Skip to content

Enhance rejection audit events with Harvest API enrichment#20094

Draft
christophercutajar wants to merge 3 commits into
elastic:mainfrom
christophercutajar:feature/greenhouse-rejection-enrichment
Draft

Enhance rejection audit events with Harvest API enrichment#20094
christophercutajar wants to merge 3 commits into
elastic:mainfrom
christophercutajar:feature/greenhouse-rejection-enrichment

Conversation

@christophercutajar

Copy link
Copy Markdown

Audit log events only record that an Application's status changed to
"rejected" — the rejection reason and notes/comments are not part of
the audit log payload. Add an opt-in "Enrich rejected application
events" setting that, when a rejection is detected, calls the Harvest
V3 API (reusing the existing OAuth bearer token) to fetch the
rejection reason and pull the rejection notes from the activity feed,
merging them into the event under greenhouse.audit.event.rejection.<!-- Type of change
Please label this PR with one of the following labels, depending on the scope of your change:

  • Bug
  • Enhancement
  • Breaking change
  • Deprecation
    -->

Proposed commit message

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Screenshots

claude and others added 3 commits July 13, 2026 02:03
Audit log events only record that an Application's status changed to
"rejected" — the rejection reason and notes/comments are not part of
the audit log payload. Add an opt-in "Enrich rejected application
events" setting that, when a rejection is detected, calls the Harvest
V3 API (reusing the existing OAuth bearer token) to fetch the
rejection reason and pull the rejection notes from the activity feed,
merging them into the event under greenhouse.audit.event.rejection.
…g real audit event

A real "Candidate or Prospect rejected" audit event showed the original
implementation's assumptions were wrong: the event type is "action" (not
"data_change_update"), target_type is the literal string "Candidate or
Prospect rejected" (not "Application"), and the event carries no
application/candidate ID at all.

Since there's no ID to look up directly, correlate by time instead: query
the Harvest API for rejected Applications whose rejected_at falls within
a configurable window (default 5m) of the audit event's timestamp. An
unambiguous single match is enriched with the rejection reason and notes;
zero or multiple matches are recorded as an error (with candidate IDs
listed in the ambiguous case) rather than guessed.
…equired Harvest permissions

A second real audit sample showed Greenhouse also audits a separate
"RejectionDetails" data_change_create event for the same rejection,
sharing the same request.id and carrying event.meta.application_id.
Replace the earlier timestamp-window guess with a deterministic
correlation: match the "Candidate or Prospect rejected" event to its
RejectionDetails sibling by request.id within the same page of audit
results, then look up the resulting application_id directly via the
Harvest API. Ambiguous request.id matches (e.g. bulk rejections) and
no-match cases are still recorded as an error rather than guessed.

Also document the specific Harvest OAuth scopes required (Rejection
details / Rejection reasons, in addition to Applications / Activity
Feed) based on the actual permission UI.
@cla-checker-service

Copy link
Copy Markdown

❌ Author of the following commits did not sign a Contributor Agreement:
51d9493, 47db5cc

Please, read and sign the above mentioned agreement if you want to contribute to this project

@github-actions

Copy link
Copy Markdown
Contributor

Elastic Docs Style Checker (Vale)

Summary: 4 warnings, 3 suggestions found

⚠️ Warnings (4): Fix when the suggestion improves clarity or correctness.
File Line Rule Message
packages/greenhouse/_dev/build/docs/README.md 65 Elastic.MenuArrowsBold Use '→' to separate menu items, not '' or '='. Example: Select Manage index → Add lifecycle policy.
packages/greenhouse/_dev/build/docs/README.md 65 Elastic.MenuArrows Use '→' to separate menu items, not '' or '='. Example: Select Manage index → Add lifecycle policy.
packages/greenhouse/_dev/build/docs/README.md 65 Elastic.MenuArrows Use '→' to separate menu items, not '' or '='. Example: Select Manage index → Add lifecycle policy.
packages/greenhouse/data_stream/audit/fields/fields.yml 107 Elastic.QuotesPunctuation Place punctuation inside closing quotation marks.
💡 Suggestions (3): Optional style improvements. Apply when helpful.
File Line Rule Message
packages/greenhouse/_dev/build/docs/README.md 124 Elastic.Semicolons Use semicolons judiciously.
packages/greenhouse/data_stream/audit/fields/fields.yml 90 Elastic.Wordiness Consider using 'all' instead of 'all of '.
packages/greenhouse/data_stream/audit/fields/fields.yml 90 Elastic.Wordiness Consider using 'impossible' instead of 'not possible'.

The Vale linter checks documentation changes against the Elastic Docs style guide. To use Vale locally or report issues, refer to Elastic style guide for Vale.

@elastic-vault-github-plugin-prod

Copy link
Copy Markdown
Contributor

Changelog link mismatch — expected https://github.com/elastic/integrations/pull/20094 in the following file(s):

  • packages/greenhouse/changelog.yml

Tip

If expected, add the changelog-link-check:skip label to skip this check. Or, if an issue link was intended, use .../issues/<n> instead.

View Buildkite build
@christophercutajar

@infra-vault-gh-plugin-prod

infra-vault-gh-plugin-prod Bot commented Jul 13, 2026

Copy link
Copy Markdown

💔 Build Failed

Failed CI Steps

History

@github-actions

This comment has been minimized.

@github-actions

Copy link
Copy Markdown
Contributor

TL;DR

Build 45907 failed for two actionable repository issues: the Greenhouse changelog points to PR 17347 instead of PR 20094, and the committed Greenhouse rendered README is out of sync with its build template.

Remediation

  • Update packages/greenhouse/changelog.yml:6 so the changelog link is https://github.com/elastic/integrations/pull/20094 (or use an issue URL if this entry is intentionally tracking an issue).
  • From packages/greenhouse, regenerate the package documentation with elastic-package build and commit the resulting docs/README.md changes; then rerun the Greenhouse package check.
Investigation details

Root Cause

The changelog validation compares every modified changelog link with the PR under test. The Greenhouse entry retains the previous link at packages/greenhouse/changelog.yml:6, so it fails the expected-link check.

The package validation also checks that generated documentation matches the repository template. The Greenhouse job reports checking readme files are up-to-date failed: files do not match and shows a rejection-enrichment documentation section being removed from the generated comparison, indicating the committed README/template output is inconsistent.

Evidence

  • Build: https://buildkite.com/elastic/integrations/builds/45907
  • Jobs: :scroll: Check changelog PR links; Check integrations greenhouse
  • Changelog log: packages/greenhouse/changelog.yml contains unexpected link https://github.com/elastic/integrations/pull/17347; expected https://github.com/elastic/integrations/pull/20094.
  • Greenhouse log: checking readme files are up-to-date failed: files do not match at the package check.

Verification

Not run in this detective workflow; the failures are directly identified in the CI logs.


What is this? | From workflow: PR Buildkite Detective

Give us feedback! React with 🚀 if perfect, 👍 if helpful, 👎 if not.

@narph narph added the Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] label Jul 13, 2026
@andrewkroh andrewkroh added Integration:greenhouse Greenhouse (Community supported) needs CLA User must sign the Elastic Contributor License before review. documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. labels Jul 13, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. Integration:greenhouse Greenhouse (Community supported) needs CLA User must sign the Elastic Contributor License before review. Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations]

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants