ENG-2493: support monitor stewards acting on monitor results (fides)

[adamsachs]

Ticket ENG-2493

Description Of Changes

DB migration and user token updates to support monitor stewards being able to act on monitor results.

Done alongside https://github.com/ethyca/fidesplus/pull/3035

Steps to Confirm

1. see https://github.com/ethyca/fidesplus/pull/3035 and https://github.com/ethyca/fidesplus/pull/3040

Pre-Merge Checklist

• Issue requirements met
• All CI pipelines succeeded
• CHANGELOG.md updated
  • Add a db-migration This indicates that a change includes a database migration label to the entry if your change includes a DB migration
  • Add a high-risk This issue suggests changes that have a high-probability of breaking existing code label to the entry if your change includes a high-risk change (i.e. potential for performance impact or unexpected regression) that should be flagged
  • Updates unreleased work already in Changelog, no new entry necessary
• UX feedback:
  • All UX related changes have been reviewed by a designer
  • No UX review needed
• Followup issues:
  • Followup issues created
  • No followup issues
• Database migrations:
  • Ensure that your downrev is up to date with the latest revision on main
  • Ensure that your downgrade() migration is correct and works
    • If a downgrade migration is not possible for this change, please call this out in the PR description!
  • No migrations
• Documentation:
  • Documentation complete, PR opened in fidesdocs
  • Documentation issue created in fidesdocs
  • If there are any new client scopes created as part of the pull request, remember to update public-facing documentation that references our scope registry
  • No documentation updates required

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

2 Skipped Deployments

Project	Deployment	Actions	Updated (UTC)
fides-plus-nightly	Ignored	Preview	Feb 4, 2026 3:39pm
fides-privacy-center	Ignored		Feb 4, 2026 3:39pm

[greptile-apps]

Greptile Overview

Greptile Summary

Adds database and token infrastructure to support monitor stewards acting on monitor results. The changes add a monitors field to the client table and JWT tokens, similar to existing systems field for system managers.

Key changes:

• DB migration adds monitors array column to client table
• ClientDetail model includes monitors in JWT payload generation
• FidesUser model adds bidirectional relationship with MonitorConfig via stewarded_monitors
• Constant added for JWT payload field JWE_PAYLOAD_MONITORS

Issue found:

• Missing methods to sync client token when monitor stewards are assigned/removed (see inline comment)

Confidence Score: 3/5

• Safe to merge with follow-up work needed for client token synchronization
• Infrastructure is correctly implemented following existing patterns for system managers, but the PR is incomplete without methods to update client tokens when monitor stewards are assigned or removed. This functionality may be in the companion fidesplus PR or needs to be added.
• src/fides/api/models/fides_user.py needs methods to sync client monitors field when steward assignments change

Important Files Changed

Filename	Overview
src/fides/api/alembic/migrations/versions/xx_2026_02_02_0230_a1b2c3d4e5f7_add_monitors_to_client.py	Added monitors column to client table with ARRAY(String) type, default empty array
src/fides/api/models/client.py	Added monitors field to ClientDetail model and JWT payload for monitor steward authorization
src/fides/api/models/fides_user.py	Added bidirectional relationship and property for stewarded monitors, but missing sync logic to update client tokens

[greptile-apps]

_{3 files reviewed, 1 comment}

_{Edit Code Review Agent Settings | Greptile}

[adamsachs]

this is unrelated to this PR but after rebaseing off main, i was getting a ruff formatting error preventing a push, so i pushed this fix

[vcruces]

Looks great to me, the changes make sense