-fix memory leak

-typos
-cleanup signatures
2023-05-01 20:59:03 +02:00 · 2023-05-01 20:19:51 +02:00 · 2023-05-01 14:22:18 +02:00 · 2023-05-01 14:12:38 +02:00 · 2023-05-01 14:05:58 +02:00 · 2023-04-25 23:19:18 +02:00
933 changed files with 86478 additions and 33915 deletions
--- a/.gitignore
+++ b/.gitignore
@ -166,3 +166,5 @@ src/exchange/taler-exchange-drain
 src/kyclogic/taler-exchange-kyc-tester
 src/auditor/exchange-httpd-drain.err
 src/templating/libmustach.a
+contrib/tos/conf.py
+contrib/pp/conf.py
--- a/.gitmodules
+++ b/.gitmodules
@ -7,4 +7,4 @@
 	branch = prebuilt
 [submodule "contrib/gana"]
 	path = contrib/gana
-	url = https://git.gnunet.org/git/gana.git
+	url = https://git.gnunet.org/gana.git
--- a/6
+++ b/6
@ -1,3 +1,9 @@
+Sat Nov  5 11:32:45 AM CET 2022
+    Added support for P2P payments.
+    Added support for explicit reserve lifetime control.
+    Added support for age restrictions.
+    Releasing GNU Taler Exchange 0.9.0. -CG
+
 Fri 03 Sep 2021 07:02:05 PM CEST
    Add experimental aggregator sharding logic. -CG

--- a/100
+++ b/100
@ -13,15 +13,14 @@ spend their digital coins.  Naturally, each Merchant is different, but
 Taler includes code examples to help Merchants integrate Taler as a
 payment system.

-Taler is currently developed by a worldwide group of independent free
-software developers and the DECENTRALISE team at Inria Rennes.  Taler
-is free software and a GNU package (https://www.gnu.org/).
+Taler is currently developed by a worldwide group of independent free software
+developers and Taler Systems SA.  Taler is free software and an official GNU
+package (https://www.gnu.org/).

-This is an alpha release with a few known bugs, lacking a few
-important features, documentation, testing, performance tuning and an
-external security audit.  However, you can run the code and it largely
-works fine.  that does not work yet.  This package also only includes
-the Taler exchange, not the other components of the system.
+This is an alpha release with a few known bugs, lacking a few important
+features, documentation, testing, performance tuning and an external security
+audit.  However, you can run the code and it largely works fine.  This package
+also only includes the Taler exchange, not the other components of the system.

 Documentation about Taler can be found at https://taler.net/.
 Our bug tracker is at https://bugs.taler.net/.
@ -63,7 +62,7 @@ src/pq/
  -- Postgres-specific utility functions

 src/exchangedb/
-  -- Exchange database backend (with DB-specific plugins)
+  -- Exchange database backend (with database-specific plugins)

 src/exchange/
  -- taler exchange server
@ -71,71 +70,50 @@ src/exchange/
 src/exchange-tools/
  -- taler exchange helper programs

-src/exchange-lib/
+src/lib/
  -- libtalerexchange: C API to issue HTTP requests to exchange

 src/auditor/
  -- tools to generate reports about financial performance and
     to validate that the exchange has been operating correctly

+src/auditordb/
+  -- database logic for the auditor component (with database-specific
+     plugins)
+
 src/benchmark/
  -- tool to run performance measurements

+src/templating/
+  -- logic to generate HTML pages from templates at runtime
+
+src/kyclogic/
+  -- core logic and plugins to trigger and manage KYC processes
+     as required by banking regulation
+
+src/bank-lib/
+  -- bank REST client logic and implementation of an in-memory
+     RTGS emulator ("fakebank") for testing.
+
+src/extensions/
+  -- extensions to the core logic of an exchange
+
+src/json/
+  -- helper functions for generating and parsing JSON
+
+src/mhd/
+  -- helper functions for interacting with GNU libmicrohttpd
+
+src/curl/
+  -- helper functions for interacting with libcurl


 Getting Started
 ===============

-The following steps illustrate how to set up a exchange HTTP server.
-They take as a stub for configuring the exchange the content of 'contrib/exchange-template/config/'.
+Please follow the exchange manual you can view after
+installing using

-1) Create a 'test/' directory and copy the stubs in it:
+$ info taler-exchange

-mkdir -p test/config/
-cp exchange/contrib/exchange-template/config/* test/config/
-cd test/
-
-2) Create the exchange's master with the tool 'gnunet-ecc':
-
-gnunet-ecc -g1 master.priv
-
-3) Edit config/exchange-common.conf by replacing the right value on the line with the
-MASTER_PUBLIC_KEY entry with the fresh generated (ASCII version of) master.priv.
-This ASCII version is obtained by issuing:
-
-gnunet-ecc -p master.priv
-
-4) Generate other exchange related keys ('denomination' and 'signing' keys), by issuing:
-
-taler-exchange-keyup -m master.priv -o auditor.in
-
-5) A exchange needs a database to operate, so the following instructions relate to
-how to set up PostgreSQL. On debian, the two packages needed are:
-
-* postgresql
-* postgresql-client
-
-For other operating systems, please refer to the relevant documentation.
-
-In this settlement, the exchange will use a database called 'talercheck' and will
-run under the username through which 'taler-exchange-httpd' is launched. Thus assuming
-that this user is 'demo', we need to create a 'demo' role for postgresql and make
-him the owner of 'talercheck' database.
-
-To perform these administrative tasks we have to impersonate the 'postgres' (by default,
-postgres installation assigns privileges to such a user) user, then connect to the running DBMS.
-Issue the following:
-
-su # give your root password
-su - postgres
-psql # this is the command-line client to the DMBS
-# the following lines are SQL
-CREATE USER demo;
-CREATE DATABASE talercheck OWNER demo;
-# quit with CTRL-D
-
-7) If any previous step has been successful, it is now possbile to start up the
-exchange web server (by default it will listen on port 4241); issue:
-
-
-taler-exchange-httpd -d `pwd` # assuming we did not move outside of the 'test' directory
+or by visiting https://docs.taler.net/.
--- a/6
+++ b/6
@ -8,6 +8,12 @@ if ! git --version >/dev/null; then
  exit 1
 fi

+if ! htmlark --version >/dev/null; then
+  echo "htmlark not installed"
+  echo "Run 'pip install htmlark'"
+  exit 1
+fi
+

 echo "$0: Updating submodules"
 echo | git submodule update --init
--- a/configure.ac
+++ b/configure.ac
@ -2,7 +2,7 @@
 # Process this file with autoconf to produce a configure script.
 #
 #  This file is part of TALER
-#  Copyright (C) 2014-2021 Taler Systems SA
+#  Copyright (C) 2014-2023 Taler Systems SA
 #
 #  TALER is free software; you can redistribute it and/or modify it under the
 #  terms of the GNU General Public License as published by the Free Software
@ -17,7 +17,7 @@
 #
 #
 AC_PREREQ([2.69])
-AC_INIT([taler-exchange],[0.8.5],[taler-bug@gnunet.org])
+AC_INIT([taler-exchange],[0.9.2],[taler-bug@gnunet.org])
 AC_CONFIG_AUX_DIR([build-aux])
 AC_CONFIG_SRCDIR([src/util/util.c])
 AC_CONFIG_HEADERS([taler_config.h])
@ -63,6 +63,13 @@ AS_IF([test "x$doc_only" != xyes],[
 # Force some CFLAGS
 CFLAGS="-Wall -Wno-address-of-packed-member $CFLAGS"

+TALER_LIB_LDFLAGS="-export-dynamic -no-undefined"
+TALER_PLUGIN_LDFLAGS="-export-dynamic -avoid-version -module -no-undefined"
+
+AC_SUBST(TALER_LIB_LDFLAGS)
+AC_SUBST(TALER_PLUGIN_LDFLAGS)
+
+
 # Checks for header files.
 AC_CHECK_HEADERS([stdint.h stdlib.h string.h unistd.h sys/socket.h sys/un.h netinet/in.h netinet/ip.h])

@ -76,6 +83,7 @@ AC_DEFINE_UNQUOTED([NEED_LIBGCRYPT_VERSION], ["$need_libgcrypt_version"],
 AM_PATH_LIBGCRYPT([$need_libgcrypt_version])


+
 # should expensive tests be run?
 AC_MSG_CHECKING(whether to run expensive tests)
 AC_ARG_ENABLE([expensivetests],
@ -133,20 +141,12 @@ AS_CASE([$with_gnunet],
        [no], [AC_MSG_ERROR([--with-gnunet is required])],
        [LDFLAGS="-L$with_gnunet/lib $LDFLAGS"
         CPPFLAGS="-I$with_gnunet/include $CPPFLAGS"])
-AC_CHECK_HEADERS([gnunet/platform.h gnunet/gnunet_util_lib.h],
- [AC_CHECK_LIB([gnunetutil], [GNUNET_SCHEDULER_run], libgnunetutil=1)],
-  [], [#ifdef HAVE_GNUNET_PLATFORM_H
-        #include <gnunet/platform.h>
-       #endif
-        #include <gnunet/gnunet_common.h>
-       #if GNUNET_UTIL_VERSION < 0x00A0104
-        #fail libgnunetutil is too old
-       #endif])
+AC_CHECK_HEADERS([gnunet/gnunet_util_lib.h],
+ [AC_CHECK_LIB([gnunetutil], [GNUNET_SCHEDULER_run], libgnunetutil=1)])
 AS_IF([test $libgnunetutil != 1],
  [AC_MSG_ERROR([[
 ***
-*** You need libgnunetutil > 0.14.0 to build this program.
-*** (Yes, ">", libgnunetutil 0.14.0 is NOT enough.)
+*** You need libgnunetutil >= 0.19.0 to build this program.
 *** This library is part of GNUnet, available at
 ***   https://gnunet.org
 *** ]])])
@ -165,11 +165,8 @@ AS_CASE([$with_gnunet],
        [no], [AC_MSG_ERROR([--with-gnunet is required])],
        [LDFLAGS="-L$with_gnunet/lib $LDFLAGS"
         CPPFLAGS="-I$with_gnunet/include $CPPFLAGS"])
-AC_CHECK_HEADERS([gnunet/platform.h gnunet/gnunet_json_lib.h],
- [AC_CHECK_LIB([gnunetjson], [GNUNET_JSON_parse], libgnunetjson=1)],
-  [], [#ifdef HAVE_GNUNET_PLATFORM_H
-        #include <gnunet/platform.h>
-       #endif])
+AC_CHECK_HEADERS([gnunet/gnunet_json_lib.h],
+ [AC_CHECK_LIB([gnunetjson], [GNUNET_JSON_parse], libgnunetjson=1)])
 AS_IF([test $libgnunetjson != 1],
  [AC_MSG_ERROR([[
 ***
@ -231,11 +228,8 @@ AS_CASE([$with_gnunet],
        [no], [AC_MSG_ERROR([--with-gnunet is required])],
        [LDFLAGS="-L$with_gnunet/lib $LDFLAGS"
         CPPFLAGS="-I$with_gnunet/include $CPPFLAGS"])
-AC_CHECK_HEADERS([gnunet/platform.h gnunet/gnunet_curl_lib.h],
- [AC_CHECK_LIB([gnunetcurl], [GNUNET_CURL_get_select_info], libgnunetcurl=1)],
-  [], [#ifdef HAVE_GNUNET_PLATFORM_H
-        #include <gnunet/platform.h>
-       #endif])
+AC_CHECK_HEADERS([gnunet/gnunet_curl_lib.h],
+ [AC_CHECK_LIB([gnunetcurl], [GNUNET_CURL_get_select_info], libgnunetcurl=1)])
 AS_IF([test $libgnunetcurl != 1],
  [AC_MSG_ERROR([[
 ***
@ -250,6 +244,21 @@ CFLAGS=$CFLAGS_SAVE
 LDFLAGS=$LDFLAGS_SAVE
 LIBS=$LIBS_SAVE

+# test for postgres
+AX_LIB_POSTGRESQL([13.0])
+AS_IF([test "x$found_postgresql" = "xyes"],
+  [SAVE_CPPFLAGS="$CPPFLAGS"
+   CPPFLAGS="$POSTGRES_CPPFLAGS $CPPFLAGS"
+   AC_CHECK_HEADERS([libpq-fe.h], [postgres=1], [postgres=0])])
+AS_IF([test "x$postgres" != "x1"],
+  [AC_MSG_ERROR([[
+***
+*** You need libpq(-dev) >= 13.0 to build this program.
+*** ]])])
+AM_CONDITIONAL([HAVE_POSTGRESQL], [test "x$postgres" = "x1"])
+AC_DEFINE_UNQUOTED([HAVE_POSTGRESQL], [$postgres],
+                   [Define to 1 if Postgres is available])
+
 # Check for GNUnet's libgnunetpq.
 libgnunetpq=0
 AC_MSG_CHECKING([for libgnunetpq])
@ -262,12 +271,10 @@ AS_CASE([$with_gnunet],
        [yes], [],
        [no], [AC_MSG_ERROR([--with-gnunet is required])],
        [LDFLAGS="-L$with_gnunet/lib $LDFLAGS"
-         CPPFLAGS="-I$with_gnunet/include $CPPFLAGS"])
-AC_CHECK_HEADERS([gnunet/platform.h gnunet/gnunet_pq_lib.h],
- [AC_CHECK_LIB([gnunetpq], [GNUNET_PQ_result_spec_string], libgnunetpq=1)],
-  [], [#ifdef HAVE_GNUNET_PLATFORM_H
-        #include <gnunet/platform.h>
-       #endif])
+         CPPFLAGS="-I$with_gnunet/include ${CPPFLAGS}"])
+CPPFLAGS="${CPPFLAGS} ${POSTGRESQL_CPPFLAGS}"
+AC_CHECK_HEADERS([gnunet/gnunet_pq_lib.h],
+ [AC_CHECK_LIB([gnunetpq], [GNUNET_PQ_result_spec_string], libgnunetpq=1)])
 AS_IF([test $libgnunetpq != 1],
  [AC_MSG_ERROR([[
 ***
@ -277,15 +284,15 @@ AS_IF([test $libgnunetpq != 1],
 *** is recent!)
 *** ]])])

+CFLAGS_SAVE=$CFLAGS
+LDFLAGS_SAVE=$LDFLAGS
+LIBS_SAVE="$LIBS"

 # Check for GNUnet's libgnunetsq
 libgnunetsq=0
 AC_MSG_CHECKING([for libgnunetsq])
 AC_CHECK_HEADERS([gnunet/gnunet_sq_lib.h],
- [AC_CHECK_LIB([gnunetsq], [GNUNET_SQ_result_spec_string], libgnunetsq=1)],
-  [], [#ifdef HAVE_GNUNET_PLATFORM_H
-        #include <gnunet/platform.h>
-       #endif])
+ [AC_CHECK_LIB([gnunetsq], [GNUNET_SQ_result_spec_string], libgnunetsq=1)])


 # check for libmicrohttpd
@ -324,22 +331,6 @@ AS_IF([test $jansson = 0],
 *** ]])])


-# test for postgres
-AX_LIB_POSTGRESQL([13.0])
-AS_IF([test "x$found_postgresql" = "xyes"],[postgres=true])
-
-TALER_LIB_LDFLAGS="-export-dynamic -no-undefined"
-TALER_PLUGIN_LDFLAGS="-export-dynamic -avoid-version -module -no-undefined"
-
-AC_SUBST(TALER_LIB_LDFLAGS)
-AC_SUBST(TALER_PLUGIN_LDFLAGS)
-
-CFLAGS_SAVE=$CFLAGS
-LDFLAGS_SAVE=$LDFLAGS
-LIBS_SAVE="$LIBS"
-
-
-AM_CONDITIONAL(HAVE_POSTGRESQL, test x$postgres = xtrue)

 CFLAGS=$CFLAGS_SAVE
 LDFLAGS=$LDFLAGS_SAVE
@ -389,10 +380,7 @@ AS_CASE([$with_twister],
         CPPFLAGS="-I$with_twister/include $CPPFLAGS"])

 AC_CHECK_HEADERS([taler/taler_twister_service.h],
- [AC_CHECK_LIB([talertwister], [TALER_TWISTER_connect], talertwister=1)],
-   [], [#ifdef HAVE_GNUNET_PLATFORM_H
-        #include <gnunet/platform.h>
-       #endif])
+ [AC_CHECK_LIB([talertwister], [TALER_TWISTER_connect], talertwister=1)])
 AM_CONDITIONAL(HAVE_TWISTER, test x$talertwister = x1)

 # should developer logic be compiled (not-for-production code)?
@ -532,6 +520,7 @@ AC_CONFIG_FILES([Makefile
                 src/exchangedb/Makefile
                 src/exchange-tools/Makefile
                 src/extensions/Makefile
+                 src/extensions/age_restriction/Makefile
                 src/lib/Makefile
                 src/kyclogic/Makefile
                 src/testing/Makefile
--- a/contrib/Makefile.am
+++ b/contrib/Makefile.am
@ -25,18 +25,20 @@ ppendir=$(datadir)/taler/exchange/pp/en
 rdatadir=$(datadir)/taler/exchange

 tosen_DATA = \
-  tos/en/0.txt \
-  tos/en/0.pdf \
-  tos/en/0.epub \
-  tos/en/0.xml \
-  tos/en/0.html
+  tos/en/*.txt \
+  tos/en/*.md \
+  tos/en/*.pdf \
+  tos/en/*.epub \
+  tos/en/*.xml \
+  tos/en/*.html

 ppen_DATA = \
-  pp/en/0.txt \
-  pp/en/0.pdf \
-  pp/en/0.epub \
-  pp/en/0.xml \
-  pp/en/0.html
+  pp/en/*.txt \
+  pp/en/*.md \
+  pp/en/*.pdf \
+  pp/en/*.epub \
+  pp/en/*.xml \
+  pp/en/*.html

 rdata_DATA = \
  auditor-report.tex.j2
@ -56,13 +58,14 @@ EXTRA_DIST = \
  gana/gnu-taler-error-codes/Makefile \
  tos/Makefile \
  tos/README \
-  tos/tos.rst \
-  tos/conf.py \
+  tos/bfh-v0.rst \
+  tos/tos-v0.rst \
+  tos/conf.py.in \
  tos/locale/de/LC_MESSAGES/tos.po \
  pp/Makefile \
  pp/README \
-  pp/pp.rst \
-  pp/conf.py \
+  pp/pp-v0.rst \
+  pp/conf.py.in \
  pp/locale/de/LC_MESSAGES/pp.po \
  $(rdata_DATA) \
  coverage.sh \
@ -75,10 +78,10 @@ TOS_LANGUAGES="en de"
 PP_LANGUAGES="en de"

 # Change the terms-of-service version (Etag) to generate here!
-# This value should be incremented whenever there is a substantive
+# This value should be modified whenever there is a substantive
 # change in the original text (but not for the translations).
-TOS_VERSION=0
-PP_VERSION=0
+TOS_VERSION=tos-v0
+PP_VERSION=pp-v0

 update-tos:
 	VERSION=$(TOS_VERSION) ./update-tos.sh $(TOS_LANGUAGES)
--- a/contrib/auditor-report.tex.j2
+++ b/contrib/auditor-report.tex.j2
@ -140,9 +140,9 @@ In that time, the wire auditor processed the following table ranges:
 \end{center}

 The total credits to the exchange processed in
-this audit run was {\bf {{ wire.total_wire_in }}.
+this audit run was {\bf {{ wire.total_wire_in }}}.
 The total debits initiated by the exchange processed in
-this audit run was {\bf {{ wire.total_wire_out }}.
+this audit run was {\bf {{ wire.total_wire_out }}}.

 \section{Operations}

@ -169,9 +169,8 @@ Loss (actualized risk from recoups) is
 {\bf {{ coins.total_recoup_loss }}}.

 \noindent
-Recoups of non-revoked coins are at
-{\bf {{ coins.total_irregular_recoups }}} (coins)
-plus {\bf {{ reserves.total_irregular_recoups }}} (reserves).
+Losses from irregular reserve operations are at
+{\bf {{ reserves.total_irregular_loss }}} (reserves).

 \section{Income}

@ -613,7 +612,7 @@ compromise resulting in proportional financial losses to the exchange.
 \endfoot
  \hline
  {\bf Total loss} &
-  {{ reserves.total_loss_balance_insufficient }} \\
+  {{ reserves.total_irregular_loss }} \\
  \caption{Reserves with withdrawals higher than reserve funding.}
  \label{table:reserve:balance_insufficient}
 \endlastfoot
@ -782,7 +781,7 @@ invalid and the amount involved should be considered lost.
 \endfoot
  \hline
  \multicolumn{2}{l}{ {\bf Total losses} } &
-  {\bf {{ coins.total_bad_sig_loss}} } \\
+  {\bf {{ coins.irregular_loss}} } \\
  \caption{Losses from operations performed on coins without proper signatures.}
  \label{table:bad_signature_losses}
 \endlastfoot
--- a/contrib/gana
+++ b/contrib/gana
@ -1 +1 @@
-Subproject commit 58a94dc411d8ec0f23c5364c37719e90bb9ad8a9
+Subproject commit bd4e73b2ed06269fdee42eaad21acb5be8be9302
--- a/contrib/microhttpd.tag
+++ b/contrib/microhttpd.tag
@ -46,6 +46,12 @@
      <anchorfile>microhttpd.h</anchorfile>
      <arglist></arglist>
    </member>
+    <member kind="define">
+      <type>#define</type>
+      <name>MHD_HTTP_CONTENT_TOO_LARGE</name>
+      <anchorfile>microhttpd.h</anchorfile>
+      <arglist></arglist>
+    </member>
    <member kind="define">
      <type>#define</type>
      <name>MHD_HTTP_REQUEST_TIMEOUT</name>
--- a/contrib/pp/conf.py.in
+++ b/contrib/pp/conf.py.in
@ -1,6 +1,6 @@
 """
  This file is part of GNU TALER.
-  Copyright (C) 2014-2020 Taler Systems SA
+  Copyright (C) 2014-2022 Taler Systems SA

  TALER is free software; you can redistribute it and/or modify it under the
  terms of the GNU Lesser General Public License as published by the Free Software
@ -68,20 +68,20 @@ source_suffix = {
 #source_encoding = 'utf-8-sig'

 # The master toctree document.
-master_doc = 'pp'
+master_doc = '%VERSION%'

 # General information about the project.
-project = u'pp'
-copyright = u'2014-2020 Taler Systems SA (GPLv3+ or GFDL 1.3+)'
+project = u'%VERSION%'
+copyright = u'2014-2022 Taler Systems SA (GPLv3+ or GFDL 1.3+)'

 # The version info for the project you're documenting, acts as replacement for
 # |version| and |release|, also used in various other places throughout the
 # built documents.
 #
 # The short X.Y version.
-version = '0'
+version = '%VERSION%'
 # The full version, including alpha/beta/rc tags.
-release = '0'
+release = '%VERSION%'

 # The language for content autogenerated by Sphinx. Refer to documentation
 # for a list of supported languages.
@ -192,7 +192,7 @@ html_short_title = "Privacy Policy"
 #html_domain_indices = True

 # If false, no index is generated.
-#html_use_index = True
+html_use_index = True

 # If true, the index is split into individual pages for each letter.
 #html_split_index = False
@ -231,7 +231,7 @@ latex_elements = {
 # (source start file, target name, title,
 #  author, documentclass [howto, manual, or own class]).
 latex_documents = [
-    ('pp', 'pp.tex',
+    ('%VERSION%', '%VERSION%.tex',
     'Privacy Policy', 'GNU Taler team', 'manual'),
 ]

@ -277,6 +277,6 @@ latex_documents = [

 # -- Options for epub output  ----------------------------

-epub_basename = "pp"
+epub_basename = "%VERSION%"

 epub_title = "Privacy Policy"
--- a/contrib/pp/en/0.epub
+++ b/contrib/pp/en/0.epub
--- a/contrib/pp/en/0.html
+++ b/contrib/pp/en/0.html
@ -1,211 +0,0 @@
-
-
-<html lang="en">
-  <head>
-    <meta charset="utf-8" />
-    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-    <title>Privacy Policy &#8212; Taler Privacy Policy</title>
-    <link rel="stylesheet" href="_static/pygments.css" type="text/css" />
-    <link rel="stylesheet" href="_static/epub.css" type="text/css" />
-    <script id="documentation_options" data-url_root="./" src="_static/documentation_options.js"></script>
-    <script src="_static/jquery.js"></script>
-    <script src="_static/underscore.js"></script>
-    <script src="_static/doctools.js"></script> 
-  </head><body>
-
-    <div class="document">
-      <div class="documentwrapper">
-        <div class="bodywrapper">
-          <div class="body" role="main">
-            
-  <div class="section" id="privacy-policy">
-<h1>Privacy Policy<a class="headerlink" href="#privacy-policy" title="Permalink to this headline">¶</a></h1>
-<p>Last Updated: 11.12.2019</p>
-<p>This Privacy Policy describes the policies and procedures of Taler Systems SA
-(“we,” “our,” or “us”) pertaining to the collection, use, and disclosure of
-your information on our sites and related mobile applications and products we
-offer (the “Services” or “Taler Wallet”). This Privacy Statement applies to
-your personal data when you use our Services, and does not apply to online
-websites or services that we do not own or control.</p>
-<div class="section" id="overview">
-<h2>Overview<a class="headerlink" href="#overview" title="Permalink to this headline">¶</a></h2>
-<p>Your privacy is important to us. We follow a few fundamental principles: We
-don’t ask you for personally identifiable information (defined below). That
-being said, your contact information, such as your phone number, social media
-handle, or email address (depending on how you contact us), may be collected
-when you communicate with us, for example to report a bug or other error
-related to the Taler Wallet. We don’t share your information with third
-parties except when strictly required to deliver you our Services and
-products, or to comply with the law. If you have any questions or concerns
-about this policy, please reach out to us at <a class="reference external" href="mailto:privacy&#37;&#52;&#48;taler-systems&#46;net">privacy<span>&#64;</span>taler-systems<span>&#46;</span>net</a>.</p>
-</div>
-<div class="section" id="how-you-accept-this-policy">
-<h2>How you accept this policy<a class="headerlink" href="#how-you-accept-this-policy" title="Permalink to this headline">¶</a></h2>
-<p>By using our Services or visiting our sites, you agree to the use, disclosure,
-and procedures outlined in this Privacy Policy.</p>
-</div>
-<div class="section" id="what-personal-information-do-we-collect-from-our-users">
-<h2>What personal information do we collect from our users?<a class="headerlink" href="#what-personal-information-do-we-collect-from-our-users" title="Permalink to this headline">¶</a></h2>
-<p>The information we collect from you falls into two categories: (i) personally
-identifiable information (i.e., data that could potentially identify you as an
-individual) (“Personal Information”), and (ii) non-personally identifiable
-information (i.e., information that cannot be used to identify who you are)
-(“Non-Personal Information”). This Privacy Policy covers both categories and
-will tell you how we might collect and use each type.</p>
-<p>We do our best to not collect any Personal Information from Taler Wallet
-users. We believe that the Taler Wallet never transmits personal information
-to our services without at least clear implied consent, and we only process
-and retain information with a strict business need. That being said, when
-using our Services, we inherently have to collect the following information:</p>
-<blockquote>
-<div><ul class="simple">
-<li><p>Bank account details necessary when receiving funds from you to top-up your wallet or to transfer funds to you when you are being paid via Taler. At the current experimental stage, only the pseudonym and password you entered in the bank demonstrator is stored.</p></li>
-<li><p>The amounts being withdrawn or deposited, with associated unique transaction identifiers and cryptographic signatures authorizing the transaction. Note that for purchases, we cannot identify the buyer from the collected data, so when you spend money, we only receive non-personal information.</p></li>
-<li><p>When you contact us. We may collect certain information if you choose to contact us, for example to report a bug or other error with the Taler Wallet. This may include contact information such as your name, email address or phone number depending on the method you choose to contact us.</p></li>
-</ul>
-</div></blockquote>
-</div>
-<div class="section" id="how-we-collect-and-process-information">
-<h2>How we collect and process information<a class="headerlink" href="#how-we-collect-and-process-information" title="Permalink to this headline">¶</a></h2>
-<p>We may process your information for the following reasons:</p>
-<blockquote>
-<div><ul class="simple">
-<li><p>to transfer money as specified by our users (Taler transactions);</p></li>
-<li><p>to assist government entities in linking income to the underlying contract as required by law and local regulations</p></li>
-<li><p>to support you using the Taler Wallet or to improve our Services</p></li>
-</ul>
-</div></blockquote>
-</div>
-<div class="section" id="how-we-share-and-use-the-information-we-gather">
-<h2>How we share and use the information we gather<a class="headerlink" href="#how-we-share-and-use-the-information-we-gather" title="Permalink to this headline">¶</a></h2>
-<p>We may share your Personal Data or other information about you only if you are
-a merchant receiving income, with your bank, to the degree necessary to
-execute the payment.</p>
-<p>We retain Personal Data to transfer funds to the accounts designated by our
-users. We may retain Personal Data only for as long as mandated by law and
-required for the wire transfers.</p>
-<p>We primarily use the limited information we receive directly from you to
-enhance the Taler Wallet. Some ways we may use your Personal Information are
-to: Contact you when necessary to respond to your comments, answer your
-questions, or obtain additional information on issues related to bugs or
-errors with the Taler Wallet that you reported.</p>
-</div>
-<div class="section" id="agents-or-third-party-partners">
-<h2>Agents or third party partners<a class="headerlink" href="#agents-or-third-party-partners" title="Permalink to this headline">¶</a></h2>
-<p>We may provide your Personal Information to our employees, contractors,
-agents, service providers, and designees (“Agents”) to enable them to perform
-certain services for us exclusively, including: improvement and maintenance of
-our software and Services.</p>
-</div>
-<div class="section" id="protection-of-us-and-others">
-<h2>Protection of us and others<a class="headerlink" href="#protection-of-us-and-others" title="Permalink to this headline">¶</a></h2>
-<p>We reserve the right to access, read, preserve, and disclose any information
-that we reasonably believe is necessary to comply with the law or a court
-order.</p>
-</div>
-<div class="section" id="what-personal-information-can-i-access-or-change">
-<h2>What personal information can I access or change?<a class="headerlink" href="#what-personal-information-can-i-access-or-change" title="Permalink to this headline">¶</a></h2>
-<p>You can request access to the information we have collected from you. You can
-do this by contacting us at <a class="reference external" href="mailto:privacy&#37;&#52;&#48;taler-systems&#46;net">privacy<span>&#64;</span>taler-systems<span>&#46;</span>net</a>. We will make sure to
-provide you with a copy of the data we process about you. To comply with your
-request, we may ask you to verify your identity. We will fulfill your request
-by sending your copy electronically. For any subsequent access request, we may
-charge you with an administrative fee. If you believe that the information we
-have collected is incorrect, you are welcome to contact us so we can update it
-and keep your data accurate. Any data that is no longer needed for purposes
-specified in the “How We Use the Information We Gather” section will be
-deleted after ninety (90) days.</p>
-</div>
-<div class="section" id="what-are-your-data-protection-rights">
-<h2>What are your data protection rights?<a class="headerlink" href="#what-are-your-data-protection-rights" title="Permalink to this headline">¶</a></h2>
-<p>Anastasis would like to make sure you are fully aware of all of your
-data protection rights. Every user is entitled to the following:</p>
-<dl class="simple">
-<dt><strong>The right to access</strong>: You have the right to request Anastasis for</dt><dd><p>copies of your personal data. We may charge you a small fee for this
-service.</p>
-</dd>
-</dl>
-<p><strong>The right to rectification</strong>: You have the right to request that
-Anastasis correct any information you believe is inaccurate. You also
-have the right to request Anastasis to complete information you
-believe is incomplete.  The right to erasure - You have the right to
-request that Anastasis erase your personal data, under certain
-conditions.</p>
-<dl class="simple">
-<dt><strong>The right to restrict processing</strong>: You have the right to request</dt><dd><p>that Anastasis restrict the processing of your personal data, under
-certain conditions.</p>
-</dd>
-<dt><strong>The right to object to processing</strong>: You have the right to object to</dt><dd><p>Anastasis’s processing of your personal data, under certain
-conditions.</p>
-</dd>
-<dt><strong>The right to data portability</strong>: You have the right to request that</dt><dd><p>Anastasis transfer the data that we have collected to another
-organization, or directly to you, under certain conditions.</p>
-</dd>
-</dl>
-<p>If you make a request, we have one month to respond to you. If you
-would like to exercise any of these rights, please contact us at our
-email: <a class="reference external" href="mailto:privacy&#37;&#52;&#48;taler-systems&#46;com">privacy<span>&#64;</span>taler-systems<span>&#46;</span>com</a></p>
-<p>You can always contact your local data protection authority to enforce
-your rights.</p>
-</div>
-<div class="section" id="data-retention">
-<h2>Data retention<a class="headerlink" href="#data-retention" title="Permalink to this headline">¶</a></h2>
-<p>If you uninstall the Taler Wallet mobile applications from your device, or
-request that your information be deleted, we still may retain some information
-that you have provided to us to maintain the Taler Wallet or to comply with
-relevant laws.</p>
-</div>
-<div class="section" id="data-security">
-<h2>Data security<a class="headerlink" href="#data-security" title="Permalink to this headline">¶</a></h2>
-<p>We are committed to making sure your information is protected. We employ
-several physical and electronic safeguards to keep your information safe,
-including encrypted user passwords, two factor verification and authentication
-on passwords where possible, and securing connections with industry standard
-transport layer security. You are also welcome to contact us using GnuPG
-encrypted e-mail. Even with all these precautions, we cannot fully guarantee
-against the access, disclosure, alteration, or deletion of data through
-events, including but not limited to hardware or software failure or
-unauthorized use. Any information that you provide to us is done so entirely
-at your own risk.</p>
-</div>
-<div class="section" id="changes-and-updates-to-privacy-policy">
-<h2>Changes and updates to privacy policy<a class="headerlink" href="#changes-and-updates-to-privacy-policy" title="Permalink to this headline">¶</a></h2>
-<p>We reserve the right to update and revise this privacy policy at any time. We
-occasionally review this Privacy Policy to make sure it complies with
-applicable laws and conforms to changes in our business. We may need to update
-this Privacy Policy, and we reserve the right to do so at any time. If we do
-revise this Privacy Policy, we will update the “Effective Date” at the bottom
-of this page so that you can tell if it has changed since your last visit. As
-we generally do not collect contact information and also do not track your
-visits, we will not be able to notify you directly. However, the Taler Wallet
-may inform you about a change in the privacy policy once it detects that the
-policy has changed. Please review this Privacy Policy regularly to ensure that
-you are aware of its terms. Any use of our Services after an amendment to our
-Privacy Policy constitutes your acceptance to the revised or amended
-agreement.</p>
-</div>
-<div class="section" id="international-users-and-visitors">
-<h2>International users and visitors<a class="headerlink" href="#international-users-and-visitors" title="Permalink to this headline">¶</a></h2>
-<p>Our Services are hosted in Switzerland. If you are a user accessing the
-Services from the European Union, Asia, US, or any other region with laws or
-regulations governing personal data collection, use, and disclosure that
-differ from Swiss laws, please be advised that through your continued use of
-the Services, which is governed by Swiss law, you are transferring your
-Personal Information to Switzerland and you consent to that transfer.</p>
-</div>
-<div class="section" id="questions">
-<h2>Questions<a class="headerlink" href="#questions" title="Permalink to this headline">¶</a></h2>
-<p>Please contact us at <a class="reference external" href="mailto:privacy&#37;&#52;&#48;taler-systems&#46;net">privacy<span>&#64;</span>taler-systems<span>&#46;</span>net</a> if you have questions about our
-privacy practices that are not addressed in this Privacy Statement.</p>
-</div>
-</div>
-
-
-            <div class="clearer"></div>
-          </div>
-        </div>
-      </div>
-      <div class="clearer"></div>
-    </div>
-  </body>
-</html>
--- a/contrib/pp/en/pp-v0.epub
+++ b/contrib/pp/en/pp-v0.epub
--- a/contrib/pp/en/pp-v0.html
+++ b/contrib/pp/en/pp-v0.html
--- a/contrib/pp/en/pp-v0.md
+++ b/contrib/pp/en/pp-v0.md
--- a/contrib/pp/en/pp-v0.pdf
+++ b/contrib/pp/en/pp-v0.pdf
--- a/contrib/pp/en/pp-v0.txt
+++ b/contrib/pp/en/pp-v0.txt
@ -0,0 +1,237 @@
+Privacy Policy
+**************
+
+Last Updated: 11.12.2019
+
+This Privacy Policy describes the policies and procedures of Taler
+Systems SA (“we,” “our,” or “us”) pertaining to the collection, use,
+and disclosure of your information on our sites and related mobile
+applications and products we offer (the “Services” or “Taler Wallet”).
+This Privacy Statement applies to your personal data when you use our
+Services, and does not apply to online websites or services that we do
+not own or control.
+
+
+Overview
+========
+
+Your privacy is important to us. We follow a few fundamental
+principles: We don’t ask you for personally identifiable information
+(defined below). That being said, your contact information, such as
+your phone number, social media handle, or email address (depending on
+how you contact us), may be collected when you communicate with us,
+for example to report a bug or other error related to the Taler
+Wallet. We don’t share your information with third parties except when
+strictly required to deliver you our Services and products, or to
+comply with the law. If you have any questions or concerns about this
+policy, please reach out to us at privacy@taler-systems.net.
+
+
+How you accept this policy
+==========================
+
+By using our Services or visiting our sites, you agree to the use,
+disclosure, and procedures outlined in this Privacy Policy.
+
+
+What personal information do we collect from our users?
+=======================================================
+
+The information we collect from you falls into two categories: (i)
+personally identifiable information (i.e., data that could potentially
+identify you as an individual) (“Personal Information”), and (ii) non-
+personally identifiable information (i.e., information that cannot be
+used to identify who you are) (“Non-Personal Information”). This
+Privacy Policy covers both categories and will tell you how we might
+collect and use each type.
+
+We do our best to not collect any Personal Information from Taler
+Wallet users. We believe that the Taler Wallet never transmits
+personal information to our services without at least clear implied
+consent, and we only process and retain information with a strict
+business need. That being said, when using our Services, we inherently
+have to collect the following information:
+
+   * Bank account details necessary when receiving funds from you to
+     top-up your wallet or to transfer funds to you when you are being
+     paid via Taler. At the current experimental stage, only the
+     pseudonym and password you entered in the bank demonstrator is
+     stored.
+
+   * The amounts being withdrawn or deposited, with associated unique
+     transaction identifiers and cryptographic signatures authorizing
+     the transaction. Note that for purchases, we cannot identify the
+     buyer from the collected data, so when you spend money, we only
+     receive non-personal information.
+
+   * When you contact us. We may collect certain information if you
+     choose to contact us, for example to report a bug or other error
+     with the Taler Wallet. This may include contact information such
+     as your name, email address or phone number depending on the
+     method you choose to contact us.
+
+
+How we collect and process information
+======================================
+
+We may process your information for the following reasons:
+
+   * to transfer money as specified by our users (Taler transactions);
+
+   * to assist government entities in linking income to the underlying
+     contract as required by law and local regulations
+
+   * to support you using the Taler Wallet or to improve our Services
+
+
+How we share and use the information we gather
+==============================================
+
+We may share your Personal Data or other information about you only if
+you are a merchant receiving income, with your bank, to the degree
+necessary to execute the payment.
+
+We retain Personal Data to transfer funds to the accounts designated
+by our users. We may retain Personal Data only for as long as mandated
+by law and required for the wire transfers.
+
+We primarily use the limited information we receive directly from you
+to enhance the Taler Wallet. Some ways we may use your Personal
+Information are to: Contact you when necessary to respond to your
+comments, answer your questions, or obtain additional information on
+issues related to bugs or errors with the Taler Wallet that you
+reported.
+
+
+Agents or third party partners
+==============================
+
+We may provide your Personal Information to our employees,
+contractors, agents, service providers, and designees (“Agents”) to
+enable them to perform certain services for us exclusively, including:
+improvement and maintenance of our software and Services.
+
+
+Protection of us and others
+===========================
+
+We reserve the right to access, read, preserve, and disclose any
+information that we reasonably believe is necessary to comply with the
+law or a court order.
+
+
+What personal information can I access or change?
+=================================================
+
+You can request access to the information we have collected from you.
+You can do this by contacting us at privacy@taler-systems.net. We will
+make sure to provide you with a copy of the data we process about you.
+To comply with your request, we may ask you to verify your identity.
+We will fulfill your request by sending your copy electronically. For
+any subsequent access request, we may charge you with an
+administrative fee. If you believe that the information we have
+collected is incorrect, you are welcome to contact us so we can update
+it and keep your data accurate. Any data that is no longer needed for
+purposes specified in the “How We Use the Information We Gather”
+section will be deleted after ninety (90) days.
+
+
+What are your data protection rights?
+=====================================
+
+Anastasis would like to make sure you are fully aware of all of your
+data protection rights. Every user is entitled to the following:
+
+**The right to access**: You have the right to request Anastasis for
+   copies of your personal data. We may charge you a small fee for
+   this service.
+
+**The right to rectification**: You have the right to request that
+Anastasis correct any information you believe is inaccurate. You also
+have the right to request Anastasis to complete information you
+believe is incomplete.  The right to erasure - You have the right to
+request that Anastasis erase your personal data, under certain
+conditions.
+
+**The right to restrict processing**: You have the right to request
+   that Anastasis restrict the processing of your personal data, under
+   certain conditions.
+
+**The right to object to processing**: You have the right to object to
+   Anastasis's processing of your personal data, under certain
+   conditions.
+
+**The right to data portability**: You have the right to request that
+   Anastasis transfer the data that we have collected to another
+   organization, or directly to you, under certain conditions.
+
+If you make a request, we have one month to respond to you. If you
+would like to exercise any of these rights, please contact us at our
+email: privacy@taler-systems.com
+
+You can always contact your local data protection authority to enforce
+your rights.
+
+
+Data retention
+==============
+
+If you uninstall the Taler Wallet mobile applications from your
+device, or request that your information be deleted, we still may
+retain some information that you have provided to us to maintain the
+Taler Wallet or to comply with relevant laws.
+
+
+Data security
+=============
+
+We are committed to making sure your information is protected. We
+employ several physical and electronic safeguards to keep your
+information safe, including encrypted user passwords, two factor
+verification and authentication on passwords where possible, and
+securing connections with industry standard transport layer security.
+You are also welcome to contact us using GnuPG encrypted e-mail. Even
+with all these precautions, we cannot fully guarantee against the
+access, disclosure, alteration, or deletion of data through events,
+including but not limited to hardware or software failure or
+unauthorized use. Any information that you provide to us is done so
+entirely at your own risk.
+
+
+Changes and updates to privacy policy
+=====================================
+
+We reserve the right to update and revise this privacy policy at any
+time. We occasionally review this Privacy Policy to make sure it
+complies with applicable laws and conforms to changes in our business.
+We may need to update this Privacy Policy, and we reserve the right to
+do so at any time. If we do revise this Privacy Policy, we will update
+the “Effective Date” at the bottom of this page so that you can tell
+if it has changed since your last visit. As we generally do not
+collect contact information and also do not track your visits, we will
+not be able to notify you directly. However, the Taler Wallet may
+inform you about a change in the privacy policy once it detects that
+the policy has changed. Please review this Privacy Policy regularly to
+ensure that you are aware of its terms. Any use of our Services after
+an amendment to our Privacy Policy constitutes your acceptance to the
+revised or amended agreement.
+
+
+International users and visitors
+================================
+
+Our Services are hosted in Switzerland. If you are a user accessing
+the Services from the European Union, Asia, US, or any other region
+with laws or regulations governing personal data collection, use, and
+disclosure that differ from Swiss laws, please be advised that through
+your continued use of the Services, which is governed by Swiss law,
+you are transferring your Personal Information to Switzerland and you
+consent to that transfer.
+
+
+Questions
+=========
+
+Please contact us at privacy@taler-systems.net if you have questions
+about our privacy practices that are not addressed in this Privacy
+Statement.
--- a/contrib/pp/en/pp-v0.xml
+++ b/contrib/pp/en/pp-v0.xml
@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="utf-8"?>
 <!DOCTYPE document PUBLIC "+//IDN docutils.sourceforge.net//DTD Docutils Generic//EN//XML" "http://docutils.sourceforge.net/docs/ref/docutils.dtd">
 <!-- Generated by Docutils 0.16 -->
-<document source="/research/taler/exchange/contrib/pp/pp.rst">
+<document source="/research/taler/exchange/contrib/pp/pp-v0.rst">
    <section ids="privacy-policy" names="privacy\ policy">
        <title>Privacy Policy</title>
        <paragraph>Last Updated: 11.12.2019</paragraph>
--- a/contrib/pp/pp-v0.rst
+++ b/contrib/pp/pp-v0.rst
--- a/contrib/sigp/h.header
+++ b/contrib/sigp/h.header
@ -27,6 +27,5 @@
 #ifndef TALER_SIGNATURES_H
 #define TALER_SIGNATURES_H

-#include <gnunet/gnunet_util_lib.h>
-#include "taler_amount_lib.h"
-#include "taler_crypto_lib.h"
+
+
--- a/contrib/taler-bank-manage-testing
+++ b/contrib/taler-bank-manage-testing
@ -1,9 +1,9 @@
 #!/bin/sh
 # This file is in the public domain
-# Wrapper around 'taler-bank-manage' to first configure the required
+# Wrapper around libeufin to first configure the required
 # testing accounts before launching the bank properly.
 #
-# Takes 3 arguments:
+# Takes 4 arguments:
 # $1: the Nexus port (Sandbox port prepends 1 to it)
 # $2: the database name
 # $3: exchange base URL (used to specify the default exchange)
@ -11,6 +11,12 @@

 set -eu

+if [ "$1" = "--help" ];
+then
+    echo "This is a tool to launch a libeufin based bank for testing."
+    echo "Call using: Nexus port number, SQLite file path, exchange base URL, config file path."
+    exit 0
+fi
 if [ "$#" -ne 4 ];
 then
    echo "illegal number of parameters.  \
@ -31,7 +37,7 @@ libeufin-sandbox serve --port "1$1" \
  > libeufin-sandbox-stdout.log \
  2> libeufin-sandbox-stderr.log &
 echo $! > libeufin-sandbox.pid
-export LIBEUFIN_SANDBOX_URL="http://localhost:1$1/demobanks/default"
+export LIBEUFIN_SANDBOX_URL="http://localhost:1$1/"
 set +e
 echo -n "Waiting for Sandbox.."
 for n in `seq 1 50`; do
--- a/contrib/taler-nexus-prepare
+++ b/contrib/taler-nexus-prepare
@ -17,24 +17,24 @@ FACADE_LABEL="my-facade"

 export LIBEUFIN_SANDBOX_USERNAME=exchange
 export LIBEUFIN_SANDBOX_PASSWORD=x
-export LIBEUFIN_SANDBOX_URL=http://localhost:5000/demobanks/default
+export LIBEUFIN_SANDBOX_URL=http://localhost:5000/
 libeufin-cli sandbox demobank register --name "Exchange Company"

 export LIBEUFIN_SANDBOX_USERNAME=fortytwo
 export LIBEUFIN_SANDBOX_PASSWORD=x
-export LIBEUFIN_SANDBOX_URL=http://localhost:5000/demobanks/default
+export LIBEUFIN_SANDBOX_URL=http://localhost:5000/
 libeufin-cli sandbox demobank register \
  --name User42 --iban FR7630006000011234567890189

 export LIBEUFIN_SANDBOX_USERNAME=fortythree
 export LIBEUFIN_SANDBOX_PASSWORD=x
-export LIBEUFIN_SANDBOX_URL=http://localhost:5000/demobanks/default
+export LIBEUFIN_SANDBOX_URL=http://localhost:5000/
 libeufin-cli sandbox demobank register \
  --name User43 --iban GB33BUKB20201555555555

 export LIBEUFIN_SANDBOX_USERNAME=admin
 export LIBEUFIN_SANDBOX_PASSWORD=secret
-export LIBEUFIN_SANDBOX_URL=http://localhost:5000/demobanks/default
+export LIBEUFIN_SANDBOX_URL=http://localhost:5000/
 echo -n "Create EBICS host at Sandbox..."
 libeufin-cli sandbox \
  --sandbox-url "http://localhost:5000" \
--- a/contrib/tos/bfh-v0.rst
+++ b/contrib/tos/bfh-v0.rst
--- a/contrib/tos/conf.py.in
+++ b/contrib/tos/conf.py.in
@ -17,6 +17,7 @@
  @author Benedikt Muller
  @author Sree Harsha Totakura
  @author Marcello Stanisci
+  @author Christian Grothoff
 """
 # -*- coding: utf-8 -*-
 #
@ -68,20 +69,20 @@ source_suffix = {
 #source_encoding = 'utf-8-sig'

 # The master toctree document.
-master_doc = 'tos'
+master_doc = '%VERSION%'

 # General information about the project.
-project = u'tos'
-copyright = u'2014-2020 Taler Systems SA (GPLv3+ or GFDL 1.3+)'
+project = u'%VERSION%'
+copyright = u'2014-2022 Taler Systems SA (GPLv3+ or GFDL 1.3+)'

 # The version info for the project you're documenting, acts as replacement for
 # |version| and |release|, also used in various other places throughout the
 # built documents.
 #
 # The short X.Y version.
-version = '0'
+version = '%VERSION%'
 # The full version, including alpha/beta/rc tags.
-release = '0'
+release = '%VERSION%'

 # The language for content autogenerated by Sphinx. Refer to documentation
 # for a list of supported languages.
@ -149,7 +150,7 @@ html_theme_options = {

 # The name for this set of Sphinx documents.  If None, it defaults to
 # "<project> v<release> documentation".
-html_title = "Taler Terms of Service"
+html_title = "Taler Exchange Terms of Service"

 # A shorter title for the navigation bar.  Default is the same as html_title.
 html_short_title = "Terms of Service"
@ -192,7 +193,7 @@ html_short_title = "Terms of Service"
 #html_domain_indices = True

 # If false, no index is generated.
-#html_use_index = True
+html_use_index = True

 # If true, the index is split into individual pages for each letter.
 #html_split_index = False
@ -231,7 +232,7 @@ latex_elements = {
 # (source start file, target name, title,
 #  author, documentclass [howto, manual, or own class]).
 latex_documents = [
-    ('tos', 'tos.tex',
+    ('%VERSION%', '%VERSION%.tex',
     'Terms of Service', 'GNU Taler team', 'manual'),
 ]

@ -277,6 +278,6 @@ latex_documents = [

 # -- Options for epub output  ----------------------------

-epub_basename = "tos"
+epub_basename = "%VERSION%"

 epub_title = "Terms of Service"
--- a/contrib/tos/en/0.html
+++ b/contrib/tos/en/0.html
@ -1,316 +0,0 @@
-
-
-<html lang="en">
-  <head>
-    <meta charset="utf-8" />
-    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-    <title>Terms Of Service &#8212; Taler Terms of Service</title>
-    <link rel="stylesheet" href="_static/pygments.css" type="text/css" />
-    <link rel="stylesheet" href="_static/epub.css" type="text/css" />
-    <script id="documentation_options" data-url_root="./" src="_static/documentation_options.js"></script>
-    <script src="_static/jquery.js"></script>
-    <script src="_static/underscore.js"></script>
-    <script src="_static/doctools.js"></script> 
-  </head><body>
-
-    <div class="document">
-      <div class="documentwrapper">
-        <div class="bodywrapper">
-          <div class="body" role="main">
-            
-  <div class="section" id="terms-of-service">
-<h1>Terms Of Service<a class="headerlink" href="#terms-of-service" title="Permalink to this headline">¶</a></h1>
-<p>Last Updated: 09.06.2022</p>
-<p>Welcome! The ICE research center of the Bern University of Applied Sciences
-in Switzerland (“we,” “our,” or “us”) provides an experimental payment service
-through our Internet presence (collectively the “Services”). Before using our
-Services, please read the Terms of Service (the “Terms” or the “Agreement”)
-carefully.</p>
-<div class="section" id="this-is-research">
-<h2>This is research<a class="headerlink" href="#this-is-research" title="Permalink to this headline">¶</a></h2>
-<p>This is a research experiment. Any funds wired to our Bitcoin address are
-considered a donation to our research group. We may use them to enable
-payments following the GNU Taler protocol, or simply keep them at our
-discretion.  The service is experimental and may also be discontinued at
-any time, in which case all remaining funds will definitively be kept by
-the research group.</p>
-</div>
-<div class="section" id="overview">
-<h2>Overview<a class="headerlink" href="#overview" title="Permalink to this headline">¶</a></h2>
-<p>This section provides a brief summary of the highlights of this
-Agreement. Please note that when you accept this Agreement, you are accepting
-all of the terms and conditions and not just this section. We and possibly
-other third parties provide Internet services which interact with the Taler
-Wallet’s self-hosted personal payment application. When using the Taler Wallet
-to interact with our Services, you are agreeing to our Terms, so please read
-carefully.</p>
-<div class="section" id="highlights">
-<h3>Highlights:<a class="headerlink" href="#highlights" title="Permalink to this headline">¶</a></h3>
-<blockquote>
-<div><ul class="simple">
-<li><p>You are responsible for keeping the data in your Taler Wallet at all times
-under your control. Any losses arising from you not being in control of
-your private information are your problem.</p></li>
-<li><p>We may transfer funds we receive from our users to any legal
-recipient to the best of our ability within the limitations of the law and
-our implementation. However, the Services offered today are highly
-experimental and the set of recipients of funds is severely restricted.
-Again, we stress this is a research experiment and technically all funds
-held by the exchange are owned by the research group of the university.</p></li>
-<li><p>For our Services, we may charge transaction fees. The specific fee structure
-is provided based on the Taler protocol and should be shown to you when you
-withdraw electronic coins using a Taler Wallet. You agree and understand
-that the Taler protocol allows for the fee structure to change.</p></li>
-<li><p>You agree to not intentionally overwhelm our systems with requests and
-follow responsible disclosure if you find security issues in our services.</p></li>
-<li><p>We cannot be held accountable for our Services not being available due to
-any circumstances. If we modify or terminate our services,
-we may give you the opportunity to recover your funds. However,
-given the experimental state of the Services today, this may not be
-possible. You are strongly advised to limit your use of the Service
-to small-scale experiments expecting total loss of all funds.</p></li>
-</ul>
-</div></blockquote>
-<p>These terms outline approved uses of our Services. The Services and these
-Terms are still at an experimental stage. If you have any questions or
-comments related to this Agreement, please send us a message to
-<a class="reference external" href="mailto:ice&#37;&#52;&#48;bfh&#46;ch">ice<span>&#64;</span>bfh<span>&#46;</span>ch</a>. If you do not agree to this Agreement, you must not
-use our Services.</p>
-</div>
-</div>
-<div class="section" id="how-you-accept-this-policy">
-<h2>How you accept this policy<a class="headerlink" href="#how-you-accept-this-policy" title="Permalink to this headline">¶</a></h2>
-<p>By sending funds to us (to top-up your Taler Wallet), you acknowledge that you
-have read, understood, and agreed to these Terms. We reserve the right to
-change these Terms at any time. If you disagree with the change, we may in the
-future offer you with an easy option to recover your unspent funds. However,
-in the current experimental period you acknowledge that this feature is not
-yet available, resulting in your funds being lost unless you accept the new
-Terms. If you continue to use our Services other than to recover your unspent
-funds, your continued use of our Services following any such change will
-signify your acceptance to be bound by the then current Terms. Please check
-the effective date above to determine if there have been any changes since you
-have last reviewed these Terms.</p>
-</div>
-<div class="section" id="services">
-<h2>Services<a class="headerlink" href="#services" title="Permalink to this headline">¶</a></h2>
-<p>We will try to transfer funds that we receive from users to any legal
-recipient to the best of our ability and within the limitations of the
-law. However, the Services offered today are highly experimental and the set
-of recipients of funds is severely restricted.  The Taler Wallet can be loaded
-by exchanging fiat or cryptocurrencies against electronic coins. We are
-providing this exchange service. Once your Taler Wallet is loaded with
-electronic coins they can be spent for purchases if the seller is accepting
-Taler as a means of payment. We are not guaranteeing that any seller is
-accepting Taler at all or a particular seller.  The seller or recipient of
-deposits of electronic coins must specify the target account, as per the
-design of the Taler protocol. They are responsible for following the protocol
-and specifying the correct bank account, and are solely liable for any losses
-that may arise from specifying the wrong account. We may allow the government
-to link wire transfers to the underlying contract hash. It is the
-responsibility of recipients to preserve the full contracts and to pay
-whatever taxes and charges may be applicable. Technical issues may lead to
-situations where we are unable to make transfers at all or lead to incorrect
-transfers that cannot be reversed. We may refuse to execute transfers if the
-transfers are prohibited by a competent legal authority and we are ordered to
-do so.</p>
-<p>When using our Services, you agree to not take any action that intentionally
-imposes an unreasonable load on our infrastructure. If you find security
-problems in our Services, you agree to first report them to
-<a class="reference external" href="mailto:security&#37;&#52;&#48;taler-systems&#46;com">security<span>&#64;</span>taler-systems<span>&#46;</span>com</a> and grant us the right to publish your report. We
-warrant that we will ourselves publicly disclose any issues reported within 3
-months, and that we will not prosecute anyone reporting security issues if
-they did not exploit the issue beyond a proof-of-concept, and followed the
-above responsible disclosure practice.</p>
-</div>
-<div class="section" id="fees">
-<h2>Fees<a class="headerlink" href="#fees" title="Permalink to this headline">¶</a></h2>
-<p>You agree to pay the fees for exchanges and withdrawals completed via the
-Taler Wallet (“Fees”) as defined by us, which we may change from time to
-time. With the exception of wire transfer fees, Taler transaction fees are set
-for any electronic coin at the time of withdrawal and fixed throughout the
-validity period of the respective electronic coin. Your wallet should obtain
-and display applicable fees when withdrawing funds. Fees for coins obtained as
-change may differ from the fees applicable to the original coin. Wire transfer
-fees that are independent from electronic coins may change annually.  You
-authorize us to charge or deduct applicable fees owed in connection with
-deposits, exchanges and withdrawals following the rules of the Taler protocol.
-We reserve the right to provide different types of rewards to users either in
-the form of discount for our Services or in any other form at our discretion
-and without prior notice to you.</p>
-</div>
-<div class="section" id="eligibility-and-financial-self-responsibility">
-<h2>Eligibility and Financial self-responsibility<a class="headerlink" href="#eligibility-and-financial-self-responsibility" title="Permalink to this headline">¶</a></h2>
-<p>To be eligible to use our Services, you must be able to form legally binding
-contracts or have the permission of your legal guardian. By using our
-Services, you represent and warrant that you meet all eligibility requirements
-that we outline in these Terms.</p>
-<p>You will be responsible for maintaining the availability, integrity and
-confidentiality of the data stored in your wallet. When you setup a Taler
-Wallet, you are strongly advised to follow the precautionary measures offered
-by the software to minimize the chances to losse access to or control over
-your Wallet data. We will not be liable for any loss or damage arising from
-your failure to comply with this paragraph.</p>
-</div>
-<div class="section" id="copyrights-and-trademarks">
-<h2>Copyrights and trademarks<a class="headerlink" href="#copyrights-and-trademarks" title="Permalink to this headline">¶</a></h2>
-<p>The Taler Wallet is released under the terms of the GNU General Public License
-(GNU GPL). You have the right to access, use, and share the Taler Wallet, in
-modified or unmodified form. However, the GPL is a strong copyleft license,
-which means that any derivative works must be distributed under the same
-license terms as the original software. If you have any questions, you should
-review the GNU GPL’s full terms and conditions at
-<a class="reference external" href="https://www.gnu.org/licenses/gpl-3.0.en.html">https://www.gnu.org/licenses/gpl-3.0.en.html</a>.  “Taler” itself is a trademark
-of Taler Systems SA. You are welcome to use the name in relation to processing
-payments using the Taler protocol, assuming your use is compatible with an
-official release from the GNU Project that is not older than two years.</p>
-</div>
-<div class="section" id="limitation-of-liability-disclaimer-of-warranties">
-<h2>Limitation of liability &amp; disclaimer of warranties<a class="headerlink" href="#limitation-of-liability-disclaimer-of-warranties" title="Permalink to this headline">¶</a></h2>
-<p>You understand and agree that we have no control over, and no duty to take any
-action regarding: Failures, disruptions, errors, or delays in processing that
-you may experience while using our Services; The risk of failure of hardware,
-software, and Internet connections; The risk of malicious software being
-introduced or found in the software underlying the Taler Wallet; The risk that
-third parties may obtain unauthorized access to information stored within your
-Taler Wallet, including, but not limited to your Taler Wallet coins or backup
-encryption keys.  You release us from all liability related to any losses,
-damages, or claims arising from:</p>
-<ol class="loweralpha simple">
-<li><p>user error such as forgotten passwords, incorrectly constructed
-transactions;</p></li>
-<li><p>server failure or data loss;</p></li>
-<li><p>unauthorized access to the Taler Wallet application;</p></li>
-<li><p>bugs or other errors in the Taler Wallet software; and</p></li>
-<li><p>any unauthorized third party activities, including, but not limited to,
-the use of viruses, phishing, brute forcing, or other means of attack
-against the Taler Wallet. We make no representations concerning any
-Third Party Content contained in or accessed through our Services.</p></li>
-</ol>
-<p>Any other terms, conditions, warranties, or representations associated with
-such content, are solely between you and such organizations and/or
-individuals.</p>
-<p>To the fullest extent permitted by applicable law, in no event will we or any
-of our officers, directors, representatives, agents, servants, counsel,
-employees, consultants, lawyers, and other personnel authorized to act,
-acting, or purporting to act on our behalf (collectively the “Taler Parties”)
-be liable to you under contract, tort, strict liability, negligence, or any
-other legal or equitable theory, for:</p>
-<ol class="loweralpha simple">
-<li><p>any lost profits, data loss, cost of procurement of substitute goods or
-services, or direct, indirect, incidental, special, punitive, compensatory,
-or consequential damages of any kind whatsoever resulting from:</p></li>
-</ol>
-<blockquote>
-<div><ol class="lowerroman simple">
-<li><p>your use of, or conduct in connection with, our services;</p></li>
-<li><p>any unauthorized use of your wallet and/or private key due to your
-failure to maintain the confidentiality of your wallet;</p></li>
-<li><p>any interruption or cessation of transmission to or from the services; or</p></li>
-<li><p>any bugs, viruses, trojan horses, or the like that are found in the Taler
-Wallet software or that may be transmitted to or through our services by
-any third party (regardless of the source of origination), or</p></li>
-</ol>
-</div></blockquote>
-<ol class="loweralpha simple" start="2">
-<li><p>any direct damages.</p></li>
-</ol>
-<p>These limitations apply regardless of legal theory, whether based on tort,
-strict liability, breach of contract, breach of warranty, or any other legal
-theory, and whether or not we were advised of the possibility of such
-damages. Some jurisdictions do not allow the exclusion or limitation of
-liability for consequential or incidental damages, so the above limitation may
-not apply to you.</p>
-<p>Our services are provided “as is” and without warranty of any kind. To the
-maximum extent permitted by law, we disclaim all representations and
-warranties, express or implied, relating to the services and underlying
-software or any content on the services, whether provided or owned by us or by
-any third party, including without limitation, warranties of merchantability,
-fitness for a particular purpose, title, non-infringement, freedom from
-computer virus, and any implied warranties arising from course of dealing,
-course of performance, or usage in trade, all of which are expressly
-disclaimed. In addition, we do not represent or warrant that the content
-accessible via the services is accurate, complete, available, current, free of
-viruses or other harmful components, or that the results of using the services
-will meet your requirements. Some states do not allow the disclaimer of
-implied warranties, so the foregoing disclaimers may not apply to you. This
-paragraph gives you specific legal rights and you may also have other legal
-rights that vary from state to state.</p>
-</div>
-<div class="section" id="indemnity-and-time-limitation-on-claims-and-termination">
-<h2>Indemnity and Time limitation on claims and Termination<a class="headerlink" href="#indemnity-and-time-limitation-on-claims-and-termination" title="Permalink to this headline">¶</a></h2>
-<p>To the extent permitted by applicable law, you agree to defend, indemnify, and
-hold harmless the Taler Parties from and against any and all claims, damages,
-obligations, losses, liabilities, costs or debt, and expenses (including, but
-not limited to, attorney’s fees) arising from: (a) your use of and access to
-the Services; (b) any feedback or submissions you provide to us concerning the
-Taler Wallet; (c) your violation of any term of this Agreement; or (d) your
-violation of any law, rule, or regulation, or the rights of any third party.</p>
-<p>You agree that any claim you may have arising out of or related to your
-relationship with us must be filed within one year after such claim arises,
-otherwise, your claim in permanently barred.</p>
-<p>In the event of termination concerning your use of our Services, your
-obligations under this Agreement will still continue.</p>
-</div>
-<div class="section" id="discontinuance-of-services-and-force-majeure">
-<h2>Discontinuance of services and Force majeure<a class="headerlink" href="#discontinuance-of-services-and-force-majeure" title="Permalink to this headline">¶</a></h2>
-<p>We may, in our sole discretion and without cost to you, with or without prior
-notice, and at any time, modify or discontinue, temporarily or permanently,
-any portion of our Services. We will use the Taler protocol’s provisions to
-notify Wallets if our Services are to be discontinued. It is your
-responsibility to ensure that the Taler Wallet is online at least once every
-three months to observe these notifications. We shall not be held responsible
-or liable for any loss of funds in the event that we discontinue or depreciate
-the Services and your Taler Wallet fails to transfer out the coins within a
-three months notification period.</p>
-<p>We shall not be held liable for any delays, failure in performance, or
-interruptions of service which result directly or indirectly from any cause or
-condition beyond our reasonable control, including but not limited to: any
-delay or failure due to any act of God, act of civil or military authorities,
-act of terrorism, civil disturbance, war, strike or other labor dispute, fire,
-interruption in telecommunications or Internet services or network provider
-services, failure of equipment and/or software, other catastrophe, or any
-other occurrence which is beyond our reasonable control and shall not affect
-the validity and enforceability of any remaining provisions.</p>
-</div>
-<div class="section" id="governing-law-waivers-severability-and-assignment">
-<h2>Governing law, Waivers, Severability and Assignment<a class="headerlink" href="#governing-law-waivers-severability-and-assignment" title="Permalink to this headline">¶</a></h2>
-<p>No matter where you’re located, the laws of Switzerland will govern these
-Terms. If any provisions of these Terms are inconsistent with any applicable
-law, those provisions will be superseded or modified only to the extent such
-provisions are inconsistent. The parties agree to submit to the ordinary
-courts in Bern, Switzerland for exclusive jurisdiction of any dispute
-arising out of or related to your use of the Services or your breach of these
-Terms.</p>
-<p>Our failure to exercise or delay in exercising any right, power, or privilege
-under this Agreement shall not operate as a waiver; nor shall any single or
-partial exercise of any right, power, or privilege preclude any other or
-further exercise thereof.</p>
-<p>You agree that we may assign any of our rights and/or transfer, sub-contract,
-or delegate any of our obligations under these Terms.</p>
-<p>If it turns out that any part of this Agreement is invalid, void, or for any
-reason unenforceable, that term will be deemed severable and limited or
-eliminated to the minimum extent necessary.</p>
-<p>This Agreement sets forth the entire understanding and agreement as to the
-subject matter hereof and supersedes any and all prior discussions,
-agreements, and understandings of any kind (including, without limitation, any
-prior versions of this Agreement) and every nature between us. Except as
-provided for above, any modification to this Agreement must be in writing and
-must be signed by both parties.</p>
-</div>
-<div class="section" id="questions-or-comments">
-<h2>Questions or comments<a class="headerlink" href="#questions-or-comments" title="Permalink to this headline">¶</a></h2>
-<p>We welcome comments, questions, concerns, or suggestions. Please send us a
-message on our contact page at <a class="reference external" href="mailto:legal&#37;&#52;&#48;taler-systems&#46;com">legal<span>&#64;</span>taler-systems<span>&#46;</span>com</a>.</p>
-</div>
-</div>
-
-
-            <div class="clearer"></div>
-          </div>
-        </div>
-      </div>
-      <div class="clearer"></div>
-    </div>
-  </body>
-</html>
--- a/contrib/tos/en/bfh-v0.epub
+++ b/contrib/tos/en/bfh-v0.epub
--- a/contrib/tos/en/bfh-v0.html
+++ b/contrib/tos/en/bfh-v0.html
--- a/contrib/tos/en/bfh-v0.pdf
+++ b/contrib/tos/en/bfh-v0.pdf
--- a/contrib/tos/en/bfh-v0.txt
+++ b/contrib/tos/en/bfh-v0.txt
--- a/contrib/tos/en/bfh-v0.xml
+++ b/contrib/tos/en/bfh-v0.xml
@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="utf-8"?>
 <!DOCTYPE document PUBLIC "+//IDN docutils.sourceforge.net//DTD Docutils Generic//EN//XML" "http://docutils.sourceforge.net/docs/ref/docutils.dtd">
 <!-- Generated by Docutils 0.16 -->
-<document source="/home/grothoff/research/taler/exchange/contrib/tos/tos.rst">
+<document source="/research/taler/exchange/contrib/tos/bfh-v0.rst">
    <section ids="terms-of-service" names="terms\ of\ service">
        <title>Terms Of Service</title>
        <paragraph>Last Updated: 09.06.2022</paragraph>
--- a/contrib/tos/en/tos-v0.epub
+++ b/contrib/tos/en/tos-v0.epub
--- a/contrib/tos/en/tos-v0.html
+++ b/contrib/tos/en/tos-v0.html
--- a/contrib/tos/en/tos-v0.md
+++ b/contrib/tos/en/tos-v0.md
@ -0,0 +1,337 @@
+Terms Of Service
+****************
+
+Last Updated: 12.4.2019
+
+Welcome! Taler Systems SA (“we,” “our,” or “us”) provides a payment
+service through our Internet presence (collectively the “Services”).
+Before using our Services, please read the Terms of Service (the
+“Terms” or the “Agreement”) carefully.
+
+
+Overview
+========
+
+This section provides a brief summary of the highlights of this
+Agreement. Please note that when you accept this Agreement, you are
+accepting all of the terms and conditions and not just this section.
+We and possibly other third parties provide Internet services which
+interact with the Taler Wallet’s self-hosted personal payment
+application. When using the Taler Wallet to interact with our
+Services, you are agreeing to our Terms, so please read carefully.
+
+
+Highlights:
+-----------
+
+   * You are responsible for keeping the data in your Taler Wallet at
+     all times under your control. Any losses arising from you not
+     being in control of your private information are your problem.
+
+   * We will try to transfer funds we hold in escrow for our users to
+     any legal recipient to the best of our ability within the
+     limitations of the law and our implementation. However, the
+     Services offered today are highly experimental and the set of
+     recipients of funds is severely restricted.
+
+   * For our Services, we may charge transaction fees. The specific
+     fee structure is provided based on the Taler protocol and should
+     be shown to you when you withdraw electronic coins using a Taler
+     Wallet. You agree and understand that the Taler protocol allows
+     for the fee structure to change.
+
+   * You agree to not intentionally overwhelm our systems with
+     requests and follow responsible disclosure if you find security
+     issues in our services.
+
+   * We cannot be held accountable for our Services not being
+     available due to circumstances beyond our control. If we modify
+     or terminate our services, we will try to give you the
+     opportunity to recover your funds. However, given the
+     experimental state of the Services today, this may not be
+     possible. You are strongly advised to limit your use of the
+     Service to small-scale experiments expecting total loss of all
+     funds.
+
+These terms outline approved uses of our Services. The Services and
+these Terms are still at an experimental stage. If you have any
+questions or comments related to this Agreement, please send us a
+message to legal@taler-systems.com. If you do not agree to this
+Agreement, you must not use our Services.
+
+
+How you accept this policy
+==========================
+
+By sending funds to us (to top-up your Taler Wallet), you acknowledge
+that you have read, understood, and agreed to these Terms. We reserve
+the right to change these Terms at any time. If you disagree with the
+change, we may in the future offer you with an easy option to recover
+your unspent funds. However, in the current experimental period you
+acknowledge that this feature is not yet available, resulting in your
+funds being lost unless you accept the new Terms. If you continue to
+use our Services other than to recover your unspent funds, your
+continued use of our Services following any such change will signify
+your acceptance to be bound by the then current Terms. Please check
+the effective date above to determine if there have been any changes
+since you have last reviewed these Terms.
+
+
+Services
+========
+
+We will try to transfer funds that we hold in escrow for our users to
+any legal recipient to the best of our ability and within the
+limitations of the law and our implementation. However, the Services
+offered today are highly experimental and the set of recipients of
+funds is severely restricted.  The Taler Wallet can be loaded by
+exchanging fiat currencies against electronic coins. We are providing
+this exchange service. Once your Taler Wallet is loaded with
+electronic coins they can be spent for purchases if the seller is
+accepting Taler as a means of payment. We are not guaranteeing that
+any seller is accepting Taler at all or a particular seller.  The
+seller or recipient of deposits of electronic coins must specify the
+target account, as per the design of the Taler protocol. They are
+responsible for following the protocol and specifying the correct bank
+account, and are solely liable for any losses that may arise from
+specifying the wrong account. We will allow the government to link
+wire transfers to the underlying contract hash. It is the
+responsibility of recipients to preserve the full contracts and to pay
+whatever taxes and charges may be applicable. Technical issues may
+lead to situations where we are unable to make transfers at all or
+lead to incorrect transfers that cannot be reversed. We will only
+refuse to execute transfers if the transfers are prohibited by a
+competent legal authority and we are ordered to do so.
+
+When using our Services, you agree to not take any action that
+intentionally imposes an unreasonable load on our infrastructure. If
+you find security problems in our Services, you agree to first report
+them to security@taler-systems.com and grant us the right to publish
+your report. We warrant that we will ourselves publicly disclose any
+issues reported within 3 months, and that we will not prosecute anyone
+reporting security issues if they did not exploit the issue beyond a
+proof-of-concept, and followed the above responsible disclosure
+practice.
+
+
+Fees
+====
+
+You agree to pay the fees for exchanges and withdrawals completed via
+the Taler Wallet ("Fees") as defined by us, which we may change from
+time to time. With the exception of wire transfer fees, Taler
+transaction fees are set for any electronic coin at the time of
+withdrawal and fixed throughout the validity period of the respective
+electronic coin. Your wallet should obtain and display applicable fees
+when withdrawing funds. Fees for coins obtained as change may differ
+from the fees applicable to the original coin. Wire transfer fees that
+are independent from electronic coins may change annually.  You
+authorize us to charge or deduct applicable fees owed in connection
+with deposits, exchanges and withdrawals following the rules of the
+Taler protocol. We reserve the right to provide different types of
+rewards to users either in the form of discount for our Services or in
+any other form at our discretion and without prior notice to you.
+
+
+Eligibility and Financial self-responsibility
+=============================================
+
+To be eligible to use our Services, you must be able to form legally
+binding contracts or have the permission of your legal guardian. By
+using our Services, you represent and warrant that you meet all
+eligibility requirements that we outline in these Terms.
+
+You will be responsible for maintaining the availability, integrity
+and confidentiality of the data stored in your wallet. When you setup
+a Taler Wallet, you are strongly advised to follow the precautionary
+measures offered by the software to minimize the chances to losse
+access to or control over your Wallet data. We will not be liable for
+any loss or damage arising from your failure to comply with this
+paragraph.
+
+
+Copyrights and trademarks
+=========================
+
+The Taler Wallet is released under the terms of the GNU General Public
+License (GNU GPL). You have the right to access, use, and share the
+Taler Wallet, in modified or unmodified form. However, the GPL is a
+strong copyleft license, which means that any derivative works must be
+distributed under the same license terms as the original software. If
+you have any questions, you should review the GNU GPL’s full terms and
+conditions at https://www.gnu.org/licenses/gpl-3.0.en.html.  “Taler”
+itself is a trademark of Taler Systems SA. You are welcome to use the
+name in relation to processing payments using the Taler protocol,
+assuming your use is compatible with an official release from the GNU
+Project that is not older than two years.
+
+
+Limitation of liability & disclaimer of warranties
+==================================================
+
+You understand and agree that we have no control over, and no duty to
+take any action regarding: Failures, disruptions, errors, or delays in
+processing that you may experience while using our Services; The risk
+of failure of hardware, software, and Internet connections; The risk
+of malicious software being introduced or found in the software
+underlying the Taler Wallet; The risk that third parties may obtain
+unauthorized access to information stored within your Taler Wallet,
+including, but not limited to your Taler Wallet coins or backup
+encryption keys.  You release us from all liability related to any
+losses, damages, or claims arising from:
+
+1. user error such as forgotten passwords, incorrectly constructed
+   transactions;
+
+2. server failure or data loss;
+
+3. unauthorized access to the Taler Wallet application;
+
+4. bugs or other errors in the Taler Wallet software; and
+
+5. any unauthorized third party activities, including, but not limited
+   to, the use of viruses, phishing, brute forcing, or other means of
+   attack against the Taler Wallet. We make no representations
+   concerning any Third Party Content contained in or accessed through
+   our Services.
+
+Any other terms, conditions, warranties, or representations associated
+with such content, are solely between you and such organizations
+and/or individuals.
+
+To the fullest extent permitted by applicable law, in no event will we
+or any of our officers, directors, representatives, agents, servants,
+counsel, employees, consultants, lawyers, and other personnel
+authorized to act, acting, or purporting to act on our behalf
+(collectively the “Taler Parties”) be liable to you under contract,
+tort, strict liability, negligence, or any other legal or equitable
+theory, for:
+
+1. any lost profits, data loss, cost of procurement of substitute
+   goods or services, or direct, indirect, incidental, special,
+   punitive, compensatory, or consequential damages of any kind
+   whatsoever resulting from:
+
+   1. your use of, or conduct in connection with, our services;
+
+   2. any unauthorized use of your wallet and/or private key due to
+      your failure to maintain the confidentiality of your wallet;
+
+   3. any interruption or cessation of transmission to or from the
+      services; or
+
+   4. any bugs, viruses, trojan horses, or the like that are found in
+      the Taler Wallet software or that may be transmitted to or
+      through our services by any third party (regardless of the
+      source of origination), or
+
+2. any direct damages.
+
+These limitations apply regardless of legal theory, whether based on
+tort, strict liability, breach of contract, breach of warranty, or any
+other legal theory, and whether or not we were advised of the
+possibility of such damages. Some jurisdictions do not allow the
+exclusion or limitation of liability for consequential or incidental
+damages, so the above limitation may not apply to you.
+
+Our services are provided "as is" and without warranty of any kind. To
+the maximum extent permitted by law, we disclaim all representations
+and warranties, express or implied, relating to the services and
+underlying software or any content on the services, whether provided
+or owned by us or by any third party, including without limitation,
+warranties of merchantability, fitness for a particular purpose,
+title, non-infringement, freedom from computer virus, and any implied
+warranties arising from course of dealing, course of performance, or
+usage in trade, all of which are expressly disclaimed. In addition, we
+do not represent or warrant that the content accessible via the
+services is accurate, complete, available, current, free of viruses or
+other harmful components, or that the results of using the services
+will meet your requirements. Some states do not allow the disclaimer
+of implied warranties, so the foregoing disclaimers may not apply to
+you. This paragraph gives you specific legal rights and you may also
+have other legal rights that vary from state to state.
+
+
+Indemnity and Time limitation on claims and Termination
+=======================================================
+
+To the extent permitted by applicable law, you agree to defend,
+indemnify, and hold harmless the Taler Parties from and against any
+and all claims, damages, obligations, losses, liabilities, costs or
+debt, and expenses (including, but not limited to, attorney’s fees)
+arising from: (a) your use of and access to the Services; (b) any
+feedback or submissions you provide to us concerning the Taler Wallet;
+(c) your violation of any term of this Agreement; or (d) your
+violation of any law, rule, or regulation, or the rights of any third
+party.
+
+You agree that any claim you may have arising out of or related to
+your relationship with us must be filed within one year after such
+claim arises, otherwise, your claim in permanently barred.
+
+In the event of termination concerning your use of our Services, your
+obligations under this Agreement will still continue.
+
+
+Discontinuance of services and Force majeure
+============================================
+
+We may, in our sole discretion and without cost to you, with or
+without prior notice, and at any time, modify or discontinue,
+temporarily or permanently, any portion of our Services. We will use
+the Taler protocol’s provisions to notify Wallets if our Services are
+to be discontinued. It is your responsibility to ensure that the Taler
+Wallet is online at least once every three months to observe these
+notifications. We shall not be held responsible or liable for any loss
+of funds in the event that we discontinue or depreciate the Services
+and your Taler Wallet fails to transfer out the coins within a three
+months notification period.
+
+We shall not be held liable for any delays, failure in performance, or
+interruptions of service which result directly or indirectly from any
+cause or condition beyond our reasonable control, including but not
+limited to: any delay or failure due to any act of God, act of civil
+or military authorities, act of terrorism, civil disturbance, war,
+strike or other labor dispute, fire, interruption in
+telecommunications or Internet services or network provider services,
+failure of equipment and/or software, other catastrophe, or any other
+occurrence which is beyond our reasonable control and shall not affect
+the validity and enforceability of any remaining provisions.
+
+
+Governing law, Waivers, Severability and Assignment
+===================================================
+
+No matter where you’re located, the laws of Switzerland will govern
+these Terms. If any provisions of these Terms are inconsistent with
+any applicable law, those provisions will be superseded or modified
+only to the extent such provisions are inconsistent. The parties agree
+to submit to the ordinary courts in Zurich, Switzerland for exclusive
+jurisdiction of any dispute arising out of or related to your use of
+the Services or your breach of these Terms.
+
+Our failure to exercise or delay in exercising any right, power, or
+privilege under this Agreement shall not operate as a waiver; nor
+shall any single or partial exercise of any right, power, or privilege
+preclude any other or further exercise thereof.
+
+You agree that we may assign any of our rights and/or transfer, sub-
+contract, or delegate any of our obligations under these Terms.
+
+If it turns out that any part of this Agreement is invalid, void, or
+for any reason unenforceable, that term will be deemed severable and
+limited or eliminated to the minimum extent necessary.
+
+This Agreement sets forth the entire understanding and agreement as to
+the subject matter hereof and supersedes any and all prior
+discussions, agreements, and understandings of any kind (including,
+without limitation, any prior versions of this Agreement) and every
+nature between us. Except as provided for above, any modification to
+this Agreement must be in writing and must be signed by both parties.
+
+
+Questions or comments
+=====================
+
+We welcome comments, questions, concerns, or suggestions. Please send
+us a message on our contact page at legal@taler-systems.com.
--- a/contrib/tos/en/tos-v0.pdf
+++ b/contrib/tos/en/tos-v0.pdf
--- a/contrib/tos/en/tos-v0.txt
+++ b/contrib/tos/en/tos-v0.txt
@ -0,0 +1,337 @@
+Terms Of Service
+****************
+
+Last Updated: 12.4.2019
+
+Welcome! Taler Systems SA (“we,” “our,” or “us”) provides a payment
+service through our Internet presence (collectively the “Services”).
+Before using our Services, please read the Terms of Service (the
+“Terms” or the “Agreement”) carefully.
+
+
+Overview
+========
+
+This section provides a brief summary of the highlights of this
+Agreement. Please note that when you accept this Agreement, you are
+accepting all of the terms and conditions and not just this section.
+We and possibly other third parties provide Internet services which
+interact with the Taler Wallet’s self-hosted personal payment
+application. When using the Taler Wallet to interact with our
+Services, you are agreeing to our Terms, so please read carefully.
+
+
+Highlights:
+-----------
+
+   * You are responsible for keeping the data in your Taler Wallet at
+     all times under your control. Any losses arising from you not
+     being in control of your private information are your problem.
+
+   * We will try to transfer funds we hold in escrow for our users to
+     any legal recipient to the best of our ability within the
+     limitations of the law and our implementation. However, the
+     Services offered today are highly experimental and the set of
+     recipients of funds is severely restricted.
+
+   * For our Services, we may charge transaction fees. The specific
+     fee structure is provided based on the Taler protocol and should
+     be shown to you when you withdraw electronic coins using a Taler
+     Wallet. You agree and understand that the Taler protocol allows
+     for the fee structure to change.
+
+   * You agree to not intentionally overwhelm our systems with
+     requests and follow responsible disclosure if you find security
+     issues in our services.
+
+   * We cannot be held accountable for our Services not being
+     available due to circumstances beyond our control. If we modify
+     or terminate our services, we will try to give you the
+     opportunity to recover your funds. However, given the
+     experimental state of the Services today, this may not be
+     possible. You are strongly advised to limit your use of the
+     Service to small-scale experiments expecting total loss of all
+     funds.
+
+These terms outline approved uses of our Services. The Services and
+these Terms are still at an experimental stage. If you have any
+questions or comments related to this Agreement, please send us a
+message to legal@taler-systems.com. If you do not agree to this
+Agreement, you must not use our Services.
+
+
+How you accept this policy
+==========================
+
+By sending funds to us (to top-up your Taler Wallet), you acknowledge
+that you have read, understood, and agreed to these Terms. We reserve
+the right to change these Terms at any time. If you disagree with the
+change, we may in the future offer you with an easy option to recover
+your unspent funds. However, in the current experimental period you
+acknowledge that this feature is not yet available, resulting in your
+funds being lost unless you accept the new Terms. If you continue to
+use our Services other than to recover your unspent funds, your
+continued use of our Services following any such change will signify
+your acceptance to be bound by the then current Terms. Please check
+the effective date above to determine if there have been any changes
+since you have last reviewed these Terms.
+
+
+Services
+========
+
+We will try to transfer funds that we hold in escrow for our users to
+any legal recipient to the best of our ability and within the
+limitations of the law and our implementation. However, the Services
+offered today are highly experimental and the set of recipients of
+funds is severely restricted.  The Taler Wallet can be loaded by
+exchanging fiat currencies against electronic coins. We are providing
+this exchange service. Once your Taler Wallet is loaded with
+electronic coins they can be spent for purchases if the seller is
+accepting Taler as a means of payment. We are not guaranteeing that
+any seller is accepting Taler at all or a particular seller.  The
+seller or recipient of deposits of electronic coins must specify the
+target account, as per the design of the Taler protocol. They are
+responsible for following the protocol and specifying the correct bank
+account, and are solely liable for any losses that may arise from
+specifying the wrong account. We will allow the government to link
+wire transfers to the underlying contract hash. It is the
+responsibility of recipients to preserve the full contracts and to pay
+whatever taxes and charges may be applicable. Technical issues may
+lead to situations where we are unable to make transfers at all or
+lead to incorrect transfers that cannot be reversed. We will only
+refuse to execute transfers if the transfers are prohibited by a
+competent legal authority and we are ordered to do so.
+
+When using our Services, you agree to not take any action that
+intentionally imposes an unreasonable load on our infrastructure. If
+you find security problems in our Services, you agree to first report
+them to security@taler-systems.com and grant us the right to publish
+your report. We warrant that we will ourselves publicly disclose any
+issues reported within 3 months, and that we will not prosecute anyone
+reporting security issues if they did not exploit the issue beyond a
+proof-of-concept, and followed the above responsible disclosure
+practice.
+
+
+Fees
+====
+
+You agree to pay the fees for exchanges and withdrawals completed via
+the Taler Wallet ("Fees") as defined by us, which we may change from
+time to time. With the exception of wire transfer fees, Taler
+transaction fees are set for any electronic coin at the time of
+withdrawal and fixed throughout the validity period of the respective
+electronic coin. Your wallet should obtain and display applicable fees
+when withdrawing funds. Fees for coins obtained as change may differ
+from the fees applicable to the original coin. Wire transfer fees that
+are independent from electronic coins may change annually.  You
+authorize us to charge or deduct applicable fees owed in connection
+with deposits, exchanges and withdrawals following the rules of the
+Taler protocol. We reserve the right to provide different types of
+rewards to users either in the form of discount for our Services or in
+any other form at our discretion and without prior notice to you.
+
+
+Eligibility and Financial self-responsibility
+=============================================
+
+To be eligible to use our Services, you must be able to form legally
+binding contracts or have the permission of your legal guardian. By
+using our Services, you represent and warrant that you meet all
+eligibility requirements that we outline in these Terms.
+
+You will be responsible for maintaining the availability, integrity
+and confidentiality of the data stored in your wallet. When you setup
+a Taler Wallet, you are strongly advised to follow the precautionary
+measures offered by the software to minimize the chances to losse
+access to or control over your Wallet data. We will not be liable for
+any loss or damage arising from your failure to comply with this
+paragraph.
+
+
+Copyrights and trademarks
+=========================
+
+The Taler Wallet is released under the terms of the GNU General Public
+License (GNU GPL). You have the right to access, use, and share the
+Taler Wallet, in modified or unmodified form. However, the GPL is a
+strong copyleft license, which means that any derivative works must be
+distributed under the same license terms as the original software. If
+you have any questions, you should review the GNU GPL’s full terms and
+conditions at https://www.gnu.org/licenses/gpl-3.0.en.html.  “Taler”
+itself is a trademark of Taler Systems SA. You are welcome to use the
+name in relation to processing payments using the Taler protocol,
+assuming your use is compatible with an official release from the GNU
+Project that is not older than two years.
+
+
+Limitation of liability & disclaimer of warranties
+==================================================
+
+You understand and agree that we have no control over, and no duty to
+take any action regarding: Failures, disruptions, errors, or delays in
+processing that you may experience while using our Services; The risk
+of failure of hardware, software, and Internet connections; The risk
+of malicious software being introduced or found in the software
+underlying the Taler Wallet; The risk that third parties may obtain
+unauthorized access to information stored within your Taler Wallet,
+including, but not limited to your Taler Wallet coins or backup
+encryption keys.  You release us from all liability related to any
+losses, damages, or claims arising from:
+
+1. user error such as forgotten passwords, incorrectly constructed
+   transactions;
+
+2. server failure or data loss;
+
+3. unauthorized access to the Taler Wallet application;
+
+4. bugs or other errors in the Taler Wallet software; and
+
+5. any unauthorized third party activities, including, but not limited
+   to, the use of viruses, phishing, brute forcing, or other means of
+   attack against the Taler Wallet. We make no representations
+   concerning any Third Party Content contained in or accessed through
+   our Services.
+
+Any other terms, conditions, warranties, or representations associated
+with such content, are solely between you and such organizations
+and/or individuals.
+
+To the fullest extent permitted by applicable law, in no event will we
+or any of our officers, directors, representatives, agents, servants,
+counsel, employees, consultants, lawyers, and other personnel
+authorized to act, acting, or purporting to act on our behalf
+(collectively the “Taler Parties”) be liable to you under contract,
+tort, strict liability, negligence, or any other legal or equitable
+theory, for:
+
+1. any lost profits, data loss, cost of procurement of substitute
+   goods or services, or direct, indirect, incidental, special,
+   punitive, compensatory, or consequential damages of any kind
+   whatsoever resulting from:
+
+   1. your use of, or conduct in connection with, our services;
+
+   2. any unauthorized use of your wallet and/or private key due to
+      your failure to maintain the confidentiality of your wallet;
+
+   3. any interruption or cessation of transmission to or from the
+      services; or
+
+   4. any bugs, viruses, trojan horses, or the like that are found in
+      the Taler Wallet software or that may be transmitted to or
+      through our services by any third party (regardless of the
+      source of origination), or
+
+2. any direct damages.
+
+These limitations apply regardless of legal theory, whether based on
+tort, strict liability, breach of contract, breach of warranty, or any
+other legal theory, and whether or not we were advised of the
+possibility of such damages. Some jurisdictions do not allow the
+exclusion or limitation of liability for consequential or incidental
+damages, so the above limitation may not apply to you.
+
+Our services are provided "as is" and without warranty of any kind. To
+the maximum extent permitted by law, we disclaim all representations
+and warranties, express or implied, relating to the services and
+underlying software or any content on the services, whether provided
+or owned by us or by any third party, including without limitation,
+warranties of merchantability, fitness for a particular purpose,
+title, non-infringement, freedom from computer virus, and any implied
+warranties arising from course of dealing, course of performance, or
+usage in trade, all of which are expressly disclaimed. In addition, we
+do not represent or warrant that the content accessible via the
+services is accurate, complete, available, current, free of viruses or
+other harmful components, or that the results of using the services
+will meet your requirements. Some states do not allow the disclaimer
+of implied warranties, so the foregoing disclaimers may not apply to
+you. This paragraph gives you specific legal rights and you may also
+have other legal rights that vary from state to state.
+
+
+Indemnity and Time limitation on claims and Termination
+=======================================================
+
+To the extent permitted by applicable law, you agree to defend,
+indemnify, and hold harmless the Taler Parties from and against any
+and all claims, damages, obligations, losses, liabilities, costs or
+debt, and expenses (including, but not limited to, attorney’s fees)
+arising from: (a) your use of and access to the Services; (b) any
+feedback or submissions you provide to us concerning the Taler Wallet;
+(c) your violation of any term of this Agreement; or (d) your
+violation of any law, rule, or regulation, or the rights of any third
+party.
+
+You agree that any claim you may have arising out of or related to
+your relationship with us must be filed within one year after such
+claim arises, otherwise, your claim in permanently barred.
+
+In the event of termination concerning your use of our Services, your
+obligations under this Agreement will still continue.
+
+
+Discontinuance of services and Force majeure
+============================================
+
+We may, in our sole discretion and without cost to you, with or
+without prior notice, and at any time, modify or discontinue,
+temporarily or permanently, any portion of our Services. We will use
+the Taler protocol’s provisions to notify Wallets if our Services are
+to be discontinued. It is your responsibility to ensure that the Taler
+Wallet is online at least once every three months to observe these
+notifications. We shall not be held responsible or liable for any loss
+of funds in the event that we discontinue or depreciate the Services
+and your Taler Wallet fails to transfer out the coins within a three
+months notification period.
+
+We shall not be held liable for any delays, failure in performance, or
+interruptions of service which result directly or indirectly from any
+cause or condition beyond our reasonable control, including but not
+limited to: any delay or failure due to any act of God, act of civil
+or military authorities, act of terrorism, civil disturbance, war,
+strike or other labor dispute, fire, interruption in
+telecommunications or Internet services or network provider services,
+failure of equipment and/or software, other catastrophe, or any other
+occurrence which is beyond our reasonable control and shall not affect
+the validity and enforceability of any remaining provisions.
+
+
+Governing law, Waivers, Severability and Assignment
+===================================================
+
+No matter where you’re located, the laws of Switzerland will govern
+these Terms. If any provisions of these Terms are inconsistent with
+any applicable law, those provisions will be superseded or modified
+only to the extent such provisions are inconsistent. The parties agree
+to submit to the ordinary courts in Zurich, Switzerland for exclusive
+jurisdiction of any dispute arising out of or related to your use of
+the Services or your breach of these Terms.
+
+Our failure to exercise or delay in exercising any right, power, or
+privilege under this Agreement shall not operate as a waiver; nor
+shall any single or partial exercise of any right, power, or privilege
+preclude any other or further exercise thereof.
+
+You agree that we may assign any of our rights and/or transfer, sub-
+contract, or delegate any of our obligations under these Terms.
+
+If it turns out that any part of this Agreement is invalid, void, or
+for any reason unenforceable, that term will be deemed severable and
+limited or eliminated to the minimum extent necessary.
+
+This Agreement sets forth the entire understanding and agreement as to
+the subject matter hereof and supersedes any and all prior
+discussions, agreements, and understandings of any kind (including,
+without limitation, any prior versions of this Agreement) and every
+nature between us. Except as provided for above, any modification to
+this Agreement must be in writing and must be signed by both parties.
+
+
+Questions or comments
+=====================
+
+We welcome comments, questions, concerns, or suggestions. Please send
+us a message on our contact page at legal@taler-systems.com.
--- a/contrib/tos/en/tos-v0.xml
+++ b/contrib/tos/en/tos-v0.xml
@ -0,0 +1,311 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE document PUBLIC "+//IDN docutils.sourceforge.net//DTD Docutils Generic//EN//XML" "http://docutils.sourceforge.net/docs/ref/docutils.dtd">
+<!-- Generated by Docutils 0.16 -->
+<document source="/research/taler/exchange/contrib/tos/tos-v0.rst">
+    <section ids="terms-of-service" names="terms\ of\ service">
+        <title>Terms Of Service</title>
+        <paragraph>Last Updated: 12.4.2019</paragraph>
+        <paragraph>Welcome! Taler Systems SA (“we,” “our,” or “us”) provides a payment service
+            through our Internet presence (collectively the “Services”). Before using our
+            Services, please read the Terms of Service (the “Terms” or the “Agreement”)
+            carefully.</paragraph>
+        <section ids="overview" names="overview">
+            <title>Overview</title>
+            <paragraph>This section provides a brief summary of the highlights of this
+                Agreement. Please note that when you accept this Agreement, you are accepting
+                all of the terms and conditions and not just this section. We and possibly
+                other third parties provide Internet services which interact with the Taler
+                Wallet’s self-hosted personal payment application. When using the Taler Wallet
+                to interact with our Services, you are agreeing to our Terms, so please read
+                carefully.</paragraph>
+            <section ids="highlights" names="highlights:">
+                <title>Highlights:</title>
+                <block_quote>
+                    <bullet_list bullet="•">
+                        <list_item>
+                            <paragraph>You are responsible for keeping the data in your Taler Wallet at all times
+                                under your control. Any losses arising from you not being in control of
+                                your private information are your problem.</paragraph>
+                        </list_item>
+                        <list_item>
+                            <paragraph>We will try to transfer funds we hold in escrow for our users to any legal
+                                recipient to the best of our ability within the limitations of the law and
+                                our implementation. However, the Services offered today are highly
+                                experimental and the set of recipients of funds is severely restricted.</paragraph>
+                        </list_item>
+                        <list_item>
+                            <paragraph>For our Services, we may charge transaction fees. The specific fee structure
+                                is provided based on the Taler protocol and should be shown to you when you
+                                withdraw electronic coins using a Taler Wallet. You agree and understand
+                                that the Taler protocol allows for the fee structure to change.</paragraph>
+                        </list_item>
+                        <list_item>
+                            <paragraph>You agree to not intentionally overwhelm our systems with requests and
+                                follow responsible disclosure if you find security issues in our services.</paragraph>
+                        </list_item>
+                        <list_item>
+                            <paragraph>We cannot be held accountable for our Services not being available due to
+                                circumstances beyond our control. If we modify or terminate our services,
+                                we will try to give you the opportunity to recover your funds. However,
+                                given the experimental state of the Services today, this may not be
+                                possible. You are strongly advised to limit your use of the Service
+                                to small-scale experiments expecting total loss of all funds.</paragraph>
+                        </list_item>
+                    </bullet_list>
+                </block_quote>
+                <paragraph>These terms outline approved uses of our Services. The Services and these
+                    Terms are still at an experimental stage. If you have any questions or
+                    comments related to this Agreement, please send us a message to
+                    <reference refuri="mailto:legal@taler-systems.com">legal@taler-systems.com</reference>. If you do not agree to this Agreement, you must not
+                    use our Services.</paragraph>
+            </section>
+        </section>
+        <section ids="how-you-accept-this-policy" names="how\ you\ accept\ this\ policy">
+            <title>How you accept this policy</title>
+            <paragraph>By sending funds to us (to top-up your Taler Wallet), you acknowledge that you
+                have read, understood, and agreed to these Terms. We reserve the right to
+                change these Terms at any time. If you disagree with the change, we may in the
+                future offer you with an easy option to recover your unspent funds. However,
+                in the current experimental period you acknowledge that this feature is not
+                yet available, resulting in your funds being lost unless you accept the new
+                Terms. If you continue to use our Services other than to recover your unspent
+                funds, your continued use of our Services following any such change will
+                signify your acceptance to be bound by the then current Terms. Please check
+                the effective date above to determine if there have been any changes since you
+                have last reviewed these Terms.</paragraph>
+        </section>
+        <section ids="services" names="services">
+            <title>Services</title>
+            <paragraph>We will try to transfer funds that we hold in escrow for our users to any
+                legal recipient to the best of our ability and within the limitations of the
+                law and our implementation. However, the Services offered today are highly
+                experimental and the set of recipients of funds is severely restricted.  The
+                Taler Wallet can be loaded by exchanging fiat currencies against electronic
+                coins. We are providing this exchange service. Once your Taler Wallet is
+                loaded with electronic coins they can be spent for purchases if the seller is
+                accepting Taler as a means of payment. We are not guaranteeing that any seller
+                is accepting Taler at all or a particular seller.  The seller or recipient of
+                deposits of electronic coins must specify the target account, as per the
+                design of the Taler protocol. They are responsible for following the protocol
+                and specifying the correct bank account, and are solely liable for any losses
+                that may arise from specifying the wrong account. We will allow the government
+                to link wire transfers to the underlying contract hash. It is the
+                responsibility of recipients to preserve the full contracts and to pay
+                whatever taxes and charges may be applicable. Technical issues may lead to
+                situations where we are unable to make transfers at all or lead to incorrect
+                transfers that cannot be reversed. We will only refuse to execute transfers if
+                the transfers are prohibited by a competent legal authority and we are ordered
+                to do so.</paragraph>
+            <paragraph>When using our Services, you agree to not take any action that intentionally
+                imposes an unreasonable load on our infrastructure. If you find security
+                problems in our Services, you agree to first report them to
+                <reference refuri="mailto:security@taler-systems.com">security@taler-systems.com</reference> and grant us the right to publish your report. We
+                warrant that we will ourselves publicly disclose any issues reported within 3
+                months, and that we will not prosecute anyone reporting security issues if
+                they did not exploit the issue beyond a proof-of-concept, and followed the
+                above responsible disclosure practice.</paragraph>
+        </section>
+        <section ids="fees" names="fees">
+            <title>Fees</title>
+            <paragraph>You agree to pay the fees for exchanges and withdrawals completed via the
+                Taler Wallet (“Fees”) as defined by us, which we may change from time to
+                time. With the exception of wire transfer fees, Taler transaction fees are set
+                for any electronic coin at the time of withdrawal and fixed throughout the
+                validity period of the respective electronic coin. Your wallet should obtain
+                and display applicable fees when withdrawing funds. Fees for coins obtained as
+                change may differ from the fees applicable to the original coin. Wire transfer
+                fees that are independent from electronic coins may change annually.  You
+                authorize us to charge or deduct applicable fees owed in connection with
+                deposits, exchanges and withdrawals following the rules of the Taler protocol.
+                We reserve the right to provide different types of rewards to users either in
+                the form of discount for our Services or in any other form at our discretion
+                and without prior notice to you.</paragraph>
+        </section>
+        <section ids="eligibility-and-financial-self-responsibility" names="eligibility\ and\ financial\ self-responsibility">
+            <title>Eligibility and Financial self-responsibility</title>
+            <paragraph>To be eligible to use our Services, you must be able to form legally binding
+                contracts or have the permission of your legal guardian. By using our
+                Services, you represent and warrant that you meet all eligibility requirements
+                that we outline in these Terms.</paragraph>
+            <paragraph>You will be responsible for maintaining the availability, integrity and
+                confidentiality of the data stored in your wallet. When you setup a Taler
+                Wallet, you are strongly advised to follow the precautionary measures offered
+                by the software to minimize the chances to losse access to or control over
+                your Wallet data. We will not be liable for any loss or damage arising from
+                your failure to comply with this paragraph.</paragraph>
+        </section>
+        <section ids="copyrights-and-trademarks" names="copyrights\ and\ trademarks">
+            <title>Copyrights and trademarks</title>
+            <paragraph>The Taler Wallet is released under the terms of the GNU General Public License
+                (GNU GPL). You have the right to access, use, and share the Taler Wallet, in
+                modified or unmodified form. However, the GPL is a strong copyleft license,
+                which means that any derivative works must be distributed under the same
+                license terms as the original software. If you have any questions, you should
+                review the GNU GPL’s full terms and conditions at
+                <reference refuri="https://www.gnu.org/licenses/gpl-3.0.en.html">https://www.gnu.org/licenses/gpl-3.0.en.html</reference>.  “Taler” itself is a trademark
+                of Taler Systems SA. You are welcome to use the name in relation to processing
+                payments using the Taler protocol, assuming your use is compatible with an
+                official release from the GNU Project that is not older than two years.</paragraph>
+        </section>
+        <section ids="limitation-of-liability-disclaimer-of-warranties" names="limitation\ of\ liability\ &amp;\ disclaimer\ of\ warranties">
+            <title>Limitation of liability &amp; disclaimer of warranties</title>
+            <paragraph>You understand and agree that we have no control over, and no duty to take any
+                action regarding: Failures, disruptions, errors, or delays in processing that
+                you may experience while using our Services; The risk of failure of hardware,
+                software, and Internet connections; The risk of malicious software being
+                introduced or found in the software underlying the Taler Wallet; The risk that
+                third parties may obtain unauthorized access to information stored within your
+                Taler Wallet, including, but not limited to your Taler Wallet coins or backup
+                encryption keys.  You release us from all liability related to any losses,
+                damages, or claims arising from:</paragraph>
+            <enumerated_list enumtype="loweralpha" prefix="(" suffix=")">
+                <list_item>
+                    <paragraph>user error such as forgotten passwords, incorrectly constructed
+                        transactions;</paragraph>
+                </list_item>
+                <list_item>
+                    <paragraph>server failure or data loss;</paragraph>
+                </list_item>
+                <list_item>
+                    <paragraph>unauthorized access to the Taler Wallet application;</paragraph>
+                </list_item>
+                <list_item>
+                    <paragraph>bugs or other errors in the Taler Wallet software; and</paragraph>
+                </list_item>
+                <list_item>
+                    <paragraph>any unauthorized third party activities, including, but not limited to,
+                        the use of viruses, phishing, brute forcing, or other means of attack
+                        against the Taler Wallet. We make no representations concerning any
+                        Third Party Content contained in or accessed through our Services.</paragraph>
+                </list_item>
+            </enumerated_list>
+            <paragraph>Any other terms, conditions, warranties, or representations associated with
+                such content, are solely between you and such organizations and/or
+                individuals.</paragraph>
+            <paragraph>To the fullest extent permitted by applicable law, in no event will we or any
+                of our officers, directors, representatives, agents, servants, counsel,
+                employees, consultants, lawyers, and other personnel authorized to act,
+                acting, or purporting to act on our behalf (collectively the “Taler Parties”)
+                be liable to you under contract, tort, strict liability, negligence, or any
+                other legal or equitable theory, for:</paragraph>
+            <enumerated_list enumtype="loweralpha" prefix="(" suffix=")">
+                <list_item>
+                    <paragraph>any lost profits, data loss, cost of procurement of substitute goods or
+                        services, or direct, indirect, incidental, special, punitive, compensatory,
+                        or consequential damages of any kind whatsoever resulting from:</paragraph>
+                </list_item>
+            </enumerated_list>
+            <block_quote>
+                <enumerated_list enumtype="lowerroman" prefix="(" suffix=")">
+                    <list_item>
+                        <paragraph>your use of, or conduct in connection with, our services;</paragraph>
+                    </list_item>
+                    <list_item>
+                        <paragraph>any unauthorized use of your wallet and/or private key due to your
+                            failure to maintain the confidentiality of your wallet;</paragraph>
+                    </list_item>
+                    <list_item>
+                        <paragraph>any interruption or cessation of transmission to or from the services; or</paragraph>
+                    </list_item>
+                    <list_item>
+                        <paragraph>any bugs, viruses, trojan horses, or the like that are found in the Taler
+                            Wallet software or that may be transmitted to or through our services by
+                            any third party (regardless of the source of origination), or</paragraph>
+                    </list_item>
+                </enumerated_list>
+            </block_quote>
+            <enumerated_list enumtype="loweralpha" prefix="(" start="2" suffix=")">
+                <list_item>
+                    <paragraph>any direct damages.</paragraph>
+                </list_item>
+            </enumerated_list>
+            <paragraph>These limitations apply regardless of legal theory, whether based on tort,
+                strict liability, breach of contract, breach of warranty, or any other legal
+                theory, and whether or not we were advised of the possibility of such
+                damages. Some jurisdictions do not allow the exclusion or limitation of
+                liability for consequential or incidental damages, so the above limitation may
+                not apply to you.</paragraph>
+            <paragraph>Our services are provided “as is” and without warranty of any kind. To the
+                maximum extent permitted by law, we disclaim all representations and
+                warranties, express or implied, relating to the services and underlying
+                software or any content on the services, whether provided or owned by us or by
+                any third party, including without limitation, warranties of merchantability,
+                fitness for a particular purpose, title, non-infringement, freedom from
+                computer virus, and any implied warranties arising from course of dealing,
+                course of performance, or usage in trade, all of which are expressly
+                disclaimed. In addition, we do not represent or warrant that the content
+                accessible via the services is accurate, complete, available, current, free of
+                viruses or other harmful components, or that the results of using the services
+                will meet your requirements. Some states do not allow the disclaimer of
+                implied warranties, so the foregoing disclaimers may not apply to you. This
+                paragraph gives you specific legal rights and you may also have other legal
+                rights that vary from state to state.</paragraph>
+        </section>
+        <section ids="indemnity-and-time-limitation-on-claims-and-termination" names="indemnity\ and\ time\ limitation\ on\ claims\ and\ termination">
+            <title>Indemnity and Time limitation on claims and Termination</title>
+            <paragraph>To the extent permitted by applicable law, you agree to defend, indemnify, and
+                hold harmless the Taler Parties from and against any and all claims, damages,
+                obligations, losses, liabilities, costs or debt, and expenses (including, but
+                not limited to, attorney’s fees) arising from: (a) your use of and access to
+                the Services; (b) any feedback or submissions you provide to us concerning the
+                Taler Wallet; (c) your violation of any term of this Agreement; or (d) your
+                violation of any law, rule, or regulation, or the rights of any third party.</paragraph>
+            <paragraph>You agree that any claim you may have arising out of or related to your
+                relationship with us must be filed within one year after such claim arises,
+                otherwise, your claim in permanently barred.</paragraph>
+            <paragraph>In the event of termination concerning your use of our Services, your
+                obligations under this Agreement will still continue.</paragraph>
+        </section>
+        <section ids="discontinuance-of-services-and-force-majeure" names="discontinuance\ of\ services\ and\ force\ majeure">
+            <title>Discontinuance of services and Force majeure</title>
+            <paragraph>We may, in our sole discretion and without cost to you, with or without prior
+                notice, and at any time, modify or discontinue, temporarily or permanently,
+                any portion of our Services. We will use the Taler protocol’s provisions to
+                notify Wallets if our Services are to be discontinued. It is your
+                responsibility to ensure that the Taler Wallet is online at least once every
+                three months to observe these notifications. We shall not be held responsible
+                or liable for any loss of funds in the event that we discontinue or depreciate
+                the Services and your Taler Wallet fails to transfer out the coins within a
+                three months notification period.</paragraph>
+            <paragraph>We shall not be held liable for any delays, failure in performance, or
+                interruptions of service which result directly or indirectly from any cause or
+                condition beyond our reasonable control, including but not limited to: any
+                delay or failure due to any act of God, act of civil or military authorities,
+                act of terrorism, civil disturbance, war, strike or other labor dispute, fire,
+                interruption in telecommunications or Internet services or network provider
+                services, failure of equipment and/or software, other catastrophe, or any
+                other occurrence which is beyond our reasonable control and shall not affect
+                the validity and enforceability of any remaining provisions.</paragraph>
+        </section>
+        <section ids="governing-law-waivers-severability-and-assignment" names="governing\ law,\ waivers,\ severability\ and\ assignment">
+            <title>Governing law, Waivers, Severability and Assignment</title>
+            <paragraph>No matter where you’re located, the laws of Switzerland will govern these
+                Terms. If any provisions of these Terms are inconsistent with any applicable
+                law, those provisions will be superseded or modified only to the extent such
+                provisions are inconsistent. The parties agree to submit to the ordinary
+                courts in Zurich, Switzerland for exclusive jurisdiction of any dispute
+                arising out of or related to your use of the Services or your breach of these
+                Terms.</paragraph>
+            <paragraph>Our failure to exercise or delay in exercising any right, power, or privilege
+                under this Agreement shall not operate as a waiver; nor shall any single or
+                partial exercise of any right, power, or privilege preclude any other or
+                further exercise thereof.</paragraph>
+            <paragraph>You agree that we may assign any of our rights and/or transfer, sub-contract,
+                or delegate any of our obligations under these Terms.</paragraph>
+            <paragraph>If it turns out that any part of this Agreement is invalid, void, or for any
+                reason unenforceable, that term will be deemed severable and limited or
+                eliminated to the minimum extent necessary.</paragraph>
+            <paragraph>This Agreement sets forth the entire understanding and agreement as to the
+                subject matter hereof and supersedes any and all prior discussions,
+                agreements, and understandings of any kind (including, without limitation, any
+                prior versions of this Agreement) and every nature between us. Except as
+                provided for above, any modification to this Agreement must be in writing and
+                must be signed by both parties.</paragraph>
+        </section>
+        <section ids="questions-or-comments" names="questions\ or\ comments">
+            <title>Questions or comments</title>
+            <paragraph>We welcome comments, questions, concerns, or suggestions. Please send us a
+                message on our contact page at <reference refuri="mailto:legal@taler-systems.com">legal@taler-systems.com</reference>.</paragraph>
+        </section>
+    </section>
+</document>
--- a/contrib/tos/tos-v0.rst
+++ b/contrib/tos/tos-v0.rst
--- a/contrib/update-pp.sh
+++ b/contrib/update-pp.sh
@ -14,7 +14,8 @@ cd pp
 for l in $@
 do
    mkdir -p $l
-    echo Generating PP for language $l
+    echo "Generating PP for language $l"
+    cat conf.py.in | sed -e "s/%VERSION%/$VERSION/g" > conf.py
    # 'f' is for the supported formats, note that the 'make' target
    # MUST match the file extension.
    for f in html txt pdf epub xml
@ -22,7 +23,16 @@ do
        rm -rf _build
        echo "  Generating format $f"
        make -e SPHINXOPTS="-D language='$l'" $f >>sphinx.log 2>>sphinx.err < /dev/null
-        mv _build/$f/pp.$f $l/${VERSION}.$f
+        if test $f = "html"
+        then
+            htmlark -o $l/${VERSION}.$f _build/$f/${VERSION}.$f
+        else
+            mv _build/$f/${VERSION}.$f $l/${VERSION}.$f
+        fi
+        if test $f = "txt"
+        then
+            cp $l/${VERSION}.$f $l/${VERSION}.md
+        fi
    done
 done
 cd ..
--- a/contrib/update-tos.sh
+++ b/contrib/update-tos.sh
@ -14,7 +14,8 @@ cd tos
 for l in $@
 do
    mkdir -p $l
-    echo Generating TOS for language $l
+    echo "Generating TOS for language $l"
+    cat conf.py.in | sed -e "s/%VERSION%/$VERSION/g" > conf.py
    # 'f' is for the supported formats, note that the 'make' target
    # MUST match the file extension.
    for f in html txt pdf epub xml
@ -22,7 +23,17 @@ do
        rm -rf _build
        echo "  Generating format $f"
        make -e SPHINXOPTS="-D language='$l'" $f >>sphinx.log 2>>sphinx.err < /dev/null
-        mv _build/$f/tos.$f $l/${VERSION}.$f
+        if test $f = "html"
+        then
+            htmlark -o $l/${VERSION}.$f _build/$f/${VERSION}.$f
+        else
+            mv _build/$f/${VERSION}.$f $l/${VERSION}.$f
+        fi
+        if test $f = "txt"
+        then
+            cp $l/${VERSION}.$f $l/${VERSION}.md
+        fi
    done
 done
 cd ..
+echo "Success"
--- a/debian/changelog
+++ b/debian/changelog
@ -1,3 +1,39 @@
+taler-exchange (0.9.2-3) unstable; urgency=low
+
+  * Improvements to timeout handling when DB is not available yet.
+
+ -- Florian Dold <dold@taler.net>  Tue, 14 Mar 2023 12:30:15 +0100
+
+taler-exchange (0.9.2-2) unstable; urgency=low
+
+  * Further improvements to Debian package.
+
+ -- Christian Grothoff <grothoff@gnu.org>  Sat, 3 Mar 2023 23:50:12 +0200
+
+taler-exchange (0.9.2-1) unstable; urgency=low
+
+  * Minor improvements to Debian package, also adds age-withdraw REST APIs.
+
+ -- Christian Grothoff <grothoff@gnu.org>  Sat, 3 Mar 2023 13:50:12 +0200
+
+taler-exchange (0.9.2) unstable; urgency=low
+
+  * Packaging latest release.
+
+ -- Christian Grothoff <grothoff@gnu.org>  Tue, 21 Feb 2023 13:50:12 +0200
+
+taler-exchange (0.9.1) unstable; urgency=low
+
+  * Packaging latest release.
+
+ -- Christian Grothoff <grothoff@gnu.org>  Tue, 17 Jan 2023 11:50:12 +0200
+
+taler-exchange (0.9.0) unstable; urgency=low
+
+  * Packaging latest release.
+
+ -- Christian Grothoff <grothoff@gnu.org>  Sat, 5 Nov 2022 11:50:12 +0200
+
 taler-exchange (0.8.99-2) unstable; urgency=low

  * Packaging latest pre-release from Git.
--- a/debian/etc-libtalerexchange/taler/taler.conf
+++ b/debian/etc-libtalerexchange/taler/taler.conf
@ -30,6 +30,8 @@
 # systems is always rounded to this unit.
 #currency_round_unit = KUDOS:0.01

+# Monthly amount that mandatorily triggers an AML check
+#AML_THRESHOLD = KUDOS:10000000

 [paths]

--- a/debian/etc-taler-auditor/nginx/sites-available/taler-auditor
+++ b/debian/etc-taler-auditor/nginx/sites-available/taler-auditor
@ -1,7 +1,18 @@
-location /taler-auditor/ {
-         proxy_pass http://unix:/var/lib/taler-auditor/auditor.sock;
-         proxy_redirect off;
-         proxy_set_header Host $host;
-         proxy_set_header X-Forwarded-Host "example.com";
-         proxy_set_header X-Forwarded-Proto "https";
+server {
+
+  listen 80;
+  listen [::]:80;
+
+  server_name localhost;
+
+  access_log /var/log/nginx/auditor.log;
+  error_log /var/log/nginx/auditor.err;
+
+  location /taler-auditor/ {
+    proxy_pass http://unix:/var/lib/taler-auditor/auditor.sock;
+    proxy_redirect off;
+    proxy_set_header Host $host;
+    proxy_set_header X-Forwarded-Host "localhost";
+    #proxy_set_header X-Forwarded-Proto "https";
+  }
 }
--- a/debian/etc-taler-exchange/nginx/sites-available/taler-exchange
+++ b/debian/etc-taler-exchange/nginx/sites-available/taler-exchange
@ -2,13 +2,16 @@ server {
  listen 80;
  listen [::]:80;

-  #server_name example.com;
+  server_name localhost;
+
+  access_log /var/log/nginx/exchange.log;
+  error_log /var/log/nginx/exchange.err;

  location /taler-exchange/ {
     proxy_pass http://unix:/run/taler/exchange-httpd/exchange-http.sock:/;
     proxy_redirect off;
     proxy_set_header Host $host;
-     #proxy_set_header X-Forwarded-Host "example.com";
+     proxy_set_header X-Forwarded-Host "localhost";
     #proxy_set_header X-Forwarded-Proto "https";
  }
 }
--- a/debian/etc-taler-exchange/taler/conf.d/exchange-business.conf
+++ b/debian/etc-taler-exchange/taler/conf.d/exchange-business.conf
@ -6,11 +6,11 @@
 # which you can get using `taler-exchange-offline setup`.
 # This is just an example, your key will be different!
 # MASTER_PUBLIC_KEY = YE6Q6TR1EDB7FD0S68TGDZGF1P0GHJD2S0XVV8R2S62MYJ6HJ4ZG
-MASTER_PUBLIC_KEY =
+# MASTER_PUBLIC_KEY =

 # Publicly visible base URL of the exchange.
 # BASE_URL = https://example.com/
-BASE_URL =
+# BASE_URL =

 # For your terms of service and privacy policy, you should specify
 # an Etag that must be updated whenever there are significant
@ -20,12 +20,14 @@ BASE_URL =
 # TERMS_ETAG =
 # PRIVACY_ETAG =

+SERVE = unix
+UNIXPATH_MODE = 666

 # Bank accounts used by the exchange should be specified here:
 [exchange-account-1]

-enable_credit = yes
-enable_debit = yes
+enable_credit = no
+enable_debit = no

 # Account identifier in the form of an RFC-8905 payto:// URI.
 # For SEPA, looks like payto://sepa/$IBAN?receiver-name=$NAME
@ -34,4 +36,4 @@ payto_uri =

 # Credentials to access the account are in a separate
 # config file with restricted permissions.
-@inline-secret@ exchange-accountcredentials-1 ../secrets/exchange-accountcredentials.secret.conf
+@inline-secret@ exchange-accountcredentials-1 ../secrets/exchange-accountcredentials-1.secret.conf
--- a/debian/etc-taler-exchange/taler/secrets/exchange-accountcredentials-1.secret.conf
+++ b/debian/etc-taler-exchange/taler/secrets/exchange-accountcredentials-1.secret.conf
--- a/debian/etc-taler-exchange/taler/secrets/exchange-db.secret.conf
+++ b/debian/etc-taler-exchange/taler/secrets/exchange-db.secret.conf
@ -4,7 +4,7 @@

 # Typically, there should only be a single line here, of the form:

-CONFIG=postgres:///DATABASE
+# CONFIG=postgres:///DATABASE

 # The details of the URI depend on where the database lives and how
 # access control was configured.
--- a/debian/libtalerexchange-dev.install
+++ b/debian/libtalerexchange-dev.install
@ -10,6 +10,10 @@ usr/bin/taler-exchange-kyc-tester
 usr/bin/taler-nexus-prepare
 usr/bin/taler-bank-manage-testing

+# Man pages
+usr/share/man/man1/taler-exchange-kyc-tester*
+
+
 # Headers
 usr/include/taler/*

--- a/debian/libtalerexchange.install
+++ b/debian/libtalerexchange.install
@ -5,6 +5,5 @@ usr/share/taler/config.d/paths.conf
 usr/share/taler/config.d/taler.conf
 debian/etc-libtalerexchange/* etc/
 usr/bin/taler-config
-usr/bin/taler-crypto-worker
 usr/share/man/man5/taler.conf.5
 usr/share/man/man1/taler-config*
--- a/debian/taler-exchange-offline.postinst
+++ b/debian/taler-exchange-offline.postinst
@ -4,20 +4,21 @@ set -e

 . /usr/share/debconf/confmodule

-TALER_HOME="/var/lib/taler"
-
 case "${1}" in
 configure)

  if ! getent group taler-exchange-offline >/dev/null; then
-    addgroup --quiet --system taler-exchange-offline
+    addgroup --quiet taler-exchange-offline
  fi

  if ! getent passwd taler-exchange-offline >/dev/null; then
-    adduser --quiet --system \
+    adduser --quiet \
+      --disabled-password \
+      --system \
+      --shell /bin/bash \
+      --home /home/taler-exchange-offline \
      --ingroup taler-exchange-offline \
-      --no-create-home \
-      --home ${TALER_HOME} taler-exchange-offline
+      taler-exchange-offline
  fi

  ;;
--- a/debian/taler-exchange.install
+++ b/debian/taler-exchange.install
@ -12,9 +12,11 @@ usr/bin/taler-exchange-transfer
 usr/bin/taler-exchange-wirewatch
 usr/bin/taler-exchange-wire-gateway-client
 usr/lib/*/taler/libtaler_plugin_kyclogic_*.so
+usr/lib/*/taler/libtaler_extension_*.so
 usr/share/man/man1/taler-exchange-aggregator*
 usr/share/man/man1/taler-exchange-closer*
 usr/share/man/man1/taler-exchange-dbinit*
+usr/share/man/man1/taler-exchange-drain*
 usr/share/man/man1/taler-exchange-expire*
 usr/share/man/man1/taler-exchange-httpd*
 usr/share/man/man1/taler-exchange-router*
--- a/debian/taler-exchange.postinst
+++ b/debian/taler-exchange.postinst
@ -30,6 +30,7 @@ configure)
  if ! getent passwd ${_EUSERNAME} >/dev/null; then
    adduser --quiet --system --no-create-home --ingroup ${_GROUPNAME} --home ${TALER_HOME} ${_EUSERNAME}
    adduser --quiet ${_EUSERNAME} ${_DBGROUPNAME}
+    adduser --quiet ${_EUSERNAME} ${_GROUPNAME}
  fi
  if ! getent passwd ${_RSECUSERNAME} >/dev/null; then
    adduser --quiet --system --no-create-home --ingroup ${_GROUPNAME} --home ${TALER_HOME} ${_RSECUSERNAME}
@ -53,10 +54,10 @@ configure)
    adduser --quiet ${_AGGRUSERNAME} ${_DBGROUPNAME}
  fi

-  if ! dpkg-statoverride --list /etc/taler/secrets/exchange-accountcredentials.secret.conf >/dev/null 2>&1; then
+  if ! dpkg-statoverride --list /etc/taler/secrets/exchange-accountcredentials-1.secret.conf >/dev/null 2>&1; then
    dpkg-statoverride --add --update \
      ${_WIREUSERNAME} root 460 \
-      /etc/taler/secrets/exchange-accountcredentials.secret.conf
+      /etc/taler/secrets/exchange-accountcredentials-1.secret.conf
  fi

  if ! dpkg-statoverride --list /etc/taler/secrets/exchange-db.secret.conf >/dev/null 2>&1; then
--- a/debian/taler-exchange.taler-exchange-aggregator.service
+++ b/debian/taler-exchange.taler-exchange-aggregator.service
@ -1,12 +1,13 @@
 [Unit]
 Description=GNU Taler payment system exchange aggregator service
 PartOf=taler-exchange.target
+After=postgres.service

 [Service]
 User=taler-exchange-aggregator
 Type=simple
 Restart=always
-RestartSec=100ms
+RestartSec=1s
 ExecStart=/usr/bin/taler-exchange-aggregator -c /etc/taler/taler.conf
 StandardOutput=journal
 StandardError=journal
@ -14,3 +15,4 @@ PrivateTmp=yes
 PrivateDevices=yes
 ProtectSystem=full
 Slice=taler-exchange.slice
+RuntimeMaxSec=3600s
--- a/debian/taler-exchange.taler-exchange-aggregator@.service
+++ b/debian/taler-exchange.taler-exchange-aggregator@.service
@ -6,7 +6,7 @@ PartOf=taler-exchange.target
 User=taler-exchange-aggregator
 Type=simple
 Restart=always
-RestartSec=100ms
+RestartSec=1s
 ExecStart=/usr/bin/taler-exchange-aggregator -c /etc/taler/taler.conf
 StandardOutput=journal
 StandardError=journal
@ -14,3 +14,4 @@ PrivateTmp=yes
 PrivateDevices=yes
 ProtectSystem=full
 Slice=taler-exchange.slice
+RuntimeMaxSec=3600s
--- a/debian/taler-exchange.taler-exchange-closer.service
+++ b/debian/taler-exchange.taler-exchange-closer.service
@ -1,12 +1,13 @@
 [Unit]
 Description=GNU Taler payment system exchange closer service
 PartOf=taler-exchange.target
+After=network.target postgres.service

 [Service]
 User=taler-exchange-closer
 Type=simple
 Restart=always
-RestartSec=100ms
+RestartSec=1s
 ExecStart=/usr/bin/taler-exchange-closer -c /etc/taler/taler.conf
 StandardOutput=journal
 StandardError=journal
@ -14,3 +15,4 @@ PrivateTmp=yes
 PrivateDevices=yes
 ProtectSystem=full
 Slice=taler-exchange.slice
+RuntimeMaxSec=3600s
--- a/debian/taler-exchange.taler-exchange-expire.service
+++ b/debian/taler-exchange.taler-exchange-expire.service
@ -1,12 +1,13 @@
 [Unit]
 Description=GNU Taler payment system exchange expire service
 PartOf=taler-exchange.target
+After=postgres.service

 [Service]
 User=taler-exchange-expire
 Type=simple
 Restart=always
-RestartSec=100ms
+RestartSec=1s
 ExecStart=/usr/bin/taler-exchange-expire -c /etc/taler/taler.conf
 StandardOutput=journal
 StandardError=journal
@ -14,3 +15,4 @@ PrivateTmp=yes
 PrivateDevices=yes
 ProtectSystem=full
 Slice=taler-exchange.slice
+RuntimeMaxSec=3600s
--- a/debian/taler-exchange.taler-exchange-httpd.service
+++ b/debian/taler-exchange.taler-exchange-httpd.service
@ -8,11 +8,19 @@ PartOf=taler-exchange.target
 [Service]
 User=taler-exchange-httpd
 Type=simple
-# Depending on the configuration, the service suicides and then
-# needs to be restarted.
+
+# Depending on the configuration, the service process kills itself and then
+# needs to be restarted. Thus no significant delay on restarts.
 Restart=always
-# Do not dally on restarts.
 RestartSec=1ms
+
+# Disable the service if more than 5 restarts are encountered within 5s.
+# These are usually the systemd defaults, but can be overwritten, thus we set
+# them here explicitly, as the exchange code assumes StartLimitInterval
+# to be >=5s.
+StartLimitBurst=5
+StartLimitInterval=5s
+
 ExecStart=/usr/bin/taler-exchange-httpd -c /etc/taler/taler.conf
 StandardOutput=journal
 StandardError=journal
--- a/debian/taler-exchange.taler-exchange-transfer.service
+++ b/debian/taler-exchange.taler-exchange-transfer.service
@ -1,13 +1,13 @@
 [Unit]
 Description=Taler Exchange Transfer Service
-After=network.target
+After=network.target postgres.service
 PartOf=taler-exchange.target

 [Service]
 User=taler-exchange-wire
 Type=simple
 Restart=always
-RestartSec=100ms
+RestartSec=1s
 ExecStart=/usr/bin/taler-exchange-transfer -c /etc/taler/taler.conf
 StandardOutput=journal
 StandardError=journal
@ -15,3 +15,4 @@ PrivateTmp=yes
 PrivateDevices=yes
 ProtectSystem=full
 Slice=taler-exchange.slice
+RuntimeMaxSec=3600s
--- a/debian/taler-exchange.taler-exchange-wirewatch.service
+++ b/debian/taler-exchange.taler-exchange-wirewatch.service
@ -1,13 +1,14 @@
 [Unit]
 Description=GNU Taler payment system exchange wirewatch service
-After=network.target
+After=network.target postgres.service
 PartOf=taler-exchange.target

 [Service]
 User=taler-exchange-wire
 Type=simple
 Restart=always
-RestartSec=100ms
+RestartSec=1s
+RuntimeMaxSec=3600s
 ExecStart=/usr/bin/taler-exchange-wirewatch -c /etc/taler/taler.conf
 StandardOutput=journal
 StandardError=journal
--- a/debian/taler-exchange.taler-exchange-wirewatch@.service
+++ b/debian/taler-exchange.taler-exchange-wirewatch@.service
@ -7,7 +7,7 @@ PartOf=taler-exchange.target
 User=taler-exchange-wire
 Type=simple
 Restart=always
-RestartSec=100ms
+RestartSec=1s
 ExecStart=/usr/bin/taler-exchange-wirewatch -c /etc/taler/taler.conf
 StandardOutput=journal
 StandardError=journal
@ -15,3 +15,4 @@ PrivateTmp=yes
 PrivateDevices=yes
 ProtectSystem=full
 Slice=taler-exchange.slice
+RuntimeMaxSec=3600s
--- a/debian/taler-exchange.tmpfiles
+++ b/debian/taler-exchange.tmpfiles
@ -1,7 +1,8 @@
 #Type Path        Mode UID  GID  Age Argument
 d /run/taler/exchange-secmod-rsa 0755 taler-exchange-secmod-rsa taler-exchange-secmod  - -
+d /run/taler/exchange-secmod-cs 0755 taler-exchange-secmod-cs taler-exchange-secmod  - -
 d /run/taler/exchange-secmod-eddsa 0755 taler-exchange-secmod-eddsa taler-exchange-secmod  - -
 d /run/taler/exchange-httpd 0750 taler-exchange-httpd www-data  - -
-d /var/lib/taler/exchange-offline 0700 taler-exchange-offline taler-exchange-offline  - -
+d /var/lib/taler/exchange-secmod-cs 0700 taler-exchange-secmod-cs taler-exchange-secmod  - -
 d /var/lib/taler/exchange-secmod-rsa 0700 taler-exchange-secmod-rsa taler-exchange-secmod  - -
 d /var/lib/taler/exchange-secmod-eddsa 0700 taler-exchange-secmod-eddsa taler-exchange-secmod  - -
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@ -21,19 +21,22 @@ man_MANS = \
  prebuilt/man/taler-exchange-benchmark.1  \
  prebuilt/man/taler-exchange-closer.1     \
  prebuilt/man/taler-exchange-dbinit.1  \
+  prebuilt/man/taler-exchange-drain.1  \
  prebuilt/man/taler-exchange-expire.1  \
  prebuilt/man/taler-exchange-httpd.1       \
+  prebuilt/man/taler-exchange-kyc-tester.1       \
  prebuilt/man/taler-exchange-offline.1    \
+  prebuilt/man/taler-exchange-router.1\
  prebuilt/man/taler-exchange-secmod-cs.1\
  prebuilt/man/taler-exchange-secmod-eddsa.1\
  prebuilt/man/taler-exchange-secmod-rsa.1 \
-  prebuilt/man/taler-exchange-router.1\
  prebuilt/man/taler-exchange-transfer.1\
-  prebuilt/man/taler-exchange-wirewatch.1   \
  prebuilt/man/taler-exchange-wire-gateway-client.1\
+  prebuilt/man/taler-exchange-wirewatch.1   \
  prebuilt/man/taler-helper-auditor-aggregation.1 \
  prebuilt/man/taler-helper-auditor-coins.1\
  prebuilt/man/taler-helper-auditor-deposits.1\
+  prebuilt/man/taler-helper-auditor-purses.1\
  prebuilt/man/taler-helper-auditor-reserves.1\
  prebuilt/man/taler-helper-auditor-wire.1

--- a/doc/prebuilt
+++ b/doc/prebuilt
@ -1 +1 @@
-Subproject commit b988d98d4856758484eb23c27bfdc9e602d4235a
+Subproject commit 8452f991dd967328207fab52a99beb19e2cb4dff
--- a/src/Makefile.am
+++ b/src/Makefile.am
@ -32,5 +32,6 @@ SUBDIRS = \
  auditor \
  lib \
  exchange-tools \
+  extensions/age_restriction \
  testing \
  benchmark
--- a/src/auditor/.gitignore
+++ b/src/auditor/.gitignore
@ -23,3 +23,4 @@ auditor-basedb.sqlite3
 taler-auditor-test.sqlite3
 libeufin-nexus.pid
 libeufin-sandbox.pid
+taler-helper-auditor-purses
--- a/src/auditor/Makefile.am
+++ b/src/auditor/Makefile.am
@ -22,6 +22,7 @@ bin_PROGRAMS = \
  taler-helper-auditor-aggregation \
  taler-helper-auditor-coins \
  taler-helper-auditor-deposits \
+  taler-helper-auditor-purses \
  taler-helper-auditor-reserves \
  taler-helper-auditor-wire

@ -65,21 +66,6 @@ taler_auditor_dbinit_CPPFLAGS = \
  -I$(top_srcdir)/src/pq/ \
  $(POSTGRESQL_CPPFLAGS)

-taler_helper_auditor_reserves_SOURCES = \
-  taler-helper-auditor-reserves.c
-taler_helper_auditor_reserves_LDADD = \
-  $(LIBGCRYPT_LIBS) \
-  $(top_builddir)/src/util/libtalerutil.la \
-  $(top_builddir)/src/json/libtalerjson.la \
-  $(top_builddir)/src/bank-lib/libtalerbank.la \
-  $(top_builddir)/src/exchangedb/libtalerexchangedb.la \
-  $(top_builddir)/src/auditordb/libtalerauditordb.la \
-  libauditorreport.la \
-  -ljansson \
-  -lgnunetjson \
-  -lgnunetutil \
-  $(XLIB)
-
 taler_helper_auditor_coins_SOURCES = \
  taler-helper-auditor-coins.c
 taler_helper_auditor_coins_LDADD = \
@ -125,6 +111,38 @@ taler_helper_auditor_deposits_LDADD = \
  -lgnunetutil \
  $(XLIB)

+taler_helper_auditor_purses_SOURCES = \
+  taler-helper-auditor-purses.c
+taler_helper_auditor_purses_LDADD = \
+  $(LIBGCRYPT_LIBS) \
+  $(top_builddir)/src/util/libtalerutil.la \
+  $(top_builddir)/src/json/libtalerjson.la \
+  $(top_builddir)/src/bank-lib/libtalerbank.la \
+  $(top_builddir)/src/exchangedb/libtalerexchangedb.la \
+  $(top_builddir)/src/auditordb/libtalerauditordb.la \
+  libauditorreport.la \
+  -ljansson \
+  -lgnunetjson \
+  -lgnunetutil \
+  $(XLIB)
+
+taler_helper_auditor_reserves_SOURCES = \
+  taler-helper-auditor-reserves.c
+taler_helper_auditor_reserves_LDADD = \
+  $(LIBGCRYPT_LIBS) \
+  $(top_builddir)/src/util/libtalerutil.la \
+  $(top_builddir)/src/json/libtalerjson.la \
+  $(top_builddir)/src/bank-lib/libtalerbank.la \
+  $(top_builddir)/src/exchangedb/libtalerexchangedb.la \
+  $(top_builddir)/src/auditordb/libtalerauditordb.la \
+  libauditorreport.la \
+  -ljansson \
+  -lgnunetjson \
+  -lgnunetutil \
+  $(XLIB)
+
+
+
 taler_helper_auditor_wire_SOURCES = \
  taler-helper-auditor-wire.c
 taler_helper_auditor_wire_LDADD = \
--- a/src/auditor/batch.sh
+++ b/src/auditor/batch.sh
@ -193,7 +193,7 @@ echo " DONE"

 echo -n "Setting up merchant"

-curl -H "Content-Type: application/json" -X POST -d '{"auth":{"method":"external"},"payto_uris":["payto://x-taler-bank/localhost/43"],"id":"default","name":"default","address":{},"jurisdiction":{},"default_max_wire_fee":"TESTKUDOS:1", "default_max_deposit_fee":"TESTKUDOS:1","default_wire_fee_amortization":1,"default_wire_transfer_delay":{"d_us" : 3600000000},"default_pay_delay":{"d_us": 3600000000}}' http://localhost:9966/management/instances
+curl -H "Content-Type: application/json" -X POST -d '{"auth":{"method":"external"},"accounts":[{"payto_uri":"payto://x-taler-bank/localhost/43"}],"id":"default","name":"default","address":{},"jurisdiction":{},"default_max_wire_fee":"TESTKUDOS:1", "default_max_deposit_fee":"TESTKUDOS:1","default_wire_fee_amortization":1,"default_wire_transfer_delay":{"d_us" : 3600000000},"default_pay_delay":{"d_us": 3600000000}}' http://localhost:9966/management/instances


 echo " DONE"
@ -214,7 +214,7 @@ bash
 #    {
 #      amountToSpend: "TESTKUDOS:4",
 #      amountToWithdraw: "TESTKUDOS:10",
-#      bankBaseUrl: $BANK_URL,
+#      bankAccessApiBaseUrl: $BANK_URL,
 #      exchangeBaseUrl: $EXCHANGE_URL,
 #      merchantBaseUrl: $MERCHANT_URL,
 #    }' \
--- a/src/auditor/generate-auditor-basedb.conf
+++ b/src/auditor/generate-auditor-basedb.conf
@ -141,6 +141,7 @@ CONFIG = /research/taler/exchange/src/auditor/auditor-basedb.conf
 [taler]
 CURRENCY_ROUND_UNIT = TESTKUDOS:0.01
 CURRENCY = TESTKUDOS
+AML_THRESHOLD = TESTKUDOS:1000000

 [merchantdb-postgres]
 CONFIG = postgres:///auditor-basedb
--- a/src/auditor/generate-auditor-basedb.sh
+++ b/src/auditor/generate-auditor-basedb.sh
@ -16,24 +16,6 @@
 set -eu
 #set -x

-function get_iban() {
-    export LIBEUFIN_SANDBOX_USERNAME=$1
-    export LIBEUFIN_SANDBOX_PASSWORD=$2
-    export LIBEUFIN_SANDBOX_URL=$BANK_URL
-    cd $MY_TMP_DIR
-    libeufin-cli sandbox demobank info --bank-account $1 | jq --raw-output '.iban'
-    cd $ORIGIN
-}
-
-function get_payto_uri() {
-    export LIBEUFIN_SANDBOX_USERNAME=$1
-    export LIBEUFIN_SANDBOX_PASSWORD=$2
-    export LIBEUFIN_SANDBOX_URL=$BANK_URL
-    cd $MY_TMP_DIR
-    libeufin-cli sandbox demobank info --bank-account $1 | jq --raw-output '.paytoUri'
-    cd $ORIGIN
-}
-
 # Cleanup to run whenever we exit
 function exit_cleanup()
 {
@ -120,7 +102,7 @@ export EXCHANGE_URL=`taler-config -c $CONF -s EXCHANGE -o BASE_URL`
 MERCHANT_PORT=`taler-config -c $CONF -s MERCHANT -o PORT`
 export MERCHANT_URL=http://localhost:${MERCHANT_PORT}/
 BANK_PORT=`taler-config -c $CONF -s BANK -o HTTP_PORT`
-BANK_URL="http://localhost:1${BANK_PORT}/demobanks/default"
+BANK_URL="http://localhost:1${BANK_PORT}"
 export AUDITOR_URL=http://localhost:8083/
 AUDITOR_PRIV_FILE=$1.apriv
 AUDITOR_PRIV_DIR=`dirname $AUDITOR_PRIV_FILE`
@ -157,27 +139,29 @@ taler-auditor-exchange -c $CONF -m $MASTER_PUB -u $EXCHANGE_URL || exit_skip "Fa
 # Launch services
 echo "Launching services (pre audit DB: $TARGET_DB)"

+rm -rf ${TARGET_DB}-sandbox.sqlite3
 export LIBEUFIN_SANDBOX_DB_CONNECTION="jdbc:sqlite:${TARGET_DB}-sandbox.sqlite3"
 # Create the default demobank.
 cd $MY_TMP_DIR
-libeufin-sandbox config --currency "TESTKUDOS" default
 export LIBEUFIN_SANDBOX_ADMIN_PASSWORD=secret
+libeufin-sandbox config --currency "TESTKUDOS" default
 libeufin-sandbox serve --port "1${BANK_PORT}" \
  > ${MY_TMP_DIR}/libeufin-sandbox-stdout.log \
  2> ${MY_TMP_DIR}/libeufin-sandbox-stderr.log &
 echo $! > ${MY_TMP_DIR}/libeufin-sandbox.pid
 cd $ORIGIN
-export LIBEUFIN_SANDBOX_URL="http://localhost:1${BANK_PORT}/demobanks/default"
+export LIBEUFIN_SANDBOX_URL="http://localhost:1${BANK_PORT}"
 set +e
 echo -n "Waiting for Sandbox..."
 OK=0
-for n in `seq 1 50`; do
+for n in `seq 1 100`; do
  echo -n "."
  sleep 1
  if wget --timeout=1 \
+    --user admin --password secret --auth-no-challenge \
    --tries=3 --waitretry=0 \
    -o /dev/null -O /dev/null \
-    $LIBEUFIN_SANDBOX_URL;
+    ${LIBEUFIN_SANDBOX_URL};
  then
    OK=1
    break
@ -240,6 +224,7 @@ unset LIBEUFIN_SANDBOX_USERNAME
 unset LIBEUFIN_SANDBOX_PASSWORD
 # Prepare Nexus, which is the side actually talking
 # to the exchange.
+rm -rf ${TARGET_DB}-nexus.sqlite3
 export LIBEUFIN_NEXUS_DB_CONNECTION="jdbc:sqlite:${TARGET_DB}-nexus.sqlite3"
 # For convenience, username and password are
 # identical to those used at the Sandbox.
@ -333,7 +318,12 @@ taler-exchange-httpd -c $CONF 2> ${MY_TMP_DIR}/taler-exchange-httpd.log &
 taler-merchant-httpd -c $CONF -L INFO 2> ${MY_TMP_DIR}/taler-merchant-httpd.log &
 taler-exchange-wirewatch -c $CONF 2> ${MY_TMP_DIR}/taler-exchange-wirewatch.log &
 taler-auditor-httpd -L INFO -c $CONF 2> ${MY_TMP_DIR}/taler-auditor-httpd.log &
+export BANK_PORT
+export EXCHANGE_URL
+export MERCHANT_URL
+export AUDITOR_URL

+echo -n "Waiting for services to be available "
 # Wait for all bank to be available (usually the slowest)
 for n in `seq 1 50`
 do
@ -341,14 +331,14 @@ do
    sleep 0.2
    OK=0
    # bank
-    wget http://localhost:8082/ -o /dev/null -O /dev/null >/dev/null || continue
+    wget http://localhost:${BANK_PORT}/ -o /dev/null -O /dev/null >/dev/null || continue
    OK=1
    break
 done

 if [ 1 != $OK ]
 then
-    exit_skip "Failed to launch services"
+    exit_skip "Failed to launch services (bank)"
 fi

 # Wait for all services to be available
@ -358,26 +348,27 @@ do
    sleep 0.1
    OK=0
    # exchange
-    wget http://localhost:8081/seed -o /dev/null -O /dev/null >/dev/null || continue
+    wget ${EXCHANGE_URL}seed -o /dev/null -O /dev/null >/dev/null || continue
    # merchant
-    wget http://localhost:9966/ -o /dev/null -O /dev/null >/dev/null || continue
+    wget ${MERCHANT_URL} -o /dev/null -O /dev/null >/dev/null || continue
    # Auditor
-    wget http://localhost:8083/ -o /dev/null -O /dev/null >/dev/null || continue
+    wget ${AUDITOR_URL} -o /dev/null -O /dev/null >/dev/null || continue
    OK=1
    break
 done

 if [ 1 != $OK ]
 then
-    exit_skip "Failed to launch services"
+    bash
+    exit_skip "Failed to launch services (Taler)"
 fi
 echo -n "Setting up keys"
 taler-exchange-offline -c $CONF \
  download sign \
  enable-account `taler-config -c $CONF -s exchange-account-1 -o PAYTO_URI` \
  enable-auditor $AUDITOR_PUB $AUDITOR_URL "TESTKUDOS Auditor" \
-  wire-fee now iban TESTKUDOS:0.07 TESTKUDOS:0.01 TESTKUDOS:0.01 \
-  global-fee now TESTKUDOS:0.01 TESTKUDOS:0.01 TESTKUDOS:0.01 TESTKUDOS:0.01 1h 1h 1year 5 \
+  wire-fee now iban TESTKUDOS:0.07 TESTKUDOS:0.01 \
+  global-fee now TESTKUDOS:0.01 TESTKUDOS:0.01 TESTKUDOS:0.01 1h 1year 5 \
  upload &> ${MY_TMP_DIR}/taler-exchange-offline.log

 echo -n "."
@ -407,7 +398,7 @@ echo " DONE"

 echo -n "Setting up merchant"

-curl -H "Content-Type: application/json" -X POST -d '{"auth":{"method":"external"},"payto_uris":["payto://iban/SANDBOXX/DE474361?receiver-name=Merchant43"],"id":"default","name":"default","address":{},"jurisdiction":{},"default_max_wire_fee":"TESTKUDOS:1", "default_max_deposit_fee":"TESTKUDOS:1","default_wire_fee_amortization":1,"default_wire_transfer_delay":{"d_us" : 3600000000},"default_pay_delay":{"d_us": 3600000000}}' http://localhost:9966/management/instances
+curl -H "Content-Type: application/json" -X POST -d '{"auth":{"method":"external"},"accounts":[{"payto_uri":"payto://iban/SANDBOXX/DE474361?receiver-name=Merchant43"}],"id":"default","name":"default","address":{},"jurisdiction":{},"default_max_wire_fee":"TESTKUDOS:1", "default_max_deposit_fee":"TESTKUDOS:1","default_wire_fee_amortization":1,"default_wire_transfer_delay":{"d_us" : 3600000000},"default_pay_delay":{"d_us": 3600000000}}' http://localhost:9966/management/instances


 echo " DONE"
@ -420,13 +411,13 @@ taler-wallet-cli --no-throttle --wallet-db=$WALLET_DB api --expect-success 'runI
    {
      amountToSpend: "TESTKUDOS:4",
      amountToWithdraw: "TESTKUDOS:10",
-      bankBaseUrl: $BANK_URL,
+      bankAccessApiBaseUrl: $BANK_URL,
      exchangeBaseUrl: $EXCHANGE_URL,
      merchantBaseUrl: $MERCHANT_URL,
    }' \
    --arg MERCHANT_URL "$MERCHANT_URL" \
    --arg EXCHANGE_URL "$EXCHANGE_URL" \
-    --arg BANK_URL "$BANK_URL/access-api/"
+    --arg BANK_URL "$BANK_URL/demobanks/default/access-api/"
  )" &> ${MY_TMP_DIR}/taler-wallet-cli.log

 echo "Shutting down services"
--- a/src/auditor/generate-revoke-basedb.sh
+++ b/src/auditor/generate-revoke-basedb.sh
@ -103,7 +103,7 @@ export EXCHANGE_URL=`taler-config -c $CONF -s EXCHANGE -o BASE_URL`
 MERCHANT_PORT=`taler-config -c $CONF -s MERCHANT -o PORT`
 export MERCHANT_URL=http://localhost:${MERCHANT_PORT}/
 BANK_PORT=`taler-config -c $CONF -s BANK -o HTTP_PORT`
-export BANK_URL=http://localhost:1${BANK_PORT}/demobanks/default
+export BANK_URL=http://localhost:1${BANK_PORT}
 export AUDITOR_URL=http://localhost:8083/
 AUDITOR_PRIV_FILE=$1.apriv
 AUDITOR_PRIV_DIR=`dirname $AUDITOR_PRIV_FILE`
@ -145,14 +145,14 @@ echo "Launching services"
 export LIBEUFIN_SANDBOX_DB_CONNECTION="jdbc:sqlite:${TARGET_DB}-sandbox.sqlite3"
 # Create the default demobank.
 cd $MY_TMP_DIR
-libeufin-sandbox config --currency "TESTKUDOS" default
 export LIBEUFIN_SANDBOX_ADMIN_PASSWORD=secret
+libeufin-sandbox config --currency "TESTKUDOS" default
 libeufin-sandbox serve --port "1${BANK_PORT}" \
  > ${MY_TMP_DIR}/libeufin-sandbox-stdout.log \
  2> ${MY_TMP_DIR}/libeufin-sandbox-stderr.log &
 echo $! > ${MY_TMP_DIR}/libeufin-sandbox.pid
 cd $ORIGIN
-export LIBEUFIN_SANDBOX_URL="http://localhost:1${BANK_PORT}/demobanks/default"
+export LIBEUFIN_SANDBOX_URL="http://localhost:1${BANK_PORT}"
 set +e
 echo -n "Waiting for Sandbox..."
 OK=0
@ -160,9 +160,10 @@ for n in `seq 1 50`; do
  echo -n "."
  sleep 1
  if wget --timeout=1 \
+    --user admin --password secret --auth-no-challenge \
    --tries=3 --waitretry=0 \
    -o /dev/null -O /dev/null \
-    $LIBEUFIN_SANDBOX_URL;
+    ${LIBEUFIN_SANDBOX_URL};
  then
    OK=1
    break
@ -369,8 +370,8 @@ taler-exchange-offline -c $CONF \
  download sign \
  enable-account `taler-config -c $CONF -s exchange-account-1 -o PAYTO_URI` \
  enable-auditor $AUDITOR_PUB $AUDITOR_URL "TESTKUDOS Auditor" \
-  wire-fee now iban TESTKUDOS:0.01 TESTKUDOS:0.01 TESTKUDOS:0.01 \
-  global-fee now TESTKUDOS:0.01 TESTKUDOS:0.01 TESTKUDOS:0.01 TESTKUDOS:0.01 1h 1h 1year 5 \
+  wire-fee now iban TESTKUDOS:0.01 TESTKUDOS:0.01 \
+  global-fee now TESTKUDOS:0.01 TESTKUDOS:0.01 TESTKUDOS:0.01 1h 1year 5 \
  upload &> ${MY_TMP_DIR}/taler-exchange-offline.log

 echo -n "."
@ -399,7 +400,7 @@ echo " DONE"
 # Setup merchant
 echo -n "Setting up merchant"

-curl -H "Content-Type: application/json" -X POST -d '{"auth": {"method": "external"}, "payto_uris":["payto://iban/SANDBOXX/DE474361?receiver-name=Merchant43"],"id":"default","name":"default","address":{},"jurisdiction":{},"default_max_wire_fee":"TESTKUDOS:1", "default_max_deposit_fee":"TESTKUDOS:1","default_wire_fee_amortization":1,"default_wire_transfer_delay":{"d_us" : 3600000000},"default_pay_delay":{"d_us": 3600000000}}' http://localhost:9966/management/instances
+curl -H "Content-Type: application/json" -X POST -d '{"auth": {"method": "external"}, "accounts":[{"payto_uri":"payto://iban/SANDBOXX/DE474361?receiver-name=Merchant43"}],"id":"default","name":"default","address":{},"jurisdiction":{},"default_max_wire_fee":"TESTKUDOS:1", "default_max_deposit_fee":"TESTKUDOS:1","default_wire_fee_amortization":1,"default_wire_transfer_delay":{"d_us" : 3600000000},"default_pay_delay":{"d_us": 3600000000}}' http://localhost:9966/management/instances


 # run wallet CLI
@ -409,10 +410,10 @@ taler-wallet-cli --no-throttle --wallet-db=$WALLET_DB api --expect-success 'with
  "$(jq -n '
    {
      amount: "TESTKUDOS:8",
-      bankBaseUrl: $BANK_URL,
+      bankAccessApiBaseUrl: $BANK_URL,
      exchangeBaseUrl: $EXCHANGE_URL,
    }' \
-    --arg BANK_URL "$BANK_URL/access-api/" \
+    --arg BANK_URL "$BANK_URL/demobanks/default/access-api/" \
    --arg EXCHANGE_URL $EXCHANGE_URL
  )"

--- a/src/auditor/taler-auditor-httpd_deposit-confirmation.c
+++ b/src/auditor/taler-auditor-httpd_deposit-confirmation.c
@ -227,7 +227,7 @@ verify_and_execute_deposit_confirmation (
      TALER_exchange_online_deposit_confirmation_verify (
        &dc->h_contract_terms,
        &dc->h_wire,
-        NULL /* h_extensions! */,
+        &dc->h_policy,
        dc->exchange_timestamp,
        dc->wire_deadline,
        dc->refund_deadline,
@ -271,19 +271,23 @@ TAH_DEPOSIT_CONFIRMATION_handler (struct TAH_RequestHandler *rh,
                                  const char *upload_data,
                                  size_t *upload_data_size)
 {
-  struct TALER_AUDITORDB_DepositConfirmation dc;
+  struct TALER_AUDITORDB_DepositConfirmation dc = {
+    .refund_deadline = GNUNET_TIME_UNIT_ZERO_TS
+  };
  struct TALER_AUDITORDB_ExchangeSigningKey es;
  struct GNUNET_JSON_Specification spec[] = {
    GNUNET_JSON_spec_fixed_auto ("h_contract_terms",
                                 &dc.h_contract_terms),
-    GNUNET_JSON_spec_fixed_auto ("h_extensions",
-                                 &dc.h_extensions),
+    GNUNET_JSON_spec_fixed_auto ("h_policy",
+                                 &dc.h_policy),
    GNUNET_JSON_spec_fixed_auto ("h_wire",
                                 &dc.h_wire),
    GNUNET_JSON_spec_timestamp ("exchange_timestamp",
                                &dc.exchange_timestamp),
-    GNUNET_JSON_spec_timestamp ("refund_deadline",
-                                &dc.refund_deadline),
+    GNUNET_JSON_spec_mark_optional (
+      GNUNET_JSON_spec_timestamp ("refund_deadline",
+                                  &dc.refund_deadline),
+      NULL),
    GNUNET_JSON_spec_timestamp ("wire_deadline",
                                &dc.wire_deadline),
    TALER_JSON_spec_amount ("amount_without_fee",
--- a/src/auditor/taler-auditor-sync.c
+++ b/src/auditor/taler-auditor-sync.c
@ -92,9 +92,13 @@ static struct Table tables[] = {
  { .rt = TALER_EXCHANGEDB_RT_DENOMINATIONS},
  { .rt = TALER_EXCHANGEDB_RT_DENOMINATION_REVOCATIONS},
  { .rt = TALER_EXCHANGEDB_RT_WIRE_TARGETS},
+  { .rt = TALER_EXCHANGEDB_RT_LEGITIMIZATION_PROCESSES},
+  { .rt = TALER_EXCHANGEDB_RT_LEGITIMIZATION_REQUIREMENTS},
  { .rt = TALER_EXCHANGEDB_RT_RESERVES},
  { .rt = TALER_EXCHANGEDB_RT_RESERVES_IN},
  { .rt = TALER_EXCHANGEDB_RT_RESERVES_CLOSE},
+  { .rt = TALER_EXCHANGEDB_RT_RESERVES_OPEN_REQUESTS},
+  { .rt = TALER_EXCHANGEDB_RT_RESERVES_OPEN_DEPOSITS},
  { .rt = TALER_EXCHANGEDB_RT_RESERVES_OUT},
  { .rt = TALER_EXCHANGEDB_RT_AUDITORS},
  { .rt = TALER_EXCHANGEDB_RT_AUDITOR_DENOM_SIGS},
@ -113,9 +117,10 @@ static struct Table tables[] = {
  { .rt = TALER_EXCHANGEDB_RT_RECOUP},
  { .rt = TALER_EXCHANGEDB_RT_RECOUP_REFRESH },
  { .rt = TALER_EXCHANGEDB_RT_EXTENSIONS},
-  { .rt = TALER_EXCHANGEDB_RT_EXTENSION_DETAILS },
+  { .rt = TALER_EXCHANGEDB_RT_POLICY_DETAILS },
+  { .rt = TALER_EXCHANGEDB_RT_POLICY_FULFILLMENTS },
  { .rt = TALER_EXCHANGEDB_RT_PURSE_REQUESTS},
-  { .rt = TALER_EXCHANGEDB_RT_PURSE_REFUNDS},
+  { .rt = TALER_EXCHANGEDB_RT_PURSE_DECISION},
  { .rt = TALER_EXCHANGEDB_RT_PURSE_MERGES},
  { .rt = TALER_EXCHANGEDB_RT_PURSE_DEPOSITS},
  { .rt = TALER_EXCHANGEDB_RT_ACCOUNT_MERGES},
@ -155,7 +160,7 @@ struct InsertContext
 * @return #GNUNET_OK to continue to iterate,
 *         #GNUNET_SYSERR to fail with an error
 */
-static int
+static enum GNUNET_GenericReturnValue
 do_insert (void *cls,
           const struct TALER_EXCHANGEDB_TableData *td)
 {
@ -388,7 +393,7 @@ do_sync (void *cls)
 * @param value actual value of the option (a string)
 * @return #GNUNET_OK
 */
-static int
+static enum GNUNET_GenericReturnValue
 set_filename (struct GNUNET_GETOPT_CommandLineProcessorContext *ctx,
              void *scls,
              const char *option,
--- a/src/auditor/taler-auditor.in
+++ b/src/auditor/taler-auditor.in
@ -84,13 +84,14 @@ ARGS=("$@")
 ARGS=(${ARGS[@]/$INF})

 DIR=`mktemp -d reportXXXXXX`
-for n in aggregation coins deposits reserves
+for n in aggregation coins deposits purses reserves
 do
  taler-helper-auditor-$n ${ARGS[*]} > ${DIR}/$n.json
 done

 taler-helper-auditor-wire $INF ${ARGS[*]} > ${DIR}/wire.json

+echo "Generating auditor report in ${DIR}."
 taler-helper-auditor-render.py \
    ${DIR}/aggregation.json \
    ${DIR}/coins.json \
--- a/src/auditor/taler-helper-auditor-aggregation.c
+++ b/src/auditor/taler-helper-auditor-aggregation.c
@ -593,7 +593,45 @@ check_transaction_history_for_deposit (
                                amount_with_fee);
        break;
      }
-    }
+
+    case TALER_EXCHANGEDB_TT_PURSE_REFUND:
+      {
+        const struct TALER_Amount *amount_with_fee;
+
+        amount_with_fee = &tl->details.purse_refund->refund_amount;
+        fee_claimed = &tl->details.purse_refund->refund_fee;
+        TALER_ARL_amount_add (&refunds,
+                              &refunds,
+                              amount_with_fee);
+        TALER_ARL_amount_add (&expenditures,
+                              &expenditures,
+                              fee_claimed);
+        /* Check that the fees given in the transaction list and in dki match */
+        if (0 !=
+            TALER_amount_cmp (&issue->fees.refund,
+                              fee_claimed))
+        {
+          /* Disagreement in fee structure between exchange and auditor! */
+          report_amount_arithmetic_inconsistency ("refund fee",
+                                                  0,
+                                                  fee_claimed,
+                                                  &issue->fees.refund,
+                                                  1);
+        }
+        break;
+      }
+
+    case TALER_EXCHANGEDB_TT_RESERVE_OPEN:
+      {
+        const struct TALER_Amount *amount_with_fee;
+
+        amount_with_fee = &tl->details.reserve_open->coin_contribution;
+        TALER_ARL_amount_add (&expenditures,
+                              &expenditures,
+                              amount_with_fee);
+        break;
+      }
+    } /* switch (tl->type) */
  } /* for 'tl' */

  GNUNET_log (GNUNET_ERROR_TYPE_INFO,
@ -730,10 +768,6 @@ wire_transfer_information_cb (
  enum GNUNET_DB_QueryStatus qs;
  struct TALER_PaytoHashP hpt;

-  GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
-              "DEPFEE: %s\n",
-              TALER_amount2s (deposit_fee));
-
  TALER_payto_hash (account_pay_uri,
                    &hpt);
  if (0 !=
--- a/src/auditor/taler-helper-auditor-coins.c
+++ b/src/auditor/taler-helper-auditor-coins.c
@ -113,50 +113,15 @@ static struct TALER_Amount reported_emergency_loss;
 static struct TALER_Amount reported_emergency_loss_by_count;

 /**
- * Expected balance in the escrow account.
+ * Global coin balance sheet (for coins).
 */
-static struct TALER_Amount total_escrow_balance;
-
-/**
- * Active risk exposure.
- */
-static struct TALER_Amount total_risk;
-
-/**
- * Actualized risk (= loss) from recoups.
- */
-static struct TALER_Amount total_recoup_loss;
-
-/**
- * Recoups we made on denominations that were not revoked (!?).
- */
-static struct TALER_Amount total_irregular_recoups;
-
-/**
- * Total deposit fees earned.
- */
-static struct TALER_Amount total_deposit_fee_income;
-
-/**
- * Total melt fees earned.
- */
-static struct TALER_Amount total_melt_fee_income;
-
-/**
- * Total refund fees earned.
- */
-static struct TALER_Amount total_refund_fee_income;
+static struct TALER_AUDITORDB_GlobalCoinBalance balance;

 /**
 * Array of reports about coin operations with bad signatures.
 */
 static json_t *report_bad_sig_losses;

-/**
- * Total amount lost by operations for which signatures were invalid.
- */
-static struct TALER_Amount total_bad_sig_loss;
-
 /**
 * Array of refresh transactions where the /refresh/reveal has not yet
 * happened (and may of course never happen).
@ -539,8 +504,22 @@ check_coin_history (const struct TALER_CoinSpendPublicKeyP *coin_pub,
                            &spent,
                            &pos->details.purse_deposit->amount);
      break;
-    }
-  }
+    case TALER_EXCHANGEDB_TT_PURSE_REFUND:
+      TALER_ARL_amount_add (&refunded,
+                            &refunded,
+                            &tl->details.purse_refund->refund_amount);
+      TALER_ARL_amount_add (&spent,
+                            &spent,
+                            &pos->details.purse_refund->refund_fee);
+      have_refund = true;
+      break;
+    case TALER_EXCHANGEDB_TT_RESERVE_OPEN:
+      TALER_ARL_amount_add (&spent,
+                            &spent,
+                            &tl->details.reserve_open->coin_contribution);
+      break;
+    } /* switch (pos->type) */
+  } /* for (...) */

  if (have_refund)
  {
@ -591,33 +570,9 @@ check_coin_history (const struct TALER_CoinSpendPublicKeyP *coin_pub,
 struct DenominationSummary
 {
  /**
-   * Total value of outstanding (not deposited) coins issued with this
-   * denomination key.
+   * Information about the circulation.
   */
-  struct TALER_Amount denom_balance;
-
-  /**
-   * Total losses made (once coins deposited exceed
-   * coins withdrawn and thus the @e denom_balance is
-   * effectively negative).
-   */
-  struct TALER_Amount denom_loss;
-
-  /**
-   * Total value of coins issued with this denomination key.
-   */
-  struct TALER_Amount denom_risk;
-
-  /**
-   * Total value of coins subjected to recoup with this denomination key.
-   */
-  struct TALER_Amount denom_recoup;
-
-  /**
-   * How many coins (not their amount!) of this denomination
-   * did the exchange issue overall?
-   */
-  uint64_t num_issued;
+  struct TALER_AUDITORDB_DenominationCirculationData dcd;

  /**
   * Denomination key information for this denomination.
@ -680,11 +635,7 @@ init_denomination (const struct TALER_DenominationHashP *denom_hash,

  qs = TALER_ARL_adb->get_denomination_balance (TALER_ARL_adb->cls,
                                                denom_hash,
-                                                &ds->denom_balance,
-                                                &ds->denom_loss,
-                                                &ds->denom_risk,
-                                                &ds->denom_recoup,
-                                                &ds->num_issued);
+                                                &ds->dcd);
  if (0 > qs)
  {
    GNUNET_break (GNUNET_DB_STATUS_SOFT_ERROR == qs);
@ -698,22 +649,22 @@ init_denomination (const struct TALER_DenominationHashP *denom_hash,
  {
    GNUNET_assert (GNUNET_OK ==
                   TALER_amount_set_zero (TALER_ARL_currency,
-                                          &ds->denom_balance));
+                                          &ds->dcd.denom_balance));
    GNUNET_assert (GNUNET_OK ==
                   TALER_amount_set_zero (TALER_ARL_currency,
-                                          &ds->denom_loss));
+                                          &ds->dcd.denom_loss));
    GNUNET_assert (GNUNET_OK ==
                   TALER_amount_set_zero (TALER_ARL_currency,
-                                          &ds->denom_risk));
+                                          &ds->dcd.denom_risk));
    GNUNET_assert (GNUNET_OK ==
                   TALER_amount_set_zero (TALER_ARL_currency,
-                                          &ds->denom_recoup));
+                                          &ds->dcd.recoup_loss));
  }
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
              "Starting balance for denomination `%s' is %s (%llu)\n",
              GNUNET_h2s (&denom_hash->hash),
-              TALER_amount2s (&ds->denom_balance),
-              (unsigned long long) ds->num_issued);
+              TALER_amount2s (&ds->dcd.denom_balance),
+              (unsigned long long) ds->dcd.num_issued);
  qs = TALER_ARL_edb->get_denomination_revocation (TALER_ARL_edb->cls,
                                                   denom_hash,
                                                   &msig,
@ -828,15 +779,14 @@ sync_denomination (void *cls,
    else
      qs = GNUNET_DB_STATUS_SUCCESS_ONE_RESULT;
    if ( (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT == qs) &&
-         ( (0 != ds->denom_risk.value) ||
-           (0 != ds->denom_risk.fraction) ) )
+         (! TALER_amount_is_zero (&ds->dcd.denom_risk)) )
    {
      /* The denomination expired and carried a balance; we can now
         book the remaining balance as profit, and reduce our risk
         exposure by the accumulated risk of the denomination. */
-      TALER_ARL_amount_subtract (&total_risk,
-                                 &total_risk,
-                                 &ds->denom_risk);
+      TALER_ARL_amount_subtract (&balance.risk,
+                                 &balance.risk,
+                                 &ds->dcd.denom_risk);
      /* If the above fails, our risk assessment is inconsistent!
         This is really, really bad (auditor-internal invariant
         would be violated). Hence we can "safely" assert.  If
@ -844,22 +794,21 @@ sync_denomination (void *cls,
         in the auditor _or_ the auditor's database is corrupt. */
    }
    if ( (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT == qs) &&
-         ( (0 != ds->denom_balance.value) ||
-           (0 != ds->denom_balance.fraction) ) )
+         (! TALER_amount_is_zero (&ds->dcd.denom_balance)) )
    {
      /* book denom_balance coin expiration profits! */
      GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                  "Denomination `%s' expired, booking %s in expiration profits\n",
                  GNUNET_h2s (denom_hash),
-                  TALER_amount2s (&ds->denom_balance));
+                  TALER_amount2s (&ds->dcd.denom_balance));
      if (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT !=
          (qs = TALER_ARL_adb->insert_historic_denom_revenue (
             TALER_ARL_adb->cls,
             &TALER_ARL_master_pub,
             &denom_h,
             expire_deposit,
-             &ds->denom_balance,
-             &ds->denom_recoup)))
+             &ds->dcd.denom_balance,
+             &ds->dcd.recoup_loss)))
      {
        /* Failed to store profits? Bad database */
        GNUNET_break (GNUNET_DB_STATUS_SOFT_ERROR == qs);
@ -876,8 +825,8 @@ sync_denomination (void *cls,
    GNUNET_log (GNUNET_ERROR_TYPE_INFO,
                "Final balance for denomination `%s' is %s (%llu)\n",
                GNUNET_h2s (denom_hash),
-                TALER_amount2s (&ds->denom_balance),
-                (unsigned long long) ds->num_issued);
+                TALER_amount2s (&ds->dcd.denom_balance),
+                (unsigned long long) ds->dcd.num_issued);
    cnt = TALER_ARL_edb->count_known_coins (TALER_ARL_edb->cls,
                                            &denom_h);
    if (0 > cnt)
@ -889,39 +838,31 @@ sync_denomination (void *cls,
    }
    else
    {
-      if (ds->num_issued < (uint64_t) cnt)
+      if (ds->dcd.num_issued < (uint64_t) cnt)
      {
        /* more coins deposited than issued! very bad */
        report_emergency_by_count (issue,
-                                   ds->num_issued,
+                                   ds->dcd.num_issued,
                                   cnt,
-                                   &ds->denom_risk);
+                                   &ds->dcd.denom_risk);
      }
      if (ds->report_emergency)
      {
        /* Value of coins deposited exceed value of coins
           issued! Also very bad! */
        report_emergency_by_amount (issue,
-                                    &ds->denom_risk,
-                                    &ds->denom_loss);
+                                    &ds->dcd.denom_risk,
+                                    &ds->dcd.denom_loss);

      }
      if (ds->in_db)
        qs = TALER_ARL_adb->update_denomination_balance (TALER_ARL_adb->cls,
                                                         &denom_h,
-                                                         &ds->denom_balance,
-                                                         &ds->denom_loss,
-                                                         &ds->denom_risk,
-                                                         &ds->denom_recoup,
-                                                         ds->num_issued);
+                                                         &ds->dcd);
      else
        qs = TALER_ARL_adb->insert_denomination_balance (TALER_ARL_adb->cls,
                                                         &denom_h,
-                                                         &ds->denom_balance,
-                                                         &ds->denom_loss,
-                                                         &ds->denom_risk,
-                                                         &ds->denom_recoup,
-                                                         ds->num_issued);
+                                                         &ds->dcd);
    }
  }
  if (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT != qs)
@ -1018,22 +959,22 @@ withdraw_cb (void *cls,
              "Issued coin in denomination `%s' of total value %s\n",
              GNUNET_h2s (&dh.hash),
              TALER_amount2s (&issue->value));
-  ds->num_issued++;
-  TALER_ARL_amount_add (&ds->denom_balance,
-                        &ds->denom_balance,
-                        &issue->value);
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
              "New balance of denomination `%s' is %s\n",
              GNUNET_h2s (&dh.hash),
-              TALER_amount2s (&ds->denom_balance));
-  TALER_ARL_amount_add (&total_escrow_balance,
-                        &total_escrow_balance,
+              TALER_amount2s (&ds->dcd.denom_balance));
+  TALER_ARL_amount_add (&balance.total_escrowed,
+                        &balance.total_escrowed,
                        &issue->value);
-  TALER_ARL_amount_add (&total_risk,
-                        &total_risk,
+  TALER_ARL_amount_add (&balance.risk,
+                        &balance.risk,
                        &issue->value);
-  TALER_ARL_amount_add (&ds->denom_risk,
-                        &ds->denom_risk,
+  ds->dcd.num_issued++;
+  TALER_ARL_amount_add (&ds->dcd.denom_balance,
+                        &ds->dcd.denom_balance,
+                        &issue->value);
+  TALER_ARL_amount_add (&ds->dcd.denom_risk,
+                        &ds->dcd.denom_risk,
                        &issue->value);
  if (TALER_ARL_do_abort ())
    return GNUNET_SYSERR;
@ -1187,8 +1128,8 @@ check_known_coin (
                                                loss_potential),
                        GNUNET_JSON_pack_data_auto ("coin_pub",
                                                    coin_pub)));
-    TALER_ARL_amount_add (&total_bad_sig_loss,
-                          &total_bad_sig_loss,
+    TALER_ARL_amount_add (&balance.irregular_loss,
+                          &balance.irregular_loss,
                          loss_potential);
  }
  TALER_denom_sig_free (&ci.denom_sig);
@ -1199,7 +1140,7 @@ check_known_coin (
 /**
 * Update the denom balance in @a dso reducing it by
 * @a amount_with_fee. If this is not possible, report
- * an emergency.  Also updates the #total_escrow_balance.
+ * an emergency.  Also updates the #balance.
 *
 * @param dso denomination summary to update
 * @param rowid responsible row (for logging)
@ -1214,19 +1155,19 @@ reduce_denom_balance (struct DenominationSummary *dso,

  if (TALER_ARL_SR_INVALID_NEGATIVE ==
      TALER_ARL_amount_subtract_neg (&tmp,
-                                     &dso->denom_balance,
+                                     &dso->dcd.denom_balance,
                                     amount_with_fee))
  {
-    TALER_ARL_amount_add (&dso->denom_loss,
-                          &dso->denom_loss,
+    TALER_ARL_amount_add (&dso->dcd.denom_loss,
+                          &dso->dcd.denom_loss,
                          amount_with_fee);
    dso->report_emergency = true;
  }
  else
  {
-    dso->denom_balance = tmp;
+    dso->dcd.denom_balance = tmp;
  }
-  if (-1 == TALER_amount_cmp (&total_escrow_balance,
+  if (-1 == TALER_amount_cmp (&balance.total_escrowed,
                              amount_with_fee))
  {
    /* This can theoretically happen if for example the exchange
@ -1238,20 +1179,20 @@ reduce_denom_balance (struct DenominationSummary *dso,
    report_amount_arithmetic_inconsistency (
      "subtracting amount from escrow balance",
      rowid,
-      &total_escrow_balance,
+      &balance.total_escrowed,
      amount_with_fee,
      0);
  }
  else
  {
-    TALER_ARL_amount_subtract (&total_escrow_balance,
-                               &total_escrow_balance,
+    TALER_ARL_amount_subtract (&balance.total_escrowed,
+                               &balance.total_escrowed,
                               amount_with_fee);
  }
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
              "New balance of denomination `%s' is %s\n",
              GNUNET_h2s (&dso->issue->denom_hash.hash),
-              TALER_amount2s (&dso->denom_balance));
+              TALER_amount2s (&dso->dcd.denom_balance));
 }


@ -1351,8 +1292,8 @@ refresh_session_cb (void *cls,
                                                  amount_with_fee),
                          GNUNET_JSON_pack_data_auto ("coin_pub",
                                                      coin_pub)));
-      TALER_ARL_amount_add (&total_bad_sig_loss,
-                            &total_bad_sig_loss,
+      TALER_ARL_amount_add (&balance.irregular_loss,
+                            &balance.irregular_loss,
                            amount_with_fee);
    }
  }
@ -1487,22 +1428,22 @@ refresh_session_cb (void *cls,
                    "Created fresh coin in denomination `%s' of value %s\n",
                    GNUNET_h2s (&ni->denom_hash.hash),
                    TALER_amount2s (&ni->value));
-        dsi->num_issued++;
-        TALER_ARL_amount_add (&dsi->denom_balance,
-                              &dsi->denom_balance,
+        dsi->dcd.num_issued++;
+        TALER_ARL_amount_add (&dsi->dcd.denom_balance,
+                              &dsi->dcd.denom_balance,
                              &ni->value);
-        TALER_ARL_amount_add (&dsi->denom_risk,
-                              &dsi->denom_risk,
+        TALER_ARL_amount_add (&dsi->dcd.denom_risk,
+                              &dsi->dcd.denom_risk,
                              &ni->value);
        GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                    "New balance of denomination `%s' is %s\n",
                    GNUNET_h2s (&ni->denom_hash.hash),
-                    TALER_amount2s (&dsi->denom_balance));
-        TALER_ARL_amount_add (&total_escrow_balance,
-                              &total_escrow_balance,
+                    TALER_amount2s (&dsi->dcd.denom_balance));
+        TALER_ARL_amount_add (&balance.total_escrowed,
+                              &balance.total_escrowed,
                              &ni->value);
-        TALER_ARL_amount_add (&total_risk,
-                              &total_risk,
+        TALER_ARL_amount_add (&balance.risk,
+                              &balance.risk,
                              &ni->value);
      }
    }
@ -1527,8 +1468,8 @@ refresh_session_cb (void *cls,
  }

  /* update global melt fees */
-  TALER_ARL_amount_add (&total_melt_fee_income,
-                        &total_melt_fee_income,
+  TALER_ARL_amount_add (&balance.melt_fee_balance,
+                        &balance.melt_fee_balance,
                        &issue->fees.refresh);
  if (TALER_ARL_do_abort ())
    return GNUNET_SYSERR;
@ -1625,7 +1566,7 @@ deposit_cb (void *cls,
                                     &h_wire,
                                     &deposit->h_contract_terms,
                                     &deposit->coin.h_age_commitment,
-                                     NULL /* FIXME-Oec: #7270: h_extensions! */,
+                                     &deposit->h_policy,
                                     &h_denom_pub,
                                     deposit->timestamp,
                                     &deposit->merchant_pub,
@ -1643,8 +1584,8 @@ deposit_cb (void *cls,
                                                  &deposit->amount_with_fee),
                          GNUNET_JSON_pack_data_auto ("coin_pub",
                                                      &deposit->coin.coin_pub)));
-      TALER_ARL_amount_add (&total_bad_sig_loss,
-                            &total_bad_sig_loss,
+      TALER_ARL_amount_add (&balance.irregular_loss,
+                            &balance.irregular_loss,
                            &deposit->amount_with_fee);
      if (TALER_ARL_do_abort ())
        return GNUNET_SYSERR;
@ -1675,8 +1616,8 @@ deposit_cb (void *cls,
  }

  /* update global deposit fees */
-  TALER_ARL_amount_add (&total_deposit_fee_income,
-                        &total_deposit_fee_income,
+  TALER_ARL_amount_add (&balance.deposit_fee_balance,
+                        &balance.deposit_fee_balance,
                        &issue->fees.deposit);
  if (TALER_ARL_do_abort ())
    return GNUNET_SYSERR;
@ -1760,8 +1701,8 @@ refund_cb (void *cls,
                                                amount_with_fee),
                        GNUNET_JSON_pack_data_auto ("coin_pub",
                                                    coin_pub)));
-    TALER_ARL_amount_add (&total_bad_sig_loss,
-                          &total_bad_sig_loss,
+    TALER_ARL_amount_add (&balance.irregular_loss,
+                          &balance.irregular_loss,
                          amount_with_fee);
    if (TALER_ARL_do_abort ())
      return GNUNET_SYSERR;
@ -1801,31 +1742,31 @@ refund_cb (void *cls,
  }
  else
  {
-    TALER_ARL_amount_add (&ds->denom_balance,
-                          &ds->denom_balance,
+    TALER_ARL_amount_add (&ds->dcd.denom_balance,
+                          &ds->dcd.denom_balance,
                          &amount_without_fee);
-    TALER_ARL_amount_add (&ds->denom_risk,
-                          &ds->denom_risk,
+    TALER_ARL_amount_add (&ds->dcd.denom_risk,
+                          &ds->dcd.denom_risk,
                          &amount_without_fee);
-    TALER_ARL_amount_add (&total_escrow_balance,
-                          &total_escrow_balance,
+    TALER_ARL_amount_add (&balance.total_escrowed,
+                          &balance.total_escrowed,
                          &amount_without_fee);
-    TALER_ARL_amount_add (&total_risk,
-                          &total_risk,
+    TALER_ARL_amount_add (&balance.risk,
+                          &balance.risk,
                          &amount_without_fee);
    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                "New balance of denomination `%s' after refund is %s\n",
                GNUNET_h2s (&issue->denom_hash.hash),
-                TALER_amount2s (&ds->denom_balance));
+                TALER_amount2s (&ds->dcd.denom_balance));
  }
  /* update total refund fee balance */
-  TALER_ARL_amount_add (&total_refund_fee_income,
-                        &total_refund_fee_income,
+  TALER_ARL_amount_add (&balance.refund_fee_balance,
+                        &balance.refund_fee_balance,
                        &issue->fees.refund);
  if (full_refund)
  {
-    TALER_ARL_amount_subtract (&total_deposit_fee_income,
-                               &total_deposit_fee_income,
+    TALER_ARL_amount_subtract (&balance.deposit_fee_balance,
+                               &balance.deposit_fee_balance,
                               &issue->fees.deposit);
  }
  if (TALER_ARL_do_abort ())
@ -1893,26 +1834,26 @@ purse_refund_coin_cb (
  }
  else
  {
-    TALER_ARL_amount_add (&ds->denom_balance,
-                          &ds->denom_balance,
+    TALER_ARL_amount_add (&ds->dcd.denom_balance,
+                          &ds->dcd.denom_balance,
                          amount_with_fee);
-    TALER_ARL_amount_add (&ds->denom_risk,
-                          &ds->denom_risk,
+    TALER_ARL_amount_add (&ds->dcd.denom_risk,
+                          &ds->dcd.denom_risk,
                          amount_with_fee);
-    TALER_ARL_amount_add (&total_escrow_balance,
-                          &total_escrow_balance,
+    TALER_ARL_amount_add (&balance.total_escrowed,
+                          &balance.total_escrowed,
                          amount_with_fee);
-    TALER_ARL_amount_add (&total_risk,
-                          &total_risk,
+    TALER_ARL_amount_add (&balance.risk,
+                          &balance.risk,
                          amount_with_fee);
    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                "New balance of denomination `%s' after purse-refund is %s\n",
                GNUNET_h2s (&issue->denom_hash.hash),
-                TALER_amount2s (&ds->denom_balance));
+                TALER_amount2s (&ds->dcd.denom_balance));
  }
  /* update total deposit fee balance */
-  TALER_ARL_amount_subtract (&total_deposit_fee_income,
-                             &total_deposit_fee_income,
+  TALER_ARL_amount_subtract (&balance.deposit_fee_balance,
+                             &balance.deposit_fee_balance,
                             &issue->fees.deposit);

  return GNUNET_OK;
@ -1927,16 +1868,22 @@ purse_refund_coin_cb (
 * @param cls closure
 * @param rowid unique serial ID for the refund in our DB
 * @param purse_pub public key of the purse
+ * @param reserve_pub public key of the targeted reserve (ignored)
+ * @param val targeted amount to be in the reserve (ignored)
 * @return #GNUNET_OK to continue to iterate, #GNUNET_SYSERR to stop
 */
 static enum GNUNET_GenericReturnValue
 purse_refund_cb (void *cls,
                 uint64_t rowid,
-                 const struct TALER_PurseContractPublicKeyP *purse_pub)
+                 const struct TALER_PurseContractPublicKeyP *purse_pub,
+                 const struct TALER_ReservePublicKeyP *reserve_pub,
+                 const struct TALER_Amount *val)
 {
  struct CoinContext *cc = cls;
  enum GNUNET_DB_QueryStatus qs;

+  (void) val; /* irrelevant on refund */
+  (void) reserve_pub; /* irrelevant, may even be NULL */
  GNUNET_assert (rowid >= ppc.last_purse_refunds_serial_id); /* should be monotonically increasing */
  ppc.last_purse_refunds_serial_id = rowid + 1;
  qs = TALER_ARL_edb->select_purse_deposits_by_purse (TALER_ARL_edb->cls,
@ -2006,8 +1953,8 @@ check_recoup (struct CoinContext *cc,
                                                amount),
                        GNUNET_JSON_pack_data_auto ("coin_pub",
                                                    &coin->denom_pub_hash)));
-    TALER_ARL_amount_add (&total_bad_sig_loss,
-                          &total_bad_sig_loss,
+    TALER_ARL_amount_add (&balance.irregular_loss,
+                          &balance.irregular_loss,
                          amount);
  }
  qs = TALER_ARL_get_denomination_info_by_hash (&coin->denom_pub_hash,
@ -2067,15 +2014,15 @@ check_recoup (struct CoinContext *cc,
                                                  amount),
                          GNUNET_JSON_pack_data_auto ("coin_pub",
                                                      &coin->coin_pub)));
-      TALER_ARL_amount_add (&total_bad_sig_loss,
-                            &total_bad_sig_loss,
+      TALER_ARL_amount_add (&balance.irregular_loss,
+                            &balance.irregular_loss,
                            amount);
    }
-    TALER_ARL_amount_add (&ds->denom_recoup,
-                          &ds->denom_recoup,
+    TALER_ARL_amount_add (&ds->dcd.recoup_loss,
+                          &ds->dcd.recoup_loss,
                          amount);
-    TALER_ARL_amount_add (&total_recoup_loss,
-                          &total_recoup_loss,
+    TALER_ARL_amount_add (&balance.loss,
+                          &balance.loss,
                          amount);
  }
  if (TALER_ARL_do_abort ())
@ -2131,8 +2078,8 @@ recoup_cb (void *cls,
                                                amount),
                        GNUNET_JSON_pack_data_auto ("coin_pub",
                                                    &coin->coin_pub)));
-    TALER_ARL_amount_add (&total_bad_sig_loss,
-                          &total_bad_sig_loss,
+    TALER_ARL_amount_add (&balance.irregular_loss,
+                          &balance.irregular_loss,
                          amount);
    if (TALER_ARL_do_abort ())
      return GNUNET_SYSERR;
@ -2219,13 +2166,13 @@ recoup_refresh_cb (void *cls,
    }
    else
    {
-      TALER_ARL_amount_add (&dso->denom_balance,
-                            &dso->denom_balance,
+      TALER_ARL_amount_add (&dso->dcd.denom_balance,
+                            &dso->dcd.denom_balance,
                            amount);
      GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                  "New balance of denomination `%s' after refresh-recoup is %s\n",
                  GNUNET_h2s (&issue->denom_hash.hash),
-                  TALER_amount2s (&dso->denom_balance));
+                  TALER_amount2s (&dso->dcd.denom_balance));
    }
  }

@ -2245,8 +2192,8 @@ recoup_refresh_cb (void *cls,
                                                amount),
                        GNUNET_JSON_pack_data_auto ("coin_pub",
                                                    &coin->coin_pub)));
-    TALER_ARL_amount_add (&total_bad_sig_loss,
-                          &total_bad_sig_loss,
+    TALER_ARL_amount_add (&balance.irregular_loss,
+                          &balance.irregular_loss,
                          amount);
    if (TALER_ARL_do_abort ())
      return GNUNET_SYSERR;
@ -2418,8 +2365,8 @@ purse_deposit_cb (
                                                &deposit->amount),
                        GNUNET_JSON_pack_data_auto ("coin_pub",
                                                    &deposit->coin_pub)));
-    TALER_ARL_amount_add (&total_bad_sig_loss,
-                          &total_bad_sig_loss,
+    TALER_ARL_amount_add (&balance.irregular_loss,
+                          &balance.irregular_loss,
                          &deposit->amount);
    if (TALER_ARL_do_abort ())
      return GNUNET_SYSERR;
@ -2444,8 +2391,8 @@ purse_deposit_cb (
  }

  /* update global deposit fees */
-  TALER_ARL_amount_add (&total_deposit_fee_income,
-                        &total_deposit_fee_income,
+  TALER_ARL_amount_add (&balance.deposit_fee_balance,
+                        &balance.deposit_fee_balance,
                        &issue->fees.deposit);
  if (TALER_ARL_do_abort ())
    return GNUNET_SYSERR;
@ -2497,13 +2444,15 @@ analyze_coins (void *cls)
  {
    ppc_start = ppc;
    GNUNET_log (GNUNET_ERROR_TYPE_INFO,
-                "Resuming coin audit at %llu/%llu/%llu/%llu/%llu/%llu\n",
+                "Resuming coin audit at %llu/%llu/%llu/%llu/%llu/%llu/%llu/%llu\n",
                (unsigned long long) ppc.last_deposit_serial_id,
                (unsigned long long) ppc.last_melt_serial_id,
                (unsigned long long) ppc.last_refund_serial_id,
                (unsigned long long) ppc.last_withdraw_serial_id,
                (unsigned long long) ppc.last_recoup_refresh_serial_id,
-                (unsigned long long) ppc.last_purse_deposits_serial_id);
+                (unsigned long long) ppc.last_open_deposits_serial_id,
+                (unsigned long long) ppc.last_purse_deposits_serial_id,
+                (unsigned long long) ppc.last_purse_refunds_serial_id);
  }

  /* setup 'cc' */
@ -2512,13 +2461,7 @@ analyze_coins (void *cls)
                                                             GNUNET_NO);
  qsx = TALER_ARL_adb->get_balance_summary (TALER_ARL_adb->cls,
                                            &TALER_ARL_master_pub,
-                                            &total_escrow_balance,
-                                            &total_deposit_fee_income,
-                                            &total_melt_fee_income,
-                                            &total_refund_fee_income,
-                                            &total_risk,
-                                            &total_recoup_loss,
-                                            &total_irregular_recoups);
+                                            &balance);
  if (0 > qsx)
  {
    GNUNET_break (GNUNET_DB_STATUS_SOFT_ERROR == qsx);
@ -2555,9 +2498,10 @@ analyze_coins (void *cls)

  /* process purse_refunds */
  if (0 >
-      (qs = TALER_ARL_edb->select_purse_refunds_above_serial_id (
+      (qs = TALER_ARL_edb->select_purse_decisions_above_serial_id (
         TALER_ARL_edb->cls,
         ppc.last_purse_refunds_serial_id,
+         true, /* only go for refunds! */
         &purse_refund_cb,
         &cc)))
  {
@ -2649,23 +2593,11 @@ analyze_coins (void *cls)
  if (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT == qsx)
    qs = TALER_ARL_adb->update_balance_summary (TALER_ARL_adb->cls,
                                                &TALER_ARL_master_pub,
-                                                &total_escrow_balance,
-                                                &total_deposit_fee_income,
-                                                &total_melt_fee_income,
-                                                &total_refund_fee_income,
-                                                &total_risk,
-                                                &total_recoup_loss,
-                                                &total_irregular_recoups);
+                                                &balance);
  else
    qs = TALER_ARL_adb->insert_balance_summary (TALER_ARL_adb->cls,
                                                &TALER_ARL_master_pub,
-                                                &total_escrow_balance,
-                                                &total_deposit_fee_income,
-                                                &total_melt_fee_income,
-                                                &total_refund_fee_income,
-                                                &total_risk,
-                                                &total_recoup_loss,
-                                                &total_irregular_recoups);
+                                                &balance);
  if (0 >= qs)
  {
    GNUNET_break (GNUNET_DB_STATUS_SOFT_ERROR == qs);
@ -2688,13 +2620,15 @@ analyze_coins (void *cls)
    return qs;
  }
  GNUNET_log (GNUNET_ERROR_TYPE_INFO,
-              "Concluded coin audit step at %llu/%llu/%llu/%llu/%llu/%llu\n",
+              "Concluded coin audit step at %llu/%llu/%llu/%llu/%llu/%llu/%llu/%llu\n",
              (unsigned long long) ppc.last_deposit_serial_id,
              (unsigned long long) ppc.last_melt_serial_id,
              (unsigned long long) ppc.last_refund_serial_id,
              (unsigned long long) ppc.last_withdraw_serial_id,
              (unsigned long long) ppc.last_recoup_refresh_serial_id,
-              (unsigned long long) ppc.last_purse_deposits_serial_id);
+              (unsigned long long) ppc.last_open_deposits_serial_id,
+              (unsigned long long) ppc.last_purse_deposits_serial_id,
+              (unsigned long long) ppc.last_purse_refunds_serial_id);
  return qs;
 }

@ -2740,34 +2674,37 @@ run (void *cls,
                                        &reported_emergency_loss_by_count));
  GNUNET_assert (GNUNET_OK ==
                 TALER_amount_set_zero (TALER_ARL_currency,
-                                        &total_escrow_balance));
+                                        &balance.total_escrowed));
  GNUNET_assert (GNUNET_OK ==
                 TALER_amount_set_zero (TALER_ARL_currency,
-                                        &total_risk));
+                                        &balance.deposit_fee_balance));
  GNUNET_assert (GNUNET_OK ==
                 TALER_amount_set_zero (TALER_ARL_currency,
-                                        &total_recoup_loss));
+                                        &balance.melt_fee_balance));
  GNUNET_assert (GNUNET_OK ==
                 TALER_amount_set_zero (TALER_ARL_currency,
-                                        &total_irregular_recoups));
+                                        &balance.refund_fee_balance));
  GNUNET_assert (GNUNET_OK ==
                 TALER_amount_set_zero (TALER_ARL_currency,
-                                        &total_deposit_fee_income));
+                                        &balance.purse_fee_balance));
  GNUNET_assert (GNUNET_OK ==
                 TALER_amount_set_zero (TALER_ARL_currency,
-                                        &total_melt_fee_income));
+                                        &balance.open_deposit_fee_balance));
  GNUNET_assert (GNUNET_OK ==
                 TALER_amount_set_zero (TALER_ARL_currency,
-                                        &total_refund_fee_income));
+                                        &balance.risk));
+  GNUNET_assert (GNUNET_OK ==
+                 TALER_amount_set_zero (TALER_ARL_currency,
+                                        &balance.loss));
+  GNUNET_assert (GNUNET_OK ==
+                 TALER_amount_set_zero (TALER_ARL_currency,
+                                        &balance.irregular_loss));
  GNUNET_assert (GNUNET_OK ==
                 TALER_amount_set_zero (TALER_ARL_currency,
                                        &total_arithmetic_delta_plus));
  GNUNET_assert (GNUNET_OK ==
                 TALER_amount_set_zero (TALER_ARL_currency,
                                        &total_arithmetic_delta_minus));
-  GNUNET_assert (GNUNET_OK ==
-                 TALER_amount_set_zero (TALER_ARL_currency,
-                                        &total_bad_sig_loss));
  GNUNET_assert (GNUNET_OK ==
                 TALER_amount_set_zero (TALER_ARL_currency,
                                        &total_refresh_hanging));
@ -2798,27 +2735,30 @@ run (void *cls,
  TALER_ARL_done (
    GNUNET_JSON_PACK (
      TALER_JSON_pack_amount ("total_escrow_balance",
-                              &total_escrow_balance),
-      TALER_JSON_pack_amount ("total_active_risk",
-                              &total_risk),
+                              &balance.total_escrowed),
      TALER_JSON_pack_amount ("total_deposit_fee_income",
-                              &total_deposit_fee_income),
+                              &balance.deposit_fee_balance),
      TALER_JSON_pack_amount ("total_melt_fee_income",
-                              &total_melt_fee_income),
+                              &balance.melt_fee_balance),
      TALER_JSON_pack_amount ("total_refund_fee_income",
-                              &total_refund_fee_income),
+                              &balance.refund_fee_balance),
+      TALER_JSON_pack_amount ("total_purse_fee_income",
+                              &balance.purse_fee_balance),
+      TALER_JSON_pack_amount ("total_open_deposit_fee_income",
+                              &balance.open_deposit_fee_balance),
+      TALER_JSON_pack_amount ("total_active_risk",
+                              &balance.risk),
+      TALER_JSON_pack_amount ("total_recoup_loss",
+                              &balance.loss),
+      /* Tested in test-auditor.sh #4/#5/#6/#13/#26 */
+      TALER_JSON_pack_amount ("irregular_loss",
+                              &balance.irregular_loss),
      /* Tested in test-auditor.sh #18 */
      GNUNET_JSON_pack_array_steal ("emergencies",
                                    report_emergencies),
      /* Tested in test-auditor.sh #18 */
      TALER_JSON_pack_amount ("emergencies_risk_by_amount",
                              &reported_emergency_risk_by_amount),
-      /* Tested in test-auditor.sh #4/#5/#6/#13/#26 */
-      GNUNET_JSON_pack_array_steal ("bad_sig_losses",
-                                    report_bad_sig_losses),
-      /* Tested in test-auditor.sh #4/#5/#6/#13/#26 */
-      TALER_JSON_pack_amount ("total_bad_sig_loss",
-                              &total_bad_sig_loss),
      /* Tested in test-auditor.sh #31 */
      GNUNET_JSON_pack_array_steal ("row_inconsistencies",
                                    report_row_inconsistencies),
@ -2831,11 +2771,11 @@ run (void *cls,
                              &total_arithmetic_delta_minus),
      TALER_JSON_pack_amount ("total_refresh_hanging",
                              &total_refresh_hanging),
+      GNUNET_JSON_pack_array_steal ("bad_sig_losses",
+                                    report_bad_sig_losses),
      /* Tested in test-auditor.sh #12 */
      GNUNET_JSON_pack_array_steal ("refresh_hanging",
                                    report_refreshs_hanging),
-      TALER_JSON_pack_amount ("total_recoup_loss",
-                              &total_recoup_loss),
      /* Tested in test-auditor.sh #18 */
      GNUNET_JSON_pack_array_steal ("emergencies_by_count",
                                    report_emergencies_by_count),
@ -2884,8 +2824,6 @@ run (void *cls,
                                      start_time),
      TALER_JSON_pack_time_abs_human ("auditor_end_time",
                                      GNUNET_TIME_absolute_get ()),
-      TALER_JSON_pack_amount ("total_irregular_recoups",
-                              &total_irregular_recoups),
      GNUNET_JSON_pack_array_steal ("unsigned_denominations",
                                    report_denominations_without_sigs)));
 }
--- a/src/auditor/taler-helper-auditor-purses.c
+++ b/src/auditor/taler-helper-auditor-purses.c
--- a/src/auditor/taler-helper-auditor-render.py
+++ b/src/auditor/taler-helper-auditor-render.py
@ -53,4 +53,14 @@ jinjaEnv = jinja2.Environment(loader=StdinLoader(),
                              autoescape=False)
 tmpl = jinjaEnv.get_template('stdin');

-print(tmpl.render(aggregation = jsonData1, coins = jsonData2, deposits = jsonData3, reserves = jsonData4, wire = jsonData5))
+try:
+     print(tmpl.render(aggregation = jsonData1, coins = jsonData2, deposits = jsonData3, reserves = jsonData4, wire = jsonData5))
+except jinja2.TemplateSyntaxError as error:
+     print("Template syntax error: {error.message} on line {error.lineno}.".format(error=error))
+     exit(1)
+except jinja2.UndefinedError as error:
+     print("Template undefined error: {error.message}.".format(error=error))
+     exit(1)
+except TypeError as error:
+     print("Template type error: {0}.".format(error.args[0]))
+     exit(1)
--- a/src/auditor/taler-helper-auditor-reserves.c
+++ b/src/auditor/taler-helper-auditor-reserves.c
--- a/src/auditor/taler-helper-auditor-wire.c
+++ b/src/auditor/taler-helper-auditor-wire.c
@ -93,14 +93,9 @@ struct WireAccount
  struct TALER_AUDITORDB_WireAccountProgressPoint start_pp;

  /**
-   * Where we are in the inbound (CREDIT) transaction history.
+   * Where we are in the transaction history.
   */
-  uint64_t in_wire_off;
-
-  /**
-   * Where we are in the inbound (DEBIT) transaction history.
-   */
-  uint64_t out_wire_off;
+  struct TALER_AUDITORDB_BankAccountProgressPoint wire_off;

  /**
   * Return value when we got this account's progress point.
@ -728,6 +723,12 @@ commit (enum GNUNET_DB_QueryStatus qs)
                                                   &total_drained);
    }
  }
+  else
+  {
+    GNUNET_assert (GNUNET_OK ==
+                   TALER_amount_set_zero (TALER_ARL_currency,
+                                          &final_balance));
+  }
  if (0 > qs)
  {
    if (GNUNET_DB_STATUS_SOFT_ERROR == qs)
@ -766,16 +767,14 @@ commit (enum GNUNET_DB_QueryStatus qs)
        &TALER_ARL_master_pub,
        wa->ai->section_name,
        &wa->pp,
-        wa->in_wire_off,
-        wa->out_wire_off);
+        &wa->wire_off);
    else
      qs = TALER_ARL_adb->insert_wire_auditor_account_progress (
        TALER_ARL_adb->cls,
        &TALER_ARL_master_pub,
        wa->ai->section_name,
        &wa->pp,
-        wa->in_wire_off,
-        wa->out_wire_off);
+        &wa->wire_off);
    if (0 >= qs)
    {
      GNUNET_log (GNUNET_ERROR_TYPE_INFO,
@ -922,6 +921,7 @@ check_for_required_transfers (void)
                                                    &next_timestamp);
  if (0 > qs)
  {
+    GNUNET_break (0);
    GNUNET_break (GNUNET_DB_STATUS_SOFT_ERROR == qs);
    global_ret = EXIT_FAILURE;
    GNUNET_SCHEDULER_shutdown ();
@ -1286,6 +1286,7 @@ complain_out_not_found (void *cls,
    switch (qs)
    {
    case GNUNET_DB_STATUS_HARD_ERROR:
+      GNUNET_break (0);
      global_ret = EXIT_FAILURE;
      GNUNET_SCHEDULER_shutdown ();
      return GNUNET_SYSERR;
@ -1468,92 +1469,92 @@ check_exchange_wire_out (struct WireAccount *wa)
 * transactions).
 *
 * @param cls `struct WireAccount` with current wire account to process
- * @param http_status_code http status of the request
- * @param ec error code in case something went wrong
- * @param row_off identification of the position at which we are querying
- * @param details details about the wire transfer
- * @param json original response in JSON format
- * @return #GNUNET_OK to continue, #GNUNET_SYSERR to abort iteration
+ * @param dhr HTTP response details
 */
-static enum GNUNET_GenericReturnValue
+static void
 history_debit_cb (void *cls,
-                  unsigned int http_status_code,
-                  enum TALER_ErrorCode ec,
-                  uint64_t row_off,
-                  const struct TALER_BANK_DebitDetails *details,
-                  const json_t *json)
+                  const struct TALER_BANK_DebitHistoryResponse *dhr)
 {
  struct WireAccount *wa = cls;
  struct ReserveOutInfo *roi;
  size_t slen;

-  (void) json;
-  if (NULL == details)
+  wa->dhh = NULL;
+  switch (dhr->http_status)
  {
-    wa->dhh = NULL;
-    if ( (TALER_EC_NONE != ec) &&
-         ( (! ignore_account_404) ||
-           (MHD_HTTP_NOT_FOUND != http_status_code) ) )
+  case MHD_HTTP_OK:
+    for (unsigned int i = 0; i<dhr->details.success.details_length; i++)
    {
-      GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
-                  "Error fetching debit history of account %s: %u/%u!\n",
-                  wa->ai->section_name,
-                  http_status_code,
-                  (unsigned int) ec);
-      commit (GNUNET_DB_STATUS_HARD_ERROR);
-      global_ret = EXIT_FAILURE;
-      GNUNET_SCHEDULER_shutdown ();
-      return GNUNET_SYSERR;
+      const struct TALER_BANK_DebitDetails *dd
+        = &dhr->details.success.details[i];
+      GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+                  "Analyzing bank DEBIT at %s of %s with WTID %s\n",
+                  GNUNET_TIME_timestamp2s (dd->execution_date),
+                  TALER_amount2s (&dd->amount),
+                  TALER_B2S (&dd->wtid));
+      /* Update offset */
+      wa->wire_off.out_wire_off = dd->serial_id;
+      slen = strlen (dd->credit_account_uri) + 1;
+      roi = GNUNET_malloc (sizeof (struct ReserveOutInfo)
+                           + slen);
+      GNUNET_CRYPTO_hash (&dd->wtid,
+                          sizeof (dd->wtid),
+                          &roi->subject_hash);
+      roi->details.amount = dd->amount;
+      roi->details.execution_date = dd->execution_date;
+      roi->details.wtid = dd->wtid;
+      roi->details.credit_account_uri = (const char *) &roi[1];
+      memcpy (&roi[1],
+              dd->credit_account_uri,
+              slen);
+      if (GNUNET_OK !=
+          GNUNET_CONTAINER_multihashmap_put (out_map,
+                                             &roi->subject_hash,
+                                             roi,
+                                             GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY))
+      {
+        char *diagnostic;
+
+        GNUNET_asprintf (&diagnostic,
+                         "duplicate subject hash `%s'",
+                         TALER_B2S (&roi->subject_hash));
+        TALER_ARL_amount_add (&total_wire_format_amount,
+                              &total_wire_format_amount,
+                              &dd->amount);
+        TALER_ARL_report (report_wire_format_inconsistencies,
+                          GNUNET_JSON_PACK (
+                            TALER_JSON_pack_amount ("amount",
+                                                    &dd->amount),
+                            GNUNET_JSON_pack_uint64 ("wire_offset",
+                                                     dd->serial_id),
+                            GNUNET_JSON_pack_string ("diagnostic",
+                                                     diagnostic)));
+        GNUNET_free (diagnostic);
+      }
    }
    check_exchange_wire_out (wa);
-    return GNUNET_OK;
+    return;
+  case MHD_HTTP_NO_CONTENT:
+    check_exchange_wire_out (wa);
+    return;
+  case MHD_HTTP_NOT_FOUND:
+    if (ignore_account_404)
+    {
+      check_exchange_wire_out (wa);
+      return;
+    }
+    break;
+  default:
+    break;
  }
-  GNUNET_log (GNUNET_ERROR_TYPE_INFO,
-              "Analyzing bank DEBIT at %s of %s with WTID %s\n",
-              GNUNET_TIME_timestamp2s (details->execution_date),
-              TALER_amount2s (&details->amount),
-              TALER_B2S (&details->wtid));
-  /* Update offset */
-  wa->out_wire_off = row_off;
-  slen = strlen (details->credit_account_uri) + 1;
-  roi = GNUNET_malloc (sizeof (struct ReserveOutInfo)
-                       + slen);
-  GNUNET_CRYPTO_hash (&details->wtid,
-                      sizeof (details->wtid),
-                      &roi->subject_hash);
-  roi->details.amount = details->amount;
-  roi->details.execution_date = details->execution_date;
-  roi->details.wtid = details->wtid;
-  roi->details.credit_account_uri = (const char *) &roi[1];
-  memcpy (&roi[1],
-          details->credit_account_uri,
-          slen);
-  if (GNUNET_OK !=
-      GNUNET_CONTAINER_multihashmap_put (out_map,
-                                         &roi->subject_hash,
-                                         roi,
-                                         GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY))
-  {
-    char *diagnostic;
-
-    GNUNET_asprintf (&diagnostic,
-                     "duplicate subject hash `%s'",
-                     TALER_B2S (&roi->subject_hash));
-    TALER_ARL_amount_add (&total_wire_format_amount,
-                          &total_wire_format_amount,
-                          &details->amount);
-    TALER_ARL_report (report_wire_format_inconsistencies,
-                      GNUNET_JSON_PACK (
-                        TALER_JSON_pack_amount ("amount",
-                                                &details->amount),
-                        GNUNET_JSON_pack_uint64 ("wire_offset",
-                                                 row_off),
-                        GNUNET_JSON_pack_string ("diagnostic",
-                                                 diagnostic)));
-    GNUNET_free (diagnostic);
-    return GNUNET_OK;
-  }
-  return GNUNET_OK;
+  GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+              "Error fetching debit history of account %s: %u/%u!\n",
+              wa->ai->section_name,
+              dhr->http_status,
+              (unsigned int) dhr->ec);
+  commit (GNUNET_DB_STATUS_HARD_ERROR);
+  global_ret = EXIT_FAILURE;
+  GNUNET_SCHEDULER_shutdown ();
 }


@ -1588,7 +1589,7 @@ process_debits (void *cls)
  // (CG: used to be INT64_MAX, changed by MS to INT32_MAX, why? To be discussed with him!)
  wa->dhh = TALER_BANK_debit_history (ctx,
                                      wa->ai->auth,
-                                      wa->out_wire_off,
+                                      wa->wire_off.out_wire_off,
                                      INT32_MAX,
                                      GNUNET_TIME_UNIT_ZERO,
                                      &history_debit_cb,
@ -1763,52 +1764,19 @@ process_credits (void *cls);


 /**
- * This function is called for all transactions that
- * are credited to the exchange's account (incoming
- * transactions).
+ * We got all of the incoming transactions for @a wa,
+ * finish processing the account.
 *
- * @param cls `struct WireAccount` we are processing
- * @param http_status HTTP status returned by the bank
- * @param ec error code in case something went wrong
- * @param row_off identification of the position at which we are querying
- * @param details details about the wire transfer
- * @param json raw response
- * @return #GNUNET_OK to continue, #GNUNET_SYSERR to abort iteration
+ * @param[in,out] wa wire account to process
 */
-static enum GNUNET_GenericReturnValue
-history_credit_cb (void *cls,
-                   unsigned int http_status,
-                   enum TALER_ErrorCode ec,
-                   uint64_t row_off,
-                   const struct TALER_BANK_CreditDetails *details,
-                   const json_t *json)
+static void
+conclude_account (struct WireAccount *wa)
 {
-  struct WireAccount *wa = cls;
-  struct ReserveInInfo *rii;
-  struct GNUNET_HashCode key;
-
-  (void) json;
-  if (NULL == details)
+  GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+              "Reconciling CREDIT processing of account `%s'\n",
+              wa->ai->section_name);
+  if (NULL != in_map)
  {
-    wa->chh = NULL;
-    if ( (TALER_EC_NONE != ec) &&
-         ( (! ignore_account_404) ||
-           (MHD_HTTP_NOT_FOUND != http_status) ) )
-    {
-      GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
-                  "Error fetching credit history of account %s: %u/%s!\n",
-                  wa->ai->section_name,
-                  http_status,
-                  TALER_ErrorCode_get_hint (ec));
-      commit (GNUNET_DB_STATUS_HARD_ERROR);
-      global_ret = EXIT_FAILURE;
-      GNUNET_SCHEDULER_shutdown ();
-      return GNUNET_SYSERR;
-    }
-    /* end of operation */
-    GNUNET_log (GNUNET_ERROR_TYPE_INFO,
-                "Reconciling CREDIT processing of account `%s'\n",
-                wa->ai->section_name);
    GNUNET_CONTAINER_multihashmap_iterate (in_map,
                                           &complain_in_not_found,
                                           wa);
@ -1816,16 +1784,32 @@ history_credit_cb (void *cls,
    GNUNET_CONTAINER_multihashmap_iterate (in_map,
                                           &free_rii,
                                           NULL);
-    process_credits (wa->next);
-    return GNUNET_OK;
  }
+  process_credits (wa->next);
+}
+
+
+/**
+ * Analyze credit transaction @a details into @a wa.
+ *
+ * @param[in,out] wa account that received the transfer
+ * @param details transfer details
+ * @return true on success, false to stop loop at this point
+ */
+static bool
+analyze_credit (struct WireAccount *wa,
+                const struct TALER_BANK_CreditDetails *details)
+{
+  struct ReserveInInfo *rii;
+  struct GNUNET_HashCode key;
+
  GNUNET_log (GNUNET_ERROR_TYPE_INFO,
              "Analyzing bank CREDIT at %s of %s with Reserve-pub %s\n",
              GNUNET_TIME_timestamp2s (details->execution_date),
              TALER_amount2s (&details->amount),
              TALER_B2S (&details->reserve_pub));
-  GNUNET_CRYPTO_hash (&row_off,
-                      sizeof (row_off),
+  GNUNET_CRYPTO_hash (&details->serial_id,
+                      sizeof (details->serial_id),
                      &key);
  rii = GNUNET_CONTAINER_multihashmap_get (in_map,
                                           &key);
@ -1834,13 +1818,12 @@ history_credit_cb (void *cls,
    GNUNET_log (GNUNET_ERROR_TYPE_INFO,
                "Failed to find wire transfer at `%s' in exchange database. Audit ends at this point in time.\n",
                GNUNET_TIME_timestamp2s (details->execution_date));
-    wa->chh = NULL;
    process_credits (wa->next);
-    return GNUNET_SYSERR; /* not an error, just end of processing */
+    return false; /* not an error, just end of processing */
  }

  /* Update offset */
-  wa->in_wire_off = row_off;
+  wa->wire_off.in_wire_off = details->serial_id;
  /* compare records with expected data */
  if (0 != GNUNET_memcmp (&details->reserve_pub,
                          &rii->details.reserve_pub))
@ -1851,7 +1834,7 @@ history_credit_cb (void *cls,
        GNUNET_JSON_pack_uint64 ("row",
                                 rii->rowid),
        GNUNET_JSON_pack_uint64 ("bank_row",
-                                 row_off),
+                                 details->serial_id),
        TALER_JSON_pack_amount ("amount_exchange_expected",
                                &rii->details.amount),
        TALER_JSON_pack_amount ("amount_wired",
@ -1871,7 +1854,7 @@ history_credit_cb (void *cls,
        GNUNET_JSON_pack_uint64 ("row",
                                 rii->rowid),
        GNUNET_JSON_pack_uint64 ("bank_row",
-                                 row_off),
+                                 details->serial_id),
        TALER_JSON_pack_amount ("amount_exchange_expected",
                                &zero),
        TALER_JSON_pack_amount ("amount_wired",
@ -1897,7 +1880,7 @@ history_credit_cb (void *cls,
        GNUNET_JSON_pack_uint64 ("row",
                                 rii->rowid),
        GNUNET_JSON_pack_uint64 ("bank_row",
-                                 row_off),
+                                 details->serial_id),
        TALER_JSON_pack_amount ("amount_exchange_expected",
                                &rii->details.amount),
        TALER_JSON_pack_amount ("amount_wired",
@ -1945,7 +1928,7 @@ history_credit_cb (void *cls,
                        GNUNET_JSON_pack_uint64 ("row",
                                                 rii->rowid),
                        GNUNET_JSON_pack_uint64 ("bank_row",
-                                                 row_off),
+                                                 details->serial_id),
                        GNUNET_JSON_pack_data_auto (
                          "reserve_pub",
                          &rii->details.reserve_pub)));
@ -1964,7 +1947,7 @@ history_credit_cb (void *cls,
                        GNUNET_JSON_pack_uint64 ("row",
                                                 rii->rowid),
                        GNUNET_JSON_pack_uint64 ("bank_row",
-                                                 row_off),
+                                                 details->serial_id),
                        GNUNET_JSON_pack_string ("diagnostic",
                                                 "execution date mismatch")));
  }
@ -1973,7 +1956,60 @@ cleanup:
                 free_rii (NULL,
                           &key,
                           rii));
-  return GNUNET_OK;
+  return true;
+}
+
+
+/**
+ * This function is called for all transactions that
+ * are credited to the exchange's account (incoming
+ * transactions).
+ *
+ * @param cls `struct WireAccount` we are processing
+ * @param chr HTTP response returned by the bank
+ */
+static void
+history_credit_cb (void *cls,
+                   const struct TALER_BANK_CreditHistoryResponse *chr)
+{
+  struct WireAccount *wa = cls;
+
+  wa->chh = NULL;
+  switch (chr->http_status)
+  {
+  case MHD_HTTP_OK:
+    for (unsigned int i = 0; i<chr->details.success.details_length; i++)
+    {
+      const struct TALER_BANK_CreditDetails *cd
+        = &chr->details.success.details[i];
+
+      if (! analyze_credit (wa,
+                            cd))
+        break;
+    }
+    conclude_account (wa);
+    return;
+  case MHD_HTTP_NO_CONTENT:
+    conclude_account (wa);
+    return;
+  case MHD_HTTP_NOT_FOUND:
+    if (ignore_account_404)
+    {
+      conclude_account (wa);
+      return;
+    }
+    break;
+  default:
+    break;
+  }
+  GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+              "Error fetching credit history of account %s: %u/%s!\n",
+              wa->ai->section_name,
+              chr->http_status,
+              TALER_ErrorCode_get_hint (chr->ec));
+  commit (GNUNET_DB_STATUS_HARD_ERROR);
+  global_ret = EXIT_FAILURE;
+  GNUNET_SCHEDULER_shutdown ();
 }


@ -2026,7 +2062,7 @@ process_credits (void *cls)
  // (CG: used to be INT64_MAX, changed by MS to INT32_MAX, why? To be discussed with him!)
  wa->chh = TALER_BANK_credit_history (ctx,
                                       wa->ai->auth,
-                                       wa->in_wire_off,
+                                       wa->wire_off.in_wire_off,
                                       INT32_MAX,
                                       GNUNET_TIME_UNIT_ZERO,
                                       &history_credit_cb,
@ -2057,8 +2093,7 @@ begin_credit_audit (void)


 /**
- * Function called about reserve closing operations
- * the aggregator triggered.
+ * Function called about reserve closing operations the aggregator triggered.
 *
 * @param cls closure
 * @param rowid row identifier used to uniquely identify the reserve closing operation
@ -2068,6 +2103,8 @@ begin_credit_audit (void)
 * @param reserve_pub public key of the reserve
 * @param receiver_account where did we send the funds, in payto://-format
 * @param wtid identifier used for the wire transfer
+ * @param close_request_row which close request triggered the operation?
+ *         0 if it was a timeout (not used)
 * @return #GNUNET_OK to continue to iterate, #GNUNET_SYSERR to stop
 */
 static enum GNUNET_GenericReturnValue
@ -2078,12 +2115,14 @@ reserve_closed_cb (void *cls,
                   const struct TALER_Amount *closing_fee,
                   const struct TALER_ReservePublicKeyP *reserve_pub,
                   const char *receiver_account,
-                   const struct TALER_WireTransferIdentifierRawP *wtid)
+                   const struct TALER_WireTransferIdentifierRawP *wtid,
+                   uint64_t close_request_row)
 {
  struct ReserveClosure *rc;
  struct GNUNET_HashCode key;

  (void) cls;
+  (void) close_request_row;
  rc = GNUNET_new (struct ReserveClosure);
  if (TALER_ARL_SR_INVALID_NEGATIVE ==
      TALER_ARL_amount_subtract_neg (&rc->amount,
@ -2204,8 +2243,7 @@ begin_transaction (void)
      &TALER_ARL_master_pub,
      wa->ai->section_name,
      &wa->pp,
-      &wa->in_wire_off,
-      &wa->out_wire_off);
+      &wa->wire_off);
    if (0 > wa->qsx)
    {
      GNUNET_break (GNUNET_DB_STATUS_SOFT_ERROR == wa->qsx);
--- a/src/auditor/test-auditor.sh
+++ b/src/auditor/test-auditor.sh
@ -87,7 +87,7 @@ function stop_libeufin()
 # Cleanup exchange and libeufin between runs.
 function cleanup()
 {
-    if test ! -z ${EPID:-}
+    if test ! -z "${EPID:-}"
    then
        echo -n "Stopping exchange $EPID..."
        kill -TERM $EPID
@ -102,7 +102,7 @@ function cleanup()
 function exit_cleanup()
 {
    echo "Running exit-cleanup"
-    if test ! -z ${POSTGRES_PATH:-}
+    if test ! -z "${POSTGRES_PATH:-}"
    then
        echo "Stopping Postgres at ${POSTGRES_PATH}"
        ${POSTGRES_PATH}/pg_ctl -D $TMPDIR -l /dev/null stop &> /dev/null || true
@ -122,8 +122,7 @@ trap exit_cleanup EXIT
 function launch_libeufin () {
    cd $MYDIR
    export LIBEUFIN_SANDBOX_DB_CONNECTION="jdbc:sqlite:${DB}-sandbox.sqlite3"
-    export LIBEUFIN_SANDBOX_ADMIN_PASSWORD=secret
-    libeufin-sandbox serve --port 18082 \
+    libeufin-sandbox serve --no-auth --port 18082 \
                     > ${MYDIR}/libeufin-sandbox-stdout.log \
                     2> ${MYDIR}/libeufin-sandbox-stderr.log &
    echo $! > ${MYDIR}/libeufin-sandbox.pid
@ -241,7 +240,13 @@ function audit_only () {
    echo -n "."
    $VALGRIND taler-helper-auditor-reserves -i -L DEBUG -c $CONF -m $MASTER_PUB > test-audit-reserves-inc.json 2> ${MY_TMP_DIR}/test-audit-reserves-inc.log || exit_fail "incremental reserves audit failed"
    echo -n "."
-    $VALGRIND taler-helper-auditor-wire -i -L DEBUG -c $CONF -m $MASTER_PUB > test-audit-wire.json 2> ${MY_TMP_DIR}/test-wire-audit.log || exit_fail "wire audit failed"
+    rm -f ${MY_TMP_DIR}/test-wire-audit.log
+    thaw() {
+      $VALGRIND taler-helper-auditor-wire -i -L DEBUG -c $CONF -m $MASTER_PUB > test-audit-wire.json 2>> ${MY_TMP_DIR}/test-wire-audit.log
+    }
+    thaw || ( echo -e " FIRST CALL TO taler-helper-auditor-wire FAILED,\nRETRY AFTER TWO SECONDS..." | tee -a ${MY_TMP_DIR}/test-wire-audit.log
+	      sleep 2
+	      thaw || exit_fail "wire audit failed" )
    echo -n "."
    $VALGRIND taler-helper-auditor-wire -i -L DEBUG -c $CONF -m $MASTER_PUB > test-audit-wire-inc.json 2> ${MY_TMP_DIR}/test-wire-audit-inc.log || exit_fail "wire audit inc failed"
    echo -n "."
@ -296,9 +301,9 @@ function run_audit () {
        echo -n "Running taler-exchange-offline drain "

        taler-exchange-offline -L DEBUG -c "${CONF}" \
-                               drain TESTKUDOS:0.1 exchange-account-1 payto://iban/SANDBOXX/DE360679?receiver-name=Exchange+Drain \
-                               upload \
-                               2> ${MY_TMP_DIR}/taler-exchange-offline-drain.log || exit_fail "offline draining failed"
+          drain TESTKUDOS:0.1 exchange-account-1 payto://iban/SANDBOXX/DE360679?receiver-name=Exchange+Drain \
+          upload \
+          2> ${MY_TMP_DIR}/taler-exchange-offline-drain.log || exit_fail "offline draining failed"
        kill -TERM $EPID
        wait $EPID || true
        unset EPID
@ -320,11 +325,15 @@ function run_audit () {
            echo -n "Payment likely already submitted, running submit-payments without UUID anyway ..."
            libeufin-cli accounts submit-payments exchange-nexus
        else
-            echo -n "Running submitting payment ${PAIN_UUID} ..."
+            echo -n "Running payment submission for transaction ${PAIN_UUID} ..."
            libeufin-cli accounts submit-payments --payment-uuid ${PAIN_UUID} exchange-nexus
        fi
-        cd $ORIGIN
        echo " DONE"
+        echo -n "Import outgoing transactions..."
+        libeufin-cli accounts fetch-transactions \
+           --range-type since-last --level report exchange-nexus
+        echo " DONE"
+        cd $ORIGIN
    fi
    audit_only
    post_audit
@ -388,7 +397,7 @@ function test_0() {
    then
        exit_fail "Wrong total bad sig loss from aggregation, got unexpected loss of $LOSS"
    fi
-    LOSS=`jq -r .total_bad_sig_loss < test-audit-coins.json`
+    LOSS=`jq -r .irregular_loss < test-audit-coins.json`
    if test $LOSS != "TESTKUDOS:0"
    then
        exit_fail "Wrong total bad sig loss from coins, got unexpected loss of $LOSS"
@ -613,7 +622,7 @@ function test_3() {
        exit_fail "Expected reserve balance summary amount wrong, got $EXPECTED (exchange)"
    fi

-    WIRED=`jq -r .total_loss_balance_insufficient < test-audit-reserves.json`
+    WIRED=`jq -r .total_irregular_loss < test-audit-reserves.json`
    if test $WIRED != "TESTKUDOS:0"
    then
        exit_fail "Wrong total loss from insufficient balance, got $WIRED"
@ -690,7 +699,7 @@ function test_4() {
        exit_fail "Wrong operation, got $OP"
    fi

-    LOSS=`jq -r .total_bad_sig_loss < test-audit-coins.json`
+    LOSS=`jq -r .irregular_loss < test-audit-coins.json`
    if test $LOSS != "TESTKUDOS:3"
    then
        exit_fail "Wrong total bad sig loss, got $LOSS"
@ -734,7 +743,7 @@ function test_5() {
        exit_fail "Wrong operation, got $OP"
    fi

-    LOSS=`jq -r .total_bad_sig_loss < test-audit-coins.json`
+    LOSS=`jq -r .irregular_loss < test-audit-coins.json`
    if test $LOSS != "TESTKUDOS:3"
    then
        exit_fail "Wrong total bad sig loss, got $LOSS"
@ -776,7 +785,7 @@ function test_6() {
        exit_fail "Wrong operation, got $OP"
    fi

-    LOSS=`jq -r .total_bad_sig_loss < test-audit-coins.json`
+    LOSS=`jq -r .irregular_loss < test-audit-coins.json`
    if test $LOSS == "TESTKUDOS:0"
    then
        exit_fail "Wrong total bad sig loss, got $LOSS"
@ -1093,7 +1102,7 @@ function test_13() {
    fi

    LOSS=`jq -er .bad_sig_losses[0].loss < test-audit-coins.json`
-    TOTAL_LOSS=`jq -er .total_bad_sig_loss < test-audit-coins.json`
+    TOTAL_LOSS=`jq -er .irregular_loss < test-audit-coins.json`
    if test x$LOSS != x$TOTAL_LOSS
    then
        exit_fail "Loss inconsistent, got $LOSS and $TOTAL_LOSS"
@ -1644,7 +1653,7 @@ function test_26() {
        exit_fail "Wrong operation, got $OP"
    fi

-    LOSS=`jq -r .total_bad_sig_loss < test-audit-coins.json`
+    LOSS=`jq -r .irregular_loss < test-audit-coins.json`
    if test $LOSS != "TESTKUDOS:3"
    then
        exit_fail "Wrong total bad sig loss, got $LOSS"
@ -1805,7 +1814,7 @@ function test_31() {

    run_audit aggregator
    echo -n "Testing inconsistency detection... "
-    AMOUNT=`jq -r .total_bad_sig_loss < test-audit-coins.json`
+    AMOUNT=`jq -r .irregular_loss < test-audit-coins.json`
    if test "x$AMOUNT" == "xTESTKUDOS:0"
    then
        exit_fail "Reported total amount wrong: $AMOUNT"
@ -1892,7 +1901,7 @@ function test_33() {
    then
        exit_fail "Wrong total bad sig loss from aggregation, got unexpected loss of $LOSS"
    fi
-    LOSS=`jq -r .total_bad_sig_loss < test-audit-coins.json`
+    LOSS=`jq -r .irregular_loss < test-audit-coins.json`
    if test $LOSS != "TESTKUDOS:0"
    then
        exit_fail "Wrong total bad sig loss from coins, got unexpected loss of $LOSS"
@ -2047,10 +2056,10 @@ taler-wallet-cli -h >/dev/null </dev/null 2>/dev/null || exit_skip "taler-wallet
 echo -n "Testing for Postgres"
 # Available directly in path?
 INITDB_BIN=$(command -v initdb) || true
-if [[ ! -z $INITDB_BIN ]]; then
+if [[ ! -z "$INITDB_BIN" ]]; then
  echo " FOUND (in path) at" $INITDB_BIN
 else
-  HAVE_INITDB=`find /usr -name "initdb" 2> /dev/null | grep postgres` || exit_skip " MISSING"
+  HAVE_INITDB=`find /usr -name "initdb" | head -1 2> /dev/null | grep postgres` || exit_skip " MISSING"
  echo " FOUND at" `dirname $HAVE_INITDB`
  INITDB_BIN=`echo $HAVE_INITDB | grep bin/initdb | grep postgres | sort -n | tail -n1`
 fi
--- a/src/auditor/test-revocation.sh
+++ b/src/auditor/test-revocation.sh
@ -81,7 +81,7 @@ function stop_libeufin()
 # Cleanup to run whenever we exit
 function cleanup()
 {
-    if test ! -z ${EPID:-}
+    if test ! -z "${EPID:-}"
    then
        echo -n "Stopping exchange $EPID..."
        kill -TERM $EPID
@ -96,7 +96,7 @@ function cleanup()
 function exit_cleanup()
 {
    echo "Running exit-cleanup"
-    if test ! -z ${POSTGRES_PATH:-}
+    if test ! -z "${POSTGRES_PATH:-}"
    then
        echo "Stopping Postgres at ${POSTGRES_PATH}"
        ${POSTGRES_PATH}/pg_ctl -D $TMPDIR -l /dev/null stop &> /dev/null || true
@ -140,7 +140,7 @@ function nexus_submit_to_sandbox () {
 function get_payto_uri() {
    export LIBEUFIN_SANDBOX_USERNAME=$1
    export LIBEUFIN_SANDBOX_PASSWORD=$2
-    export LIBEUFIN_SANDBOX_URL=http://localhost:18082/demobanks/default
+    export LIBEUFIN_SANDBOX_URL=http://localhost:18082
    libeufin-cli sandbox demobank info --bank-account $1 | jq --raw-output '.paytoUri'
 }

@ -152,8 +152,7 @@ function launch_libeufin () {
                   > ${MYDIR}/libeufin-nexus-stdout.log &
    echo $! > ${MYDIR}/libeufin-nexus.pid
    export LIBEUFIN_SANDBOX_DB_CONNECTION="jdbc:sqlite:${DB}-sandbox.sqlite3"
-    export LIBEUFIN_SANDBOX_ADMIN_PASSWORD=secret
-    libeufin-sandbox serve --port 18082 \
+    libeufin-sandbox serve --no-auth --port 18082 \
                     > ${MYDIR}/libeufin-sandbox-stdout.log \
                     2> ${MYDIR}/libeufin-sandbox-stderr.log &
    echo $! > ${MYDIR}/libeufin-sandbox.pid
@ -337,7 +336,7 @@ function test_0() {
    then
        exit_fail "Wrong total bad sig loss from aggregation, got unexpected loss of $LOSS"
    fi
-    LOSS=`jq -r .total_bad_sig_loss < test-audit-coins.json`
+    LOSS=`jq -r .irregular_loss < test-audit-coins.json`
    if test $LOSS != "TESTKUDOS:0"
    then
        exit_fail "Wrong total bad sig loss from coins, got unexpected loss of $LOSS"
@ -561,7 +560,7 @@ function test_4() {
    echo -n "Testing inconsistency detection... "
    # Coin spent exceeded coin's value
    jq -e .bad_sig_losses[0] < test-audit-coins.json > /dev/null || exit_fail "Bad recoup not detected"
-    AMOUNT=`jq -r .total_bad_sig_losses < test-audit-coins.json`
+    AMOUNT=`jq -r .irregular_loss < test-audit-coins.json`
    if test $AMOUNT == "TESTKUDOS:0"
    then
        exit_fail "Total bad sig losses are wrong"
@ -640,10 +639,10 @@ taler-wallet-cli -h >/dev/null </dev/null 2>/dev/null || exit_skip "taler-wallet
 echo -n "Testing for Postgres"
 # Available directly in path?
 INITDB_BIN=$(command -v initdb) || true
-if [[ ! -z $INITDB_BIN ]]; then
+if [[ ! -z "$INITDB_BIN" ]]; then
  echo " FOUND (in path) at" $INITDB_BIN
 else
-  HAVE_INITDB=`find /usr -name "initdb" 2> /dev/null | grep postgres` || exit_skip " MISSING"
+  HAVE_INITDB=`find /usr -name "initdb" | head -1 2> /dev/null | grep postgres` || exit_skip " MISSING"
  echo " FOUND at" `dirname $HAVE_INITDB`
  INITDB_BIN=`echo $HAVE_INITDB | grep bin/initdb | grep postgres | sort -n | tail -n1`
 fi
--- a/src/auditor/test-sync.sh
+++ b/src/auditor/test-sync.sh
@ -32,7 +32,7 @@ function exit_fail() {

 # Cleanup to run whenever we exit
 function cleanup() {
-    if test ! -z ${POSTGRES_PATH:-}
+    if test ! -z "${POSTGRES_PATH:-}"
    then
        ${POSTGRES_PATH}/pg_ctl -D $TMPDIR stop &> /dev/null || true
    fi
@ -65,7 +65,7 @@ function check_with_database()
    taler-auditor-sync -s test-sync-in.conf -d test-sync-out.conf -t

    # cs_nonce_locks excluded: no point
-    for table in denominations denomination_revocations wire_targets reserves reserves_in reserves_close reserves_out auditors auditor_denom_sigs exchange_sign_keys signkey_revocations extensions extension_details known_coins refresh_commitments refresh_revealed_coins refresh_transfer_keys deposits refunds wire_out aggregation_tracking wire_fee recoup recoup_refresh
+    for table in denominations denomination_revocations wire_targets reserves reserves_in reserves_close reserves_out auditors auditor_denom_sigs exchange_sign_keys signkey_revocations extensions policy_details policy_fulfillments known_coins refresh_commitments refresh_revealed_coins refresh_transfer_keys deposits refunds wire_out aggregation_tracking wire_fee recoup recoup_refresh
    do
        echo -n "."
        CIN=`echo "SELECT COUNT(*) FROM exchange.$table" | psql talercheck-in -Aqt`
@ -111,10 +111,10 @@ taler-wallet-cli -h >/dev/null </dev/null 2>/dev/null || exit_skip "taler-wallet
 echo -n "Testing for Postgres"
 # Available directly in path?
 INITDB_BIN=$(command -v initdb) || true
-if [[ ! -z $INITDB_BIN ]]; then
+if [[ ! -z "$INITDB_BIN" ]]; then
  echo " FOUND (in path) at" $INITDB_BIN
 else
-  HAVE_INITDB=`find /usr -name "initdb" 2> /dev/null | grep postgres` || exit_skip " MISSING"
+  HAVE_INITDB=`find /usr -name "initdb" | head -1 2> /dev/null | grep postgres` || exit_skip " MISSING"
  echo " FOUND at" `dirname $HAVE_INITDB`
  INITDB_BIN=`echo $HAVE_INITDB | grep bin/initdb | grep postgres | sort -n | tail -n1`
 fi
--- a/src/auditordb/9999.sql
+++ b/src/auditordb/9999.sql
@ -1,53 +0,0 @@
--
-- This file is part of TALER
-- Copyright (C) 2014--2020 Taler Systems SA
--
-- TALER is free software; you can redistribute it and/or modify it under the
-- terms of the GNU General Public License as published by the Free Software
-- Foundation; either version 3, or (at your option) any later version.
--
-- TALER is distributed in the hope that it will be useful, but WITHOUT ANY
-- WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
-- A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
--
-- You should have received a copy of the GNU General Public License along with
-- TALER; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
--
-
-- Everything in one big transaction
-BEGIN;
-
-NOTE: This code is not yet ready / in use. It was archived here
-as we might want this kind of table in the future. It is NOT
-to be installed in a production system (hence in EXTRA_DIST and
-not in the SQL target!)
-
-- Check patch versioning is in place.
-SELECT _v.register_patch('auditor-9999', NULL, NULL);
-
-
-- Table with historic business ledger; basically, when the exchange
-- operator decides to use operating costs for anything but wire
-- transfers to merchants, it goes in here.  This happens when the
-- operator users transaction fees for business expenses. purpose
-- is free-form but should be a human-readable wire transfer
-- identifier.   This is NOT yet used and outside of the scope of
-- the core auditing logic. However, once we do take fees to use
-- operating costs, and if we still want auditor_predicted_result to match
-- the tables overall, we'll need a command-line tool to insert rows
-- into this table and update auditor_predicted_result accordingly.
-- (So this table for now just exists as a reminder of what we'll
-- need in the long term.)
-CREATE TABLE IF NOT EXISTS auditor_historic_ledger
-  (master_pub BYTEA CONSTRAINT master_pub_ref REFERENCES auditor_exchanges(master_pub) ON DELETE CASCADE
-  ,purpose VARCHAR NOT NULL
-  ,timestamp INT8 NOT NULL
-  ,balance_val INT8 NOT NULL
-  ,balance_frac INT4 NOT NULL
-  );
-CREATE INDEX history_ledger_by_master_pub_and_time
-  ON auditor_historic_ledger
-  (master_pub
-  ,timestamp);
-
-COMMIT;
--- a/src/auditordb/Makefile.am
+++ b/src/auditordb/Makefile.am
@ -23,7 +23,8 @@ EXTRA_DIST = \
  auditordb-postgres.conf \
  test-auditor-db-postgres.conf \
  $(sql_DATA) \
-  9999.sql
+  pg_template.h pg_template.c \
+  pg_template.sh

 plugindir = $(libdir)/taler

@ -33,7 +34,65 @@ plugin_LTLIBRARIES = \
 endif

 libtaler_plugin_auditordb_postgres_la_SOURCES = \
-  plugin_auditordb_postgres.c
+  plugin_auditordb_postgres.c pg_helper.h \
+  pg_insert_auditor_progress_reserve.h pg_insert_auditor_progress_reserve.c \
+  pg_update_auditor_progress_reserve.h pg_update_auditor_progress_reserve.c \
+  pg_get_auditor_progress_reserve.h pg_get_auditor_progress_reserve.c \
+  pg_insert_auditor_progress_purse.h pg_insert_auditor_progress_purse.c \
+  pg_update_auditor_progress_purse.h pg_update_auditor_progress_purse.c \
+  pg_get_auditor_progress_purse.h pg_get_auditor_progress_purse.c \
+  pg_insert_auditor_progress_aggregation.h pg_insert_auditor_progress_aggregation.c \
+  pg_update_auditor_progress_aggregation.h pg_update_auditor_progress_aggregation.c \
+  pg_get_auditor_progress_aggregation.h pg_get_auditor_progress_aggregation.c \
+  pg_insert_auditor_progress_deposit_confirmation.h pg_insert_auditor_progress_deposit_confirmation.c \
+  pg_update_auditor_progress_deposit_confirmation.h pg_update_auditor_progress_deposit_confirmation.c \
+  pg_get_auditor_progress_deposit_confirmation.h pg_get_auditor_progress_deposit_confirmation.c \
+  pg_insert_auditor_progress_coin.h pg_insert_auditor_progress_coin.c \
+  pg_update_auditor_progress_coin.h pg_update_auditor_progress_coin.c \
+  pg_get_auditor_progress_coin.h pg_get_auditor_progress_coin.c \
+  pg_insert_wire_auditor_account_progress.h pg_insert_wire_auditor_account_progress.c \
+  pg_update_wire_auditor_account_progress.h pg_update_wire_auditor_account_progress.c \
+  pg_get_wire_auditor_account_progress.h pg_get_wire_auditor_account_progress.c \
+  pg_insert_wire_auditor_progress.h pg_insert_wire_auditor_progress.c \
+  pg_update_wire_auditor_progress.h pg_update_wire_auditor_progress.c \
+  pg_get_wire_auditor_progress.h pg_get_wire_auditor_progress.c \
+  pg_insert_reserve_info.h pg_insert_reserve_info.c \
+  pg_update_reserve_info.h pg_update_reserve_info.c \
+  pg_del_reserve_info.h pg_del_reserve_info.c \
+  pg_get_reserve_info.h pg_get_reserve_info.c \
+  pg_insert_reserve_summary.h pg_insert_reserve_summary.c \
+  pg_update_reserve_summary.h pg_update_reserve_summary.c \
+  pg_get_reserve_summary.h pg_get_reserve_summary.c \
+  pg_insert_wire_fee_summary.h pg_insert_wire_fee_summary.c \
+  pg_update_wire_fee_summary.h pg_update_wire_fee_summary.c \
+  pg_get_wire_fee_summary.h pg_get_wire_fee_summary.c \
+  pg_insert_denomination_balance.h pg_insert_denomination_balance.c \
+  pg_update_denomination_balance.h pg_update_denomination_balance.c \
+  pg_get_denomination_balance.h pg_get_denomination_balance.c \
+  pg_insert_balance_summary.h pg_insert_balance_summary.c \
+  pg_update_balance_summary.h pg_update_balance_summary.c \
+  pg_get_balance_summary.h pg_get_balance_summary.c \
+  pg_insert_historic_denom_revenue.h pg_insert_historic_denom_revenue.c \
+  pg_select_historic_denom_revenue.h pg_select_historic_denom_revenue.c \
+  pg_insert_historic_reserve_revenue.h pg_insert_historic_reserve_revenue.c \
+  pg_select_historic_reserve_revenue.h pg_select_historic_reserve_revenue.c \
+  pg_insert_predicted_result.h pg_insert_predicted_result.c \
+  pg_update_predicted_result.h pg_update_predicted_result.c \
+  pg_get_predicted_balance.h pg_get_predicted_balance.c \
+  pg_insert_exchange.h pg_insert_exchange.c \
+  pg_list_exchanges.h pg_list_exchanges.c \
+  pg_delete_exchange.h pg_delete_exchange.c \
+  pg_insert_exchange_signkey.h pg_insert_exchange_signkey.c \
+  pg_insert_deposit_confirmation.h pg_insert_deposit_confirmation.c \
+  pg_get_purse_info.h pg_get_purse_info.c \
+  pg_delete_purse_info.h pg_delete_purse_info.c \
+  pg_update_purse_info.h pg_update_purse_info.c \
+  pg_insert_purse_info.h pg_insert_purse_info.c \
+  pg_get_purse_summary.h pg_get_purse_summary.c \
+  pg_select_purse_expired.h pg_select_purse_expired.c \
+  pg_insert_purse_summary.h pg_insert_purse_summary.c \
+  pg_update_purse_summary.h pg_update_purse_summary.c \
+  pg_get_deposit_confirmations.h pg_get_deposit_confirmations.c
 libtaler_plugin_auditordb_postgres_la_LIBADD = \
  $(LTLIBINTL)
 libtaler_plugin_auditordb_postgres_la_LDFLAGS = \
--- a/src/auditordb/auditor-0001.sql
+++ b/src/auditordb/auditor-0001.sql
@ -1,6 +1,6 @@
 --
 -- This file is part of TALER
-- Copyright (C) 2014--2020 Taler Systems SA
+-- Copyright (C) 2014--2022 Taler Systems SA
 --
 -- TALER is free software; you can redistribute it and/or modify it under the
 -- terms of the GNU General Public License as published by the Free Software
@ -52,16 +52,29 @@ CREATE TABLE IF NOT EXISTS auditor_progress_reserve
  ,last_reserve_in_serial_id INT8 NOT NULL DEFAULT 0
  ,last_reserve_out_serial_id INT8 NOT NULL DEFAULT 0
  ,last_reserve_recoup_serial_id INT8 NOT NULL DEFAULT 0
+  ,last_reserve_open_serial_id INT8 NOT NULL DEFAULT 0
  ,last_reserve_close_serial_id INT8 NOT NULL DEFAULT 0
-  ,last_purse_merges_serial_id INT8 NOT NULL DEFAULT 0
-  ,last_purse_deposits_serial_id INT8 NOT NULL DEFAULT 0
+  ,last_purse_decision_serial_id INT8 NOT NULL DEFAULT 0
  ,last_account_merges_serial_id INT8 NOT NULL DEFAULT 0
  ,last_history_requests_serial_id INT8 NOT NULL DEFAULT 0
-  ,last_close_requests_serial_id INT8 NOT NULL DEFAULT 0
  ,PRIMARY KEY (master_pub)
  );
 COMMENT ON TABLE auditor_progress_reserve
-  IS 'information as to which transactions the auditor has processed in the exchange database.  Used for SELECTing the
+  IS 'information as to which transactions the reserve auditor has processed in the exchange database.  Used for SELECTing the
+ statements to process.  The indices include the last serial ID from the respective tables that we have processed. Thus, we need to select those table entries that are strictly larger (and process in monotonically increasing order).';
+
+
+CREATE TABLE IF NOT EXISTS auditor_progress_purse
+  (master_pub BYTEA NOT NULL CONSTRAINT master_pub_ref REFERENCES auditor_exchanges(master_pub) ON DELETE CASCADE
+  ,last_purse_request_serial_id INT8 NOT NULL DEFAULT 0
+  ,last_purse_decision_serial_id INT8 NOT NULL DEFAULT 0
+  ,last_purse_merges_serial_id INT8 NOT NULL DEFAULT 0
+  ,last_account_merges_serial_id INT8 NOT NULL DEFAULT 0
+  ,last_purse_deposits_serial_id INT8 NOT NULL DEFAULT 0
+  ,PRIMARY KEY (master_pub)
+  );
+COMMENT ON TABLE auditor_progress_purse
+  IS 'information as to which purses the purse auditor has processed in the exchange database.  Used for SELECTing the
 statements to process.  The indices include the last serial ID from the respective tables that we have processed. Thus, we need to select those table entries that are strictly larger (and process in monotonically increasing order).';


@ -93,8 +106,9 @@ CREATE TABLE IF NOT EXISTS auditor_progress_coin
  ,last_refund_serial_id INT8 NOT NULL DEFAULT 0
  ,last_recoup_serial_id INT8 NOT NULL DEFAULT 0
  ,last_recoup_refresh_serial_id INT8 NOT NULL DEFAULT 0
+  ,last_open_deposits_serial_id INT8 NOT NULL DEFAULT 0
  ,last_purse_deposits_serial_id INT8 NOT NULL DEFAULT 0
-  ,last_purse_refunds_serial_id INT8 NOT NULL DEFAULT 0
+  ,last_purse_decision_serial_id INT8 NOT NULL DEFAULT 0
  ,PRIMARY KEY (master_pub)
  );
 COMMENT ON TABLE auditor_progress_coin
@ -129,10 +143,20 @@ CREATE TABLE IF NOT EXISTS auditor_reserves
  ,master_pub BYTEA NOT NULL CONSTRAINT master_pub_ref REFERENCES auditor_exchanges(master_pub) ON DELETE CASCADE
  ,reserve_balance_val INT8 NOT NULL
  ,reserve_balance_frac INT4 NOT NULL
+  ,reserve_loss_val INT8 NOT NULL
+  ,reserve_loss_frac INT4 NOT NULL
  ,withdraw_fee_balance_val INT8 NOT NULL
  ,withdraw_fee_balance_frac INT4 NOT NULL
+  ,close_fee_balance_val INT8 NOT NULL
+  ,close_fee_balance_frac INT4 NOT NULL
+  ,purse_fee_balance_val INT8 NOT NULL
+  ,purse_fee_balance_frac INT4 NOT NULL
+  ,open_fee_balance_val INT8 NOT NULL
+  ,open_fee_balance_frac INT4 NOT NULL
+  ,history_fee_balance_val INT8 NOT NULL
+  ,history_fee_balance_frac INT4 NOT NULL
  ,expiration_date INT8 NOT NULL
-  ,auditor_reserves_rowid BIGSERIAL UNIQUE
+  ,auditor_reserves_rowid BIGINT GENERATED BY DEFAULT AS IDENTITY UNIQUE
  ,origin_account TEXT
  );
 COMMENT ON TABLE auditor_reserves
@ -143,14 +167,47 @@ CREATE INDEX IF NOT EXISTS auditor_reserves_by_reserve_pub
  (reserve_pub);


+CREATE TABLE IF NOT EXISTS auditor_purses
+  (purse_pub BYTEA NOT NULL CHECK(LENGTH(purse_pub)=32)
+  ,master_pub BYTEA NOT NULL CONSTRAINT master_pub_ref REFERENCES auditor_exchanges(master_pub) ON DELETE CASCADE
+  ,balance_val INT8 NOT NULL DEFAULT(0)
+  ,balance_frac INT4 NOT NULL DEFAULT(0)
+  ,target_val INT8 NOT NULL
+  ,target_frac INT4 NOT NULL
+  ,expiration_date INT8 NOT NULL
+  ,auditor_purses_rowid BIGINT GENERATED BY DEFAULT AS IDENTITY UNIQUE
+  );
+COMMENT ON TABLE auditor_purses
+  IS 'all of the purses and their respective balances that the auditor is aware of';
+
+CREATE INDEX IF NOT EXISTS auditor_purses_by_purse_pub
+  ON auditor_purses
+  (purse_pub);
+
+
+CREATE TABLE IF NOT EXISTS auditor_purse_summary
+  (master_pub BYTEA NOT NULL CONSTRAINT master_pub_ref REFERENCES auditor_exchanges(master_pub) ON DELETE CASCADE
+  ,balance_val INT8 NOT NULL
+  ,balance_frac INT4 NOT NULL
+  ,open_purses INT8 NOT NULL
+  );
+COMMENT ON TABLE auditor_purse_summary
+  IS 'sum of the balances in open purses';
+
 CREATE TABLE IF NOT EXISTS auditor_reserve_balance
  (master_pub BYTEA NOT NULL CONSTRAINT master_pub_ref REFERENCES auditor_exchanges(master_pub) ON DELETE CASCADE
  ,reserve_balance_val INT8 NOT NULL
  ,reserve_balance_frac INT4 NOT NULL
+  ,reserve_loss_val INT8 NOT NULL
+  ,reserve_loss_frac INT4 NOT NULL
  ,withdraw_fee_balance_val INT8 NOT NULL
  ,withdraw_fee_balance_frac INT4 NOT NULL
+  ,close_fee_balance_val INT8 NOT NULL
+  ,close_fee_balance_frac INT4 NOT NULL
  ,purse_fee_balance_val INT8 NOT NULL
  ,purse_fee_balance_frac INT4 NOT NULL
+  ,open_fee_balance_val INT8 NOT NULL
+  ,open_fee_balance_frac INT4 NOT NULL
  ,history_fee_balance_val INT8 NOT NULL
  ,history_fee_balance_frac INT4 NOT NULL
  );
@ -185,8 +242,10 @@ COMMENT ON COLUMN auditor_denomination_pending.num_issued
  IS 'counts the number of coins issued (withdraw, refresh) of this denomination';
 COMMENT ON COLUMN auditor_denomination_pending.denom_risk_val
  IS 'amount that could theoretically be lost in the future due to recoup operations';
+COMMENT ON COLUMN auditor_denomination_pending.denom_loss_val
+  IS 'amount that was lost due to failures by the exchange';
 COMMENT ON COLUMN auditor_denomination_pending.recoup_loss_val
-  IS 'amount actually lost due to recoup operations past revocation';
+  IS 'amount actually lost due to recoup operations after a revocation';


 CREATE TABLE IF NOT EXISTS auditor_balance_summary
@ -199,15 +258,21 @@ CREATE TABLE IF NOT EXISTS auditor_balance_summary
  ,melt_fee_balance_frac INT4 NOT NULL
  ,refund_fee_balance_val INT8 NOT NULL
  ,refund_fee_balance_frac INT4 NOT NULL
+  ,purse_fee_balance_val INT8 NOT NULL
+  ,purse_fee_balance_frac INT4 NOT NULL
+  ,open_deposit_fee_balance_val INT8 NOT NULL
+  ,open_deposit_fee_balance_frac INT4 NOT NULL
  ,risk_val INT8 NOT NULL
  ,risk_frac INT4 NOT NULL
  ,loss_val INT8 NOT NULL
  ,loss_frac INT4 NOT NULL
-  ,irregular_recoup_val INT8 NOT NULL
-  ,irregular_recoup_frac INT4 NOT NULL
+  ,irregular_loss_val INT8 NOT NULL
+  ,irregular_loss_frac INT4 NOT NULL
  );
 COMMENT ON TABLE auditor_balance_summary
  IS 'the sum of the outstanding coins from auditor_denomination_pending (denom_pubs must belong to the respectives exchange master public key); it represents the auditor_balance_summary of the exchange at this point (modulo unexpected historic_loss-style events where denomination keys are compromised)';
+COMMENT ON COLUMN auditor_balance_summary.denom_balance_frac
+ IS 'total amount we should have in escrow for all denominations';


 CREATE TABLE IF NOT EXISTS auditor_historic_denomination_revenue
@ -243,9 +308,9 @@ CREATE INDEX IF NOT EXISTS auditor_historic_reserve_summary_by_master_pub_start_

 CREATE TABLE IF NOT EXISTS deposit_confirmations
  (master_pub BYTEA NOT NULL CONSTRAINT master_pub_ref REFERENCES auditor_exchanges(master_pub) ON DELETE CASCADE
-  ,serial_id BIGSERIAL NOT NULL UNIQUE
+  ,serial_id BIGINT GENERATED BY DEFAULT AS IDENTITY UNIQUE
  ,h_contract_terms BYTEA NOT NULL CHECK (LENGTH(h_contract_terms)=64)
-  ,h_extensions BYTEA NOT NULL CHECK (LENGTH(h_contract_terms)=64)
+  ,h_policy BYTEA NOT NULL CHECK (LENGTH(h_policy)=64)
  ,h_wire BYTEA NOT NULL CHECK (LENGTH(h_wire)=64)
  ,exchange_timestamp INT8 NOT NULL
  ,refund_deadline INT8 NOT NULL
--- a/src/auditordb/hdr.h
+++ b/src/auditordb/hdr.h
--- a/src/auditordb/pg_del_reserve_info.c
+++ b/src/auditordb/pg_del_reserve_info.c
@ -0,0 +1,50 @@
+/*
+   This file is part of TALER
+   Copyright (C) 2022 Taler Systems SA
+
+   TALER is free software; you can redistribute it and/or modify it under the
+   terms of the GNU General Public License as published by the Free Software
+   Foundation; either version 3, or (at your option) any later version.
+
+   TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+   WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+   A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License along with
+   TALER; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
+ */
+/**
+ * @file pg_del_reserve_info.c
+ * @brief Low-level (statement-level) Postgres database access for the exchange
+ * @author Christian Grothoff
+ */
+#include "platform.h"
+#include "taler_error_codes.h"
+#include "taler_dbevents.h"
+#include "taler_pq_lib.h"
+#include "pg_del_reserve_info.h"
+#include "pg_helper.h"
+
+
+enum GNUNET_DB_QueryStatus
+TAH_PG_del_reserve_info (void *cls,
+                         const struct TALER_ReservePublicKeyP *reserve_pub,
+                         const struct TALER_MasterPublicKeyP *master_pub)
+{
+  struct PostgresClosure *pg = cls;
+  struct GNUNET_PQ_QueryParam params[] = {
+    GNUNET_PQ_query_param_auto_from_type (reserve_pub),
+    GNUNET_PQ_query_param_auto_from_type (master_pub),
+    GNUNET_PQ_query_param_end
+  };
+
+  PREPARE (pg,
+           "auditor_reserves_delete",
+           "DELETE"
+           " FROM auditor_reserves"
+           " WHERE reserve_pub=$1"
+           " AND master_pub=$2;");
+  return GNUNET_PQ_eval_prepared_non_select (pg->conn,
+                                             "auditor_reserves_delete",
+                                             params);
+}
--- a/src/auditordb/pg_del_reserve_info.h
+++ b/src/auditordb/pg_del_reserve_info.h
@ -0,0 +1,43 @@
+/*
+   This file is part of TALER
+   Copyright (C) 2022 Taler Systems SA
+
+   TALER is free software; you can redistribute it and/or modify it under the
+   terms of the GNU General Public License as published by the Free Software
+   Foundation; either version 3, or (at your option) any later version.
+
+   TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+   WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+   A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License along with
+   TALER; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
+ */
+/**
+ * @file pg_del_reserve_info.h
+ * @brief implementation of the del_reserve_info function
+ * @author Christian Grothoff
+ */
+#ifndef PG_DEL_RESERVE_INFO_H
+#define PG_DEL_RESERVE_INFO_H
+
+#include "taler_util.h"
+#include "taler_json_lib.h"
+#include "taler_auditordb_plugin.h"
+
+
+/**
+ * Delete information about a reserve.
+ *
+ * @param cls the @e cls of this struct with the plugin-specific state
+ * @param reserve_pub public key of the reserve
+ * @param master_pub master public key of the exchange
+ * @return transaction status code
+ */
+enum GNUNET_DB_QueryStatus
+TAH_PG_del_reserve_info (void *cls,
+                         const struct TALER_ReservePublicKeyP *reserve_pub,
+                         const struct TALER_MasterPublicKeyP *master_pub);
+
+
+#endif
--- a/src/auditordb/pg_delete_exchange.c
+++ b/src/auditordb/pg_delete_exchange.c
@ -0,0 +1,47 @@
+/*
+   This file is part of TALER
+   Copyright (C) 2022 Taler Systems SA
+
+   TALER is free software; you can redistribute it and/or modify it under the
+   terms of the GNU General Public License as published by the Free Software
+   Foundation; either version 3, or (at your option) any later version.
+
+   TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+   WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+   A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License along with
+   TALER; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
+ */
+/**
+ * @file pg_delete_exchange.c
+ * @brief Low-level (statement-level) Postgres database access for the exchange
+ * @author Christian Grothoff
+ */
+#include "platform.h"
+#include "taler_error_codes.h"
+#include "taler_dbevents.h"
+#include "taler_pq_lib.h"
+#include "pg_delete_exchange.h"
+#include "pg_helper.h"
+
+
+enum GNUNET_DB_QueryStatus
+TAH_PG_delete_exchange (void *cls,
+                        const struct TALER_MasterPublicKeyP *master_pub)
+{
+  struct PostgresClosure *pg = cls;
+  struct GNUNET_PQ_QueryParam params[] = {
+    GNUNET_PQ_query_param_auto_from_type (master_pub),
+    GNUNET_PQ_query_param_end
+  };
+
+  PREPARE (pg,
+           "auditor_delete_exchange",
+           "DELETE"
+           " FROM auditor_exchanges"
+           " WHERE master_pub=$1;");
+  return GNUNET_PQ_eval_prepared_non_select (pg->conn,
+                                             "auditor_delete_exchange",
+                                             params);
+}
--- a/src/auditordb/pg_delete_exchange.h
+++ b/src/auditordb/pg_delete_exchange.h
@ -0,0 +1,43 @@
+/*
+   This file is part of TALER
+   Copyright (C) 2022 Taler Systems SA
+
+   TALER is free software; you can redistribute it and/or modify it under the
+   terms of the GNU General Public License as published by the Free Software
+   Foundation; either version 3, or (at your option) any later version.
+
+   TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+   WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+   A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License along with
+   TALER; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
+ */
+/**
+ * @file pg_delete_exchange.h
+ * @brief implementation of the delete_exchange function
+ * @author Christian Grothoff
+ */
+#ifndef PG_DELETE_EXCHANGE_H
+#define PG_DELETE_EXCHANGE_H
+
+#include "taler_util.h"
+#include "taler_json_lib.h"
+#include "taler_auditordb_plugin.h"
+
+
+/**
+ * Delete an exchange from the list of exchanges this auditor is auditing.
+ * Warning: this will cascade and delete all knowledge of this auditor related
+ * to this exchange!
+ *
+ * @param cls the @e cls of this struct with the plugin-specific state
+ * @param master_pub master public key of the exchange
+ * @return query result status
+ */
+enum GNUNET_DB_QueryStatus
+TAH_PG_delete_exchange (void *cls,
+                        const struct TALER_MasterPublicKeyP *master_pub);
+
+
+#endif
--- a/src/auditordb/pg_delete_purse_info.c
+++ b/src/auditordb/pg_delete_purse_info.c
@ -0,0 +1,50 @@
+/*
+   This file is part of TALER
+   Copyright (C) 2022 Taler Systems SA
+
+   TALER is free software; you can redistribute it and/or modify it under the
+   terms of the GNU General Public License as published by the Free Software
+   Foundation; either version 3, or (at your option) any later version.
+
+   TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+   WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+   A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License along with
+   TALER; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
+ */
+/**
+ * @file auditordb/pg_delete_purse_info.c
+ * @brief Implementation of the delete_purse_info function for Postgres
+ * @author Christian Grothoff
+ */
+#include "platform.h"
+#include "taler_error_codes.h"
+#include "taler_dbevents.h"
+#include "taler_pq_lib.h"
+#include "pg_delete_purse_info.h"
+#include "pg_helper.h"
+
+
+enum GNUNET_DB_QueryStatus
+TAH_PG_delete_purse_info (
+  void *cls,
+  const struct TALER_PurseContractPublicKeyP *purse_pub,
+  const struct TALER_MasterPublicKeyP *master_pub)
+{
+  struct PostgresClosure *pg = cls;
+  struct GNUNET_PQ_QueryParam params[] = {
+    GNUNET_PQ_query_param_auto_from_type (purse_pub),
+    GNUNET_PQ_query_param_auto_from_type (master_pub),
+    GNUNET_PQ_query_param_end
+  };
+
+  PREPARE (pg,
+           "auditor_purses_delete",
+           "DELETE FROM auditor_purses "
+           " WHERE purse_pub=$1"
+           "   AND master_pub=$2;");
+  return GNUNET_PQ_eval_prepared_non_select (pg->conn,
+                                             "auditor_purses_delete",
+                                             params);
+}
--- a/src/auditordb/pg_delete_purse_info.h
+++ b/src/auditordb/pg_delete_purse_info.h
@ -0,0 +1,44 @@
+/*
+   This file is part of TALER
+   Copyright (C) 2022 Taler Systems SA
+
+   TALER is free software; you can redistribute it and/or modify it under the
+   terms of the GNU General Public License as published by the Free Software
+   Foundation; either version 3, or (at your option) any later version.
+
+   TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+   WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+   A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License along with
+   TALER; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
+ */
+/**
+ * @file auditordb/pg_delete_purse_info.h
+ * @brief implementation of the delete_purse_info function for Postgres
+ * @author Christian Grothoff
+ */
+#ifndef PG_DELETE_PURSE_INFO_H
+#define PG_DELETE_PURSE_INFO_H
+
+#include "taler_util.h"
+#include "taler_json_lib.h"
+#include "taler_auditordb_plugin.h"
+
+
+/**
+ * Delete information about a purse.
+ *
+ * @param cls the @e cls of this struct with the plugin-specific state
+ * @param purse_pub public key of the reserve
+ * @param master_pub master public key of the exchange
+ * @return transaction status code
+ */
+enum GNUNET_DB_QueryStatus
+TAH_PG_delete_purse_info (
+  void *cls,
+  const struct TALER_PurseContractPublicKeyP *purse_pub,
+  const struct TALER_MasterPublicKeyP *master_pub);
+
+
+#endif
--- a/src/auditordb/pg_get_auditor_progress_aggregation.c
+++ b/src/auditordb/pg_get_auditor_progress_aggregation.c
@ -0,0 +1,56 @@
+/*
+   This file is part of TALER
+   Copyright (C) 2022 Taler Systems SA
+
+   TALER is free software; you can redistribute it and/or modify it under the
+   terms of the GNU General Public License as published by the Free Software
+   Foundation; either version 3, or (at your option) any later version.
+
+   TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+   WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+   A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License along with
+   TALER; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
+ */
+/**
+ * @file pg_get_auditor_progress_aggregation.c
+ * @brief Low-level (statement-level) Postgres database access for the exchange
+ * @author Christian Grothoff
+ */
+#include "platform.h"
+#include "taler_error_codes.h"
+#include "taler_dbevents.h"
+#include "taler_pq_lib.h"
+#include "pg_get_auditor_progress_aggregation.h"
+#include "pg_helper.h"
+
+
+enum GNUNET_DB_QueryStatus
+TAH_PG_get_auditor_progress_aggregation (
+  void *cls,
+  const struct TALER_MasterPublicKeyP *master_pub,
+  struct TALER_AUDITORDB_ProgressPointAggregation *ppa)
+{
+  struct PostgresClosure *pg = cls;
+  struct GNUNET_PQ_QueryParam params[] = {
+    GNUNET_PQ_query_param_auto_from_type (master_pub),
+    GNUNET_PQ_query_param_end
+  };
+  struct GNUNET_PQ_ResultSpec rs[] = {
+    GNUNET_PQ_result_spec_uint64 ("last_wire_out_serial_id",
+                                  &ppa->last_wire_out_serial_id),
+    GNUNET_PQ_result_spec_end
+  };
+
+  PREPARE (pg,
+           "auditor_progress_select_aggregation",
+           "SELECT"
+           " last_wire_out_serial_id"
+           " FROM auditor_progress_aggregation"
+           " WHERE master_pub=$1;");
+  return GNUNET_PQ_eval_prepared_singleton_select (pg->conn,
+                                                   "auditor_progress_select_aggregation",
+                                                   params,
+                                                   rs);
+}
--- a/src/auditordb/pg_get_auditor_progress_aggregation.h
+++ b/src/auditordb/pg_get_auditor_progress_aggregation.h
@ -0,0 +1,43 @@
+/*
+   This file is part of TALER
+   Copyright (C) 2022 Taler Systems SA
+
+   TALER is free software; you can redistribute it and/or modify it under the
+   terms of the GNU General Public License as published by the Free Software
+   Foundation; either version 3, or (at your option) any later version.
+
+   TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+   WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+   A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License along with
+   TALER; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
+ */
+/**
+ * @file pg_get_auditor_progress_aggregation.h
+ * @brief implementation of the get_auditor_progress_aggregation function
+ * @author Christian Grothoff
+ */
+#ifndef PG_GET_AUDITOR_PROGRESS_AGGREGATION_H
+#define PG_GET_AUDITOR_PROGRESS_AGGREGATION_H
+
+#include "taler_util.h"
+#include "taler_json_lib.h"
+#include "taler_auditordb_plugin.h"
+
+
+/**
+ * Get information about the progress of the auditor.
+ *
+ * @param cls the @e cls of this struct with the plugin-specific state
+ * @param master_pub master key of the exchange
+ * @param[out] ppa set to where the auditor is in processing
+ * @return transaction status code
+ */
+enum GNUNET_DB_QueryStatus
+TAH_PG_get_auditor_progress_aggregation (
+  void *cls,
+  const struct TALER_MasterPublicKeyP *master_pub,
+  struct TALER_AUDITORDB_ProgressPointAggregation *ppa);
+
+#endif
--- a/src/auditordb/pg_get_auditor_progress_coin.c
+++ b/src/auditordb/pg_get_auditor_progress_coin.c
@ -0,0 +1,77 @@
+/*
+   This file is part of TALER
+   Copyright (C) 2022 Taler Systems SA
+
+   TALER is free software; you can redistribute it and/or modify it under the
+   terms of the GNU General Public License as published by the Free Software
+   Foundation; either version 3, or (at your option) any later version.
+
+   TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+   WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+   A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License along with
+   TALER; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
+ */
+/**
+ * @file pg_get_auditor_progress_coin.c
+ * @brief Low-level (statement-level) Postgres database access for the exchange
+ * @author Christian Grothoff
+ */
+#include "platform.h"
+#include "taler_error_codes.h"
+#include "taler_dbevents.h"
+#include "taler_pq_lib.h"
+#include "pg_get_auditor_progress_coin.h"
+#include "pg_helper.h"
+
+
+enum GNUNET_DB_QueryStatus
+TAH_PG_get_auditor_progress_coin (
+  void *cls,
+  const struct TALER_MasterPublicKeyP *master_pub,
+  struct TALER_AUDITORDB_ProgressPointCoin *ppc)
+{
+  struct PostgresClosure *pg = cls;
+  struct GNUNET_PQ_QueryParam params[] = {
+    GNUNET_PQ_query_param_auto_from_type (master_pub),
+    GNUNET_PQ_query_param_end
+  };
+  struct GNUNET_PQ_ResultSpec rs[] = {
+    GNUNET_PQ_result_spec_uint64 ("last_withdraw_serial_id",
+                                  &ppc->last_withdraw_serial_id),
+    GNUNET_PQ_result_spec_uint64 ("last_deposit_serial_id",
+                                  &ppc->last_deposit_serial_id),
+    GNUNET_PQ_result_spec_uint64 ("last_melt_serial_id",
+                                  &ppc->last_melt_serial_id),
+    GNUNET_PQ_result_spec_uint64 ("last_refund_serial_id",
+                                  &ppc->last_refund_serial_id),
+    GNUNET_PQ_result_spec_uint64 ("last_recoup_serial_id",
+                                  &ppc->last_recoup_serial_id),
+    GNUNET_PQ_result_spec_uint64 ("last_recoup_refresh_serial_id",
+                                  &ppc->last_recoup_refresh_serial_id),
+    GNUNET_PQ_result_spec_uint64 ("last_purse_deposits_serial_id",
+                                  &ppc->last_purse_deposits_serial_id),
+    GNUNET_PQ_result_spec_uint64 ("last_purse_decision_serial_id",
+                                  &ppc->last_purse_refunds_serial_id),
+    GNUNET_PQ_result_spec_end
+  };
+
+  PREPARE (pg,
+           "auditor_progress_select_coin",
+           "SELECT"
+           " last_withdraw_serial_id"
+           ",last_deposit_serial_id"
+           ",last_melt_serial_id"
+           ",last_refund_serial_id"
+           ",last_recoup_serial_id"
+           ",last_recoup_refresh_serial_id"
+           ",last_purse_deposits_serial_id"
+           ",last_purse_decision_serial_id"
+           " FROM auditor_progress_coin"
+           " WHERE master_pub=$1;");
+  return GNUNET_PQ_eval_prepared_singleton_select (pg->conn,
+                                                   "auditor_progress_select_coin",
+                                                   params,
+                                                   rs);
+}
--- a/src/auditordb/pg_get_auditor_progress_coin.h
+++ b/src/auditordb/pg_get_auditor_progress_coin.h
@ -0,0 +1,43 @@
+/*
+   This file is part of TALER
+   Copyright (C) 2022 Taler Systems SA
+
+   TALER is free software; you can redistribute it and/or modify it under the
+   terms of the GNU General Public License as published by the Free Software
+   Foundation; either version 3, or (at your option) any later version.
+
+   TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+   WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+   A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License along with
+   TALER; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
+ */
+/**
+ * @file pg_get_auditor_progress_coin.h
+ * @brief implementation of the get_auditor_progress_coin function
+ * @author Christian Grothoff
+ */
+#ifndef PG_GET_AUDITOR_PROGRESS_COIN_H
+#define PG_GET_AUDITOR_PROGRESS_COIN_H
+
+#include "taler_util.h"
+#include "taler_json_lib.h"
+#include "taler_auditordb_plugin.h"
+
+
+/**
+ * Get information about the progress of the auditor.
+ *
+ * @param cls the @e cls of this struct with the plugin-specific state
+ * @param master_pub master key of the exchange
+ * @param[out] ppc set to where the auditor is in processing
+ * @return transaction status code
+ */
+enum GNUNET_DB_QueryStatus
+TAH_PG_get_auditor_progress_coin (
+  void *cls,
+  const struct TALER_MasterPublicKeyP *master_pub,
+  struct TALER_AUDITORDB_ProgressPointCoin *ppc);
+
+#endif
--- a/src/auditordb/pg_get_auditor_progress_deposit_confirmation.c
+++ b/src/auditordb/pg_get_auditor_progress_deposit_confirmation.c
@ -0,0 +1,56 @@
+/*
+   This file is part of TALER
+   Copyright (C) 2022 Taler Systems SA
+
+   TALER is free software; you can redistribute it and/or modify it under the
+   terms of the GNU General Public License as published by the Free Software
+   Foundation; either version 3, or (at your option) any later version.
+
+   TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+   WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+   A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License along with
+   TALER; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
+ */
+/**
+ * @file pg_get_auditor_progress_deposit_confirmation.c
+ * @brief Low-level (statement-level) Postgres database access for the exchange
+ * @author Christian Grothoff
+ */
+#include "platform.h"
+#include "taler_error_codes.h"
+#include "taler_dbevents.h"
+#include "taler_pq_lib.h"
+#include "pg_get_auditor_progress_deposit_confirmation.h"
+#include "pg_helper.h"
+
+
+enum GNUNET_DB_QueryStatus
+TAH_PG_get_auditor_progress_deposit_confirmation (
+  void *cls,
+  const struct TALER_MasterPublicKeyP *master_pub,
+  struct TALER_AUDITORDB_ProgressPointDepositConfirmation *ppdc)
+{
+  struct PostgresClosure *pg = cls;
+  struct GNUNET_PQ_QueryParam params[] = {
+    GNUNET_PQ_query_param_auto_from_type (master_pub),
+    GNUNET_PQ_query_param_end
+  };
+  struct GNUNET_PQ_ResultSpec rs[] = {
+    GNUNET_PQ_result_spec_uint64 ("last_deposit_confirmation_serial_id",
+                                  &ppdc->last_deposit_confirmation_serial_id),
+    GNUNET_PQ_result_spec_end
+  };
+
+  PREPARE (pg,
+           "auditor_progress_select_deposit_confirmation",
+           "SELECT"
+           " last_deposit_confirmation_serial_id"
+           " FROM auditor_progress_deposit_confirmation"
+           " WHERE master_pub=$1;");
+  return GNUNET_PQ_eval_prepared_singleton_select (pg->conn,
+                                                   "auditor_progress_select_deposit_confirmation",
+                                                   params,
+                                                   rs);
+}
--- a/src/auditordb/pg_get_auditor_progress_deposit_confirmation.h
+++ b/src/auditordb/pg_get_auditor_progress_deposit_confirmation.h
@ -0,0 +1,43 @@
+/*
+   This file is part of TALER
+   Copyright (C) 2022 Taler Systems SA
+
+   TALER is free software; you can redistribute it and/or modify it under the
+   terms of the GNU General Public License as published by the Free Software
+   Foundation; either version 3, or (at your option) any later version.
+
+   TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+   WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+   A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License along with
+   TALER; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
+ */
+/**
+ * @file pg_get_auditor_progress_deposit_confirmation.h
+ * @brief implementation of the get_auditor_progress_deposit_confirmation function
+ * @author Christian Grothoff
+ */
+#ifndef PG_GET_AUDITOR_PROGRESS_DEPOSIT_CONFIRMATION_H
+#define PG_GET_AUDITOR_PROGRESS_DEPOSIT_CONFIRMATION_H
+
+#include "taler_util.h"
+#include "taler_json_lib.h"
+#include "taler_auditordb_plugin.h"
+
+
+/**
+ * Get information about the progress of the auditor.
+ *
+ * @param cls the @e cls of this struct with the plugin-specific state
+ * @param master_pub master key of the exchange
+ * @param[out] ppdc set to where the auditor is in processing
+ * @return transaction status code
+ */
+enum GNUNET_DB_QueryStatus
+TAH_PG_get_auditor_progress_deposit_confirmation (
+  void *cls,
+  const struct TALER_MasterPublicKeyP *master_pub,
+  struct TALER_AUDITORDB_ProgressPointDepositConfirmation *ppdc);
+
+#endif
--- a/src/auditordb/pg_get_auditor_progress_purse.c
+++ b/src/auditordb/pg_get_auditor_progress_purse.c
@ -0,0 +1,68 @@
+/*
+   This file is part of TALER
+   Copyright (C) 2022 Taler Systems SA
+
+   TALER is free software; you can redistribute it and/or modify it under the
+   terms of the GNU General Public License as published by the Free Software
+   Foundation; either version 3, or (at your option) any later version.
+
+   TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+   WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+   A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License along with
+   TALER; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
+ */
+/**
+ * @file pg_get_auditor_progress_purse.c
+ * @brief Low-level (statement-level) Postgres database access for the exchange
+ * @author Christian Grothoff
+ */
+#include "platform.h"
+#include "taler_error_codes.h"
+#include "taler_dbevents.h"
+#include "taler_pq_lib.h"
+#include "pg_get_auditor_progress_purse.h"
+#include "pg_helper.h"
+
+
+enum GNUNET_DB_QueryStatus
+TAH_PG_get_auditor_progress_purse (
+  void *cls,
+  const struct TALER_MasterPublicKeyP *master_pub,
+  struct TALER_AUDITORDB_ProgressPointPurse *ppp)
+{
+  struct PostgresClosure *pg = cls;
+  struct GNUNET_PQ_QueryParam params[] = {
+    GNUNET_PQ_query_param_auto_from_type (master_pub),
+    GNUNET_PQ_query_param_end
+  };
+  struct GNUNET_PQ_ResultSpec rs[] = {
+    GNUNET_PQ_result_spec_uint64 ("last_purse_request_serial_id",
+                                  &ppp->last_purse_request_serial_id),
+    GNUNET_PQ_result_spec_uint64 ("last_purse_decision_serial_id",
+                                  &ppp->last_purse_decision_serial_id),
+    GNUNET_PQ_result_spec_uint64 ("last_purse_merges_serial_id",
+                                  &ppp->last_purse_merge_serial_id),
+    GNUNET_PQ_result_spec_uint64 ("last_account_merges_serial_id",
+                                  &ppp->last_account_merge_serial_id),
+    GNUNET_PQ_result_spec_uint64 ("last_purse_deposits_serial_id",
+                                  &ppp->last_purse_deposits_serial_id),
+    GNUNET_PQ_result_spec_end
+  };
+
+  PREPARE (pg,
+           "auditor_progress_select_purse",
+           "SELECT"
+           " last_purse_request_serial_id"
+           ",last_purse_decision_serial_id"
+           ",last_purse_merges_serial_id"
+           ",last_account_merges_serial_id"
+           ",last_purse_deposits_serial_id"
+           " FROM auditor_progress_purse"
+           " WHERE master_pub=$1;");
+  return GNUNET_PQ_eval_prepared_singleton_select (pg->conn,
+                                                   "auditor_progress_select_purse",
+                                                   params,
+                                                   rs);
+}
--- a/src/auditordb/pg_get_auditor_progress_purse.h
+++ b/src/auditordb/pg_get_auditor_progress_purse.h
@ -0,0 +1,44 @@
+/*
+   This file is part of TALER
+   Copyright (C) 2022 Taler Systems SA
+
+   TALER is free software; you can redistribute it and/or modify it under the
+   terms of the GNU General Public License as published by the Free Software
+   Foundation; either version 3, or (at your option) any later version.
+
+   TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+   WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+   A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License along with
+   TALER; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
+ */
+/**
+ * @file pg_get_auditor_progress_purse.h
+ * @brief implementation of the get_auditor_progress_purse function
+ * @author Christian Grothoff
+ */
+#ifndef PG_GET_AUDITOR_PROGRESS_PURSE_H
+#define PG_GET_AUDITOR_PROGRESS_PURSE_H
+
+#include "taler_util.h"
+#include "taler_json_lib.h"
+#include "taler_auditordb_plugin.h"
+
+
+/**
+ * Get information about the progress of the auditor.
+ *
+ * @param cls the @e cls of this struct with the plugin-specific state
+ * @param master_pub master key of the exchange
+ * @param[out] ppp set to where the auditor is in processing
+ * @return transaction status code
+ */
+enum GNUNET_DB_QueryStatus
+TAH_PG_get_auditor_progress_purse (
+  void *cls,
+  const struct TALER_MasterPublicKeyP *master_pub,
+  struct TALER_AUDITORDB_ProgressPointPurse *ppp);
+
+
+#endif
--- a/Show More
+++ b/Show More