Sync GRU governance submodule updates

config/gru-governance-supervision-profile.json

@@ -4,7 +4,7 @@
   "profileId": "gru-jurisdictional-storage-governance-supervision",
   "version": "1.0.0",
   "updated": "2026-03-31",
-  "notes": "Machine-readable policy profile for asset storage namespaces, jurisdiction-aware governance review, supervision metadata, and upgrade notice periods across c*, cW*, GRU base components, and tokenized assets.",
+  "notes": "Machine-readable policy profile for asset storage namespaces, governance-controller-only metadata execution, emergency/manual admin overrides, asset-scoped jurisdiction review, supervision metadata, and upgrade notice periods across c*, cW*, GRU base components, and tokenized assets.",
   "references": {
     "standardsProfile": "config/gru-standards-profile.json",
     "storageGovernanceDoc": "docs/04-configuration/GRU_STORAGE_GOVERNANCE_AND_SUPERVISION_STANDARD.md",
@@ -37,7 +37,8 @@
       "GOVERNANCE_ROLE",
       "JURISDICTION_ADMIN_ROLE",
       "REGULATOR_ROLE",
-      "SUPERVISOR_ROLE"
+      "SUPERVISOR_ROLE",
+      "EMERGENCY_ADMIN_ROLE"
     ],
     "registryRoles": [
       "DEFAULT_ADMIN_ROLE",
@@ -47,14 +48,17 @@
       "UPGRADER_ROLE",
       "JURISDICTION_MANAGER_ROLE",
       "REGULATOR_ROLE",
-      "SUPERVISOR_ROLE"
+      "SUPERVISOR_ROLE",
+      "EMERGENCY_ADMIN_ROLE"
     ],
     "governanceRoles": [
       "DEFAULT_ADMIN_ROLE",
       "PROPOSER_ROLE",
       "EXECUTOR_ROLE",
       "CANCELLER_ROLE",
-      "UPGRADER_ROLE",
+      "UPGRADER_ROLE"
+    ],
+    "deprecatedGovernanceRoles": [
       "JURISDICTION_TAGGER_ROLE"
     ]
   },
@@ -75,16 +79,27 @@
     ]
   },
   "proposalPolicy": {
-    "jurisdictionTagRequiredForUpgradeSensitiveChanges": true,
+    "assetScopeRequiredForUpgradeSensitiveChanges": true,
+    "jurisdictionDerivedFromRegistryAssetState": true,
     "queueRequiresJurisdictionApprovalWhenFlagged": true,
     "defaultMinimumUpgradeNoticePeriodSeconds": 604800,
     "approvalSource": "UniversalAssetRegistry.jurisdictionAuthorities",
+    "proposalEntryPoint": "GovernanceController.proposeForAsset",
+    "metadataExecutionSurface": "GovernanceController.execute -> token/registry governanceController-only setters",
+    "manualJurisdictionTaggingAllowed": false,
     "minimumReviewData": [
       "jurisdictionId",
       "reviewRequired",
       "minimumNoticePeriod"
     ]
   },
+  "emergencyPolicy": {
+    "manualAdminPathsRemainAvailable": true,
+    "authorizedRoles": [
+      "EMERGENCY_ADMIN_ROLE"
+    ],
+    "intendedUse": "Emergency remediation, regulator-directed manual intervention, and bootstrap configuration before governance is fully wired."
+  },
   "jurisdictionDefaults": {
     "supervisionRequiredDefault": true,
     "governmentApprovalRequiredDefault": false,

docs/04-configuration/GRU_STORAGE_GOVERNANCE_AND_SUPERVISION_STANDARD.md

@@ -40,16 +40,22 @@ The rule is simple: metadata and policy state must be discoverable without relyi
 - A jurisdiction profile can define whether government approval is required, whether periodic reporting is expected, and the minimum upgrade notice period.
 - Authorities are assigned per jurisdiction with explicit permissions for governance approval, upgrade approval, pause authority, and reporting reception.
 - Asset registration pulls governance/supervision metadata from the token when available, then applies stronger jurisdiction defaults from the registry.
+- Normal token and registry metadata setters are executable only through the configured governance controller.
+- Emergency and manual admin paths remain available outside the controller through `EMERGENCY_ADMIN_ROLE` so bootstrap configuration, incident response, and regulator-directed intervention do not depend on an active proposal lifecycle.
 
 This creates one place to express supervisory expectations without hardcoding a single legal regime into every token contract.
 
 ## 4. Governance execution model
 
-- Governance proposals can be tagged with a jurisdiction.
-- When tagged as jurisdiction-review-sensitive, a proposal cannot be queued until at least one authorized jurisdictional authority has approved it.
+- Governance proposals are created per asset through `GovernanceController.proposeForAsset`.
+- The jurisdiction review id, review-required flag, and minimum notice period are derived from `UniversalAssetRegistry` state for that asset instead of being manually tagged afterward.
+- When the derived asset profile is jurisdiction-review-sensitive, a proposal cannot be queued until at least one authorized jurisdictional authority has approved it.
 - The queue delay must respect the larger of:
   - the proposal’s governance-mode timelock
-  - the jurisdiction’s minimum upgrade notice period
+  - the asset’s derived minimum upgrade notice period, including stronger jurisdiction defaults from the registry
+- Asset-scoped proposals can only target:
+  - the asset contract itself
+  - registry calls whose scoped asset argument matches the proposal asset
 
 This is now enforced in the shared governance controller, so “upgradeability” is not only a proxy question but also a policy and supervision workflow question.
 
@@ -68,7 +74,7 @@ This is now enforced in the shared governance controller, so “upgradeability
 - Migrate future flagship monetary assets toward upgradeable implementations only when the operational migration path and jurisdictional review flow are both documented and tested.
 - Require every production asset onboarding checklist to populate `regulatoryDisclosureURI` and `reportingURI`, even when the initial content is an attested placeholder.
 - Keep the registry as the operational source of truth for supervision metadata until the GRU M00 Diamond standards registry fully replaces or mirrors it.
-- Use jurisdiction tags on any proposal that changes mint policy, burn policy, reserve thresholds, bridge permissions, metadata, upgrade targets, or pause authorities.
+- Use asset-scoped proposals on any change to mint policy, burn policy, reserve thresholds, bridge permissions, metadata, upgrade targets, or pause authorities so the applicable jurisdiction is derived from the registered asset state.
 - Maintain multisig or institutional signer separation between protocol admins and jurisdictional authorities.
 
 ## 7. Verification