Add comprehensive edge case testing to smoke tests

Implemented 12 categories of edge case tests with opt-out model
(all tests enabled by default, can be individually skipped).

Test Categories Added:
1. Database Resilience - connection handling, reconnection, timeouts
2. Authentication Edge Cases - expired tokens, invalid formats, rate limiting
3. Data Persistence - verify data survives service restarts
4. CORS Configuration - explicit CORS header validation (was warning)
5. Error Response Validation - 400/404/401/403/500 handling
6. Service Dependency Handling - graceful degradation when deps fail
7. File Operations - Minio upload/download/concurrent operations
8. Concurrent Operations - race conditions, optimistic locking
9. Resource Cleanup - cascading deletes, orphaned data prevention
10. API Versioning - version compatibility, deprecation headers
11. Security Validation - SQL injection, XSS, path traversal protection
12. Session Management - expiration, secure flags, invalidation

Features:
- Opt-out model: All tests run by default
- 12 skip flags: --skip-database-resilience, --skip-auth-edge-cases, etc.
- Smart execution: Edge cases only run if core tests pass
- Color-coded output: ✓ passed, ✗ failed, ○ skipped
- Graceful cleanup: Services restarted after dependency tests
- Non-destructive: Test data cleaned up after each category

Scripts Updated:
- scripts/test-alpha.sh: Added all 12 test functions for local testing
- scripts/test-beta.sh: Added K8s-adapted versions for beta cluster

Documentation Updated:
- docs/TESTING.md: Comprehensive edge case test documentation
- docs/PRE_COMMIT.md: Pre-commit guidance with skip flag examples

Usage:
  ./scripts/test-alpha.sh                    # All tests (default)
  ./scripts/test-alpha.sh --skip-concurrent-tests --skip-security-tests
  ./scripts/test-beta.sh                     # All tests via K8s + ALB
  ./scripts/test-beta.sh --skip-dependency-tests

Impact: Catches database issues, auth vulnerabilities, data loss,
CORS misconfig, poor error handling, dependency failures, file bugs,
race conditions, orphaned data, API breaks, security vulns, and
session bugs before they reach production.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

Author: PenguinzTech

docs/PRE_COMMIT.md

@@ -155,6 +155,45 @@ Before committing changes to container services:
 - **Run before commit**: Each test script should be executable and pass completely
 - **Test coverage**: Health checks, authentication, CRUD operations, error cases
 
+## Smoke Tests
+
+Before committing, run smoke tests to verify basic functionality:
+
+```bash
+# Run all smoke tests
+./scripts/test-alpha.sh
+
+# Quick smoke test with minimal edge cases (faster iteration)
+./scripts/test-alpha.sh --skip-concurrent-tests --skip-security-tests --skip-database-resilience
+```
+
+Smoke tests verify:
+- Build success for all containers
+- Runtime health checks for all services
+- API health endpoint validation
+- Web UI page and tab load verification
+
+**Edge Case Tests**: The smoke test scripts now include 12 categories of edge case tests (database resilience, auth edge cases, data persistence, CORS, error handling, service dependencies, file operations, concurrent operations, resource cleanup, API versioning, security validation, and session management). All are enabled by default but can be skipped individually with `--skip-*` flags.
+
+For faster pre-commit checks during development iteration, you can selectively skip non-critical edge case tests:
+
+```bash
+# Quick smoke test with minimal edge cases - good for rapid iteration
+./scripts/test-alpha.sh --skip-concurrent-tests --skip-security-tests --skip-database-resilience
+```
+
+For comprehensive validation before important commits (e.g., merging to main, releases), run all tests:
+
+```bash
+# Full smoke test with all edge cases - run before important commits
+./scripts/test-alpha.sh
+```
+
+**Recommended Workflow**:
+- During feature development: Use quick smoke test (`--skip-*` flags) for rapid feedback
+- Before pull requests: Run full smoke test with all edge cases
+- Before releases: Run full smoke test to ensure robustness
+
 ## Screenshot Requirements
 
 For UI changes:

docs/TESTING.md

@@ -11,6 +11,9 @@ Comprehensive testing documentation for IceCharts backend and frontend services.
 - [Running Tests Locally](#running-tests-locally)
 - [Test Coverage](#test-coverage)
 - [Best Practices](#best-practices)
+- [Smoke Tests](#smoke-tests)
+- [Edge Case Tests](#edge-case-tests)
+- [Troubleshooting](#troubleshooting)
 
 ## Overview
 
@@ -604,6 +607,182 @@ def test_heavy_operation(self):
 pytest tests/ -m "not slow"
 ```
 
+## Smoke Tests
+
+Smoke tests provide rapid validation of core functionality before more comprehensive testing. They verify that the application builds, runs, and responds to basic requests.
+
+### Running Smoke Tests
+
+```bash
+# Run all smoke tests
+make smoke-test
+
+# Or manually
+./tests/smoke/run-all.sh
+```
+
+### Smoke Test Coverage
+
+Smoke tests verify:
+- **Build verification**: All containers build successfully
+- **Runtime health checks**: Services start and remain healthy
+- **API health endpoints**: Health check endpoints respond
+- **Web UI page loads**: Frontend renders without errors
+- **Tab load verification**: Core UI tabs load correctly
+
+## Edge Case Tests
+
+### Overview
+
+The test suite includes comprehensive edge case testing to catch production issues before deployment. All edge case tests are enabled by default using an opt-out model, meaning they run unless explicitly skipped.
+
+### Test Categories
+
+The edge case test suite covers 12 critical categories:
+
+1. **Database Resilience**
+   - Connection pool exhaustion recovery
+   - Transaction rollback handling
+   - Connection timeout recovery
+   - Database constraint violation handling
+
+2. **Authentication Edge Cases**
+   - Expired token handling
+   - Invalid token format validation
+   - Token refresh failures
+   - Concurrent authentication requests
+   - Session timeout behavior
+
+3. **Data Persistence**
+   - Concurrent write conflicts
+   - Data integrity across service restarts
+   - Partial write recovery
+   - Data synchronization between services
+
+4. **CORS Configuration**
+   - Cross-origin request validation
+   - Preflight request handling
+   - Credential inclusion in cross-origin requests
+   - Origin whitelist enforcement
+
+5. **Error Response Validation**
+   - Proper HTTP status codes
+   - Error message consistency
+   - Stack trace sanitization (no sensitive info leaks)
+   - Error response format validation
+
+6. **Service Dependency Handling**
+   - Database unavailability fallback
+   - Cache service failures
+   - External API timeouts
+   - Graceful service degradation
+
+7. **File Operations (Minio)**
+   - File upload size limits
+   - Concurrent file operations
+   - Storage quota enforcement
+   - File deletion and cleanup
+   - Corrupted file handling
+
+8. **Concurrent Operations**
+   - Race condition prevention
+   - Concurrent user operations
+   - Concurrent drawing modifications
+   - Lock timeout handling
+
+9. **Resource Cleanup**
+   - Connection pool cleanup
+   - Memory leak prevention
+   - Temporary file cleanup
+   - Session cleanup on logout
+
+10. **API Versioning**
+    - Version-specific endpoint behavior
+    - Backward compatibility across versions
+    - Deprecation header presence
+    - Migration path validation
+
+11. **Security Validation**
+    - SQL injection prevention
+    - XSS payload handling
+    - CSRF token validation
+    - Rate limiting enforcement
+    - Authorization bypass prevention
+
+12. **Session Management**
+    - Multiple concurrent sessions per user
+    - Session invalidation on logout
+    - Session timeout enforcement
+    - Session data integrity
+
+### Running Edge Case Tests
+
+All edge case tests are enabled by default:
+
+```bash
+# Run all edge case tests
+./tests/edge-cases/run-all.sh
+
+# Or with make target
+make test-edge-cases
+```
+
+### Skipping Specific Test Categories
+
+Use `--skip-*` flags to exclude specific test categories:
+
+```bash
+# Skip database resilience tests
+./tests/edge-cases/run-all.sh --skip-database-resilience
+
+# Skip multiple categories
+./tests/edge-cases/run-all.sh --skip-auth-edge-cases --skip-cors
+
+# Skip file operations and concurrent tests
+./tests/edge-cases/run-all.sh --skip-file-operations --skip-concurrent
+
+# View all available skip flags
+./tests/edge-cases/run-all.sh --help
+```
+
+### Examples
+
+**Run all tests except database-related ones:**
+```bash
+./tests/edge-cases/run-all.sh --skip-database-resilience --skip-data-persistence
+```
+
+**Run only security and authentication tests:**
+```bash
+./tests/edge-cases/run-all.sh \
+  --skip-file-operations \
+  --skip-concurrent \
+  --skip-resource-cleanup \
+  --skip-service-dependency \
+  --skip-cors \
+  --skip-error-response \
+  --skip-api-versioning \
+  --skip-session-management
+```
+
+**Run tests with verbose output:**
+```bash
+./tests/edge-cases/run-all.sh -v
+```
+
+**Run tests and generate HTML report:**
+```bash
+./tests/edge-cases/run-all.sh --html=edge-case-report.html
+```
+
+### Integration with CI/CD
+
+Edge case tests are part of the automated pipeline:
+- Run on every push to `main` and `develop` branches
+- Run on all pull requests
+- Can be skipped in CI with environment variable: `SKIP_EDGE_CASES=true`
+- Results included in test summary reports
+
 ## Troubleshooting
 
 ### Flask Tests