ENG-2663: Add policy_evaluated audit log action and fix default_policies schema

[JadeCara]

Ticket ENG-2663

Description Of Changes

Add policy_evaluated to the AuditLogAction enum to support audit logging when policies are conditionally evaluated during privacy request creation. Also adds default_policies as an optional field on the ApplicationConfig schema to fix a validation error when the PATCH /config endpoint tries to deserialize api_set data that contains default_policies (written by the default policy config routes).

Code Changes

• src/fides/api/models/audit_log.py - Add policy_evaluated enum value to AuditLogAction
• src/fides/api/alembic/migrations/versions/xx_2026_02_13_2351_a0109cdde920_...py - Alembic migration to add the enum value to the PostgreSQL type. Downgrade updates existing rows to finished rather than deleting them.
• src/fides/api/schemas/application_config.py - Add default_policies: Optional[Dict[str, Optional[str]]] to ApplicationConfig schema to prevent extra_forbidden validation error

Steps to Confirm

1. Run the migration: alembic upgrade head
2. Verify policy_evaluated is a valid enum value: SELECT enum_range(NULL::auditlogaction);
3. PATCH /api/v1/config with any valid payload on an instance that has default_policies in api_set — should no longer raise extra_forbidden

Pre-Merge Checklist

• Issue requirements met
• All CI pipelines succeeded
• CHANGELOG.md updated
  • Add a db-migration label to the entry
• No UX review needed
• No followup issues
• Database migrations:
  • Ensure that your downrev is up to date with the latest revision on main
  • Ensure that your downgrade() migration is correct and works
• No documentation updates required

Made with Cursor

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

2 Skipped Deployments

Project	Deployment	Actions	Updated (UTC)
fides-plus-nightly	Ignored	Preview	Feb 14, 2026 0:05am
fides-privacy-center	Ignored		Feb 14, 2026 0:05am

[greptile-apps]

Greptile Overview

Greptile Summary

This PR adds policy_evaluated to the AuditLogAction enum and fixes a validation issue with default_policies in the ApplicationConfig schema.

Changes:

• Added policy_evaluated enum value to support audit logging during conditional policy evaluation
• Fixed extra_forbidden validation error by adding default_policies field to ApplicationConfig schema
• Included proper Alembic migration with downgrade path that updates existing records to finished before removing the enum value

The implementation follows established patterns for enum migrations and correctly handles the schema validation issue where api_set data contains default_policies written by default policy config routes.

Confidence Score: 5/5

• This PR is safe to merge with no risk
• All changes are straightforward additions with no breaking changes. The migration follows established patterns with proper upgrade/downgrade logic. The schema fix addresses a real validation issue. No tests are needed as these are purely additive changes.
• No files require special attention

Important Files Changed

Filename	Overview
changelog/7395-policy-evaluation-audit-log.yaml	Properly formatted changelog entry with correct db-migration label
src/fides/api/models/audit_log.py	Added policy_evaluated enum value to AuditLogAction - straightforward addition
src/fides/api/alembic/migrations/versions/xx_2026_02_13_2351_a0109cdde920_add_policy_evaluated_audit_log_action.py	Well-structured migration with proper upgrade/downgrade logic following established patterns
src/fides/api/schemas/application_config.py	Added default_policies field to fix validation error when PATCH /config deserializes api_set data

_{Last reviewed commit: 6d543fa}

[greptile-apps]

_{4 files reviewed, no comments}

_{Edit Code Review Agent Settings | Greptile}