create) resourceCommand, now);
     Period period = command.getPeriod();
     verifyUnitIsYears(period);
     int years = period.getValue();
     validateRegistrationPeriod(years);
-    verifyResourceDoesNotExist(Domain.class, targetId, now, registrarId);
     // Validate that this is actually a legal domain name on a TLD that the registrar has access to.
     InternetDomainName domainName = validateDomainName(command.getDomainName());
     String domainLabel = domainName.parts().getFirst();
@@ -357,11 +356,11 @@ public final class DomainCreateFlow implements MutatingFlow {
             domainHistoryId, registrationExpirationTime, isAnchorTenant, allocationToken);
     PollMessage.Autorenew autorenewPollMessage =
         createAutorenewPollMessage(domainHistoryId, registrationExpirationTime);
-    ImmutableSet.Builder<ImmutableObject> entitiesToSave = new ImmutableSet.Builder<>();
-    entitiesToSave.add(createBillingEvent, autorenewBillingEvent, autorenewPollMessage);
+    ImmutableSet.Builder<ImmutableObject> entitiesToInsert = new ImmutableSet.Builder<>();
+    entitiesToInsert.add(createBillingEvent, autorenewBillingEvent, autorenewPollMessage);
     // Bill for EAP cost, if any.
     if (!feesAndCredits.getEapCost().isZero()) {
-      entitiesToSave.add(createEapBillingEvent(feesAndCredits, createBillingEvent));
+      entitiesToInsert.add(createEapBillingEvent(feesAndCredits, createBillingEvent));
     }
 
     ImmutableSet<ReservationType> reservationTypes = getReservationTypes(domainName);
@@ -404,12 +403,13 @@ public final class DomainCreateFlow implements MutatingFlow {
     DomainHistory domainHistory =
         buildDomainHistory(domain, tld, now, period, tld.getAddGracePeriodLength());
     if (reservationTypes.contains(NAME_COLLISION)) {
-      entitiesToSave.add(
+      entitiesToInsert.add(
           createNameCollisionOneTimePollMessage(targetId, domainHistory, registrarId, now));
     }
-    entitiesToSave.add(domain, domainHistory);
+    entitiesToInsert.add(domain, domainHistory);
+    ImmutableSet.Builder<ImmutableObject> entitiesToUpdate = new ImmutableSet.Builder<>();
     if (allocationToken.isPresent() && allocationToken.get().getTokenType().isOneTimeUse()) {
-      entitiesToSave.add(
+      entitiesToUpdate.add(
           AllocationTokenFlowUtils.redeemToken(
               allocationToken.get(), domainHistory.getHistoryEntryId()));
     }
@@ -422,7 +422,10 @@ public final class DomainCreateFlow implements MutatingFlow {
                 .setNewDomain(domain)
                 .setHistoryEntry(domainHistory)
                 .setEntityChanges(
-                    EntityChanges.newBuilder().setSaves(entitiesToSave.build()).build())
+                    EntityChanges.newBuilder()
+                        .setInserts(entitiesToInsert.build())
+                        .setUpdates(entitiesToUpdate.build())
+                        .build())
                 .setYears(years)
                 .build());
     persistEntityChanges(entityChanges);
@@ -649,6 +652,15 @@ public final class DomainCreateFlow implements MutatingFlow {
         .build();
   }
 
+  private void verifyDomainDoesNotExist() throws ResourceCreateContentionException {
+    Optional<DateTime> previousDeletionTime =
+        domainDeletionTimeCache.getDeletionTimeForDomain(targetId);
+    if (previousDeletionTime.isPresent()
+        && !tm().getTransactionTime().isAfter(previousDeletionTime.get())) {
+      throw new ResourceCreateContentionException(targetId);
+    }
+  }
+
   private static BillingEvent createEapBillingEvent(
       FeesAndCredits feesAndCredits, BillingEvent createBillingEvent) {
     return new BillingEvent.Builder()

core/src/main/java/google/registry/flows/domain/DomainDeleteFlow.java

@@ -77,6 +77,7 @@ import google.registry.model.domain.fee.FeeTransformResponseExtension;
 import google.registry.model.domain.fee06.FeeDeleteResponseExtensionV06;
 import google.registry.model.domain.fee11.FeeDeleteResponseExtensionV11;
 import google.registry.model.domain.fee12.FeeDeleteResponseExtensionV12;
+import google.registry.model.domain.feestdv1.FeeDeleteResponseExtensionStdV1;
 import google.registry.model.domain.metadata.MetadataExtension;
 import google.registry.model.domain.rgp.GracePeriodStatus;
 import google.registry.model.domain.secdns.SecDnsCreateExtension;
@@ -151,7 +152,7 @@ public final class DomainDeleteFlow implements MutatingFlow, SqlStatementLogging
     verifyDeleteAllowed(existingDomain, tld, now);
     flowCustomLogic.afterValidation(
         AfterValidationParameters.newBuilder().setExistingDomain(existingDomain).build());
-    ImmutableSet.Builder<ImmutableObject> entitiesToSave = new ImmutableSet.Builder<>();
+    ImmutableSet.Builder<ImmutableObject> entitiesToInsert = new ImmutableSet.Builder<>();
     Domain.Builder builder;
     if (existingDomain.getStatusValues().contains(StatusValue.PENDING_TRANSFER)) {
       builder =
@@ -221,7 +222,7 @@ public final class DomainDeleteFlow implements MutatingFlow, SqlStatementLogging
       } else {
         PollMessage.OneTime deletePollMessage =
             createDeletePollMessage(existingDomain, domainHistoryId, deletionTime);
-        entitiesToSave.add(deletePollMessage);
+        entitiesToInsert.add(deletePollMessage);
         builder.setDeletePollMessage(deletePollMessage.createVKey());
       }
     }
@@ -230,7 +231,7 @@ public final class DomainDeleteFlow implements MutatingFlow, SqlStatementLogging
     // registrar other than the sponsoring registrar (which will necessarily be a superuser).
     if (durationUntilDelete.isLongerThan(Duration.ZERO)
         && !registrarId.equals(existingDomain.getPersistedCurrentSponsorRegistrarId())) {
-      entitiesToSave.add(
+      entitiesToInsert.add(
           createImmediateDeletePollMessage(existingDomain, domainHistoryId, now, deletionTime));
     }
 
@@ -239,7 +240,7 @@ public final class DomainDeleteFlow implements MutatingFlow, SqlStatementLogging
     for (GracePeriod gracePeriod : existingDomain.getGracePeriods()) {
       // No cancellation is written if the grace period was not for a billable event.
       if (gracePeriod.hasBillingEvent()) {
-        entitiesToSave.add(
+        entitiesToInsert.add(
             BillingCancellation.forGracePeriod(gracePeriod, now, domainHistoryId, targetId));
         if (gracePeriod.getBillingEvent() != null) {
           // Take the amount of registration time being refunded off the expiration time.
@@ -271,7 +272,7 @@ public final class DomainDeleteFlow implements MutatingFlow, SqlStatementLogging
     // ResourceDeleteFlow since it's listed in serverApproveEntities.
     requestDomainDnsRefresh(existingDomain.getDomainName());
 
-    entitiesToSave.add(newDomain, domainHistory);
+    entitiesToInsert.add(domainHistory);
     EntityChanges entityChanges =
         flowCustomLogic.beforeSave(
             BeforeSaveParameters.newBuilder()
@@ -279,7 +280,10 @@ public final class DomainDeleteFlow implements MutatingFlow, SqlStatementLogging
                 .setNewDomain(newDomain)
                 .setHistoryEntry(domainHistory)
                 .setEntityChanges(
-                    EntityChanges.newBuilder().setSaves(entitiesToSave.build()).build())
+                    EntityChanges.newBuilder()
+                        .setInserts(entitiesToInsert.build())
+                        .addUpdate(newDomain)
+                        .build())
                 .build());
     BeforeResponseReturnData responseData =
         flowCustomLogic.beforeResponse(
@@ -425,6 +429,9 @@ public final class DomainDeleteFlow implements MutatingFlow, SqlStatementLogging
   @Nullable
   private FeeTransformResponseExtension.Builder getDeleteResponseBuilder() {
     Set<String> uris = nullToEmpty(sessionMetadata.getServiceExtensionUris());
+    if (uris.contains(ServiceExtension.FEE_1_00.getUri())) {
+      return new FeeDeleteResponseExtensionStdV1.Builder();
+    }
     if (uris.contains(ServiceExtension.FEE_0_12.getUri())) {
       return new FeeDeleteResponseExtensionV12.Builder();
     }

core/src/main/java/google/registry/flows/domain/DomainDeletionTimeCache.java

@@ -0,0 +1,133 @@
+// Copyright 2025 The Nomulus Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package google.registry.flows.domain;
+
+import static google.registry.persistence.transaction.TransactionManagerFactory.tm;
+
+import com.github.benmanes.caffeine.cache.CacheLoader;
+import com.github.benmanes.caffeine.cache.Caffeine;
+import com.github.benmanes.caffeine.cache.Expiry;
+import com.github.benmanes.caffeine.cache.LoadingCache;
+import com.github.benmanes.caffeine.cache.Ticker;
+import com.google.common.collect.ImmutableSet;
+import google.registry.model.ForeignKeyUtils;
+import google.registry.model.domain.Domain;
+import google.registry.util.DateTimeUtils;
+import java.util.Optional;
+import org.joda.time.DateTime;
+
+/**
+ * Functionally-static loading cache that keeps track of deletion (AKA drop) times for domains.
+ *
+ * <p>Some domain names may have many create requests issued shortly before (and directly after) the
+ * name is released due to a previous registrant deleting it. In those cases, caching the deletion
+ * time of the existing domain allows us to short-circuit the request and avoid any load on the
+ * database checking the existing domain (at least, in cases where the request hits a particular
+ * node more than once).
+ *
+ * <p>The cache is fairly short-lived (as we're concerned about many requests at basically the same
+ * time), and entries also expire when the drop actually happens. If the domain is re-created after
+ * a drop, the next load attempt will populate the cache with a deletion time of END_OF_TIME, which
+ * will be read from the cache by subsequent attempts.
+ *
+ * <p>We take advantage of the fact that Caffeine caches don't store nulls returned from the
+ * CacheLoader, so a null result (meaning the domain doesn't exist) won't affect future calls (this
+ * avoids a stale-cache situation where the cache "thinks" the domain doesn't exist, but it does).
+ * Put another way, if a domain really doesn't exist, we'll re-attempt the database load every time.
+ *
+ * <p>We don't explicitly set the cache inside domain create/delete flows, in case the transaction
+ * fails at commit time. It's better to have stale data, or to require an additional database load,
+ * than to have incorrect data.
+ *
+ * <p>Note: this should be injected as a singleton -- it's essentially static, but we have it as a
+ * non-static object for concurrent testing purposes.
+ */
+public class DomainDeletionTimeCache {
+
+  // Max expiry time is ten minutes
+  private static final long NANOS_IN_ONE_MILLISECOND = 100000L;
+  private static final long MAX_EXPIRY_NANOS = 10L * 60L * 1000L * NANOS_IN_ONE_MILLISECOND;
+  private static final int MAX_ENTRIES = 500;
+
+  /**
+   * Expire after the max duration, or after the domain is set to drop (whichever comes first).
+   *
+   * <p>If the domain has already been deleted (the deletion time is <= now), the entry will
+   * immediately be expired/removed.
+   *
+   * <p>NB: the Expiry class requires the return value in <b>nanoseconds</b>, not milliseconds
+   */
+  private static final Expiry<String, DateTime> EXPIRY_POLICY =
+      new Expiry<>() {
+        @Override
+        public long expireAfterCreate(String key, DateTime value, long currentTime) {
+          // Watch out for Long overflow
+          long deletionTimeNanos =
+              value.equals(DateTimeUtils.END_OF_TIME)
+                  ? Long.MAX_VALUE
+                  : value.getMillis() * NANOS_IN_ONE_MILLISECOND;
+          long nanosUntilDeletion = deletionTimeNanos - currentTime;
+          return Math.max(0L, Math.min(MAX_EXPIRY_NANOS, nanosUntilDeletion));
+        }
+
+        /** Reset the time entirely on update, as if we were creating the entry anew. */
+        @Override
+        public long expireAfterUpdate(
+            String key, DateTime value, long currentTime, long currentDuration) {
+          return expireAfterCreate(key, value, currentTime);
+        }
+
+        /** Reads do not change the expiry duration. */
+        @Override
+        public long expireAfterRead(
+            String key, DateTime value, long currentTime, long currentDuration) {
+          return currentDuration;
+        }
+      };
+
+  /** Attempt to load the domain's deletion time if the domain exists. */
+  private static final CacheLoader<String, DateTime> CACHE_LOADER =
+      (domainName) -> {
+        ForeignKeyUtils.MostRecentResource mostRecentResource =
+            ForeignKeyUtils.loadMostRecentResources(
+                    Domain.class, ImmutableSet.of(domainName), false)
+                .get(domainName);
+        return mostRecentResource == null ? null : mostRecentResource.deletionTime();
+      };
+
+  // Unfortunately, maintenance tasks aren't necessarily already in a transaction
+  private static final Ticker TRANSACTION_TIME_TICKER =
+      () -> tm().reTransact(() -> tm().getTransactionTime().getMillis() * NANOS_IN_ONE_MILLISECOND);
+
+  public static DomainDeletionTimeCache create() {
+    return new DomainDeletionTimeCache(
+        Caffeine.newBuilder()
+            .ticker(TRANSACTION_TIME_TICKER)
+            .expireAfter(EXPIRY_POLICY)
+            .maximumSize(MAX_ENTRIES)
+            .build(CACHE_LOADER));
+  }
+
+  private final LoadingCache<String, DateTime> cache;
+
+  private DomainDeletionTimeCache(LoadingCache<String, DateTime> cache) {
+    this.cache = cache;
+  }
+
+  /** Returns the domain's deletion time, or null if it doesn't currently exist. */
+  public Optional<DateTime> getDeletionTimeForDomain(String domainName) {
+    return Optional.ofNullable(cache.get(domainName));
+  }
+}