Policy Library
ACE ships with a library of pre-built, audited policies that cover the most common compliance and access control patterns. Each policy is a standalone smart contract that plugs into a PolicyEngine and evaluates transactions at runtime.
For guidance on combining policies and understanding execution order, see Policy Ordering & Composition.
Policy summary
| Policy | Description |
|---|---|
| AllowPolicy | Maintains an allowlist. Rejects the transaction if any checked address is not on the list. |
| BypassPolicy | Maintains an allowlist. If all checked addresses are on the list, immediately allows the transaction and skips all remaining policies. |
| RejectPolicy | Maintains a denylist. Rejects the transaction if any checked address is on the list. |
| OnlyAuthorizedSenderPolicy | Rejects the transaction if the sender (msg.sender) is not on the authorized list. |
| RoleBasedAccessControlPolicy | Maps roles to function selectors. Rejects if the sender does not hold a role allowed for the called function. |
| MaxPolicy | Rejects the transaction if the extracted value exceeds a configured maximum. |
| VolumePolicy | Rejects the transaction if the extracted value is below a minimum or above a maximum. |
| VolumeRatePolicy | Tracks cumulative volume per account per time period. Rejects if the period's cap would be exceeded. |
| SecureMintPolicy | Checks a Chainlink Proof of Reserve feed. Rejects if minting would push total supply beyond verified reserves. |
| IntervalPolicy | Divides time into repeating slot-based cycles. Rejects if the current slot is outside the allowed window. |
| PausePolicy | Global toggle. Rejects every transaction when paused; passes through when unpaused. |
| CredentialRegistryIdentityValidatorPolicy | Checks each address against configured credential requirements. Rejects if any address lacks required credentials. |
| CertifiedActionDONValidatorPolicy | Validates DON-issued permits delivered on-chain via the Keystone Forwarder. Rejects if no valid permit exists. |