Nashorn to GraalVM Migration

[kevin-mcgoldrick]

Summary

Migrates the JavaScript engine from Nashorn (org.openjdk.nashorn:nashorn-core:15.7) to GraalVM JS (org.graalvm.polyglot:*:25.0.2). Nashorn was removed from the JDK in Java 15 and the standalone Nashorn project has limited maintenance; GraalVM JS is the actively maintained successor with better ECMAScript compliance and performance.

What changed

New factory class — JsEngineFactory (tools/script_engine):

• Centralizes JS engine creation behind JsEngineFactory.createJsEngine()
• Creates a GraalVM GraalJSScriptEngine with restricted host access — only com.intuit.tank.script.models.* and java.util.* are accessible from user scripts, blocking dangerous classes like Runtime and ProcessBuilder
• Enables js.nashorn-compat mode so existing scripts using load("nashorn:mozilla_compat.js") and importPackage() continue to work
• Falls back to the JVM's default JSR-223 engine if GraalVM is not on the classpath
• Returns a new engine per call (GraalVM contexts cannot be safely reused after evaluation)

Callers updated (3 files):

• LogicRunner.java — agent harness logic step execution
• ExternalScript.java — external script filter engine resolution (.js extension → GraalVM, other extensions → ScriptEngineManager fallback)
• LogicStepEditor.java — web UI script testing

ConfiguredLanguage engine factory references (2 files):

• tools/agent_debugger and tools/script_filter — updated factory class name from Nashorn/Rhino to GraalJSScriptEngineFactory

Dependency changes (9 pom.xml files):

• Replaced org.openjdk.nashorn:nashorn-core with three GraalVM artifacts: org.graalvm.polyglot:polyglot, org.graalvm.polyglot:js-community (pom, runtime), org.graalvm.js:js-scriptengine
• Added script-engine dependency to data_model (for JsEngineFactory in ExternalScript)
• Versions managed in parent pom at 25.0.2

Tests — new ScriptRunnerTest (11 tests) in tools/script_engine:

• Verifies GraalVM engine is detected and used
• Tests simple/complex script execution, input/output binding, exception propagation
• Validates host class access allowlist (Tank model classes permitted, Runtime/ProcessBuilder/File/URL blocked)
• Runs an existing scriptFilter.js that uses nashorn:mozilla_compat.js and importPackage() to confirm backward compatibility

Impact

• WAR size increase — GraalVM JS runtime is significantly larger than Nashorn (~50MB+ of polyglot JARs)
• Backward compatible — nashorn-compat mode preserves existing script behavior
• Security improvement — host class allowlist restricts script-accessible Java APIs

Test plan

• ScriptRunnerTest — 11 tests verifying GraalVM JS engine, script execution, and security restrictions
• Existing script filters using importPackage(com.intuit.tank.script.models) continue to work
• Manual: verify agent harness logic steps execute correctly with GraalVM
• Manual: verify web UI "Test Script" button in logic step editor works
• Manual: verify external script filters with .js extension run correctly
• Verify WAR file size is acceptable for deployment

🤖 Generated with Claude Code