wallet-cli: benchmarking

7 files changed, 4704 insertions, 0 deletions

diff --git a/packages/taler-wallet-cli/src/harness/denomStructures.ts b/packages/taler-wallet-cli/src/harness/denomStructures.ts
new file mode 100644
index 000000000..5ab9aca00
--- /dev/null
+++ b/packages/taler-wallet-cli/src/harness/denomStructures.ts
@@ -0,0 +1,151 @@
+/*
+ This file is part of GNU Taler
+ (C) 2020 Taler Systems S.A.
+
+ GNU Taler is free software; you can redistribute it and/or modify it under the
+ terms of the GNU General Public License as published by the Free Software
+ Foundation; either version 3, or (at your option) any later version.
+
+ GNU Taler is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along with
+ GNU Taler; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
+ */
+
+export interface CoinConfig {
+  name: string;
+  value: string;
+  durationWithdraw: string;
+  durationSpend: string;
+  durationLegal: string;
+  feeWithdraw: string;
+  feeDeposit: string;
+  feeRefresh: string;
+  feeRefund: string;
+  rsaKeySize: number;
+}
+
+const coinCommon = {
+  durationLegal: "3 years",
+  durationSpend: "2 years",
+  durationWithdraw: "7 days",
+  rsaKeySize: 1024,
+};
+
+export const coin_ct1 = (curr: string): CoinConfig => ({
+  ...coinCommon,
+  name: `${curr}_ct1`,
+  value: `${curr}:0.01`,
+  feeDeposit: `${curr}:0.00`,
+  feeRefresh: `${curr}:0.01`,
+  feeRefund: `${curr}:0.00`,
+  feeWithdraw: `${curr}:0.01`,
+});
+
+export const coin_ct10 = (curr: string): CoinConfig => ({
+  ...coinCommon,
+  name: `${curr}_ct10`,
+  value: `${curr}:0.10`,
+  feeDeposit: `${curr}:0.01`,
+  feeRefresh: `${curr}:0.01`,
+  feeRefund: `${curr}:0.00`,
+  feeWithdraw: `${curr}:0.01`,
+});
+
+export const coin_u1 = (curr: string): CoinConfig => ({
+  ...coinCommon,
+  name: `${curr}_u1`,
+  value: `${curr}:1`,
+  feeDeposit: `${curr}:0.02`,
+  feeRefresh: `${curr}:0.02`,
+  feeRefund: `${curr}:0.02`,
+  feeWithdraw: `${curr}:0.02`,
+});
+
+export const coin_u2 = (curr: string): CoinConfig => ({
+  ...coinCommon,
+  name: `${curr}_u2`,
+  value: `${curr}:2`,
+  feeDeposit: `${curr}:0.02`,
+  feeRefresh: `${curr}:0.02`,
+  feeRefund: `${curr}:0.02`,
+  feeWithdraw: `${curr}:0.02`,
+});
+
+export const coin_u4 = (curr: string): CoinConfig => ({
+  ...coinCommon,
+  name: `${curr}_u4`,
+  value: `${curr}:4`,
+  feeDeposit: `${curr}:0.02`,
+  feeRefresh: `${curr}:0.02`,
+  feeRefund: `${curr}:0.02`,
+  feeWithdraw: `${curr}:0.02`,
+});
+
+export const coin_u8 = (curr: string): CoinConfig => ({
+  ...coinCommon,
+  name: `${curr}_u8`,
+  value: `${curr}:8`,
+  feeDeposit: `${curr}:0.16`,
+  feeRefresh: `${curr}:0.16`,
+  feeRefund: `${curr}:0.16`,
+  feeWithdraw: `${curr}:0.16`,
+});
+
+const coin_u10 = (curr: string): CoinConfig => ({
+  ...coinCommon,
+  name: `${curr}_u10`,
+  value: `${curr}:10`,
+  feeDeposit: `${curr}:0.2`,
+  feeRefresh: `${curr}:0.2`,
+  feeRefund: `${curr}:0.2`,
+  feeWithdraw: `${curr}:0.2`,
+});
+
+export const defaultCoinConfig = [
+  coin_ct1,
+  coin_ct10,
+  coin_u1,
+  coin_u2,
+  coin_u4,
+  coin_u8,
+  coin_u10,
+];
+
+const coinCheapCommon = (curr: string) => ({
+  durationLegal: "3 years",
+  durationSpend: "2 years",
+  durationWithdraw: "7 days",
+  rsaKeySize: 1024,
+  feeRefresh: `${curr}:0.2`,
+  feeRefund: `${curr}:0.2`,
+  feeWithdraw: `${curr}:0.2`,
+});
+
+export function makeNoFeeCoinConfig(curr: string): CoinConfig[] {
+  const cc: CoinConfig[] = [];
+
+  for (let i = 0; i < 16; i++) {
+    const ct = 2 ** i;
+
+    const unit = Math.floor(ct / 100);
+    const cent = ct % 100;
+
+    cc.push({
+      durationLegal: "3 years",
+      durationSpend: "2 years",
+      durationWithdraw: "7 days",
+      rsaKeySize: 1024,
+      name: `${curr}-u${i}`,
+      feeDeposit: `${curr}:0`,
+      feeRefresh: `${curr}:0`,
+      feeRefund: `${curr}:0`,
+      feeWithdraw: `${curr}:0`,
+      value: `${curr}:${unit}.${cent}`,
+    });
+  }
+
+  return cc;
+}
diff --git a/packages/taler-wallet-cli/src/harness/faultInjection.ts b/packages/taler-wallet-cli/src/harness/faultInjection.ts
new file mode 100644
index 000000000..4c3d0c123
--- /dev/null
+++ b/packages/taler-wallet-cli/src/harness/faultInjection.ts
@@ -0,0 +1,256 @@
+/*
+ This file is part of GNU Taler
+ (C) 2020 Taler Systems S.A.
+
+ GNU Taler is free software; you can redistribute it and/or modify it under the
+ terms of the GNU General Public License as published by the Free Software
+ Foundation; either version 3, or (at your option) any later version.
+
+ GNU Taler is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along with
+ GNU Taler; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
+ */
+
+/**
+ * Fault injection proxy.
+ *
+ * @author Florian Dold <dold@taler.net>
+ */
+
+/**
+ * Imports
+ */
+import * as http from "http";
+import { URL } from "url";
+import {
+  GlobalTestState,
+  ExchangeService,
+  ExchangeServiceInterface,
+  MerchantServiceInterface,
+  MerchantService,
+} from "../harness/harness.js";
+
+export interface FaultProxyConfig {
+  inboundPort: number;
+  targetPort: number;
+}
+
+/**
+ * Fault injection context.  Modified by fault injection functions.
+ */
+export interface FaultInjectionRequestContext {
+  requestUrl: string;
+  method: string;
+  requestHeaders: Record<string, string | string[] | undefined>;
+  requestBody?: Buffer;
+  dropRequest: boolean;
+}
+
+export interface FaultInjectionResponseContext {
+  request: FaultInjectionRequestContext;
+  statusCode: number;
+  responseHeaders: Record<string, string | string[] | undefined>;
+  responseBody: Buffer | undefined;
+  dropResponse: boolean;
+}
+
+export interface FaultSpec {
+  modifyRequest?: (ctx: FaultInjectionRequestContext) => Promise<void>;
+  modifyResponse?: (ctx: FaultInjectionResponseContext) => Promise<void>;
+}
+
+export class FaultProxy {
+  constructor(
+    private globalTestState: GlobalTestState,
+    private faultProxyConfig: FaultProxyConfig,
+  ) {}
+
+  private currentFaultSpecs: FaultSpec[] = [];
+
+  start() {
+    const server = http.createServer((req, res) => {
+      const requestChunks: Buffer[] = [];
+      const requestUrl = `http://localhost:${this.faultProxyConfig.inboundPort}${req.url}`;
+      console.log("request for", new URL(requestUrl));
+      req.on("data", (chunk) => {
+        requestChunks.push(chunk);
+      });
+      req.on("end", async () => {
+        console.log("end of data");
+        let requestBuffer: Buffer | undefined;
+        if (requestChunks.length > 0) {
+          requestBuffer = Buffer.concat(requestChunks);
+        }
+        console.log("full request body", requestBuffer);
+
+        const faultReqContext: FaultInjectionRequestContext = {
+          dropRequest: false,
+          method: req.method!!,
+          requestHeaders: req.headers,
+          requestUrl,
+          requestBody: requestBuffer,
+        };
+
+        for (const faultSpec of this.currentFaultSpecs) {
+          if (faultSpec.modifyRequest) {
+            await faultSpec.modifyRequest(faultReqContext);
+          }
+        }
+
+        if (faultReqContext.dropRequest) {
+          res.destroy();
+          return;
+        }
+
+        const faultedUrl = new URL(faultReqContext.requestUrl);
+
+        const proxyRequest = http.request({
+          method: faultReqContext.method,
+          host: "localhost",
+          port: this.faultProxyConfig.targetPort,
+          path: faultedUrl.pathname + faultedUrl.search,
+          headers: faultReqContext.requestHeaders,
+        });
+
+        console.log(
+          `proxying request to target path '${
+            faultedUrl.pathname + faultedUrl.search
+          }'`,
+        );
+
+        if (faultReqContext.requestBody) {
+          proxyRequest.write(faultReqContext.requestBody);
+        }
+        proxyRequest.end();
+        proxyRequest.on("response", (proxyResp) => {
+          console.log("gotten response from target", proxyResp.statusCode);
+          const respChunks: Buffer[] = [];
+          proxyResp.on("data", (proxyRespData) => {
+            respChunks.push(proxyRespData);
+          });
+          proxyResp.on("end", async () => {
+            console.log("end of target response");
+            let responseBuffer: Buffer | undefined;
+            if (respChunks.length > 0) {
+              responseBuffer = Buffer.concat(respChunks);
+            }
+            const faultRespContext: FaultInjectionResponseContext = {
+              request: faultReqContext,
+              dropResponse: false,
+              responseBody: responseBuffer,
+              responseHeaders: proxyResp.headers,
+              statusCode: proxyResp.statusCode!!,
+            };
+            for (const faultSpec of this.currentFaultSpecs) {
+              const modResponse = faultSpec.modifyResponse;
+              if (modResponse) {
+                await modResponse(faultRespContext);
+              }
+            }
+            if (faultRespContext.dropResponse) {
+              req.destroy();
+              return;
+            }
+            if (faultRespContext.responseBody) {
+              // We must accommodate for potentially changed content length
+              faultRespContext.responseHeaders[
+                "content-length"
+              ] = `${faultRespContext.responseBody.byteLength}`;
+            }
+            console.log("writing response head");
+            res.writeHead(
+              faultRespContext.statusCode,
+              http.STATUS_CODES[faultRespContext.statusCode],
+              faultRespContext.responseHeaders,
+            );
+            if (faultRespContext.responseBody) {
+              res.write(faultRespContext.responseBody);
+            }
+            res.end();
+          });
+        });
+      });
+    });
+
+    server.listen(this.faultProxyConfig.inboundPort);
+    this.globalTestState.servers.push(server);
+  }
+
+  addFault(f: FaultSpec) {
+    this.currentFaultSpecs.push(f);
+  }
+
+  clearAllFaults() {
+    this.currentFaultSpecs = [];
+  }
+}
+
+export class FaultInjectedExchangeService implements ExchangeServiceInterface {
+  baseUrl: string;
+  port: number;
+  faultProxy: FaultProxy;
+
+  get name(): string {
+    return this.innerExchange.name;
+  }
+
+  get masterPub(): string {
+    return this.innerExchange.masterPub;
+  }
+
+  private innerExchange: ExchangeService;
+
+  constructor(
+    t: GlobalTestState,
+    e: ExchangeService,
+    proxyInboundPort: number,
+  ) {
+    this.innerExchange = e;
+    this.faultProxy = new FaultProxy(t, {
+      inboundPort: proxyInboundPort,
+      targetPort: e.port,
+    });
+    this.faultProxy.start();
+
+    const exchangeUrl = new URL(e.baseUrl);
+    exchangeUrl.port = `${proxyInboundPort}`;
+    this.baseUrl = exchangeUrl.href;
+    this.port = proxyInboundPort;
+  }
+}
+
+export class FaultInjectedMerchantService implements MerchantServiceInterface {
+  baseUrl: string;
+  port: number;
+  faultProxy: FaultProxy;
+
+  get name(): string {
+    return this.innerMerchant.name;
+  }
+
+  private innerMerchant: MerchantService;
+  private inboundPort: number;
+
+  constructor(
+    t: GlobalTestState,
+    m: MerchantService,
+    proxyInboundPort: number,
+  ) {
+    this.innerMerchant = m;
+    this.faultProxy = new FaultProxy(t, {
+      inboundPort: proxyInboundPort,
+      targetPort: m.port,
+    });
+    this.faultProxy.start();
+    this.inboundPort = proxyInboundPort;
+  }
+
+  makeInstanceBaseUrl(instanceName?: string | undefined): string {
+    const url = new URL(this.innerMerchant.makeInstanceBaseUrl(instanceName));
+    url.port = `${this.inboundPort}`;
+    return url.href;
+  }
+}
diff --git a/packages/taler-wallet-cli/src/harness/harness.ts b/packages/taler-wallet-cli/src/harness/harness.ts
new file mode 100644
index 000000000..b4ac16dbf
--- /dev/null
+++ b/packages/taler-wallet-cli/src/harness/harness.ts
@@ -0,0 +1,1779 @@
+/*
+ This file is part of GNU Taler
+ (C) 2020 Taler Systems S.A.
+
+ GNU Taler is free software; you can redistribute it and/or modify it under the
+ terms of the GNU General Public License as published by the Free Software
+ Foundation; either version 3, or (at your option) any later version.
+
+ GNU Taler is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along with
+ GNU Taler; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
+ */
+
+/**
+ * Test harness for various GNU Taler components.
+ * Also provides a fault-injection proxy.
+ *
+ * @author Florian Dold <dold@taler.net>
+ */
+
+/**
+ * Imports
+ */
+import * as util from "util";
+import * as fs from "fs";
+import * as path from "path";
+import * as http from "http";
+import * as readline from "readline";
+import { deepStrictEqual } from "assert";
+import { ChildProcess, spawn } from "child_process";
+import { URL } from "url";
+import axios, { AxiosError } from "axios";
+import {
+  codecForMerchantOrderPrivateStatusResponse,
+  codecForPostOrderResponse,
+  PostOrderRequest,
+  PostOrderResponse,
+  MerchantOrderPrivateStatusResponse,
+  TippingReserveStatus,
+  TipCreateConfirmation,
+  TipCreateRequest,
+  MerchantInstancesResponse,
+} from "./merchantApiTypes";
+import {
+  openPromise,
+  OperationFailedError,
+  WalletCoreApiClient,
+} from "@gnu-taler/taler-wallet-core";
+import {
+  AmountJson,
+  Amounts,
+  Configuration,
+  AmountString,
+  Codec,
+  buildCodecForObject,
+  codecForString,
+  Duration,
+  parsePaytoUri,
+  CoreApiResponse,
+  createEddsaKeyPair,
+  eddsaGetPublic,
+  EddsaKeyPair,
+  encodeCrock,
+  getRandomBytes,
+} from "@gnu-taler/taler-util";
+import { CoinConfig } from "./denomStructures.js";
+
+const exec = util.promisify(require("child_process").exec);
+
+export async function delayMs(ms: number): Promise<void> {
+  return new Promise((resolve, reject) => {
+    setTimeout(() => resolve(), ms);
+  });
+}
+
+export interface WithAuthorization {
+  Authorization?: string;
+}
+
+interface WaitResult {
+  code: number | null;
+  signal: NodeJS.Signals | null;
+}
+
+/**
+ * Run a shell command, return stdout.
+ */
+export async function sh(
+  t: GlobalTestState,
+  logName: string,
+  command: string,
+  env: { [index: string]: string | undefined } = process.env,
+): Promise<string> {
+  console.log("running command", command);
+  return new Promise((resolve, reject) => {
+    const stdoutChunks: Buffer[] = [];
+    const proc = spawn(command, {
+      stdio: ["inherit", "pipe", "pipe"],
+      shell: true,
+      env: env,
+    });
+    proc.stdout.on("data", (x) => {
+      if (x instanceof Buffer) {
+        stdoutChunks.push(x);
+      } else {
+        throw Error("unexpected data chunk type");
+      }
+    });
+    const stderrLogFileName = path.join(t.testDir, `${logName}-stderr.log`);
+    const stderrLog = fs.createWriteStream(stderrLogFileName, {
+      flags: "a",
+    });
+    proc.stderr.pipe(stderrLog);
+    proc.on("exit", (code, signal) => {
+      console.log(`child process exited (${code} / ${signal})`);
+      if (code != 0) {
+        reject(Error(`Unexpected exit code ${code} for '${command}'`));
+        return;
+      }
+      const b = Buffer.concat(stdoutChunks).toString("utf-8");
+      resolve(b);
+    });
+    proc.on("error", () => {
+      reject(Error("Child process had error"));
+    });
+  });
+}
+
+function shellescape(args: string[]) {
+  const ret = args.map((s) => {
+    if (/[^A-Za-z0-9_\/:=-]/.test(s)) {
+      s = "'" + s.replace(/'/g, "'\\''") + "'";
+      s = s.replace(/^(?:'')+/g, "").replace(/\\'''/g, "\\'");
+    }
+    return s;
+  });
+  return ret.join(" ");
+}
+
+/**
+ * Run a shell command, return stdout.
+ *
+ * Log stderr to a log file.
+ */
+export async function runCommand(
+  t: GlobalTestState,
+  logName: string,
+  command: string,
+  args: string[],
+  env: { [index: string]: string | undefined } = process.env,
+): Promise<string> {
+  console.log("running command", shellescape([command, ...args]));
+  return new Promise((resolve, reject) => {
+    const stdoutChunks: Buffer[] = [];
+    const proc = spawn(command, args, {
+      stdio: ["inherit", "pipe", "pipe"],
+      shell: false,
+      env: env,
+    });
+    proc.stdout.on("data", (x) => {
+      if (x instanceof Buffer) {
+        stdoutChunks.push(x);
+      } else {
+        throw Error("unexpected data chunk type");
+      }
+    });
+    const stderrLogFileName = path.join(t.testDir, `${logName}-stderr.log`);
+    const stderrLog = fs.createWriteStream(stderrLogFileName, {
+      flags: "a",
+    });
+    proc.stderr.pipe(stderrLog);
+    proc.on("exit", (code, signal) => {
+      console.log(`child process exited (${code} / ${signal})`);
+      if (code != 0) {
+        reject(Error(`Unexpected exit code ${code} for '${command}'`));
+        return;
+      }
+      const b = Buffer.concat(stdoutChunks).toString("utf-8");
+      resolve(b);
+    });
+    proc.on("error", () => {
+      reject(Error("Child process had error"));
+    });
+  });
+}
+
+export class ProcessWrapper {
+  private waitPromise: Promise<WaitResult>;
+  constructor(public proc: ChildProcess) {
+    this.waitPromise = new Promise((resolve, reject) => {
+      proc.on("exit", (code, signal) => {
+        resolve({ code, signal });
+      });
+      proc.on("error", (err) => {
+        reject(err);
+      });
+    });
+  }
+
+  wait(): Promise<WaitResult> {
+    return this.waitPromise;
+  }
+}
+
+export class GlobalTestParams {
+  testDir: string;
+}
+
+export class GlobalTestState {
+  testDir: string;
+  procs: ProcessWrapper[];
+  servers: http.Server[];
+  inShutdown: boolean = false;
+  constructor(params: GlobalTestParams) {
+    this.testDir = params.testDir;
+    this.procs = [];
+    this.servers = [];
+  }
+
+  async assertThrowsOperationErrorAsync(
+    block: () => Promise<void>,
+  ): Promise<OperationFailedError> {
+    try {
+      await block();
+    } catch (e) {
+      if (e instanceof OperationFailedError) {
+        return e;
+      }
+      throw Error(`expected OperationFailedError to be thrown, but got ${e}`);
+    }
+    throw Error(
+      `expected OperationFailedError to be thrown, but block finished without throwing`,
+    );
+  }
+
+  async assertThrowsAsync(block: () => Promise<void>): Promise<any> {
+    try {
+      await block();
+    } catch (e) {
+      return e;
+    }
+    throw Error(
+      `expected exception to be thrown, but block finished without throwing`,
+    );
+  }
+
+  assertAxiosError(e: any): asserts e is AxiosError {
+    if (!e.isAxiosError) {
+      throw Error("expected axios error");
+    }
+  }
+
+  assertTrue(b: boolean): asserts b {
+    if (!b) {
+      throw Error("test assertion failed");
+    }
+  }
+
+  assertDeepEqual<T>(actual: any, expected: T): asserts actual is T {
+    deepStrictEqual(actual, expected);
+  }
+
+  assertAmountEquals(
+    amtActual: string | AmountJson,
+    amtExpected: string | AmountJson,
+  ): void {
+    if (Amounts.cmp(amtActual, amtExpected) != 0) {
+      throw Error(
+        `test assertion failed: expected ${Amounts.stringify(
+          amtExpected,
+        )} but got ${Amounts.stringify(amtActual)}`,
+      );
+    }
+  }
+
+  assertAmountLeq(a: string | AmountJson, b: string | AmountJson): void {
+    if (Amounts.cmp(a, b) > 0) {
+      throw Error(
+        `test assertion failed: expected ${Amounts.stringify(
+          a,
+        )} to be less or equal (leq) than ${Amounts.stringify(b)}`,
+      );
+    }
+  }
+
+  shutdownSync(): void {
+    for (const s of this.servers) {
+      s.close();
+      s.removeAllListeners();
+    }
+    for (const p of this.procs) {
+      if (p.proc.exitCode == null) {
+        p.proc.kill("SIGTERM");
+      }
+    }
+  }
+
+  spawnService(
+    command: string,
+    args: string[],
+    logName: string,
+    env: { [index: string]: string | undefined } = process.env,
+  ): ProcessWrapper {
+    console.log(
+      `spawning process (${logName}): ${shellescape([command, ...args])}`,
+    );
+    const proc = spawn(command, args, {
+      stdio: ["inherit", "pipe", "pipe"],
+      env: env,
+    });
+    console.log(`spawned process (${logName}) with pid ${proc.pid}`);
+    proc.on("error", (err) => {
+      console.log(`could not start process (${command})`, err);
+    });
+    proc.on("exit", (code, signal) => {
+      console.log(`process ${logName} exited`);
+    });
+    const stderrLogFileName = this.testDir + `/${logName}-stderr.log`;
+    const stderrLog = fs.createWriteStream(stderrLogFileName, {
+      flags: "a",
+    });
+    proc.stderr.pipe(stderrLog);
+    const stdoutLogFileName = this.testDir + `/${logName}-stdout.log`;
+    const stdoutLog = fs.createWriteStream(stdoutLogFileName, {
+      flags: "a",
+    });
+    proc.stdout.pipe(stdoutLog);
+    const procWrap = new ProcessWrapper(proc);
+    this.procs.push(procWrap);
+    return procWrap;
+  }
+
+  async shutdown(): Promise<void> {
+    if (this.inShutdown) {
+      return;
+    }
+    if (shouldLingerInTest()) {
+      console.log("refusing to shut down, lingering was requested");
+      return;
+    }
+    this.inShutdown = true;
+    console.log("shutting down");
+    for (const s of this.servers) {
+      s.close();
+      s.removeAllListeners();
+    }
+    for (const p of this.procs) {
+      if (p.proc.exitCode == null) {
+        console.log("killing process", p.proc.pid);
+        p.proc.kill("SIGTERM");
+        await p.wait();
+      }
+    }
+  }
+}
+
+export function shouldLingerInTest(): boolean {
+  return !!process.env["TALER_TEST_LINGER"];
+}
+
+export interface TalerConfigSection {
+  options: Record<string, string | undefined>;
+}
+
+export interface TalerConfig {
+  sections: Record<string, TalerConfigSection>;
+}
+
+export interface DbInfo {
+  /**
+   * Postgres connection string.
+   */
+  connStr: string;
+
+  dbname: string;
+}
+
+export async function setupDb(gc: GlobalTestState): Promise<DbInfo> {
+  const dbname = "taler-integrationtest";
+  await exec(`dropdb "${dbname}" || true`);
+  await exec(`createdb "${dbname}"`);
+  return {
+    connStr: `postgres:///${dbname}`,
+    dbname,
+  };
+}
+
+export interface BankConfig {
+  currency: string;
+  httpPort: number;
+  database: string;
+  allowRegistrations: boolean;
+  maxDebt?: string;
+}
+
+export interface FakeBankConfig {
+  currency: string;
+  httpPort: number;
+}
+
+function setTalerPaths(config: Configuration, home: string) {
+  config.setString("paths", "taler_home", home);
+  // We need to make sure that the path of taler_runtime_dir isn't too long,
+  // as it contains unix domain sockets (108 character limit).
+  const runDir = fs.mkdtempSync("/tmp/taler-test-");
+  config.setString("paths", "taler_runtime_dir", runDir);
+  config.setString(
+    "paths",
+    "taler_data_home",
+    "$TALER_HOME/.local/share/taler/",
+  );
+  config.setString("paths", "taler_config_home", "$TALER_HOME/.config/taler/");
+  config.setString("paths", "taler_cache_home", "$TALER_HOME/.config/taler/");
+}
+
+function setCoin(config: Configuration, c: CoinConfig) {
+  const s = `coin_${c.name}`;
+  config.setString(s, "value", c.value);
+  config.setString(s, "duration_withdraw", c.durationWithdraw);
+  config.setString(s, "duration_spend", c.durationSpend);
+  config.setString(s, "duration_legal", c.durationLegal);
+  config.setString(s, "fee_deposit", c.feeDeposit);
+  config.setString(s, "fee_withdraw", c.feeWithdraw);
+  config.setString(s, "fee_refresh", c.feeRefresh);
+  config.setString(s, "fee_refund", c.feeRefund);
+  config.setString(s, "rsa_keysize", `${c.rsaKeySize}`);
+}
+
+/**
+ * Send an HTTP request until it succeeds or the
+ * process dies.
+ */
+export async function pingProc(
+  proc: ProcessWrapper | undefined,
+  url: string,
+  serviceName: string,
+): Promise<void> {
+  if (!proc || proc.proc.exitCode !== null) {
+    throw Error(`service process ${serviceName} not started, can't ping`);
+  }
+  while (true) {
+    try {
+      console.log(`pinging ${serviceName}`);
+      const resp = await axios.get(url);
+      console.log(`service ${serviceName} available`);
+      return;
+    } catch (e: any) {
+      console.log(`service ${serviceName} not ready:`, e.toString());
+      await delayMs(1000);
+    }
+    if (!proc || proc.proc.exitCode !== null) {
+      throw Error(`service process ${serviceName} stopped unexpectedly`);
+    }
+  }
+}
+
+export interface HarnessExchangeBankAccount {
+  accountName: string;
+  accountPassword: string;
+  accountPaytoUri: string;
+  wireGatewayApiBaseUrl: string;
+}
+
+export interface BankServiceInterface {
+  readonly baseUrl: string;
+  readonly port: number;
+}
+
+export enum CreditDebitIndicator {
+  Credit = "credit",
+  Debit = "debit",
+}
+
+export interface BankAccountBalanceResponse {
+  balance: {
+    amount: AmountString;
+    credit_debit_indicator: CreditDebitIndicator;
+  };
+}
+
+export namespace BankAccessApi {
+  export async function getAccountBalance(
+    bank: BankServiceInterface,
+    bankUser: BankUser,
+  ): Promise<BankAccountBalanceResponse> {
+    const url = new URL(`accounts/${bankUser.username}`, bank.baseUrl);
+    const resp = await axios.get(url.href, {
+      auth: bankUser,
+    });
+    return resp.data;
+  }
+
+  export async function createWithdrawalOperation(
+    bank: BankServiceInterface,
+    bankUser: BankUser,
+    amount: string,
+  ): Promise<WithdrawalOperationInfo> {
+    const url = new URL(
+      `accounts/${bankUser.username}/withdrawals`,
+      bank.baseUrl,
+    );
+    const resp = await axios.post(
+      url.href,
+      {
+        amount,
+      },
+      {
+        auth: bankUser,
+      },
+    );
+    return codecForWithdrawalOperationInfo().decode(resp.data);
+  }
+}
+
+export namespace BankApi {
+  export async function registerAccount(
+    bank: BankServiceInterface,
+    username: string,
+    password: string,
+  ): Promise<BankUser> {
+    const url = new URL("testing/register", bank.baseUrl);
+    await axios.post(url.href, {
+      username,
+      password,
+    });
+    return {
+      password,
+      username,
+      accountPaytoUri: `payto://x-taler-bank/localhost/${username}`,
+    };
+  }
+
+  export async function createRandomBankUser(
+    bank: BankServiceInterface,
+  ): Promise<BankUser> {
+    const username = "user-" + encodeCrock(getRandomBytes(10));
+    const password = "pw-" + encodeCrock(getRandomBytes(10));
+    return await registerAccount(bank, username, password);
+  }
+
+  export async function adminAddIncoming(
+    bank: BankServiceInterface,
+    params: {
+      exchangeBankAccount: HarnessExchangeBankAccount;
+      amount: string;
+      reservePub: string;
+      debitAccountPayto: string;
+    },
+  ) {
+    const url = new URL(
+      `taler-wire-gateway/${params.exchangeBankAccount.accountName}/admin/add-incoming`,
+      bank.baseUrl,
+    );
+    await axios.post(
+      url.href,
+      {
+        amount: params.amount,
+        reserve_pub: params.reservePub,
+        debit_account: params.debitAccountPayto,
+      },
+      {
+        auth: {
+          username: params.exchangeBankAccount.accountName,
+          password: params.exchangeBankAccount.accountPassword,
+        },
+      },
+    );
+  }
+
+  export async function confirmWithdrawalOperation(
+    bank: BankServiceInterface,
+    bankUser: BankUser,
+    wopi: WithdrawalOperationInfo,
+  ): Promise<void> {
+    const url = new URL(
+      `accounts/${bankUser.username}/withdrawals/${wopi.withdrawal_id}/confirm`,
+      bank.baseUrl,
+    );
+    await axios.post(
+      url.href,
+      {},
+      {
+        auth: bankUser,
+      },
+    );
+  }
+
+  export async function abortWithdrawalOperation(
+    bank: BankServiceInterface,
+    bankUser: BankUser,
+    wopi: WithdrawalOperationInfo,
+  ): Promise<void> {
+    const url = new URL(
+      `accounts/${bankUser.username}/withdrawals/${wopi.withdrawal_id}/abort`,
+      bank.baseUrl,
+    );
+    await axios.post(
+      url.href,
+      {},
+      {
+        auth: bankUser,
+      },
+    );
+  }
+}
+
+export class BankService implements BankServiceInterface {
+  proc: ProcessWrapper | undefined;
+
+  static fromExistingConfig(gc: GlobalTestState): BankService {
+    const cfgFilename = gc.testDir + "/bank.conf";
+    console.log("reading bank config from", cfgFilename);
+    const config = Configuration.load(cfgFilename);
+    const bc: BankConfig = {
+      allowRegistrations: config
+        .getYesNo("bank", "allow_registrations")
+        .required(),
+      currency: config.getString("taler", "currency").required(),
+      database: config.getString("bank", "database").required(),
+      httpPort: config.getNumber("bank", "http_port").required(),
+    };
+    return new BankService(gc, bc, cfgFilename);
+  }
+
+  static async create(
+    gc: GlobalTestState,
+    bc: BankConfig,
+  ): Promise<BankService> {
+    const config = new Configuration();
+    setTalerPaths(config, gc.testDir + "/talerhome");
+    config.setString("taler", "currency", bc.currency);
+    config.setString("bank", "database", bc.database);
+    config.setString("bank", "http_port", `${bc.httpPort}`);
+    config.setString("bank", "serve", "http");
+    config.setString("bank", "max_debt_bank", `${bc.currency}:999999`);
+    config.setString("bank", "max_debt", bc.maxDebt ?? `${bc.currency}:100`);
+    config.setString(
+      "bank",
+      "allow_registrations",
+      bc.allowRegistrations ? "yes" : "no",
+    );
+    const cfgFilename = gc.testDir + "/bank.conf";
+    config.write(cfgFilename);
+
+    await sh(
+      gc,
+      "taler-bank-manage_django",
+      `taler-bank-manage -c '${cfgFilename}' django migrate`,
+    );
+    await sh(
+      gc,
+      "taler-bank-manage_django",
+      `taler-bank-manage -c '${cfgFilename}' django provide_accounts`,
+    );
+
+    return new BankService(gc, bc, cfgFilename);
+  }
+
+  setSuggestedExchange(e: ExchangeServiceInterface, exchangePayto: string) {
+    const config = Configuration.load(this.configFile);
+    config.setString("bank", "suggested_exchange", e.baseUrl);
+    config.setString("bank", "suggested_exchange_payto", exchangePayto);
+  }
+
+  get baseUrl(): string {
+    return `http://localhost:${this.bankConfig.httpPort}/`;
+  }
+
+  async createExchangeAccount(
+    accountName: string,
+    password: string,
+  ): Promise<HarnessExchangeBankAccount> {
+    await sh(
+      this.globalTestState,
+      "taler-bank-manage_django",
+      `taler-bank-manage -c '${this.configFile}' django add_bank_account ${accountName}`,
+    );
+    await sh(
+      this.globalTestState,
+      "taler-bank-manage_django",
+      `taler-bank-manage -c '${this.configFile}' django changepassword_unsafe ${accountName} ${password}`,
+    );
+    await sh(
+      this.globalTestState,
+      "taler-bank-manage_django",
+      `taler-bank-manage -c '${this.configFile}' django top_up ${accountName} ${this.bankConfig.currency}:100000`,
+    );
+    return {
+      accountName: accountName,
+      accountPassword: password,
+      accountPaytoUri: `payto://x-taler-bank/${accountName}`,
+      wireGatewayApiBaseUrl: `http://localhost:${this.bankConfig.httpPort}/taler-wire-gateway/${accountName}/`,
+    };
+  }
+
+  get port() {
+    return this.bankConfig.httpPort;
+  }
+
+  private constructor(
+    private globalTestState: GlobalTestState,
+    private bankConfig: BankConfig,
+    private configFile: string,
+  ) {}
+
+  async start(): Promise<void> {
+    this.proc = this.globalTestState.spawnService(
+      "taler-bank-manage",
+      ["-c", this.configFile, "serve"],
+      "bank",
+    );
+  }
+
+  async pingUntilAvailable(): Promise<void> {
+    const url = `http://localhost:${this.bankConfig.httpPort}/config`;
+    await pingProc(this.proc, url, "bank");
+  }
+}
+
+export class FakeBankService {
+  proc: ProcessWrapper | undefined;
+
+  static fromExistingConfig(gc: GlobalTestState): FakeBankService {
+    const cfgFilename = gc.testDir + "/bank.conf";
+    console.log("reading fakebank config from", cfgFilename);
+    const config = Configuration.load(cfgFilename);
+    const bc: FakeBankConfig = {
+      currency: config.getString("taler", "currency").required(),
+      httpPort: config.getNumber("bank", "http_port").required(),
+    };
+    return new FakeBankService(gc, bc, cfgFilename);
+  }
+
+  static async create(
+    gc: GlobalTestState,
+    bc: FakeBankConfig,
+  ): Promise<FakeBankService> {
+    const config = new Configuration();
+    setTalerPaths(config, gc.testDir + "/talerhome");
+    config.setString("taler", "currency", bc.currency);
+    config.setString("bank", "http_port", `${bc.httpPort}`);
+    const cfgFilename = gc.testDir + "/bank.conf";
+    config.write(cfgFilename);
+    return new FakeBankService(gc, bc, cfgFilename);
+  }
+
+  get baseUrl(): string {
+    return `http://localhost:${this.bankConfig.httpPort}/`;
+  }
+
+  get port() {
+    return this.bankConfig.httpPort;
+  }
+
+  private constructor(
+    private globalTestState: GlobalTestState,
+    private bankConfig: FakeBankConfig,
+    private configFile: string,
+  ) {}
+
+  async start(): Promise<void> {
+    this.proc = this.globalTestState.spawnService(
+      "taler-fakebank-run",
+      ["-c", this.configFile],
+      "fakebank",
+    );
+  }
+
+  async pingUntilAvailable(): Promise<void> {
+    // Fakebank doesn't have "/config", so we ping just "/".
+    const url = `http://localhost:${this.bankConfig.httpPort}/`;
+    await pingProc(this.proc, url, "bank");
+  }
+}
+
+export interface BankUser {
+  username: string;
+  password: string;
+  accountPaytoUri: string;
+}
+
+export interface WithdrawalOperationInfo {
+  withdrawal_id: string;
+  taler_withdraw_uri: string;
+}
+
+const codecForWithdrawalOperationInfo = (): Codec<WithdrawalOperationInfo> =>
+  buildCodecForObject<WithdrawalOperationInfo>()
+    .property("withdrawal_id", codecForString())
+    .property("taler_withdraw_uri", codecForString())
+    .build("WithdrawalOperationInfo");
+
+export interface ExchangeConfig {
+  name: string;
+  currency: string;
+  roundUnit?: string;
+  httpPort: number;
+  database: string;
+}
+
+export interface ExchangeServiceInterface {
+  readonly baseUrl: string;
+  readonly port: number;
+  readonly name: string;
+  readonly masterPub: string;
+}
+
+export class ExchangeService implements ExchangeServiceInterface {
+  static fromExistingConfig(gc: GlobalTestState, exchangeName: string) {
+    const cfgFilename = gc.testDir + `/exchange-${exchangeName}.conf`;
+    const config = Configuration.load(cfgFilename);
+    const ec: ExchangeConfig = {
+      currency: config.getString("taler", "currency").required(),
+      database: config.getString("exchangedb-postgres", "config").required(),
+      httpPort: config.getNumber("exchange", "port").required(),
+      name: exchangeName,
+      roundUnit: config.getString("taler", "currency_round_unit").required(),
+    };
+    const privFile = config.getPath("exchange", "master_priv_file").required();
+    const eddsaPriv = fs.readFileSync(privFile);
+    const keyPair: EddsaKeyPair = {
+      eddsaPriv,
+      eddsaPub: eddsaGetPublic(eddsaPriv),
+    };
+    return new ExchangeService(gc, ec, cfgFilename, keyPair);
+  }
+
+  private currentTimetravel: Duration | undefined;
+
+  setTimetravel(t: Duration | undefined): void {
+    if (this.isRunning()) {
+      throw Error("can't set time travel while the exchange is running");
+    }
+    this.currentTimetravel = t;
+  }
+
+  private get timetravelArg(): string | undefined {
+    if (this.currentTimetravel && this.currentTimetravel.d_ms !== "forever") {
+      // Convert to microseconds
+      return `--timetravel=+${this.currentTimetravel.d_ms * 1000}`;
+    }
+    return undefined;
+  }
+
+  /**
+   * Return an empty array if no time travel is set,
+   * and an array with the time travel command line argument
+   * otherwise.
+   */
+  private get timetravelArgArr(): string[] {
+    const tta = this.timetravelArg;
+    if (tta) {
+      return [tta];
+    }
+    return [];
+  }
+
+  async runWirewatchOnce() {
+    await runCommand(
+      this.globalState,
+      `exchange-${this.name}-wirewatch-once`,
+      "taler-exchange-wirewatch",
+      [...this.timetravelArgArr, "-c", this.configFilename, "-t"],
+    );
+  }
+
+  async runAggregatorOnce() {
+    await runCommand(
+      this.globalState,
+      `exchange-${this.name}-aggregator-once`,
+      "taler-exchange-aggregator",
+      [...this.timetravelArgArr, "-c", this.configFilename, "-t"],
+    );
+  }
+
+  async runTransferOnce() {
+    await runCommand(
+      this.globalState,
+      `exchange-${this.name}-transfer-once`,
+      "taler-exchange-transfer",
+      [...this.timetravelArgArr, "-c", this.configFilename, "-t"],
+    );
+  }
+
+  changeConfig(f: (config: Configuration) => void) {
+    const config = Configuration.load(this.configFilename);
+    f(config);
+    config.write(this.configFilename);
+  }
+
+  static create(gc: GlobalTestState, e: ExchangeConfig) {
+    const config = new Configuration();
+    config.setString("taler", "currency", e.currency);
+    config.setString(
+      "taler",
+      "currency_round_unit",
+      e.roundUnit ?? `${e.currency}:0.01`,
+    );
+    setTalerPaths(config, gc.testDir + "/talerhome");
+    config.setString(
+      "exchange",
+      "revocation_dir",
+      "${TALER_DATA_HOME}/exchange/revocations",
+    );
+    config.setString("exchange", "max_keys_caching", "forever");
+    config.setString("exchange", "db", "postgres");
+    config.setString(
+      "exchange-offline",
+      "master_priv_file",
+      "${TALER_DATA_HOME}/exchange/offline-keys/master.priv",
+    );
+    config.setString("exchange", "serve", "tcp");
+    config.setString("exchange", "port", `${e.httpPort}`);
+
+    config.setString("exchangedb-postgres", "config", e.database);
+
+    config.setString("taler-exchange-secmod-eddsa", "lookahead_sign", "20 s");
+    config.setString("taler-exchange-secmod-rsa", "lookahead_sign", "20 s");
+
+    const exchangeMasterKey = createEddsaKeyPair();
+
+    config.setString(
+      "exchange",
+      "master_public_key",
+      encodeCrock(exchangeMasterKey.eddsaPub),
+    );
+
+    const masterPrivFile = config
+      .getPath("exchange-offline", "master_priv_file")
+      .required();
+
+    fs.mkdirSync(path.dirname(masterPrivFile), { recursive: true });
+
+    fs.writeFileSync(masterPrivFile, Buffer.from(exchangeMasterKey.eddsaPriv));
+
+    const cfgFilename = gc.testDir + `/exchange-${e.name}.conf`;
+    config.write(cfgFilename);
+    return new ExchangeService(gc, e, cfgFilename, exchangeMasterKey);
+  }
+
+  addOfferedCoins(offeredCoins: ((curr: string) => CoinConfig)[]) {
+    const config = Configuration.load(this.configFilename);
+    offeredCoins.forEach((cc) =>
+      setCoin(config, cc(this.exchangeConfig.currency)),
+    );
+    config.write(this.configFilename);
+  }
+
+  addCoinConfigList(ccs: CoinConfig[]) {
+    const config = Configuration.load(this.configFilename);
+    ccs.forEach((cc) => setCoin(config, cc));
+    config.write(this.configFilename);
+  }
+
+  get masterPub() {
+    return encodeCrock(this.keyPair.eddsaPub);
+  }
+
+  get port() {
+    return this.exchangeConfig.httpPort;
+  }
+
+  async addBankAccount(
+    localName: string,
+    exchangeBankAccount: HarnessExchangeBankAccount,
+  ): Promise<void> {
+    const config = Configuration.load(this.configFilename);
+    config.setString(
+      `exchange-account-${localName}`,
+      "wire_response",
+      `\${TALER_DATA_HOME}/exchange/account-${localName}.json`,
+    );
+    config.setString(
+      `exchange-account-${localName}`,
+      "payto_uri",
+      exchangeBankAccount.accountPaytoUri,
+    );
+    config.setString(`exchange-account-${localName}`, "enable_credit", "yes");
+    config.setString(`exchange-account-${localName}`, "enable_debit", "yes");
+    config.setString(
+      `exchange-accountcredentials-${localName}`,
+      "wire_gateway_url",
+      exchangeBankAccount.wireGatewayApiBaseUrl,
+    );
+    config.setString(
+      `exchange-accountcredentials-${localName}`,
+      "wire_gateway_auth_method",
+      "basic",
+    );
+    config.setString(
+      `exchange-accountcredentials-${localName}`,
+      "username",
+      exchangeBankAccount.accountName,
+    );
+    config.setString(
+      `exchange-accountcredentials-${localName}`,
+      "password",
+      exchangeBankAccount.accountPassword,
+    );
+    config.write(this.configFilename);
+  }
+
+  exchangeHttpProc: ProcessWrapper | undefined;
+  exchangeWirewatchProc: ProcessWrapper | undefined;
+
+  helperCryptoRsaProc: ProcessWrapper | undefined;
+  helperCryptoEddsaProc: ProcessWrapper | undefined;
+
+  constructor(
+    private globalState: GlobalTestState,
+    private exchangeConfig: ExchangeConfig,
+    private configFilename: string,
+    private keyPair: EddsaKeyPair,
+  ) {}
+
+  get name() {
+    return this.exchangeConfig.name;
+  }
+
+  get baseUrl() {
+    return `http://localhost:${this.exchangeConfig.httpPort}/`;
+  }
+
+  isRunning(): boolean {
+    return !!this.exchangeWirewatchProc || !!this.exchangeHttpProc;
+  }
+
+  async stop(): Promise<void> {
+    const wirewatch = this.exchangeWirewatchProc;
+    if (wirewatch) {
+      wirewatch.proc.kill("SIGTERM");
+      await wirewatch.wait();
+      this.exchangeWirewatchProc = undefined;
+    }
+    const httpd = this.exchangeHttpProc;
+    if (httpd) {
+      httpd.proc.kill("SIGTERM");
+      await httpd.wait();
+      this.exchangeHttpProc = undefined;
+    }
+    const cryptoRsa = this.helperCryptoRsaProc;
+    if (cryptoRsa) {
+      cryptoRsa.proc.kill("SIGTERM");
+      await cryptoRsa.wait();
+      this.helperCryptoRsaProc = undefined;
+    }
+    const cryptoEddsa = this.helperCryptoEddsaProc;
+    if (cryptoEddsa) {
+      cryptoEddsa.proc.kill("SIGTERM");
+      await cryptoEddsa.wait();
+      this.helperCryptoRsaProc = undefined;
+    }
+  }
+
+  /**
+   * Update keys signing the keys generated by the security module
+   * with the offline signing key.
+   */
+  async keyup(): Promise<void> {
+    await runCommand(
+      this.globalState,
+      "exchange-offline",
+      "taler-exchange-offline",
+      ["-c", this.configFilename, "download", "sign", "upload"],
+    );
+
+    const accounts: string[] = [];
+    const accountTargetTypes: Set<string> = new Set();
+
+    const config = Configuration.load(this.configFilename);
+    for (const sectionName of config.getSectionNames()) {
+      if (sectionName.startsWith("EXCHANGE-ACCOUNT-")) {
+        const paytoUri = config.getString(sectionName, "payto_uri").required();
+        const p = parsePaytoUri(paytoUri);
+        if (!p) {
+          throw Error(`invalid payto uri in exchange config: ${paytoUri}`);
+        }
+        accountTargetTypes.add(p?.targetType);
+        accounts.push(paytoUri);
+      }
+    }
+
+    console.log("configuring bank accounts", accounts);
+
+    for (const acc of accounts) {
+      await runCommand(
+        this.globalState,
+        "exchange-offline",
+        "taler-exchange-offline",
+        ["-c", this.configFilename, "enable-account", acc, "upload"],
+      );
+    }
+
+    const year = new Date().getFullYear();
+    for (const accTargetType of accountTargetTypes.values()) {
+      for (let i = year; i < year + 5; i++) {
+        await runCommand(
+          this.globalState,
+          "exchange-offline",
+          "taler-exchange-offline",
+          [
+            "-c",
+            this.configFilename,
+            "wire-fee",
+            `${i}`,
+            accTargetType,
+            `${this.exchangeConfig.currency}:0.01`,
+            `${this.exchangeConfig.currency}:0.01`,
+            "upload",
+          ],
+        );
+      }
+    }
+  }
+
+  async revokeDenomination(denomPubHash: string) {
+    if (!this.isRunning()) {
+      throw Error("exchange must be running when revoking denominations");
+    }
+    await runCommand(
+      this.globalState,
+      "exchange-offline",
+      "taler-exchange-offline",
+      [
+        "-c",
+        this.configFilename,
+        "revoke-denomination",
+        denomPubHash,
+        "upload",
+      ],
+    );
+  }
+
+  async purgeSecmodKeys(): Promise<void> {
+    const cfg = Configuration.load(this.configFilename);
+    const rsaKeydir = cfg
+      .getPath("taler-exchange-secmod-rsa", "KEY_DIR")
+      .required();
+    const eddsaKeydir = cfg
+      .getPath("taler-exchange-secmod-eddsa", "KEY_DIR")
+      .required();
+    // Be *VERY* careful when changing this, or you will accidentally delete user data.
+    await sh(this.globalState, "rm-secmod-keys", `rm -rf ${rsaKeydir}/COIN_*`);
+    await sh(this.globalState, "rm-secmod-keys", `rm ${eddsaKeydir}/*`);
+  }
+
+  async purgeDatabase(): Promise<void> {
+    await sh(
+      this.globalState,
+      "exchange-dbinit",
+      `taler-exchange-dbinit -r -c "${this.configFilename}"`,
+    );
+  }
+
+  async start(): Promise<void> {
+    if (this.isRunning()) {
+      throw Error("exchange is already running");
+    }
+    await sh(
+      this.globalState,
+      "exchange-dbinit",
+      `taler-exchange-dbinit -c "${this.configFilename}"`,
+    );
+
+    this.helperCryptoEddsaProc = this.globalState.spawnService(
+      "taler-exchange-secmod-eddsa",
+      ["-c", this.configFilename, "-LDEBUG", ...this.timetravelArgArr],
+      `exchange-crypto-eddsa-${this.name}`,
+    );
+
+    this.helperCryptoRsaProc = this.globalState.spawnService(
+      "taler-exchange-secmod-rsa",
+      ["-c", this.configFilename, "-LDEBUG", ...this.timetravelArgArr],
+      `exchange-crypto-rsa-${this.name}`,
+    );
+
+    this.exchangeWirewatchProc = this.globalState.spawnService(
+      "taler-exchange-wirewatch",
+      ["-c", this.configFilename, ...this.timetravelArgArr],
+      `exchange-wirewatch-${this.name}`,
+    );
+
+    this.exchangeHttpProc = this.globalState.spawnService(
+      "taler-exchange-httpd",
+      ["-c", this.configFilename, ...this.timetravelArgArr],
+      `exchange-httpd-${this.name}`,
+    );
+
+    await this.pingUntilAvailable();
+    await this.keyup();
+  }
+
+  async pingUntilAvailable(): Promise<void> {
+    // We request /management/keys, since /keys can block
+    // when we didn't do the key setup yet.
+    const url = `http://localhost:${this.exchangeConfig.httpPort}/management/keys`;
+    await pingProc(this.exchangeHttpProc, url, `exchange (${this.name})`);
+  }
+}
+
+export interface MerchantConfig {
+  name: string;
+  currency: string;
+  httpPort: number;
+  database: string;
+}
+
+export interface PrivateOrderStatusQuery {
+  instance?: string;
+  orderId: string;
+  sessionId?: string;
+}
+
+export interface MerchantServiceInterface {
+  makeInstanceBaseUrl(instanceName?: string): string;
+  readonly port: number;
+  readonly name: string;
+}
+
+export class MerchantApiClient {
+  constructor(
+    private baseUrl: string,
+    public readonly auth: MerchantAuthConfiguration,
+  ) {}
+
+  async changeAuth(auth: MerchantAuthConfiguration): Promise<void> {
+    const url = new URL("private/auth", this.baseUrl);
+    await axios.post(url.href, auth, {
+      headers: this.makeAuthHeader(),
+    });
+  }
+
+  async deleteInstance(instanceId: string) {
+    const url = new URL(`management/instances/${instanceId}`, this.baseUrl);
+    await axios.delete(url.href, {
+      headers: this.makeAuthHeader(),
+    });
+  }
+
+  async createInstance(req: MerchantInstanceConfig): Promise<void> {
+    const url = new URL("management/instances", this.baseUrl);
+    await axios.post(url.href, req, {
+      headers: this.makeAuthHeader(),
+    });
+  }
+
+  async getInstances(): Promise<MerchantInstancesResponse> {
+    const url = new URL("management/instances", this.baseUrl);
+    const resp = await axios.get(url.href, {
+      headers: this.makeAuthHeader(),
+    });
+    return resp.data;
+  }
+
+  async getInstanceFullDetails(instanceId: string): Promise<any> {
+    const url = new URL(`management/instances/${instanceId}`, this.baseUrl);
+    try {
+      const resp = await axios.get(url.href, {
+        headers: this.makeAuthHeader(),
+      });
+      return resp.data;
+    } catch (e) {
+      throw e;
+    }
+  }
+
+  makeAuthHeader(): Record<string, string> {
+    switch (this.auth.method) {
+      case "external":
+        return {};
+      case "token":
+        return {
+          Authorization: `Bearer ${this.auth.token}`,
+        };
+    }
+  }
+}
+
+/**
+ * FIXME:  This should be deprecated in favor of MerchantApiClient
+ */
+export namespace MerchantPrivateApi {
+  export async function createOrder(
+    merchantService: MerchantServiceInterface,
+    instanceName: string,
+    req: PostOrderRequest,
+    withAuthorization: WithAuthorization = {},
+  ): Promise<PostOrderResponse> {
+    const baseUrl = merchantService.makeInstanceBaseUrl(instanceName);
+    let url = new URL("private/orders", baseUrl);
+    const resp = await axios.post(url.href, req, {
+      headers: withAuthorization,
+    });
+    return codecForPostOrderResponse().decode(resp.data);
+  }
+
+  export async function queryPrivateOrderStatus(
+    merchantService: MerchantServiceInterface,
+    query: PrivateOrderStatusQuery,
+    withAuthorization: WithAuthorization = {},
+  ): Promise<MerchantOrderPrivateStatusResponse> {
+    const reqUrl = new URL(
+      `private/orders/${query.orderId}`,
+      merchantService.makeInstanceBaseUrl(query.instance),
+    );
+    if (query.sessionId) {
+      reqUrl.searchParams.set("session_id", query.sessionId);
+    }
+    const resp = await axios.get(reqUrl.href, { headers: withAuthorization });
+    return codecForMerchantOrderPrivateStatusResponse().decode(resp.data);
+  }
+
+  export async function giveRefund(
+    merchantService: MerchantServiceInterface,
+    r: {
+      instance: string;
+      orderId: string;
+      amount: string;
+      justification: string;
+    },
+  ): Promise<{ talerRefundUri: string }> {
+    const reqUrl = new URL(
+      `private/orders/${r.orderId}/refund`,
+      merchantService.makeInstanceBaseUrl(r.instance),
+    );
+    const resp = await axios.post(reqUrl.href, {
+      refund: r.amount,
+      reason: r.justification,
+    });
+    return {
+      talerRefundUri: resp.data.taler_refund_uri,
+    };
+  }
+
+  export async function createTippingReserve(
+    merchantService: MerchantServiceInterface,
+    instance: string,
+    req: CreateMerchantTippingReserveRequest,
+  ): Promise<CreateMerchantTippingReserveConfirmation> {
+    const reqUrl = new URL(
+      `private/reserves`,
+      merchantService.makeInstanceBaseUrl(instance),
+    );
+    const resp = await axios.post(reqUrl.href, req);
+    // FIXME: validate
+    return resp.data;
+  }
+
+  export async function queryTippingReserves(
+    merchantService: MerchantServiceInterface,
+    instance: string,
+  ): Promise<TippingReserveStatus> {
+    const reqUrl = new URL(
+      `private/reserves`,
+      merchantService.makeInstanceBaseUrl(instance),
+    );
+    const resp = await axios.get(reqUrl.href);
+    // FIXME: validate
+    return resp.data;
+  }
+
+  export async function giveTip(
+    merchantService: MerchantServiceInterface,
+    instance: string,
+    req: TipCreateRequest,
+  ): Promise<TipCreateConfirmation> {
+    const reqUrl = new URL(
+      `private/tips`,
+      merchantService.makeInstanceBaseUrl(instance),
+    );
+    const resp = await axios.post(reqUrl.href, req);
+    // FIXME: validate
+    return resp.data;
+  }
+}
+
+export interface CreateMerchantTippingReserveRequest {
+  // Amount that the merchant promises to put into the reserve
+  initial_balance: AmountString;
+
+  // Exchange the merchant intends to use for tipping
+  exchange_url: string;
+
+  // Desired wire method, for example "iban" or "x-taler-bank"
+  wire_method: string;
+}
+
+export interface CreateMerchantTippingReserveConfirmation {
+  // Public key identifying the reserve
+  reserve_pub: string;
+
+  // Wire account of the exchange where to transfer the funds
+  payto_uri: string;
+}
+
+export class MerchantService implements MerchantServiceInterface {
+  static fromExistingConfig(gc: GlobalTestState, name: string) {
+    const cfgFilename = gc.testDir + `/merchant-${name}.conf`;
+    const config = Configuration.load(cfgFilename);
+    const mc: MerchantConfig = {
+      currency: config.getString("taler", "currency").required(),
+      database: config.getString("merchantdb-postgres", "config").required(),
+      httpPort: config.getNumber("merchant", "port").required(),
+      name,
+    };
+    return new MerchantService(gc, mc, cfgFilename);
+  }
+
+  proc: ProcessWrapper | undefined;
+
+  constructor(
+    private globalState: GlobalTestState,
+    private merchantConfig: MerchantConfig,
+    private configFilename: string,
+  ) {}
+
+  private currentTimetravel: Duration | undefined;
+
+  private isRunning(): boolean {
+    return !!this.proc;
+  }
+
+  setTimetravel(t: Duration | undefined): void {
+    if (this.isRunning()) {
+      throw Error("can't set time travel while the exchange is running");
+    }
+    this.currentTimetravel = t;
+  }
+
+  private get timetravelArg(): string | undefined {
+    if (this.currentTimetravel && this.currentTimetravel.d_ms !== "forever") {
+      // Convert to microseconds
+      return `--timetravel=+${this.currentTimetravel.d_ms * 1000}`;
+    }
+    return undefined;
+  }
+
+  /**
+   * Return an empty array if no time travel is set,
+   * and an array with the time travel command line argument
+   * otherwise.
+   */
+  private get timetravelArgArr(): string[] {
+    const tta = this.timetravelArg;
+    if (tta) {
+      return [tta];
+    }
+    return [];
+  }
+
+  get port(): number {
+    return this.merchantConfig.httpPort;
+  }
+
+  get name(): string {
+    return this.merchantConfig.name;
+  }
+
+  async stop(): Promise<void> {
+    const httpd = this.proc;
+    if (httpd) {
+      httpd.proc.kill("SIGTERM");
+      await httpd.wait();
+      this.proc = undefined;
+    }
+  }
+
+  async start(): Promise<void> {
+    await exec(`taler-merchant-dbinit -c "${this.configFilename}"`);
+
+    this.proc = this.globalState.spawnService(
+      "taler-merchant-httpd",
+      ["-LDEBUG", "-c", this.configFilename, ...this.timetravelArgArr],
+      `merchant-${this.merchantConfig.name}`,
+    );
+  }
+
+  static async create(
+    gc: GlobalTestState,
+    mc: MerchantConfig,
+  ): Promise<MerchantService> {
+    const config = new Configuration();
+    config.setString("taler", "currency", mc.currency);
+
+    const cfgFilename = gc.testDir + `/merchant-${mc.name}.conf`;
+    setTalerPaths(config, gc.testDir + "/talerhome");
+    config.setString("merchant", "serve", "tcp");
+    config.setString("merchant", "port", `${mc.httpPort}`);
+    config.setString(
+      "merchant",
+      "keyfile",
+      "${TALER_DATA_HOME}/merchant/merchant.priv",
+    );
+    config.setString("merchantdb-postgres", "config", mc.database);
+    config.write(cfgFilename);
+
+    return new MerchantService(gc, mc, cfgFilename);
+  }
+
+  addExchange(e: ExchangeServiceInterface): void {
+    const config = Configuration.load(this.configFilename);
+    config.setString(
+      `merchant-exchange-${e.name}`,
+      "exchange_base_url",
+      e.baseUrl,
+    );
+    config.setString(
+      `merchant-exchange-${e.name}`,
+      "currency",
+      this.merchantConfig.currency,
+    );
+    config.setString(`merchant-exchange-${e.name}`, "master_key", e.masterPub);
+    config.write(this.configFilename);
+  }
+
+  async addDefaultInstance(): Promise<void> {
+    return await this.addInstance({
+      id: "default",
+      name: "Default Instance",
+      paytoUris: [`payto://x-taler-bank/merchant-default`],
+      auth: {
+        method: "external",
+      },
+    });
+  }
+
+  async addInstance(
+    instanceConfig: PartialMerchantInstanceConfig,
+  ): Promise<void> {
+    if (!this.proc) {
+      throw Error("merchant must be running to add instance");
+    }
+    console.log("adding instance");
+    const url = `http://localhost:${this.merchantConfig.httpPort}/management/instances`;
+    const auth = instanceConfig.auth ?? { method: "external" };
+    await axios.post(url, {
+      auth,
+      payto_uris: instanceConfig.paytoUris,
+      id: instanceConfig.id,
+      name: instanceConfig.name,
+      address: instanceConfig.address ?? {},
+      jurisdiction: instanceConfig.jurisdiction ?? {},
+      default_max_wire_fee:
+        instanceConfig.defaultMaxWireFee ??
+        `${this.merchantConfig.currency}:1.0`,
+      default_wire_fee_amortization:
+        instanceConfig.defaultWireFeeAmortization ?? 3,
+      default_max_deposit_fee:
+        instanceConfig.defaultMaxDepositFee ??
+        `${this.merchantConfig.currency}:1.0`,
+      default_wire_transfer_delay: instanceConfig.defaultWireTransferDelay ?? {
+        d_ms: "forever",
+      },
+      default_pay_delay: instanceConfig.defaultPayDelay ?? { d_ms: "forever" },
+    });
+  }
+
+  makeInstanceBaseUrl(instanceName?: string): string {
+    if (instanceName === undefined || instanceName === "default") {
+      return `http://localhost:${this.merchantConfig.httpPort}/`;
+    } else {
+      return `http://localhost:${this.merchantConfig.httpPort}/instances/${instanceName}/`;
+    }
+  }
+
+  async pingUntilAvailable(): Promise<void> {
+    const url = `http://localhost:${this.merchantConfig.httpPort}/config`;
+    await pingProc(this.proc, url, `merchant (${this.merchantConfig.name})`);
+  }
+}
+
+export interface MerchantAuthConfiguration {
+  method: "external" | "token";
+  token?: string;
+}
+
+export interface PartialMerchantInstanceConfig {
+  auth?: MerchantAuthConfiguration;
+  id: string;
+  name: string;
+  paytoUris: string[];
+  address?: unknown;
+  jurisdiction?: unknown;
+  defaultMaxWireFee?: string;
+  defaultMaxDepositFee?: string;
+  defaultWireFeeAmortization?: number;
+  defaultWireTransferDelay?: Duration;
+  defaultPayDelay?: Duration;
+}
+
+export interface MerchantInstanceConfig {
+  auth: MerchantAuthConfiguration;
+  id: string;
+  name: string;
+  payto_uris: string[];
+  address: unknown;
+  jurisdiction: unknown;
+  default_max_wire_fee: string;
+  default_max_deposit_fee: string;
+  default_wire_fee_amortization: number;
+  default_wire_transfer_delay: Duration;
+  default_pay_delay: Duration;
+}
+
+type TestStatus = "pass" | "fail" | "skip";
+
+export interface TestRunResult {
+  /**
+   * Name of the test.
+   */
+  name: string;
+
+  /**
+   * How long did the test run?
+   */
+  timeSec: number;
+
+  status: TestStatus;
+
+  reason?: string;
+}
+
+export async function runTestWithState(
+  gc: GlobalTestState,
+  testMain: (t: GlobalTestState) => Promise<void>,
+  testName: string,
+  linger: boolean = false,
+): Promise<TestRunResult> {
+  const startMs = new Date().getTime();
+
+  const p = openPromise();
+  let status: TestStatus;
+
+  const handleSignal = (s: string) => {
+    console.warn(
+      `**** received fatal process event, terminating test ${testName}`,
+    );
+    gc.shutdownSync();
+    process.exit(1);
+  };
+
+  process.on("SIGINT", handleSignal);
+  process.on("SIGTERM", handleSignal);
+  process.on("unhandledRejection", handleSignal);
+  process.on("uncaughtException", handleSignal);
+
+  try {
+    console.log("running test in directory", gc.testDir);
+    await Promise.race([testMain(gc), p.promise]);
+    status = "pass";
+    if (linger) {
+      const rl = readline.createInterface({
+        input: process.stdin,
+        output: process.stdout,
+        terminal: true,
+      });
+      await new Promise<void>((resolve, reject) => {
+        rl.question("Press enter to shut down test.", () => {
+          resolve();
+        });
+      });
+      rl.close();
+    }
+  } catch (e) {
+    console.error("FATAL: test failed with exception", e);
+    status = "fail";
+  } finally {
+    await gc.shutdown();
+  }
+  const afterMs = new Date().getTime();
+  return {
+    name: testName,
+    timeSec: (afterMs - startMs) / 1000,
+    status,
+  };
+}
+
+function shellWrap(s: string) {
+  return "'" + s.replace("\\", "\\\\").replace("'", "\\'") + "'";
+}
+
+export class WalletCli {
+  private currentTimetravel: Duration | undefined;
+  private _client: WalletCoreApiClient;
+
+  setTimetravel(d: Duration | undefined) {
+    this.currentTimetravel = d;
+  }
+
+  private get timetravelArg(): string | undefined {
+    if (this.currentTimetravel && this.currentTimetravel.d_ms !== "forever") {
+      // Convert to microseconds
+      return `--timetravel=${this.currentTimetravel.d_ms * 1000}`;
+    }
+    return undefined;
+  }
+
+  constructor(
+    private globalTestState: GlobalTestState,
+    private name: string = "default",
+  ) {
+    const self = this;
+    this._client = {
+      async call(op: any, payload: any): Promise<any> {
+        console.log("calling wallet with timetravel arg", self.timetravelArg);
+        const resp = await sh(
+          self.globalTestState,
+          `wallet-${self.name}`,
+          `taler-wallet-cli ${
+            self.timetravelArg ?? ""
+          } --no-throttle --wallet-db '${self.dbfile}' api '${op}' ${shellWrap(
+            JSON.stringify(payload),
+          )}`,
+        );
+        console.log(resp);
+        const ar = JSON.parse(resp) as CoreApiResponse;
+        if (ar.type === "error") {
+          throw new OperationFailedError(ar.error);
+        } else {
+          return ar.result;
+        }
+      },
+    };
+  }
+
+  get dbfile(): string {
+    return this.globalTestState.testDir + `/walletdb-${this.name}.json`;
+  }
+
+  deleteDatabase() {
+    fs.unlinkSync(this.dbfile);
+  }
+
+  private get timetravelArgArr(): string[] {
+    const tta = this.timetravelArg;
+    if (tta) {
+      return [tta];
+    }
+    return [];
+  }
+
+  get client(): WalletCoreApiClient {
+    return this._client;
+  }
+
+  async runUntilDone(args: { maxRetries?: number } = {}): Promise<void> {
+    await runCommand(
+      this.globalTestState,
+      `wallet-${this.name}`,
+      "taler-wallet-cli",
+      [
+        "--no-throttle",
+        ...this.timetravelArgArr,
+        "--wallet-db",
+        this.dbfile,
+        "run-until-done",
+        ...(args.maxRetries ? ["--max-retries", `${args.maxRetries}`] : []),
+      ],
+    );
+  }
+
+  async runPending(): Promise<void> {
+    await runCommand(
+      this.globalTestState,
+      `wallet-${this.name}`,
+      "taler-wallet-cli",
+      [
+        "--no-throttle",
+        ...this.timetravelArgArr,
+        "--wallet-db",
+        this.dbfile,
+        "run-pending",
+      ],
+    );
+  }
+}
diff --git a/packages/taler-wallet-cli/src/harness/helpers.ts b/packages/taler-wallet-cli/src/harness/helpers.ts
new file mode 100644
index 000000000..3b4e1643f
--- /dev/null
+++ b/packages/taler-wallet-cli/src/harness/helpers.ts
@@ -0,0 +1,406 @@
+/*
+ This file is part of GNU Taler
+ (C) 2020 Taler Systems S.A.
+
+ GNU Taler is free software; you can redistribute it and/or modify it under the
+ terms of the GNU General Public License as published by the Free Software
+ Foundation; either version 3, or (at your option) any later version.
+
+ GNU Taler is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along with
+ GNU Taler; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
+ */
+
+/**
+ * Helpers to create typical test environments.
+ *
+ * @author Florian Dold <dold@taler.net>
+ */
+
+/**
+ * Imports
+ */
+import {
+  FaultInjectedExchangeService,
+  FaultInjectedMerchantService,
+} from "./faultInjection";
+import { CoinConfig, defaultCoinConfig } from "./denomStructures";
+import {
+  AmountString,
+  Duration,
+  ContractTerms,
+  PreparePayResultType,
+  ConfirmPayResultType,
+} from "@gnu-taler/taler-util";
+import {
+  DbInfo,
+  BankService,
+  ExchangeService,
+  MerchantService,
+  WalletCli,
+  GlobalTestState,
+  setupDb,
+  ExchangeServiceInterface,
+  BankApi,
+  BankAccessApi,
+  MerchantServiceInterface,
+  MerchantPrivateApi,
+  HarnessExchangeBankAccount,
+  WithAuthorization,
+} from "./harness.js";
+import { WalletApiOperation } from "@gnu-taler/taler-wallet-core";
+
+export interface SimpleTestEnvironment {
+  commonDb: DbInfo;
+  bank: BankService;
+  exchange: ExchangeService;
+  exchangeBankAccount: HarnessExchangeBankAccount;
+  merchant: MerchantService;
+  wallet: WalletCli;
+}
+
+export function getRandomIban(countryCode: string): string {
+  return `${countryCode}715001051796${(Math.random() * 100000000)
+    .toString()
+    .substring(0, 6)}`;
+}
+
+export function getRandomString(): string {
+  return Math.random().toString(36).substring(2);
+}
+
+/**
+ * Run a test case with a simple TESTKUDOS Taler environment, consisting
+ * of one exchange, one bank and one merchant.
+ */
+export async function createSimpleTestkudosEnvironment(
+  t: GlobalTestState,
+  coinConfig: CoinConfig[] = defaultCoinConfig.map((x) => x("TESTKUDOS")),
+): Promise<SimpleTestEnvironment> {
+  const db = await setupDb(t);
+
+  const bank = await BankService.create(t, {
+    allowRegistrations: true,
+    currency: "TESTKUDOS",
+    database: db.connStr,
+    httpPort: 8082,
+  });
+
+  const exchange = ExchangeService.create(t, {
+    name: "testexchange-1",
+    currency: "TESTKUDOS",
+    httpPort: 8081,
+    database: db.connStr,
+  });
+
+  const merchant = await MerchantService.create(t, {
+    name: "testmerchant-1",
+    currency: "TESTKUDOS",
+    httpPort: 8083,
+    database: db.connStr,
+  });
+
+  const exchangeBankAccount = await bank.createExchangeAccount(
+    "MyExchange",
+    "x",
+  );
+  exchange.addBankAccount("1", exchangeBankAccount);
+
+  bank.setSuggestedExchange(exchange, exchangeBankAccount.accountPaytoUri);
+
+  await bank.start();
+
+  await bank.pingUntilAvailable();
+
+  exchange.addCoinConfigList(coinConfig);
+
+  await exchange.start();
+  await exchange.pingUntilAvailable();
+
+  merchant.addExchange(exchange);
+
+  await merchant.start();
+  await merchant.pingUntilAvailable();
+
+  await merchant.addInstance({
+    id: "default",
+    name: "Default Instance",
+    paytoUris: [`payto://x-taler-bank/merchant-default`],
+  });
+
+  await merchant.addInstance({
+    id: "minst1",
+    name: "minst1",
+    paytoUris: ["payto://x-taler-bank/minst1"],
+  });
+
+  console.log("setup done!");
+
+  const wallet = new WalletCli(t);
+
+  return {
+    commonDb: db,
+    exchange,
+    merchant,
+    wallet,
+    bank,
+    exchangeBankAccount,
+  };
+}
+
+export interface FaultyMerchantTestEnvironment {
+  commonDb: DbInfo;
+  bank: BankService;
+  exchange: ExchangeService;
+  faultyExchange: FaultInjectedExchangeService;
+  exchangeBankAccount: HarnessExchangeBankAccount;
+  merchant: MerchantService;
+  faultyMerchant: FaultInjectedMerchantService;
+  wallet: WalletCli;
+}
+
+/**
+ * Run a test case with a simple TESTKUDOS Taler environment, consisting
+ * of one exchange, one bank and one merchant.
+ */
+export async function createFaultInjectedMerchantTestkudosEnvironment(
+  t: GlobalTestState,
+): Promise<FaultyMerchantTestEnvironment> {
+  const db = await setupDb(t);
+
+  const bank = await BankService.create(t, {
+    allowRegistrations: true,
+    currency: "TESTKUDOS",
+    database: db.connStr,
+    httpPort: 8082,
+  });
+
+  const exchange = ExchangeService.create(t, {
+    name: "testexchange-1",
+    currency: "TESTKUDOS",
+    httpPort: 8081,
+    database: db.connStr,
+  });
+
+  const merchant = await MerchantService.create(t, {
+    name: "testmerchant-1",
+    currency: "TESTKUDOS",
+    httpPort: 8083,
+    database: db.connStr,
+  });
+
+  const faultyMerchant = new FaultInjectedMerchantService(t, merchant, 9083);
+  const faultyExchange = new FaultInjectedExchangeService(t, exchange, 9081);
+
+  const exchangeBankAccount = await bank.createExchangeAccount(
+    "MyExchange",
+    "x",
+  );
+  exchange.addBankAccount("1", exchangeBankAccount);
+
+  bank.setSuggestedExchange(
+    faultyExchange,
+    exchangeBankAccount.accountPaytoUri,
+  );
+
+  await bank.start();
+
+  await bank.pingUntilAvailable();
+
+  exchange.addOfferedCoins(defaultCoinConfig);
+
+  await exchange.start();
+  await exchange.pingUntilAvailable();
+
+  merchant.addExchange(faultyExchange);
+
+  await merchant.start();
+  await merchant.pingUntilAvailable();
+
+  await merchant.addInstance({
+    id: "default",
+    name: "Default Instance",
+    paytoUris: [`payto://x-taler-bank/merchant-default`],
+  });
+
+  await merchant.addInstance({
+    id: "minst1",
+    name: "minst1",
+    paytoUris: ["payto://x-taler-bank/minst1"],
+  });
+
+  console.log("setup done!");
+
+  const wallet = new WalletCli(t);
+
+  return {
+    commonDb: db,
+    exchange,
+    merchant,
+    wallet,
+    bank,
+    exchangeBankAccount,
+    faultyMerchant,
+    faultyExchange,
+  };
+}
+
+/**
+ * Withdraw balance.
+ */
+export async function startWithdrawViaBank(
+  t: GlobalTestState,
+  p: {
+    wallet: WalletCli;
+    bank: BankService;
+    exchange: ExchangeServiceInterface;
+    amount: AmountString;
+  },
+): Promise<void> {
+  const { wallet, bank, exchange, amount } = p;
+
+  const user = await BankApi.createRandomBankUser(bank);
+  const wop = await BankAccessApi.createWithdrawalOperation(bank, user, amount);
+
+  // Hand it to the wallet
+
+  await wallet.client.call(WalletApiOperation.GetWithdrawalDetailsForUri, {
+    talerWithdrawUri: wop.taler_withdraw_uri,
+  });
+
+  await wallet.runPending();
+
+  // Confirm it
+
+  await BankApi.confirmWithdrawalOperation(bank, user, wop);
+
+  // Withdraw
+
+  await wallet.client.call(WalletApiOperation.AcceptBankIntegratedWithdrawal, {
+    exchangeBaseUrl: exchange.baseUrl,
+    talerWithdrawUri: wop.taler_withdraw_uri,
+  });
+}
+
+/**
+ * Withdraw balance.
+ */
+export async function withdrawViaBank(
+  t: GlobalTestState,
+  p: {
+    wallet: WalletCli;
+    bank: BankService;
+    exchange: ExchangeServiceInterface;
+    amount: AmountString;
+  },
+): Promise<void> {
+  const { wallet } = p;
+
+  await startWithdrawViaBank(t, p);
+
+  await wallet.runUntilDone();
+
+  // Check balance
+
+  await wallet.client.call(WalletApiOperation.GetBalances, {});
+}
+
+export async function applyTimeTravel(
+  timetravelDuration: Duration,
+  s: {
+    exchange?: ExchangeService;
+    merchant?: MerchantService;
+    wallet?: WalletCli;
+  },
+): Promise<void> {
+  if (s.exchange) {
+    await s.exchange.stop();
+    s.exchange.setTimetravel(timetravelDuration);
+    await s.exchange.start();
+    await s.exchange.pingUntilAvailable();
+  }
+
+  if (s.merchant) {
+    await s.merchant.stop();
+    s.merchant.setTimetravel(timetravelDuration);
+    await s.merchant.start();
+    await s.merchant.pingUntilAvailable();
+  }
+
+  if (s.wallet) {
+    s.wallet.setTimetravel(timetravelDuration);
+  }
+}
+
+/**
+ * Make a simple payment and check that it succeeded.
+ */
+export async function makeTestPayment(
+  t: GlobalTestState,
+  args: {
+    merchant: MerchantServiceInterface;
+    wallet: WalletCli;
+    order: Partial<ContractTerms>;
+    instance?: string;
+  },
+  auth: WithAuthorization = {},
+): Promise<void> {
+  // Set up order.
+
+  const { wallet, merchant } = args;
+  const instance = args.instance ?? "default";
+
+  const orderResp = await MerchantPrivateApi.createOrder(
+    merchant,
+    instance,
+    {
+      order: args.order,
+    },
+    auth,
+  );
+
+  let orderStatus = await MerchantPrivateApi.queryPrivateOrderStatus(
+    merchant,
+    {
+      orderId: orderResp.order_id,
+    },
+    auth,
+  );
+
+  t.assertTrue(orderStatus.order_status === "unpaid");
+
+  // Make wallet pay for the order
+
+  const preparePayResult = await wallet.client.call(
+    WalletApiOperation.PreparePayForUri,
+    {
+      talerPayUri: orderStatus.taler_pay_uri,
+    },
+  );
+
+  t.assertTrue(
+    preparePayResult.status === PreparePayResultType.PaymentPossible,
+  );
+
+  const r2 = await wallet.client.call(WalletApiOperation.ConfirmPay, {
+    proposalId: preparePayResult.proposalId,
+  });
+
+  t.assertTrue(r2.type === ConfirmPayResultType.Done);
+
+  // Check if payment was successful.
+
+  orderStatus = await MerchantPrivateApi.queryPrivateOrderStatus(
+    merchant,
+    {
+      orderId: orderResp.order_id,
+      instance,
+    },
+    auth,
+  );
+
+  t.assertTrue(orderStatus.order_status === "paid");
+}
diff --git a/packages/taler-wallet-cli/src/harness/libeufin.ts b/packages/taler-wallet-cli/src/harness/libeufin.ts
new file mode 100644
index 000000000..11447b389
--- /dev/null
+++ b/packages/taler-wallet-cli/src/harness/libeufin.ts
@@ -0,0 +1,1676 @@
+/*
+ This file is part of GNU Taler
+ (C) 2021 Taler Systems S.A.
+
+ GNU Taler is free software; you can redistribute it and/or modify it under the
+ terms of the GNU General Public License as published by the Free Software
+ Foundation; either version 3, or (at your option) any later version.
+
+ GNU Taler is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along with
+ GNU Taler; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
+ */
+
+/**
+ * Imports.
+ */
+import axios from "axios";
+import { URL } from "@gnu-taler/taler-util";
+import { getRandomIban, getRandomString } from "../harness/helpers.js";
+import {
+  GlobalTestState,
+  DbInfo,
+  pingProc,
+  ProcessWrapper,
+  runCommand,
+  setupDb,
+  sh,
+} from "../harness/harness.js";
+
+export interface LibeufinSandboxServiceInterface {
+  baseUrl: string;
+}
+
+export interface LibeufinNexusServiceInterface {
+  baseUrl: string;
+}
+
+export interface LibeufinServices {
+  libeufinSandbox: LibeufinSandboxService;
+  libeufinNexus: LibeufinNexusService;
+  commonDb: DbInfo;
+}
+
+export interface LibeufinSandboxConfig {
+  httpPort: number;
+  databaseJdbcUri: string;
+}
+
+export interface LibeufinNexusConfig {
+  httpPort: number;
+  databaseJdbcUri: string;
+}
+
+export interface DeleteBankConnectionRequest {
+  bankConnectionId: string;
+}
+
+interface LibeufinNexusMoneyMovement {
+  amount: string;
+  creditDebitIndicator: string;
+  details: {
+    debtor: {
+      name: string;
+    };
+    debtorAccount: {
+      iban: string;
+    };
+    debtorAgent: {
+      bic: string;
+    };
+    creditor: {
+      name: string;
+    };
+    creditorAccount: {
+      iban: string;
+    };
+    creditorAgent: {
+      bic: string;
+    };
+    endToEndId: string;
+    unstructuredRemittanceInformation: string;
+  };
+}
+
+interface LibeufinNexusBatches {
+  batchTransactions: Array<LibeufinNexusMoneyMovement>;
+}
+
+interface LibeufinNexusTransaction {
+  amount: string;
+  creditDebitIndicator: string;
+  status: string;
+  bankTransactionCode: string;
+  valueDate: string;
+  bookingDate: string;
+  accountServicerRef: string;
+  batches: Array<LibeufinNexusBatches>;
+}
+
+interface LibeufinNexusTransactions {
+  transactions: Array<LibeufinNexusTransaction>;
+}
+
+export interface LibeufinCliDetails {
+  nexusUrl: string;
+  sandboxUrl: string;
+  nexusDatabaseUri: string;
+  sandboxDatabaseUri: string;
+  user: LibeufinNexusUser;
+}
+
+export interface LibeufinEbicsSubscriberDetails {
+  hostId: string;
+  partnerId: string;
+  userId: string;
+}
+
+export interface LibeufinEbicsConnectionDetails {
+  subscriberDetails: LibeufinEbicsSubscriberDetails;
+  ebicsUrl: string;
+  connectionName: string;
+}
+
+export interface LibeufinBankAccountDetails {
+  currency: string;
+  iban: string;
+  bic: string;
+  personName: string;
+  accountName: string;
+}
+
+export interface LibeufinNexusUser {
+  username: string;
+  password: string;
+}
+
+export interface LibeufinBackupFileDetails {
+  passphrase: string;
+  outputFile: string;
+  connectionName: string;
+}
+
+export interface LibeufinKeyLetterDetails {
+  outputFile: string;
+  connectionName: string;
+}
+
+export interface LibeufinBankAccountImportDetails {
+  offeredBankAccountName: string;
+  nexusBankAccountName: string;
+  connectionName: string;
+}
+
+export interface BankAccountInfo {
+  iban: string;
+  bic: string;
+  name: string;
+  currency: string;
+  label: string;
+}
+
+export interface LibeufinPreparedPaymentDetails {
+  creditorIban: string;
+  creditorBic: string;
+  creditorName: string;
+  subject: string;
+  amount: string;
+  currency: string;
+  nexusBankAccountName: string;
+}
+
+export interface LibeufinSandboxAddIncomingRequest {
+  creditorIban: string;
+  creditorBic: string;
+  creditorName: string;
+  debtorIban: string;
+  debtorBic: string;
+  debtorName: string;
+  subject: string;
+  amount: string;
+  currency: string;
+  uid: string;
+  direction: string;
+}
+
+export class LibeufinSandboxService implements LibeufinSandboxServiceInterface {
+  static async create(
+    gc: GlobalTestState,
+    sandboxConfig: LibeufinSandboxConfig,
+  ): Promise<LibeufinSandboxService> {
+    return new LibeufinSandboxService(gc, sandboxConfig);
+  }
+
+  sandboxProc: ProcessWrapper | undefined;
+  globalTestState: GlobalTestState;
+
+  constructor(
+    gc: GlobalTestState,
+    private sandboxConfig: LibeufinSandboxConfig,
+  ) {
+    this.globalTestState = gc;
+  }
+
+  get baseUrl(): string {
+    return `http://localhost:${this.sandboxConfig.httpPort}/`;
+  }
+
+  async start(): Promise<void> {
+    const stdout = await sh(
+      this.globalTestState,
+      "libeufin-sandbox-config",
+      "libeufin-sandbox config localhost",
+      {
+        ...process.env,
+        LIBEUFIN_SANDBOX_DB_CONNECTION: this.sandboxConfig.databaseJdbcUri,
+      },
+    );
+    this.sandboxProc = this.globalTestState.spawnService(
+      "libeufin-sandbox",
+      ["serve", "--port", `${this.sandboxConfig.httpPort}`],
+      "libeufin-sandbox",
+      {
+        ...process.env,
+        LIBEUFIN_SANDBOX_DB_CONNECTION: this.sandboxConfig.databaseJdbcUri,
+        LIBEUFIN_SANDBOX_ADMIN_PASSWORD: "secret",
+      },
+    );
+  }
+
+  async c53tick(): Promise<string> {
+    const stdout = await sh(
+      this.globalTestState,
+      "libeufin-sandbox-c53tick",
+      "libeufin-sandbox camt053tick",
+      {
+        ...process.env,
+        LIBEUFIN_SANDBOX_DB_CONNECTION: this.sandboxConfig.databaseJdbcUri,
+      },
+    );
+    return stdout;
+  }
+
+  async makeTransaction(
+    debit: string,
+    credit: string,
+    amount: string, // $currency:x.y
+    subject: string,): Promise<string> {
+    const stdout = await sh(
+      this.globalTestState,
+      "libeufin-sandbox-maketransfer",
+      `libeufin-sandbox make-transaction --debit-account=${debit} --credit-account=${credit} ${amount} "${subject}"`,
+      {
+        ...process.env,
+        LIBEUFIN_SANDBOX_DB_CONNECTION: this.sandboxConfig.databaseJdbcUri,
+      },
+    );
+    return stdout;
+  }
+
+  async pingUntilAvailable(): Promise<void> {
+    const url = this.baseUrl;
+    await pingProc(this.sandboxProc, url, "libeufin-sandbox");
+  }
+}
+
+export class LibeufinNexusService {
+  static async create(
+    gc: GlobalTestState,
+    nexusConfig: LibeufinNexusConfig,
+  ): Promise<LibeufinNexusService> {
+    return new LibeufinNexusService(gc, nexusConfig);
+  }
+
+  nexusProc: ProcessWrapper | undefined;
+  globalTestState: GlobalTestState;
+
+  constructor(gc: GlobalTestState, private nexusConfig: LibeufinNexusConfig) {
+    this.globalTestState = gc;
+  }
+
+  get baseUrl(): string {
+    return `http://localhost:${this.nexusConfig.httpPort}/`;
+  }
+
+  async start(): Promise<void> {
+    await runCommand(
+      this.globalTestState,
+      "libeufin-nexus-superuser",
+      "libeufin-nexus",
+      ["superuser", "admin", "--password", "test"],
+      {
+        ...process.env,
+        LIBEUFIN_NEXUS_DB_CONNECTION: this.nexusConfig.databaseJdbcUri,
+      },
+    );
+
+    this.nexusProc = this.globalTestState.spawnService(
+      "libeufin-nexus",
+      ["serve", "--port", `${this.nexusConfig.httpPort}`],
+      "libeufin-nexus",
+      {
+        ...process.env,
+        LIBEUFIN_NEXUS_DB_CONNECTION: this.nexusConfig.databaseJdbcUri,
+      },
+    );
+  }
+
+  async pingUntilAvailable(): Promise<void> {
+    const url = `${this.baseUrl}config`;
+    await pingProc(this.nexusProc, url, "libeufin-nexus");
+  }
+
+  async createNexusSuperuser(details: LibeufinNexusUser): Promise<void> {
+    const stdout = await sh(
+      this.globalTestState,
+      "libeufin-nexus",
+      `libeufin-nexus superuser ${details.username} --password=${details.password}`,
+      {
+        ...process.env,
+        LIBEUFIN_NEXUS_DB_CONNECTION: this.nexusConfig.databaseJdbcUri,
+      },
+    );
+    console.log(stdout);
+  }
+}
+
+export interface CreateEbicsSubscriberRequest {
+  hostID: string;
+  userID: string;
+  partnerID: string;
+  systemID?: string;
+}
+
+export interface TwgAddIncomingRequest {
+  amount: string;
+  reserve_pub: string;
+  debit_account: string;
+}
+
+interface CreateEbicsBankAccountRequest {
+  subscriber: {
+    hostID: string;
+    partnerID: string;
+    userID: string;
+    systemID?: string;
+  };
+  // IBAN
+  iban: string;
+  // BIC
+  bic: string;
+  // human name
+  name: string;
+  currency: string;
+  label: string;
+}
+
+export interface SimulateIncomingTransactionRequest {
+  debtorIban: string;
+  debtorBic: string;
+  debtorName: string;
+
+  /**
+   * Subject / unstructured remittance info.
+   */
+  subject: string;
+
+  /**
+   * Decimal amount without currency.
+   */
+  amount: string;
+}
+
+/**
+ * The bundle aims at minimizing the amount of input
+ * data that is required to initialize a new user + Ebics
+ * connection.
+ */
+export class NexusUserBundle {
+  userReq: CreateNexusUserRequest;
+  connReq: CreateEbicsBankConnectionRequest;
+  anastasisReq: CreateAnastasisFacadeRequest;
+  twgReq: CreateTalerWireGatewayFacadeRequest;
+  twgTransferPermission: PostNexusPermissionRequest;
+  twgHistoryPermission: PostNexusPermissionRequest;
+  twgAddIncomingPermission: PostNexusPermissionRequest;
+  localAccountName: string;
+  remoteAccountName: string;
+
+  constructor(salt: string, ebicsURL: string) {
+    this.userReq = {
+      username: `username-${salt}`,
+      password: `password-${salt}`,
+    };
+
+    this.connReq = {
+      name: `connection-${salt}`,
+      ebicsURL: ebicsURL,
+      hostID: `ebicshost,${salt}`,
+      partnerID: `ebicspartner,${salt}`,
+      userID: `ebicsuser,${salt}`,
+    };
+
+    this.twgReq = {
+      currency: "EUR",
+      name: `twg-${salt}`,
+      reserveTransferLevel: "report",
+      accountName: `local-account-${salt}`,
+      connectionName: `connection-${salt}`,
+    };
+    this.anastasisReq = {
+      currency: "EUR",
+      name: `anastasis-${salt}`,
+      reserveTransferLevel: "report",
+      accountName: `local-account-${salt}`,
+      connectionName: `connection-${salt}`,
+    };
+    this.remoteAccountName = `remote-account-${salt}`;
+    this.localAccountName = `local-account-${salt}`;
+    this.twgTransferPermission = {
+      action: "grant",
+      permission: {
+        subjectId: `username-${salt}`,
+        subjectType: "user",
+        resourceType: "facade",
+        resourceId: `twg-${salt}`,
+        permissionName: "facade.talerWireGateway.transfer",
+      },
+    };
+    this.twgHistoryPermission = {
+      action: "grant",
+      permission: {
+        subjectId: `username-${salt}`,
+        subjectType: "user",
+        resourceType: "facade",
+        resourceId: `twg-${salt}`,
+        permissionName: "facade.talerWireGateway.history",
+      },
+    };
+  }
+}
+
+/**
+ * The bundle aims at minimizing the amount of input
+ * data that is required to initialize a new Sandbox
+ * customer, associating their bank account with a Ebics
+ * subscriber.
+ */
+export class SandboxUserBundle {
+  ebicsBankAccount: CreateEbicsBankAccountRequest;
+  constructor(salt: string) {
+    this.ebicsBankAccount = {
+      currency: "EUR",
+      bic: "BELADEBEXXX",
+      iban: getRandomIban("DE"),
+      label: `remote-account-${salt}`,
+      name: `Taler Exchange: ${salt}`,
+      subscriber: {
+        hostID: `ebicshost,${salt}`,
+        partnerID: `ebicspartner,${salt}`,
+        userID: `ebicsuser,${salt}`,
+      },
+    };
+  }
+}
+
+export class LibeufinCli {
+  cliDetails: LibeufinCliDetails;
+  globalTestState: GlobalTestState;
+
+  constructor(gc: GlobalTestState, cd: LibeufinCliDetails) {
+    this.globalTestState = gc;
+    this.cliDetails = cd;
+  }
+
+  env(): any {
+    return {
+      ...process.env,
+      LIBEUFIN_SANDBOX_URL: this.cliDetails.sandboxUrl,
+      LIBEUFIN_SANDBOX_USERNAME: "admin",
+      LIBEUFIN_SANDBOX_PASSWORD: "secret",
+    }
+  }
+
+  async checkSandbox(): Promise<void> {
+    const stdout = await sh(
+      this.globalTestState,
+      "libeufin-cli-checksandbox",
+      "libeufin-cli sandbox check",
+      this.env()
+    );
+  }
+
+  async createEbicsHost(hostId: string): Promise<void> {
+    const stdout = await sh(
+      this.globalTestState,
+      "libeufin-cli-createebicshost",
+      `libeufin-cli sandbox ebicshost create --host-id=${hostId}`,
+      this.env()
+    );
+    console.log(stdout);
+  }
+
+  async createEbicsSubscriber(
+    details: LibeufinEbicsSubscriberDetails,
+  ): Promise<void> {
+    const stdout = await sh(
+      this.globalTestState,
+      "libeufin-cli-createebicssubscriber",
+      "libeufin-cli sandbox ebicssubscriber create" +
+        ` --host-id=${details.hostId}` +
+        ` --partner-id=${details.partnerId}` +
+        ` --user-id=${details.userId}`,
+      this.env()
+    );
+    console.log(stdout);
+  }
+
+  async createEbicsBankAccount(
+    sd: LibeufinEbicsSubscriberDetails,
+    bankAccountDetails: LibeufinBankAccountDetails,
+  ): Promise<void> {
+    const stdout = await sh(
+      this.globalTestState,
+      "libeufin-cli-createebicsbankaccount",
+      "libeufin-cli sandbox ebicsbankaccount create" +
+        ` --currency=${bankAccountDetails.currency}` +
+        ` --iban=${bankAccountDetails.iban}` +
+        ` --bic=${bankAccountDetails.bic}` +
+        ` --person-name='${bankAccountDetails.personName}'` +
+        ` --account-name=${bankAccountDetails.accountName}` +
+        ` --ebics-host-id=${sd.hostId}` +
+        ` --ebics-partner-id=${sd.partnerId}` +
+        ` --ebics-user-id=${sd.userId}`,
+      this.env()
+    );
+    console.log(stdout);
+  }
+
+  async generateTransactions(accountName: string): Promise<void> {
+    const stdout = await sh(
+      this.globalTestState,
+      "libeufin-cli-generatetransactions",
+      `libeufin-cli sandbox bankaccount generate-transactions ${accountName}`,
+      this.env()
+    );
+    console.log(stdout);
+  }
+
+  async showSandboxTransactions(accountName: string): Promise<void> {
+    const stdout = await sh(
+      this.globalTestState,
+      "libeufin-cli-showsandboxtransactions",
+      `libeufin-cli sandbox bankaccount transactions ${accountName}`,
+      this.env()
+    );
+    console.log(stdout);
+  }
+
+  async createEbicsConnection(
+    connectionDetails: LibeufinEbicsConnectionDetails,
+  ): Promise<void> {
+    const stdout = await sh(
+      this.globalTestState,
+      "libeufin-cli-createebicsconnection",
+      `libeufin-cli connections new-ebics-connection` +
+        ` --ebics-url=${connectionDetails.ebicsUrl}` +
+        ` --host-id=${connectionDetails.subscriberDetails.hostId}` +
+        ` --partner-id=${connectionDetails.subscriberDetails.partnerId}` +
+        ` --ebics-user-id=${connectionDetails.subscriberDetails.userId}` +
+        ` ${connectionDetails.connectionName}`,
+      {
+        ...process.env,
+        LIBEUFIN_NEXUS_URL: this.cliDetails.nexusUrl,
+        LIBEUFIN_NEXUS_USERNAME: this.cliDetails.user.username,
+        LIBEUFIN_NEXUS_PASSWORD: this.cliDetails.user.password,
+      },
+    );
+    console.log(stdout);
+  }
+
+  async createBackupFile(details: LibeufinBackupFileDetails): Promise<void> {
+    const stdout = await sh(
+      this.globalTestState,
+      "libeufin-cli-createbackupfile",
+      `libeufin-cli connections export-backup` +
+        ` --passphrase=${details.passphrase}` +
+        ` --output-file=${details.outputFile}` +
+        ` ${details.connectionName}`,
+      {
+        ...process.env,
+        LIBEUFIN_NEXUS_URL: this.cliDetails.nexusUrl,
+        LIBEUFIN_NEXUS_USERNAME: this.cliDetails.user.username,
+        LIBEUFIN_NEXUS_PASSWORD: this.cliDetails.user.password,
+      },
+    );
+    console.log(stdout);
+  }
+
+  async createKeyLetter(details: LibeufinKeyLetterDetails): Promise<void> {
+    const stdout = await sh(
+      this.globalTestState,
+      "libeufin-cli-createkeyletter",
+      `libeufin-cli connections get-key-letter` +
+        ` ${details.connectionName} ${details.outputFile}`,
+      {
+        ...process.env,
+        LIBEUFIN_NEXUS_URL: this.cliDetails.nexusUrl,
+        LIBEUFIN_NEXUS_USERNAME: this.cliDetails.user.username,
+        LIBEUFIN_NEXUS_PASSWORD: this.cliDetails.user.password,
+      },
+    );
+    console.log(stdout);
+  }
+
+  async connect(connectionName: string): Promise<void> {
+    const stdout = await sh(
+      this.globalTestState,
+      "libeufin-cli-connect",
+      `libeufin-cli connections connect ${connectionName}`,
+      {
+        ...process.env,
+        LIBEUFIN_NEXUS_URL: this.cliDetails.nexusUrl,
+        LIBEUFIN_NEXUS_USERNAME: this.cliDetails.user.username,
+        LIBEUFIN_NEXUS_PASSWORD: this.cliDetails.user.password,
+      },
+    );
+    console.log(stdout);
+  }
+
+  async downloadBankAccounts(connectionName: string): Promise<void> {
+    const stdout = await sh(
+      this.globalTestState,
+      "libeufin-cli-downloadbankaccounts",
+      `libeufin-cli connections download-bank-accounts ${connectionName}`,
+      {
+        ...process.env,
+        LIBEUFIN_NEXUS_URL: this.cliDetails.nexusUrl,
+        LIBEUFIN_NEXUS_USERNAME: this.cliDetails.user.username,
+        LIBEUFIN_NEXUS_PASSWORD: this.cliDetails.user.password,
+      },
+    );
+    console.log(stdout);
+  }
+
+  async listOfferedBankAccounts(connectionName: string): Promise<void> {
+    const stdout = await sh(
+      this.globalTestState,
+      "libeufin-cli-listofferedbankaccounts",
+      `libeufin-cli connections list-offered-bank-accounts ${connectionName}`,
+      {
+        ...process.env,
+        LIBEUFIN_NEXUS_URL: this.cliDetails.nexusUrl,
+        LIBEUFIN_NEXUS_USERNAME: this.cliDetails.user.username,
+        LIBEUFIN_NEXUS_PASSWORD: this.cliDetails.user.password,
+      },
+    );
+    console.log(stdout);
+  }
+
+  async importBankAccount(
+    importDetails: LibeufinBankAccountImportDetails,
+  ): Promise<void> {
+    const stdout = await sh(
+      this.globalTestState,
+      "libeufin-cli-importbankaccount",
+      "libeufin-cli connections import-bank-account" +
+        ` --offered-account-id=${importDetails.offeredBankAccountName}` +
+        ` --nexus-bank-account-id=${importDetails.nexusBankAccountName}` +
+        ` ${importDetails.connectionName}`,
+      {
+        ...process.env,
+        LIBEUFIN_NEXUS_URL: this.cliDetails.nexusUrl,
+        LIBEUFIN_NEXUS_USERNAME: this.cliDetails.user.username,
+        LIBEUFIN_NEXUS_PASSWORD: this.cliDetails.user.password,
+      },
+    );
+    console.log(stdout);
+  }
+
+  async fetchTransactions(bankAccountName: string): Promise<void> {
+    const stdout = await sh(
+      this.globalTestState,
+      "libeufin-cli-fetchtransactions",
+      `libeufin-cli accounts fetch-transactions ${bankAccountName}`,
+      {
+        ...process.env,
+        LIBEUFIN_NEXUS_URL: this.cliDetails.nexusUrl,
+        LIBEUFIN_NEXUS_USERNAME: this.cliDetails.user.username,
+        LIBEUFIN_NEXUS_PASSWORD: this.cliDetails.user.password,
+      },
+    );
+    console.log(stdout);
+  }
+
+  async transactions(bankAccountName: string): Promise<void> {
+    const stdout = await sh(
+      this.globalTestState,
+      "libeufin-cli-transactions",
+      `libeufin-cli accounts transactions ${bankAccountName}`,
+      {
+        ...process.env,
+        LIBEUFIN_NEXUS_URL: this.cliDetails.nexusUrl,
+        LIBEUFIN_NEXUS_USERNAME: this.cliDetails.user.username,
+        LIBEUFIN_NEXUS_PASSWORD: this.cliDetails.user.password,
+      },
+    );
+    console.log(stdout);
+  }
+
+  async preparePayment(details: LibeufinPreparedPaymentDetails): Promise<void> {
+    const stdout = await sh(
+      this.globalTestState,
+      "libeufin-cli-preparepayment",
+      `libeufin-cli accounts prepare-payment` +
+        ` --creditor-iban=${details.creditorIban}` +
+        ` --creditor-bic=${details.creditorBic}` +
+        ` --creditor-name='${details.creditorName}'` +
+        ` --payment-subject='${details.subject}'` +
+        ` --payment-amount=${details.currency}:${details.amount}` +
+        ` ${details.nexusBankAccountName}`,
+      {
+        ...process.env,
+        LIBEUFIN_NEXUS_URL: this.cliDetails.nexusUrl,
+        LIBEUFIN_NEXUS_USERNAME: this.cliDetails.user.username,
+        LIBEUFIN_NEXUS_PASSWORD: this.cliDetails.user.password,
+      },
+    );
+    console.log(stdout);
+  }
+
+  async submitPayment(
+    details: LibeufinPreparedPaymentDetails,
+    paymentUuid: string,
+  ): Promise<void> {
+    const stdout = await sh(
+      this.globalTestState,
+      "libeufin-cli-submitpayment",
+      `libeufin-cli accounts submit-payment` +
+        ` --payment-uuid=${paymentUuid}` +
+        ` ${details.nexusBankAccountName}`,
+      {
+        ...process.env,
+        LIBEUFIN_NEXUS_URL: this.cliDetails.nexusUrl,
+        LIBEUFIN_NEXUS_USERNAME: this.cliDetails.user.username,
+        LIBEUFIN_NEXUS_PASSWORD: this.cliDetails.user.password,
+      },
+    );
+    console.log(stdout);
+  }
+
+  async newAnastasisFacade(req: NewAnastasisFacadeReq): Promise<void> {
+    const stdout = await sh(
+      this.globalTestState,
+      "libeufin-cli-new-anastasis-facade",
+      `libeufin-cli facades new-anastasis-facade` +
+        ` --currency ${req.currency}` +
+        ` --facade-name ${req.facadeName}` +
+        ` ${req.connectionName} ${req.accountName}`,
+      {
+        ...process.env,
+        LIBEUFIN_NEXUS_URL: this.cliDetails.nexusUrl,
+        LIBEUFIN_NEXUS_USERNAME: this.cliDetails.user.username,
+        LIBEUFIN_NEXUS_PASSWORD: this.cliDetails.user.password,
+      },
+    );
+    console.log(stdout);
+  }
+
+
+  async newTalerWireGatewayFacade(req: NewTalerWireGatewayReq): Promise<void> {
+    const stdout = await sh(
+      this.globalTestState,
+      "libeufin-cli-new-taler-wire-gateway-facade",
+      `libeufin-cli facades new-taler-wire-gateway-facade` +
+        ` --currency ${req.currency}` +
+        ` --facade-name ${req.facadeName}` +
+        ` ${req.connectionName} ${req.accountName}`,
+      {
+        ...process.env,
+        LIBEUFIN_NEXUS_URL: this.cliDetails.nexusUrl,
+        LIBEUFIN_NEXUS_USERNAME: this.cliDetails.user.username,
+        LIBEUFIN_NEXUS_PASSWORD: this.cliDetails.user.password,
+      },
+    );
+    console.log(stdout);
+  }
+
+  async listFacades(): Promise<void> {
+    const stdout = await sh(
+      this.globalTestState,
+      "libeufin-cli-facades-list",
+      `libeufin-cli facades list`,
+      {
+        ...process.env,
+        LIBEUFIN_NEXUS_URL: this.cliDetails.nexusUrl,
+        LIBEUFIN_NEXUS_USERNAME: this.cliDetails.user.username,
+        LIBEUFIN_NEXUS_PASSWORD: this.cliDetails.user.password,
+      },
+    );
+    console.log(stdout);
+  }
+}
+
+interface NewAnastasisFacadeReq {
+  facadeName: string;
+  connectionName: string;
+  accountName: string;
+  currency: string;
+}
+
+interface NewTalerWireGatewayReq {
+  facadeName: string;
+  connectionName: string;
+  accountName: string;
+  currency: string;
+}
+
+export namespace LibeufinSandboxApi {
+
+  export async function rotateKeys(
+    libeufinSandboxService: LibeufinSandboxServiceInterface,
+    hostID: string,
+  ) {
+    const baseUrl = libeufinSandboxService.baseUrl;
+    let url = new URL(`admin/ebics/hosts/${hostID}/rotate-keys`, baseUrl);
+    await axios.post(url.href, {}, {
+      auth: {
+        username: "admin",
+        password: "secret",
+      },
+    });
+  }
+  export async function createEbicsHost(
+    libeufinSandboxService: LibeufinSandboxServiceInterface,
+    hostID: string,
+  ) {
+    const baseUrl = libeufinSandboxService.baseUrl;
+    let url = new URL("admin/ebics/hosts", baseUrl);
+    await axios.post(url.href, {
+      hostID,
+      ebicsVersion: "2.5",
+    },
+    {
+      auth: {
+        username: "admin",
+        password: "secret",
+      },
+    });
+  }
+
+  export async function createBankAccount(
+    libeufinSandboxService: LibeufinSandboxServiceInterface,
+    req: BankAccountInfo,
+  ) {
+    const baseUrl = libeufinSandboxService.baseUrl;
+    let url = new URL(`admin/bank-accounts/${req.label}`, baseUrl);
+    await axios.post(url.href, req, {
+      auth: {
+        username: "admin",
+        password: "secret",
+      },
+    });
+  }
+
+  export async function createEbicsSubscriber(
+    libeufinSandboxService: LibeufinSandboxServiceInterface,
+    req: CreateEbicsSubscriberRequest,
+  ) {
+    const baseUrl = libeufinSandboxService.baseUrl;
+    let url = new URL("admin/ebics/subscribers", baseUrl);
+    await axios.post(url.href, req, {
+      auth: {
+        username: "admin",
+        password: "secret",
+      },
+    });
+  }
+
+  export async function createEbicsBankAccount(
+    libeufinSandboxService: LibeufinSandboxServiceInterface,
+    req: CreateEbicsBankAccountRequest,
+  ) {
+    const baseUrl = libeufinSandboxService.baseUrl;
+    let url = new URL("admin/ebics/bank-accounts", baseUrl);
+    await axios.post(url.href, req, {
+      auth: {
+        username: "admin",
+        password: "secret",
+      },
+    });
+  }
+
+  export async function bookPayment2(
+    libeufinSandboxService: LibeufinSandboxService,
+    req: LibeufinSandboxAddIncomingRequest,
+  ) {
+    const baseUrl = libeufinSandboxService.baseUrl;
+    let url = new URL("admin/payments", baseUrl);
+    await axios.post(url.href, req, {
+      auth: {
+        username: "admin",
+        password: "secret",
+      },
+    });
+  }
+
+  export async function bookPayment(
+    libeufinSandboxService: LibeufinSandboxService,
+    creditorBundle: SandboxUserBundle,
+    debitorBundle: SandboxUserBundle,
+    subject: string,
+    amount: string,
+    currency: string,
+  ) {
+    let req: LibeufinSandboxAddIncomingRequest = {
+      creditorIban: creditorBundle.ebicsBankAccount.iban,
+      creditorBic: creditorBundle.ebicsBankAccount.bic,
+      creditorName: creditorBundle.ebicsBankAccount.name,
+      debtorIban: debitorBundle.ebicsBankAccount.iban,
+      debtorBic: debitorBundle.ebicsBankAccount.bic,
+      debtorName: debitorBundle.ebicsBankAccount.name,
+      subject: subject,
+      amount: amount,
+      currency: currency,
+      uid: getRandomString(),
+      direction: "CRDT",
+    };
+    await bookPayment2(libeufinSandboxService, req);
+  }
+
+  export async function simulateIncomingTransaction(
+    libeufinSandboxService: LibeufinSandboxServiceInterface,
+    accountLabel: string,
+    req: SimulateIncomingTransactionRequest,
+  ) {
+    const baseUrl = libeufinSandboxService.baseUrl;
+    let url = new URL(
+      `admin/bank-accounts/${accountLabel}/simulate-incoming-transaction`,
+      baseUrl,
+    );
+    await axios.post(url.href, req, {
+      auth: {
+        username: "admin",
+        password: "secret",
+      },
+    });
+  }
+
+  export async function getAccountTransactions(
+    libeufinSandboxService: LibeufinSandboxServiceInterface,
+    accountLabel: string,
+  ): Promise<SandboxAccountTransactions> {
+    const baseUrl = libeufinSandboxService.baseUrl;
+    let url = new URL(
+      `admin/bank-accounts/${accountLabel}/transactions`,
+      baseUrl,
+    );
+    const res = await axios.get(url.href, {
+      auth: {
+        username: "admin",
+        password: "secret",
+      },
+    });
+    return res.data as SandboxAccountTransactions;
+  }
+
+  export async function getCamt053(
+    libeufinSandboxService: LibeufinSandboxServiceInterface,
+    accountLabel: string,
+  ): Promise<any> {
+    const baseUrl = libeufinSandboxService.baseUrl;
+    let url = new URL("admin/payments/camt", baseUrl);
+    return await axios.post(url.href, {
+      bankaccount: accountLabel,
+      type: 53, 
+    },
+    {
+      auth: {
+        username: "admin",
+        password: "secret",
+      },
+    });
+  }
+
+  export async function getAccountInfoWithBalance(
+    libeufinSandboxService: LibeufinSandboxServiceInterface,
+    accountLabel: string,
+  ): Promise<any> {
+    const baseUrl = libeufinSandboxService.baseUrl;
+    let url = new URL(
+      `admin/bank-accounts/${accountLabel}`,
+      baseUrl,
+    );
+    return await axios.get(url.href, {
+      auth: {
+        username: "admin",
+        password: "secret",
+      },
+    });
+  }
+}
+
+export interface SandboxAccountTransactions {
+  payments: {
+    accountLabel: string;
+    creditorIban: string;
+    creditorBic?: string;
+    creditorName: string;
+    debtorIban: string;
+    debtorBic: string;
+    debtorName: string;
+    amount: string;
+    currency: string;
+    subject: string;
+    date: string;
+    creditDebitIndicator: "debit" | "credit";
+    accountServicerReference: string;
+  }[];
+}
+
+export interface CreateEbicsBankConnectionRequest {
+  name: string;
+  ebicsURL: string;
+  hostID: string;
+  userID: string;
+  partnerID: string;
+  systemID?: string;
+}
+
+export interface CreateAnastasisFacadeRequest {
+  name: string;
+  connectionName: string;
+  accountName: string;
+  currency: string;
+  reserveTransferLevel: "report" | "statement" | "notification";
+}
+
+
+export interface CreateTalerWireGatewayFacadeRequest {
+  name: string;
+  connectionName: string;
+  accountName: string;
+  currency: string;
+  reserveTransferLevel: "report" | "statement" | "notification";
+}
+
+export interface UpdateNexusUserRequest {
+  newPassword: string;
+}
+
+export interface NexusAuth {
+  auth: {
+    username: string;
+    password: string;
+  };
+}
+
+export interface CreateNexusUserRequest {
+  username: string;
+  password: string;
+}
+
+export interface PostNexusTaskRequest {
+  name: string;
+  cronspec: string;
+  type: string; // fetch | submit
+  params:
+    | {
+        level: string; // report | statement | all
+        rangeType: string; // all | since-last | previous-days | latest
+      }
+    | {};
+}
+
+export interface PostNexusPermissionRequest {
+  action: "revoke" | "grant";
+  permission: {
+    subjectType: string;
+    subjectId: string;
+    resourceType: string;
+    resourceId: string;
+    permissionName: string;
+  };
+}
+
+export namespace LibeufinNexusApi {
+  export async function getAllConnections(
+    nexus: LibeufinNexusServiceInterface,
+  ): Promise<any> {
+    let url = new URL("bank-connections", nexus.baseUrl);
+    const res = await axios.get(url.href, {
+      auth: {
+        username: "admin",
+        password: "test",
+      },
+    });
+    return res;
+  }
+
+  export async function deleteBankConnection(
+    libeufinNexusService: LibeufinNexusServiceInterface,
+    req: DeleteBankConnectionRequest,
+  ): Promise<any> {
+    const baseUrl = libeufinNexusService.baseUrl;
+    let url = new URL("bank-connections/delete-connection", baseUrl);
+    return await axios.post(url.href, req, {
+      auth: {
+        username: "admin",
+        password: "test",
+      },
+    });
+  }
+
+  export async function createEbicsBankConnection(
+    libeufinNexusService: LibeufinNexusServiceInterface,
+    req: CreateEbicsBankConnectionRequest,
+  ): Promise<void> {
+    const baseUrl = libeufinNexusService.baseUrl;
+    let url = new URL("bank-connections", baseUrl);
+    await axios.post(
+      url.href,
+      {
+        source: "new",
+        type: "ebics",
+        name: req.name,
+        data: {
+          ebicsURL: req.ebicsURL,
+          hostID: req.hostID,
+          userID: req.userID,
+          partnerID: req.partnerID,
+          systemID: req.systemID,
+        },
+      },
+      {
+        auth: {
+          username: "admin",
+          password: "test",
+        },
+      },
+    );
+  }
+
+  export async function getBankAccount(
+    libeufinNexusService: LibeufinNexusServiceInterface,
+    accountName: string,
+  ): Promise<any> {
+    const baseUrl = libeufinNexusService.baseUrl;
+    let url = new URL(
+      `bank-accounts/${accountName}`,
+      baseUrl,
+    );
+    return await axios.get(
+      url.href,
+      {
+        auth: {
+          username: "admin",
+          password: "test",
+        },
+      },
+    );
+  }
+
+
+  export async function submitInitiatedPayment(
+    libeufinNexusService: LibeufinNexusServiceInterface,
+    accountName: string,
+    paymentId: string,
+  ): Promise<void> {
+    const baseUrl = libeufinNexusService.baseUrl;
+    let url = new URL(
+      `bank-accounts/${accountName}/payment-initiations/${paymentId}/submit`,
+      baseUrl,
+    );
+    await axios.post(
+      url.href,
+      {},
+      {
+        auth: {
+          username: "admin",
+          password: "test",
+        },
+      },
+    );
+  }
+
+  export async function fetchAccounts(
+    libeufinNexusService: LibeufinNexusServiceInterface,
+    connectionName: string,
+  ): Promise<void> {
+    const baseUrl = libeufinNexusService.baseUrl;
+    let url = new URL(
+      `bank-connections/${connectionName}/fetch-accounts`,
+      baseUrl,
+    );
+    await axios.post(
+      url.href,
+      {},
+      {
+        auth: {
+          username: "admin",
+          password: "test",
+        },
+      },
+    );
+  }
+
+  export async function importConnectionAccount(
+    libeufinNexusService: LibeufinNexusServiceInterface,
+    connectionName: string,
+    offeredAccountId: string,
+    nexusBankAccountId: string,
+  ): Promise<void> {
+    const baseUrl = libeufinNexusService.baseUrl;
+    let url = new URL(
+      `bank-connections/${connectionName}/import-account`,
+      baseUrl,
+    );
+    await axios.post(
+      url.href,
+      {
+        offeredAccountId,
+        nexusBankAccountId,
+      },
+      {
+        auth: {
+          username: "admin",
+          password: "test",
+        },
+      },
+    );
+  }
+
+  export async function connectBankConnection(
+    libeufinNexusService: LibeufinNexusServiceInterface,
+    connectionName: string,
+  ) {
+    const baseUrl = libeufinNexusService.baseUrl;
+    let url = new URL(`bank-connections/${connectionName}/connect`, baseUrl);
+    await axios.post(
+      url.href,
+      {},
+      {
+        auth: {
+          username: "admin",
+          password: "test",
+        },
+      },
+    );
+  }
+
+  export async function getPaymentInitiations(
+    libeufinNexusService: LibeufinNexusService,
+    accountName: string,
+    username: string = "admin",
+    password: string = "test",
+  ): Promise<void> {
+    const baseUrl = libeufinNexusService.baseUrl;
+    let url = new URL(
+      `/bank-accounts/${accountName}/payment-initiations`,
+      baseUrl,
+    );
+    let response = await axios.get(url.href, {
+      auth: {
+        username: username,
+        password: password,
+      },
+    });
+    console.log(
+      `Payment initiations of: ${accountName}`,
+      JSON.stringify(response.data, null, 2),
+    );
+  }
+
+  export async function getConfig(
+    libeufinNexusService: LibeufinNexusService,
+  ): Promise<void> {
+    const baseUrl = libeufinNexusService.baseUrl;
+    let url = new URL(`/config`, baseUrl);
+    let response = await axios.get(url.href);
+  }
+
+  // Uses the Anastasis API to get a list of transactions.
+  export async function getAnastasisTransactions(
+    libeufinNexusService: LibeufinNexusService,
+    anastasisBaseUrl: string,
+    params: {}, // of the request: {delta: 5, ..}
+    username: string = "admin",
+    password: string = "test",
+  ): Promise<any> {
+    let url = new URL("history/incoming", anastasisBaseUrl);
+    let response = await axios.get(url.href, { params: params,
+      auth: {
+        username: username,
+        password: password,
+      },
+    });
+    return response;
+  }
+
+  // FIXME: this function should return some structured
+  // object that represents a history.
+  export async function getAccountTransactions(
+    libeufinNexusService: LibeufinNexusService,
+    accountName: string,
+    username: string = "admin",
+    password: string = "test",
+  ): Promise<any> {
+    const baseUrl = libeufinNexusService.baseUrl;
+    let url = new URL(`/bank-accounts/${accountName}/transactions`, baseUrl);
+    let response = await axios.get(url.href, {
+      auth: {
+        username: username,
+        password: password,
+      },
+    });
+    return response;
+  }
+
+  export async function fetchTransactions(
+    libeufinNexusService: LibeufinNexusService,
+    accountName: string,
+    rangeType: string = "all",
+    level: string = "report",
+    username: string = "admin",
+    password: string = "test",
+  ): Promise<any> {
+    const baseUrl = libeufinNexusService.baseUrl;
+    let url = new URL(
+      `/bank-accounts/${accountName}/fetch-transactions`,
+      baseUrl,
+    );
+    return await axios.post(
+      url.href,
+      {
+        rangeType: rangeType,
+        level: level,
+      },
+      {
+        auth: {
+          username: username,
+          password: password,
+        },
+      },
+    );
+  }
+
+  export async function changePassword(
+    libeufinNexusService: LibeufinNexusServiceInterface,
+    username: string,
+    req: UpdateNexusUserRequest,
+    auth: NexusAuth,
+  ) {
+    const baseUrl = libeufinNexusService.baseUrl;
+    let url = new URL(`/users/${username}/password`, baseUrl);
+    await axios.post(url.href, req, auth);
+  }
+
+  export async function getUser(
+    libeufinNexusService: LibeufinNexusServiceInterface,
+    auth: NexusAuth,
+  ): Promise<any> {
+    const baseUrl = libeufinNexusService.baseUrl;
+    let url = new URL(`/user`, baseUrl);
+    return await axios.get(url.href, auth);
+  }
+
+  export async function createUser(
+    libeufinNexusService: LibeufinNexusServiceInterface,
+    req: CreateNexusUserRequest,
+  ) {
+    const baseUrl = libeufinNexusService.baseUrl;
+    let url = new URL(`/users`, baseUrl);
+    await axios.post(url.href, req, {
+      auth: {
+        username: "admin",
+        password: "test",
+      },
+    });
+  }
+
+  export async function getAllPermissions(
+    libeufinNexusService: LibeufinNexusServiceInterface,
+  ): Promise<any> {
+    const baseUrl = libeufinNexusService.baseUrl;
+    let url = new URL(`/permissions`, baseUrl);
+    return await axios.get(url.href, {
+      auth: {
+        username: "admin",
+        password: "test",
+      },
+    });
+  }
+
+  export async function postPermission(
+    libeufinNexusService: LibeufinNexusServiceInterface,
+    req: PostNexusPermissionRequest,
+  ) {
+    const baseUrl = libeufinNexusService.baseUrl;
+    let url = new URL(`/permissions`, baseUrl);
+    await axios.post(url.href, req, {
+      auth: {
+        username: "admin",
+        password: "test",
+      },
+    });
+  }
+
+  export async function getTasks(
+    libeufinNexusService: LibeufinNexusServiceInterface,
+    bankAccountName: string,
+    // When void, the request returns the list of all the
+    // tasks under this bank account.
+    taskName: string | void,
+  ): Promise<any> {
+    const baseUrl = libeufinNexusService.baseUrl;
+    let url = new URL(`/bank-accounts/${bankAccountName}/schedule`, baseUrl);
+    if (taskName) url = new URL(taskName, `${url}/`);
+
+    // It's caller's responsibility to interpret the response.
+    return await axios.get(url.href, {
+      auth: {
+        username: "admin",
+        password: "test",
+      },
+    });
+  }
+
+  export async function deleteTask(
+    libeufinNexusService: LibeufinNexusServiceInterface,
+    bankAccountName: string,
+    taskName: string,
+  ) {
+    const baseUrl = libeufinNexusService.baseUrl;
+    let url = new URL(
+      `/bank-accounts/${bankAccountName}/schedule/${taskName}`,
+      baseUrl,
+    );
+    await axios.delete(url.href, {
+      auth: {
+        username: "admin",
+        password: "test",
+      },
+    });
+  }
+
+  export async function postTask(
+    libeufinNexusService: LibeufinNexusServiceInterface,
+    bankAccountName: string,
+    req: PostNexusTaskRequest,
+  ): Promise<any> {
+    const baseUrl = libeufinNexusService.baseUrl;
+    let url = new URL(`/bank-accounts/${bankAccountName}/schedule`, baseUrl);
+    return await axios.post(url.href, req, {
+      auth: {
+        username: "admin",
+        password: "test",
+      },
+    });
+  }
+
+  export async function deleteFacade(
+    libeufinNexusService: LibeufinNexusServiceInterface,
+    facadeName: string,
+  ): Promise<any> {
+    const baseUrl = libeufinNexusService.baseUrl;
+    let url = new URL(`facades/${facadeName}`, baseUrl);
+    return await axios.delete(url.href, {
+      auth: {
+        username: "admin",
+        password: "test",
+      },
+    });
+  }
+
+  export async function getAllFacades(
+    libeufinNexusService: LibeufinNexusServiceInterface,
+  ): Promise<any> {
+    const baseUrl = libeufinNexusService.baseUrl;
+    let url = new URL("facades", baseUrl);
+    return await axios.get(url.href, {
+      auth: {
+        username: "admin",
+        password: "test",
+      },
+    });
+  }
+
+  export async function createAnastasisFacade(
+    libeufinNexusService: LibeufinNexusServiceInterface,
+    req: CreateAnastasisFacadeRequest,
+  ) {
+    const baseUrl = libeufinNexusService.baseUrl;
+    let url = new URL("facades", baseUrl);
+    await axios.post(
+      url.href,
+      {
+        name: req.name,
+        type: "anastasis",
+        config: {
+          bankAccount: req.accountName,
+          bankConnection: req.connectionName,
+          currency: req.currency,
+          reserveTransferLevel: req.reserveTransferLevel,
+        },
+      },
+      {
+        auth: {
+          username: "admin",
+          password: "test",
+        },
+      },
+    );
+  }
+
+  export async function createTwgFacade(
+    libeufinNexusService: LibeufinNexusServiceInterface,
+    req: CreateTalerWireGatewayFacadeRequest,
+  ) {
+    const baseUrl = libeufinNexusService.baseUrl;
+    let url = new URL("facades", baseUrl);
+    await axios.post(
+      url.href,
+      {
+        name: req.name,
+        type: "taler-wire-gateway",
+        config: {
+          bankAccount: req.accountName,
+          bankConnection: req.connectionName,
+          currency: req.currency,
+          reserveTransferLevel: req.reserveTransferLevel,
+        },
+      },
+      {
+        auth: {
+          username: "admin",
+          password: "test",
+        },
+      },
+    );
+  }
+
+  export async function submitAllPaymentInitiations(
+    libeufinNexusService: LibeufinNexusServiceInterface,
+    accountId: string,
+  ) {
+    const baseUrl = libeufinNexusService.baseUrl;
+    let url = new URL(
+      `/bank-accounts/${accountId}/submit-all-payment-initiations`,
+      baseUrl,
+    );
+    await axios.post(
+      url.href,
+      {},
+      {
+        auth: {
+          username: "admin",
+          password: "test",
+        },
+      },
+    );
+  }
+}
+
+/**
+ * Launch Nexus and Sandbox AND creates users / facades / bank accounts /
+ * .. all that's required to start making banking traffic.
+ */
+export async function launchLibeufinServices(
+  t: GlobalTestState,
+  nexusUserBundle: NexusUserBundle[],
+  sandboxUserBundle: SandboxUserBundle[] = [],
+  withFacades: string[] = [], // takes only "twg" and/or "anastasis"
+): Promise<LibeufinServices> {
+  const db = await setupDb(t);
+
+  const libeufinSandbox = await LibeufinSandboxService.create(t, {
+    httpPort: 5010,
+    databaseJdbcUri: `jdbc:sqlite:${t.testDir}/libeufin-sandbox.sqlite3`,
+  });
+
+  await libeufinSandbox.start();
+  await libeufinSandbox.pingUntilAvailable();
+
+  const libeufinNexus = await LibeufinNexusService.create(t, {
+    httpPort: 5011,
+    databaseJdbcUri: `jdbc:sqlite:${t.testDir}/libeufin-nexus.sqlite3`,
+  });
+
+  await libeufinNexus.start();
+  await libeufinNexus.pingUntilAvailable();
+  console.log("Libeufin services launched!");
+
+  for (let sb of sandboxUserBundle) {
+    await LibeufinSandboxApi.createEbicsHost(
+      libeufinSandbox,
+      sb.ebicsBankAccount.subscriber.hostID,
+    );
+    await LibeufinSandboxApi.createEbicsSubscriber(
+      libeufinSandbox,
+      sb.ebicsBankAccount.subscriber,
+    );
+    await LibeufinSandboxApi.createEbicsBankAccount(
+      libeufinSandbox,
+      sb.ebicsBankAccount,
+    );
+  }
+  console.log("Sandbox user(s) / account(s) / subscriber(s): created");
+
+  for (let nb of nexusUserBundle) {
+    await LibeufinNexusApi.createEbicsBankConnection(libeufinNexus, nb.connReq);
+    await LibeufinNexusApi.connectBankConnection(
+      libeufinNexus,
+      nb.connReq.name,
+    );
+    await LibeufinNexusApi.fetchAccounts(libeufinNexus, nb.connReq.name);
+    await LibeufinNexusApi.importConnectionAccount(
+      libeufinNexus,
+      nb.connReq.name,
+      nb.remoteAccountName,
+      nb.localAccountName,
+    );
+    await LibeufinNexusApi.createUser(libeufinNexus, nb.userReq);
+    for (let facade of withFacades) {
+      switch (facade) {
+        case "twg":
+          await LibeufinNexusApi.createTwgFacade(libeufinNexus, nb.twgReq);
+          await LibeufinNexusApi.postPermission(
+            libeufinNexus,
+            nb.twgTransferPermission,
+          );
+          await LibeufinNexusApi.postPermission(
+            libeufinNexus,
+            nb.twgHistoryPermission,
+          );
+	  break;
+        case "anastasis":
+	  await LibeufinNexusApi.createAnastasisFacade(libeufinNexus, nb.anastasisReq);
+      }
+    }
+  }
+  console.log(
+    "Nexus user(s) / connection(s) / facade(s) / permission(s): created",
+  );
+
+  return {
+    commonDb: db,
+    libeufinNexus: libeufinNexus,
+    libeufinSandbox: libeufinSandbox,
+  };
+}
+
+/**
+ * Helper function that searches a payment among
+ * a list, as returned by Nexus.  The key is just
+ * the payment subject.
+ */
+export function findNexusPayment(
+  key: string,
+  payments: LibeufinNexusTransactions,
+): LibeufinNexusMoneyMovement | void {
+  let transactions = payments["transactions"];
+  for (let i = 0; i < transactions.length; i++) {
+    let batches = transactions[i]["batches"];
+    for (let y = 0; y < batches.length; y++) {
+      let movements = batches[y]["batchTransactions"];
+      for (let z = 0; z < movements.length; z++) {
+        let movement = movements[z];
+        if (movement["details"]["unstructuredRemittanceInformation"] == key)
+          return movement;
+      }
+    }
+  }
+}
diff --git a/packages/taler-wallet-cli/src/harness/merchantApiTypes.ts b/packages/taler-wallet-cli/src/harness/merchantApiTypes.ts
new file mode 100644
index 000000000..a93a0ed25
--- /dev/null
+++ b/packages/taler-wallet-cli/src/harness/merchantApiTypes.ts
@@ -0,0 +1,318 @@
+/*
+ This file is part of GNU Taler
+ (C) 2020 Taler Systems S.A.
+
+ GNU Taler is free software; you can redistribute it and/or modify it under the
+ terms of the GNU General Public License as published by the Free Software
+ Foundation; either version 3, or (at your option) any later version.
+
+ GNU Taler is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along with
+ GNU Taler; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
+ */
+
+/**
+ * Test harness for various GNU Taler components.
+ * Also provides a fault-injection proxy.
+ *
+ * @author Florian Dold <dold@taler.net>
+ */
+
+/**
+ * Imports.
+ */
+import {
+  ContractTerms,
+  Duration,
+  Codec,
+  buildCodecForObject,
+  codecForString,
+  codecOptional,
+  codecForConstString,
+  codecForBoolean,
+  codecForNumber,
+  codecForContractTerms,
+  codecForAny,
+  buildCodecForUnion,
+  AmountString,
+  Timestamp,
+  CoinPublicKeyString,
+  EddsaPublicKeyString,
+  codecForAmountString,
+} from "@gnu-taler/taler-util";
+
+export interface PostOrderRequest {
+  // The order must at least contain the minimal
+  // order detail, but can override all
+  order: Partial<ContractTerms>;
+
+  // if set, the backend will then set the refund deadline to the current
+  // time plus the specified delay.
+  refund_delay?: Duration;
+
+  // specifies the payment target preferred by the client. Can be used
+  // to select among the various (active) wire methods supported by the instance.
+  payment_target?: string;
+
+  // FIXME: some fields are missing
+
+  // Should a token for claiming the order be generated?
+  // False can make sense if the ORDER_ID is sufficiently
+  // high entropy to prevent adversarial claims (like it is
+  // if the backend auto-generates one). Default is 'true'.
+  create_token?: boolean;
+}
+
+export type ClaimToken = string;
+
+export interface PostOrderResponse {
+  order_id: string;
+  token?: ClaimToken;
+}
+
+export const codecForPostOrderResponse = (): Codec<PostOrderResponse> =>
+  buildCodecForObject<PostOrderResponse>()
+    .property("order_id", codecForString())
+    .property("token", codecOptional(codecForString()))
+    .build("PostOrderResponse");
+
+export const codecForCheckPaymentPaidResponse = (): Codec<CheckPaymentPaidResponse> =>
+  buildCodecForObject<CheckPaymentPaidResponse>()
+    .property("order_status_url", codecForString())
+    .property("order_status", codecForConstString("paid"))
+    .property("refunded", codecForBoolean())
+    .property("wired", codecForBoolean())
+    .property("deposit_total", codecForAmountString())
+    .property("exchange_ec", codecForNumber())
+    .property("exchange_hc", codecForNumber())
+    .property("refund_amount", codecForAmountString())
+    .property("contract_terms", codecForContractTerms())
+    // FIXME: specify
+    .property("wire_details", codecForAny())
+    .property("wire_reports", codecForAny())
+    .property("refund_details", codecForAny())
+    .build("CheckPaymentPaidResponse");
+
+export const codecForCheckPaymentUnpaidResponse = (): Codec<CheckPaymentUnpaidResponse> =>
+  buildCodecForObject<CheckPaymentUnpaidResponse>()
+    .property("order_status", codecForConstString("unpaid"))
+    .property("taler_pay_uri", codecForString())
+    .property("order_status_url", codecForString())
+    .property("already_paid_order_id", codecOptional(codecForString()))
+    .build("CheckPaymentPaidResponse");
+
+export const codecForCheckPaymentClaimedResponse = (): Codec<CheckPaymentClaimedResponse> =>
+  buildCodecForObject<CheckPaymentClaimedResponse>()
+    .property("order_status", codecForConstString("claimed"))
+    .property("contract_terms", codecForContractTerms())
+    .build("CheckPaymentClaimedResponse");
+
+export const codecForMerchantOrderPrivateStatusResponse = (): Codec<MerchantOrderPrivateStatusResponse> =>
+  buildCodecForUnion<MerchantOrderPrivateStatusResponse>()
+    .discriminateOn("order_status")
+    .alternative("paid", codecForCheckPaymentPaidResponse())
+    .alternative("unpaid", codecForCheckPaymentUnpaidResponse())
+    .alternative("claimed", codecForCheckPaymentClaimedResponse())
+    .build("MerchantOrderPrivateStatusResponse");
+
+export type MerchantOrderPrivateStatusResponse =
+  | CheckPaymentPaidResponse
+  | CheckPaymentUnpaidResponse
+  | CheckPaymentClaimedResponse;
+
+export interface CheckPaymentClaimedResponse {
+  // Wallet claimed the order, but didn't pay yet.
+  order_status: "claimed";
+
+  contract_terms: ContractTerms;
+}
+
+export interface CheckPaymentPaidResponse {
+  // did the customer pay for this contract
+  order_status: "paid";
+
+  // Was the payment refunded (even partially)
+  refunded: boolean;
+
+  // Did the exchange wire us the funds
+  wired: boolean;
+
+  // Total amount the exchange deposited into our bank account
+  // for this contract, excluding fees.
+  deposit_total: AmountString;
+
+  // Numeric error code indicating errors the exchange
+  // encountered tracking the wire transfer for this purchase (before
+  // we even got to specific coin issues).
+  // 0 if there were no issues.
+  exchange_ec: number;
+
+  // HTTP status code returned by the exchange when we asked for
+  // information to track the wire transfer for this purchase.
+  // 0 if there were no issues.
+  exchange_hc: number;
+
+  // Total amount that was refunded, 0 if refunded is false.
+  refund_amount: AmountString;
+
+  // Contract terms
+  contract_terms: ContractTerms;
+
+  // Ihe wire transfer status from the exchange for this order if available, otherwise empty array
+  wire_details: TransactionWireTransfer[];
+
+  // Reports about trouble obtaining wire transfer details, empty array if no trouble were encountered.
+  wire_reports: TransactionWireReport[];
+
+  // The refund details for this order.  One entry per
+  // refunded coin; empty array if there are no refunds.
+  refund_details: RefundDetails[];
+
+  order_status_url: string;
+}
+
+export interface CheckPaymentUnpaidResponse {
+  order_status: "unpaid";
+
+  // URI that the wallet must process to complete the payment.
+  taler_pay_uri: string;
+
+  order_status_url: string;
+
+  // Alternative order ID which was paid for already in the same session.
+  // Only given if the same product was purchased before in the same session.
+  already_paid_order_id?: string;
+
+  // We do we NOT return the contract terms here because they may not
+  // exist in case the wallet did not yet claim them.
+}
+
+export interface RefundDetails {
+  // Reason given for the refund
+  reason: string;
+
+  // when was the refund approved
+  timestamp: Timestamp;
+
+  // Total amount that was refunded (minus a refund fee).
+  amount: AmountString;
+}
+
+export interface TransactionWireTransfer {
+  // Responsible exchange
+  exchange_url: string;
+
+  // 32-byte wire transfer identifier
+  wtid: string;
+
+  // execution time of the wire transfer
+  execution_time: Timestamp;
+
+  // Total amount that has been wire transferred
+  // to the merchant
+  amount: AmountString;
+
+  // Was this transfer confirmed by the merchant via the
+  // POST /transfers API, or is it merely claimed by the exchange?
+  confirmed: boolean;
+}
+
+export interface TransactionWireReport {
+  // Numerical error code
+  code: number;
+
+  // Human-readable error description
+  hint: string;
+
+  // Numerical error code from the exchange.
+  exchange_ec: number;
+
+  // HTTP status code received from the exchange.
+  exchange_hc: number;
+
+  // Public key of the coin for which we got the exchange error.
+  coin_pub: CoinPublicKeyString;
+}
+
+export interface TippingReserveStatus {
+  // Array of all known reserves (possibly empty!)
+  reserves: ReserveStatusEntry[];
+}
+
+export interface ReserveStatusEntry {
+  // Public key of the reserve
+  reserve_pub: string;
+
+  // Timestamp when it was established
+  creation_time: Timestamp;
+
+  // Timestamp when it expires
+  expiration_time: Timestamp;
+
+  // Initial amount as per reserve creation call
+  merchant_initial_amount: AmountString;
+
+  // Initial amount as per exchange, 0 if exchange did
+  // not confirm reserve creation yet.
+  exchange_initial_amount: AmountString;
+
+  // Amount picked up so far.
+  pickup_amount: AmountString;
+
+  // Amount approved for tips that exceeds the pickup_amount.
+  committed_amount: AmountString;
+
+  // Is this reserve active (false if it was deleted but not purged)
+  active: boolean;
+}
+
+export interface TipCreateConfirmation {
+  // Unique tip identifier for the tip that was created.
+  tip_id: string;
+
+  // taler://tip URI for the tip
+  taler_tip_uri: string;
+
+  // URL that will directly trigger processing
+  // the tip when the browser is redirected to it
+  tip_status_url: string;
+
+  // when does the tip expire
+  tip_expiration: Timestamp;
+}
+
+export interface TipCreateRequest {
+  // Amount that the customer should be tipped
+  amount: AmountString;
+
+  // Justification for giving the tip
+  justification: string;
+
+  // URL that the user should be directed to after tipping,
+  // will be included in the tip_token.
+  next_url: string;
+}
+
+export interface MerchantInstancesResponse {
+  // List of instances that are present in the backend (see Instance)
+  instances: MerchantInstanceDetail[];
+}
+
+export interface MerchantInstanceDetail {
+  // Merchant name corresponding to this instance.
+  name: string;
+
+  // Merchant instance this response is about ($INSTANCE)
+  id: string;
+
+  // Public key of the merchant/instance, in Crockford Base32 encoding.
+  merchant_pub: EddsaPublicKeyString;
+
+  // List of the payment targets supported by this instance. Clients can
+  // specify the desired payment target in /order requests.  Note that
+  // front-ends do not have to support wallets selecting payment targets.
+  payment_targets: string[];
+}
diff --git a/packages/taler-wallet-cli/src/harness/sync.ts b/packages/taler-wallet-cli/src/harness/sync.ts
new file mode 100644
index 000000000..16be89eff
--- /dev/null
+++ b/packages/taler-wallet-cli/src/harness/sync.ts
@@ -0,0 +1,118 @@
+/*
+ This file is part of GNU Taler
+ (C) 2021 Taler Systems S.A.
+
+ GNU Taler is free software; you can redistribute it and/or modify it under the
+ terms of the GNU General Public License as published by the Free Software
+ Foundation; either version 3, or (at your option) any later version.
+
+ GNU Taler is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along with
+ GNU Taler; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
+ */
+
+/**
+ * Imports.
+ */
+import { URL } from "@gnu-taler/taler-util";
+import * as fs from "fs";
+import * as util from "util";
+import {
+  GlobalTestState,
+  pingProc,
+  ProcessWrapper,
+} from "../harness/harness.js";
+import { Configuration } from "@gnu-taler/taler-util";
+
+const exec = util.promisify(require("child_process").exec);
+
+export interface SyncConfig {
+  /**
+   * Human-readable name used in the test harness logs.
+   */
+  name: string;
+
+  httpPort: number;
+
+  /**
+   * Database connection string (only postgres is supported).
+   */
+  database: string;
+
+  annualFee: string;
+
+  currency: string;
+
+  uploadLimitMb: number;
+
+  /**
+   * Fulfillment URL used for contract terms related to
+   * sync.
+   */
+  fulfillmentUrl: string;
+
+  paymentBackendUrl: string;
+}
+
+function setSyncPaths(config: Configuration, home: string) {
+  config.setString("paths", "sync_home", home);
+  // We need to make sure that the path of taler_runtime_dir isn't too long,
+  // as it contains unix domain sockets (108 character limit).
+  const runDir = fs.mkdtempSync("/tmp/taler-test-");
+  config.setString("paths", "sync_runtime_dir", runDir);
+  config.setString("paths", "sync_data_home", "$SYNC_HOME/.local/share/sync/");
+  config.setString("paths", "sync_config_home", "$SYNC_HOME/.config/sync/");
+  config.setString("paths", "sync_cache_home", "$SYNC_HOME/.config/sync/");
+}
+
+export class SyncService {
+  static async create(
+    gc: GlobalTestState,
+    sc: SyncConfig,
+  ): Promise<SyncService> {
+    const config = new Configuration();
+
+    const cfgFilename = gc.testDir + `/sync-${sc.name}.conf`;
+    setSyncPaths(config, gc.testDir + "/synchome");
+    config.setString("taler", "currency", sc.currency);
+    config.setString("sync", "serve", "tcp");
+    config.setString("sync", "port", `${sc.httpPort}`);
+    config.setString("sync", "db", "postgres");
+    config.setString("syncdb-postgres", "config", sc.database);
+    config.setString("sync", "payment_backend_url", sc.paymentBackendUrl);
+    config.setString("sync", "upload_limit_mb", `${sc.uploadLimitMb}`);
+    config.write(cfgFilename);
+
+    return new SyncService(gc, sc, cfgFilename);
+  }
+
+  proc: ProcessWrapper | undefined;
+
+  get baseUrl(): string {
+    return `http://localhost:${this.syncConfig.httpPort}/`;
+  }
+
+  async start(): Promise<void> {
+    await exec(`sync-dbinit -c "${this.configFilename}"`);
+
+    this.proc = this.globalState.spawnService(
+      "sync-httpd",
+      ["-LDEBUG", "-c", this.configFilename],
+      `sync-${this.syncConfig.name}`,
+    );
+  }
+
+  async pingUntilAvailable(): Promise<void> {
+    const url = new URL("config", this.baseUrl).href;
+    await pingProc(this.proc, url, "sync");
+  }
+
+  constructor(
+    private globalState: GlobalTestState,
+    private syncConfig: SyncConfig,
+    private configFilename: string,
+  ) {}
+}