@chainlink/ace 0.5.0

package/packages/policy-management/test/policies/BypassPolicy.t.sol

@@ -0,0 +1,159 @@
+// SPDX-License-Identifier: BUSL-1.1
+pragma solidity 0.8.26;
+
+import {IPolicyEngine, PolicyEngine} from "@chainlink/policy-management/core/PolicyEngine.sol";
+import {ERC20TransferExtractor} from "@chainlink/policy-management/extractors/ERC20TransferExtractor.sol";
+import {BypassPolicy} from "@chainlink/policy-management/policies/BypassPolicy.sol";
+import {MockToken} from "../helpers/MockToken.sol";
+import {ERC3643MintBurnExtractor} from "@chainlink/policy-management/extractors/ERC3643MintBurnExtractor.sol";
+import {BaseProxyTest} from "../helpers/BaseProxyTest.sol";
+
+contract BypassPolicyTest is BaseProxyTest {
+  PolicyEngine public policyEngine;
+  MockToken public token;
+  BypassPolicy public bypassPolicy;
+  address public deployer;
+  address public account;
+  address public recipient;
+
+  function setUp() public {
+    deployer = makeAddr("deployer");
+    account = makeAddr("account");
+    recipient = makeAddr("recipient");
+
+    vm.startPrank(deployer, deployer);
+
+    policyEngine = _deployPolicyEngine(false, deployer);
+
+    BypassPolicy bypassPolicyImpl = new BypassPolicy();
+    bypassPolicy = BypassPolicy(_deployPolicy(address(bypassPolicyImpl), address(policyEngine), deployer, ""));
+    // add account by default
+    bypassPolicy.allowAddress(account);
+
+    token = MockToken(_deployMockToken(address(policyEngine)));
+
+    // set up the bypassPolicy to check the recipient and origin address of token transfers
+    ERC20TransferExtractor transferExtractor = new ERC20TransferExtractor();
+    bytes32[] memory transferPolicyParams = new bytes32[](2);
+    transferPolicyParams[0] = transferExtractor.PARAM_TO();
+    transferPolicyParams[1] = transferExtractor.PARAM_FROM();
+    policyEngine.setExtractor(MockToken.transfer.selector, address(transferExtractor));
+    policyEngine.addPolicy(address(token), MockToken.transfer.selector, address(bypassPolicy), transferPolicyParams);
+    // set up the bypassPolicy to check the mint account (single account)
+    ERC3643MintBurnExtractor mintBurnExtractor = new ERC3643MintBurnExtractor();
+    bytes32[] memory mintPolicyParams = new bytes32[](1);
+    mintPolicyParams[0] = mintBurnExtractor.PARAM_ACCOUNT();
+    policyEngine.setExtractor(MockToken.mint.selector, address(mintBurnExtractor));
+    policyEngine.addPolicy(address(token), MockToken.mint.selector, address(bypassPolicy), mintPolicyParams);
+  }
+
+  function test_allowAddress_succeeds() public {
+    vm.startPrank(deployer, deployer);
+
+    // add the address to the allow list
+    bypassPolicy.allowAddress(recipient);
+    vm.assertEq(bypassPolicy.addressAllowed(recipient), true);
+  }
+
+  function test_allowAddress_alreadyInList_fails() public {
+    vm.startPrank(deployer, deployer);
+
+    // add the address to the bypass list (setup and sanity check)
+    bypassPolicy.allowAddress(recipient);
+    vm.assertEq(bypassPolicy.addressAllowed(recipient), true);
+
+    // add the address to the bypass list again (reverts)
+    vm.expectRevert("Account already in bypass list");
+    bypassPolicy.allowAddress(recipient);
+  }
+
+  function test_disallowAddress_succeeds() public {
+    vm.startPrank(deployer, deployer);
+
+    // add the address to the bypass list (setup and sanity check)
+    bypassPolicy.allowAddress(recipient);
+    vm.assertEq(bypassPolicy.addressAllowed(recipient), true);
+
+    // remove the address from the bypass list
+    bypassPolicy.disallowAddress(recipient);
+    vm.assertEq(bypassPolicy.addressAllowed(recipient), false);
+  }
+
+  function test_disallowAddress_notInList_fails() public {
+    vm.startPrank(deployer, deployer);
+
+    // remove the address from the bypass list (reverts)
+    vm.expectRevert("Account not in bypass list");
+    bypassPolicy.disallowAddress(recipient);
+  }
+
+  function test_transfer_inList_succeeds() public {
+    vm.startPrank(deployer, deployer);
+
+    // add the recipient to the bypass list
+    bypassPolicy.allowAddress(recipient);
+    vm.assertEq(bypassPolicy.addressAllowed(recipient), true);
+
+    vm.startPrank(account, account);
+
+    // transfer from address to recipient
+    token.transfer(recipient, 100);
+    vm.assertEq(token.balanceOf(recipient), 100);
+  }
+
+  function test_transfer_notInList_defaultReject_fails() public {
+    vm.startPrank(account, account);
+
+    // transfer from address to recipient (reverts)
+    vm.expectRevert(_encodeRejectedRevert(0, address(0), "no policy allowed the action and default is reject"));
+    token.transfer(recipient, 100);
+  }
+
+  function test_transfer_removedFromList_defaultReject_fails() public {
+    // add the address to the bypass list (setup)
+    vm.startPrank(deployer, deployer);
+    bypassPolicy.allowAddress(recipient);
+
+    // transfer from address to recipient (sanity check)
+    vm.startPrank(account, account);
+    token.transfer(recipient, 100);
+    vm.assertEq(token.balanceOf(recipient), 100);
+
+    // remove from the bypass list
+    vm.startPrank(deployer, deployer);
+    bypassPolicy.disallowAddress(recipient);
+
+    // transfer from address to recipient (should revert after removal)
+    vm.startPrank(account, account);
+    vm.expectRevert(_encodeRejectedRevert(0, address(0), "no policy allowed the action and default is reject"));
+    token.transfer(recipient, 100);
+  }
+
+  function test_mint_inList_success() public {
+    vm.startPrank(deployer, deployer);
+    token.mint(account, 100);
+    vm.assertEq(token.balanceOf(account), 100);
+  }
+
+  function test_mint_notInList_defaultReject_failure() public {
+    vm.startPrank(deployer, deployer);
+    vm.expectRevert(_encodeRejectedRevert(0, address(0), "no policy allowed the action and default is reject"));
+    token.mint(recipient, 100);
+  }
+
+  function test_misconfiguration_failure() public {
+    vm.startPrank(deployer);
+    // misconfigure the bypassPolicy to check burn operations (no accounts)
+    ERC3643MintBurnExtractor mintBurnExtractor = new ERC3643MintBurnExtractor();
+    policyEngine.setExtractor(MockToken.burn.selector, address(mintBurnExtractor));
+    policyEngine.addPolicy(address(token), MockToken.burn.selector, address(bypassPolicy), new bytes32[](0));
+
+    bytes memory error = abi.encodeWithSignature("Error(string)", "expected at least 1 parameter");
+    vm.expectRevert(
+      abi.encodeWithSelector(
+        IPolicyEngine.PolicyRunError.selector, MockToken.burn.selector, address(bypassPolicy), error
+      )
+    );
+    token.burn(account, 100);
+  }
+}

package/packages/policy-management/test/policies/IntervalPolicy.t.sol

@@ -0,0 +1,307 @@
+// SPDX-License-Identifier: BUSL-1.1
+pragma solidity 0.8.26;
+
+import {IPolicyEngine} from "@chainlink/policy-management/interfaces/IPolicyEngine.sol";
+import {PolicyEngine} from "@chainlink/policy-management/core/PolicyEngine.sol";
+import {IntervalPolicy} from "@chainlink/policy-management/policies/IntervalPolicy.sol";
+import {MockToken} from "../helpers/MockToken.sol";
+import {BaseProxyTest} from "../helpers/BaseProxyTest.sol";
+
+contract IntervalPolicyTest is BaseProxyTest {
+  PolicyEngine public policyEngine;
+  IntervalPolicy public intervalPolicy;
+  MockToken public token;
+  address public deployer;
+  address public recipient;
+  uint256 public OFFSET_TIMESTAMP = 1737470407; // 	Tue Jan 21 2025 14:40:07
+
+  function setUp() public {
+    deployer = makeAddr("deployer");
+    recipient = makeAddr("recipient");
+
+    vm.startPrank(deployer);
+
+    policyEngine = _deployPolicyEngine(true, deployer);
+
+    token = MockToken(_deployMockToken(address(policyEngine)));
+
+    IntervalPolicy intervalPolicyImpl = new IntervalPolicy();
+    bytes memory configParamBytes = abi.encode(
+      11, // start slot
+      17, // end slot
+      1 hours, // slot duration
+      24, // cycle size (24 slots for 24 hours)
+      0 // cycle offset
+    );
+    intervalPolicy =
+      IntervalPolicy(_deployPolicy(address(intervalPolicyImpl), address(policyEngine), deployer, configParamBytes));
+
+    policyEngine.addPolicy(address(token), MockToken.transfer.selector, address(intervalPolicy), new bytes32[](0));
+    vm.warp(OFFSET_TIMESTAMP);
+  }
+
+  function generateTimestampForTargetHour(uint256 targetHour) private view returns (uint256) {
+    uint256 currentTimestamp = block.timestamp;
+    uint256 currentHour = (currentTimestamp / 3600) % 24;
+    if (targetHour > currentHour) {
+      uint256 hoursToAdd = targetHour - currentHour;
+      return currentTimestamp + (hoursToAdd * 3600);
+    }
+
+    uint256 hoursToDecrease = currentHour - targetHour;
+    return currentTimestamp - (hoursToDecrease * 3600);
+  }
+
+  function generateTimestampForTargetDayAndHour(uint256 targetDay, uint256 targetHour) private view returns (uint256) {
+    uint256 currentTimestamp = block.timestamp;
+    uint256 timestampWithHour = generateTimestampForTargetHour(targetHour);
+    uint256 currentDay = (currentTimestamp / 86400 + 4) % 7;
+    uint256 daysToAdd = (targetDay + 7 - currentDay) % 7;
+    uint256 newTimestamp = timestampWithHour + (daysToAdd * 86400);
+    return newTimestamp;
+  }
+
+  function test_transfer_timeWithinInterval_succeeds() public {
+    uint256 timestamp = generateTimestampForTargetHour(16);
+    vm.warp(timestamp);
+    token.transfer(recipient, 100);
+
+    assert(token.balanceOf(recipient) == 100);
+  }
+
+  function test_transfer_timeExtractorExtractsTimeBelowLowerBoundInterval_reverts() public {
+    uint256 timestamp = generateTimestampForTargetHour(10);
+    vm.warp(timestamp);
+    vm.expectRevert(
+      _encodeRejectedRevert(
+        MockToken.transfer.selector, address(intervalPolicy), "execution outside allowed time interval"
+      )
+    );
+    token.transfer(recipient, 100);
+  }
+
+  function test_transfer_timeExtractorExtractsTimeAboveUpperBoundInterval_reverts() public {
+    uint256 timestamp = generateTimestampForTargetHour(18);
+    vm.warp(timestamp);
+    vm.expectRevert(
+      _encodeRejectedRevert(
+        MockToken.transfer.selector, address(intervalPolicy), "execution outside allowed time interval"
+      )
+    );
+    token.transfer(recipient, 100);
+  }
+
+  function test_transfer_timeExtractorWithTwoPoliciesExtractsTimeWithinInterval_succeeds() public {
+    vm.startPrank(deployer);
+    IntervalPolicy dayIntervalPolicyImpl = new IntervalPolicy();
+    bytes memory configParamBytes = abi.encode(1, 6, 1 days, 7, 4);
+    IntervalPolicy dayIntervalPolicy =
+      IntervalPolicy(_deployPolicy(address(dayIntervalPolicyImpl), address(policyEngine), deployer, configParamBytes));
+    policyEngine.addPolicy(address(token), MockToken.transfer.selector, address(dayIntervalPolicy), new bytes32[](0));
+
+    uint256 timestamp = generateTimestampForTargetDayAndHour(2, 13);
+    vm.warp(timestamp);
+    token.transfer(recipient, 100);
+
+    assert(token.balanceOf(recipient) == 100);
+  }
+
+  function test_transfer_timeExtractorWithTwoPoliciesHourBelowLowerBoundInterval_reverts() public {
+    vm.startPrank(deployer);
+    IntervalPolicy dayIntervalPolicyImpl = new IntervalPolicy();
+    bytes memory configParamBytes = abi.encode(1, 6, 1 days, 7, 4);
+    IntervalPolicy dayIntervalPolicy =
+      IntervalPolicy(_deployPolicy(address(dayIntervalPolicyImpl), address(policyEngine), deployer, configParamBytes));
+    policyEngine.addPolicy(address(token), MockToken.transfer.selector, address(dayIntervalPolicy), new bytes32[](0));
+
+    uint256 timestamp = generateTimestampForTargetDayAndHour(2, 10);
+    vm.warp(timestamp);
+    vm.expectRevert(
+      _encodeRejectedRevert(
+        MockToken.transfer.selector, address(intervalPolicy), "execution outside allowed time interval"
+      )
+    );
+    token.transfer(recipient, 100);
+  }
+
+  function test_transfer_timeExtractorWithTwoPoliciesHourAboveUpperBoundInterval_reverts() public {
+    vm.startPrank(deployer);
+    IntervalPolicy dayIntervalPolicyImpl = new IntervalPolicy();
+    bytes memory configParamBytes = abi.encode(1, 6, 1 days, 7, 4);
+    IntervalPolicy dayIntervalPolicy =
+      IntervalPolicy(_deployPolicy(address(dayIntervalPolicyImpl), address(policyEngine), deployer, configParamBytes));
+    policyEngine.addPolicy(address(token), MockToken.transfer.selector, address(dayIntervalPolicy), new bytes32[](0));
+
+    uint256 timestamp = generateTimestampForTargetDayAndHour(2, 18);
+    vm.warp(timestamp);
+    vm.expectRevert(
+      _encodeRejectedRevert(
+        MockToken.transfer.selector, address(intervalPolicy), "execution outside allowed time interval"
+      )
+    );
+    token.transfer(recipient, 100);
+  }
+
+  function test_transfer_timeExtractorWithTwoPoliciesDayBelowLowerBoundInterval_reverts() public {
+    vm.startPrank(deployer);
+    IntervalPolicy dayIntervalPolicyImpl = new IntervalPolicy();
+    bytes memory configParamBytes = abi.encode(1, 6, 1 days, 7, 4);
+    IntervalPolicy dayIntervalPolicy =
+      IntervalPolicy(_deployPolicy(address(dayIntervalPolicyImpl), address(policyEngine), deployer, configParamBytes));
+    policyEngine.addPolicy(address(token), MockToken.transfer.selector, address(dayIntervalPolicy), new bytes32[](0));
+
+    uint256 timestamp = generateTimestampForTargetDayAndHour(0, 14);
+    vm.warp(timestamp);
+    vm.expectRevert(
+      _encodeRejectedRevert(
+        MockToken.transfer.selector, address(dayIntervalPolicy), "execution outside allowed time interval"
+      )
+    );
+    token.transfer(recipient, 100);
+  }
+
+  function test_transfer_timeExtractorWithTwoPoliciesDayAboveUpperBoundInterval_reverts() public {
+    vm.startPrank(deployer);
+    IntervalPolicy dayIntervalPolicyImpl = new IntervalPolicy();
+    bytes memory configParamBytes = abi.encode(1, 6, 1 days, 7, 4);
+    IntervalPolicy dayIntervalPolicy =
+      IntervalPolicy(_deployPolicy(address(dayIntervalPolicyImpl), address(policyEngine), deployer, configParamBytes));
+    policyEngine.addPolicy(address(token), MockToken.transfer.selector, address(dayIntervalPolicy), new bytes32[](0));
+
+    uint256 timestamp = generateTimestampForTargetDayAndHour(6, 14);
+    vm.warp(timestamp);
+    vm.expectRevert(
+      _encodeRejectedRevert(
+        MockToken.transfer.selector, address(dayIntervalPolicy), "execution outside allowed time interval"
+      )
+    );
+    token.transfer(recipient, 100);
+  }
+
+  function test_setUpEndGreaterThanTimePeriodWindow_reverts() public {
+    vm.startPrank(deployer);
+    vm.expectRevert("End slot must be greater than start slot");
+    intervalPolicy.setEndSlot(2);
+  }
+
+  function test_configure_emitsAllEvents() public {
+    vm.startPrank(deployer);
+
+    IntervalPolicy intervalPolicyImpl = new IntervalPolicy();
+    bytes memory configParamBytes = abi.encode(
+      5, // start slot
+      15, // end slot
+      2 hours, // slot duration
+      24, // cycle size
+      2 // cycle offset
+    );
+
+    vm.expectEmit(true, true, true, true);
+    emit IntervalPolicy.StartSlotSet(5);
+    vm.expectEmit(true, true, true, true);
+    emit IntervalPolicy.EndSlotSet(15);
+    vm.expectEmit(true, true, true, true);
+    emit IntervalPolicy.CycleParametersSet(2 hours, 24, 2);
+
+    IntervalPolicy(_deployPolicy(address(intervalPolicyImpl), address(policyEngine), deployer, configParamBytes));
+  }
+
+  function test_setStartSlot_emitsEvent() public {
+    vm.startPrank(deployer);
+
+    vm.expectEmit(true, true, true, true);
+    emit IntervalPolicy.StartSlotSet(5);
+    intervalPolicy.setStartSlot(5);
+
+    assertEq(intervalPolicy.getStartSlot(), 5);
+  }
+
+  function test_setEndSlot_emitsEvent() public {
+    vm.startPrank(deployer);
+
+    vm.expectEmit(true, true, true, true);
+    emit IntervalPolicy.EndSlotSet(20);
+    intervalPolicy.setEndSlot(20);
+
+    assertEq(intervalPolicy.getEndSlot(), 20);
+  }
+
+  function test_setCycleParameters_emitsEvent() public {
+    vm.startPrank(deployer);
+
+    intervalPolicy.setEndSlot(23);
+
+    vm.expectEmit(true, true, true, true);
+    emit IntervalPolicy.CycleParametersSet(30 minutes, 48, 5);
+    intervalPolicy.setCycleParameters(30 minutes, 48, 5);
+
+    (uint256 slotDuration, uint256 cycleSize, uint256 cycleOffset) = intervalPolicy.getCycleParameters();
+    assertEq(slotDuration, 30 minutes);
+    assertEq(cycleSize, 48);
+    assertEq(cycleOffset, 5);
+  }
+
+  function test_canSetEndSlotEqualToCycleSize_succeeds() public {
+    vm.startPrank(deployer);
+
+    IntervalPolicy lastSlotPolicyImpl = new IntervalPolicy();
+    bytes memory configParamBytes = abi.encode(5, 12, 1 hours, 12, 0);
+
+    IntervalPolicy lastSlotPolicy =
+      IntervalPolicy(_deployPolicy(address(lastSlotPolicyImpl), address(policyEngine), deployer, configParamBytes));
+
+    assertEq(lastSlotPolicy.getStartSlot(), 5);
+    assertEq(lastSlotPolicy.getEndSlot(), 12);
+    (, uint256 cycleSize,) = lastSlotPolicy.getCycleParameters();
+    assertEq(cycleSize, 12);
+  }
+
+  function test_firstSlotAndlastSlotExecution_succeds() public {
+    vm.startPrank(deployer);
+
+    policyEngine.removePolicy(address(token), MockToken.transfer.selector, address(intervalPolicy));
+
+    IntervalPolicy lastSlotPolicyImpl = new IntervalPolicy();
+    bytes memory configParamBytes = abi.encode(
+      5, // start slot
+      12, // end slot (equal to cycle size - now allowed)
+      1 hours, // slot duration
+      12, // cycle size
+      0 // cycle offset
+    );
+
+    IntervalPolicy lastSlotPolicy =
+      IntervalPolicy(_deployPolicy(address(lastSlotPolicyImpl), address(policyEngine), deployer, configParamBytes));
+
+    assertEq(lastSlotPolicy.getStartSlot(), 5);
+    assertEq(lastSlotPolicy.getEndSlot(), 12);
+    (, uint256 cycleSize,) = lastSlotPolicy.getCycleParameters();
+    assertEq(cycleSize, 12);
+
+    policyEngine.addPolicy(address(token), MockToken.transfer.selector, address(lastSlotPolicy), new bytes32[](0));
+
+    uint256 baseTimestamp = (12 * 3600);
+
+    uint256 slot5Timestamp = baseTimestamp + (5 * 3600);
+    vm.warp(slot5Timestamp);
+
+    token.transfer(recipient, 50);
+    assertEq(token.balanceOf(recipient), 50);
+
+    uint256 slot4Timestamp = baseTimestamp + (4 * 3600);
+    vm.warp(slot4Timestamp);
+
+    vm.expectRevert(
+      _encodeRejectedRevert(
+        MockToken.transfer.selector, address(lastSlotPolicy), "execution outside allowed time interval"
+      )
+    );
+    token.transfer(recipient, 25);
+
+    uint256 slot11Timestamp = baseTimestamp + (11 * 3600);
+    vm.warp(slot11Timestamp);
+
+    token.transfer(recipient, 100);
+    assertEq(token.balanceOf(recipient), 150);
+  }
+}

package/packages/policy-management/test/policies/MaxPolicy.t.sol

@@ -0,0 +1,54 @@
+// SPDX-License-Identifier: BUSL-1.1
+pragma solidity 0.8.26;
+
+import {IPolicyEngine, PolicyEngine} from "@chainlink/policy-management/core/PolicyEngine.sol";
+import {MaxPolicy} from "@chainlink/policy-management/policies/MaxPolicy.sol";
+import {ERC20TransferExtractor} from "@chainlink/policy-management/extractors/ERC20TransferExtractor.sol";
+import {MockToken} from "../helpers/MockToken.sol";
+import {BaseProxyTest} from "../helpers/BaseProxyTest.sol";
+
+contract MaxPolicyTest is BaseProxyTest {
+  PolicyEngine public policyEngine;
+  MockToken public token;
+  MaxPolicy public policy;
+  address public deployer;
+  address public recipient;
+
+  function setUp() public {
+    deployer = makeAddr("deployer");
+    recipient = makeAddr("recipient");
+
+    vm.startPrank(deployer);
+
+    policyEngine = _deployPolicyEngine(true, deployer);
+
+    MaxPolicy policyImpl = new MaxPolicy();
+    policy = MaxPolicy(_deployPolicy(address(policyImpl), address(policyEngine), deployer, abi.encode(100)));
+    ERC20TransferExtractor extractor = new ERC20TransferExtractor();
+    bytes32[] memory parameterOutputFormat = new bytes32[](1);
+    parameterOutputFormat[0] = extractor.PARAM_AMOUNT();
+
+    token = MockToken(_deployMockToken(address(policyEngine)));
+
+    policyEngine.setExtractor(MockToken.transfer.selector, address(extractor));
+
+    policyEngine.addPolicy(address(token), MockToken.transfer.selector, address(policy), parameterOutputFormat);
+  }
+
+  function test_setMax_success() public {
+    policy.setMax(200);
+    vm.assertEq(policy.getMax(), 200);
+    token.transfer(recipient, 200);
+    vm.assertEq(token.balanceOf(recipient), 200);
+  }
+
+  function test_transfer_success() public {
+    token.transfer(recipient, 100);
+    vm.assertEq(token.balanceOf(recipient), 100);
+  }
+
+  function test_transfer_overMax_reverts() public {
+    vm.expectRevert(_encodeRejectedRevert(MockToken.transfer.selector, address(policy), "amount exceeds maximum limit"));
+    token.transfer(recipient, 200);
+  }
+}

package/packages/policy-management/test/policies/OnlyAuthorizedSenderPolicy.t.sol

@@ -0,0 +1,95 @@
+// SPDX-License-Identifier: BUSL-1.1
+pragma solidity 0.8.26;
+
+import {IPolicyEngine, PolicyEngine} from "@chainlink/policy-management/core/PolicyEngine.sol";
+import {OnlyAuthorizedSenderPolicy} from "@chainlink/policy-management/policies/OnlyAuthorizedSenderPolicy.sol";
+import {MockToken} from "../helpers/MockToken.sol";
+import {BaseProxyTest} from "../helpers/BaseProxyTest.sol";
+
+contract OnlyAuthorizedSenderPolicyTest is BaseProxyTest {
+  PolicyEngine public policyEngine;
+  MockToken public token;
+  OnlyAuthorizedSenderPolicy public policy;
+  address public deployer;
+  address public sender;
+  address public recipient;
+
+  function setUp() public {
+    deployer = makeAddr("deployer");
+    sender = makeAddr("sender");
+    recipient = makeAddr("recipient");
+
+    vm.startPrank(deployer, deployer);
+
+    policyEngine = _deployPolicyEngine(true, deployer);
+
+    OnlyAuthorizedSenderPolicy policyImpl = new OnlyAuthorizedSenderPolicy();
+    policy = OnlyAuthorizedSenderPolicy(_deployPolicy(address(policyImpl), address(policyEngine), deployer, ""));
+
+    token = MockToken(_deployMockToken(address(policyEngine)));
+
+    policyEngine.addPolicy(address(token), MockToken.transfer.selector, address(policy), new bytes32[](0));
+  }
+
+  function test_authorizeSender_succeeds() public {
+    vm.startPrank(deployer, deployer);
+
+    // add the sender to the authorized list
+    policy.authorizeSender(sender);
+    vm.assertEq(policy.senderAuthorized(sender), true);
+  }
+
+  function test_authorizeSender_alreadyInList_fails() public {
+    vm.startPrank(deployer, deployer);
+
+    // add the sender to the authorized list (setup and sanity check)
+    policy.authorizeSender(sender);
+    vm.assertEq(policy.senderAuthorized(sender), true);
+
+    // add the sender to the authorized list again (reverts)
+    vm.expectRevert("Account already in authorized list");
+    policy.authorizeSender(sender);
+  }
+
+  function test_unauthorizeSender_succeeds() public {
+    vm.startPrank(deployer, deployer);
+
+    // add the sender to the authorized list (setup and sanity check)
+    policy.authorizeSender(sender);
+    vm.assertEq(policy.senderAuthorized(sender), true);
+
+    // remove the sender from the authorized list
+    policy.unauthorizeSender(sender);
+    vm.assertEq(policy.senderAuthorized(sender), false);
+  }
+
+  function test_unauthorizeSender_notInList_fails() public {
+    vm.startPrank(deployer, deployer);
+
+    // remove the sender from the authorized list (reverts)
+    vm.expectRevert("Account not in authorized list");
+    policy.unauthorizeSender(sender);
+  }
+
+  function test_transfer_inList_succeeds() public {
+    vm.startPrank(deployer, deployer);
+
+    // add the sender to the allow list
+    policy.authorizeSender(sender);
+    vm.assertEq(policy.senderAuthorized(sender), true);
+
+    vm.startPrank(sender, sender);
+
+    // transfer from sender to recipient
+    token.transfer(recipient, 100);
+    vm.assertEq(token.balanceOf(recipient), 100);
+  }
+
+  function test_transfer_notInList_fails() public {
+    vm.startPrank(sender, sender);
+
+    // transfer from sender to recipient (reverts)
+    vm.expectRevert(_encodeRejectedRevert(MockToken.transfer.selector, address(policy), "sender is not authorized"));
+    token.transfer(recipient, 100);
+  }
+}

package/packages/policy-management/test/policies/OnlyOwnerPolicy.t.sol

@@ -0,0 +1,47 @@
+// SPDX-License-Identifier: BUSL-1.1
+pragma solidity 0.8.26;
+
+import {BaseProxyTest} from "../helpers/BaseProxyTest.sol";
+import {IPolicyEngine, PolicyEngine} from "@chainlink/policy-management/core/PolicyEngine.sol";
+import {OnlyOwnerPolicy} from "@chainlink/policy-management/policies/OnlyOwnerPolicy.sol";
+import {MockToken} from "../helpers/MockToken.sol";
+
+contract OnlyOwnerPolicyTest is BaseProxyTest {
+  PolicyEngine public policyEngine;
+  MockToken public token;
+  OnlyOwnerPolicy public policy;
+  address public deployer;
+  address public account;
+  address public recipient;
+
+  function setUp() public {
+    deployer = makeAddr("deployer");
+    account = makeAddr("account");
+    recipient = makeAddr("recipient");
+
+    vm.startPrank(deployer, deployer);
+
+    policyEngine = PolicyEngine(_deployPolicyEngine(true, deployer));
+
+    OnlyOwnerPolicy policyImpl = new OnlyOwnerPolicy();
+    policy = OnlyOwnerPolicy(_deployPolicy(address(policyImpl), address(policyEngine), deployer, new bytes(0)));
+
+    token = MockToken(_deployMockToken(address(policyEngine)));
+
+    policyEngine.addPolicy(address(token), MockToken.transfer.selector, address(policy), new bytes32[](0));
+  }
+
+  function test_transfer_owner_success() public {
+    vm.startPrank(deployer, deployer);
+    token.transfer(recipient, 100);
+    vm.assertEq(token.balanceOf(recipient), 100);
+  }
+
+  function test_transfer_notOwner_reverts() public {
+    vm.startPrank(account, account);
+    vm.expectRevert(
+      _encodeRejectedRevert(MockToken.transfer.selector, address(policy), "caller is not the policy owner")
+    );
+    token.transfer(recipient, 100);
+  }
+}