first

2025-07-11 20:22:12 +05:00
commit 8c74b0e23f
120 changed files with 206874 additions and 0 deletions
--- a/tests/error-handling/api-network-errors.test.js
+++ b/tests/error-handling/api-network-errors.test.js
@@ -0,0 +1,603 @@
+/**
+ * @fileoverview Tests for API and network error handling
+ * Tests network failures, API errors, timeout scenarios, and resilience patterns
+ */
+
+import { describe, test, expect, beforeEach, afterEach } from '@jest/globals';
+import { mockFactory } from '../mocks/mockFactory.js';
+
+describe('API and Network Error Handling Tests', () => {
+  let mockEnv;
+  let toolGenerator;
+
+  beforeEach(() => {
+    mockEnv = mockFactory.createMockEnvironment({
+      authTypes: ['provider', 'patient'],
+      enableHttpMocks: true,
+      enableAuthMocks: true
+    });
+
+    toolGenerator = mockEnv.toolGenerator;
+    
+    // Setup authentication
+    mockFactory.authMocks.setMockCredentials('provider', {
+      username: 'test_provider',
+      password: 'test_password'
+    });
+  });
+
+  afterEach(() => {
+    mockFactory.resetAllMocks();
+  });
+
+  describe('Network Connectivity Issues', () => {
+    test('should handle network timeout errors', async () => {
+      const toolName = 'provider_create_getPatientInfo';
+      const parameters = {
+        patientId: 123
+      };
+
+      // Mock network timeout
+      mockFactory.httpMocks.mockRequest('POST', '/api/get-patient-info/123', null, true, {
+        code: 'ECONNABORTED',
+        message: 'timeout of 5000ms exceeded',
+        config: {
+          timeout: 5000,
+          url: '/api/get-patient-info/123',
+          method: 'post'
+        }
+      });
+
+      try {
+        await toolGenerator.executeTool(toolName, parameters);
+        fail('Expected timeout error');
+      } catch (error) {
+        expect(error.code).toBe('ECONNABORTED');
+        expect(error.message).toContain('timeout');
+      }
+    });
+
+    test('should handle connection refused errors', async () => {
+      const toolName = 'provider_create_emrregisterPatient';
+      const parameters = {
+        firstName: 'John',
+        lastName: 'Doe',
+        email: 'john@test.com',
+        dateOfBirth: '1990-01-01'
+      };
+
+      // Mock connection refused
+      mockFactory.httpMocks.mockRequest('POST', '/api/emr/register-patients', null, true, {
+        code: 'ECONNREFUSED',
+        message: 'connect ECONNREFUSED 127.0.0.1:80',
+        errno: -61,
+        syscall: 'connect',
+        address: '127.0.0.1',
+        port: 80
+      });
+
+      try {
+        await toolGenerator.executeTool(toolName, parameters);
+        fail('Expected connection refused error');
+      } catch (error) {
+        expect(error.code).toBe('ECONNREFUSED');
+        expect(error.message).toContain('ECONNREFUSED');
+      }
+    });
+
+    test('should handle DNS resolution failures', async () => {
+      const toolName = 'provider_create_addVital';
+      const parameters = {
+        patientId: 123,
+        provider_id: 456,
+        blood_presssure: '120/80'
+      };
+
+      // Mock DNS failure
+      mockFactory.httpMocks.mockRequest('POST', '/api/add-vital/123', null, true, {
+        code: 'ENOTFOUND',
+        message: 'getaddrinfo ENOTFOUND api.healthcare.com',
+        errno: -3008,
+        syscall: 'getaddrinfo',
+        hostname: 'api.healthcare.com'
+      });
+
+      try {
+        await toolGenerator.executeTool(toolName, parameters);
+        fail('Expected DNS error');
+      } catch (error) {
+        expect(error.code).toBe('ENOTFOUND');
+        expect(error.message).toContain('ENOTFOUND');
+      }
+    });
+
+    test('should handle SSL/TLS certificate errors', async () => {
+      const toolName = 'provider_create_prescriptionstore';
+      const parameters = {
+        patient_id: 'patient_123',
+        medication_data: {
+          medication_name: 'Lisinopril',
+          strength: '10mg'
+        }
+      };
+
+      // Mock SSL certificate error
+      mockFactory.httpMocks.mockRequest('POST', '/api/emr/prescription/store/patient_123', null, true, {
+        code: 'CERT_UNTRUSTED',
+        message: 'certificate verify failed: self signed certificate',
+        errno: -67,
+        syscall: 'connect'
+      });
+
+      try {
+        await toolGenerator.executeTool(toolName, parameters);
+        fail('Expected SSL certificate error');
+      } catch (error) {
+        expect(error.code).toBe('CERT_UNTRUSTED');
+        expect(error.message).toContain('certificate verify failed');
+      }
+    });
+  });
+
+  describe('HTTP Status Code Errors', () => {
+    test('should handle 400 Bad Request errors', async () => {
+      const toolName = 'provider_create_emrregisterPatient';
+      const parameters = {
+        firstName: 'John',
+        lastName: 'Doe',
+        email: 'invalid-email', // Invalid email format
+        dateOfBirth: '1990-01-01'
+      };
+
+      // Mock bad request
+      mockFactory.httpMocks.mockRequest('POST', '/api/emr/register-patients', null, true, {
+        response: {
+          status: 400,
+          data: {
+            error: 'Bad Request',
+            error_code: 'VALIDATION_ERROR',
+            message: 'Request validation failed',
+            validation_errors: [
+              {
+                field: 'email',
+                message: 'Invalid email format',
+                code: 'INVALID_EMAIL'
+              }
+            ],
+            request_id: 'req_123'
+          }
+        }
+      });
+
+      try {
+        await toolGenerator.executeTool(toolName, parameters);
+        fail('Expected bad request error');
+      } catch (error) {
+        expect(error.response.status).toBe(400);
+        expect(error.response.data.error_code).toBe('VALIDATION_ERROR');
+        expect(error.response.data.validation_errors[0].field).toBe('email');
+      }
+    });
+
+    test('should handle 404 Not Found errors', async () => {
+      const toolName = 'provider_create_getPatientInfo';
+      const parameters = {
+        patientId: 999999 // Non-existent patient
+      };
+
+      // Mock not found
+      mockFactory.httpMocks.mockRequest('POST', '/api/get-patient-info/999999', null, true, {
+        response: {
+          status: 404,
+          data: {
+            error: 'Not Found',
+            error_code: 'PATIENT_NOT_FOUND',
+            message: 'Patient with ID 999999 not found',
+            resource_type: 'patient',
+            resource_id: 999999,
+            suggestions: [
+              'Verify patient ID is correct',
+              'Check if patient exists in system',
+              'Contact system administrator'
+            ]
+          }
+        }
+      });
+
+      try {
+        await toolGenerator.executeTool(toolName, parameters);
+        fail('Expected not found error');
+      } catch (error) {
+        expect(error.response.status).toBe(404);
+        expect(error.response.data.error_code).toBe('PATIENT_NOT_FOUND');
+        expect(error.response.data.suggestions).toContain('Verify patient ID is correct');
+      }
+    });
+
+    test('should handle 409 Conflict errors', async () => {
+      const toolName = 'provider_create_emrregisterPatient';
+      const parameters = {
+        firstName: 'John',
+        lastName: 'Doe',
+        email: 'existing@test.com', // Email already exists
+        dateOfBirth: '1990-01-01'
+      };
+
+      // Mock conflict
+      mockFactory.httpMocks.mockRequest('POST', '/api/emr/register-patients', null, true, {
+        response: {
+          status: 409,
+          data: {
+            error: 'Conflict',
+            error_code: 'PATIENT_ALREADY_EXISTS',
+            message: 'Patient with email existing@test.com already exists',
+            conflicting_resource: {
+              type: 'patient',
+              id: 'patient_456',
+              email: 'existing@test.com'
+            },
+            resolution_options: [
+              'use_existing_patient',
+              'update_existing_patient',
+              'use_different_email'
+            ]
+          }
+        }
+      });
+
+      try {
+        await toolGenerator.executeTool(toolName, parameters);
+        fail('Expected conflict error');
+      } catch (error) {
+        expect(error.response.status).toBe(409);
+        expect(error.response.data.error_code).toBe('PATIENT_ALREADY_EXISTS');
+        expect(error.response.data.resolution_options).toContain('use_existing_patient');
+      }
+    });
+
+    test('should handle 422 Unprocessable Entity errors', async () => {
+      const toolName = 'provider_create_addVital';
+      const parameters = {
+        patientId: 123,
+        provider_id: 456,
+        blood_presssure: '300/200', // Invalid vital signs
+        temperature: 150 // Invalid temperature
+      };
+
+      // Mock unprocessable entity
+      mockFactory.httpMocks.mockRequest('POST', '/api/add-vital/123', null, true, {
+        response: {
+          status: 422,
+          data: {
+            error: 'Unprocessable Entity',
+            error_code: 'INVALID_VITAL_SIGNS',
+            message: 'Vital signs values are outside acceptable ranges',
+            validation_errors: [
+              {
+                field: 'blood_presssure',
+                value: '300/200',
+                message: 'Blood pressure values are dangerously high',
+                acceptable_range: '80/50 - 200/120'
+              },
+              {
+                field: 'temperature',
+                value: 150,
+                message: 'Temperature value is not physiologically possible',
+                acceptable_range: '95.0 - 110.0 °F'
+              }
+            ],
+            clinical_review_required: true
+          }
+        }
+      });
+
+      try {
+        await toolGenerator.executeTool(toolName, parameters);
+        fail('Expected unprocessable entity error');
+      } catch (error) {
+        expect(error.response.status).toBe(422);
+        expect(error.response.data.error_code).toBe('INVALID_VITAL_SIGNS');
+        expect(error.response.data.clinical_review_required).toBe(true);
+      }
+    });
+
+    test('should handle 500 Internal Server Error', async () => {
+      const toolName = 'provider_create_medicalRecordscreate';
+      const parameters = {
+        patient_id: 'patient_123',
+        record_type: 'progress_note',
+        diagnosis: 'Test diagnosis'
+      };
+
+      // Mock internal server error
+      mockFactory.httpMocks.mockRequest('POST', '/api/emr/medical-records/create', null, true, {
+        response: {
+          status: 500,
+          data: {
+            error: 'Internal Server Error',
+            error_code: 'SERVER_ERROR',
+            message: 'An unexpected error occurred while processing your request',
+            incident_id: 'INC_001',
+            timestamp: new Date().toISOString(),
+            support_contact: 'support@healthcare.com',
+            retry_recommended: true,
+            retry_after: 300 // 5 minutes
+          }
+        }
+      });
+
+      try {
+        await toolGenerator.executeTool(toolName, parameters);
+        fail('Expected internal server error');
+      } catch (error) {
+        expect(error.response.status).toBe(500);
+        expect(error.response.data.error_code).toBe('SERVER_ERROR');
+        expect(error.response.data.retry_recommended).toBe(true);
+        expect(error.response.data.incident_id).toBe('INC_001');
+      }
+    });
+
+    test('should handle 502 Bad Gateway errors', async () => {
+      const toolName = 'provider_create_labscreate';
+      const parameters = {
+        lab_data: {
+          test_type: 'CBC',
+          patient_id: 'patient_123'
+        }
+      };
+
+      // Mock bad gateway
+      mockFactory.httpMocks.mockRequest('POST', '/api/labs/create', null, true, {
+        response: {
+          status: 502,
+          data: {
+            error: 'Bad Gateway',
+            error_code: 'UPSTREAM_SERVICE_ERROR',
+            message: 'Lab service is temporarily unavailable',
+            upstream_service: 'lab_integration_service',
+            service_status: 'degraded',
+            estimated_recovery: '15 minutes',
+            alternative_actions: [
+              'retry_later',
+              'use_manual_lab_order',
+              'contact_lab_directly'
+            ]
+          }
+        }
+      });
+
+      try {
+        await toolGenerator.executeTool(toolName, parameters);
+        fail('Expected bad gateway error');
+      } catch (error) {
+        expect(error.response.status).toBe(502);
+        expect(error.response.data.error_code).toBe('UPSTREAM_SERVICE_ERROR');
+        expect(error.response.data.alternative_actions).toContain('retry_later');
+      }
+    });
+
+    test('should handle 503 Service Unavailable errors', async () => {
+      const toolName = 'provider_create_emrcreateAppointment';
+      const parameters = {
+        patient_id: 'patient_123',
+        practitioner_id: 'provider_456',
+        appointment_date: '2025-07-15',
+        appointment_time: '10:00'
+      };
+
+      // Mock service unavailable
+      mockFactory.httpMocks.mockRequest('POST', '/api/emr/create-appointment', null, true, {
+        response: {
+          status: 503,
+          data: {
+            error: 'Service Unavailable',
+            error_code: 'MAINTENANCE_MODE',
+            message: 'System is temporarily unavailable for scheduled maintenance',
+            maintenance_window: {
+              start: '2025-07-09T02:00:00Z',
+              end: '2025-07-09T04:00:00Z',
+              duration: '2 hours'
+            },
+            retry_after: 7200, // 2 hours
+            emergency_contact: 'emergency@healthcare.com',
+            status_page: 'https://status.healthcare.com'
+          }
+        }
+      });
+
+      try {
+        await toolGenerator.executeTool(toolName, parameters);
+        fail('Expected service unavailable error');
+      } catch (error) {
+        expect(error.response.status).toBe(503);
+        expect(error.response.data.error_code).toBe('MAINTENANCE_MODE');
+        expect(error.response.data.retry_after).toBe(7200);
+        expect(error.response.data.emergency_contact).toBeDefined();
+      }
+    });
+  });
+
+  describe('Data Validation and Format Errors', () => {
+    test('should handle malformed JSON responses', async () => {
+      const toolName = 'provider_create_getPatientInfo';
+      const parameters = {
+        patientId: 123
+      };
+
+      // Mock malformed JSON
+      mockFactory.httpMocks.mockRequest('POST', '/api/get-patient-info/123', {
+        status: 200,
+        data: 'invalid json response {malformed'
+      });
+
+      try {
+        await toolGenerator.executeTool(toolName, parameters);
+        fail('Expected JSON parse error');
+      } catch (error) {
+        expect(error.message).toContain('JSON');
+      }
+    });
+
+    test('should handle missing required response fields', async () => {
+      const toolName = 'provider_create_emrregisterPatient';
+      const parameters = {
+        firstName: 'John',
+        lastName: 'Doe',
+        email: 'john@test.com',
+        dateOfBirth: '1990-01-01'
+      };
+
+      // Mock incomplete response
+      mockFactory.httpMocks.mockRequest('POST', '/api/emr/register-patients', {
+        status: 201,
+        data: {
+          // Missing success field and patient data
+          message: 'Patient registered'
+        }
+      });
+
+      try {
+        await toolGenerator.executeTool(toolName, parameters);
+        fail('Expected incomplete response error');
+      } catch (error) {
+        expect(error.message).toContain('incomplete');
+      }
+    });
+
+    test('should handle unexpected response structure', async () => {
+      const toolName = 'provider_create_addVital';
+      const parameters = {
+        patientId: 123,
+        provider_id: 456,
+        blood_presssure: '120/80'
+      };
+
+      // Mock unexpected response structure
+      mockFactory.httpMocks.mockRequest('POST', '/api/add-vital/123', {
+        status: 200,
+        data: {
+          unexpected_field: 'value',
+          different_structure: true
+          // Missing expected fields
+        }
+      });
+
+      try {
+        await toolGenerator.executeTool(toolName, parameters);
+        fail('Expected unexpected response error');
+      } catch (error) {
+        expect(error.message).toContain('unexpected');
+      }
+    });
+  });
+
+  describe('Retry and Resilience Patterns', () => {
+    test('should implement exponential backoff for retries', async () => {
+      const toolName = 'provider_create_getPatientInfo';
+      const parameters = {
+        patientId: 123
+      };
+
+      // Mock temporary failure followed by success
+      let attemptCount = 0;
+      mockFactory.httpMocks.mockRequest('POST', '/api/get-patient-info/123', () => {
+        attemptCount++;
+        if (attemptCount < 3) {
+          throw {
+            response: {
+              status: 503,
+              data: { error: 'Service temporarily unavailable' }
+            }
+          };
+        }
+        return {
+          status: 200,
+          data: {
+            success: true,
+            patient: mockFactory.healthcareMocks.createHIPAACompliantData('patient', 'provider')
+          }
+        };
+      });
+
+      const result = await toolGenerator.executeTool(toolName, parameters);
+      
+      expect(result.success).toBe(true);
+      expect(attemptCount).toBe(3); // Should have retried twice before success
+    });
+
+    test('should handle circuit breaker pattern', async () => {
+      const toolName = 'provider_create_labscreate';
+      const parameters = {
+        lab_data: {
+          test_type: 'CBC',
+          patient_id: 'patient_123'
+        }
+      };
+
+      // Mock circuit breaker open
+      mockFactory.httpMocks.mockRequest('POST', '/api/labs/create', null, true, {
+        response: {
+          status: 503,
+          data: {
+            error: 'Circuit breaker open',
+            error_code: 'CIRCUIT_BREAKER_OPEN',
+            message: 'Lab service circuit breaker is open due to repeated failures',
+            circuit_state: 'open',
+            failure_count: 10,
+            failure_threshold: 5,
+            next_attempt_allowed: new Date(Date.now() + 300000).toISOString(), // 5 minutes
+            fallback_available: true,
+            fallback_action: 'manual_lab_order'
+          }
+        }
+      });
+
+      try {
+        await toolGenerator.executeTool(toolName, parameters);
+        fail('Expected circuit breaker error');
+      } catch (error) {
+        expect(error.response.status).toBe(503);
+        expect(error.response.data.error_code).toBe('CIRCUIT_BREAKER_OPEN');
+        expect(error.response.data.fallback_available).toBe(true);
+      }
+    });
+
+    test('should handle graceful degradation', async () => {
+      const toolName = 'provider_create_emrcreateAppointment';
+      const parameters = {
+        patient_id: 'patient_123',
+        practitioner_id: 'provider_456',
+        appointment_date: '2025-07-15',
+        appointment_time: '10:00'
+      };
+
+      // Mock degraded service response
+      mockFactory.httpMocks.mockRequest('POST', '/api/emr/create-appointment', {
+        status: 200,
+        data: {
+          success: true,
+          appointment: mockFactory.healthcareMocks.generateMockAppointment(),
+          service_status: 'degraded',
+          degraded_features: [
+            'email_notifications',
+            'calendar_sync',
+            'reminder_service'
+          ],
+          available_features: [
+            'appointment_creation',
+            'basic_scheduling',
+            'patient_notification'
+          ],
+          estimated_full_service_restoration: '2025-07-09T16:00:00Z'
+        }
+      });
+
+      const result = await toolGenerator.executeTool(toolName, parameters);
+      
+      expect(result.success).toBe(true);
+      expect(result.data.service_status).toBe('degraded');
+      expect(result.data.degraded_features).toContain('email_notifications');
+      expect(result.data.available_features).toContain('appointment_creation');
+    });
+  });
+});
--- a/tests/error-handling/authentication-errors.test.js
+++ b/tests/error-handling/authentication-errors.test.js
@@ -0,0 +1,554 @@
+/**
+ * @fileoverview Tests for authentication error handling and edge cases
+ * Tests authentication failures, token expiration, session management, and security scenarios
+ */
+
+import { describe, test, expect, beforeEach, afterEach } from '@jest/globals';
+import { mockFactory } from '../mocks/mockFactory.js';
+
+describe('Authentication Error Handling and Edge Cases', () => {
+  let mockEnv;
+  let toolGenerator;
+
+  beforeEach(() => {
+    mockEnv = mockFactory.createMockEnvironment({
+      authTypes: ['provider', 'patient', 'partner'],
+      enableHttpMocks: true,
+      enableAuthMocks: true
+    });
+
+    toolGenerator = mockEnv.toolGenerator;
+  });
+
+  afterEach(() => {
+    mockFactory.resetAllMocks();
+  });
+
+  describe('Authentication Failure Scenarios', () => {
+    test('should handle invalid credentials gracefully', async () => {
+      const toolName = 'provider_create_emrregisterPatient';
+      const parameters = {
+        firstName: 'John',
+        lastName: 'Doe',
+        email: 'john@test.com',
+        dateOfBirth: '1990-01-01'
+      };
+
+      // Mock authentication failure
+      mockFactory.httpMocks.mockRequest('POST', '/api/emr/register-patients', null, true, {
+        response: {
+          status: 401,
+          data: {
+            error: 'Authentication failed',
+            error_code: 'AUTH_INVALID_CREDENTIALS',
+            message: 'Invalid username or password',
+            retry_allowed: true,
+            lockout_warning: false
+          }
+        }
+      });
+
+      try {
+        await toolGenerator.executeTool(toolName, parameters);
+        fail('Expected authentication error');
+      } catch (error) {
+        expect(error.response.status).toBe(401);
+        expect(error.response.data.error_code).toBe('AUTH_INVALID_CREDENTIALS');
+        expect(error.response.data.retry_allowed).toBe(true);
+      }
+    });
+
+    test('should handle account lockout scenarios', async () => {
+      const toolName = 'public_create_login';
+      const parameters = {
+        username: 'locked_user',
+        password: 'password'
+      };
+
+      // Mock account lockout
+      mockFactory.httpMocks.mockRequest('POST', '/api/login', null, true, {
+        response: {
+          status: 423,
+          data: {
+            error: 'Account locked',
+            error_code: 'AUTH_ACCOUNT_LOCKED',
+            message: 'Account temporarily locked due to multiple failed login attempts',
+            lockout_duration: 900, // 15 minutes in seconds
+            lockout_expiry: new Date(Date.now() + 900000).toISOString(),
+            unlock_methods: ['time_expiry', 'admin_unlock', 'password_reset'],
+            failed_attempts: 5,
+            max_attempts: 5
+          }
+        }
+      });
+
+      try {
+        await toolGenerator.executeTool(toolName, parameters);
+        fail('Expected account lockout error');
+      } catch (error) {
+        expect(error.response.status).toBe(423);
+        expect(error.response.data.error_code).toBe('AUTH_ACCOUNT_LOCKED');
+        expect(error.response.data.lockout_duration).toBe(900);
+        expect(error.response.data.unlock_methods).toContain('password_reset');
+      }
+    });
+
+    test('should handle disabled account scenarios', async () => {
+      const toolName = 'patient_create_patientlogin';
+      const parameters = {
+        email: 'disabled@test.com',
+        password: 'password'
+      };
+
+      // Mock disabled account
+      mockFactory.httpMocks.mockRequest('POST', '/api/patient/login', null, true, {
+        response: {
+          status: 403,
+          data: {
+            error: 'Account disabled',
+            error_code: 'AUTH_ACCOUNT_DISABLED',
+            message: 'Account has been disabled by administrator',
+            reason: 'policy_violation',
+            contact_support: true,
+            support_contact: 'support@healthcare.com',
+            appeal_process: true
+          }
+        }
+      });
+
+      try {
+        await toolGenerator.executeTool(toolName, parameters);
+        fail('Expected account disabled error');
+      } catch (error) {
+        expect(error.response.status).toBe(403);
+        expect(error.response.data.error_code).toBe('AUTH_ACCOUNT_DISABLED');
+        expect(error.response.data.contact_support).toBe(true);
+        expect(error.response.data.appeal_process).toBe(true);
+      }
+    });
+  });
+
+  describe('Token Expiration and Session Management', () => {
+    test('should handle expired authentication tokens', async () => {
+      const toolName = 'provider_create_getPatientInfo';
+      const parameters = {
+        patientId: 123
+      };
+
+      // Mock expired token
+      mockFactory.httpMocks.mockRequest('POST', '/api/get-patient-info/123', null, true, {
+        response: {
+          status: 401,
+          data: {
+            error: 'Token expired',
+            error_code: 'AUTH_TOKEN_EXPIRED',
+            message: 'Authentication token has expired',
+            expired_at: new Date(Date.now() - 3600000).toISOString(), // 1 hour ago
+            refresh_available: true,
+            refresh_endpoint: '/api/token/refresh',
+            login_required: false
+          }
+        }
+      });
+
+      try {
+        await toolGenerator.executeTool(toolName, parameters);
+        fail('Expected token expired error');
+      } catch (error) {
+        expect(error.response.status).toBe(401);
+        expect(error.response.data.error_code).toBe('AUTH_TOKEN_EXPIRED');
+        expect(error.response.data.refresh_available).toBe(true);
+        expect(error.response.data.refresh_endpoint).toBe('/api/token/refresh');
+      }
+    });
+
+    test('should handle invalid or malformed tokens', async () => {
+      const toolName = 'provider_create_getPatientInfo';
+      const parameters = {
+        patientId: 123
+      };
+
+      // Mock invalid token
+      mockFactory.httpMocks.mockRequest('POST', '/api/get-patient-info/123', null, true, {
+        response: {
+          status: 401,
+          data: {
+            error: 'Invalid token',
+            error_code: 'AUTH_TOKEN_INVALID',
+            message: 'Authentication token is invalid or malformed',
+            token_format_error: true,
+            login_required: true,
+            security_incident: false
+          }
+        }
+      });
+
+      try {
+        await toolGenerator.executeTool(toolName, parameters);
+        fail('Expected invalid token error');
+      } catch (error) {
+        expect(error.response.status).toBe(401);
+        expect(error.response.data.error_code).toBe('AUTH_TOKEN_INVALID');
+        expect(error.response.data.token_format_error).toBe(true);
+        expect(error.response.data.login_required).toBe(true);
+      }
+    });
+
+    test('should handle concurrent session conflicts', async () => {
+      const toolName = 'patient_create_patientlogin';
+      const parameters = {
+        email: 'patient@test.com',
+        password: 'password'
+      };
+
+      // Mock concurrent session conflict
+      mockFactory.httpMocks.mockRequest('POST', '/api/patient/login', null, true, {
+        response: {
+          status: 409,
+          data: {
+            error: 'Session conflict',
+            error_code: 'AUTH_SESSION_CONFLICT',
+            message: 'Maximum concurrent sessions exceeded',
+            current_sessions: 3,
+            max_allowed_sessions: 2,
+            active_sessions: [
+              {
+                session_id: 'session_1',
+                device: 'Desktop Browser',
+                location: 'New York, NY',
+                last_activity: new Date(Date.now() - 300000).toISOString()
+              },
+              {
+                session_id: 'session_2',
+                device: 'Mobile App',
+                location: 'Boston, MA',
+                last_activity: new Date(Date.now() - 600000).toISOString()
+              }
+            ],
+            options: ['terminate_oldest_session', 'terminate_specific_session', 'upgrade_plan']
+          }
+        }
+      });
+
+      try {
+        await toolGenerator.executeTool(toolName, parameters);
+        fail('Expected session conflict error');
+      } catch (error) {
+        expect(error.response.status).toBe(409);
+        expect(error.response.data.error_code).toBe('AUTH_SESSION_CONFLICT');
+        expect(error.response.data.current_sessions).toBe(3);
+        expect(error.response.data.active_sessions).toHaveLength(2);
+        expect(error.response.data.options).toContain('terminate_oldest_session');
+      }
+    });
+
+    test('should handle session timeout scenarios', async () => {
+      const toolName = 'provider_create_addVital';
+      const parameters = {
+        patientId: 123,
+        provider_id: 456,
+        blood_presssure: '120/80'
+      };
+
+      // Mock session timeout
+      mockFactory.httpMocks.mockRequest('POST', '/api/add-vital/123', null, true, {
+        response: {
+          status: 401,
+          data: {
+            error: 'Session timeout',
+            error_code: 'AUTH_SESSION_TIMEOUT',
+            message: 'Session has timed out due to inactivity',
+            timeout_duration: 1800, // 30 minutes
+            last_activity: new Date(Date.now() - 1800000).toISOString(),
+            auto_save_available: true,
+            saved_data: {
+              form_data: parameters,
+              save_timestamp: new Date().toISOString()
+            }
+          }
+        }
+      });
+
+      try {
+        await toolGenerator.executeTool(toolName, parameters);
+        fail('Expected session timeout error');
+      } catch (error) {
+        expect(error.response.status).toBe(401);
+        expect(error.response.data.error_code).toBe('AUTH_SESSION_TIMEOUT');
+        expect(error.response.data.auto_save_available).toBe(true);
+        expect(error.response.data.saved_data.form_data).toEqual(parameters);
+      }
+    });
+  });
+
+  describe('Permission and Authorization Errors', () => {
+    test('should handle insufficient permissions', async () => {
+      const toolName = 'provider_create_emrupdateProviderProfile';
+      const parameters = {
+        firstName: 'John',
+        lastName: 'Doe'
+      };
+
+      // Mock insufficient permissions
+      mockFactory.httpMocks.mockRequest('POST', '/api/emr/update-provider-profile', null, true, {
+        response: {
+          status: 403,
+          data: {
+            error: 'Insufficient permissions',
+            error_code: 'AUTH_INSUFFICIENT_PERMISSIONS',
+            message: 'User does not have required permissions for this action',
+            required_permissions: ['update:provider_profile', 'admin:user_management'],
+            user_permissions: ['read:patient_data', 'write:patient_data'],
+            missing_permissions: ['update:provider_profile', 'admin:user_management'],
+            request_access_available: true,
+            approval_workflow: 'supervisor_approval'
+          }
+        }
+      });
+
+      try {
+        await toolGenerator.executeTool(toolName, parameters);
+        fail('Expected insufficient permissions error');
+      } catch (error) {
+        expect(error.response.status).toBe(403);
+        expect(error.response.data.error_code).toBe('AUTH_INSUFFICIENT_PERMISSIONS');
+        expect(error.response.data.missing_permissions).toContain('update:provider_profile');
+        expect(error.response.data.request_access_available).toBe(true);
+      }
+    });
+
+    test('should handle role-based access violations', async () => {
+      const toolName = 'patient_get_providerAnalytics';
+      const parameters = {
+        provider_id: 'provider_123'
+      };
+
+      // Mock role-based access violation
+      mockFactory.httpMocks.mockRequest('GET', '/api/provider-analytics/provider_123', null, true, {
+        response: {
+          status: 403,
+          data: {
+            error: 'Role-based access violation',
+            error_code: 'AUTH_ROLE_VIOLATION',
+            message: 'Patient role cannot access provider analytics',
+            user_role: 'patient',
+            required_role: 'provider',
+            allowed_roles: ['provider', 'admin', 'supervisor'],
+            resource_type: 'provider_analytics',
+            escalation_available: false
+          }
+        }
+      });
+
+      try {
+        await toolGenerator.executeTool(toolName, parameters);
+        fail('Expected role violation error');
+      } catch (error) {
+        expect(error.response.status).toBe(403);
+        expect(error.response.data.error_code).toBe('AUTH_ROLE_VIOLATION');
+        expect(error.response.data.user_role).toBe('patient');
+        expect(error.response.data.required_role).toBe('provider');
+        expect(error.response.data.escalation_available).toBe(false);
+      }
+    });
+
+    test('should handle cross-tenant data access violations', async () => {
+      const toolName = 'provider_create_getPatientInfo';
+      const parameters = {
+        patientId: 999 // Patient from different organization
+      };
+
+      // Mock cross-tenant violation
+      mockFactory.httpMocks.mockRequest('POST', '/api/get-patient-info/999', null, true, {
+        response: {
+          status: 403,
+          data: {
+            error: 'Cross-tenant access violation',
+            error_code: 'AUTH_CROSS_TENANT_VIOLATION',
+            message: 'Cannot access patient data from different organization',
+            user_organization: 'org_123',
+            patient_organization: 'org_456',
+            data_sharing_agreement: false,
+            hipaa_violation_risk: true,
+            audit_logged: true
+          }
+        }
+      });
+
+      try {
+        await toolGenerator.executeTool(toolName, parameters);
+        fail('Expected cross-tenant violation error');
+      } catch (error) {
+        expect(error.response.status).toBe(403);
+        expect(error.response.data.error_code).toBe('AUTH_CROSS_TENANT_VIOLATION');
+        expect(error.response.data.hipaa_violation_risk).toBe(true);
+        expect(error.response.data.audit_logged).toBe(true);
+      }
+    });
+  });
+
+  describe('Security Incident Handling', () => {
+    test('should handle suspicious activity detection', async () => {
+      const toolName = 'provider_create_getPatientInfo';
+      const parameters = {
+        patientId: 123
+      };
+
+      // Mock suspicious activity detection
+      mockFactory.httpMocks.mockRequest('POST', '/api/get-patient-info/123', null, true, {
+        response: {
+          status: 429,
+          data: {
+            error: 'Suspicious activity detected',
+            error_code: 'SECURITY_SUSPICIOUS_ACTIVITY',
+            message: 'Unusual access patterns detected, temporary restriction applied',
+            detection_triggers: [
+              'rapid_successive_requests',
+              'unusual_access_time',
+              'geographic_anomaly'
+            ],
+            restriction_duration: 3600, // 1 hour
+            security_review_required: true,
+            incident_id: 'SEC_001',
+            contact_security: true
+          }
+        }
+      });
+
+      try {
+        await toolGenerator.executeTool(toolName, parameters);
+        fail('Expected suspicious activity error');
+      } catch (error) {
+        expect(error.response.status).toBe(429);
+        expect(error.response.data.error_code).toBe('SECURITY_SUSPICIOUS_ACTIVITY');
+        expect(error.response.data.detection_triggers).toContain('rapid_successive_requests');
+        expect(error.response.data.security_review_required).toBe(true);
+      }
+    });
+
+    test('should handle potential data breach scenarios', async () => {
+      const toolName = 'provider_bulk_patientExport';
+      const parameters = {
+        patient_ids: Array.from({length: 500}, (_, i) => i + 1),
+        export_format: 'csv'
+      };
+
+      // Mock potential breach detection
+      mockFactory.httpMocks.mockRequest('POST', '/api/bulk-export-patients', null, true, {
+        response: {
+          status: 403,
+          data: {
+            error: 'Potential data breach detected',
+            error_code: 'SECURITY_BREACH_RISK',
+            message: 'Large data export request flagged for security review',
+            risk_factors: [
+              'bulk_export_threshold_exceeded',
+              'unusual_user_behavior',
+              'sensitive_data_included'
+            ],
+            requested_records: 500,
+            threshold: 100,
+            automatic_block: true,
+            incident_reported: true,
+            incident_id: 'BREACH_001',
+            required_approvals: ['security_officer', 'privacy_officer', 'ciso']
+          }
+        }
+      });
+
+      try {
+        await toolGenerator.executeTool(toolName, parameters);
+        fail('Expected breach risk error');
+      } catch (error) {
+        expect(error.response.status).toBe(403);
+        expect(error.response.data.error_code).toBe('SECURITY_BREACH_RISK');
+        expect(error.response.data.automatic_block).toBe(true);
+        expect(error.response.data.required_approvals).toContain('security_officer');
+      }
+    });
+
+    test('should handle compromised account scenarios', async () => {
+      const toolName = 'provider_create_updatePassword';
+      const parameters = {
+        new_password: 'newpassword123'
+      };
+
+      // Mock compromised account detection
+      mockFactory.httpMocks.mockRequest('POST', '/api/update-password', null, true, {
+        response: {
+          status: 423,
+          data: {
+            error: 'Account potentially compromised',
+            error_code: 'SECURITY_ACCOUNT_COMPROMISED',
+            message: 'Account locked due to potential security compromise',
+            compromise_indicators: [
+              'login_from_suspicious_location',
+              'password_in_breach_database',
+              'unusual_activity_pattern'
+            ],
+            immediate_actions_taken: [
+              'account_locked',
+              'sessions_terminated',
+              'security_team_notified'
+            ],
+            recovery_process: {
+              identity_verification_required: true,
+              password_reset_mandatory: true,
+              security_questions_required: true,
+              admin_approval_needed: true
+            },
+            incident_id: 'COMP_001'
+          }
+        }
+      });
+
+      try {
+        await toolGenerator.executeTool(toolName, parameters);
+        fail('Expected compromised account error');
+      } catch (error) {
+        expect(error.response.status).toBe(423);
+        expect(error.response.data.error_code).toBe('SECURITY_ACCOUNT_COMPROMISED');
+        expect(error.response.data.immediate_actions_taken).toContain('account_locked');
+        expect(error.response.data.recovery_process.identity_verification_required).toBe(true);
+      }
+    });
+  });
+
+  describe('Rate Limiting and Throttling', () => {
+    test('should handle rate limit exceeded scenarios', async () => {
+      const toolName = 'public_create_checkEmail';
+      const parameters = {
+        email: 'test@test.com'
+      };
+
+      // Mock rate limit exceeded
+      mockFactory.httpMocks.mockRequest('POST', '/api/check-email', null, true, {
+        response: {
+          status: 429,
+          data: {
+            error: 'Rate limit exceeded',
+            error_code: 'RATE_LIMIT_EXCEEDED',
+            message: 'Too many requests, please try again later',
+            limit: 100,
+            window: 3600, // 1 hour
+            remaining: 0,
+            reset_time: new Date(Date.now() + 3600000).toISOString(),
+            retry_after: 3600,
+            rate_limit_type: 'user_based'
+          }
+        }
+      });
+
+      try {
+        await toolGenerator.executeTool(toolName, parameters);
+        fail('Expected rate limit error');
+      } catch (error) {
+        expect(error.response.status).toBe(429);
+        expect(error.response.data.error_code).toBe('RATE_LIMIT_EXCEEDED');
+        expect(error.response.data.limit).toBe(100);
+        expect(error.response.data.remaining).toBe(0);
+        expect(error.response.data.retry_after).toBe(3600);
+      }
+    });
+  });
+});