Switch to endive

Readme.md

@@ -19,7 +19,7 @@ Whether you're embedding scripting capabilities or isolating untrusted code, Qui
 There are a few steps to achieve the result:
 
 - compile QuickJS to [WebAssembly](https://webassembly.org/)
-- translate the QuickJS  payload to pure Java bytecode using [Chicory Compiler](https://chicory.dev/docs/usage/build-time-compiler)
+- translate the QuickJS  payload to pure Java bytecode using [Endive Compiler](https://endive.run/docs/usage/build-time-compiler)
 - run QuickJS directly from Java without using JNI
 - ship an extremely small and self contained `jar` that can run wherever the JVM can go!
 
@@ -257,4 +257,4 @@ This project stands on the shoulders of giants:
 
 * [QuickJS](https://bellard.org/quickjs/) – a small, embeddable JavaScript engine
 * [Javy](https://github.com/bytecodealliance/javy) – a toolchain for compiling JavaScript to WebAssembly
-* [Chicory](https://chicory.dev/) – a native JVM WebAssembly runtime
+* [Endive](https://endive.run/) – a native JVM WebAssembly runtime

core/pom.xml

@@ -14,23 +14,23 @@
   <name>QuickJs4J</name>
 
   <dependencies>
-    <dependency>
-      <groupId>com.dylibso.chicory</groupId>
-      <artifactId>runtime</artifactId>
-      <version>${chicory.version}</version>
-    </dependency>
-    <dependency>
-      <groupId>com.dylibso.chicory</groupId>
-      <artifactId>wasi</artifactId>
-      <version>${chicory.version}</version>
-    </dependency>
 
     <!-- Jackson used for function arg/return ser/deser -->
     <dependency>
       <groupId>com.fasterxml.jackson.core</groupId>
       <artifactId>jackson-databind</artifactId>
       <version>${jackson.version}</version>
     </dependency>
+    <dependency>
+      <groupId>run.endive</groupId>
+      <artifactId>runtime</artifactId>
+      <version>${endive.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>run.endive</groupId>
+      <artifactId>wasi</artifactId>
+      <version>${endive.version}</version>
+    </dependency>
 
     <!-- ============= Testing ============= -->
     <dependency>
@@ -55,24 +55,6 @@
 
   <build>
     <plugins>
-      <plugin>
-        <groupId>com.dylibso.chicory</groupId>
-        <artifactId>chicory-compiler-maven-plugin</artifactId>
-        <version>${chicory.version}</version>
-        <executions>
-          <execution>
-            <id>javy-plugin</id>
-            <goals>
-              <goal>compile</goal>
-            </goals>
-            <configuration>
-              <name>io.roastedroot.quickjs4j.core.JavyPluginModule</name>
-              <wasmFile>../javy_quickjs4j_plugin.wasm</wasmFile>
-              <moduleInterface>io.roastedroot.quickjs4j.core.Engine</moduleInterface>
-            </configuration>
-          </execution>
-        </executions>
-      </plugin>
 
       <plugin>
         <groupId>org.apache.maven.plugins</groupId>
@@ -100,6 +82,24 @@
           </execution>
         </executions>
       </plugin>
+      <plugin>
+        <groupId>run.endive</groupId>
+        <artifactId>endive-compiler-maven-plugin</artifactId>
+        <version>${endive.version}</version>
+        <executions>
+          <execution>
+            <id>javy-plugin</id>
+            <goals>
+              <goal>compile</goal>
+            </goals>
+            <configuration>
+              <name>io.roastedroot.quickjs4j.core.JavyPluginModule</name>
+              <wasmFile>../javy_quickjs4j_plugin.wasm</wasmFile>
+              <moduleInterface>io.roastedroot.quickjs4j.core.Engine</moduleInterface>
+            </configuration>
+          </execution>
+        </executions>
+      </plugin>
 
     </plugins>
   </build>

core/src/main/java/io/roastedroot/quickjs4j/core/Engine.java

@@ -2,18 +2,6 @@
 
 import static java.nio.charset.StandardCharsets.UTF_8;
 
-import com.dylibso.chicory.log.Logger;
-import com.dylibso.chicory.log.SystemLogger;
-import com.dylibso.chicory.runtime.ByteArrayMemory;
-import com.dylibso.chicory.runtime.HostFunction;
-import com.dylibso.chicory.runtime.ImportValues;
-import com.dylibso.chicory.runtime.Instance;
-import com.dylibso.chicory.runtime.Memory;
-import com.dylibso.chicory.runtime.TrapException;
-import com.dylibso.chicory.wasi.WasiOptions;
-import com.dylibso.chicory.wasi.WasiPreview1;
-import com.dylibso.chicory.wasm.types.MemoryLimits;
-import com.dylibso.chicory.wasm.types.ValueType;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.ObjectMapper;
@@ -24,6 +12,18 @@
 import java.util.List;
 import java.util.Map;
 import java.util.function.Function;
+import run.endive.log.Logger;
+import run.endive.log.SystemLogger;
+import run.endive.runtime.ByteArrayMemory;
+import run.endive.runtime.HostFunction;
+import run.endive.runtime.ImportValues;
+import run.endive.runtime.Instance;
+import run.endive.runtime.Memory;
+import run.endive.runtime.TrapException;
+import run.endive.wasi.WasiOptions;
+import run.endive.wasi.WasiPreview1;
+import run.endive.wasm.types.MemoryLimits;
+import run.endive.wasm.types.ValueType;
 
 public final class Engine implements AutoCloseable {
     private static final int ALIGNMENT = 1;
@@ -314,7 +314,7 @@ private long[] invokeBuiltin(Instance instance, long[] args) {
 
     private final HostFunction invokeFn =
             new HostFunction(
-                    "chicory",
+                    "endive",
                     "invoke",
                     List.of(
                             ValueType.I32,

it/pom.xml

@@ -32,7 +32,7 @@
         <configuration>
           <systemPropertyVariables>
             <itDir>${project.basedir}</itDir>
-            <chicoryVersion>${project.version}</chicoryVersion>
+            <endiveVersion>${project.version}</endiveVersion>
           </systemPropertyVariables>
         </configuration>
         <executions>

it/src/it/hello-js/src/test/java/io/roastedroot/js/test/HelloJsTest.java

@@ -1,4 +1,4 @@
-package chicory.test;
+package io.roastedroot.js.test;
 
 import static org.junit.jupiter.api.Assertions.assertArrayEquals;
 import static org.junit.jupiter.api.Assertions.assertEquals;

it/src/it/script-interface-generics/src/test/java/io/roastedroot/js/test/ScriptInterfaceGenericsTest.java

@@ -1,4 +1,4 @@
-package chicory.test;
+package io.roastedroot.js.test;
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertTrue;

it/src/it/script-interface-no-context/src/test/java/io/roastedroot/js/test/ScriptInterfaceTest.java

@@ -1,4 +1,4 @@
-package chicory.test;
+package io.roastedroot.js.test;
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
 

it/src/it/script-interface/src/test/java/io/roastedroot/js/test/ScriptInterfaceTest.java

@@ -1,4 +1,4 @@
-package chicory.test;
+package io.roastedroot.js.test;
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertThrows;

javy-plugin/src/lib.rs

@@ -2,10 +2,10 @@ extern crate javy_plugin_api;
 use javy_plugin_api::{import_namespace, javy::quickjs::prelude::Func, Config};
 use std::alloc::{alloc, dealloc, Layout};
 
-import_namespace!("chicory_plugin");
+import_namespace!("endive_plugin");
 
-mod chicory_imports {
-    #[link(wasm_import_module = "chicory")]
+mod endive_imports {
+    #[link(wasm_import_module = "endive")]
     extern "C" {
         pub fn invoke(
             module_str_ptr: *const u8,
@@ -31,7 +31,7 @@ fn invoke_exec(module_str: String, name_str: String, args_str: String) -> String
     let args_bytes: &[u8] = args_str.as_bytes();
 
     let return_str = unsafe {
-        let wide_ptr = chicory_imports::invoke(
+        let wide_ptr = endive_imports::invoke(
             module_bytes.as_ptr(),
             module_bytes.len(),
             name_bytes.as_ptr(),

pom.xml

@@ -68,7 +68,7 @@
     <junit.version>5.14.4</junit.version>
 
     <!-- runtime versions -->
-    <chicory.version>1.7.5</chicory.version>
+    <endive.version>1.0.0</endive.version>
     <jackson.version>2.21.3</jackson.version>
     <javaparser.version>3.28.2</javaparser.version>
   </properties>

scripting/pom.xml

@@ -63,9 +63,9 @@
         <configuration>
           <annotationProcessorPaths>
             <path>
-              <groupId>com.dylibso.chicory</groupId>
+              <groupId>run.endive</groupId>
               <artifactId>annotations-processor</artifactId>
-              <version>${chicory.version}</version>
+              <version>${endive.version}</version>
             </path>
           </annotationProcessorPaths>
         </configuration>

threat-model/QuickJs4J_ThreatModel_20251125_094010.md

@@ -32,7 +32,7 @@ The threat model for QuickJs4J identifies critical vulnerabilities at the bounda
 | --------- | -------------- | ------------------------------------------------------------------------- | ----------------- |
 | asset-001 | Confidential   | The QuickJS `Engine` instance managing the Wasm runtime.                  | QuickJs4J Library |
 | asset-002 | Confidential   | The `Runner`, a high-level API for executing JS code with timeouts.       | QuickJs4J Library |
-| asset-003 | Confidential   | The Wasm runtime (Chicory) that executes the QuickJS binary.              | QuickJs4J Library |
+| asset-003 | Confidential   | The Wasm runtime (Endive) that executes the QuickJS binary.               | QuickJs4J Library |
 | asset-004 | Restricted     | The compiled QuickJS engine in WebAssembly format.                        | QuickJs4J Library |
 | asset-005 | Confidential   | Untrusted JavaScript code provided by the end-user/integrator.            | Integrator        |
 | asset-006 | Restricted     | The host Java application that integrates and uses the QuickJs4J library. | Integrator        |

threat-model/Readme.md

@@ -3,7 +3,7 @@
 In this folder you can find the results produced by an automated threat-modelling tool (`rapidinsights`).
 These outputs have been reviewed and processed by humans, and should be used to derive clear, actionable security improvements.
 
-Please treat these results as guidance for identifying risks, prioritizing mitigations, and strengthening the overall security of the system when integrating Chicory in a project.
+Please treat these results as guidance for identifying risks, prioritizing mitigations, and strengthening the overall security of the system when integrating Endive in a project.
 
 ## Generation