[ENG-2185] Update consent graph with manual tasks

[JadeCara]

Ticket ENG-2185

Description Of Changes

🎯 Add Manual Tasks for Consent
This PR updates the Consent Task Graph with Manual Tasks.

Past PRs:

• The logging being used by manual tasks and front end data is entirely the general audit logs so the manual task log table and utilities are now redundant. ENG-2185 #7124
• Update the Conditional Dependency table with a JSONB dictionary column. This will allow us to thoroughly test the migration without being destructive. [ENG-2185] #7133
• Remove the extra columns and rows for conditional dependencies once the tree has been implemented and tested. Eng 2185 remove unused cols #7172
• Allow conditional dependencies to be assigned to a specific policy type or id. Allow users to be assigned to specific submissions rather than the whole task. [ENG-2185] Adding Consent #7174

This PR:

• Consent task graph runs Manual Tasks.

Future PRs:

• Add consent DSR emails Eng 2185 finalization and email for consent tasks #7102
• User can indicate if the Manual task should run before or after the rest of the DAG.

Code Changes

• clients/admin-ui/src/ - added consent to all the places we see manual task tags
• src/fides/api/service/privacy_request/request_runner_service.py Request runner service will now run consent tasks
• src/fides/api/task/conditional_dependencies/privacy_request/schemas.py - Updated for consent specific dependency values.
• src/fides/api/task/manual/manual_task_conditional_evaluation.py Updated to evaluate for consent specific dependency values
• src/fides/api/task/manual/manual_task_utils.py Updated with consent task implementations and to use Action type.
• src/fides/api/task/graph_task.py updated consent graph with manual tasks
• Updated all tests related to consent tasks

Steps to Confirm

1. Manual tasks, conditional dependencies etc should continue to function as before.
2. Please test with FidesPlus 2952
3. Run FidesPlus branch above pointed at this branch.
4. Create a ManualTask with several submissions required and several conditions, both dataset and privacy request based.
5. Create privacy requests that meet and do not meet the requirements. Verify that they create/do not create as expected.
6. Verify that you can complete the manual tasks with no errors.
7. Verify that you can see the skipped logs and the manual task and manual task actions appear on the DSR activity log.
8. Verify that you receive the access package with all expected manual task inclusions (attachments and text)
9. Update the ManualTask submission types, delete one or more.
10. Test with Consent tasks -
    From the Privacy Center we need to do a consent request. (http://localhost:3001/ if running locally). We want it to create a DSR which means it must be configured for your area.

• If you are not in the US you can add a new privacy center to http://localhost:3000/consent/privacy-experience with a privacy center component or update the US Privacy Center with wherever you are. Either way it must be enabled on the experience page.
• The notices on the privacy center must be enabled and have system wide enforcement. You can set this by going to http://localhost:3000/consent/privacy-notices enabling the notices and then clicking in to them to set the enforcment to system wide.

• Lets turn on the consent email notification as well. (http://localhost:3000/notifications/templates) enable the one at the end (Consent request completed) - you may need to set a property for it, the default is fine.

4. Now you can make that consent request. It will take a second because it also uses celery workers but it should come through in the Request Manager (http://localhost:3000/new-privacy-requests) and show that it requires finalization.

Note: if it shows completed you might need to restart your worker (especially if it was running before you pulled this in for testing.

Verify the consent task appears correctly.

Pre-Merge Checklist

• Issue requirements met
• All CI pipelines succeeded
• CHANGELOG.md updated
  • Add a db-migration This indicates that a change includes a database migration label to the entry if your change includes a DB migration
  • Add a high-risk This issue suggests changes that have a high-probability of breaking existing code label to the entry if your change includes a high-risk change (i.e. potential for performance impact or unexpected regression) that should be flagged
  • Updates unreleased work already in Changelog, no new entry necessary
• UX feedback:
  • All UX related changes have been reviewed by a designer
  • No UX review needed
• Followup issues:
  • Followup issues created
  • No followup issues
• Database migrations:
  • Ensure that your downrev is up to date with the latest revision on main
  • Ensure that your downgrade() migration is correct and works
    • If a downgrade migration is not possible for this change, please call this out in the PR description!
  • No migrations
• Documentation:
  • Documentation complete, PR opened in fidesdocs
  • Documentation issue created in fidesdocs
  • If there are any new client scopes created as part of the pull request, remember to update public-facing documentation that references our scope registry
  • No documentation updates required

[greptile-apps]

Greptile Overview

Greptile Summary

This PR successfully adds consent support to manual tasks, enabling manual task execution within consent workflows.

Key Changes

Frontend (Admin UI):

• Adds CONSENT to ManualFieldRequestType enum and all UI components
• Updates form to treat consent like erasure (checkbox field type only)
• Adds consent filtering and display mapping throughout manual task views

Backend (Python):

• Filters manual task graphs by action type (access/erasure vs consent)
• Adds consent-specific conditional dependency schemas excluding unavailable fields (location, execution_timeframe)
• Implements filtering logic to remove dataset field references from consent task conditions (consent DSRs don't have data flow)
• Updates build_consent_dataset_graph with optional session parameter to include manual tasks
• Bypasses write access check for manual task connections (humans manually record actions)

Tests:

• Comprehensive test coverage for consent manual task filtering, graph generation, and full workflow
• Integration tests verify conditional dependencies work correctly with consent tasks

Architecture

The implementation correctly handles the fact that consent requests don't have data flow through datasets, so:

1. Dataset field conditions are filtered out for consent tasks
2. Unavailable privacy request fields (location, due_date) are identified with helpful warnings
3. Manual task graphs are built separately for access/erasure vs consent action types

The changes maintain backward compatibility - existing calls to build_consent_dataset_graph without session parameter continue to work (just won't include manual tasks).

Confidence Score: 5/5

• Safe to merge - well-structured implementation with comprehensive test coverage
• All changes are logically sound, properly tested, and maintain backward compatibility. The consent-specific filtering logic correctly handles the constraints of consent workflows (no dataset data flow). Frontend and backend changes are consistent.
• No files require special attention

Important Files Changed

File Analysis

Filename	Score	Overview
clients/admin-ui/src/features/integrations/configure-tasks/AddManualTaskForm.tsx	5/5	Adds CONSENT option to request type dropdown and updates field type logic to treat consent like erasure (checkbox only)
clients/admin-ui/src/features/integrations/configure-tasks/constants.ts	5/5	Adds "Consent" label mapping for ManualFieldRequestType.CONSENT
clients/admin-ui/src/features/manual-tasks/components/TaskDetails.tsx	5/5	Updates request type to action type mapping to include CONSENT, improving code clarity with explicit mapping object
clients/admin-ui/src/features/manual-tasks/constants.ts	5/5	Adds Consent filter option to request type filters
clients/admin-ui/src/features/manual-tasks/hooks/useManualTaskColumns.tsx	5/5	Updates column rendering to map CONSENT request type to ActionType.CONSENT for display
clients/admin-ui/src/types/api/models/ManualFieldRequestType.ts	5/5	Adds CONSENT enum value to ManualFieldRequestType
src/fides/api/service/privacy_request/request_runner_service.py	5/5	Filters manual tasks by action type - only access/erasure for access/erasure runner, passes session to consent graph builder to include consent manual tasks
src/fides/api/task/conditional_dependencies/privacy_request/schemas.py	5/5	Adds consent-specific field schemas that exclude location and execution timeframe fields unavailable in consent workflow
src/fides/api/task/graph_task.py	5/5	Updates build_consent_dataset_graph to optionally include manual tasks with consent configs, adds manual task write access check bypass
src/fides/api/task/manual/manual_task_conditional_evaluation.py	5/5	Adds consent condition filtering logic that removes dataset field references and unavailable privacy request fields from consent task conditions
src/fides/api/task/manual/manual_task_utils.py	5/5	Adds config_types filtering to manual task graph creation, excludes dataset field references for consent-only tasks
tests/api/task/manual/test_manual_task_utils.py	5/5	Adds comprehensive test coverage for consent manual task filtering and graph generation
tests/ops/service/privacy_request/test_request_runner_service.py	5/5	Adds integration tests for consent manual task full flow and conditional dependency evaluation
tests/ops/task/test_create_request_tasks.py	5/5	Adds tests verifying consent graph correctly includes/excludes manual tasks based on session and config type

[greptile-apps]

_{2 files reviewed, 2 comments}

_{Edit Code Review Agent Settings | Greptile}

[greptile-apps]

Additional Comments (1)

clients/admin-ui/src/features/integrations/configure-tasks/AddManualTaskForm.tsx
CRITICAL: Missing CONSENT option prevents creation of consent manual tasks

The requestTypeOptions array is missing the CONSENT option, which means users cannot create consent manual tasks from the UI. The constants file at line 38 of constants.ts includes ManualFieldRequestType.CONSENT, but it's not included here.

Impact: Users cannot configure consent manual tasks through the UI, even though the backend fully supports them. This is a critical omission for the feature this PR is supposed to add.

Fix:

  const requestTypeOptions = [
    {
      label: REQUEST_TYPE_LABELS[ManualFieldRequestType.ACCESS],
      value: ManualFieldRequestType.ACCESS,
    },
    {
      label: REQUEST_TYPE_LABELS[ManualFieldRequestType.ERASURE],
      value: ManualFieldRequestType.ERASURE,
    },
    {
      label: REQUEST_TYPE_LABELS[ManualFieldRequestType.CONSENT],
      value: ManualFieldRequestType.CONSENT,
    },
  ];

[JadeCara]

@greptile please review

[greptile-apps]

_{No files reviewed, no comments}

_{Edit Code Review Agent Settings | Greptile}

[galvana]

Should this be config_field_key instead?

Suggested change

	config_field = dependency.config_field
	config_field = dependency.config_field_key

[JadeCara]

So - originally i had it creating a relationship to the config associated with the key. This is actually not even useful since below we are filtering on consent type anyways. So I am going to remove this if statement.

[lucanovera]

FE changes look good