fix(message): resolve Phase 5-6 audit findings

- Add missing version column to all message tables (migration + entities)
- Replace N+1 mark_all_read loop with single batch UPDATE query
- Fix NotificationList infinite re-render (extract queryFilter to stable ref)
- Fix NotificationPreferences dynamic import and remove unused Dayjs type
- Add Semaphore (max 8) to event listener for backpressure control
- Add /docs/openapi.json endpoint for API documentation
- Add permission check to unread_count handler
- Add version: Set(1) to all ActiveModel inserts

crates/erp-message/src/entity/message.rs

@@ -36,6 +36,7 @@ pub struct Model {
     pub updated_by: Uuid,
     #[serde(skip_serializing_if = "Option::is_none")]
     pub deleted_at: Option<DateTimeUtc>,
+    pub version: i32,
 }
 
 #[derive(Copy, Clone, Debug, EnumIter, DeriveRelation)]

crates/erp-message/src/entity/message_subscription.rs

@@ -23,6 +23,7 @@ pub struct Model {
     pub updated_by: Uuid,
     #[serde(skip_serializing_if = "Option::is_none")]
     pub deleted_at: Option<DateTimeUtc>,
+    pub version: i32,
 }
 
 #[derive(Copy, Clone, Debug, EnumIter, DeriveRelation)]

crates/erp-message/src/entity/message_template.rs

@@ -19,6 +19,7 @@ pub struct Model {
     pub updated_by: Uuid,
     #[serde(skip_serializing_if = "Option::is_none")]
     pub deleted_at: Option<DateTimeUtc>,
+    pub version: i32,
 }
 
 #[derive(Copy, Clone, Debug, EnumIter, DeriveRelation)]

crates/erp-message/src/handler/message_handler.rs

@@ -49,6 +49,8 @@ where
     MessageState: FromRef<S>,
     S: Clone + Send + Sync + 'static,
 {
+    require_permission(&ctx, "message:list")?;
+
     let result = MessageService::unread_count(ctx.tenant_id, ctx.user_id, &_state.db).await?;
     Ok(Json(ApiResponse::ok(result)))
 }

crates/erp-message/src/module.rs

@@ -1,5 +1,7 @@
 use axum::Router;
 use axum::routing::{delete, get, put};
+use std::sync::Arc;
+use tokio::sync::Semaphore;
 use uuid::Uuid;
 
 use erp_core::error::AppResult;
@@ -60,16 +62,23 @@ impl MessageModule {
 
     /// 启动后台事件监听任务，将工作流事件转化为消息通知。
     ///
+    /// 使用 Semaphore 限制最大并发数为 8，防止事件突发时过度消耗资源。
     /// 在 main.rs 中调用，因为需要 db 连接。
     pub fn start_event_listener(db: sea_orm::DatabaseConnection, event_bus: EventBus) {
         let mut rx = event_bus.subscribe();
+        let semaphore = Arc::new(Semaphore::new(8));
+
         tokio::spawn(async move {
             loop {
                 match rx.recv().await {
                     Ok(event) => {
                         let db = db.clone();
                         let event_bus = event_bus.clone();
+                        let permit = semaphore.clone();
+
+                        // 先获取许可，再 spawn 任务
                         tokio::spawn(async move {
+                            let _permit = permit.acquire().await.unwrap();
                             if let Err(e) =
                                 handle_workflow_event(&event, &db, &event_bus).await
                             {

crates/erp-message/src/service/message_service.rs

@@ -1,6 +1,7 @@
 use chrono::Utc;
 use sea_orm::{
     ActiveModelTrait, ColumnTrait, EntityTrait, PaginatorTrait, QueryFilter, Set,
+    Statement, ConnectionTrait, DatabaseBackend,
 };
 use uuid::Uuid;
 
@@ -111,6 +112,7 @@ impl MessageService {
             created_by: Set(sender_id),
             updated_by: Set(sender_id),
             deleted_at: Set(None),
+            version: Set(1),
         };
 
         let inserted = model
@@ -172,6 +174,7 @@ impl MessageService {
             created_by: Set(system_user),
             updated_by: Set(system_user),
             deleted_at: Set(None),
+            version: Set(1),
         };
 
         let inserted = model
@@ -228,33 +231,26 @@ impl MessageService {
         Ok(())
     }
 
-    /// 标记所有消息已读。
+    /// 标记所有消息已读（批量 UPDATE，避免 N+1）。
     pub async fn mark_all_read(
         tenant_id: Uuid,
         user_id: Uuid,
         db: &sea_orm::DatabaseConnection,
     ) -> MessageResult<()> {
-        let unread = message::Entity::find()
-            .filter(message::Column::TenantId.eq(tenant_id))
-            .filter(message::Column::RecipientId.eq(user_id))
-            .filter(message::Column::IsRead.eq(false))
-            .filter(message::Column::DeletedAt.is_null())
-            .all(db)
-            .await
-            .map_err(|e| MessageError::Validation(e.to_string()))?;
-
         let now = Utc::now();
-        for m in unread {
-            let mut active: message::ActiveModel = m.into();
-            active.is_read = Set(true);
-            active.read_at = Set(Some(now));
-            active.updated_at = Set(now);
-            active.updated_by = Set(user_id);
-            active
-                .update(db)
-                .await
-                .map_err(|e| MessageError::Validation(e.to_string()))?;
-        }
+        db.execute(Statement::from_sql_and_values(
+            DatabaseBackend::Postgres,
+            "UPDATE messages SET is_read = true, read_at = $1, updated_at = $2, updated_by = $3 WHERE tenant_id = $4 AND recipient_id = $5 AND is_read = false AND deleted_at IS NULL",
+            [
+                now.into(),
+                now.into(),
+                user_id.into(),
+                tenant_id.into(),
+                user_id.into(),
+            ],
+        ))
+        .await
+        .map_err(|e| MessageError::Validation(e.to_string()))?;
 
         Ok(())
     }

crates/erp-message/src/service/subscription_service.rs

@@ -88,6 +88,7 @@ impl SubscriptionService {
                 created_by: Set(user_id),
                 updated_by: Set(user_id),
                 deleted_at: Set(None),
+                version: Set(1),
             };
 
             let inserted = model

crates/erp-message/src/service/template_service.rs

@@ -79,6 +79,7 @@ impl TemplateService {
             created_by: Set(operator_id),
             updated_by: Set(operator_id),
             deleted_at: Set(None),
+            version: Set(1),
         };
 
         let inserted = model