feat: integrate OpenZeppelin SafeERC20, tighten pause semantics, add tests

- Switch USDC handling to OpenZeppelin IERC20 + SafeERC20
- Enforce pause across policy and recipient management
- Add basic policy sanity checks (per-tx > 0, daily >= per-tx)
- Clean up agent registry access and unused variables
- Add Foundry test suite covering happy path, pause, replay, and revocation

Author: tr-Kalyan

.gitmodules

@@ -1,3 +1,6 @@
 [submodule "lib/forge-std"]
 	path = lib/forge-std
 	url = https://github.com/foundry-rs/forge-std
+[submodule "lib/openzeppelin-contracts"]
+	path = lib/openzeppelin-contracts
+	url = https://github.com/OpenZeppelin/openzeppelin-contracts

foundry.lock

@@ -4,5 +4,11 @@
       "name": "v1.14.0",
       "rev": "1801b0541f4fda118a10798fd3486bb7051c5dd6"
     }
+  },
+  "lib/openzeppelin-contracts": {
+    "tag": {
+      "name": "v5.5.0",
+      "rev": "fcbae5394ae8ad52d8e580a3477db99814b9d565"
+    }
   }
 }

foundry.toml

@@ -4,4 +4,7 @@ out = "out"
 libs = ["lib"]
 solc_version = "0.8.26"
 
+remappings = [
+    "@openzeppelin/contracts=lib/openzeppelin-contracts/contracts"
+]
 # See more config options https://github.com/foundry-rs/foundry/blob/master/crates/config/README.md#all-options

lib/openzeppelin-contracts

@@ -104,7 +104,6 @@ contract AgentRegistry {
         return (a.owner, a.active);
     }
 
-    
     //////////////////////
     /// External view Functions
     //////////////////////

src/AgentRegistry.sol

@@ -1,13 +1,13 @@
 // SPDX-License-Identifier: MIT
 pragma solidity ^0.8.26;
 
-import "./AgentRegistry.sol";
-
-interface IERC20 {
-    function transfer(address to, uint256 amount) external returns (bool);
-}
+import {AgentRegistry} from "./AgentRegistry.sol";
+import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
+import {SafeERC20} from "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
 
 contract TreasuryWithPolicy {
+    using SafeERC20 for IERC20;
+
     error NotOwner();
     error AgentNotAuthorized();
     error RecipientNotAllowed();
@@ -30,7 +30,7 @@ contract TreasuryWithPolicy {
         uint256 cooldown;
     }
 
-    IERC20 public immutable usdc;
+    IERC20 public immutable USDC;
     address public owner;
     address public agentRegistry;
 
@@ -58,7 +58,7 @@ contract TreasuryWithPolicy {
     constructor(address _usdc, address _agentRegistry) {
         require(_usdc != address(0) && _agentRegistry != address(0), "zero address");
 
-        usdc = IERC20(_usdc);
+        USDC = IERC20(_usdc);
         agentRegistry = _agentRegistry;
         owner = msg.sender;
     }
@@ -83,7 +83,7 @@ contract TreasuryWithPolicy {
         if (paused) revert TreasuryPaused();
 
         // Identity check via registry
-        (address agentOwner, bool active) = AgentRegistry(agentRegistry).getAgent(intent.agent);
+        (, bool active) = AgentRegistry(agentRegistry).getAgent(intent.agent);
 
         if (!active) revert AgentNotAuthorized();
 
@@ -113,24 +113,32 @@ contract TreasuryWithPolicy {
         lastPaymentTime[intent.agent] = block.timestamp;
 
         // ---- interaction ----
-        bool ok = usdc.transfer(intent.recipient, intent.amount);
-        require(ok, "transfer failed");
+        USDC.safeTransfer(intent.recipient, intent.amount);
 
         emit PaymentExecuted(intent.agent, intent.recipient, intent.amount, intent.nonce);
     }
 
     function updatePolicy(uint256 perTxLimit, uint256 dailyLimit, uint256 cooldown) external onlyOwner {
+        if (paused) revert TreasuryPaused();
+
+        require(perTxLimit > 0, "perTxLimit=0");
+        require(dailyLimit >= perTxLimit, "daily < perTx");
+        
         policy = Policy({perTxLimit: perTxLimit, dailyLimit: dailyLimit, cooldown: cooldown});
 
         emit PolicyUpdated(perTxLimit, dailyLimit, cooldown);
     }
 
     function allowRecipient(address recipient) external onlyOwner {
+        if (paused) revert TreasuryPaused();
+
         allowedRecipients[recipient] = true;
         emit RecipientAllowed(recipient);
     }
 
     function removeRecipient(address recipient) external onlyOwner {
+        if (paused) revert TreasuryPaused();
+
         allowedRecipients[recipient] = false;
         emit RecipientRemoved(recipient);
     }
@@ -149,7 +157,7 @@ contract TreasuryWithPolicy {
     /// Internal Functions
     //////////////////////
 
-    function _onlyOwner() internal {
+    function _onlyOwner() internal view {
         if (msg.sender != owner) revert NotOwner();
     }
 

src/TreasuryWithPolicy.sol

@@ -0,0 +1,106 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.26;
+
+import "forge-std/Test.sol";
+import {MockUSDC} from "./mocks/MockUSDC.sol";
+import {AgentRegistry} from "../src/AgentRegistry.sol";
+import {TreasuryWithPolicy} from "../src/TreasuryWithPolicy.sol";
+
+contract TreasuryWithPolicyTest is Test {
+    AgentRegistry registry;
+    TreasuryWithPolicy treasury;
+
+    address owner = makeAddr("owner");
+    address agent = makeAddr("agent");
+    address recipient = makeAddr("recipient");
+
+    MockUSDC usdc;
+
+    function setUp() public {
+        vm.startPrank(owner);
+
+        usdc = new MockUSDC();
+        registry = new AgentRegistry();
+        treasury = new TreasuryWithPolicy(address(usdc), address(registry));
+
+        registry.registerAgent(agent);
+
+        usdc.mint(address(treasury), 1_000_000e6);
+
+        treasury.updatePolicy(
+            100e6,   // perTxLimit
+            500e6,   // dailyLimit
+            1 hours  // cooldown
+        );
+
+        treasury.allowRecipient(recipient);
+
+        vm.stopPrank();
+    }
+
+    function testExecutePaymentHappyPath() public {
+        TreasuryWithPolicy.PaymentIntent memory intent =
+            TreasuryWithPolicy.PaymentIntent({
+                agent: agent,
+                recipient: recipient,
+                amount: 50e6,
+                nonce: 1
+            });
+
+        vm.prank(address(0xdead)); // relayer / bot
+        treasury.executePayment(intent);
+
+        assertEq(
+            MockUSDC(address(usdc)).balanceOf(recipient),
+            50e6
+        );
+    }
+
+    function testRevokedAgentCannotExecute() public {
+        vm.prank(owner);
+        registry.revokeAgent(agent);
+
+        TreasuryWithPolicy.PaymentIntent memory intent =
+            TreasuryWithPolicy.PaymentIntent({
+                agent: agent,
+                recipient: recipient,
+                amount: 10e6,
+                nonce: 2
+            });
+
+        vm.expectRevert(TreasuryWithPolicy.AgentNotAuthorized.selector);
+        treasury.executePayment(intent);
+    }
+
+    function testNonceReplayBlocked() public {
+        TreasuryWithPolicy.PaymentIntent memory intent =
+            TreasuryWithPolicy.PaymentIntent({
+                agent: agent,
+                recipient: recipient,
+                amount: 10e6,
+                nonce: 3
+            });
+
+        treasury.executePayment(intent);
+
+        vm.expectRevert(TreasuryWithPolicy.NonceAlreadyUsed.selector);
+        treasury.executePayment(intent);
+    }
+
+    function testPauseBlocksExecution() public {
+        vm.prank(owner);
+        treasury.pause();
+
+        TreasuryWithPolicy.PaymentIntent memory intent =
+            TreasuryWithPolicy.PaymentIntent({
+                agent: agent,
+                recipient: recipient,
+                amount: 10e6,
+                nonce: 4
+            });
+
+        vm.expectRevert(TreasuryWithPolicy.TreasuryPaused.selector);
+        treasury.executePayment(intent);
+    }
+
+}

test/TreasuryWithPolicy.t.sol

@@ -0,0 +1,17 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.26;
+
+contract MockUSDC {
+    mapping(address => uint256) public balanceOf;
+
+    function mint(address to, uint256 amount) external {
+        balanceOf[to] += amount;
+    }
+
+    function transfer(address to, uint256 amount) external returns (bool) {
+        require(balanceOf[msg.sender] >= amount, "insufficient");
+        balanceOf[msg.sender] -= amount;
+        balanceOf[to] += amount;
+        return true;
+    }
+}