Sync asset-scoped jurisdiction governance updates

scripts/validation/validate-config-files.sh

@@ -53,6 +53,7 @@ if $DRY_RUN; then
   echo "=== Validation (--dry-run: would check) ==="
   echo "  REQUIRED_FILES: ${REQUIRED_FILES:-<default: config/ip-addresses.conf, .env.example, token-mapping*.json, gru-transport-active.json, gru-iso4217-currency-manifest.json, gru-governance-supervision-profile.json>}"
   echo "  OPTIONAL_ENV: ${OPTIONAL_ENV:-<empty; set VALIDATE_OPTIONAL_ENV for Proxmox API vars>}"
+  echo "  config/xdc-zero: validate-xdc-zero-config.sh (when config/xdc-zero exists)"
   exit 0
 fi
 
@@ -381,6 +382,14 @@ NODE
         and (.roles.governanceRoles | type == "array")
         and (.storageNamespaces | type == "object")
         and (.proposalPolicy.defaultMinimumUpgradeNoticePeriodSeconds | type == "number")
+        and (.proposalPolicy.assetScopeRequiredForUpgradeSensitiveChanges == true)
+        and (.proposalPolicy.jurisdictionDerivedFromRegistryAssetState == true)
+        and (.proposalPolicy.jurisdictionTransitionRequiresBothAuthorities == true)
+        and (.proposalPolicy.proposalEntryPoint == "GovernanceController.proposeForAsset")
+        and (.proposalPolicy.manualJurisdictionTaggingAllowed == false)
+        and (.proposalPolicy.jurisdictionPolicyEntryPoints | type == "array")
+        and (.emergencyPolicy.manualAdminPathsRemainAvailable == true)
+        and ((.emergencyPolicy.authorizedRoles | index("EMERGENCY_ADMIN_ROLE")) != null)
       ' "$PROJECT_ROOT/config/gru-governance-supervision-profile.json" &>/dev/null; then
         log_ok "gru-governance-supervision-profile.json: top-level structure is valid"
       else
@@ -554,6 +563,24 @@ if command -v check-jsonschema &>/dev/null && [[ -x "$SCRIPT_DIR/validate-dbis-i
   fi
 fi
 
+if command -v node &>/dev/null && [[ -f "$PROJECT_ROOT/scripts/verify/validate-address-registry-xe-aliases.mjs" ]]; then
+  if node "$PROJECT_ROOT/scripts/verify/validate-address-registry-xe-aliases.mjs" &>/dev/null; then
+    log_ok "DBIS institutional web3_eth_iban (XE) example aliases"
+  else
+    log_err "DBIS institutional web3_eth_iban validation failed (validate-address-registry-xe-aliases.mjs)"
+    ERRORS=$((ERRORS + 1))
+  fi
+fi
+
+if command -v check-jsonschema &>/dev/null && [[ -x "$SCRIPT_DIR/validate-naming-convention-registry-examples.sh" ]]; then
+  if SCHEMA_STRICT=1 bash "$SCRIPT_DIR/validate-naming-convention-registry-examples.sh" &>/dev/null; then
+    log_ok "Naming conventions registry examples (UTRNF / DBIS token-registry-entry schema)"
+  else
+    log_err "Naming conventions registry example validation failed (see validate-naming-convention-registry-examples.sh)"
+    ERRORS=$((ERRORS + 1))
+  fi
+fi
+
 if [[ -f "$PROJECT_ROOT/config/smart-contracts-master.json" ]] && command -v jq &>/dev/null && [[ -x "$SCRIPT_DIR/validate-explorer-chain138-inventory.sh" ]]; then
   if bash "$SCRIPT_DIR/validate-explorer-chain138-inventory.sh" &>/dev/null; then
     log_ok "Explorer address-inventory Chain 138 vs smart-contracts-master.json"
@@ -563,6 +590,15 @@ if [[ -f "$PROJECT_ROOT/config/smart-contracts-master.json" ]] && command -v jq
   fi
 fi
 
+if [[ -d "$PROJECT_ROOT/config/xdc-zero" ]] && [[ -x "$SCRIPT_DIR/validate-xdc-zero-config.sh" ]]; then
+  if bash "$SCRIPT_DIR/validate-xdc-zero-config.sh" &>/dev/null; then
+    log_ok "config/xdc-zero/*.json (parse)"
+  else
+    log_err "config/xdc-zero JSON parse failed (validate-xdc-zero-config.sh)"
+    ERRORS=$((ERRORS + 1))
+  fi
+fi
+
 if [[ $ERRORS -gt 0 ]]; then
   log_err "Validation failed with $ERRORS error(s). Set VALIDATE_REQUIRED_FILES='path1 path2' to require specific files."
   exit 1