# Violation Events Prep — PREP-POLICY-ENGINE-38-201-VIOLATION-EVENTS-DE

Status: Draft (2025-11-20)
Owners: Policy Guild
Scope: Define violation event payloads emitted after snapshot stream (35-201).

## Dependencies
- Snapshot API/stream shape (35-201).
- Severity fusion rules (40-001) to know which fields to emit.

## Draft event
- `event_type`: `policy.violation.detected`
- Fields: `tenant_id`, `snapshot_id`, `policy_profile_hash`, `component_purl`, `advisory_id`, `violation_code`, `severity`, `status`, `trace_ref`, `occurred_at`, `event_id` (hash of snapshot_id + component_purl + advisory_id).
- Transport: NATS subject `policy.violation.detected`; durable stream; idempotency via `event_id`.
- Metrics: `policy_violation_events_total{tenant,violation_code}`.

## Acceptance
- Draft schema at `docs/modules/policy/schemas/policy-violation-event@draft.json` and sample at `docs/modules/policy/samples/policy-violation-event@draft.json`.
- Confirm subject + retention with Scheduler/Notify.

## Handoff
Use this doc as the prep artefact for PREP-POLICY-ENGINE-38-201-VIOLATION-EVENTS-DE. Update once snapshot stream and fusion rules are frozen; then unblock implementation.