Chwa1 robustness

[walteck]

Description

1. Error Handling with Retries
   Added retry_with_backoff decorator in shared_functions.py with exponential backoff
   Applied to all GitHub API calls (post_comment_on_issue, make_owner_on_github, close_issue, get_all_org_owners, make_member_on_github)
   Server errors (5xx) trigger retries; client errors (4xx) raise GitHubAPIError
   Configurable: max_retries, base_delay, max_delay, exponential_base
2. Input Validation
   Added validation functions in utilities.py:
   validate_issue_payload() - validates issue webhook payloads
   validate_issue_comment_payload() - validates comment webhook payloads
   validate_demotion_event() - validates Step Function events
   Early return with error logging for invalid payloads
3. Logging Improvements for Audit Trail
   Added get_logger() for module-level loggers
   Added log_audit_event() for structured audit logging with:
   Event types: ELEVATION_REQUEST, ELEVATION_APPROVED, ELEVATION_GRANTED, ELEVATION_DENIED, DEMOTION_STARTED, DEMOTION_COMPLETED, etc.
   Structured data: user, organization, repository, issue_number, approver, status, timestamp
   Replaced print() statements with proper logger.info/warning/error
4. Race Condition Handling
   Added _try_claim_elevation_request() using DynamoDB conditional update
   Uses ConditionExpression to atomically check status = 'pending' before promotion
   Added _rollback_elevation_claim() for failure recovery
   Status flow: pending → processing → elevated → demoted
   Multiple approvals on same request are safely rejected

Context

Exploring failure modes and improving their handling

Type of changes

• Refactoring (non-breaking change)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would change existing functionality)
• Bug fix (non-breaking change which fixes an issue)

Checklist

• I am familiar with the contributing guidelines
• I have followed the code style of the project
• I have added tests to cover my changes
• I have updated the documentation accordingly
• This PR is a result of pair or mob programming

---

Sensitive Information Declaration

To ensure the utmost confidentiality and protect your and others privacy, we kindly ask you to NOT including PII (Personal Identifiable Information) / PID (Personal Identifiable Data) or any other sensitive data in this PR (Pull Request) and the codebase changes. We will remove any PR that do contain any sensitive information. We really appreciate your cooperation in this matter.

• I confirm that neither PII/PID nor sensitive data are included in this PR and the codebase changes.

[terado]

This code repeats 3 times, feels like it could be a function e.g

if check_missing(payload, ['action', 'issue', 'repository']);

[terado]

In fact, more than 3 times between the functions, could be used here, e.g

if check_missing(issue, ['number', 'user', 'title'])
  return False, f"Missing required issue fields: {', '.join(issue_missing)}"

[terado]

I'm posting naively here, not knowing this repo as well as yourself. Going purely on the description that this elevates permission - it feels like this file has a lot of URL injection opportunities. Is there anywhere in the chain that the correct organization, repository, issue_number etc are correct for the user requesting and are sanitised/viable content?