@chainlink/ace 0.5.0

package/packages/policy-management/src/policies/RejectPolicy.sol

@@ -0,0 +1,89 @@
+// SPDX-License-Identifier: BUSL-1.1
+pragma solidity 0.8.26;
+
+import {IPolicyEngine} from "@chainlink/policy-management/interfaces/IPolicyEngine.sol";
+import {Policy} from "@chainlink/policy-management/core/Policy.sol";
+
+/**
+ * @title RejectPolicy
+ * @notice A policy that rejects method calls if one of the addresses is on the list.
+ */
+contract RejectPolicy is Policy {
+  /// @custom:storage-location erc7201:policy-management.RejectPolicy
+  struct RejectPolicyStorage {
+    /// @notice If the address is on this list, method calls will always be rejected.
+    mapping(address account => bool isRejected) rejectList;
+  }
+
+  // keccak256(abi.encode(uint256(keccak256("policy-management.RejectPolicy")) - 1)) & ~bytes32(uint256(0xff))
+  bytes32 private constant RejectPolicyStorageLocation =
+    0x616c7ef46b4b6f234c99b5c7b6e2de9ba93899829ad2bcb8a5a37d5cddf44600;
+
+  function _getRejectPolicyStorage() private pure returns (RejectPolicyStorage storage $) {
+    assembly {
+      $.slot := RejectPolicyStorageLocation
+    }
+  }
+
+  /**
+   * @notice Adds the account to the reject list.
+   * @dev Throws if the account is already in the reject list.
+   * @param account The address to add to the reject list.
+   */
+  function rejectAddress(address account) public onlyOwner {
+    RejectPolicyStorage storage $ = _getRejectPolicyStorage();
+    require(!$.rejectList[account], "Account already in reject list");
+    $.rejectList[account] = true;
+  }
+
+  /**
+   * @notice Removes the account from the reject list.
+   * @dev Throws if the account is not in the reject list.
+   * @param account The address to remove from the reject list.
+   */
+  function unrejectAddress(address account) public onlyOwner {
+    RejectPolicyStorage storage $ = _getRejectPolicyStorage();
+    require($.rejectList[account], "Account not in reject list");
+    $.rejectList[account] = false;
+  }
+
+  /**
+   * @notice Checks if the account is on the reject list.
+   * @param account The address to check.
+   * @return addressRejected if the account is on the reject list, false otherwise.
+   */
+  function addressRejected(address account) public view returns (bool) {
+    RejectPolicyStorage storage $ = _getRejectPolicyStorage();
+    return $.rejectList[account];
+  }
+
+  /**
+   * @notice Function to be called by the policy engine to check if execution is allowed.
+   * @param parameters encoded policy parameters.
+   *        [account(address),...] List of addresses to check for present on the reject list.
+   * @return result The result of the policy check.
+   */
+  function run(
+    address, /*caller*/
+    address, /*subject*/
+    bytes4, /*selector*/
+    bytes[] calldata parameters,
+    bytes calldata /*context*/
+  )
+    public
+    view
+    override
+    returns (IPolicyEngine.PolicyResult)
+  {
+    require(parameters.length >= 1, "expected at least 1 parameter");
+    // Gas optimization: load storage reference once
+    RejectPolicyStorage storage $ = _getRejectPolicyStorage();
+    for (uint256 i = 0; i < parameters.length; i++) {
+      address account = abi.decode(parameters[i], (address));
+      if ($.rejectList[account]) {
+        revert IPolicyEngine.PolicyRejected("address is on reject list");
+      }
+    }
+    return IPolicyEngine.PolicyResult.Continue;
+  }
+}

package/packages/policy-management/src/policies/RoleBasedAccessControlPolicy.sol

@@ -0,0 +1,162 @@
+// SPDX-License-Identifier: BUSL-1.1
+pragma solidity 0.8.26;
+
+import {AccessControlUpgradeable} from "@openzeppelin/contracts-upgradeable/access/AccessControlUpgradeable.sol";
+import {IPolicyEngine} from "@chainlink/policy-management/interfaces/IPolicyEngine.sol";
+import {Policy} from "@chainlink/policy-management/core/Policy.sol";
+
+/**
+ * @title RoleBasedAccessControlPolicy
+ * @notice A policy that allows or denies method calls based on the roles of the sender.
+ * @dev This policy uses OpenZeppelin's AccessControlUpgradeable to manage roles and permissions. The initial owner of
+ * the policy is granted the DEFAULT_ADMIN_ROLE, which allows them to grant and revoke any role. Users can also make use
+ * of roleAdmin to grant account permission to manage specific roles.
+ *
+ * # Usage
+ * Grant the operation allowance to a role. This will allow any account with that role to perform the operation.
+ * ```
+ * bytes32 role = keccak256(abi.encode("roleName"));
+ * grantOperationAllowanceToRole(Token.transfer.selector, role);
+ * grantRole(role, account);
+ * ```
+ */
+contract RoleBasedAccessControlPolicy is Policy, AccessControlUpgradeable {
+  /**
+   * @notice Emitted when the operation allowance is granted to a role.
+   * @param operation The operation allowance to be granted.
+   * @param role The role that is granted the operation allowance.
+   */
+  event OperationAllowanceGrantedToRole(bytes4 operation, bytes32 role);
+  /**
+   * @notice Emitted when the operation allowance is removed from a role.
+   * @param operation The operation allowance to be removed.
+   * @param role The role that is removed the operation allowance.
+   */
+  event OperationAllowanceRemovedFromRole(bytes4 operation, bytes32 role);
+
+  /// @custom:storage-location erc7201:policy-management.RoleBasedAccessControlPolicy
+  struct RoleBasedAccessControlPolicyStorage {
+    /// @notice The mapping of operation allowances to roles. Each operation can have multiple roles that are allowed to
+    /// perform it.
+    mapping(bytes4 operation => bytes32[] roles) rolesByOperation;
+  }
+
+  // keccak256(abi.encode(uint256(keccak256("policy-management.RoleBasedAccessControlPolicy")) - 1)) &
+  // ~bytes32(uint256(0xff))
+  bytes32 private constant RoleBasedAccessControlPolicyStorageLocation =
+    0xcebcf55b92595d67a9ed71c4c21ff1d547eba811760bfc05d1f636b4330cd900;
+
+  function _getRoleBasedAccessControlPolicyStorage()
+    private
+    pure
+    returns (RoleBasedAccessControlPolicyStorage storage $)
+  {
+    assembly {
+      $.slot := RoleBasedAccessControlPolicyStorageLocation
+    }
+  }
+
+  /**
+   * @notice Configures the policy by granting the initial owner the `DEFAULT_ADMIN_ROLE`.
+   * @dev No parameters are expected or decoded from the input. The owner is granted the `DEFAULT_ADMIN_ROLE`
+   *      using OpenZeppelin's AccessControl mechanism. This role allows the owner to grant and revoke other roles.
+   */
+  function configure(bytes calldata) internal override {
+    address owner = owner();
+    bool granted = _grantRole(DEFAULT_ADMIN_ROLE, owner);
+    require(granted, "failed to grant DEFAULT_ADMIN_ROLE");
+  }
+
+  /**
+   * @notice Grants the operation allowance to a role. This will allow any account with that role to perform the
+   * operation.
+   * @param operation The operation allowance to be granted.
+   * @param role The role that is granted the operation allowance.
+   */
+  function grantOperationAllowanceToRole(bytes4 operation, bytes32 role) public onlyOwner {
+    RoleBasedAccessControlPolicyStorage storage $ = _getRoleBasedAccessControlPolicyStorage();
+    uint256 length = $.rolesByOperation[operation].length;
+    for (uint256 i = 0; i < length; i++) {
+      if ($.rolesByOperation[operation][i] == role) {
+        revert("Role already has operation allowance");
+      }
+    }
+    $.rolesByOperation[operation].push(role);
+    emit OperationAllowanceGrantedToRole(operation, role);
+  }
+
+  /**
+   * @notice Removes the operation allowance from a role. This will revoke the ability of any account with that role to
+   * perform the operation.
+   * @param operation The operation allowance to be removed.
+   * @param role The role that is removed the operation allowance.
+   */
+  function removeOperationAllowanceFromRole(bytes4 operation, bytes32 role) public onlyOwner {
+    RoleBasedAccessControlPolicyStorage storage $ = _getRoleBasedAccessControlPolicyStorage();
+    uint256 length = $.rolesByOperation[operation].length;
+    for (uint256 i = 0; i < length; i++) {
+      if ($.rolesByOperation[operation][i] == role) {
+        $.rolesByOperation[operation][i] = $.rolesByOperation[operation][length - 1];
+        $.rolesByOperation[operation].pop();
+        emit OperationAllowanceRemovedFromRole(operation, role);
+        return;
+      }
+    }
+    revert("Role does not have operation allowance");
+  }
+
+  /**
+   * @notice Checks if the account has any of the roles that are allowed to perform the operation.
+   * @param operation The function selector of the operation.
+   * @param account The address of the account to check.
+   * @return isAllowed true if the account has any of the roles that are allowed to perform the operation, false
+   * otherwise.
+   */
+  function hasAllowedRole(bytes4 operation, address account) public view returns (bool) {
+    RoleBasedAccessControlPolicyStorage storage $ = _getRoleBasedAccessControlPolicyStorage();
+    bytes32[] memory roles = $.rolesByOperation[operation];
+    uint256 length = roles.length;
+    for (uint256 i = 0; i < length; i++) {
+      if (hasRole(roles[i], account)) {
+        return true;
+      }
+    }
+    return false;
+  }
+
+  /**
+   * @notice Function to be called by the policy engine to check if execution is allowed.
+   * @param caller The address of the sender.
+   * @param selector The function selector of the method being called.
+   * @param parameters None expected for this policy.
+   * @return result The result of the policy check.
+   */
+  function run(
+    address caller,
+    address, /*subject*/
+    bytes4 selector,
+    bytes[] calldata parameters,
+    bytes calldata /*context*/
+  )
+    public
+    view
+    override
+    returns (IPolicyEngine.PolicyResult)
+  {
+    // expected parameters: none
+    // solhint-disable-next-line gas-custom-errors
+    if (parameters.length != 0) {
+      revert IPolicyEngine.InvalidConfiguration("expected 0 parameters");
+    }
+
+    if (!hasAllowedRole(selector, caller)) {
+      revert IPolicyEngine.PolicyRejected("caller lacks required role for operation");
+    }
+
+    return IPolicyEngine.PolicyResult.Continue;
+  }
+
+  function supportsInterface(bytes4 interfaceId) public view override(Policy, AccessControlUpgradeable) returns (bool) {
+    return super.supportsInterface(interfaceId);
+  }
+}

package/packages/policy-management/src/policies/SecureMintPolicy.sol

@@ -0,0 +1,271 @@
+// SPDX-License-Identifier: BUSL-1.1
+pragma solidity 0.8.26;
+
+import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
+import {AggregatorV3Interface} from "@chainlink/contracts/src/v0.8/shared/interfaces/AggregatorV3Interface.sol";
+import {IPolicyEngine} from "@chainlink/policy-management/interfaces/IPolicyEngine.sol";
+import {Policy} from "@chainlink/policy-management/core/Policy.sol";
+
+/**
+ * @title SecureMintPolicy
+ * @notice A policy that ensures new token minting does not exceed available reserves.
+ * @dev Extends Chainlink's `Policy` reference implementation.
+ * This policy checks if minting a specified amount would cause the total supply of a token to exceed the reserve value
+ * provided by a Chainlink price feed.
+ *
+ * ## Core Parameters
+ *
+ * - `s_reservesFeed`: The Chainlink AggregatorV3 price feed contract address used to retrieve the latest reserve value.
+ * - `s_reserveMarginMode`: Specifies how the reserve margin is calculated. A positive reserve margin means that the
+ * reserves must exceed the total supply of the token by a certain amount, while a negative reserve margin means that
+ * the reserves can be less than the total supply by a certain amount.
+ * - `s_reserveMarginAmount`: The margin amount used in the reserve margin calculation. If `s_reserveMarginMode` is
+ * percentage-based, this represents a hundredth of a percent.
+ * - `s_maxStalenessSeconds`: The maximum staleness seconds for the reserve price feed. 0 means no staleness check.
+ *
+ * ## Dependencies:
+ * - **AggregatorV3Interface**: Used to retrieve the latest reserve value.
+ * - **IERC20**: The policy assumes the `subject` contract implements ERC-20 and supports `totalSupply()`.
+ */
+contract SecureMintPolicy is Policy {
+  /**
+   * @notice Emitted when the PoR feed contract address is set.
+   * @param reservesFeed The new Chainlink AggregatorV3 price feed contract address.
+   */
+  event ReservesFeedSet(address reservesFeed);
+  /**
+   * @notice Emitted when the margin mode is set.
+   * @param mode The new margin mode.
+   * @param amount The new margin amount.
+   */
+  event ReserveMarginSet(ReserveMarginMode mode, uint256 amount);
+  /**
+   * @notice Emitted when the max staleness seconds is set.
+   * @param maxStalenessSeconds The new max staleness seconds. 0 means no staleness check.
+   */
+  event MaxStalenessSecondsSet(uint256 maxStalenessSeconds);
+
+  /**
+   * @notice The ReserveMarginMode enum specifies how the reserve margin is calculated. A positive reserve margin means
+   * that the reserves must exceed the total supply of the token by a certain amount, while a negative reserve margin
+   * means that the reserves can be less than the total supply by a certain amount.
+   * @param None No margin is applied. Total mintable amount is equal to reserves.
+   * @param PositivePercentage A positive percentage margin is applied. Total mintable amount is
+   * reserves * (BASIS_POINTS - margin) / BASIS_POINTS.
+   * @param PositiveAbsolute A positive absolute margin is applied. Total mintable amount is reserves - margin.
+   * @param NegativePercentage A negative percentage margin is applied. Total mintable amount is
+   * reserves * (BASIS_POINTS + margin) / BASIS_POINTS.
+   * @param NegativeAbsolute A negative absolute margin is applied. Total mintable amount is reserves + margin.
+   */
+  enum ReserveMarginMode {
+    None,
+    PositivePercentage,
+    PositiveAbsolute,
+    NegativePercentage,
+    NegativeAbsolute
+  }
+
+  /// @notice Basis points scale used for percentage calculations (1 basis point = 0.01%)
+  uint256 private constant BASIS_POINTS = 10_000;
+
+  /// @custom:storage-location erc7201:policy-management.SecureMintPolicy
+  struct SecureMintPolicyStorage {
+    /// @notice Chainlink AggregatorV3 price feed contract address.
+    AggregatorV3Interface reservesFeed;
+    /// @notice Specifies how the reserve margin is calculated.
+    ReserveMarginMode reserveMarginMode;
+    /// @notice The margin amount used in the reserve margin calculation. If reserveMarginMode is percentage-based, this
+    /// represents a hundredth of a percent.
+    uint256 reserveMarginAmount;
+    /// @notice The maximum staleness seconds for the reserve price feed. 0 means no staleness check.
+    uint256 maxStalenessSeconds;
+  }
+
+  // keccak256(abi.encode(uint256(keccak256("policy-management.SecureMintPolicy")) - 1)) & ~bytes32(uint256(0xff))
+  bytes32 private constant SecureMintPolicyStorageLocation =
+    0xce7aed3b7d424da898685a1d407ca1286fb1f81e854eae77e5e2276c63944900;
+
+  function _getSecureMintPolicyStorage() private pure returns (SecureMintPolicyStorage storage $) {
+    assembly {
+      $.slot := SecureMintPolicyStorageLocation
+    }
+  }
+
+  /**
+   * @notice Configures the policy by setting the reserves feed and margin.
+   * @param parameters ABI-encoded bytes containing [address reservesFeed, ReserveMarginMode reserveMarginMode, uint256
+   * marginAmount, uint256 maxStalenessSeconds].
+   */
+  function configure(bytes calldata parameters) internal override {
+    (address reservesFeed, ReserveMarginMode reserveMarginMode, uint256 marginAmount, uint256 maxStalenessSeconds) =
+      abi.decode(parameters, (address, ReserveMarginMode, uint256, uint256));
+
+    SecureMintPolicyStorage storage $ = _getSecureMintPolicyStorage();
+    $.reservesFeed = AggregatorV3Interface(reservesFeed);
+    emit ReservesFeedSet(reservesFeed);
+
+    _setReserveMargin(reserveMarginMode, marginAmount);
+
+    $.maxStalenessSeconds = maxStalenessSeconds;
+    emit MaxStalenessSecondsSet(maxStalenessSeconds);
+  }
+
+  /**
+   * @notice Updates the Chainlink price feed used for reserve validation.
+   * @dev Throws when address is the same as the current one.
+   * @param reservesFeed The new Chainlink AggregatorV3 price feed contract address.
+   */
+  function setReservesFeed(address reservesFeed) external onlyOwner {
+    SecureMintPolicyStorage storage $ = _getSecureMintPolicyStorage(); // Gas optimization: single storage reference
+    require(reservesFeed != address($.reservesFeed), "feed same as current");
+    $.reservesFeed = AggregatorV3Interface(reservesFeed);
+    emit ReservesFeedSet(reservesFeed);
+  }
+
+  function _setReserveMargin(ReserveMarginMode mode, uint256 amount) internal {
+    require(uint256(mode) <= 4, "Invalid margin mode");
+    if (mode == ReserveMarginMode.PositivePercentage || mode == ReserveMarginMode.NegativePercentage) {
+      require(amount <= BASIS_POINTS, "margin must be <= BASIS_POINTS for percentage modes");
+    } else if (mode == ReserveMarginMode.PositiveAbsolute || mode == ReserveMarginMode.NegativeAbsolute) {
+      require(amount > 0, "margin must be > 0 for absolute modes");
+    }
+    SecureMintPolicyStorage storage $ = _getSecureMintPolicyStorage(); // Gas optimization: single storage reference
+    $.reserveMarginMode = mode;
+    $.reserveMarginAmount = amount;
+    emit ReserveMarginSet(mode, amount);
+  }
+
+  /**
+   * @notice Updates the reserve margin mode and amount.
+   * @dev Throws when mode is invalid or both the mode and amount are the same as the current values.
+   * @param mode The new reserve margin mode.
+   * @param amount The new reserve margin amount. When mode is percentage-based, this represents a hundredth of a
+   * percent.
+   * @dev Precision Warning: When using percentage-based modes (PositivePercentage/NegativePercentage),
+   * be aware that very small reserve values combined with high margin percentages may result in
+   * zero mintable supply due to integer division rounding. Consider the minimum expected reserve
+   * value and price feed decimals when setting percentage margins.
+   *
+   * For feeds with low precision or small values, consider using absolute margin modes instead.
+   */
+  function setReserveMargin(ReserveMarginMode mode, uint256 amount) external onlyOwner {
+    SecureMintPolicyStorage storage $ = _getSecureMintPolicyStorage(); // Gas optimization: single storage reference
+    require(mode != $.reserveMarginMode || amount != $.reserveMarginAmount, "margin same as current");
+    _setReserveMargin(mode, amount);
+  }
+
+  /**
+   * @notice Updates the maximum staleness seconds for the reserve price feed.
+   * @dev Throws when the value is the same as the current value.
+   * @param value The new maximum staleness seconds. 0 means no staleness check.
+   */
+  function setMaxStalenessSeconds(uint256 value) external onlyOwner {
+    SecureMintPolicyStorage storage $ = _getSecureMintPolicyStorage(); // Gas optimization: single storage reference
+    require(value != $.maxStalenessSeconds, "value same as current");
+    $.maxStalenessSeconds = value;
+    emit MaxStalenessSecondsSet(value);
+  }
+
+  /**
+   * @notice Returns the current Chainlink price feed used for reserve validation.
+   * @return address The address of the current Chainlink AggregatorV3 price feed contract.
+   */
+  function reservesFeed() external view returns (address) {
+    SecureMintPolicyStorage storage $ = _getSecureMintPolicyStorage();
+    return address($.reservesFeed);
+  }
+
+  /**
+   * @notice Returns the current margin mode.
+   * @return reserveMarginMode The current margin mode.
+   */
+  function reserveMarginMode() external view returns (ReserveMarginMode) {
+    SecureMintPolicyStorage storage $ = _getSecureMintPolicyStorage();
+    return $.reserveMarginMode;
+  }
+
+  /**
+   * @notice Returns the current margin amount.
+   * @return reserveMarginAmount The current margin amount.
+   */
+  function reserveMarginAmount() external view returns (uint256) {
+    SecureMintPolicyStorage storage $ = _getSecureMintPolicyStorage();
+    return $.reserveMarginAmount;
+  }
+
+  /**
+   * @notice Returns the current max staleness seconds.
+   * @return maxStalenessSeconds The current max staleness seconds.
+   */
+  function maxStalenessSeconds() external view returns (uint256) {
+    SecureMintPolicyStorage storage $ = _getSecureMintPolicyStorage();
+    return $.maxStalenessSeconds;
+  }
+
+  /**
+   * @notice Calculates the total mintable amount based on the reserves and reserve margin mode.
+   * @param reserves The current reserves value.
+   * @return The total mintable amount.
+   */
+  function totalMintableSupply(uint256 reserves) internal view returns (uint256) {
+    SecureMintPolicyStorage storage $ = _getSecureMintPolicyStorage(); // Gas optimization: single storage reference
+    if ($.reserveMarginMode == ReserveMarginMode.None) {
+      return reserves;
+    } else if ($.reserveMarginMode == ReserveMarginMode.PositivePercentage) {
+      // WARNING: May round to zero for very small reserves with high margins
+      // e.g., reserves=1, margin=9999 → 1 * 1 / BASIS_POINTS = 0
+      return reserves * (BASIS_POINTS - $.reserveMarginAmount) / BASIS_POINTS;
+    } else if ($.reserveMarginMode == ReserveMarginMode.PositiveAbsolute) {
+      if (reserves < $.reserveMarginAmount) {
+        return 0;
+      }
+      return reserves - $.reserveMarginAmount;
+    } else if ($.reserveMarginMode == ReserveMarginMode.NegativePercentage) {
+      return reserves * (BASIS_POINTS + $.reserveMarginAmount) / BASIS_POINTS;
+    } else if ($.reserveMarginMode == ReserveMarginMode.NegativeAbsolute) {
+      return reserves + $.reserveMarginAmount;
+    }
+    revert("Invalid margin mode");
+  }
+
+  /**
+   * @notice Function to be called by the policy engine to check if execution is allowed.
+   * @param subject The address of the protected contract.
+   * @param parameters [to(address),amount(uint256)] The parameters of the called method.
+   * @return result The result of the policy check.
+   */
+  function run(
+    address, /*caller*/
+    address subject, /*subject*/
+    bytes4, /*selector*/
+    bytes[] calldata parameters,
+    bytes calldata /*context*/
+  )
+    public
+    view
+    override
+    returns (IPolicyEngine.PolicyResult)
+  {
+    require(parameters.length == 1, "expected 1 parameter");
+    uint256 amount = abi.decode(parameters[0], (uint256));
+
+    SecureMintPolicyStorage storage $ = _getSecureMintPolicyStorage(); // Gas optimization: single storage reference
+    (, int256 reserve,, uint256 updatedAt,) = $.reservesFeed.latestRoundData();
+
+    // reserve is not expected to be negative
+    if (reserve < 0) {
+      revert IPolicyEngine.PolicyRejected("reserve value is negative");
+    }
+
+    if ($.maxStalenessSeconds > 0 && block.timestamp - updatedAt > $.maxStalenessSeconds) {
+      revert IPolicyEngine.PolicyRejected("reserve data is stale");
+    }
+
+    IERC20 token = IERC20(subject);
+    if (amount + token.totalSupply() > totalMintableSupply(uint256(reserve))) {
+      revert IPolicyEngine.PolicyRejected("mint would exceed available reserves");
+    }
+
+    return IPolicyEngine.PolicyResult.Continue;
+  }
+}

package/packages/policy-management/src/policies/VolumePolicy.sol

@@ -0,0 +1,133 @@
+// SPDX-License-Identifier: BUSL-1.1
+pragma solidity 0.8.26;
+
+import {IPolicyEngine} from "@chainlink/policy-management/interfaces/IPolicyEngine.sol";
+import {Policy} from "@chainlink/policy-management/core/Policy.sol";
+
+/**
+ * @title VolumePolicy
+ * @notice A policy that validates transaction amount parameters against configured minimum and maximum limits.
+ * @dev This policy operates on the amount argument passed to protected functions, not on actual token transfers.
+ * For tokens with transfer fees, deflationary mechanisms, or other non-standard behaviors, the actual transferred
+ * amount may differ from the amount parameter this policy validates against.
+ */
+contract VolumePolicy is Policy {
+  /**
+   * @notice Emitted when the maximum volume limit is set.
+   * @param maxAmount The maximum amount parameter limit. If set to 0, there is no maximum limit.
+   */
+  event MaxVolumeSet(uint256 maxAmount);
+  /**
+   * @notice Emitted when the minimum volume limit is set.
+   * @param minAmount The minimum amount parameter limit. If set to 0, there is no minimum limit.
+   */
+  event MinVolumeSet(uint256 minAmount);
+
+  /// @custom:storage-location erc7201:policy-management.VolumePolicy
+  struct VolumePolicyStorage {
+    /// @notice The maximum amount parameter limit. If set to 0, there is no maximum limit.
+    uint256 maxAmount;
+    /// @notice The minimum amount parameter limit. If set to 0, there is no minimum limit.
+    uint256 minAmount;
+  }
+
+  // keccak256(abi.encode(uint256(keccak256("policy-management.VolumePolicy")) - 1)) & ~bytes32(uint256(0xff))
+  bytes32 private constant VolumePolicyStorageLocation =
+    0x5bb13fe9284039d01609a8e5ed913ad65a3c270b5906b4fd9932815137778200;
+
+  function _getVolumePolicyStorage() private pure returns (VolumePolicyStorage storage $) {
+    assembly {
+      $.slot := VolumePolicyStorageLocation
+    }
+  }
+
+  /**
+   * @notice Configures the policy by setting minimum and maximum amount parameter limits.
+   * @param parameters ABI-encoded bytes containing two `uint256` values: the min and max amount limits.
+   *      - `minAmount`: The minimum amount parameter limit, 0 for no minimum.
+   *      - `maxAmount`: The maximum amount parameter limit, 0 for no maximum.
+   * @dev These limits apply to function parameters, not actual token transfer amounts.
+   */
+  function configure(bytes calldata parameters) internal override {
+    VolumePolicyStorage storage $ = _getVolumePolicyStorage();
+    ($.minAmount, $.maxAmount) = abi.decode(parameters, (uint256, uint256));
+    require($.maxAmount > $.minAmount || $.maxAmount == 0, "maxAmount must be greater than minAmount");
+  }
+
+  /**
+   * @notice Sets the maximum amount parameter limit for the policy.
+   * @param maxAmount The maximum amount parameter limit.
+   * @dev Reverts if the new max amount is less than or equal to the min amount (unless maxAmount is 0),
+   * or if it is the same as the current max amount.
+   */
+  function setMax(uint256 maxAmount) public onlyOwner {
+    VolumePolicyStorage storage $ = _getVolumePolicyStorage();
+    require(maxAmount > $.minAmount || maxAmount == 0, "maxAmount must be greater than minAmount");
+    require(maxAmount != $.maxAmount, "maxAmount cannot be the same as current maxAmount");
+    $.maxAmount = maxAmount;
+    emit MaxVolumeSet(maxAmount);
+  }
+
+  /**
+   * @notice Gets the current maximum amount parameter limit for the policy.
+   * @return maxAmount The current maximum amount parameter limit. If 0, there is no maximum limit.
+   */
+  function getMax() public view returns (uint256) {
+    VolumePolicyStorage storage $ = _getVolumePolicyStorage();
+    return $.maxAmount;
+  }
+
+  /**
+   * @notice Sets the minimum amount parameter limit for the policy.
+   * @param minAmount The minimum amount parameter limit.
+   * @dev Reverts if the new min amount is greater than or equal to the max amount (unless maxAmount is 0),
+   * or if it is the same as the current min amount.
+   */
+  function setMin(uint256 minAmount) public onlyOwner {
+    VolumePolicyStorage storage $ = _getVolumePolicyStorage();
+    require(minAmount < $.maxAmount || $.maxAmount == 0, "minAmount must be less than maxAmount");
+    require(minAmount != $.minAmount, "minAmount cannot be the same as current minAmount");
+    $.minAmount = minAmount;
+    emit MinVolumeSet(minAmount);
+  }
+
+  /**
+   * @notice Gets the current minimum amount parameter limit for the policy.
+   * @return minAmount The current minimum amount parameter limit. If 0, there is no minimum limit.
+   */
+  function getMin() public view returns (uint256) {
+    VolumePolicyStorage storage $ = _getVolumePolicyStorage();
+    return $.minAmount;
+  }
+
+  /**
+   * @notice Function called by the policy engine to validate amount parameters against configured limits.
+   * @param parameters [amount(uint256)] The parameters of the called method.
+   * @return result The result of the policy check.
+   * @dev This policy validates the amount argument passed to a protected function, not actual token transfers.
+   * For tokens with fees, rebasing, or other non-standard behaviors, the actual transferred amount may differ.
+   */
+  function run(
+    address, /* caller */
+    address, /* subject */
+    bytes4, /*selector*/
+    bytes[] calldata parameters,
+    bytes calldata /* context */
+  )
+    public
+    view
+    override
+    returns (IPolicyEngine.PolicyResult)
+  {
+    require(parameters.length == 1, "expected 1 parameter");
+    uint256 amount = abi.decode(parameters[0], (uint256));
+
+    // Gas optimization: load storage reference once
+    VolumePolicyStorage storage $ = _getVolumePolicyStorage();
+    if (($.maxAmount != 0 && amount > $.maxAmount) || amount < $.minAmount) {
+      revert IPolicyEngine.PolicyRejected("amount outside allowed volume limits");
+    }
+
+    return IPolicyEngine.PolicyResult.Continue;
+  }
+}