ENG-2753: Gate DSR Policies behind beta flag

[gilluminate]

Ticket ENG-2753

Description Of Changes

Gate the DSR Policies feature behind a new beta flag and reorder it to appear last in the "Privacy requests" nav group. Also moves the policies pages to a top-level /privacy-request-policies route to avoid collision with the /privacy-requests/[id] dynamic route.

• New policies beta flag: enabled in dev/test, disabled in production
• Flag appears as "DSR Policies" on the About page, users can toggle it on
• Policies nav item moved to last position under Privacy requests
• Route changed from /privacy-requests/policies to /privacy-request-policies

Code Changes

• clients/admin-ui/src/flags.json - Added policies beta flag definition
• clients/admin-ui/src/features/common/nav/nav-config.tsx - Reordered Policies to last, added requiresFlag: "policies"
• clients/admin-ui/src/features/common/nav/routes.ts - Updated route paths to /privacy-request-policies
• clients/admin-ui/src/pages/privacy-request-policies/index.tsx - Moved from privacy-requests/policies/
• clients/admin-ui/src/pages/privacy-request-policies/[key].tsx - Moved from privacy-requests/policies/

Steps to Confirm

1. Navigate to the Admin UI in the preview build
   Expected: "Policies" nav item appears as the last item under Privacy requests
2. Click the Policies nav item
   Expected: Navigates to /privacy-request-policies and displays the policies list
3. Click into a specific policy
   Expected: Navigates to /privacy-request-policies/[key] and displays the policy detail page
4. Go to Settings > About and toggle the "DSR Policies" flag off
   Expected: "Policies" nav item disappears as the last item under Privacy requests
5. Navigate to /privacy-request-policies by pasting it in the URL bar
   Expected: With the flag off, route should redirect to home

Pre-Merge Checklist

• Issue requirements met
• All CI pipelines succeeded
• CHANGELOG.md updated
  • Updates unreleased work already in Changelog, no new entry necessary
• UX feedback:
  • No UX review needed
• Followup issues:
  • No followup issues
• Database migrations:
  • No migrations
• Documentation:
  • No documentation updates required

Made with Cursor

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
fides-plus-nightly	Ready	Preview, Comment	Feb 23, 2026 10:26pm

1 Skipped Deployment

Project	Deployment	Actions	Updated (UTC)
fides-privacy-center	Ignored		Feb 23, 2026 10:26pm

[greptile-apps]

Greptile Summary

This PR successfully gates the DSR Policies feature behind a new beta flag and resolves a route collision by moving pages to a top-level route. The implementation is clean and follows established patterns.

Key changes:

• New policies beta flag added (enabled in dev/test, disabled in production)
• Policies nav item moved to last position under "Privacy requests" group
• Routes changed from /privacy-requests/policies to /privacy-request-policies to avoid collision with /privacy-requests/[id] dynamic route
• Flag protection properly enforced through existing requiresFlag mechanism

What works well:

• Beta flag configuration is correct and consistent with other flags
• Route protection is properly implemented via requiresFlag in nav config
• Existing Cypress tests use route constants so they automatically work with new paths
• No breaking changes since this is a new feature
• Clean file moves with no code changes to the page components themselves

Confidence Score: 5/5

• This PR is safe to merge with minimal risk
• The changes are straightforward: adding a beta flag, reordering navigation, and moving files to avoid route collisions. The flag protection mechanism is already well-tested in the codebase, the file moves are clean with no code changes, and existing tests use route constants so they work automatically with the new paths. Only minor style suggestion about using the useSearch hook for URL state synchronization.
• No files require special attention

Important Files Changed

Filename	Overview
clients/admin-ui/src/flags.json	Added policies beta flag with correct environment configuration (enabled in dev/test, disabled in production)
clients/admin-ui/src/features/common/nav/nav-config.tsx	Moved Policies nav item to last position and added requiresFlag: "policies" to gate access
clients/admin-ui/src/features/common/nav/routes.ts	Updated routes from /privacy-requests/policies to /privacy-request-policies to avoid dynamic route collision
clients/admin-ui/src/pages/privacy-request-policies/index.tsx	Moved from old location, implements custom search state instead of useSearch hook

_{Last reviewed commit: 2851ffb}

[greptile-apps]

_{5 files reviewed, 1 comment}

_{Edit Code Review Agent Settings | Greptile}

[greptile-apps]

Additional Comments (1)

clients/admin-ui/src/pages/privacy-request-policies/index.tsx
Consider using the existing useSearch hook to maintain URL state synchronization, similar to other pages in the codebase. This would sync the search query to the URL and provide better user experience with shareable links and browser back/forward navigation.

  const { searchQuery = "", updateSearch } = useSearch();

Then update the SearchInput:

<SearchInput
  placeholder="Search policies by name or key..."
  onChange={updateSearch}
  value={searchQuery}
  className="max-w-md"
/>

Context Used: Rule from dashboard - Use the existing useSearch hook for search functionality to maintain URL state synchronization ins... (source)

[lucanovera]

Works as expected, code changes look good. Approved!