23 lines
1.2 KiB
Markdown
23 lines
1.2 KiB
Markdown
# Violation Events Prep — PREP-POLICY-ENGINE-38-201-VIOLATION-EVENTS-DE
|
|
|
|
Status: Draft (2025-11-20)
|
|
Owners: Policy Guild
|
|
Scope: Define violation event payloads emitted after snapshot stream (35-201).
|
|
|
|
## Dependencies
|
|
- Snapshot API/stream shape (35-201).
|
|
- Severity fusion rules (40-001) to know which fields to emit.
|
|
|
|
## Draft event
|
|
- `event_type`: `policy.violation.detected`
|
|
- Fields: `tenant_id`, `snapshot_id`, `policy_profile_hash`, `component_purl`, `advisory_id`, `violation_code`, `severity`, `status`, `trace_ref`, `occurred_at`, `event_id` (hash of snapshot_id + component_purl + advisory_id).
|
|
- Transport: NATS subject `policy.violation.detected`; durable stream; idempotency via `event_id`.
|
|
- Metrics: `policy_violation_events_total{tenant,violation_code}`.
|
|
|
|
## Acceptance
|
|
- Draft schema at `docs/modules/policy/schemas/policy-violation-event@draft.json` and sample at `docs/modules/policy/samples/policy-violation-event@draft.json`.
|
|
- Confirm subject + retention with Scheduler/Notify.
|
|
|
|
## Handoff
|
|
Use this doc as the prep artefact for PREP-POLICY-ENGINE-38-201-VIOLATION-EVENTS-DE. Update once snapshot stream and fusion rules are frozen; then unblock implementation.
|