feat(health): P0 平台基座回顾 — 7项上线前必修

P0-1: 危急值告警消费者 — health_data.critical_alert 事件推送给责任医护
P0-2: 危急值阈值可配置化 — 硬编码改为数据库配置(critical_value_threshold表)，支持科室/年龄差异化
P0-3: daily_monitoring合并后告警验证 — update_vital_signs也触发危急值检测
P0-4: 随访逾期通知+幂等保护 — 只通知本次新标记的逾期任务，避免重复
P0-5: 知情同意记录(consent) — 新增实体/迁移/Service/Handler，PIPL合规
P0-6: 审计日志补全 — 患者更新记录前后值(过敏史/病史/状态变更)
P0-7: EventBus持久化增强 — 两阶段提交(pending→published)+启动时outbox relay恢复

crates/erp-health/src/handler/critical_value_threshold_handler.rs

@@ -0,0 +1,111 @@
+use axum::Extension;
+use axum::extract::{FromRef, Json, Path, State};
+use serde::Deserialize;
+use erp_core::error::AppError;
+use erp_core::rbac::require_permission;
+use erp_core::types::{ApiResponse, TenantContext};
+
+use crate::service::critical_value_threshold_service;
+use crate::state::HealthState;
+
+#[derive(Debug, Deserialize)]
+pub struct CreateThresholdReq {
+    pub indicator: String,
+    pub direction: String,
+    pub threshold_value: f64,
+    pub level: Option<String>,
+    pub department: Option<String>,
+    pub age_min: Option<i32>,
+    pub age_max: Option<i32>,
+}
+
+#[derive(Debug, Deserialize)]
+pub struct UpdateThresholdReq {
+    pub threshold_value: f64,
+    pub level: Option<String>,
+    pub department: Option<String>,
+    pub age_min: Option<i32>,
+    pub age_max: Option<i32>,
+    pub version: i32,
+}
+
+pub async fn list_thresholds<S>(
+    State(state): State<HealthState>,
+    Extension(ctx): Extension<TenantContext>,
+) -> Result<Json<ApiResponse<Vec<crate::entity::critical_value_threshold::Model>>>, AppError>
+where
+    HealthState: FromRef<S>,
+    S: Clone + Send + Sync + 'static,
+{
+    require_permission(&ctx, "health.health-data.list")?;
+    let list = critical_value_threshold_service::find_thresholds(&state.db, ctx.tenant_id).await?;
+    Ok(Json(ApiResponse::ok(list)))
+}
+
+pub async fn create_threshold<S>(
+    State(state): State<HealthState>,
+    Extension(ctx): Extension<TenantContext>,
+    Json(req): Json<CreateThresholdReq>,
+) -> Result<Json<ApiResponse<crate::entity::critical_value_threshold::Model>>, AppError>
+where
+    HealthState: FromRef<S>,
+    S: Clone + Send + Sync + 'static,
+{
+    require_permission(&ctx, "health.health-data.manage")?;
+    let result = critical_value_threshold_service::create_threshold(
+        &state.db,
+        ctx.tenant_id,
+        Some(ctx.user_id),
+        req.indicator,
+        req.direction,
+        req.threshold_value,
+        req.level.unwrap_or_else(|| "critical".to_string()),
+        req.department,
+        req.age_min,
+        req.age_max,
+    )
+    .await?;
+    Ok(Json(ApiResponse::ok(result)))
+}
+
+pub async fn update_threshold<S>(
+    State(state): State<HealthState>,
+    Extension(ctx): Extension<TenantContext>,
+    Path(id): Path<uuid::Uuid>,
+    Json(req): Json<UpdateThresholdReq>,
+) -> Result<Json<ApiResponse<crate::entity::critical_value_threshold::Model>>, AppError>
+where
+    HealthState: FromRef<S>,
+    S: Clone + Send + Sync + 'static,
+{
+    require_permission(&ctx, "health.health-data.manage")?;
+    let result = critical_value_threshold_service::update_threshold(
+        &state.db,
+        ctx.tenant_id,
+        id,
+        Some(ctx.user_id),
+        req.threshold_value,
+        req.level.unwrap_or_else(|| "critical".to_string()),
+        req.department,
+        req.age_min,
+        req.age_max,
+        req.version,
+    )
+    .await?;
+    Ok(Json(ApiResponse::ok(result)))
+}
+
+pub async fn delete_threshold<S>(
+    State(state): State<HealthState>,
+    Extension(ctx): Extension<TenantContext>,
+    Path(id): Path<uuid::Uuid>,
+) -> Result<Json<ApiResponse<()>>, AppError>
+where
+    HealthState: FromRef<S>,
+    S: Clone + Send + Sync + 'static,
+{
+    require_permission(&ctx, "health.health-data.manage")?;
+    critical_value_threshold_service::delete_threshold(&state.db, ctx.tenant_id, id, Some(ctx.user_id))
+        .await?;
+    Ok(Json(ApiResponse::ok(())))
+}