@chainlink/ace 0.5.0

package/.foundry-version

@@ -0,0 +1 @@
+v0.3.0

package/.github/CODEOWNERS

@@ -0,0 +1 @@
+* @smartcontractkit/capital-markets

package/.github/workflows/auto-release-version.yml

@@ -0,0 +1,107 @@
+name: Auto Release on Version PR Merge
+
+on:
+  pull_request:
+    types: [closed]
+
+jobs:
+  extract-version:
+    name: Extract Version
+    runs-on: ubuntu-latest
+    if: |
+      github.event.pull_request.merged == true &&
+      contains(github.event.pull_request.labels.*.name, 'release')
+    permissions:
+      contents: none
+    outputs:
+      version: ${{ steps.extract-version.outputs.version }}
+    steps:
+      - name: Extract version from PR title
+        id: extract-version
+        env:
+          PR_TITLE: ${{ github.event.pull_request.title }}
+        run: |
+          # Extract version from PR title like "Release v1.2.3"
+          VERSION=$(echo "$PR_TITLE" | sed -n 's/Release v\([0-9]\+\.[0-9]\+\.[0-9]\+\)/\1/p')
+          if [ -z "$VERSION" ]; then
+            echo "Could not extract version from PR title: $PR_TITLE"
+            exit 1
+          fi
+          echo "version=$VERSION" >> $GITHUB_OUTPUT
+          echo "Extracted version: $VERSION"
+
+  create-release:
+    name: Create Release
+    needs: extract-version
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
+      actions: write
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0  # Fetch full history for better release notes
+
+      - name: Create Release
+        id: create-release
+        uses: softprops/action-gh-release@da05d552573ad5aba039eaac05058a918a7bf631 # v2.2.2
+        with:
+          tag_name: v${{ needs.extract-version.outputs.version }}
+          name: Release v${{ needs.extract-version.outputs.version }}
+          generate_release_notes: true
+          make_latest: true
+          body: |
+            ## Release v${{ needs.extract-version.outputs.version }}
+            
+            This release was automatically created when PR #${{ github.event.pull_request.number }} was merged.
+            
+            **PR Details:**
+            - Title: ${{ github.event.pull_request.title }}
+            - Author: ${{ github.event.pull_request.user.login }}
+            - Merged by: ${{ github.event.pull_request.merged_by.login }}
+            
+            **Changes:**
+            ${{ github.event.pull_request.body }}
+
+      - name: Comment on PR
+        uses: actions/github-script@v7
+        env:
+          RELEASE_VERSION: ${{ needs.extract-version.outputs.version }}
+          RELEASE_URL: ${{ steps.create-release.outputs.url }}
+        with:
+          script: |
+            const { data: comment } = await github.rest.issues.createComment({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: context.payload.pull_request.number,
+              body: `🎉 **Release Created Successfully!**
+              
+              Release v${process.env.RELEASE_VERSION} has been created and is now available.
+              
+              **Release Details:**
+              - Tag: \`v${process.env.RELEASE_VERSION}\`
+              - Release URL: ${process.env.RELEASE_URL}
+              
+              Thank you for contributing to this release! 🚀`
+            });
+
+      - name: Delete Release Branch
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const branchName = context.payload.pull_request.head.ref;
+            console.log(`Deleting branch: ${branchName}`);
+            
+            try {
+              await github.rest.git.deleteRef({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                ref: `heads/${branchName}`
+              });
+              console.log(`Successfully deleted branch: ${branchName}`);
+            } catch (error) {
+              console.log(`Failed to delete branch ${branchName}:`, error.message);
+              // Don't fail the workflow if branch deletion fails
+            }

package/.github/workflows/create-version-pr.yml

@@ -0,0 +1,95 @@
+name: Create Version Update PR
+
+on:
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'Version to release (e.g. 1.0.0)'
+        required: true
+      target_branch:
+        description: 'Target branch for the PR (default: main)'
+        required: false
+        default: 'main'
+
+jobs:
+  verify-version:
+    name: Verify version
+    runs-on: ubuntu-latest
+    permissions:
+      contents: none
+    steps:
+      - name: Check if version is valid
+        run: |
+          if [[ ! "${{ inputs.version }}" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+            echo "Invalid version format. Please use semantic versioning (e.g. 1.0.0)."
+            exit 1
+          fi
+
+  create-version-pr:
+    name: Create Version Update PR
+    needs: verify-version
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+      with:
+        token: ${{ secrets.GITHUB_TOKEN }}
+
+    - uses: pnpm/action-setup@a3252b78c470c02df07e9d59298aecedc3ccdd6d #v3.0.0
+      name: Install pnpm
+      with:
+        version: 8
+        run_install: false
+
+    - name: Create version branch
+      run: |
+        git config user.name "github-actions"
+        git config user.email "github-actions@users.noreply.github.com"
+        git checkout -b release/v${{ inputs.version }}
+
+    - name: Update package.json version
+      run: pnpm version --no-git-tag-version --allow-same-version ${{ inputs.version }}
+
+    - name: Commit version changes
+      run: |
+        git add package.json
+        git commit -m "chore: update package.json to version ${{ inputs.version }} for release"
+
+    - name: Push version branch
+      run: git push origin release/v${{ inputs.version }}
+
+    - name: Create Pull Request
+      uses: actions/github-script@v7
+      with:
+        script: |
+          const { data: pr } = await github.rest.pulls.create({
+            owner: context.repo.owner,
+            repo: context.repo.repo,
+            title: `Release v${{ inputs.version }}`,
+            head: `release/v${{ inputs.version }}`,
+            base: '${{ inputs.target_branch }}',
+            body: `## Release v${{ inputs.version }}
+            
+            This PR updates the package.json version to ${{ inputs.version }} for release.
+            
+            **Note**: This PR was automatically created by the release workflow. Merging this PR will trigger the release creation.
+            
+            ### Changes
+            - Updated package.json version to ${{ inputs.version }}
+            - Target branch: \`${{ inputs.target_branch }}\``
+          });
+          
+          console.log(`Created PR #${pr.number}: ${pr.html_url}`);
+
+          // Add labels to the PR
+          await github.rest.issues.addLabels({
+            owner: context.repo.owner,
+            repo: context.repo.repo,
+            issue_number: pr.number,
+            labels: ['release', 'automated']
+          });
+
+          console.log(`Added labels to PR #${pr.number}: release, automated`);

package/.github/workflows/forge-docs.yml

@@ -0,0 +1,90 @@
+name: Deploy Forge docs site to Pages
+
+on:
+  # Runs on pushes targeting the default branch
+  push:
+    branches: ["main"]
+
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+# Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages
+permissions:
+  contents: read
+  pages: write
+  id-token: write
+
+# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued.
+# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete.
+concurrency:
+  group: "pages"
+  cancel-in-progress: false
+
+jobs:
+  # Build job
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Install Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 20
+
+      - name: Read foundry version from .foundry-version
+        shell: bash
+        run: |
+          echo "FOUNDRY_VERSION=$(cat .foundry-version)" >> $GITHUB_ENV
+
+      - name: Install Foundry
+        uses: foundry-rs/foundry-toolchain@50d5a8956f2e319df19e6b57539d7e2acb9f8c1e #v1.5.0
+        with:
+          version: ${{ env.FOUNDRY_VERSION }}
+
+      - uses: pnpm/action-setup@a3252b78c470c02df07e9d59298aecedc3ccdd6d #v3.0.0
+        name: Install pnpm
+        with:
+          version: 8
+          run_install: false
+
+      - name: Get pnpm store directory
+        shell: bash
+        run: |
+          echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV
+
+      - uses: actions/cache@v4
+        name: Setup pnpm cache
+        with:
+          path: ${{ env.STORE_PATH }}
+          key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }}
+          restore-keys: |
+            ${{ runner.os }}-pnpm-store-
+
+      - name: Install dependencies
+        run: pnpm install
+
+      - name: Setup Pages
+        id: pages
+        uses: actions/configure-pages@v5
+
+      - name: Build with forge
+        run: forge doc --build
+
+      - name: Upload artifact
+        uses: actions/upload-pages-artifact@v3
+        with:
+          path: docs/book
+
+  # Deployment job
+  deploy:
+    environment:
+      name: github-pages
+      url: ${{ steps.deployment.outputs.page_url }}
+    runs-on: ubuntu-latest
+    needs: build
+    steps:
+      - name: Deploy to GitHub Pages
+        id: deployment
+        uses: actions/deploy-pages@v4

package/.github/workflows/forge-test.yml

@@ -0,0 +1,59 @@
+on:
+  - push
+  - pull_request
+
+env:
+  FOUNDRY_PROFILE: ci
+
+jobs:
+  test-scripts:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Install Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 20
+
+      - name: Read foundry version from .foundry-version
+        shell: bash
+        run: |
+          echo "FOUNDRY_VERSION=$(cat .foundry-version)" >> $GITHUB_ENV
+
+      - name: Install Foundry
+        uses: foundry-rs/foundry-toolchain@50d5a8956f2e319df19e6b57539d7e2acb9f8c1e #v1.5.0
+        with:
+          version: ${{ env.FOUNDRY_VERSION }}
+
+      - uses: pnpm/action-setup@a3252b78c470c02df07e9d59298aecedc3ccdd6d #v3.0.0
+        name: Install pnpm
+        with:
+          version: 8
+          run_install: false
+
+      - name: Get pnpm store directory
+        shell: bash
+        run: |
+          echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV
+
+      - uses: actions/cache@v4
+        name: Setup pnpm cache
+        with:
+          path: ${{ env.STORE_PATH }}
+          key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }}
+          restore-keys: |
+            ${{ runner.os }}-pnpm-store-
+
+      - name: Install dependencies
+        run: pnpm install
+
+      - name: Run lint check
+        run: pnpm run fmt:check && pnpm run lint
+
+      - name: Run build
+        run: pnpm build
+
+      - name: Run test
+        run: pnpm test

package/.solhint-test.json

@@ -0,0 +1,18 @@
+{
+  "extends": "solhint:recommended",
+  "rules": {
+    "code-complexity": ["error", 8],
+    "contract-name-capwords": "off",
+    "compiler-version": ["error", ">=0.8.20"],
+    "func-name-mixedcase": "off",
+    "func-visibility": ["error", { "ignoreConstructors": true }],
+    "max-line-length": ["error", 121],
+    "reason-string": ["warn", { "maxLength": 40 }],
+    "gas-custom-errors": "off",
+    "named-parameters-mapping": "warn",
+    "no-console": "off",
+    "not-rely-on-time": "off",
+    "one-contract-per-file": "off",
+    "var-name-mixedcase": "off"
+  }
+}

package/.solhint.json

@@ -0,0 +1,16 @@
+{
+  "extends": "solhint:recommended",
+  "rules": {
+    "code-complexity": ["error", 8],
+    "compiler-version": ["error", ">=0.8.20"],
+    "func-name-mixedcase": "off",
+    "func-visibility": ["error", { "ignoreConstructors": true }],
+    "max-line-length": ["error", 121],
+    "reason-string": ["warn", { "maxLength": 52 }],
+    "gas-custom-errors": "off",
+    "named-parameters-mapping": "warn",
+    "not-rely-on-time": "off",
+    "one-contract-per-file": "off",
+    "var-name-mixedcase": "off"
+  }
+}

package/.solhintignore

@@ -0,0 +1,3 @@
+**/*.t.sol
+packages/vendor/
+node_modules/

package/.solhintignore-test

@@ -0,0 +1,2 @@
+packages/vendor/
+node_modules/

package/Glossary.md

@@ -0,0 +1,141 @@
+# Glossary
+
+- [AML (Anti-Money Laundering)](#aml-anti-money-laundering)
+- [CCID (Cross-Chain Identifier)](#ccid-cross-chain-identifier)
+- [Composability](#composability)
+- [Context Parameters](#context-parameters)
+- [Credential](#credential)
+- [Credential Registry](#credential-registry)
+- [ERC-20](#erc-20)
+- [ERC-165](#erc-165)
+- [Extractors and Mappers](#extractors-and-mappers)
+- [KYC (Know Your Customer)](#kyc-know-your-customer)
+- [Offchain Proofs](#offchain-proofs)
+- [PII (Personally Identifiable Information)](#pii-personally-identifiable-information)
+- [Policy](#policy)
+- [Policy Engine](#policy-engine)
+- [Policy Management](#policy-management)
+- [Proof-of-Reserves (PoR)](#proof-of-reserves-por)
+- [Quota Policy](#quota-policy)
+- [Real-World Assets (RWA)](#real-world-assets-rwa)
+- [Trusted Verifier](#trusted-verifier)
+- [Validators](#validators)
+  - [Identity Validator](#identity-validator)
+  - [Credential Registry Validator](#credential-registry-validator)
+  - [Credential Data Validator](#credential-data-validator)
+
+---
+
+### **AML (Anti-Money Laundering)**
+
+A set of laws, regulations, and procedures designed to prevent criminals from disguising illegally obtained funds as
+legitimate income.
+
+### **CCID (Cross-Chain Identifier)**
+
+A 32-byte identifier used in the [**Cross-Chain Identity**](/packages/cross-chain-identity) standard to uniquely
+represent an entity across multiple blockchains. It maps local blockchain addresses to a unified identity, facilitating
+credential management and cross-chain interoperability.
+
+### **Composability**
+
+The ability to integrate and combine modular components or standards in a flexible manner. For example, the [**Policy
+Management**](/packages/policy-management) standard enables dynamic rule enforcement by chaining multiple policies.
+
+### **Context Parameters**
+
+Additional data passed as a `bytes` array to certain functions for compliance or authorization purposes. E.g.:
+cryptographic proofs, regulatory authorizations, or external references.
+
+### **Credential**
+
+A verifiable attribute (e.g., KYC, AML compliance, Accredited Investor status) linked to a **CCID** in the [**Cross-Chain Identity**](/packages/cross-chain-identity) standard. Credentials are stored in registries and can be
+validated by external entities without revealing sensitive information.
+
+### **Credential Registry**
+
+A component of the [**Cross-Chain Identity**](/packages/cross-chain-identity) standard that manages the lifecycle of
+credentials linked to CCIDs. It supports registration, validation, removal, and renewal of credentials.
+
+### **ERC-20**
+
+[ERC20](https://eips.ethereum.org/EIPS/eip-20) is a widely used Ethereum token standard defining rules for fungible
+tokens.
+
+### **ERC-165**
+
+[ERC165](https://eips.ethereum.org/EIPS/eip-165) is an Ethereum standard that enables contracts to declare the
+interfaces they implement, facilitating interface detection.
+
+### **Extractors and Mappers**
+
+Components in the [**Policy Management**](/packages/policy-management) standard that process raw transaction data into
+structured formats for policy consumption. Extractors parse inputs, while mappers transform them into policy-specific
+formats.
+
+### **KYC (Know Your Customer)**
+
+[KYC](https://www.swift.com/your-needs/financial-crime-cyber-security/know-your-customer-kyc/meaning-kyc) is a
+compliance process requiring financial institutions to verify the identity of their clients and the nature of their
+activities.
+
+### **Offchain Proofs**
+
+Verification mechanisms (e.g., zk-proofs) performed outside the blockchain to ensure compliance or authenticity without
+revealing sensitive information.
+
+### **PII (Personally Identifiable Information)**
+
+[PII](https://www.dol.gov/general/ppii) is information that can identify an individual, such as a name, address, or
+national ID number. The [**Cross-Chain Identity**](/packages/cross-chain-identity) standard avoids storing PII onchain,
+using hashed references instead.
+
+### **Policy**
+
+A self-contained module in the [**Policy Management**](/packages/policy-management) standard that enforces specific
+rules, such as access control or compliance quotas.
+
+### **Policy Engine**
+
+A central component of the [**Policy Management**](/packages/policy-management) standard that manages the execution of
+multiple policies for a method selector. It coordinates the evaluation of policies in sequence and enforces dynamic
+outcomes.
+
+### **Policy Management**
+
+A [standard](/packages/policy-management) defining a modular policy engine for enforcing compliance, business rules, and
+access control in smart contracts. It supports dynamic policy updates without redeploying the core contract.
+
+### **Proof-of-Reserves (PoR)**
+
+[Proof-of-Reserves](https://chain.link/education-hub/proof-of-reserves) is a mechanism for verifying that a custodian
+holds sufficient reserves to back assets it has issued.
+
+### **Quota Policy**
+
+A policy module in the [**Policy Management**](/packages/policy-management) standard that restricts the use of a method
+to a predefined limit. It enforces compliance by rejecting transactions that exceed the allowed quota.
+
+### **Real-World Assets (RWA)**
+
+[Real-World Assets](https://chain.link/education-hub/real-world-assets-rwas-explained) are physical or traditional
+financial assets tokenized on blockchain platforms, such as real estate or securities. The **Permissioned Token**
+standard supports regulatory compliance for tokenized RWAs.
+
+### **Trusted Verifier**
+
+A trusted verifier within the [**Cross-Chain Identity**](/packages/cross-chain-identity) standard is an offchain entity
+authorized to conduct external checks (e.g., KYC, AML) and to register the resulting credentials onchain. This approach
+ensures privacy by storing only PII-redacted data onchain.
+
+### **Validators**
+
+Smart contracts in the [**Cross-Chain Identity**](/packages/cross-chain-identity) standard that verifies whether a given
+identity or credential meets certain criteria:
+
+- **Identity Validator**: Confirms an account has a valid CCID mapping and contains all the required credentials,
+  utilizing one or more sets of registries.
+- **Credential Registry Validator**: Inspects a single registry to confirm whether a credential is present, valid, or
+  unexpired for a given CCID.
+- **Credential Data Validator**: Examines the data attached to a credential for correctness, integrity, or adherence to
+  specific formats.

package/LICENSE

@@ -0,0 +1,59 @@
+Business Source License 1.1
+
+Copyright (c) 2025 Chainlink Labs Inc. and affiliates.
+
+Business Source License 1.1
+
+License text copyright (c) 2017 MariaDB Corporation Ab, All Rights Reserved.
+"Business Source License" is a trademark of MariaDB Corporation Ab.
+
+---
+
+Parameters
+
+Licensor: Chainlink Labs Inc. and affiliates.
+
+Licensed Work: chainlink-ace
+The Licensed Work is (c) 2025 SmartContract Chainlink Limited SEZC
+
+Additional Use Grant: Any uses listed and defined in this repository
+
+Change Date: October 6, 2029
+
+Change License: MIT
+
+---
+
+Terms
+
+The Licensor hereby grants you the right to copy, modify, create derivative works, redistribute, and make non-production use of the Licensed Work. The Licensor may make an Additional Use Grant, above, permitting limited production use.
+
+Effective on the Change Date, or the fourth anniversary of the first publicly available distribution of a specific version of the Licensed Work under this License, whichever comes first, the Licensor hereby grants you rights under the terms of the Change License, and the rights granted in the paragraph above terminate.
+
+If your use of the Licensed Work does not comply with the requirements currently in effect as described in this License, you must purchase a commercial license from the Licensor, its affiliated entities, or authorized resellers, or you must refrain from using the Licensed Work.
+
+All copies of the original and modified Licensed Work, and derivative works of the Licensed Work, are subject to this License. This License applies separately for each version of the Licensed Work and the Change Date may vary for each version of the Licensed Work released by Licensor.
+
+You must conspicuously display this License on each original or modified copy of the Licensed Work. If you receive the Licensed Work in original or modified form from a third party, the terms and conditions set forth in this License apply to your use of that work.
+
+Any use of the Licensed Work in violation of this License will automatically terminate your rights under this License for the current and all other versions of the Licensed Work.
+
+This License does not grant you any right in any trademark or logo of Licensor or its affiliates (provided that you may use a trademark or logo of Licensor as expressly required by this License).
+
+TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS PROVIDED ON AN "AS IS" BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS, EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION) WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND TITLE.
+
+MariaDB hereby grants you permission to use this License’s text to license your works, and to refer to it using the trademark "Business Source License", as long as you comply with the Covenants of Licensor below.
+
+---
+
+Covenants of Licensor
+
+In consideration of the right to use this License’s text and the "Business Source License" name and trademark, Licensor covenants to MariaDB, and to all other recipients of the licensed work to be provided by Licensor:
+
+1. To specify as the Change License the GPL Version 2.0 or any later version, or a license that is compatible with GPL Version 2.0 or a later version, where "compatible" means that software provided under the Change License can be included in a program with software provided under GPL Version 2.0 or a later version. Licensor may specify additional Change Licenses without limitation.
+
+2. To either: (a) specify an additional grant of rights to use that does not impose any additional restriction on the right granted in this License, as the Additional Use Grant; or (b) insert the text "None".
+
+3. To specify a Change Date.
+
+4. Not to modify this License in any other way.