ENG-2435: Add privacy requests diagnostics endpoint

[nreyes-dev]

Ticket ENG-2435

Description Of Changes

Adds a new endpoint to export a non-PII diagnostics JSON for a single privacy request ID.

Code Changes

• Added GET /api/v1/privacy-request/{privacy_request_id}/diagnostics.
• Added v1 route constant for the diagnostics endpoint.
• Implemented diagnostics builder + DB queries (metadata-only; no PII, secrets, or payloads).

Steps to Confirm

3. Grab a privacy_request_id
   In /docs, hit either:
   GET /api/v1/privacy-request (list), or
   GET /api/v1/privacy-request/search
   Copy an id from the response.
4. Call diagnostics
   In /docs:
   GET /api/v1/privacy-request/{privacy_request_id}/diagnostics
   Paste the privacy_request_id
   Execute
   Expect 200 and a PrivacyRequestDiagnostics JSON payload.
5. 404 case
   Call the same endpoint with a bogus ID.
   Expect 404 with a “No privacy request found…” detail.

Pre-Merge Checklist

• Issue requirements met
• All CI pipelines succeeded
• CHANGELOG.md updated
  • Add a db-migration This indicates that a change includes a database migration label to the entry if your change includes a DB migration
  • Add a high-risk This issue suggests changes that have a high-probability of breaking existing code label to the entry if your change includes a high-risk change (i.e. potential for performance impact or unexpected regression) that should be flagged
  • Updates unreleased work already in Changelog, no new entry necessary
• UX feedback:
  • All UX related changes have been reviewed by a designer
  • No UX review needed
• Followup issues:
  • Followup issues created
  • No followup issues
• Database migrations:
  • Ensure that your downrev is up to date with the latest revision on main
  • Ensure that your downgrade() migration is correct and works
    • If a downgrade migration is not possible for this change, please call this out in the PR description!
  • No migrations
• Documentation:
  • Documentation complete, PR opened in fidesdocs
  • Documentation issue created in fidesdocs
  • If there are any new client scopes created as part of the pull request, remember to update public-facing documentation that references our scope registry
  • No documentation updates required

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

2 Skipped Deployments

Project	Deployment	Actions	Updated (UTC)
fides-plus-nightly	Ignored	Preview	Feb 23, 2026 2:21pm
fides-privacy-center	Ignored		Feb 23, 2026 2:21pm

[greptile-apps]

Greptile Summary

This PR adds a new diagnostics export endpoint (GET /api/v1/privacy-request/{privacy_request_id}/diagnostics) that returns a comprehensive, non-PII snapshot of a privacy request for troubleshooting purposes. The implementation includes 20+ snapshot models covering all privacy request-related entities (execution logs, audit logs, request tasks, manual tasks, attachments, comments, etc.) with careful exclusion of any PII fields.

Key changes:

• New 1291-line diagnostics module with extensive PII-free data projections
• Proper use of deferred loading for large columns to avoid OOM issues
• Well-documented security considerations throughout the code
• Consistent error handling with 404 responses for missing requests

Concerns:

• No test coverage found for the diagnostics module (1291 lines of untested code)
• Missing validation that PII fields are actually excluded in production scenarios

Confidence Score: 4/5

• Safe to merge with one notable gap: missing test coverage for a 1291-line file
• The implementation is thorough, well-documented, and follows security best practices for PII exclusion. However, no test coverage was found for the diagnostics module despite its complexity and size, which is a significant concern for maintainability and correctness validation
• Pay attention to src/fides/service/privacy_request/privacy_request_diagnostics.py - needs comprehensive test coverage before merge

Important Files Changed

Filename	Overview
src/fides/service/privacy_request/privacy_request_diagnostics.py	New diagnostics module with comprehensive PII-free snapshot models and queries for troubleshooting privacy requests (1291 lines)
src/fides/api/api/v1/endpoints/privacy_request_endpoints.py	Added new diagnostics endpoint with proper error handling and authentication

_{Last reviewed commit: 0e6b568}

[greptile-apps]

_{4 files reviewed, 1 comment}

_{Edit Code Review Agent Settings | Greptile}