first

2025-07-11 20:22:12 +05:00
commit 8c74b0e23f
120 changed files with 206874 additions and 0 deletions
--- a/quality-assurance-report.json
+++ b/quality-assurance-report.json
@@ -0,0 +1,154 @@
+{
+  "timestamp": "2025-07-08T21:51:41.326Z",
+  "summary": {
+    "hipaaCompliance": {
+      "status": "NEEDS_ATTENTION",
+      "violations": 10
+    },
+    "authentication": {
+      "status": "NEEDS_ATTENTION",
+      "issues": 8
+    },
+    "parameterAccuracy": {
+      "status": "PASS",
+      "accuracy": "90.0%",
+      "checkedEndpoints": 10,
+      "accurateEndpoints": 9
+    }
+  },
+  "issues": {
+    "hipaaViolations": [
+      {
+        "type": "HIPAA_VIOLATION",
+        "path": "/api/emr/provider-register",
+        "issue": "Clinical endpoint in PUBLIC category may violate HIPAA",
+        "recommendation": "Move to PROVIDER or PATIENT category"
+      },
+      {
+        "type": "HIPAA_VIOLATION",
+        "path": "/api/emr/set-password",
+        "issue": "Clinical endpoint in PUBLIC category may violate HIPAA",
+        "recommendation": "Move to PROVIDER or PATIENT category"
+      },
+      {
+        "type": "HIPAA_VIOLATION",
+        "path": "/api/emr/provider/reset-password",
+        "issue": "Clinical endpoint in PUBLIC category may violate HIPAA",
+        "recommendation": "Move to PROVIDER or PATIENT category"
+      },
+      {
+        "type": "HIPAA_VIOLATION",
+        "path": "/api/patient/refresh-token",
+        "issue": "Clinical endpoint in PUBLIC category may violate HIPAA",
+        "recommendation": "Move to PROVIDER or PATIENT category"
+      },
+      {
+        "type": "HIPAA_VIOLATION",
+        "path": "/api/patient/available-slots/{date}",
+        "issue": "Clinical endpoint in PUBLIC category may violate HIPAA",
+        "recommendation": "Move to PROVIDER or PATIENT category"
+      },
+      {
+        "type": "HIPAA_VIOLATION",
+        "path": "/api/patient/available-slots/{date}",
+        "issue": "Clinical endpoint in PUBLIC category may violate HIPAA",
+        "recommendation": "Move to PROVIDER or PATIENT category"
+      },
+      {
+        "type": "HIPAA_VIOLATION",
+        "path": "/api/appointment/verify/{appointmentId}",
+        "issue": "Clinical endpoint in PUBLIC category may violate HIPAA",
+        "recommendation": "Move to PROVIDER or PATIENT category"
+      },
+      {
+        "type": "HIPAA_VIOLATION",
+        "path": "/api/appointment-participants/{appointmentId}",
+        "issue": "Clinical endpoint in PUBLIC category may violate HIPAA",
+        "recommendation": "Move to PROVIDER or PATIENT category"
+      },
+      {
+        "type": "HIPAA_VIOLATION",
+        "path": "/api/get/document/{userId}/{rowId}/{key}",
+        "issue": "Clinical endpoint in PUBLIC category may violate HIPAA",
+        "recommendation": "Move to PROVIDER or PATIENT category"
+      },
+      {
+        "type": "HIPAA_VIOLATION",
+        "path": "/api/get/document/{userId}/{rowId}/{key}",
+        "issue": "Clinical endpoint in PUBLIC category may violate HIPAA",
+        "recommendation": "Move to PROVIDER or PATIENT category"
+      }
+    ],
+    "authIssues": [
+      {
+        "type": "AUTH_MISMATCH",
+        "path": "/api/emr/provider-register",
+        "currentAuth": "PUBLIC",
+        "expectedAuth": "PROVIDER",
+        "issue": "Sensitive endpoint should require PROVIDER authentication"
+      },
+      {
+        "type": "AUTH_MISMATCH",
+        "path": "/api/emr/set-password",
+        "currentAuth": "PUBLIC",
+        "expectedAuth": "PROVIDER",
+        "issue": "Sensitive endpoint should require PROVIDER authentication"
+      },
+      {
+        "type": "AUTH_MISMATCH",
+        "path": "/api/emr/provider/forgot-password",
+        "currentAuth": "PUBLIC",
+        "expectedAuth": "PROVIDER",
+        "issue": "Sensitive endpoint should require PROVIDER authentication"
+      },
+      {
+        "type": "AUTH_MISMATCH",
+        "path": "/api/emr/provider/reset-password",
+        "currentAuth": "PUBLIC",
+        "expectedAuth": "PROVIDER",
+        "issue": "Sensitive endpoint should require PROVIDER authentication"
+      },
+      {
+        "type": "AUTH_MISMATCH",
+        "path": "/api/patient/refresh-token",
+        "currentAuth": "PUBLIC",
+        "expectedAuth": "PATIENT",
+        "issue": "Sensitive endpoint should require PATIENT authentication"
+      },
+      {
+        "type": "AUTH_MISMATCH",
+        "path": "/api/patient/available-slots/{date}",
+        "currentAuth": "PUBLIC",
+        "expectedAuth": "PATIENT",
+        "issue": "Sensitive endpoint should require PATIENT authentication"
+      },
+      {
+        "type": "AUTH_MISMATCH",
+        "path": "/api/patient/available-slots/{date}",
+        "currentAuth": "PUBLIC",
+        "expectedAuth": "PATIENT",
+        "issue": "Sensitive endpoint should require PATIENT authentication"
+      },
+      {
+        "type": "AUTH_MISMATCH",
+        "path": "/api/affiliate/set-password",
+        "currentAuth": "PUBLIC",
+        "expectedAuth": "AFFILIATE",
+        "issue": "Sensitive endpoint should require AFFILIATE authentication"
+      }
+    ],
+    "parameterIssues": []
+  },
+  "recommendations": [
+    {
+      "priority": "HIGH",
+      "category": "HIPAA Compliance",
+      "action": "Review and recategorize 10 endpoints that may violate HIPAA requirements"
+    },
+    {
+      "priority": "HIGH",
+      "category": "Authentication",
+      "action": "Fix authentication requirements for 8 sensitive endpoints"
+    }
+  ]
+}