5.9 KiB
Universal Resource Policy Profiles
Last updated: 2026-04-25
Purpose: Define modular policy profiles that bind legal, regulatory, compliance, accounting, valuation, and transferability rules to resources without hardcoding jurisdiction logic in each adapter.
Why profiles
Asset facts (what the resource is) change slowly. Policy (how it may be used) changes with:
- jurisdiction and licensing
- participant class (retail, institutional, sovereign)
- custody model
- tokenization choices
- accounting standard (OMNL/Fineract, IPSAS, IFRS, US GAAP)
Profiles are versioned documents and/or registry rows referenced by policyProfileId on each resource.
Profile record
| Field | Description |
|---|---|
policyProfileId |
Stable id, e.g. jurisdiction_US_regD_private_v1 |
version |
Semver or uint |
effectiveFrom / effectiveTo |
Optional windows |
jurisdictions[] |
Where this profile is valid |
participantClasses[] |
Who may hold (enum or tags) |
resourceFamilies[] |
Which family values this applies to |
tokenization |
Allowed modes: NONE, CLAIM, ENTITLEMENT, TRANSFERABLE_ERC20, RESTRICTED_SECURITY |
ledgerModel |
off_chain_omnl, on_chain_event_only, on_chain_full, hybrid |
standards[] |
e.g. IPSAS, IFRS, ISO20022_LOGGING, TRAVEL_RULE — aligns to GRU M00 StandardsRegistryFacet |
complianceRules |
Structured: KYC, KYB, sanctions, limits |
transferRules |
allowlist, freeze, lockup, accredited-only |
valuationRules |
which oracles, NAV frequency, haircuts |
deploymentRules |
for infra: SLA, entitlements, chargeback |
reviewCadence |
e.g. annual policy review |
supersedes |
prior profile id for audit trail |
Dimensions (orthogonal)
Legal and jurisdiction
- Governing law, regulatory regime, exemptions (e.g. private placement).
- Securities: determines whether tokenization is allowed and in what form.
- Sanctions / embargo screens as preconditions to activation.
Compliance
| Control | Profile knob |
|---|---|
| KYC / KYB | required / optional / tiered |
| Sanctions | Lists and refresh |
| Travel Rule | Threshold and data fields |
| Source of funds | For server-funds and fiat |
| Attestation | Custodian, auditor, or self-attested with caps |
Map to on-chain or off-chain enforcement:
- On-chain: allowlists, registries, pause, PolicyRouter (GRU M00).
- Off-chain:
dbis_coreand ISO Gateway; results anchored as evidence (see UNIVERSAL_RESOURCE_EVIDENCE_PACKAGE.md).
Accounting and reporting
- Chart-of-accounts mapping, journal triggers, accountingRef style links (DBIS Rail pattern).
- Funds vs expense vs asset capitalization for infra spend.
Valuation
- For commodities and RWAs: oracle set, haircut tables, and stress triggers.
- For infra capacity: unit economics (e.g. cost per vCPU-hour) — accounting label, not a traded price unless a separate market profile exists.
Transferability
| Mode | When to use |
|---|---|
NONE |
Record-only (many SKRs, strategic records) |
ENTITLEMENT |
Non-transferable right to deploy or use capacity |
CLAIM |
Transferable only under explicit P2P rules |
TRANSFERABLE_ERC20 |
DeFi-facing assets after compliance + registry |
RESTRICTED_SECURITY |
Regulated security token controls |
Governance default: NONE or ENTITLEMENT for new resource classes; escalate only after legal sign-off.
Mapping to GRU M00 governance levels
GRU_M00_DIAMOND_FACET_MAP.md levels 0–5 define increasing strictness. Policy profiles should declare:
- minimum
governanceLevelfor production use, and - which gates must be active: compliance, accounting, ISO-20022 logging, reserve proofs.
Example profile stubs (non-exhaustive)
policyProfileId |
Intent |
|---|---|
sandbox_l0 |
Development; minimal gates |
institutional_custody_skr_v1 |
SKR: evidence-backed, no public transfer |
server_funds_treasury_v1 |
Good-funds, GL mapping, holds/releases |
infra_capacity_ops_v1 |
Internal allocatable capacity; not a traded asset |
commodity_pledge_v1 |
Collateral with oracle + haircut |
security_private_issue_v1 |
Restricted transfers; DLT optional |
Change control
- Propose new profile or version in documentation + config registry.
- Legal/risk sign-off for anything affecting
tokenizationortransferRules. effectiveFromin production; keep prior versions for historical reconciliation.- Emit
PolicyProfileUpdated(off-chain) or on-chain event if a chain registry is used.
Machine-readable registry (CI)
Production-facing profiles SHOULD be listed in config/universal-resource-activation/policy-profiles.json (JSON Schema: universal-resource-activation.policy-profile-registry.v1.schema.json). Each entry includes minimumGruGovernanceLevel (0–5) per GRU_M00_DIAMOND_FACET_MAP.md §4.
Doc control: POLICY_PROFILES_REGISTRY.md — sign-off table per profile version.
Validate: pnpm ura:validate-profiles — also invoked from scripts/validation/validate-config-files.sh.
Per-jurisdiction matrices: docs/04-configuration/compliance-matrices/.