DO NOT MERGE Alpha eng 2594 fix

.fides/db_dataset.yml

@@ -1869,6 +1869,8 @@ dataset:
       data_categories: [ system.operations ]
     - name: asset_disclosure_include_types
       data_categories: [ system.operations ]
+    - name: resurface_behavior
+      data_categories: [ system.operations ]
   - name: privacyexperienceconfighistory
     description: 'Historical table to store all versions of Experience Config History for record keeping'
     fields:
@@ -1954,6 +1956,8 @@ dataset:
       data_categories: [ system.operations ]
     - name: asset_disclosure_include_types
       data_categories: [ system.operations ]
+    - name: resurface_behavior
+      data_categories: [ system.operations ]
   - name: privacynoticetemplate
     data_categories: []
     fields:
@@ -2826,6 +2830,8 @@ dataset:
       data_categories: [system.operations]
     - name: is_hash_migrated
       data_categories: [system.operations]
+    - name: received_at
+      data_categories: [system.operations]
   - name: lastservednoticev2
     description: 'Stores the last notices that were served to a user'
     data_categories: [system.operations]
@@ -2973,6 +2979,8 @@ dataset:
       data_categories: [ system.operations ]
     - name: asset_disclosure_include_types
       data_categories: [ system.operations ]
+    - name: resurface_behavior
+      data_categories: [ system.operations ]
   - name: experiencenotices
     description: 'The table that links Privacy Notices to Experience Configs (many-to-many)'
     fields:
@@ -3940,3 +3948,18 @@ dataset:
         data_categories: [system.operations]
       - name: question_index
         data_categories: [system.operations]
+  - name: encryption_keys
+    description: 'Store encrypted Data Encryption Keys'
+    fields:
+    - name: id
+      data_categories: [system.operations]
+    - name: created_at
+      data_categories: [system.operations]
+    - name: updated_at
+      data_categories: [system.operations]
+    - name: wrapped_dek
+      data_categories: [system.operations]
+    - name: kek_id_hash
+      data_categories: [system.operations]
+    - name: provider
+      data_categories: [system.operations]

.github/workflows/backend_checks.yml

@@ -9,6 +9,11 @@ on:
       - "main"
       - "release-**"
 
+# Merge queue strategy: only run container startup + migration checks on
+# merge_group events as a lightweight sanity check.  The full test suite
+# runs on pull_request and push to main/release branches.  This keeps the
+# queue fast while still catching migration head conflicts.
+
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
@@ -60,7 +65,7 @@ jobs:
 
   Collect-Tests:
     needs: Check-Backend-Changes
-    if: needs.Check-Backend-Changes.outputs.has_backend_changes == 'true'
+    if: needs.Check-Backend-Changes.outputs.has_backend_changes == 'true' && github.event_name != 'merge_group'
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
@@ -274,7 +279,7 @@ jobs:
 
   Misc-Tests:
     needs: [Check-Backend-Changes, Check-Container-Startup]
-    if: needs.Check-Backend-Changes.outputs.has_backend_changes == 'true'
+    if: needs.Check-Backend-Changes.outputs.has_backend_changes == 'true' && github.event_name != 'merge_group'
     strategy:
       matrix:
         test_selection:
@@ -343,7 +348,7 @@ jobs:
   ################
   Safe-Tests:
     needs: [Check-Backend-Changes, Check-Container-Startup]
-    if: needs.Check-Backend-Changes.outputs.has_backend_changes == 'true'
+    if: needs.Check-Backend-Changes.outputs.has_backend_changes == 'true' && github.event_name != 'merge_group'
     strategy:
       fail-fast: false
       matrix:
@@ -426,7 +431,7 @@ jobs:
 
   Pytest-Redis-Cluster:
     needs: [Check-Backend-Changes, Check-Container-Startup]
-    if: needs.Check-Backend-Changes.outputs.has_backend_changes == 'true'
+    if: needs.Check-Backend-Changes.outputs.has_backend_changes == 'true' && github.event_name != 'merge_group'
     runs-on: ubuntu-latest
     timeout-minutes: 30
     steps:
@@ -490,7 +495,7 @@ jobs:
 
   Pytest-Ctl-External:
     needs: [Check-Backend-Changes, Check-Container-Startup]
-    if: needs.Check-Backend-Changes.outputs.has_backend_changes == 'true' && (contains(github.event.pull_request.labels.*.name, 'run unsafe ci checks') || github.event_name == 'push' || github.event_name == 'merge_group')
+    if: needs.Check-Backend-Changes.outputs.has_backend_changes == 'true' && (contains(github.event.pull_request.labels.*.name, 'run unsafe ci checks') || github.event_name == 'push')
     strategy:
       max-parallel: 1 # This prevents collisions in shared external resources
     runs-on: ubuntu-latest

.github/workflows/check_changelog.yml

@@ -58,6 +58,7 @@ jobs:
               console.log(`✅ Found changelog entry file(s): ${fileNames}`);
               // Set output for validation step
               core.setOutput('changelog_files', fileNames);
+              core.setOutput('pr_number', pr.number.toString());
             }
 
       - name: Checkout repository
@@ -95,4 +96,4 @@ jobs:
       - name: Validate changelog entries
         if: success()
         run: |
-          uv run nox -s "changelog(validate)" -- --files "${{ steps.check-changelog-files.outputs.changelog_files }}"
+          uv run nox -s "changelog(validate)" -- --files "${{ steps.check-changelog-files.outputs.changelog_files }}" --pr-number "${{ steps.check-changelog-files.outputs.pr_number }}"

.github/workflows/chromatic.yml

@@ -43,7 +43,8 @@ jobs:
   chromatic:
     name: Run Chromatic
     needs: check-fidesui-changes
-    if: needs.check-fidesui-changes.outputs.has_fidesui_changes == 'true'
+    # Skip on merge_group — these checks already passed on the PR
+    if: needs.check-fidesui-changes.outputs.has_fidesui_changes == 'true' && github.event_name != 'merge_group'
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code

.github/workflows/cli_checks.yml

@@ -47,7 +47,8 @@ jobs:
   # Basic smoke test of a local install of the fides Python CLI
   Fides-Install:
     needs: Check-CLI-Changes
-    if: needs.Check-CLI-Changes.outputs.has_cli_changes == 'true'
+    # Skip on merge_group — these checks already passed on the PR
+    if: needs.Check-CLI-Changes.outputs.has_cli_changes == 'true' && github.event_name != 'merge_group'
     runs-on: ubuntu-latest
     timeout-minutes: 20
     steps:

.github/workflows/cypress_admin-ui.yml

@@ -41,7 +41,8 @@ jobs:
 
   prepare-matrix:
     needs: Check-Admin-UI-Changes
-    if: needs.Check-Admin-UI-Changes.outputs.has_admin_ui_changes == 'true'
+    # Skip on merge_group — these checks already passed on the PR
+    if: needs.Check-Admin-UI-Changes.outputs.has_admin_ui_changes == 'true' && github.event_name != 'merge_group'
     runs-on: ubuntu-latest
     outputs:
       spec_groups: ${{ steps.set-matrix.outputs.spec_groups }}

.github/workflows/cypress_fides-js.yml

@@ -42,7 +42,8 @@ jobs:
 
   Privacy-Center-Cypress:
     needs: Check-FidesJS-Changes
-    if: needs.Check-FidesJS-Changes.outputs.has_fidesjs_changes == 'true'
+    # Skip on merge_group — these checks already passed on the PR
+    if: needs.Check-FidesJS-Changes.outputs.has_fidesjs_changes == 'true' && github.event_name != 'merge_group'
     runs-on: ubuntu-latest
     defaults:
       run:

.github/workflows/cypress_privacy-center.yml

@@ -42,7 +42,8 @@ jobs:
 
   Privacy-Center-Cypress:
     needs: Check-Privacy-Center-Changes
-    if: needs.Check-Privacy-Center-Changes.outputs.has_privacy_center_changes == 'true'
+    # Skip on merge_group — these checks already passed on the PR
+    if: needs.Check-Privacy-Center-Changes.outputs.has_privacy_center_changes == 'true' && github.event_name != 'merge_group'
     runs-on: ubuntu-latest
     defaults:
       run:

.github/workflows/static_checks.yml

@@ -3,7 +3,7 @@ name: Backend Static Code Checks
 on:
   pull_request:
   merge_group:
-    types: [ checks_requested ]
+    types: [checks_requested]
   push:
     branches:
       - "main"
@@ -51,7 +51,8 @@ jobs:
   ###################
   Static-Checks:
     needs: Check-Backend-Changes
-    if: needs.Check-Backend-Changes.outputs.has_backend_changes == 'true'
+    # Skip on merge_group — these checks already passed on the PR
+    if: needs.Check-Backend-Changes.outputs.has_backend_changes == 'true' && github.event_name != 'merge_group'
     strategy:
       # We want to run all static checks even if some fail, so we set fail-fast to false
       fail-fast: false

.vscode/settings.json

@@ -25,7 +25,7 @@
     }
   },
   "[python]": {
-    "editor.defaultFormatter": "ms-python.black-formatter"
+    "editor.defaultFormatter": "charliermarsh.ruff"
   },
   "[markdown]": {
     "editor.formatOnSave": false

CHANGELOG.md

@@ -24,6 +24,7 @@ Changes can also be flagged with a GitHub label for tracking purposes. The URL o
 ## [2.81.0](https://github.com/ethyca/fides/compare/2.80.1..2.81.0)
 
 ### Added
+- Enabled LLM classifier toggle for Okta infrastructure monitors [#7641](https://github.com/ethyca/fides/pull/7641)
 - Added questionnaire_tone_prompt column to privacy assessment config [#7563](https://github.com/ethyca/fides/pull/7563) https://github.com/ethyca/fides/labels/db-migration
 - Chromatic builds for fidesui [#7485](https://github.com/ethyca/fides/pull/7485)
 - Okta integration logo in action center [#7597](https://github.com/ethyca/fides/pull/7597)
@@ -81,6 +82,9 @@ Changes can also be flagged with a GitHub label for tracking purposes. The URL o
 - Replaced Ant default icons with Carbon icons in Alert component [#7613](https://github.com/ethyca/fides/pull/7613)
 - Migrated Organization encrypted columns from pgcrypto to AES-GCM [#7554](https://github.com/ethyca/fides/pull/7554) https://github.com/ethyca/fides/labels/db-migration
 - Refined chart components with animation state management and dark theme card config [#7537](https://github.com/ethyca/fides/pull/7537)
+- Changed span to div in ExperienceDescription to expand the set of supported HTML tags in experience descriptions [#7502](https://github.com/ethyca/fides/pull/7502)
+- Un-deprecated GET /system/{fides_key}/connection endpoint [#7668](https://github.com/ethyca/fides/pull/7668)
+- Okta ux refactor [#7596](https://github.com/ethyca/fides/pull/7596)
 
 ### Developer Experience
 - Added Carbon icon defaults for Ant Modal imperative API methods [#7569](https://github.com/ethyca/fides/pull/7569)

changelog/7292.yaml

@@ -0,0 +1,4 @@
+type: Added
+description: Added resurface_behavior configuration to privacy experience configs to control when consent banners are reshown after user interaction
+pr: 7292
+labels: ["db-migration"]

changelog/7427-entra-connection.yaml

@@ -0,0 +1,4 @@
+type: Added
+description: Added Microsoft Entra ID connection type for identity provider discovery.
+pr: 7427
+labels: ["db-migration"]

changelog/7520-add-es-us-language.yaml

@@ -0,0 +1,4 @@
+type: Added
+description: Added es-US language code with default translations from es-MX
+pr: 7520
+labels: []

changelog/7543-gcm-gtag-stubbing.yaml

@@ -0,0 +1,4 @@
+type: Added
+description: Added dataLayer and gtag stubbing logic to Fides.gcm method when gtag isn't already defined.
+pr: 7543
+labels: []

changelog/7601.yaml

@@ -0,0 +1,4 @@
+type: Changed
+description: Bump tinycss2 from 1.2.1 to >=1.5.0
+pr: 7601
+labels: []

changelog/7605-jira-ticket-extra-fields.yaml

@@ -0,0 +1,4 @@
+type: Changed
+description: Allowed extra fields in JiraTicketSchema to preserve Jira ticket metadata such as project key, issue type, and templates
+pr: 7605
+labels: []

changelog/7612-privacy-center-multi-link.yaml

@@ -0,0 +1,4 @@
+type: Added
+description: Added support for multiple configurable footer links in the Privacy Center, now visible on both the home and form pages
+pr: 7612
+labels: []

changelog/7628-dashboard-infrastructure.yaml

@@ -0,0 +1,4 @@
+type: Added
+description: Add dashboard infrastructure including feature flag, RTK Query API slice with mock data handlers, and conditional rendering gate for the new Ant Design dashboard
+pr: 7628
+labels: []

changelog/7632-migrate-chakra-modal-wrappers-to-ant.yaml

@@ -0,0 +1,4 @@
+type: Changed
+description: Migrated shared Chakra modal wrappers to Ant Design modals
+pr: 7632
+labels: []

changelog/7637-improve-changelog-validations.yaml

@@ -0,0 +1,4 @@
+type: Developer Experience
+description: Improved changelog fragment validation with PR number matching, filename format enforcement, placeholder description detection, label validation, and trailing whitespace stripping.
+pr: 7637
+labels: []

changelog/7638-manual-task-failed-instance-error.yaml

@@ -0,0 +1,4 @@
+type: Added
+description: Added DeletedStatus enum and failed-instance error handling for manual tasks
+pr: 7638
+labels: []

changelog/7642-serve-iab-tcf-stub.yaml

@@ -0,0 +1,4 @@
+type: Added
+description: Added IAB TCF CMP stub served as /fides-stub.js from Privacy Center
+pr: 7642
+labels: []

changelog/7651-migrate-modals-chakra-to-ant.yaml

@@ -0,0 +1,4 @@
+type: Changed
+description: Migrated 44 modal components from Chakra UI to Ant Design
+pr: 7651
+labels: []

changelog/7654-migrate-drawers-to-ant.yaml

@@ -0,0 +1,4 @@
+type: Changed
+description: Migrated remaining Chakra UI drawers to Ant Design with CustomDrawer HOC
+pr: 7654
+labels: []

changelog/7655-fix-statcard-story-typecheck.yaml

@@ -0,0 +1,4 @@
+type: Fixed
+description: Removed obsolete headerLayout prop from StatCard story to fix typecheck
+pr: 7655
+labels: []

changelog/7656-eu-ai-act-fria-template.yaml

@@ -0,0 +1,4 @@
+type: Added
+description: Add EU AI Act Fundamental Rights Impact Assessment (FRIA) template
+pr: 7656
+labels: ["db-migration"]

changelog/7657-evidence-slack-cards.yaml

@@ -0,0 +1,4 @@
+type: Fixed
+description: Display Slack thread evidence (team input) in the evidence drawer
+pr: 7657
+labels: []

changelog/7659-dashboard-posture-actions.yaml

@@ -0,0 +1,4 @@
+type: Added
+description: Add PostureCard, PriorityActionsCard, and CommandBar components to the new dashboard with radar chart interaction, per-action routing, and urgency-based grouping
+pr: 7659
+labels: []

changelog/7660-dashboard-command-bar.yaml

@@ -0,0 +1,4 @@
+type: Added
+description: Add CommandBar header with posture score badge, stat pills, and DashboardDrawer side panel to the new dashboard
+pr: 7660
+labels: []

changelog/7661-add-encryption-keys-table.yaml

@@ -0,0 +1,4 @@
+type: Added
+description: Added encryption_keys table for envelope encryption
+pr: 7661
+labels: ["db-migration"]

changelog/7673-dashboard-system-coverage-card.yaml

@@ -0,0 +1,4 @@
+type: Added
+description: Added SystemCoverageCard with DonutChart to the dashboard
+pr: 7673
+labels: []

changelog/7675-dashboard-agent-briefing.yaml

@@ -0,0 +1,4 @@
+type: Added
+description: Added agent briefing banner with severity-based alerts and quick actions to the dashboard
+pr: 7675
+labels: []

changelog/7677-domain-validation-enabled-dev-mode.yaml

@@ -0,0 +1,4 @@
+type: Changed
+description: Domain validation now defaults to enabled in dev mode so SaaS connector violations are caught during local development
+pr: 7677
+labels: []

changelog/7678-jira-dual-auth-schema.yaml

@@ -0,0 +1,4 @@
+type: Added
+description: Added API key authentication fields to JiraTicketSchema, enabling jira_ticket connections to use either OAuth 2.0 or API key (email + token) credentials
+pr: 7678
+labels: []

changelog/7681-migrate-chakra-menu-to-ant-dropdown.yaml

@@ -0,0 +1,4 @@
+type: Changed
+description: Migrate Chakra UI Menu components to Ant Design Dropdown/Popover across the admin-ui
+pr: 7681
+labels: []

changelog/7690-dsr-status-card.yaml

@@ -0,0 +1,4 @@
+type: Added
+description: Added DSR Status card with SLA health chart to home dashboard
+pr: 7690
+labels: []

changelog/7691-request-id-log-correlation.yaml

@@ -0,0 +1,4 @@
+type: Added
+description: Added X-Request-ID header support for correlating logs across a single API request
+pr: 7691
+labels: []

changelog/7694-add-dashboard-trend-cards.yaml

@@ -0,0 +1,4 @@
+type: Added
+description: Added trend cards to the dashboard with sparkline charts
+pr: 7694
+labels: []

changelog/7695-global-message-api-ref.yaml

@@ -0,0 +1,4 @@
+type: Changed
+description: Migrate Redux error middleware from Chakra standalone toast to Ant Design global message API ref
+pr: 7695
+labels: []

changelog/7697-remove-use-alert-hooks.yaml

@@ -0,0 +1,4 @@
+type: Developer Experience
+description: Replaced useAlert and useQueryResultToast hooks with Ant Design useMessage
+pr: 7697
+labels: []

changelog/7704-remove-pixie-system-scanner.yaml

@@ -0,0 +1,4 @@
+type: Removed
+description: Removed Pixie/PXL runtime system scanner from Admin UI and client (config wizard data-flow option, plus/scan API hooks, health types). AWS and Okta discovery flows unchanged.
+pr: 7704
+labels: []

changelog/TEMPLATE.yaml

@@ -1,4 +1,4 @@
-# Copy this file and rename it (e.g., pr-number.yaml or feature-name.yaml)
+# Copy this file and rename it to <pr_number>-<short-description>.yaml (e.g., 1234-add-user-endpoint.yaml)
 # Fill in the required fields and delete this comment block
 
 type: Added # One of: Added, Changed, Developer Experience, Deprecated, Docs, Fixed, Removed, Security