feat(health): P0 平台基座回顾 — 7项上线前必修

P0-1: 危急值告警消费者 — health_data.critical_alert 事件推送给责任医护
P0-2: 危急值阈值可配置化 — 硬编码改为数据库配置(critical_value_threshold表)，支持科室/年龄差异化
P0-3: daily_monitoring合并后告警验证 — update_vital_signs也触发危急值检测
P0-4: 随访逾期通知+幂等保护 — 只通知本次新标记的逾期任务，避免重复
P0-5: 知情同意记录(consent) — 新增实体/迁移/Service/Handler，PIPL合规
P0-6: 审计日志补全 — 患者更新记录前后值(过敏史/病史/状态变更)
P0-7: EventBus持久化增强 — 两阶段提交(pending→published)+启动时outbox relay恢复

crates/erp-health/src/handler/consent_handler.rs

@@ -0,0 +1,71 @@
+use axum::Extension;
+use axum::extract::{FromRef, Json, Path, Query, State};
+use serde::Deserialize;
+use erp_core::error::AppError;
+use erp_core::rbac::require_permission;
+use erp_core::types::{ApiResponse, PaginatedResponse, TenantContext};
+
+use crate::dto::consent_dto::*;
+use crate::service::consent_service;
+use crate::state::HealthState;
+
+#[derive(Debug, Deserialize)]
+pub struct ConsentListParams {
+    pub page: Option<u64>,
+    pub page_size: Option<u64>,
+}
+
+pub async fn list_consents<S>(
+    State(state): State<HealthState>,
+    Extension(ctx): Extension<TenantContext>,
+    Path(patient_id): Path<uuid::Uuid>,
+    Query(params): Query<ConsentListParams>,
+) -> Result<Json<ApiResponse<PaginatedResponse<ConsentResp>>>, AppError>
+where
+    HealthState: FromRef<S>,
+    S: Clone + Send + Sync + 'static,
+{
+    require_permission(&ctx, "health.patient.list")?;
+    let page = params.page.unwrap_or(1);
+    let page_size = params.page_size.unwrap_or(20);
+    let result = consent_service::list_consents(
+        &state, ctx.tenant_id, patient_id, page, page_size,
+    )
+    .await?;
+    Ok(Json(ApiResponse::ok(result)))
+}
+
+pub async fn grant_consent<S>(
+    State(state): State<HealthState>,
+    Extension(ctx): Extension<TenantContext>,
+    Json(req): Json<CreateConsentReq>,
+) -> Result<Json<ApiResponse<ConsentResp>>, AppError>
+where
+    HealthState: FromRef<S>,
+    S: Clone + Send + Sync + 'static,
+{
+    require_permission(&ctx, "health.patient.manage")?;
+    let result = consent_service::grant_consent(
+        &state, ctx.tenant_id, Some(ctx.user_id), req,
+    )
+    .await?;
+    Ok(Json(ApiResponse::ok(result)))
+}
+
+pub async fn revoke_consent<S>(
+    State(state): State<HealthState>,
+    Extension(ctx): Extension<TenantContext>,
+    Path(consent_id): Path<uuid::Uuid>,
+    Json(req): Json<RevokeConsentReq>,
+) -> Result<Json<ApiResponse<ConsentResp>>, AppError>
+where
+    HealthState: FromRef<S>,
+    S: Clone + Send + Sync + 'static,
+{
+    require_permission(&ctx, "health.patient.manage")?;
+    let result = consent_service::revoke_consent(
+        &state, ctx.tenant_id, consent_id, Some(ctx.user_id), req,
+    )
+    .await?;
+    Ok(Json(ApiResponse::ok(result)))
+}

crates/erp-health/src/handler/critical_value_threshold_handler.rs

@@ -0,0 +1,111 @@
+use axum::Extension;
+use axum::extract::{FromRef, Json, Path, State};
+use serde::Deserialize;
+use erp_core::error::AppError;
+use erp_core::rbac::require_permission;
+use erp_core::types::{ApiResponse, TenantContext};
+
+use crate::service::critical_value_threshold_service;
+use crate::state::HealthState;
+
+#[derive(Debug, Deserialize)]
+pub struct CreateThresholdReq {
+    pub indicator: String,
+    pub direction: String,
+    pub threshold_value: f64,
+    pub level: Option<String>,
+    pub department: Option<String>,
+    pub age_min: Option<i32>,
+    pub age_max: Option<i32>,
+}
+
+#[derive(Debug, Deserialize)]
+pub struct UpdateThresholdReq {
+    pub threshold_value: f64,
+    pub level: Option<String>,
+    pub department: Option<String>,
+    pub age_min: Option<i32>,
+    pub age_max: Option<i32>,
+    pub version: i32,
+}
+
+pub async fn list_thresholds<S>(
+    State(state): State<HealthState>,
+    Extension(ctx): Extension<TenantContext>,
+) -> Result<Json<ApiResponse<Vec<crate::entity::critical_value_threshold::Model>>>, AppError>
+where
+    HealthState: FromRef<S>,
+    S: Clone + Send + Sync + 'static,
+{
+    require_permission(&ctx, "health.health-data.list")?;
+    let list = critical_value_threshold_service::find_thresholds(&state.db, ctx.tenant_id).await?;
+    Ok(Json(ApiResponse::ok(list)))
+}
+
+pub async fn create_threshold<S>(
+    State(state): State<HealthState>,
+    Extension(ctx): Extension<TenantContext>,
+    Json(req): Json<CreateThresholdReq>,
+) -> Result<Json<ApiResponse<crate::entity::critical_value_threshold::Model>>, AppError>
+where
+    HealthState: FromRef<S>,
+    S: Clone + Send + Sync + 'static,
+{
+    require_permission(&ctx, "health.health-data.manage")?;
+    let result = critical_value_threshold_service::create_threshold(
+        &state.db,
+        ctx.tenant_id,
+        Some(ctx.user_id),
+        req.indicator,
+        req.direction,
+        req.threshold_value,
+        req.level.unwrap_or_else(|| "critical".to_string()),
+        req.department,
+        req.age_min,
+        req.age_max,
+    )
+    .await?;
+    Ok(Json(ApiResponse::ok(result)))
+}
+
+pub async fn update_threshold<S>(
+    State(state): State<HealthState>,
+    Extension(ctx): Extension<TenantContext>,
+    Path(id): Path<uuid::Uuid>,
+    Json(req): Json<UpdateThresholdReq>,
+) -> Result<Json<ApiResponse<crate::entity::critical_value_threshold::Model>>, AppError>
+where
+    HealthState: FromRef<S>,
+    S: Clone + Send + Sync + 'static,
+{
+    require_permission(&ctx, "health.health-data.manage")?;
+    let result = critical_value_threshold_service::update_threshold(
+        &state.db,
+        ctx.tenant_id,
+        id,
+        Some(ctx.user_id),
+        req.threshold_value,
+        req.level.unwrap_or_else(|| "critical".to_string()),
+        req.department,
+        req.age_min,
+        req.age_max,
+        req.version,
+    )
+    .await?;
+    Ok(Json(ApiResponse::ok(result)))
+}
+
+pub async fn delete_threshold<S>(
+    State(state): State<HealthState>,
+    Extension(ctx): Extension<TenantContext>,
+    Path(id): Path<uuid::Uuid>,
+) -> Result<Json<ApiResponse<()>>, AppError>
+where
+    HealthState: FromRef<S>,
+    S: Clone + Send + Sync + 'static,
+{
+    require_permission(&ctx, "health.health-data.manage")?;
+    critical_value_threshold_service::delete_threshold(&state.db, ctx.tenant_id, id, Some(ctx.user_id))
+        .await?;
+    Ok(Json(ApiResponse::ok(())))
+}

crates/erp-health/src/handler/mod.rs

@@ -1,6 +1,8 @@
 pub mod appointment_handler;
 pub mod article_handler;
 pub mod consultation_handler;
+pub mod consent_handler;
+pub mod critical_value_threshold_handler;
 pub mod daily_monitoring_handler;
 pub mod diagnosis_handler;
 pub mod dialysis_handler;