@atproto/dev-env 0.3.168 → 0.3.170

package/dist/service-profile.d.ts

@@ -0,0 +1,23 @@
+import { AtpAgent } from '@atproto/api';
+import { TestPds } from './pds';
+export type ServiceUserDetails = {
+    email: string;
+    handle: string;
+    password: string;
+};
+export type ServiceMigrationOptions = {
+    services?: Record<string, unknown>;
+    verificationMethods?: Record<string, unknown>;
+};
+export declare class ServiceProfile {
+    protected pds: TestPds;
+    /** @note assumes the session is already authenticated */
+    protected client: AtpAgent;
+    protected userDetails: ServiceUserDetails;
+    protected constructor(pds: TestPds, 
+    /** @note assumes the session is already authenticated */
+    client: AtpAgent, userDetails: ServiceUserDetails);
+    get did(): string;
+    migrateTo(newPds: TestPds, options?: ServiceMigrationOptions): Promise<void>;
+}
+//# sourceMappingURL=service-profile.d.ts.map

package/dist/service-profile.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"service-profile.d.ts","sourceRoot":"","sources":["../src/service-profile.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,cAAc,CAAA;AACvC,OAAO,EAAE,OAAO,EAAE,MAAM,OAAO,CAAA;AAE/B,MAAM,MAAM,kBAAkB,GAAG;IAC/B,KAAK,EAAE,MAAM,CAAA;IACb,MAAM,EAAE,MAAM,CAAA;IACd,QAAQ,EAAE,MAAM,CAAA;CACjB,CAAA;AAED,MAAM,MAAM,uBAAuB,GAAG;IACpC,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IAClC,mBAAmB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;CAC9C,CAAA;AAED,qBAAa,cAAc;IAEvB,SAAS,CAAC,GAAG,EAAE,OAAO;IACtB,yDAAyD;IACzD,SAAS,CAAC,MAAM,EAAE,QAAQ;IAC1B,SAAS,CAAC,WAAW,EAAE,kBAAkB;IAJ3C,SAAS,aACG,GAAG,EAAE,OAAO;IACtB,yDAAyD;IAC/C,MAAM,EAAE,QAAQ,EAChB,WAAW,EAAE,kBAAkB;IAG3C,IAAI,GAAG,WAEN;IAEK,SAAS,CAAC,MAAM,EAAE,OAAO,EAAE,OAAO,GAAE,uBAA4B;CAmEvE"}

package/dist/service-profile.js

@@ -0,0 +1,80 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ServiceProfile = void 0;
+class ServiceProfile {
+    constructor(pds, 
+    /** @note assumes the session is already authenticated */
+    client, userDetails) {
+        Object.defineProperty(this, "pds", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: pds
+        });
+        Object.defineProperty(this, "client", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: client
+        });
+        Object.defineProperty(this, "userDetails", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: userDetails
+        });
+    }
+    get did() {
+        return this.client.assertDid;
+    }
+    async migrateTo(newPds, options = {}) {
+        const newClient = newPds.getClient();
+        const newPdsDesc = await newClient.com.atproto.server.describeServer();
+        const serviceAuth = await this.client.com.atproto.server.getServiceAuth({
+            aud: newPdsDesc.data.did,
+            lxm: 'com.atproto.server.createAccount',
+        });
+        const inviteCode = newPds.ctx.cfg.invites.required
+            ? await newClient.com.atproto.server
+                .createInviteCode({ useCount: 1 }, {
+                encoding: 'application/json',
+                headers: newPds.adminAuthHeaders(),
+            })
+                .then((res) => res.data.code)
+            : undefined;
+        await newClient.createAccount({
+            ...this.userDetails,
+            inviteCode,
+            did: this.did,
+        }, {
+            encoding: 'application/json',
+            headers: { authorization: `Bearer ${serviceAuth.data.token}` },
+        });
+        // The session manager will use the "didDoc" in the result of
+        // "createAccount" in order to setup the pdsUrl. However, since are in the
+        // process of migrating, that didDoc references the old PDS. In order to
+        // avoid calling the old PDS, let's clear the pdsUrl, which will result in
+        // the (new) serviceUrl being used.
+        newClient.sessionManager.pdsUrl = undefined;
+        const newDidCredentialsRes = await newClient.com.atproto.identity.getRecommendedDidCredentials();
+        await this.client.com.atproto.identity.requestPlcOperationSignature();
+        const { token } = await this.pds.ctx.accountManager.db.db
+            .selectFrom('email_token')
+            .select('token')
+            .where('did', '=', this.did)
+            .where('purpose', '=', 'plc_operation')
+            .executeTakeFirstOrThrow();
+        const op = { ...newDidCredentialsRes.data, token };
+        Object.assign((op.services ?? (op.services = {})), options.services);
+        Object.assign((op.verificationMethods ?? (op.verificationMethods = {})), options.verificationMethods);
+        const signedPlcOperation = await this.client.com.atproto.identity.signPlcOperation(op);
+        await newClient.com.atproto.identity.submitPlcOperation({
+            operation: signedPlcOperation.data.operation,
+        });
+        await newClient.com.atproto.server.activateAccount();
+        this.pds = newPds;
+        this.client = newClient;
+    }
+}
+exports.ServiceProfile = ServiceProfile;
+//# sourceMappingURL=service-profile.js.map

package/dist/service-profile.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"service-profile.js","sourceRoot":"","sources":["../src/service-profile.ts"],"names":[],"mappings":";;;AAcA,MAAa,cAAc;IACzB,YACY,GAAY;IACtB,yDAAyD;IAC/C,MAAgB,EAChB,WAA+B;QAHzC;;;;mBAAU,GAAG;WAAS;QAEtB;;;;mBAAU,MAAM;WAAU;QAC1B;;;;mBAAU,WAAW;WAAoB;IACxC,CAAC;IAEJ,IAAI,GAAG;QACL,OAAO,IAAI,CAAC,MAAM,CAAC,SAAS,CAAA;IAC9B,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,MAAe,EAAE,UAAmC,EAAE;QACpE,MAAM,SAAS,GAAG,MAAM,CAAC,SAAS,EAAE,CAAA;QAEpC,MAAM,UAAU,GAAG,MAAM,SAAS,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,cAAc,EAAE,CAAA;QACtE,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,cAAc,CAAC;YACtE,GAAG,EAAE,UAAU,CAAC,IAAI,CAAC,GAAG;YACxB,GAAG,EAAE,kCAAkC;SACxC,CAAC,CAAA;QAEF,MAAM,UAAU,GAAG,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ;YAChD,CAAC,CAAC,MAAM,SAAS,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM;iBAC/B,gBAAgB,CACf,EAAE,QAAQ,EAAE,CAAC,EAAE,EACf;gBACE,QAAQ,EAAE,kBAAkB;gBAC5B,OAAO,EAAE,MAAM,CAAC,gBAAgB,EAAE;aACnC,CACF;iBACA,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC;YACjC,CAAC,CAAC,SAAS,CAAA;QAEb,MAAM,SAAS,CAAC,aAAa,CAC3B;YACE,GAAG,IAAI,CAAC,WAAW;YACnB,UAAU;YACV,GAAG,EAAE,IAAI,CAAC,GAAG;SACd,EACD;YACE,QAAQ,EAAE,kBAAkB;YAC5B,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,WAAW,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE;SAC/D,CACF,CAAA;QAED,6DAA6D;QAC7D,0EAA0E;QAC1E,wEAAwE;QACxE,0EAA0E;QAC1E,mCAAmC;QACnC,SAAS,CAAC,cAAc,CAAC,MAAM,GAAG,SAAS,CAAA;QAE3C,MAAM,oBAAoB,GACxB,MAAM,SAAS,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,4BAA4B,EAAE,CAAA;QAErE,MAAM,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,4BAA4B,EAAE,CAAA;QACrE,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,cAAc,CAAC,EAAE,CAAC,EAAE;aACtD,UAAU,CAAC,aAAa,CAAC;aACzB,MAAM,CAAC,OAAO,CAAC;aACf,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,CAAC;aAC3B,KAAK,CAAC,SAAS,EAAE,GAAG,EAAE,eAAe,CAAC;aACtC,uBAAuB,EAAE,CAAA;QAE5B,MAAM,EAAE,GAAG,EAAE,GAAG,oBAAoB,CAAC,IAAI,EAAE,KAAK,EAAE,CAAA;QAClD,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC,QAAQ,KAAX,EAAE,CAAC,QAAQ,GAAK,EAAE,EAAC,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAA;QACrD,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC,mBAAmB,KAAtB,EAAE,CAAC,mBAAmB,GAAK,EAAE,EAAC,EAAE,OAAO,CAAC,mBAAmB,CAAC,CAAA;QAE3E,MAAM,kBAAkB,GACtB,MAAM,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAC,EAAE,CAAC,CAAA;QAE7D,MAAM,SAAS,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAC;YACtD,SAAS,EAAE,kBAAkB,CAAC,IAAI,CAAC,SAAS;SAC7C,CAAC,CAAA;QAEF,MAAM,SAAS,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,eAAe,EAAE,CAAA;QAEpD,IAAI,CAAC,GAAG,GAAG,MAAM,CAAA;QACjB,IAAI,CAAC,MAAM,GAAG,SAAS,CAAA;IACzB,CAAC;CACF;AA/ED,wCA+EC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@atproto/dev-env",
-  "version": "0.3.168",
+  "version": "0.3.170",
   "license": "MIT",
   "description": "Local development environment helper for atproto development",
   "keywords": [
@@ -27,18 +27,18 @@
     "multiformats": "^9.9.0",
     "uint8arrays": "3.0.0",
     "undici": "^6.14.1",
-    "@atproto/api": "^0.16.5",
-    "@atproto/bsky": "^0.0.180",
-    "@atproto/bsync": "^0.0.20",
+    "@atproto/api": "^0.16.6",
+    "@atproto/bsky": "^0.0.181",
+    "@atproto/bsync": "^0.0.21",
     "@atproto/common-web": "^0.4.2",
     "@atproto/crypto": "^0.4.4",
     "@atproto/identity": "^0.4.8",
-    "@atproto/lexicon": "^0.4.14",
-    "@atproto/ozone": "^0.1.138",
-    "@atproto/pds": "^0.4.172",
-    "@atproto/sync": "^0.1.32",
-    "@atproto/syntax": "^0.4.0",
-    "@atproto/xrpc-server": "^0.9.3"
+    "@atproto/lexicon": "^0.5.0",
+    "@atproto/ozone": "^0.1.139",
+    "@atproto/pds": "^0.4.174",
+    "@atproto/sync": "^0.1.33",
+    "@atproto/syntax": "^0.4.1",
+    "@atproto/xrpc-server": "^0.9.4"
   },
   "devDependencies": {
     "@types/express": "^4.17.13",

package/src/bin.ts

@@ -39,21 +39,20 @@ const run = async () => {
 
   if (network.introspect) {
     console.log(
-      `🔍 Dev-env introspection server started http://localhost:${network.introspect.port}`,
+      `🔍 Dev-env introspection server http://localhost:${network.introspect.port}`,
     )
   }
+  console.log(`👤 DID Placeholder server http://localhost:${network.plc.port}`)
+  console.log(`🌞 Main PDS http://localhost:${network.pds.port}`)
   console.log(
-    `👤 DID Placeholder server started http://localhost:${network.plc.port}`,
+    `🔨 Lexicon authority DID ${network.pds.ctx.cfg.lexicon.didAuthority}`,
   )
-  console.log(
-    `🌞 Personal Data server started http://localhost:${network.pds.port}`,
-  )
-  console.log(`🗼 Ozone server started http://localhost:${network.ozone.port}`)
+  console.log(`🗼 Ozone server http://localhost:${network.ozone.port}`)
   console.log(`🗼 Ozone service DID ${network.ozone.ctx.cfg.service.did}`)
-  console.log(`🌅 Bsky Appview started http://localhost:${network.bsky.port}`)
+  console.log(`🌅 Bsky Appview http://localhost:${network.bsky.port}`)
   console.log(`🌅 Bsky Appview DID ${network.bsky.serverDid}`)
   for (const fg of network.feedGens) {
-    console.log(`🤖 Feed Generator started http://localhost:${fg.port}`)
+    console.log(`🤖 Feed Generator (${fg.did}) http://localhost:${fg.port}`)
   }
 }
 

package/src/mock/index.ts

@@ -542,6 +542,7 @@ export async function generateMockSetup(env: TestNetwork) {
 
   await setVerifier(env.bsky.db, alice.accountDid)
 
+  // @TODO the following should be optimized as it makes dev-env start very slow (>10 sec)
   const sc = env.getSeedClient()
   await seedThreadV2.simple(sc)
   await seedThreadV2.long(sc)

package/src/network.ts

@@ -8,9 +8,10 @@ import { EXAMPLE_LABELER } from './const'
 import { IntrospectServer } from './introspect'
 import { TestNetworkNoAppView } from './network-no-appview'
 import { TestOzone } from './ozone'
-import { OzoneServiceProfile } from './ozone-service-profile'
 import { TestPds } from './pds'
 import { TestPlc } from './plc'
+import { LexiconAuthorityProfile } from './service-profile-lexicon'
+import { OzoneServiceProfile } from './service-profile-ozone'
 import { TestServerParams } from './types'
 import { mockNetworkUtilities } from './util'
 
@@ -44,16 +45,23 @@ export class TestNetwork extends TestNetworkNoAppView {
     const pdsPort = params.pds?.port ?? (await getPort())
     const ozonePort = params.ozone?.port ?? (await getPort())
 
-    const thirdPartyPdsProps = {
+    const thirdPartyPds = await TestPds.create({
       didPlcUrl: plc.url,
       ...params.pds,
       inviteRequired: false,
       port: await getPort(),
-    }
-    const thirdPartyPds = await TestPds.create(thirdPartyPdsProps)
-    const ozoneServiceProfile = new OzoneServiceProfile(thirdPartyPds)
-    const { did: ozoneDid, key: ozoneKey } =
-      await ozoneServiceProfile.createDidAndKey()
+    })
+
+    const ozoneUrl = `http://localhost:${ozonePort}`
+
+    // @TODO (?) rework the ServiceProfile to live on a separate PDS instead of
+    // requiring to migrate to the main PDS
+    const ozoneServiceProfile = await OzoneServiceProfile.create(
+      thirdPartyPds,
+      ozoneUrl,
+    )
+    const lexiconAuthorityProfile =
+      await LexiconAuthorityProfile.create(thirdPartyPds)
 
     const bsky = await TestBsky.create({
       port: bskyPort,
@@ -63,29 +71,27 @@ export class TestNetwork extends TestNetworkNoAppView {
       dbPostgresSchema: `appview_${dbPostgresSchema}`,
       dbPostgresUrl,
       redisHost,
-      modServiceDid: ozoneDid,
-      labelsFromIssuerDids: [ozoneDid, EXAMPLE_LABELER],
+      modServiceDid: ozoneServiceProfile.did,
+      labelsFromIssuerDids: [ozoneServiceProfile.did, EXAMPLE_LABELER],
       ...params.bsky,
     })
 
-    const modServiceUrl = `http://localhost:${ozonePort}`
-    const pdsProps = {
+    const pds = await TestPds.create({
       port: pdsPort,
       didPlcUrl: plc.url,
       bskyAppViewUrl: bsky.url,
       bskyAppViewDid: bsky.ctx.cfg.serverDid,
-      modServiceUrl,
-      modServiceDid: ozoneDid,
+      modServiceUrl: ozoneUrl,
+      modServiceDid: ozoneServiceProfile.did,
+      lexiconDidAuthority: lexiconAuthorityProfile.did,
       ...params.pds,
-    }
-
-    const pds = await TestPds.create(pdsProps)
+    })
 
     const ozone = await TestOzone.create({
       port: ozonePort,
       plcUrl: plc.url,
-      signingKey: ozoneKey,
-      serverDid: ozoneDid,
+      signingKey: ozoneServiceProfile.key,
+      serverDid: ozoneServiceProfile.did,
       dbPostgresSchema: `ozone_${dbPostgresSchema || 'db'}`,
       dbPostgresUrl,
       appviewUrl: bsky.url,
@@ -93,39 +99,30 @@ export class TestNetwork extends TestNetworkNoAppView {
       appviewPushEvents: true,
       pdsUrl: pds.url,
       pdsDid: pds.ctx.cfg.service.did,
-      verifierDid: ozoneDid,
+      verifierDid: ozoneServiceProfile.did,
       verifierUrl: pds.url,
       verifierPassword: 'temp',
       ...params.ozone,
     })
 
-    let inviteCode: string | undefined
-    if (pdsProps.inviteRequired) {
-      const { data: invite } = await pds
-        .getClient()
-        .com.atproto.server.createInviteCode(
-          { useCount: 1 },
-          {
-            encoding: 'application/json',
-            headers: pds.adminAuthHeaders(),
-          },
-        )
-      inviteCode = invite.code
-    }
-    await ozoneServiceProfile.createServiceDetails(pds, modServiceUrl, {
-      inviteCode,
-    })
+    await ozoneServiceProfile.migrateTo(pds)
+    await ozoneServiceProfile.createRecords()
+
+    await lexiconAuthorityProfile.migrateTo(pds)
+    await lexiconAuthorityProfile.createRecords()
 
-    await ozone.addAdminDid(ozoneDid)
+    await ozone.addAdminDid(ozoneServiceProfile.did)
 
     mockNetworkUtilities(pds, bsky)
+    await thirdPartyPds.processAll()
     await pds.processAll()
+    await ozone.processAll()
     await bsky.sub.processAll()
     await thirdPartyPds.close()
 
     // Weird but if we do this before pds.processAll() somehow appview loses this user and tests in different parts fail because appview doesn't return this user in various contexts anymore
     const ozoneVerifierPassword =
-      await ozoneServiceProfile.createAppPasswordForVerification(pds)
+      await ozoneServiceProfile.createAppPasswordForVerification()
     if (ozone.daemon.ctx.cfg.verifier) {
       ozone.daemon.ctx.cfg.verifier.password = ozoneVerifierPassword
     }

package/src/service-profile-lexicon.ts

@@ -0,0 +1,104 @@
+import { LexiconDoc } from '@atproto/lexicon'
+import { TestPds } from './pds'
+import { ServiceProfile } from './service-profile'
+
+const LEXICONS: readonly LexiconDoc[] = [
+  {
+    lexicon: 1,
+    id: 'com.atproto.moderation.basePermissions',
+    defs: {
+      main: {
+        type: 'permission-set',
+        title: 'Moderation',
+        'title:lang': { fr: 'Modération' },
+        detail: 'Create moderation reports',
+        'detail:lang': {
+          'fr-FR': 'Créer des rapports de modération',
+        },
+        permissions: [
+          {
+            type: 'permission',
+            resource: 'rpc',
+            aud: '*',
+            lxm: ['com.atproto.moderation.createReport'],
+          },
+        ],
+      },
+    },
+  },
+  {
+    lexicon: 1,
+    id: 'com.example.calendar.basePermissions',
+    defs: {
+      main: {
+        type: 'permission-set',
+        title: 'Calendar',
+        'title:lang': { fr: 'Calendrier' },
+        detail: 'Manage your events and RSVPs',
+        'detail:lang': {
+          'fr-BE': 'Gérer vos événements et réponses',
+        },
+        permissions: [
+          {
+            type: 'permission',
+            resource: 'rpc',
+            inheritAud: true,
+            lxm: [
+              'com.example.calendar.listEvents',
+              'com.example.calendar.getEventDetails',
+              'com.example.calendar.getEventRsvps',
+            ],
+          },
+          {
+            type: 'permission',
+            resource: 'repo',
+            collection: [
+              'com.example.calendar.event',
+              'com.example.calendar.rsvp',
+            ],
+          },
+          {
+            type: 'permission',
+            resource: 'blob',
+            accept: ['image/*', 'video/*'],
+          },
+        ],
+      },
+    },
+  },
+]
+
+export class LexiconAuthorityProfile extends ServiceProfile {
+  public static async create(
+    pds: TestPds,
+    userDetails = {
+      email: 'lex-authority@test.com',
+      handle: 'lex-authority.test',
+      password: 'hunter2',
+    },
+  ) {
+    const client = pds.getClient()
+    await client.createAccount(userDetails)
+
+    return new LexiconAuthorityProfile(pds, client, userDetails)
+  }
+
+  async createRecords() {
+    await this.client.app.bsky.actor.profile.create(
+      { repo: this.did },
+      {
+        displayName: 'Lexicon Authority',
+        description: `the repo containing all the lexicons that can be resolved in dev`,
+      },
+    )
+
+    for (const doc of LEXICONS) {
+      await this.client.com.atproto.repo.createRecord({
+        repo: this.did,
+        collection: 'com.atproto.lexicon.schema',
+        rkey: doc.id,
+        record: doc,
+      })
+    }
+  }
+}

package/src/{ozone-service-profile.ts → service-profile-ozone.ts}

@@ -1,116 +1,66 @@
 import { AtpAgent } from '@atproto/api'
 import { Secp256k1Keypair } from '@atproto/crypto'
 import { TestPds } from './pds'
+import {
+  ServiceMigrationOptions,
+  ServiceProfile,
+  ServiceUserDetails,
+} from './service-profile'
 
-export class OzoneServiceProfile {
-  did?: string
-  key?: Secp256k1Keypair
-  thirdPartyPdsClient: AtpAgent
+export class OzoneServiceProfile extends ServiceProfile {
+  static async create(
+    pds: TestPds,
+    ozoneUrl: string,
+    userDetails = {
+      email: 'mod-authority@test.com',
+      handle: 'mod-authority.test',
+      password: 'hunter2',
+    },
+  ) {
+    const client = pds.getClient()
+    await client.createAccount(userDetails)
 
-  modUserDetails = {
-    email: 'mod-authority@test.com',
-    handle: 'mod-authority.test',
-    password: 'hunter2',
-  }
+    const key = await Secp256k1Keypair.create({ exportable: true })
 
-  public constructor(public thirdPartyPds: TestPds) {
-    this.thirdPartyPdsClient = this.thirdPartyPds.getClient()
+    return new OzoneServiceProfile(pds, client, userDetails, ozoneUrl, key)
   }
 
-  async createDidAndKey() {
-    await this.thirdPartyPdsClient.createAccount(this.modUserDetails)
-
-    this.did = this.thirdPartyPdsClient.accountDid
-    this.key = await Secp256k1Keypair.create({ exportable: true })
-    return { did: this.did, key: this.key }
+  protected constructor(
+    pds: TestPds,
+    client: AtpAgent,
+    userDetails: ServiceUserDetails,
+    readonly ozoneUrl: string,
+    readonly key: Secp256k1Keypair,
+  ) {
+    super(pds, client, userDetails)
   }
 
-  async createAppPasswordForVerification(pds: TestPds) {
-    const pdsClient = pds.getClient()
-    await pdsClient.login({
-      identifier: this.modUserDetails.handle,
-      password: this.modUserDetails.password,
-    })
-    const { data } = await pdsClient.com.atproto.server.createAppPassword({
+  async createAppPasswordForVerification() {
+    const { data } = await this.client.com.atproto.server.createAppPassword({
       name: 'ozone-verifier',
     })
     return data.password
   }
 
-  async createServiceDetails(
-    pds: TestPds,
-    ozoneUrl: string,
-    userDetails: { inviteCode?: string } = {},
-  ) {
-    if (!this.did || !this.key) {
-      throw new Error('No DID/key found!')
-    }
-    const pdsClient = pds.getClient()
-    const describeRes = await pdsClient.com.atproto.server.describeServer()
-    const newServerDid = describeRes.data.did
-
-    const serviceJwtRes =
-      await this.thirdPartyPdsClient.com.atproto.server.getServiceAuth({
-        aud: newServerDid,
-        lxm: 'com.atproto.server.createAccount',
-      })
-    const serviceJwt = serviceJwtRes.data.token
-
-    await pdsClient.createAccount(
-      {
-        ...this.modUserDetails,
-        ...userDetails,
-        did: this.did,
+  async migrateTo(pds: TestPds, options: ServiceMigrationOptions = {}) {
+    await super.migrateTo(pds, {
+      ...options,
+      services: {
+        ...options.services,
+        atproto_labeler: {
+          type: 'AtprotoLabeler',
+          endpoint: this.ozoneUrl,
+        },
       },
-      {
-        headers: { authorization: `Bearer ${serviceJwt}` },
-        encoding: 'application/json',
+      verificationMethods: {
+        ...options.verificationMethods,
+        atproto_label: this.key.did(),
       },
-    )
-
-    // For some reason, the tests fail if the client uses the PDS URL to make
-    // its requests. This is a workaround to make the tests pass by simulating
-    // old behavior (that was not relying on the session management).
-    pdsClient.sessionManager.pdsUrl = undefined
-
-    const getDidCredentials =
-      await pdsClient.com.atproto.identity.getRecommendedDidCredentials()
-
-    await this.thirdPartyPdsClient.com.atproto.identity.requestPlcOperationSignature()
-
-    const tokenRes = await this.thirdPartyPds.ctx.accountManager.db.db
-      .selectFrom('email_token')
-      .selectAll()
-      .where('did', '=', this.did)
-      .where('purpose', '=', 'plc_operation')
-      .executeTakeFirst()
-    const token = tokenRes?.token
-    const plcOperationData = {
-      token,
-      ...getDidCredentials.data,
-    }
-
-    if (!plcOperationData.services) plcOperationData.services = {}
-    plcOperationData.services['atproto_labeler'] = {
-      type: 'AtprotoLabeler',
-      endpoint: ozoneUrl,
-    }
-    if (!plcOperationData.verificationMethods)
-      plcOperationData.verificationMethods = {}
-    plcOperationData.verificationMethods['atproto_label'] = this.key.did()
-
-    const plcOp =
-      await this.thirdPartyPdsClient.com.atproto.identity.signPlcOperation(
-        plcOperationData,
-      )
-
-    await pdsClient.com.atproto.identity.submitPlcOperation({
-      operation: plcOp.data.operation,
     })
+  }
 
-    await pdsClient.com.atproto.server.activateAccount()
-
-    await pdsClient.app.bsky.actor.profile.create(
+  async createRecords() {
+    await this.client.app.bsky.actor.profile.create(
       { repo: this.did },
       {
         displayName: 'Dev-env Moderation',
@@ -118,7 +68,7 @@ export class OzoneServiceProfile {
       },
     )
 
-    await pdsClient.app.bsky.labeler.service.create(
+    await this.client.app.bsky.labeler.service.create(
       { repo: this.did, rkey: 'self' },
       {
         policies: {