feat: implement Phase 2 stabilization

- Cache Graph API tokens with expiry-aware reuse in graph/auth.py
- Add tenacity-based retry/backoff wrapper (utils/http.py) and apply to all Graph/source API calls
- Add Pydantic request/response models (models/api.py) and FastAPI query constraints
- Add unit tests for event_model, auth and integration tests for API endpoints
- Configure ruff linter/formatter in pyproject.toml
- Add GitHub Actions CI pipeline (.github/workflows/ci.yml)
- Add requirements-dev.txt with pytest, mongomock, httpx, ruff
- Clean up typing imports and fix ruff linting across codebase

backend/sources/intune_audit.py

@@ -1,11 +1,10 @@
-import requests
 from datetime import datetime, timedelta
-from typing import List
 
 from graph.auth import get_access_token
+from utils.http import get_with_retry
 
 
-def fetch_intune_audit(hours: int = 24, max_pages: int = 50) -> List[dict]:
+def fetch_intune_audit(hours: int = 24, max_pages: int = 50) -> list[dict]:
     """
     Fetch Intune audit events via Microsoft Graph.
     Requires Intune audit permissions (e.g., DeviceManagementConfiguration.Read.All).
@@ -24,13 +23,13 @@ def fetch_intune_audit(hours: int = 24, max_pages: int = 50) -> List[dict]:
         if pages >= max_pages:
             raise RuntimeError(f"Aborting Intune pagination after {max_pages} pages.")
         try:
-            res = requests.get(url, headers=headers, timeout=20)
+            res = get_with_retry(url, headers=headers, timeout=20)
             res.raise_for_status()
             body = res.json()
-        except requests.RequestException as exc:
+        except RuntimeError:
+            raise
+        except Exception as exc:
             raise RuntimeError(f"Failed to fetch Intune audit logs: {exc}") from exc
-        except ValueError as exc:
-            raise RuntimeError(f"Invalid Intune response JSON: {exc}") from exc
 
         events.extend(body.get("value", []))
         url = body.get("@odata.nextLink")