feat(gateway): validate FhirClient against Epic FHIR sandbox

[rsalus]

Note for implementers: The design outlined here is a guideline, not a strict specification. Feel free to pivot from the suggested approach if you discover a better solution during implementation. Update the issue with your rationale when deviating significantly.

Summary

Validate the ported FhirClient and FhirHttpClient code against Epic's FHIR sandbox.

Context

FHIR client code is implemented but not validated against a live Epic sandbox. This validates:

1. Authentication flow works
2. All FHIR queries used by FhirDataAggregator work
3. DocumentReference creation (write-back) works
4. Epic-specific quirks are documented

Validation Tasks

Authentication

• Configure OAuth client credentials
• Obtain access token from Epic
• Document token lifetime

Patient Operations

• GET /Patient/{id} - demographics
• GET /Patient?identifier={mrn} - search

Clinical Data (used by FhirDataAggregator)

• GET /Condition?patient={id}&clinical-status=active
• GET /Observation?patient={id}&category=laboratory&date=ge{date}
• GET /Procedure?patient={id}&date=ge{date}

Documents

• GET /DocumentReference?patient={id}&status=current
• POST /DocumentReference - upload PA form

Error Handling

• Test 401, 404, 422 responses

Files Under Validation

File	Purpose
apps/gateway/Gateway.API/Services/FhirClient.cs	High-level FHIR ops
apps/gateway/Gateway.API/Services/Fhir/FhirHttpClient.cs	Low-level HTTP
apps/gateway/Gateway.API/Services/FhirDataAggregator.cs	Parallel queries

Design References

• §3.3 Authentication Flow
• §3.4 FHIR Queries
• Appendix A: Epic URLs