@chainlink/ace 0.5.0

package/packages/policy-management/test/helpers/BaseProxyTest.sol

@@ -0,0 +1,75 @@
+// SPDX-License-Identifier: BUSL-1.1
+pragma solidity 0.8.26;
+
+import {Test} from "forge-std/Test.sol";
+import {ERC1967Proxy} from "@openzeppelin/contracts/proxy/ERC1967/ERC1967Proxy.sol";
+import {IPolicyEngine} from "../../src/interfaces/IPolicyEngine.sol";
+import {PolicyEngine} from "../../src/core/PolicyEngine.sol";
+import {Policy} from "../../src/core/Policy.sol";
+import {MockToken} from "./MockToken.sol";
+
+/**
+ * @title BaseProxyTest
+ * @notice Base contract for policy-management tests that need to deploy upgradeable contracts through proxies
+ * @dev Provides helper functions to deploy common policy-management contracts with proper proxy pattern
+ */
+abstract contract BaseProxyTest is Test {
+  /**
+   * @notice Deploy PolicyEngine through proxy
+   * @param defaultAllow The default policy result for the engine (true = allow, false = reject)
+   * @return The deployed PolicyEngine proxy instance
+   */
+  function _deployPolicyEngine(bool defaultAllow, address initialOwner) internal returns (PolicyEngine) {
+    PolicyEngine policyEngineImpl = new PolicyEngine();
+    bytes memory policyEngineData = abi.encodeWithSelector(PolicyEngine.initialize.selector, defaultAllow, initialOwner);
+    ERC1967Proxy policyEngineProxy = new ERC1967Proxy(address(policyEngineImpl), policyEngineData);
+    return PolicyEngine(address(policyEngineProxy));
+  }
+
+  /**
+   * @notice Deploy any Policy-based contract through proxy
+   * @param policyImpl The implementation contract (must inherit from Policy)
+   * @param policyEngine The address of the policy engine contract
+   * @param owner The address of the policy owner
+   * @param parameters ABI-encoded parameters for policy initialization
+   * @return The deployed policy proxy address
+   */
+  function _deployPolicy(
+    address policyImpl,
+    address policyEngine,
+    address owner,
+    bytes memory parameters
+  )
+    internal
+    returns (address)
+  {
+    bytes memory policyData = abi.encodeWithSelector(Policy.initialize.selector, policyEngine, owner, parameters);
+    ERC1967Proxy policyProxy = new ERC1967Proxy(policyImpl, policyData);
+    return address(policyProxy);
+  }
+
+  /**
+   * @notice Deploy MockToken through proxy
+   * @param policyEngine The address of the policy engine contract
+   * @return The deployed MockToken proxy address
+   */
+  function _deployMockToken(address policyEngine) internal returns (address) {
+    // Import and create MockToken implementation
+    MockToken mockTokenImpl = new MockToken();
+    bytes memory mockTokenData = abi.encodeWithSelector(MockToken.initialize.selector, policyEngine);
+    ERC1967Proxy mockTokenProxy = new ERC1967Proxy(address(mockTokenImpl), mockTokenData);
+    return address(mockTokenProxy);
+  }
+
+  function _encodeRejectedRevert(
+    bytes4 selector,
+    address policy,
+    string memory reason
+  )
+    internal
+    pure
+    returns (bytes memory)
+  {
+    return abi.encodeWithSelector(IPolicyEngine.PolicyRunRejected.selector, selector, policy, reason);
+  }
+}

package/packages/policy-management/test/helpers/CustomMapper.sol

@@ -0,0 +1,26 @@
+// SPDX-License-Identifier: BUSL-1.1
+pragma solidity 0.8.26;
+
+import {IMapper} from "../../src/interfaces/IMapper.sol";
+import {IPolicyEngine} from "../../src/interfaces/IPolicyEngine.sol";
+
+contract CustomMapper is IMapper {
+  bytes[] private s_mappedParameters;
+
+  function setMappedParameters(bytes[] memory mappedParameters) public {
+    s_mappedParameters = mappedParameters;
+  }
+
+  function map(IPolicyEngine.Parameter[] calldata /*extractedParameters*/ )
+    external
+    view
+    override
+    returns (bytes[] memory)
+  {
+    bytes[] memory results = new bytes[](s_mappedParameters.length);
+    for (uint256 i = 0; i < s_mappedParameters.length; i++) {
+      results[i] = s_mappedParameters[i];
+    }
+    return results;
+  }
+}

package/packages/policy-management/test/helpers/DummyExtractor.sol

@@ -0,0 +1,11 @@
+// SPDX-License-Identifier: BUSL-1.1
+pragma solidity 0.8.26;
+
+import {IExtractor} from "../../src/interfaces/IExtractor.sol";
+import {IPolicyEngine} from "../../src/interfaces/IPolicyEngine.sol";
+
+contract DummyExtractor is IExtractor {
+  function extract(IPolicyEngine.Payload calldata) external pure override returns (IPolicyEngine.Parameter[] memory) {
+    return new IPolicyEngine.Parameter[](0);
+  }
+}

package/packages/policy-management/test/helpers/ExpectedParameterPolicy.sol

@@ -0,0 +1,39 @@
+// SPDX-License-Identifier: BUSL-1.1
+pragma solidity 0.8.26;
+
+import {IPolicyEngine} from "../../src/interfaces/IPolicyEngine.sol";
+import {Policy} from "../../src/core/Policy.sol";
+
+contract ExpectedParameterPolicy is Policy {
+  bytes[] private s_expectedParameters;
+
+  function configure(bytes calldata parameters) internal override onlyInitializing {
+    bytes[] memory expectedParameters = abi.decode(parameters, (bytes[]));
+    s_expectedParameters = expectedParameters;
+  }
+
+  function setExpectedParameters(bytes[] memory expectedParameters) public onlyOwner {
+    s_expectedParameters = expectedParameters;
+  }
+
+  function run(
+    address, /*caller*/
+    address, /*subject*/
+    bytes4, /*selector*/
+    bytes[] calldata parameters,
+    bytes calldata /*context*/
+  )
+    public
+    view
+    override
+    returns (IPolicyEngine.PolicyResult)
+  {
+    if (
+      parameters.length == s_expectedParameters.length
+        && keccak256(abi.encode(parameters)) == keccak256(abi.encode(s_expectedParameters))
+    ) {
+      return IPolicyEngine.PolicyResult.Allowed;
+    }
+    revert IPolicyEngine.PolicyRejected("parameters do not match expected values");
+  }
+}

package/packages/policy-management/test/helpers/MockAggregatorV3.sol

@@ -0,0 +1,51 @@
+// SPDX-License-Identifier: BUSL-1.1
+pragma solidity ^0.8.26;
+
+import {AggregatorV3Interface} from "@chainlink/contracts/src/v0.8/shared/interfaces/AggregatorV3Interface.sol";
+
+contract MockAggregatorV3 is AggregatorV3Interface {
+  int256 private s_price;
+  uint8 private s_decimals;
+  uint256 private s_updatedAt;
+
+  constructor(int256 _initialPrice, uint8 _decimals) {
+    s_price = _initialPrice;
+    s_decimals = _decimals;
+  }
+
+  function setPrice(int256 newPrice) external {
+    s_price = newPrice;
+  }
+
+  function setUpdatedAt(uint256 newUpdatedAt) external {
+    s_updatedAt = newUpdatedAt;
+  }
+
+  function decimals() external view override returns (uint8) {
+    return s_decimals;
+  }
+
+  function latestRoundData()
+    external
+    view
+    override
+    returns (uint80 roundId, int256 answer, uint256 startedAt, uint256 updatedAt, uint80 answeredInRound)
+  {
+    return (0, s_price, 0, s_updatedAt, 0);
+  }
+
+  function description() external pure override returns (string memory) {
+    return "Mock Aggregator";
+  }
+
+  function version() external pure override returns (uint256) {
+    return 1;
+  }
+
+  function getRoundData(uint80 _roundId)
+    external
+    view
+    override
+    returns (uint80 roundId, int256 answer, uint256 startedAt, uint256 updatedAt, uint80 answeredInRound)
+  {}
+}

package/packages/policy-management/test/helpers/MockToken.sol

@@ -0,0 +1,66 @@
+// SPDX-License-Identifier: BUSL-1.1
+pragma solidity ^0.8.20;
+
+import {PolicyProtected} from "@chainlink/policy-management/core/PolicyProtected.sol";
+import {Initializable} from "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol";
+
+contract MockToken is Initializable, PolicyProtected {
+  mapping(address account => uint256 balance) public s_balances;
+  uint256 public totalSupply = 0;
+  bool public paused;
+
+  error Paused();
+
+  modifier whenNotPaused() {
+    if (paused) {
+      revert Paused();
+    }
+    _;
+  }
+
+  function initialize(address policyEngine) external initializer {
+    __PolicyProtected_init(msg.sender, policyEngine);
+  }
+
+  function transfer(address to, uint256 amount) external whenNotPaused runPolicy {
+    s_balances[to] += amount;
+  }
+
+  function transferWithContext(
+    address to,
+    uint256 amount,
+    bytes calldata context
+  )
+    external
+    whenNotPaused
+    runPolicyWithContext(context)
+  {
+    s_balances[to] += amount;
+  }
+
+  function transferFrom(address, /*from*/ address to, uint256 amount) external whenNotPaused runPolicy {
+    s_balances[to] += amount;
+  }
+
+  function balanceOf(address account) external view returns (uint256) {
+    return s_balances[account];
+  }
+
+  function mint(address to, uint256 amount) external whenNotPaused runPolicy {
+    s_balances[to] += amount;
+    totalSupply += amount;
+  }
+
+  function burn(address to, uint256 amount) external whenNotPaused runPolicy {
+    s_balances[to] -= amount;
+    totalSupply -= amount;
+  }
+
+  function pause() external runPolicy {
+    paused = true;
+  }
+
+  function unpause() external runPolicy {
+    paused = false;
+  }
+}

package/packages/policy-management/test/helpers/MockTokenExtractor.sol

@@ -0,0 +1,34 @@
+// SPDX-License-Identifier: BUSL-1.1
+pragma solidity 0.8.26;
+
+import {IExtractor} from "../../src/interfaces/IExtractor.sol";
+import {IPolicyEngine} from "../../src/interfaces/IPolicyEngine.sol";
+import {MockToken} from "./MockToken.sol";
+
+contract MockTokenExtractor is IExtractor {
+  bytes32 public constant PARAM_FROM = keccak256("from");
+  bytes32 public constant PARAM_TO = keccak256("to");
+  bytes32 public constant PARAM_AMOUNT = keccak256("amount");
+
+  function extract(IPolicyEngine.Payload calldata payload) public pure returns (IPolicyEngine.Parameter[] memory) {
+    address from = address(0);
+    address to = address(0);
+    uint256 amount = 0;
+
+    if (payload.selector == MockToken.transfer.selector || payload.selector == MockToken.transferWithContext.selector) {
+      from = payload.sender;
+      (to, amount) = abi.decode(payload.data, (address, uint256));
+    } else if (payload.selector == MockToken.transferFrom.selector) {
+      (from, to, amount) = abi.decode(payload.data, (address, address, uint256));
+    } else {
+      revert IPolicyEngine.UnsupportedSelector(payload.selector);
+    }
+
+    IPolicyEngine.Parameter[] memory result = new IPolicyEngine.Parameter[](3);
+    result[0] = IPolicyEngine.Parameter(PARAM_FROM, abi.encode(from));
+    result[1] = IPolicyEngine.Parameter(PARAM_TO, abi.encode(to));
+    result[2] = IPolicyEngine.Parameter(PARAM_AMOUNT, abi.encode(amount));
+
+    return result;
+  }
+}

package/packages/policy-management/test/helpers/PolicyAlwaysAllowed.sol

@@ -0,0 +1,45 @@
+// SPDX-License-Identifier: BUSL-1.1
+pragma solidity 0.8.26;
+
+import {IPolicyEngine} from "../../src/interfaces/IPolicyEngine.sol";
+import {Policy} from "../../src/core/Policy.sol";
+
+contract PolicyAlwaysAllowed is Policy {
+  uint8 private s_policyNumber;
+
+  event PolicyAllowedExecuted(uint256 value);
+
+  function configure(bytes calldata parameters) internal override onlyInitializing {
+    uint8 policyNumber = abi.decode(parameters, (uint8));
+    s_policyNumber = policyNumber;
+  }
+
+  function getPolicyNumber() public view returns (uint8) {
+    return s_policyNumber;
+  }
+
+  function run(
+    address,
+    address,
+    bytes4,
+    bytes[] calldata,
+    bytes calldata
+  )
+    public
+    pure
+    override
+    returns (IPolicyEngine.PolicyResult)
+  {
+    return IPolicyEngine.PolicyResult.Allowed;
+  }
+
+  function postRun(address, address, bytes4, bytes[] calldata, bytes calldata) public virtual override {
+    emit PolicyAllowedExecuted(s_policyNumber);
+  }
+}
+
+contract PolicyAlwaysAllowedWithPostRunError is PolicyAlwaysAllowed {
+  function postRun(address, address, bytes4, bytes[] calldata, bytes calldata) public pure override {
+    revert("Post run error");
+  }
+}

package/packages/policy-management/test/helpers/PolicyAlwaysContinue.sol

@@ -0,0 +1,23 @@
+// SPDX-License-Identifier: BUSL-1.1
+
+pragma solidity 0.8.26;
+
+import {IPolicyEngine} from "../../src/interfaces/IPolicyEngine.sol";
+import {Policy} from "../../src/core/Policy.sol";
+
+contract PolicyAlwaysContinue is Policy {
+  function run(
+    address,
+    address,
+    bytes4,
+    bytes[] calldata,
+    bytes calldata
+  )
+    public
+    pure
+    override
+    returns (IPolicyEngine.PolicyResult)
+  {
+    return IPolicyEngine.PolicyResult.Continue;
+  }
+}

package/packages/policy-management/test/helpers/PolicyAlwaysRejected.sol

@@ -0,0 +1,23 @@
+// SPDX-License-Identifier: BUSL-1.1
+
+pragma solidity 0.8.26;
+
+import {IPolicyEngine} from "../../src/interfaces/IPolicyEngine.sol";
+import {Policy} from "../../src/core/Policy.sol";
+
+contract PolicyAlwaysRejected is Policy {
+  function run(
+    address,
+    address,
+    bytes4,
+    bytes[] calldata,
+    bytes calldata
+  )
+    public
+    pure
+    override
+    returns (IPolicyEngine.PolicyResult)
+  {
+    revert IPolicyEngine.PolicyRejected("test policy always rejects");
+  }
+}

package/packages/policy-management/test/helpers/PolicyFailingRun.sol

@@ -0,0 +1,22 @@
+// SPDX-License-Identifier: BUSL-1.1
+pragma solidity 0.8.26;
+
+import {IPolicyEngine} from "../../src/interfaces/IPolicyEngine.sol";
+import {Policy} from "../../src/core/Policy.sol";
+
+contract PolicyFailingRun is Policy {
+  function run(
+    address,
+    address,
+    bytes4,
+    bytes[] calldata,
+    bytes calldata
+  )
+    public
+    pure
+    override
+    returns (IPolicyEngine.PolicyResult)
+  {
+    revert("Run error");
+  }
+}

package/packages/policy-management/test/policies/AllowPolicy.t.sol

@@ -0,0 +1,174 @@
+// SPDX-License-Identifier: BUSL-1.1
+pragma solidity 0.8.26;
+
+import {IPolicyEngine, PolicyEngine} from "@chainlink/policy-management/core/PolicyEngine.sol";
+import {ERC20TransferExtractor} from "@chainlink/policy-management/extractors/ERC20TransferExtractor.sol";
+import {AllowPolicy} from "@chainlink/policy-management/policies/AllowPolicy.sol";
+import {MockToken} from "../helpers/MockToken.sol";
+import {ERC3643MintBurnExtractor} from "@chainlink/policy-management/extractors/ERC3643MintBurnExtractor.sol";
+import {BaseProxyTest} from "../helpers/BaseProxyTest.sol";
+
+contract AllowPolicyTest is BaseProxyTest {
+  PolicyEngine public policyEngine;
+  MockToken public token;
+  AllowPolicy public allowPolicy;
+  address public deployer;
+  address public account;
+  address public recipient;
+
+  function setUp() public {
+    deployer = makeAddr("deployer");
+    account = makeAddr("account");
+    recipient = makeAddr("recipient");
+
+    vm.startPrank(deployer, deployer);
+
+    policyEngine = _deployPolicyEngine(true, deployer);
+
+    AllowPolicy allowPolicyImpl = new AllowPolicy();
+    allowPolicy = AllowPolicy(_deployPolicy(address(allowPolicyImpl), address(policyEngine), deployer, ""));
+    // add account by default
+    allowPolicy.allowAddress(account);
+
+    token = MockToken(_deployMockToken(address(policyEngine)));
+
+    // set up the allowPolicy to check the recipient and origin of token transfers (multiple accounts)
+    ERC20TransferExtractor transferExtractor = new ERC20TransferExtractor();
+    bytes32[] memory transferPolicyParams = new bytes32[](2);
+    transferPolicyParams[0] = transferExtractor.PARAM_TO();
+    transferPolicyParams[1] = transferExtractor.PARAM_FROM();
+    policyEngine.setExtractor(MockToken.transfer.selector, address(transferExtractor));
+    policyEngine.addPolicy(address(token), MockToken.transfer.selector, address(allowPolicy), transferPolicyParams);
+    // set up the allowPolicy to check the mint account (single account)
+    ERC3643MintBurnExtractor mintBurnExtractor = new ERC3643MintBurnExtractor();
+    bytes32[] memory mintPolicyParams = new bytes32[](1);
+    mintPolicyParams[0] = mintBurnExtractor.PARAM_ACCOUNT();
+    policyEngine.setExtractor(MockToken.mint.selector, address(mintBurnExtractor));
+    policyEngine.addPolicy(address(token), MockToken.mint.selector, address(allowPolicy), mintPolicyParams);
+  }
+
+  function test_allowAddress_succeeds() public {
+    vm.startPrank(deployer, deployer);
+
+    // Expect AddressAllowed event to be emitted with correct parameters
+    vm.expectEmit(true, true, true, true);
+    emit AllowPolicy.AddressAllowed(recipient);
+
+    // add the address to the allow list
+    allowPolicy.allowAddress(recipient);
+    vm.assertEq(allowPolicy.addressAllowed(recipient), true);
+  }
+
+  function test_allowAddress_alreadyInList_fails() public {
+    vm.startPrank(deployer, deployer);
+
+    // add the address to the allow list (setup and sanity check)
+    allowPolicy.allowAddress(recipient);
+    vm.assertEq(allowPolicy.addressAllowed(recipient), true);
+
+    // add the address to the allow list again (reverts)
+    vm.expectRevert("Account already in allow list");
+    allowPolicy.allowAddress(recipient);
+  }
+
+  function test_disallowAddress_succeeds() public {
+    vm.startPrank(deployer, deployer);
+
+    // add the address to the allow list (setup and sanity check)
+    allowPolicy.allowAddress(recipient);
+    vm.assertEq(allowPolicy.addressAllowed(recipient), true);
+
+    // Expect AddressDisallowed event to be emitted with correct parameters
+    vm.expectEmit(true, true, true, true);
+    emit AllowPolicy.AddressDisallowed(recipient);
+
+    // remove the address from the allow list
+    allowPolicy.disallowAddress(recipient);
+    vm.assertEq(allowPolicy.addressAllowed(recipient), false);
+  }
+
+  function test_disallowAddress_notInList_fails() public {
+    vm.startPrank(deployer, deployer);
+
+    // remove the address from the allow list (reverts)
+    vm.expectRevert("Account not in allow list");
+    allowPolicy.disallowAddress(recipient);
+  }
+
+  function test_transfer_inList_succeeds() public {
+    vm.startPrank(deployer, deployer);
+
+    // add the recipient to the allow list
+    allowPolicy.allowAddress(recipient);
+    vm.assertEq(allowPolicy.addressAllowed(recipient), true);
+
+    vm.startPrank(account, account);
+
+    // transfer from address to recipient
+    token.transfer(recipient, 100);
+    vm.assertEq(token.balanceOf(recipient), 100);
+  }
+
+  function test_transfer_notInList_fails() public {
+    vm.startPrank(account, account);
+
+    // transfer from address to recipient (reverts)
+    vm.expectRevert(
+      _encodeRejectedRevert(MockToken.transfer.selector, address(allowPolicy), "address is not on allow list")
+    );
+    token.transfer(recipient, 100);
+  }
+
+  function test_transfer_removedFromList_fails() public {
+    // add the address to the allow list (setup)
+    vm.startPrank(deployer, deployer);
+    allowPolicy.allowAddress(recipient);
+
+    // transfer from address to recipient (sanity check)
+    vm.startPrank(account, account);
+    token.transfer(recipient, 100);
+    vm.assertEq(token.balanceOf(recipient), 100);
+
+    // remove from the allow list
+    vm.startPrank(deployer, deployer);
+    allowPolicy.disallowAddress(recipient);
+
+    // transfer from address to recipient (should revert after removal)
+    vm.startPrank(account, account);
+    vm.expectRevert(
+      _encodeRejectedRevert(MockToken.transfer.selector, address(allowPolicy), "address is not on allow list")
+    );
+    token.transfer(recipient, 100);
+  }
+
+  function test_mint_inList_success() public {
+    vm.startPrank(deployer, deployer);
+    // account is allowed in set up
+    token.mint(account, 100);
+    vm.assertEq(token.balanceOf(account), 100);
+  }
+
+  function test_mint_notInList_failure() public {
+    vm.startPrank(deployer, deployer);
+    vm.expectRevert(
+      _encodeRejectedRevert(MockToken.mint.selector, address(allowPolicy), "address is not on allow list")
+    );
+    token.mint(recipient, 20);
+  }
+
+  function test_misconfiguration_failure() public {
+    vm.startPrank(deployer);
+    // misconfigure the allowPolicy to check burn operations (no accounts)
+    ERC3643MintBurnExtractor mintBurnExtractor = new ERC3643MintBurnExtractor();
+    policyEngine.setExtractor(MockToken.burn.selector, address(mintBurnExtractor));
+    policyEngine.addPolicy(address(token), MockToken.burn.selector, address(allowPolicy), new bytes32[](0));
+
+    bytes memory error = abi.encodeWithSignature("Error(string)", "expected at least 1 parameter");
+    vm.expectRevert(
+      abi.encodeWithSelector(
+        IPolicyEngine.PolicyRunError.selector, MockToken.burn.selector, address(allowPolicy), error
+      )
+    );
+    token.burn(account, 100);
+  }
+}