docs: 修正测试策略 spec 的事实性错误

修正 spec review 发现的问题:
- C-1: TestDb 实际是本地 PostgreSQL 隔离，非 Testcontainers
- C-2: E2E 已有 4 spec/10 测试，非零测试
- 补充 6 个遗漏的 service（alert/daily_monitoring/critical_value_threshold 等）
- 增加 Phase 0 基础设施搭建
- 修正 CI 配置（增加 PostgreSQL service、验证链）
- 补充 5 个遗漏风险项和回退策略
- 统一"全量 80%"目标的准确含义

crates/erp-health/src/handler/alert_handler.rs

@@ -0,0 +1,100 @@
+use axum::extract::{FromRef, Path, Query, State};
+use axum::response::IntoResponse;
+use axum::Extension;
+use serde::Deserialize;
+use utoipa::IntoParams;
+use uuid::Uuid;
+
+use erp_core::error::AppError;
+use erp_core::rbac::require_permission;
+use erp_core::types::{ApiResponse, PaginatedResponse, TenantContext};
+
+use crate::dto::alert_dto::AcknowledgeAlertRequest;
+use crate::service::alert_service;
+use crate::state::HealthState;
+
+#[derive(Debug, Deserialize, IntoParams)]
+pub struct AlertListQuery {
+    pub patient_id: Option<Uuid>,
+    pub status: Option<String>,
+    pub page: Option<u64>,
+    pub page_size: Option<u64>,
+}
+
+pub async fn list_alerts<S>(
+    State(state): State<HealthState>,
+    Extension(ctx): Extension<TenantContext>,
+    Query(query): Query<AlertListQuery>,
+) -> Result<impl IntoResponse, AppError>
+where
+    HealthState: FromRef<S>,
+    S: Clone + Send + Sync + 'static,
+{
+    require_permission(&ctx, "health.alerts.list")?;
+    let page = query.page.unwrap_or(1);
+    let page_size = query.page_size.unwrap_or(20);
+
+    let (items, total) = alert_service::list_alerts(
+        &state, ctx.tenant_id, query.patient_id, query.status.as_deref(),
+        page, page_size,
+    ).await?;
+
+    Ok(axum::Json(ApiResponse::ok(PaginatedResponse {
+        data: items,
+        total,
+        page,
+        page_size,
+        total_pages: total.div_ceil(page_size.max(1)),
+    })))
+}
+
+pub async fn acknowledge<S>(
+    State(state): State<HealthState>,
+    Extension(ctx): Extension<TenantContext>,
+    Path(id): Path<Uuid>,
+    axum::Json(body): axum::Json<AcknowledgeAlertRequest>,
+) -> Result<impl IntoResponse, AppError>
+where
+    HealthState: FromRef<S>,
+    S: Clone + Send + Sync + 'static,
+{
+    require_permission(&ctx, "health.alerts.manage")?;
+    let alert = alert_service::acknowledge_alert(
+        &state, ctx.tenant_id, id, ctx.user_id, body.version,
+    ).await?;
+    Ok(axum::Json(ApiResponse::ok(alert)))
+}
+
+pub async fn dismiss<S>(
+    State(state): State<HealthState>,
+    Extension(ctx): Extension<TenantContext>,
+    Path(id): Path<Uuid>,
+    axum::Json(body): axum::Json<AcknowledgeAlertRequest>,
+) -> Result<impl IntoResponse, AppError>
+where
+    HealthState: FromRef<S>,
+    S: Clone + Send + Sync + 'static,
+{
+    require_permission(&ctx, "health.alerts.manage")?;
+    let alert = alert_service::dismiss_alert(
+        &state, ctx.tenant_id, id, ctx.user_id, body.version,
+    ).await?;
+    Ok(axum::Json(ApiResponse::ok(alert)))
+}
+
+pub async fn resolve<S>(
+    State(state): State<HealthState>,
+    Extension(ctx): Extension<TenantContext>,
+    Path(id): Path<Uuid>,
+    axum::Json(body): axum::Json<AcknowledgeAlertRequest>,
+) -> Result<impl IntoResponse, AppError>
+where
+    HealthState: FromRef<S>,
+    S: Clone + Send + Sync + 'static,
+{
+    require_permission(&ctx, "health.alerts.manage")?;
+    let alert = alert_service::resolve_alert(
+        &state, ctx.tenant_id, id, body.version,
+    ).await?;
+    Ok(axum::Json(ApiResponse::ok(alert)))
+}

crates/erp-health/src/handler/alert_rule_handler.rs

@@ -0,0 +1,102 @@
+use axum::extract::{FromRef, Path, Query, State};
+use axum::response::IntoResponse;
+use axum::Extension;
+use serde::Deserialize;
+use utoipa::IntoParams;
+use uuid::Uuid;
+
+use erp_core::error::AppError;
+use erp_core::rbac::require_permission;
+use erp_core::types::{ApiResponse, PaginatedResponse, TenantContext};
+
+use crate::dto::alert_dto::{CreateAlertRuleRequest, UpdateAlertRuleRequest};
+use crate::service::alert_rule_service;
+use crate::state::HealthState;
+
+#[derive(Debug, Deserialize, IntoParams)]
+pub struct RuleListQuery {
+    pub device_type: Option<String>,
+    pub page: Option<u64>,
+    pub page_size: Option<u64>,
+}
+
+#[derive(Debug, Deserialize)]
+pub struct DeactivateRequest {
+    pub version: i32,
+}
+
+pub async fn list_rules<S>(
+    State(state): State<HealthState>,
+    Extension(ctx): Extension<TenantContext>,
+    Query(query): Query<RuleListQuery>,
+) -> Result<impl IntoResponse, AppError>
+where
+    HealthState: FromRef<S>,
+    S: Clone + Send + Sync + 'static,
+{
+    require_permission(&ctx, "health.alert-rules.list")?;
+    let page = query.page.unwrap_or(1);
+    let page_size = query.page_size.unwrap_or(20);
+
+    let (items, total) = alert_rule_service::list_rules(
+        &state, ctx.tenant_id, query.device_type.as_deref(), page, page_size,
+    ).await?;
+
+    Ok(axum::Json(ApiResponse::ok(PaginatedResponse {
+        data: items,
+        total,
+        page,
+        page_size,
+        total_pages: total.div_ceil(page_size.max(1)),
+    })))
+}
+
+pub async fn create<S>(
+    State(state): State<HealthState>,
+    Extension(ctx): Extension<TenantContext>,
+    axum::Json(body): axum::Json<CreateAlertRuleRequest>,
+) -> Result<impl IntoResponse, AppError>
+where
+    HealthState: FromRef<S>,
+    S: Clone + Send + Sync + 'static,
+{
+    require_permission(&ctx, "health.alert-rules.manage")?;
+    let rule = alert_rule_service::create_rule(
+        &state, ctx.tenant_id, ctx.user_id, body,
+    ).await?;
+    Ok(axum::Json(ApiResponse::ok(rule)))
+}
+
+pub async fn update<S>(
+    State(state): State<HealthState>,
+    Extension(ctx): Extension<TenantContext>,
+    Path(id): Path<Uuid>,
+    axum::Json(body): axum::Json<UpdateAlertRuleRequest>,
+) -> Result<impl IntoResponse, AppError>
+where
+    HealthState: FromRef<S>,
+    S: Clone + Send + Sync + 'static,
+{
+    require_permission(&ctx, "health.alert-rules.manage")?;
+    let rule = alert_rule_service::update_rule(
+        &state, ctx.tenant_id, id, ctx.user_id, body,
+    ).await?;
+    Ok(axum::Json(ApiResponse::ok(rule)))
+}
+
+pub async fn deactivate<S>(
+    State(state): State<HealthState>,
+    Extension(ctx): Extension<TenantContext>,
+    Path(id): Path<Uuid>,
+    axum::Json(body): axum::Json<DeactivateRequest>,
+) -> Result<impl IntoResponse, AppError>
+where
+    HealthState: FromRef<S>,
+    S: Clone + Send + Sync + 'static,
+{
+    require_permission(&ctx, "health.alert-rules.manage")?;
+    let rule = alert_rule_service::deactivate_rule(
+        &state, ctx.tenant_id, id, body.version,
+    ).await?;
+    Ok(axum::Json(ApiResponse::ok(rule)))
+}

crates/erp-health/src/handler/device_reading_handler.rs

@@ -0,0 +1,92 @@
+use axum::extract::{FromRef, Path, Query, State};
+use axum::response::IntoResponse;
+use axum::Extension;
+use serde::Deserialize;
+use utoipa::IntoParams;
+use uuid::Uuid;
+
+use erp_core::error::AppError;
+use erp_core::rbac::require_permission;
+use erp_core::types::{ApiResponse, PaginatedResponse, TenantContext};
+
+use crate::service::device_reading_service;
+use crate::state::HealthState;
+
+#[derive(Debug, Deserialize)]
+pub struct PatientPath {
+    pub patient_id: Uuid,
+}
+
+#[derive(Debug, Deserialize, IntoParams)]
+pub struct ReadingListQuery {
+    pub device_type: Option<String>,
+    pub hours: Option<i64>,
+    pub page: Option<u64>,
+    pub page_size: Option<u64>,
+}
+
+#[derive(Debug, Deserialize, IntoParams)]
+pub struct HourlyQuery {
+    pub device_type: String,
+    pub days: Option<i64>,
+    pub page: Option<u64>,
+    pub page_size: Option<u64>,
+}
+
+pub async fn batch_create<S>(
+    State(state): State<HealthState>,
+    Extension(ctx): Extension<TenantContext>,
+    Path(path): Path<PatientPath>,
+    axum::Json(body): axum::Json<device_reading_service::BatchReadingRequest>,
+) -> Result<impl IntoResponse, AppError>
+where
+    HealthState: FromRef<S>,
+    S: Clone + Send + Sync + 'static,
+{
+    require_permission(&ctx, "health.device-readings.manage")?;
+    let result = device_reading_service::batch_create_readings(
+        &state, ctx.tenant_id, path.patient_id, body,
+    ).await?;
+    Ok(axum::Json(ApiResponse::ok(result)))
+}
+
+pub async fn list_readings<S>(
+    State(state): State<HealthState>,
+    Extension(ctx): Extension<TenantContext>,
+    Path(path): Path<PatientPath>,
+    Query(query): Query<ReadingListQuery>,
+) -> Result<impl IntoResponse, AppError>
+where
+    HealthState: FromRef<S>,
+    S: Clone + Send + Sync + 'static,
+{
+    require_permission(&ctx, "health.device-readings.list")?;
+    let page = query.page.unwrap_or(1);
+    let page_size = query.page_size.unwrap_or(20);
+    let result = device_reading_service::query_device_readings(
+        &state, ctx.tenant_id, path.patient_id,
+        query.device_type.as_deref(), query.hours, page, page_size,
+    ).await?;
+    Ok(axum::Json(ApiResponse::ok(result)))
+}
+
+pub async fn list_hourly<S>(
+    State(state): State<HealthState>,
+    Extension(ctx): Extension<TenantContext>,
+    Path(path): Path<PatientPath>,
+    Query(query): Query<HourlyQuery>,
+) -> Result<impl IntoResponse, AppError>
+where
+    HealthState: FromRef<S>,
+    S: Clone + Send + Sync + 'static,
+{
+    require_permission(&ctx, "health.device-readings.list")?;
+    let page = query.page.unwrap_or(1);
+    let page_size = query.page_size.unwrap_or(20);
+    let days = query.days.unwrap_or(7);
+    let result = device_reading_service::query_hourly_readings(
+        &state, ctx.tenant_id, path.patient_id,
+        &query.device_type, days, page, page_size,
+    ).await?;
+    Ok(axum::Json(ApiResponse::ok(result)))
+}

crates/erp-health/src/handler/mod.rs

@@ -1,3 +1,5 @@
+pub mod alert_handler;
+pub mod alert_rule_handler;
 pub mod appointment_handler;
 pub mod article_category_handler;
 pub mod article_handler;
@@ -6,6 +8,7 @@ pub mod consultation_handler;
 pub mod consent_handler;
 pub mod critical_value_threshold_handler;
 pub mod daily_monitoring_handler;
+pub mod device_reading_handler;
 pub mod diagnosis_handler;
 pub mod dialysis_handler;
 pub mod doctor_handler;