npm - @chainlink/ace - Versions diffs - 0.5.0 → 1.0.0 - Mend

@chainlink/ace 0.5.0 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (126) hide show

package/packages/tokens/erc-3643/test/ComplianceTokenERC3643.t.sol CHANGED Viewed

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: BUSL-1.1
-pragma solidity 0.8.26;
+pragma solidity ^0.8.20;
 import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
 import {IToken} from "../../../vendor/erc-3643/token/IToken.sol";
@@ -60,17 +60,25 @@ contract ComplianceTokenERC3643Test is BaseProxyTest {
     // to protect mint/burn with admin list
     OnlyAuthorizedSenderPolicy minterBurnerListImpl = new OnlyAuthorizedSenderPolicy();
     minterBurnerList = OnlyAuthorizedSenderPolicy(
-      _deployPolicy(address(minterBurnerListImpl), address(s_policyEngine), s_owner, new bytes(0))
+      _deployPolicy(address(minterBurnerListImpl), address(s_policyEngine), address(s_policyEngine), new bytes(0))
+    );
+    s_policyEngine.setPolicyConfiguration(
+      address(minterBurnerList), 0, OnlyAuthorizedSenderPolicy.authorizeSender.selector, abi.encode(s_owner)
+    );
+    s_policyEngine.setPolicyConfiguration(
+      address(minterBurnerList), 1, OnlyAuthorizedSenderPolicy.authorizeSender.selector, abi.encode(s_bridge)
     );
-    minterBurnerList.authorizeSender(s_owner);
-    minterBurnerList.authorizeSender(s_bridge);
     // to protect freezing features with admin list
     OnlyAuthorizedSenderPolicy freezingListImpl = new OnlyAuthorizedSenderPolicy();
     freezingList = OnlyAuthorizedSenderPolicy(
-      _deployPolicy(address(freezingListImpl), address(s_policyEngine), s_owner, new bytes(0))
+      _deployPolicy(address(freezingListImpl), address(s_policyEngine), address(s_policyEngine), new bytes(0))
+    );
+    s_policyEngine.setPolicyConfiguration(
+      address(freezingList), 0, OnlyAuthorizedSenderPolicy.authorizeSender.selector, abi.encode(s_owner)
+    );
+    s_policyEngine.setPolicyConfiguration(
+      address(freezingList), 1, OnlyAuthorizedSenderPolicy.authorizeSender.selector, abi.encode(s_enforcer)
     );
-    freezingList.authorizeSender(s_owner);
-    freezingList.authorizeSender(s_enforcer);
     // to enforce transaction limits
     VolumePolicy volumePolicyImpl = new VolumePolicy();
     volumePolicy =
@@ -126,13 +134,12 @@ contract ComplianceTokenERC3643Test is BaseProxyTest {
   function test_token_name_notOwner_failure() public {
     vm.startPrank(s_bridge);
-    vm.expectRevert(
-      abi.encodeWithSelector(
-        IPolicyEngine.PolicyRunRejected.selector,
-        IToken.setName.selector,
-        address(onlyOwnerPolicy),
-        "caller is not the policy owner"
-      )
+    _expectRejectedRevert(
+      address(onlyOwnerPolicy),
+      "caller is not the policy owner",
+      IToken.setName.selector,
+      s_bridge,
+      abi.encode("New Name")
     );
     s_token.setName("New Name");
   }
@@ -140,13 +147,8 @@ contract ComplianceTokenERC3643Test is BaseProxyTest {
   function test_token_symbol_notOwner_failure() public {
     vm.startPrank(s_bridge);
-    vm.expectRevert(
-      abi.encodeWithSelector(
-        IPolicyEngine.PolicyRunRejected.selector,
-        IToken.setSymbol.selector,
-        address(onlyOwnerPolicy),
-        "caller is not the policy owner"
-      )
+    _expectRejectedRevert(
+      address(onlyOwnerPolicy), "caller is not the policy owner", IToken.setSymbol.selector, s_bridge, abi.encode("NME")
     );
     s_token.setSymbol("NME");
   }
@@ -179,13 +181,12 @@ contract ComplianceTokenERC3643Test is BaseProxyTest {
     assertEq(s_token.totalSupply(), 110);
     // second mint fails because context was cleared after the last mint
-    vm.expectRevert(
-      abi.encodeWithSelector(
-        IPolicyEngine.PolicyRunRejected.selector,
-        IToken.mint.selector,
-        address(expectedContextPolicy),
-        "context does not match expected value"
-      )
+    _expectRejectedRevert(
+      address(expectedContextPolicy),
+      "context does not match expected value",
+      IToken.mint.selector,
+      s_owner,
+      abi.encode(alice, 110)
     );
     s_token.mint(alice, 110);
   }
@@ -204,13 +205,12 @@ contract ComplianceTokenERC3643Test is BaseProxyTest {
   function test_mint_over_failure() public {
     address alice = makeAddr("alice");
-    vm.expectRevert(
-      abi.encodeWithSelector(
-        IPolicyEngine.PolicyRunRejected.selector,
-        IToken.mint.selector,
-        address(volumePolicy),
-        "amount outside allowed volume limits"
-      )
+    _expectRejectedRevert(
+      address(volumePolicy),
+      "amount outside allowed volume limits",
+      IToken.mint.selector,
+      s_owner,
+      abi.encode(alice, 220)
     );
     s_token.mint(alice, 220);
   }
@@ -218,14 +218,13 @@ contract ComplianceTokenERC3643Test is BaseProxyTest {
   function test_mint_under_failure() public {
     address alice = makeAddr("alice");
-    vm.expectRevert(
-      abi.encodeWithSelector(
-        IPolicyEngine.PolicyRunRejected.selector,
-        IToken.mint.selector,
-        address(volumePolicy),
-        "amount outside allowed volume limits"
-      )
-    );
+    IPolicyEngine.Payload memory payload = IPolicyEngine.Payload({
+      selector: IToken.mint.selector,
+      sender: s_owner,
+      data: abi.encode(alice, 50),
+      context: new bytes(0)
+    });
+    _expectRejectedRevert(address(volumePolicy), "amount outside allowed volume limits", payload);
     s_token.mint(alice, 50);
   }
@@ -235,14 +234,13 @@ contract ComplianceTokenERC3643Test is BaseProxyTest {
     vm.stopPrank();
     vm.startPrank(alice);
-    vm.expectRevert(
-      abi.encodeWithSelector(
-        IPolicyEngine.PolicyRunRejected.selector,
-        IToken.mint.selector,
-        address(minterBurnerList),
-        "sender is not authorized"
-      )
-    );
+    IPolicyEngine.Payload memory payload = IPolicyEngine.Payload({
+      selector: IToken.mint.selector,
+      sender: alice,
+      data: abi.encode(alice, 10),
+      context: new bytes(0)
+    });
+    _expectRejectedRevert(address(minterBurnerList), "sender is not authorized", payload);
     s_token.mint(alice, 10);
   }
@@ -280,14 +278,13 @@ contract ComplianceTokenERC3643Test is BaseProxyTest {
     vm.stopPrank();
     vm.startPrank(alice);
-    vm.expectRevert(
-      abi.encodeWithSelector(
-        IPolicyEngine.PolicyRunRejected.selector,
-        IToken.burn.selector,
-        address(minterBurnerList),
-        "sender is not authorized"
-      )
-    );
+    IPolicyEngine.Payload memory payload = IPolicyEngine.Payload({
+      selector: IToken.burn.selector,
+      sender: alice,
+      data: abi.encode(alice, 70),
+      context: new bytes(0)
+    });
+    _expectRejectedRevert(address(minterBurnerList), "sender is not authorized", payload);
     s_token.burn(alice, 70);
   }
@@ -317,14 +314,13 @@ contract ComplianceTokenERC3643Test is BaseProxyTest {
     vm.stopPrank();
     vm.startPrank(alice);
-    vm.expectRevert(
-      abi.encodeWithSelector(
-        IPolicyEngine.PolicyRunRejected.selector,
-        IERC20.transfer.selector,
-        address(volumePolicy),
-        "amount outside allowed volume limits"
-      )
-    );
+    IPolicyEngine.Payload memory payload = IPolicyEngine.Payload({
+      selector: IERC20.transfer.selector,
+      sender: alice,
+      data: abi.encode(bob, 210),
+      context: new bytes(0)
+    });
+    _expectRejectedRevert(address(volumePolicy), "amount outside allowed volume limits", payload);
     s_token.transfer(bob, 210);
   }
@@ -337,14 +333,13 @@ contract ComplianceTokenERC3643Test is BaseProxyTest {
     vm.stopPrank();
     vm.startPrank(alice);
-    vm.expectRevert(
-      abi.encodeWithSelector(
-        IPolicyEngine.PolicyRunRejected.selector,
-        IERC20.transfer.selector,
-        address(volumePolicy),
-        "amount outside allowed volume limits"
-      )
-    );
+    IPolicyEngine.Payload memory payload2 = IPolicyEngine.Payload({
+      selector: IERC20.transfer.selector,
+      sender: alice,
+      data: abi.encode(bob, 50),
+      context: new bytes(0)
+    });
+    _expectRejectedRevert(address(volumePolicy), "amount outside allowed volume limits", payload2);
     s_token.transfer(bob, 50);
   }
@@ -368,12 +363,11 @@ contract ComplianceTokenERC3643Test is BaseProxyTest {
     address alice = makeAddr("alice");
     vm.startPrank(alice);
+    IPolicyEngine.Payload memory payload =
+      IPolicyEngine.Payload({selector: IToken.pause.selector, sender: alice, data: new bytes(0), context: new bytes(0)});
     vm.expectRevert(
       abi.encodeWithSelector(
-        IPolicyEngine.PolicyRunRejected.selector,
-        IToken.pause.selector,
-        address(onlyOwnerPolicy),
-        "caller is not the policy owner"
+        IPolicyEngine.PolicyRunRejected.selector, address(onlyOwnerPolicy), "caller is not the policy owner", payload
       )
     );
     s_token.pause();
@@ -407,14 +401,13 @@ contract ComplianceTokenERC3643Test is BaseProxyTest {
     vm.stopPrank();
     vm.startPrank(alice);
-    vm.expectRevert(
-      abi.encodeWithSelector(
-        IPolicyEngine.PolicyRunRejected.selector,
-        IToken.unpause.selector,
-        address(onlyOwnerPolicy),
-        "caller is not the policy owner"
-      )
-    );
+    IPolicyEngine.Payload memory payload = IPolicyEngine.Payload({
+      selector: IToken.unpause.selector,
+      sender: alice,
+      data: new bytes(0),
+      context: new bytes(0)
+    });
+    _expectRejectedRevert(address(onlyOwnerPolicy), "caller is not the policy owner", payload);
     s_token.unpause();
   }
@@ -483,14 +476,13 @@ contract ComplianceTokenERC3643Test is BaseProxyTest {
     s_token.mint(alice, 120);
     vm.startPrank(alice);
-    vm.expectRevert(
-      abi.encodeWithSelector(
-        IPolicyEngine.PolicyRunRejected.selector,
-        IToken.setAddressFrozen.selector,
-        address(freezingList),
-        "sender is not authorized"
-      )
-    );
+    IPolicyEngine.Payload memory payload = IPolicyEngine.Payload({
+      selector: IToken.setAddressFrozen.selector,
+      sender: alice,
+      data: abi.encode(alice, true),
+      context: new bytes(0)
+    });
+    _expectRejectedRevert(address(freezingList), "sender is not authorized", payload);
     s_token.setAddressFrozen(alice, true);
   }
@@ -687,14 +679,13 @@ contract ComplianceTokenERC3643Test is BaseProxyTest {
     s_token.mint(alice, 120);
     vm.startPrank(alice);
-    vm.expectRevert(
-      abi.encodeWithSelector(
-        IPolicyEngine.PolicyRunRejected.selector,
-        IToken.freezePartialTokens.selector,
-        address(freezingList),
-        "sender is not authorized"
-      )
-    );
+    IPolicyEngine.Payload memory payload = IPolicyEngine.Payload({
+      selector: IToken.freezePartialTokens.selector,
+      sender: alice,
+      data: abi.encode(alice, 10),
+      context: new bytes(0)
+    });
+    _expectRejectedRevert(address(freezingList), "sender is not authorized", payload);
     s_token.freezePartialTokens(alice, 10);
   }
@@ -734,14 +725,13 @@ contract ComplianceTokenERC3643Test is BaseProxyTest {
     s_token.freezePartialTokens(alice, 50);
     vm.startPrank(alice);
-    vm.expectRevert(
-      abi.encodeWithSelector(
-        IPolicyEngine.PolicyRunRejected.selector,
-        IToken.unfreezePartialTokens.selector,
-        address(freezingList),
-        "sender is not authorized"
-      )
-    );
+    IPolicyEngine.Payload memory payload = IPolicyEngine.Payload({
+      selector: IToken.unfreezePartialTokens.selector,
+      sender: alice,
+      data: abi.encode(alice, 10),
+      context: new bytes(0)
+    });
+    _expectRejectedRevert(address(freezingList), "sender is not authorized", payload);
     s_token.unfreezePartialTokens(alice, 10);
   }
@@ -780,14 +770,13 @@ contract ComplianceTokenERC3643Test is BaseProxyTest {
     vm.stopPrank();
     vm.startPrank(bob);
-    vm.expectRevert(
-      abi.encodeWithSelector(
-        IPolicyEngine.PolicyRunRejected.selector,
-        IToken.forcedTransfer.selector,
-        address(onlyOwnerPolicy),
-        "caller is not the policy owner"
-      )
-    );
+    IPolicyEngine.Payload memory payload = IPolicyEngine.Payload({
+      selector: IToken.forcedTransfer.selector,
+      sender: bob,
+      data: abi.encode(alice, bob, 60),
+      context: new bytes(0)
+    });
+    _expectRejectedRevert(address(onlyOwnerPolicy), "caller is not the policy owner", payload);
     s_token.forcedTransfer(alice, bob, 60);
   }

package/packages/tokens/erc-3643/test/helpers/BaseProxyTest.sol CHANGED Viewed

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: BUSL-1.1
-pragma solidity 0.8.26;
+pragma solidity ^0.8.20;
 import {Test} from "forge-std/Test.sol";
 import {ERC1967Proxy} from "@openzeppelin/contracts/proxy/ERC1967/ERC1967Proxy.sol";
@@ -73,4 +73,77 @@ abstract contract BaseProxyTest is Test {
     ERC1967Proxy tokenProxy = new ERC1967Proxy(address(tokenImpl), tokenData);
     return ComplianceTokenERC3643(address(tokenProxy));
   }
+  /**
+   * @notice Expect a PolicyRunRejected revert with a payload created from parameters
+   * @param policy The address of the policy that rejected the action
+   * @param reason The reason for rejection
+   * @param selector The function selector
+   * @param sender The sender address
+   * @param data The encoded function parameters
+   * @param context The context bytes (defaults to empty if not provided)
+   */
+  function _expectRejectedRevert(
+    address policy,
+    string memory reason,
+    bytes4 selector,
+    address sender,
+    bytes memory data,
+    bytes memory context
+  )
+    internal
+  {
+    IPolicyEngine.Payload memory payload =
+      IPolicyEngine.Payload({selector: selector, sender: sender, data: data, context: context});
+    vm.expectRevert(abi.encodeWithSelector(IPolicyEngine.PolicyRunRejected.selector, policy, reason, payload));
+  }
+  /**
+   * @notice Expect a PolicyRunRejected revert with a payload created from parameters (empty context)
+   * @param policy The address of the policy that rejected the action
+   * @param reason The reason for rejection
+   * @param selector The function selector
+   * @param sender The sender address
+   * @param data The encoded function parameters
+   */
+  function _expectRejectedRevert(
+    address policy,
+    string memory reason,
+    bytes4 selector,
+    address sender,
+    bytes memory data
+  )
+    internal
+  {
+    _expectRejectedRevert(policy, reason, selector, sender, data, "");
+  }
+  /**
+   * @notice Encode PolicyRunRejected error for use with vm.expectRevert
+   * @param policy The address of the policy that rejected the action
+   * @param reason The reason for rejection
+   * @param payload The payload that was rejected
+   * @return The encoded error data
+   */
+  function _encodeRejectedRevert(
+    address policy,
+    string memory reason,
+    IPolicyEngine.Payload memory payload
+  )
+    internal
+    pure
+    returns (bytes memory)
+  {
+    return abi.encodeWithSelector(IPolicyEngine.PolicyRunRejected.selector, policy, reason, payload);
+  }
+  /**
+   * @notice Expect a PolicyRunRejected revert with a payload
+   * @param policy The address of the policy that rejected the action
+   * @param reason The reason for rejection
+   * @param payload The payload that was rejected
+   */
+  function _expectRejectedRevert(address policy, string memory reason, IPolicyEngine.Payload memory payload) internal {
+    vm.expectRevert(_encodeRejectedRevert(policy, reason, payload));
+  }
 }

package/packages/tokens/erc-3643/test/helpers/ExpectedContextPolicy.sol CHANGED Viewed

@@ -1,10 +1,12 @@
 // SPDX-License-Identifier: BUSL-1.1
-pragma solidity 0.8.26;
+pragma solidity ^0.8.20;
 import {IPolicyEngine} from "@chainlink/policy-management/interfaces/IPolicyEngine.sol";
 import {Policy} from "@chainlink/policy-management/core/Policy.sol";
 contract ExpectedContextPolicy is Policy {
+  string public constant override typeAndVersion = "ExpectedContextPolicy 1.0.0";
   bytes private s_expectedContext;
   function configure(bytes calldata parameters) internal override onlyInitializing {

package/remappings.txt CHANGED Viewed

@@ -1,4 +1,5 @@
 @openzeppelin/contracts/=node_modules/@openzeppelin/contracts/
+@openzeppelin/contracts@5.0.2=node_modules/@openzeppelin/contracts/
 @openzeppelin/contracts-upgradeable/=node_modules/@openzeppelin/contracts-upgradeable/
 @chainlink/policy-management/=packages/policy-management/src/
 @chainlink/cross-chain-identity/=packages/cross-chain-identity/src/

package/script/DeployCertifiedActionsComplianceTokenERC3643.s.sol ADDED Viewed

@@ -0,0 +1,125 @@
+// SPDX-License-Identifier: BUSL-1.1
+pragma solidity 0.8.26;
+import {ERC1967Proxy} from "@openzeppelin/contracts/proxy/ERC1967/ERC1967Proxy.sol";
+import {IPolicyEngine} from "@chainlink/policy-management/interfaces/IPolicyEngine.sol";
+import {ComplianceTokenERC3643} from "../packages/tokens/erc-3643/src/ComplianceTokenERC3643.sol";
+import {PolicyEngine} from "@chainlink/policy-management/core/PolicyEngine.sol";
+import {Policy} from "@chainlink/policy-management/core/Policy.sol";
+import {OnlyOwnerPolicy} from "@chainlink/policy-management/policies/OnlyOwnerPolicy.sol";
+import {CertifiedActionDONValidatorPolicy} from
+  "@chainlink/policy-management/policies/CertifiedActionDONValidatorPolicy.sol";
+import {ICredentialRequirements} from "@chainlink/cross-chain-identity/interfaces/ICredentialRequirements.sol";
+import {ERC20TransferExtractor} from "@chainlink/policy-management/extractors/ERC20TransferExtractor.sol";
+import {Script} from "forge-std/Script.sol";
+import {console} from "forge-std/console.sol";
+contract DeployCertifiedActionsComplianceTokenERC3643 is Script {
+  function run() external {
+    uint256 tokenOwnerPK = vm.envUint("PRIVATE_KEY");
+    address tokenOwner = vm.addr(tokenOwnerPK);
+    vm.startBroadcast(tokenOwnerPK);
+    // Deploy a PolicyEngine through proxy for identity registries and attach OnlyOwnerPolicy to administrative methods
+    PolicyEngine policyEngineImpl = new PolicyEngine();
+    bytes memory policyEngineData =
+      abi.encodeWithSelector(PolicyEngine.initialize.selector, IPolicyEngine.PolicyResult.Allowed, tokenOwner);
+    ERC1967Proxy policyEngineProxy = new ERC1967Proxy(address(policyEngineImpl), policyEngineData);
+    PolicyEngine policyEngine = PolicyEngine(address(policyEngineProxy));
+    // Deploy the ComplianceTokenERC3643 through proxy
+    ComplianceTokenERC3643 tokenImpl = new ComplianceTokenERC3643();
+    bytes memory tokenData = abi.encodeWithSelector(
+      ComplianceTokenERC3643.initialize.selector,
+      vm.envOr("TOKEN_NAME", string("Token")),
+      vm.envOr("TOKEN_SYMBOL", string("TOKEN")),
+      18,
+      address(policyEngine)
+    );
+    ERC1967Proxy tokenProxy = new ERC1967Proxy(address(tokenImpl), tokenData);
+    ComplianceTokenERC3643 token = ComplianceTokenERC3643(address(tokenProxy));
+    OnlyOwnerPolicy tokenOnlyOwnerPolicyImpl = new OnlyOwnerPolicy();
+    bytes memory tokenOnlyOwnerPolicyData =
+      abi.encodeWithSelector(Policy.initialize.selector, address(policyEngine), tokenOwner, new bytes(0));
+    ERC1967Proxy tokenOnlyOwnerPolicyProxy =
+      new ERC1967Proxy(address(tokenOnlyOwnerPolicyImpl), tokenOnlyOwnerPolicyData);
+    OnlyOwnerPolicy tokenOnlyOwnerPolicy = OnlyOwnerPolicy(address(tokenOnlyOwnerPolicyProxy));
+    policyEngine.addPolicy(
+      address(token), ComplianceTokenERC3643.mint.selector, address(tokenOnlyOwnerPolicy), new bytes32[](0)
+    );
+    policyEngine.addPolicy(
+      address(token), ComplianceTokenERC3643.pause.selector, address(tokenOnlyOwnerPolicy), new bytes32[](0)
+    );
+    policyEngine.addPolicy(
+      address(token), ComplianceTokenERC3643.unpause.selector, address(tokenOnlyOwnerPolicy), new bytes32[](0)
+    );
+    policyEngine.addPolicy(
+      address(token), ComplianceTokenERC3643.setAddressFrozen.selector, address(tokenOnlyOwnerPolicy), new bytes32[](0)
+    );
+    policyEngine.addPolicy(
+      address(token), ComplianceTokenERC3643.forcedTransfer.selector, address(tokenOnlyOwnerPolicy), new bytes32[](0)
+    );
+    policyEngine.addPolicy(
+      address(token),
+      ComplianceTokenERC3643.freezePartialTokens.selector,
+      address(tokenOnlyOwnerPolicy),
+      new bytes32[](0)
+    );
+    policyEngine.addPolicy(
+      address(token),
+      ComplianceTokenERC3643.unfreezePartialTokens.selector,
+      address(tokenOnlyOwnerPolicy),
+      new bytes32[](0)
+    );
+    policyEngine.addPolicy(
+      address(token), ComplianceTokenERC3643.setName.selector, address(tokenOnlyOwnerPolicy), new bytes32[](0)
+    );
+    policyEngine.addPolicy(
+      address(token), ComplianceTokenERC3643.setSymbol.selector, address(tokenOnlyOwnerPolicy), new bytes32[](0)
+    );
+    // Attach an CredentialRegistryIdentityValidatorPolicy to validate the 'to' address of ERC20 transfers
+    ERC20TransferExtractor erc20TransferExtractor = new ERC20TransferExtractor();
+    policyEngine.setExtractor(ComplianceTokenERC3643.transfer.selector, address(erc20TransferExtractor));
+    policyEngine.setExtractor(ComplianceTokenERC3643.transferFrom.selector, address(erc20TransferExtractor));
+    CertifiedActionDONValidatorPolicy certifiedActionDONValidatorPolicyImpl = new CertifiedActionDONValidatorPolicy();
+    bytes memory certifiedActionDONValidatorPolicyData = abi.encodeWithSelector(
+      Policy.initialize.selector,
+      address(policyEngine),
+      address(tokenOwner),
+      abi.encode(vm.envAddress("KEYSTONE_FORWARDER_ADDRESS"))
+    );
+    ERC1967Proxy certifiedActionDONValidatorPolicyProxy =
+      new ERC1967Proxy(address(certifiedActionDONValidatorPolicyImpl), certifiedActionDONValidatorPolicyData);
+    CertifiedActionDONValidatorPolicy certifiedActionDONValidatorPolicy =
+      CertifiedActionDONValidatorPolicy(address(certifiedActionDONValidatorPolicyProxy));
+    bytes32[] memory certifiedActionDONValidatorPolicyParameters = new bytes32[](3);
+    certifiedActionDONValidatorPolicyParameters[0] = erc20TransferExtractor.PARAM_FROM();
+    certifiedActionDONValidatorPolicyParameters[1] = erc20TransferExtractor.PARAM_TO();
+    certifiedActionDONValidatorPolicyParameters[2] = erc20TransferExtractor.PARAM_AMOUNT();
+    policyEngine.addPolicy(
+      address(token),
+      ComplianceTokenERC3643.transfer.selector,
+      address(certifiedActionDONValidatorPolicy),
+      certifiedActionDONValidatorPolicyParameters
+    );
+    policyEngine.addPolicy(
+      address(token),
+      ComplianceTokenERC3643.transferFrom.selector,
+      address(certifiedActionDONValidatorPolicy),
+      certifiedActionDONValidatorPolicyParameters
+    );
+    vm.stopBroadcast();
+    console.log("Deployed ComplianceTokenERC3643 at:", address(token));
+    console.log("Deployed PolicyEngine at:", address(policyEngine));
+    console.log("Deployed Token OnlyOwnerPolicy at:", address(tokenOnlyOwnerPolicy));
+    console.log("Deployed ERC20TransferExtractor at:", address(erc20TransferExtractor));
+    console.log("Deployed CertifiedActionDONValidatorPolicy at:", address(certifiedActionDONValidatorPolicy));
+  }
+}