feat(governance): Policy Agent batch settings + per-task manual-grant reason

[yan-3005]

Fixes #28759

Part of the Data Access Request concurrency work — open-metadata/openmetadata-collate#4414

What

Supporting OpenMetadata changes for the Collate Data Access Request (DAR) concurrency work — clubbing concurrent policy-agent grants into a single ingestion run per pipeline (Collate PR links to this one).

1. workflowSettings — add policyAgentConfiguration:
   • pollingIntervalSeconds (default 30), batchWindowSeconds (default 60, the scheduler/window), batchMaxSize (default 200), batchWorkerThreads (default 4, the coordinator's worker-pool size — bounds how many distinct pipelines provision concurrently). All bounded minimum: 1.
   • Read by the Collate batch coordinator.
2. policyAgentTaskDefinition — add an optional per-node pollingIntervalSeconds. When unset it inherits the server-wide policyAgentConfiguration.pollingIntervalSeconds (then the built-in default); it has no own default so "unset" stays meaningful.
3. CreateTask — optionally carry a workflow-supplied reason into the created task's payload as manualGrantReason (its own structured field), instead of overloading the description.

Generic approval workflows are unaffected

The CreateTask change is a strict no-op for any workflow that doesn't set the manualGrantReason workflow variable (Glossary approval, tag/description suggestions, test-case resolution, …): the read is wrapped in try/catch + instanceof, and mergeManualGrantReason(payload, null) returns the payload unchanged. So those task types are byte-for-byte identical to before.

Tests

• CreateTaskManualGrantReasonTest — no-op for null/blank reason, sets payload.manualGrantReason, preserves existing payload keys, overwrites on stage re-entry.
• CreateTaskTest (44 existing) still pass — the generic task-creation path is unchanged.

🤖 Generated with Claude Code

[github-actions]

✅ PR checks passed

The linked issue has a description and all required Shipping project fields set. Thanks!

[github-actions]

Hi there 👋 Thanks for your contribution!

The OpenMetadata team will review the PR shortly! Once it has been labeled as safe to test, the CI workflows
will start executing and we'll be able to make sure everything is working as expected.

Let us know if you need any help!

[Copilot]

Pull request overview

This PR extends OpenMetadata governance/workflow capabilities to support Policy Agent batching for Data Access Request (DAR) concurrency, and adds support for carrying a workflow-supplied manual-grant reason into created Task payloads as a structured field.

Changes:

• Added policyAgentConfiguration to workflowSettings (polling interval + batching window/size controls) for the Policy Agent batch coordinator.
• Extended PolicyAgentTaskDefinition config with pollingIntervalSeconds (per-node override).
• Updated CreateTask to optionally merge a workflow-supplied manualGrantReason into task payload, with new unit tests covering merge behavior.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 4 comments.

File	Description
openmetadata-spec/src/main/resources/json/schema/governance/workflows/elements/nodes/automatedTask/policyAgentTaskDefinition.json	Adds per-node polling interval setting for Policy Agent task nodes.
openmetadata-spec/src/main/resources/json/schema/configuration/workflowSettings.json	Introduces server-wide Policy Agent batching configuration under workflow settings.
openmetadata-service/src/test/java/org/openmetadata/service/governance/workflows/elements/nodes/userTask/CreateTaskManualGrantReasonTest.java	Adds unit tests validating manualGrantReason payload merge behavior.
openmetadata-service/src/main/java/org/openmetadata/service/governance/workflows/elements/nodes/userTask/CreateTask.java	Merges optional workflow manualGrantReason into task payload during create/update.

[github-actions]

✅ TypeScript Types Auto-Updated

The generated TypeScript types have been automatically updated based on JSON schema changes in this PR.

[github-actions]

🔴 Playwright Results — 2 failure(s), 13 flaky

✅ 4265 passed · ❌ 2 failed · 🟡 13 flaky · ⏭️ 88 skipped

Shard	Passed	Failed	Flaky	Skipped
🟡 Shard 1	300	0	1	4
🔴 Shard 2	802	1	1	9
🔴 Shard 3	803	1	1	8
🟡 Shard 4	853	0	2	12
🟡 Shard 5	719	0	2	47
🟡 Shard 6	788	0	6	8

Genuine Failures (failed on all attempts)

❌ Features/Glossary/GlossaryWorkflow.spec.ts › should display correct status badge color and icon (shard 2)

Error: �[2mexpect(�[22m�[31mlocator�[39m�[2m).�[22mtoHaveText�[2m(�[22m�[32mexpected�[39m�[2m)�[22m failed

Locator:  locator('[data-row-key*="StatusBadgeTerm1780669712421"]').locator('.status-badge')
Expected: �[32m"In Review"�[39m
Received: �[31m"Draft"�[39m
Timeout:  15000ms

Call log:
�[2m  - Expect "toHaveText" with timeout 15000ms�[22m
�[2m  - waiting for locator('[data-row-key*="StatusBadgeTerm1780669712421"]').locator('.status-badge')�[22m
�[2m    18 × locator resolved to <div class="status-badge pending" data-testid=""PW%'cb1481b3.Noble13691da3".StatusBadgeTerm1780669712421-status">…</div>�[22m
�[2m       - unexpected value "Draft"�[22m

❌ Flow/ExploreAggregationCountsMatching.spec.ts › should verify left panel counts and tab search results for normal search (shard 3)

Error: Tab "topic" search total hits should match the aggregation count

�[2mexpect(�[22m�[31mreceived�[39m�[2m).�[22mtoBe�[2m(�[22m�[32mexpected�[39m�[2m) // Object.is equality�[22m

Expected: �[32m4�[39m
Received: �[31m24�[39m

🟡 13 flaky test(s) (passed on retry)

• Flow/Tour.spec.ts › Tour should work from help section (shard 1, 1 retry)
• Features/DataQuality/ColumnLevelTests.spec.ts › Column Value Max To Be Between (shard 2, 1 retry)
• Features/KnowledgeCenterTextEditor.spec.ts › Rich Text Editor - Text Formatting (shard 3, 1 retry)
• Pages/CustomProperties.spec.ts › Integer (shard 4, 1 retry)
• Pages/DataContractsSemanticRules.spec.ts › Validate DisplayName Rule Is Not (shard 4, 1 retry)
• Pages/EntityDataConsumer.spec.ts › Tier Add, Update and Remove (shard 5, 1 retry)
• Pages/ExplorePageRightPanel_KnowledgeCenter.spec.ts › Should remove user owner for knowledgeCenter (shard 5, 1 retry)
• Pages/Lineage/LineageFilters.spec.ts › Verify lineage service filter selection (shard 6, 1 retry)
• Pages/Lineage/LineageFilters.spec.ts › Verify lineage service type filter selection (shard 6, 1 retry)
• Pages/Lineage/LineageFilters.spec.ts › Verify lineage schema filter selection (shard 6, 1 retry)
• Pages/Lineage/LineageRightPanel.spec.ts › Verify custom properties tab IS visible for supported type: searchIndex (shard 6, 1 retry)
• Pages/Lineage/PlatformLineage.spec.ts › Verify domain platform view (shard 6, 1 retry)
• Pages/LogsViewer.spec.ts › Logs page shows breadcrumb, summary, and log viewer or empty state after opening from bundle suite pipeline tab (shard 6, 1 retry)

📦 Download artifacts

How to debug locally

# Download playwright-test-results-<shard> artifact and unzip
npx playwright show-trace path/to/trace.zip    # view trace

[Copilot]

Pull request overview

Copilot reviewed 4 out of 8 changed files in this pull request and generated 2 comments.

[github-actions]

✅ TypeScript Types Auto-Updated

The generated TypeScript types have been automatically updated based on JSON schema changes in this PR.

[Copilot]

Pull request overview

Copilot reviewed 4 out of 8 changed files in this pull request and generated 1 comment.

[gitar-bot]

Code Review ✅ Approved 2 resolved / 2 findings

Implements Policy Agent batching and manual-grant reason support for DAR concurrency, resolving issues with schema documentation and missing bounds on interval settings.

✅ 2 resolved

✅ Quality: Schema doc references wrong settings path

📄 openmetadata-spec/src/main/resources/json/schema/governance/workflows/elements/nodes/automatedTask/policyAgentTaskDefinition.json:29
The new per-node pollingIntervalSeconds description says it "Falls back to the server-wide default (workflowSettings.policyAgentPollingIntervalSeconds) when unset." That path does not exist. The field added in workflowSettings.json is nested under policyAgentConfiguration, so the correct reference is workflowSettings.policyAgentConfiguration.pollingIntervalSeconds. Update the description to match the actual schema to avoid confusing operators configuring the agent.

✅ Edge Case: No minimum bound on new integer interval settings

📄 openmetadata-spec/src/main/resources/json/schema/configuration/workflowSettings.json:86-99 📄 openmetadata-spec/src/main/resources/json/schema/governance/workflows/elements/nodes/automatedTask/policyAgentTaskDefinition.json:27-31
The new integer settings (pollingIntervalSeconds, batchWindowSeconds, batchMaxSize) have defaults but no minimum constraint. A value of 0 or a negative number for the polling interval or batch window could cause tight polling loops, divide-by-zero, or no batching in the coordinator that reads them. Consider adding "minimum": 1 to these fields so invalid configurations are rejected at the schema layer rather than producing degenerate runtime behavior in the Collate coordinator.

Options

Display: compact → Showing less information.

Comment with these commands to change:

Compact

gitar display:verbose

_{Was this helpful? React with 👍 / 👎 | Gitar}

[github-actions]

Jest test Coverage

UI tests summary

Lines	Statements	Branches	Functions
	63.4% (67232/106039)	44.31% (36975/83440)	46.6% (11007/23618)

[sonarqubecloud]

Quality Gate passed for 'open-metadata-ui'

Issues
1406 New issues
0 Accepted issues

Measures
24 Security Hotspots
0.0% Coverage on New Code
3.6% Duplication on New Code

See analysis details on SonarQube Cloud

[sonarqubecloud]

Quality Gate passed for 'open-metadata-ingestion'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud