@chainlink/ace 0.5.0

package/packages/policy-management/test/PolicyProtectedToken.t.sol

@@ -0,0 +1,75 @@
+// SPDX-License-Identifier: BUSL-1.1
+pragma solidity 0.8.26;
+
+import {IPolicyEngine, PolicyEngine} from "../src/core/PolicyEngine.sol";
+import {MaxPolicy} from "../src/policies/MaxPolicy.sol";
+import {MockTokenExtractor} from "./helpers/MockTokenExtractor.sol";
+import {MockToken} from "./helpers/MockToken.sol";
+import {BaseProxyTest} from "./helpers/BaseProxyTest.sol";
+
+contract SecureToken_MaxPolicy is BaseProxyTest {
+  MockToken public token;
+  PolicyEngine public policyEngine;
+  MaxPolicy public policy;
+
+  function setUp() public {
+    policyEngine = _deployPolicyEngine(true, address(this));
+
+    token = MockToken(_deployMockToken(address(policyEngine)));
+
+    MaxPolicy policyImpl = new MaxPolicy();
+    policy = MaxPolicy(_deployPolicy(address(policyImpl), address(policyEngine), address(this), abi.encode(100)));
+    MockTokenExtractor extractor = new MockTokenExtractor();
+
+    bytes4[] memory selectors = new bytes4[](3);
+    selectors[0] = MockToken.transfer.selector;
+    selectors[1] = MockToken.transferWithContext.selector;
+    selectors[2] = MockToken.transferFrom.selector;
+
+    policyEngine.setExtractors(selectors, address(extractor));
+
+    bytes32[] memory parameterOutputFormat = new bytes32[](1);
+    parameterOutputFormat[0] = extractor.PARAM_AMOUNT();
+
+    policyEngine.addPolicy(address(token), MockToken.transfer.selector, address(policy), parameterOutputFormat);
+    policyEngine.addPolicy(
+      address(token), MockToken.transferWithContext.selector, address(policy), parameterOutputFormat
+    );
+    policyEngine.addPolicy(address(token), MockToken.transferFrom.selector, address(policy), parameterOutputFormat);
+  }
+
+  function test_transfer_success() public {
+    address recipient = makeAddr("recipient");
+    token.transfer(recipient, 100);
+    assert(token.balanceOf(recipient) == 100);
+  }
+
+  function test_transferWithContext_success() public {
+    address recipient = makeAddr("recipient");
+    token.transferWithContext(recipient, 100, "");
+    assert(token.balanceOf(recipient) == 100);
+  }
+
+  function test_transfer_defaultPolicyRejected_reverts() public {
+    policyEngine.setTargetDefaultPolicyAllow(address(token), false);
+
+    address recipient = makeAddr("recipient");
+
+    vm.expectRevert(_encodeRejectedRevert(0, address(0), "no policy allowed the action and default is reject"));
+    token.transfer(recipient, 100);
+  }
+
+  function test_transfer_overQuota_reverts() public {
+    address recipient = makeAddr("recipient");
+    vm.expectRevert(_encodeRejectedRevert(MockToken.transfer.selector, address(policy), "amount exceeds maximum limit"));
+    token.transfer(recipient, 200);
+  }
+
+  function test_transferWithContext_overQuota_reverts() public {
+    address recipient = makeAddr("recipient");
+    vm.expectRevert(
+      _encodeRejectedRevert(MockToken.transferWithContext.selector, address(policy), "amount exceeds maximum limit")
+    );
+    token.transferWithContext(recipient, 200, "");
+  }
+}

package/packages/policy-management/test/extractors/ComplianceTokenForceTransferExtractor.t.sol

@@ -0,0 +1,59 @@
+// SPDX-License-Identifier: BUSL-1.1
+pragma solidity 0.8.26;
+
+import {Test} from "forge-std/Test.sol";
+import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
+import {IPolicyEngine} from "@chainlink/policy-management/interfaces/IPolicyEngine.sol";
+import {ComplianceTokenForceTransferExtractor} from
+  "@chainlink/policy-management/extractors/ComplianceTokenForceTransferExtractor.sol";
+import {ComplianceTokenERC20} from "../../../tokens/erc-20/src/ComplianceTokenERC20.sol";
+
+contract ComplianceTokenForceTransferExtractorTest is Test {
+  ComplianceTokenForceTransferExtractor public extractor;
+  address public deployer;
+  address public recipient;
+
+  function setUp() public {
+    deployer = makeAddr("deployer");
+    recipient = makeAddr("recipient");
+
+    vm.startPrank(deployer, deployer);
+
+    extractor = new ComplianceTokenForceTransferExtractor();
+
+    vm.stopPrank();
+  }
+
+  function test_extract_forcedTransfer_succeeds() public {
+    IPolicyEngine.Payload memory payload = IPolicyEngine.Payload({
+      selector: ComplianceTokenERC20.forceTransfer.selector,
+      data: abi.encode(deployer, recipient, 888),
+      sender: deployer,
+      context: ""
+    });
+
+    IPolicyEngine.Parameter[] memory params = extractor.extract(payload);
+    vm.assertEq(params.length, 3);
+    vm.assertEq(params[0].name, keccak256("from"));
+    vm.assertEq(params[1].name, keccak256("to"));
+    vm.assertEq(params[2].name, keccak256("amount"));
+    address from = abi.decode(params[0].value, (address));
+    vm.assertEq(from, deployer);
+    address to = abi.decode(params[1].value, (address));
+    vm.assertEq(to, recipient);
+    uint256 value = abi.decode(params[2].value, (uint256));
+    vm.assertEq(value, 888);
+  }
+
+  function test_extract_transfer_fails() public {
+    IPolicyEngine.Payload memory payload = IPolicyEngine.Payload({
+      selector: ComplianceTokenERC20.transfer.selector,
+      data: abi.encode(recipient, 3643),
+      sender: deployer,
+      context: ""
+    });
+
+    vm.expectPartialRevert(IPolicyEngine.UnsupportedSelector.selector);
+    extractor.extract(payload);
+  }
+}

package/packages/policy-management/test/extractors/ComplianceTokenFreezeUnfreezeExtractor.t.sol

@@ -0,0 +1,74 @@
+// SPDX-License-Identifier: BUSL-1.1
+pragma solidity 0.8.26;
+
+import {Test} from "forge-std/Test.sol";
+import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
+import {IPolicyEngine} from "@chainlink/policy-management/interfaces/IPolicyEngine.sol";
+import {ComplianceTokenFreezeUnfreezeExtractor} from
+  "@chainlink/policy-management/extractors/ComplianceTokenFreezeUnfreezeExtractor.sol";
+import {ComplianceTokenERC20} from "../../../tokens/erc-20/src/ComplianceTokenERC20.sol";
+
+contract ComplianceTokenFreezeUnfreezeExtractorTest is Test {
+  ComplianceTokenFreezeUnfreezeExtractor public extractor;
+  address public deployer;
+  address public holder;
+
+  function setUp() public {
+    deployer = makeAddr("deployer");
+    holder = makeAddr("holder");
+
+    vm.startPrank(deployer, deployer);
+
+    extractor = new ComplianceTokenFreezeUnfreezeExtractor();
+
+    vm.stopPrank();
+  }
+
+  function test_extract_freeze_succeeds() public {
+    IPolicyEngine.Payload memory payload = IPolicyEngine.Payload({
+      selector: ComplianceTokenERC20.freeze.selector,
+      data: abi.encode(holder, 36),
+      sender: deployer,
+      context: ""
+    });
+
+    IPolicyEngine.Parameter[] memory params = extractor.extract(payload);
+    vm.assertEq(params.length, 2);
+    vm.assertEq(params[0].name, keccak256("account"));
+    vm.assertEq(params[1].name, keccak256("amount"));
+    address account = abi.decode(params[0].value, (address));
+    vm.assertEq(account, holder);
+    uint256 value = abi.decode(params[1].value, (uint256));
+    vm.assertEq(value, 36);
+  }
+
+  function test_extract_unfreeze_succeeds() public {
+    IPolicyEngine.Payload memory payload = IPolicyEngine.Payload({
+      selector: ComplianceTokenERC20.unfreeze.selector,
+      data: abi.encode(holder, 43),
+      sender: deployer,
+      context: ""
+    });
+
+    IPolicyEngine.Parameter[] memory params = extractor.extract(payload);
+    vm.assertEq(params.length, 2);
+    vm.assertEq(params[0].name, keccak256("account"));
+    vm.assertEq(params[1].name, keccak256("amount"));
+    address account = abi.decode(params[0].value, (address));
+    vm.assertEq(account, holder);
+    uint256 value = abi.decode(params[1].value, (uint256));
+    vm.assertEq(value, 43);
+  }
+
+  function test_extract_transfer_fails() public {
+    IPolicyEngine.Payload memory payload = IPolicyEngine.Payload({
+      selector: ComplianceTokenERC20.transfer.selector,
+      data: abi.encode(holder, 123),
+      sender: deployer,
+      context: ""
+    });
+
+    vm.expectPartialRevert(IPolicyEngine.UnsupportedSelector.selector);
+    extractor.extract(payload);
+  }
+}

package/packages/policy-management/test/extractors/ComplianceTokenMintBurnExtractor.t.sol

@@ -0,0 +1,92 @@
+// SPDX-License-Identifier: BUSL-1.1
+pragma solidity 0.8.26;
+
+import {Test} from "forge-std/Test.sol";
+import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
+import {IPolicyEngine} from "@chainlink/policy-management/interfaces/IPolicyEngine.sol";
+import {ComplianceTokenMintBurnExtractor} from
+  "@chainlink/policy-management/extractors/ComplianceTokenMintBurnExtractor.sol";
+import {ComplianceTokenERC20} from "../../../tokens/erc-20/src/ComplianceTokenERC20.sol";
+
+contract ComplianceTokenMintBurnExtractorTest is Test {
+  ComplianceTokenMintBurnExtractor public extractor;
+  address public deployer;
+  address public recipient;
+
+  function setUp() public {
+    deployer = makeAddr("deployer");
+    recipient = makeAddr("recipient");
+
+    vm.startPrank(deployer, deployer);
+
+    extractor = new ComplianceTokenMintBurnExtractor();
+
+    vm.stopPrank();
+  }
+
+  function test_extract_mint_succeeds() public {
+    IPolicyEngine.Payload memory payload = IPolicyEngine.Payload({
+      selector: ComplianceTokenERC20.mint.selector,
+      data: abi.encode(recipient, 123),
+      sender: deployer,
+      context: ""
+    });
+
+    IPolicyEngine.Parameter[] memory params = extractor.extract(payload);
+    vm.assertEq(params.length, 2);
+    vm.assertEq(params[0].name, keccak256("account"));
+    vm.assertEq(params[1].name, keccak256("amount"));
+    address user = abi.decode(params[0].value, (address));
+    vm.assertEq(user, recipient);
+    uint256 value = abi.decode(params[1].value, (uint256));
+    vm.assertEq(value, 123);
+  }
+
+  function test_extract_burn_succeeds() public {
+    IPolicyEngine.Payload memory payload = IPolicyEngine.Payload({
+      selector: ComplianceTokenERC20.burn.selector,
+      data: abi.encode(123),
+      sender: recipient,
+      context: ""
+    });
+
+    IPolicyEngine.Parameter[] memory params = extractor.extract(payload);
+    vm.assertEq(params.length, 2);
+    vm.assertEq(params[0].name, keccak256("account"));
+    vm.assertEq(params[1].name, keccak256("amount"));
+    address user = abi.decode(params[0].value, (address));
+    vm.assertEq(user, recipient);
+    uint256 value = abi.decode(params[1].value, (uint256));
+    vm.assertEq(value, 123);
+  }
+
+  function test_extract_burnFrom_succeeds() public {
+    IPolicyEngine.Payload memory payload = IPolicyEngine.Payload({
+      selector: ComplianceTokenERC20.burnFrom.selector,
+      data: abi.encode(recipient, 123),
+      sender: deployer,
+      context: ""
+    });
+
+    IPolicyEngine.Parameter[] memory params = extractor.extract(payload);
+    vm.assertEq(params.length, 2);
+    vm.assertEq(params[0].name, keccak256("account"));
+    vm.assertEq(params[1].name, keccak256("amount"));
+    address user = abi.decode(params[0].value, (address));
+    vm.assertEq(user, recipient);
+    uint256 value = abi.decode(params[1].value, (uint256));
+    vm.assertEq(value, 123);
+  }
+
+  function test_extract_transfer_fails() public {
+    IPolicyEngine.Payload memory payload = IPolicyEngine.Payload({
+      selector: ComplianceTokenERC20.transfer.selector,
+      data: abi.encode(recipient, 123),
+      sender: deployer,
+      context: ""
+    });
+
+    vm.expectPartialRevert(IPolicyEngine.UnsupportedSelector.selector);
+    extractor.extract(payload);
+  }
+}

package/packages/policy-management/test/extractors/ERC20ApproveExtractor.t.sol

@@ -0,0 +1,58 @@
+// SPDX-License-Identifier: BUSL-1.1
+pragma solidity 0.8.26;
+
+import {Test} from "forge-std/Test.sol";
+import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
+import {IPolicyEngine} from "@chainlink/policy-management/interfaces/IPolicyEngine.sol";
+import {ERC20ApproveExtractor} from "@chainlink/policy-management/extractors/ERC20ApproveExtractor.sol";
+import {IToken} from "../../../vendor/erc-3643/token/IToken.sol";
+
+contract ERC20ApproveExtractorTest is Test {
+  ERC20ApproveExtractor public extractor;
+  address public deployer;
+  address public recipient;
+
+  function setUp() public {
+    deployer = makeAddr("deployer");
+    recipient = makeAddr("recipient");
+
+    vm.startPrank(deployer, deployer);
+
+    extractor = new ERC20ApproveExtractor();
+
+    vm.stopPrank();
+  }
+
+  function test_extract_approve_succeeds() public {
+    IPolicyEngine.Payload memory payload = IPolicyEngine.Payload({
+      selector: IERC20.approve.selector,
+      data: abi.encode(recipient, 999),
+      sender: deployer,
+      context: ""
+    });
+
+    IPolicyEngine.Parameter[] memory params = extractor.extract(payload);
+    vm.assertEq(params.length, 3);
+    vm.assertEq(params[0].name, keccak256("account"));
+    vm.assertEq(params[1].name, keccak256("spender"));
+    vm.assertEq(params[2].name, keccak256("amount"));
+    address approver = abi.decode(params[0].value, (address));
+    vm.assertEq(approver, deployer);
+    address spender = abi.decode(params[1].value, (address));
+    vm.assertEq(spender, recipient);
+    uint256 value = abi.decode(params[2].value, (uint256));
+    vm.assertEq(value, 999);
+  }
+
+  function test_extract_transfer_fails() public {
+    IPolicyEngine.Payload memory payload = IPolicyEngine.Payload({
+      selector: IERC20.transfer.selector,
+      data: abi.encode(recipient, 999),
+      sender: deployer,
+      context: ""
+    });
+
+    vm.expectPartialRevert(IPolicyEngine.UnsupportedSelector.selector);
+    extractor.extract(payload);
+  }
+}

package/packages/policy-management/test/extractors/ERC3643ForcedTransferExtractor.t.sol

@@ -0,0 +1,59 @@
+// SPDX-License-Identifier: BUSL-1.1
+pragma solidity 0.8.26;
+
+import {Test} from "forge-std/Test.sol";
+import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
+import {IPolicyEngine} from "@chainlink/policy-management/interfaces/IPolicyEngine.sol";
+import {ERC3643ForcedTransferExtractor} from
+  "@chainlink/policy-management/extractors/ERC3643ForcedTransferExtractor.sol";
+import {IToken} from "../../../vendor/erc-3643/token/IToken.sol";
+
+contract ERC3643ForcedTransferExtractorTest is Test {
+  ERC3643ForcedTransferExtractor public extractor;
+  address public deployer;
+  address public recipient;
+
+  function setUp() public {
+    deployer = makeAddr("deployer");
+    recipient = makeAddr("recipient");
+
+    vm.startPrank(deployer, deployer);
+
+    extractor = new ERC3643ForcedTransferExtractor();
+
+    vm.stopPrank();
+  }
+
+  function test_extract_forcedTransfer_succeeds() public {
+    IPolicyEngine.Payload memory payload = IPolicyEngine.Payload({
+      selector: IToken.forcedTransfer.selector,
+      data: abi.encode(deployer, recipient, 888),
+      sender: deployer,
+      context: ""
+    });
+
+    IPolicyEngine.Parameter[] memory params = extractor.extract(payload);
+    vm.assertEq(params.length, 3);
+    vm.assertEq(params[0].name, keccak256("from"));
+    vm.assertEq(params[1].name, keccak256("to"));
+    vm.assertEq(params[2].name, keccak256("amount"));
+    address from = abi.decode(params[0].value, (address));
+    vm.assertEq(from, deployer);
+    address to = abi.decode(params[1].value, (address));
+    vm.assertEq(to, recipient);
+    uint256 value = abi.decode(params[2].value, (uint256));
+    vm.assertEq(value, 888);
+  }
+
+  function test_extract_transfer_fails() public {
+    IPolicyEngine.Payload memory payload = IPolicyEngine.Payload({
+      selector: IERC20.transfer.selector,
+      data: abi.encode(recipient, 3643),
+      sender: deployer,
+      context: ""
+    });
+
+    vm.expectPartialRevert(IPolicyEngine.UnsupportedSelector.selector);
+    extractor.extract(payload);
+  }
+}

package/packages/policy-management/test/extractors/ERC3643FreezeUnfreezeExtractor.t.sol

@@ -0,0 +1,74 @@
+// SPDX-License-Identifier: BUSL-1.1
+pragma solidity 0.8.26;
+
+import {Test} from "forge-std/Test.sol";
+import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
+import {IPolicyEngine} from "@chainlink/policy-management/interfaces/IPolicyEngine.sol";
+import {ERC3643FreezeUnfreezeExtractor} from
+  "@chainlink/policy-management/extractors/ERC3643FreezeUnfreezeExtractor.sol";
+import {IToken} from "../../../vendor/erc-3643/token/IToken.sol";
+
+contract ERC3643FreezeUnfreezeExtractorTest is Test {
+  ERC3643FreezeUnfreezeExtractor public extractor;
+  address public deployer;
+  address public holder;
+
+  function setUp() public {
+    deployer = makeAddr("deployer");
+    holder = makeAddr("holder");
+
+    vm.startPrank(deployer, deployer);
+
+    extractor = new ERC3643FreezeUnfreezeExtractor();
+
+    vm.stopPrank();
+  }
+
+  function test_extract_freeze_succeeds() public {
+    IPolicyEngine.Payload memory payload = IPolicyEngine.Payload({
+      selector: IToken.freezePartialTokens.selector,
+      data: abi.encode(holder, 36),
+      sender: deployer,
+      context: ""
+    });
+
+    IPolicyEngine.Parameter[] memory params = extractor.extract(payload);
+    vm.assertEq(params.length, 2);
+    vm.assertEq(params[0].name, keccak256("account"));
+    vm.assertEq(params[1].name, keccak256("amount"));
+    address account = abi.decode(params[0].value, (address));
+    vm.assertEq(account, holder);
+    uint256 value = abi.decode(params[1].value, (uint256));
+    vm.assertEq(value, 36);
+  }
+
+  function test_extract_unfreeze_succeeds() public {
+    IPolicyEngine.Payload memory payload = IPolicyEngine.Payload({
+      selector: IToken.unfreezePartialTokens.selector,
+      data: abi.encode(holder, 43),
+      sender: deployer,
+      context: ""
+    });
+
+    IPolicyEngine.Parameter[] memory params = extractor.extract(payload);
+    vm.assertEq(params.length, 2);
+    vm.assertEq(params[0].name, keccak256("account"));
+    vm.assertEq(params[1].name, keccak256("amount"));
+    address account = abi.decode(params[0].value, (address));
+    vm.assertEq(account, holder);
+    uint256 value = abi.decode(params[1].value, (uint256));
+    vm.assertEq(value, 43);
+  }
+
+  function test_extract_transfer_fails() public {
+    IPolicyEngine.Payload memory payload = IPolicyEngine.Payload({
+      selector: IERC20.transfer.selector,
+      data: abi.encode(holder, 123),
+      sender: deployer,
+      context: ""
+    });
+
+    vm.expectPartialRevert(IPolicyEngine.UnsupportedSelector.selector);
+    extractor.extract(payload);
+  }
+}

package/packages/policy-management/test/extractors/ERC3643MintBurnExtractor.t.sol

@@ -0,0 +1,73 @@
+// SPDX-License-Identifier: BUSL-1.1
+pragma solidity 0.8.26;
+
+import {Test} from "forge-std/Test.sol";
+import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
+import {IPolicyEngine} from "@chainlink/policy-management/interfaces/IPolicyEngine.sol";
+import {ERC3643MintBurnExtractor} from "@chainlink/policy-management/extractors/ERC3643MintBurnExtractor.sol";
+import {IToken} from "../../../vendor/erc-3643/token/IToken.sol";
+
+contract ERC3643MintBurnExtractorTest is Test {
+  ERC3643MintBurnExtractor public extractor;
+  address public deployer;
+  address public recipient;
+
+  function setUp() public {
+    deployer = makeAddr("deployer");
+    recipient = makeAddr("recipient");
+
+    vm.startPrank(deployer, deployer);
+
+    extractor = new ERC3643MintBurnExtractor();
+
+    vm.stopPrank();
+  }
+
+  function test_extract_mint_succeeds() public {
+    IPolicyEngine.Payload memory payload = IPolicyEngine.Payload({
+      selector: IToken.mint.selector,
+      data: abi.encode(recipient, 123),
+      sender: deployer,
+      context: ""
+    });
+
+    IPolicyEngine.Parameter[] memory params = extractor.extract(payload);
+    vm.assertEq(params.length, 2);
+    vm.assertEq(params[0].name, keccak256("account"));
+    vm.assertEq(params[1].name, keccak256("amount"));
+    address user = abi.decode(params[0].value, (address));
+    vm.assertEq(user, recipient);
+    uint256 value = abi.decode(params[1].value, (uint256));
+    vm.assertEq(value, 123);
+  }
+
+  function test_extract_burn_succeeds() public {
+    IPolicyEngine.Payload memory payload = IPolicyEngine.Payload({
+      selector: IToken.burn.selector,
+      data: abi.encode(recipient, 123),
+      sender: deployer,
+      context: ""
+    });
+
+    IPolicyEngine.Parameter[] memory params = extractor.extract(payload);
+    vm.assertEq(params.length, 2);
+    vm.assertEq(params[0].name, keccak256("account"));
+    vm.assertEq(params[1].name, keccak256("amount"));
+    address user = abi.decode(params[0].value, (address));
+    vm.assertEq(user, recipient);
+    uint256 value = abi.decode(params[1].value, (uint256));
+    vm.assertEq(value, 123);
+  }
+
+  function test_extract_transfer_fails() public {
+    IPolicyEngine.Payload memory payload = IPolicyEngine.Payload({
+      selector: IERC20.transfer.selector,
+      data: abi.encode(recipient, 123),
+      sender: deployer,
+      context: ""
+    });
+
+    vm.expectPartialRevert(IPolicyEngine.UnsupportedSelector.selector);
+    extractor.extract(payload);
+  }
+}

package/packages/policy-management/test/extractors/ERC3643SetAddressFrozenExtractor.t.sol

@@ -0,0 +1,56 @@
+// SPDX-License-Identifier: BUSL-1.1
+pragma solidity 0.8.26;
+
+import {Test} from "forge-std/Test.sol";
+import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
+import {IPolicyEngine} from "@chainlink/policy-management/interfaces/IPolicyEngine.sol";
+import {ERC3643SetAddressFrozenExtractor} from
+  "@chainlink/policy-management/extractors/ERC3643SetAddressFrozenExtractor.sol";
+import {IToken} from "../../../vendor/erc-3643/token/IToken.sol";
+
+contract ERC3643SetAddressFrozenExtractorTest is Test {
+  ERC3643SetAddressFrozenExtractor public extractor;
+  address public deployer;
+  address public holder;
+
+  function setUp() public {
+    deployer = makeAddr("deployer");
+    holder = makeAddr("holder");
+
+    vm.startPrank(deployer, deployer);
+
+    extractor = new ERC3643SetAddressFrozenExtractor();
+
+    vm.stopPrank();
+  }
+
+  function test_extract_setAddressFrozen_succeeds() public {
+    IPolicyEngine.Payload memory payload = IPolicyEngine.Payload({
+      selector: IToken.setAddressFrozen.selector,
+      data: abi.encode(holder, true),
+      sender: deployer,
+      context: ""
+    });
+
+    IPolicyEngine.Parameter[] memory params = extractor.extract(payload);
+    vm.assertEq(params.length, 2);
+    vm.assertEq(params[0].name, keccak256("account"));
+    vm.assertEq(params[1].name, keccak256("value"));
+    address account = abi.decode(params[0].value, (address));
+    vm.assertEq(account, holder);
+    bool value = abi.decode(params[1].value, (bool));
+    vm.assertTrue(value);
+  }
+
+  function test_extract_transfer_fails() public {
+    IPolicyEngine.Payload memory payload = IPolicyEngine.Payload({
+      selector: IERC20.transfer.selector,
+      data: abi.encode(holder, 123),
+      sender: deployer,
+      context: ""
+    });
+
+    vm.expectPartialRevert(IPolicyEngine.UnsupportedSelector.selector);
+    extractor.extract(payload);
+  }
+}