fix(mp): 修复小程序角色路由 + 前后端字段对齐 + E2E 测试报告

- 修复 stores/auth.ts 三种登录方式从错误路径提取 roles（resp.roles → resp.user.roles）
- 首页添加医护人员自动跳转医生端（useDidShow + isMedicalStaff）
- services/auth.ts credentialLogin 返回类型补全 roles 字段
- Web 前端 healthData.ts 字段对齐后端 DTO（indicators→items, content→overall_assessment）
- Web 前端 medicationReminders.ts 字段对齐（time_slots→reminder_times）
- 小程序 report.ts / reports 页面字段对齐后端（indicators→items, doctor_interpretation→doctor_notes）
- 小程序 patient.ts / followup.ts / alert.ts 补全缺失字段
- 后端 stats_handler.rs 权限码修正（health.patient.list→health.dashboard.manage）
- 新增 V1 E2E 测试报告和五专家组评审报告

apps/miniprogram/src/stores/auth.ts

@@ -131,8 +131,9 @@ export const useAuthStore = create<AuthState>((set, get) => ({
       const resp = await authApi.wechatLogin(code);
       if (resp.bound && resp.token) {
         const { access_token, refresh_token, user } = resp.token;
-        const roles = (resp as Record<string, unknown>).roles instanceof Array
-          ? ((resp as Record<string, unknown>).roles as Array<Record<string, string>>).map((r) => r.code || r.name || String(r))
+        const userObj = user as Record<string, unknown>;
+        const roles = Array.isArray(userObj?.roles)
+          ? (userObj.roles as Array<Record<string, string>>).map((r) => r.code || r.name || String(r))
           : [];
         secureSet('access_token', access_token);
         secureSet('refresh_token', refresh_token);
@@ -161,19 +162,19 @@ export const useAuthStore = create<AuthState>((set, get) => ({
     try {
       const tenantId = Taro.getStorageSync('tenant_id') || process.env.TARO_APP_DEFAULT_TENANT_ID || '';
       const resp = await authApi.credentialLogin(username, password, tenantId);
-      const roles = (resp as Record<string, unknown>).roles instanceof Array
-        ? ((resp as Record<string, unknown>).roles as Array<Record<string, string>>).map((r) => r.code || r.name || String(r))
+      const user = resp.user as Record<string, unknown>;
+      const roles = Array.isArray(user?.roles)
+        ? (user.roles as Array<Record<string, string>>).map((r) => r.code || r.name || String(r))
         : [];
       secureSet('access_token', resp.access_token);
       secureSet('refresh_token', resp.refresh_token);
       if (resp.expires_in) {
         secureSet('token_expires_at', String(Date.now() + resp.expires_in * 1000));
       }
-      const user = resp.user;
-      secureSet('user_data', JSON.stringify(user));
+      secureSet('user_data', JSON.stringify(resp.user));
       secureSet('user_roles', JSON.stringify(roles));
-      secureSet('tenant_id', user.tenant_id || tenantId);
-      set({ user, roles, loading: false });
+      secureSet('tenant_id', resp.user?.tenant_id || tenantId);
+      set({ user: resp.user, roles, loading: false });
       clearLoggingOut();
       return true;
     } catch {
@@ -193,8 +194,9 @@ export const useAuthStore = create<AuthState>((set, get) => ({
       }
       const resp = await authApi.wechatBindPhone(openid, encryptedData, iv) as Record<string, unknown>;
       const tokenData = resp as { access_token: string; refresh_token: string; expires_in?: number; user: AuthState['user'] };
-      const roles = resp.roles instanceof Array
-        ? (resp.roles as Array<Record<string, string>>).map((r) => r.code || r.name || String(r))
+      const userObj = tokenData.user as Record<string, unknown>;
+      const roles = Array.isArray(userObj?.roles)
+        ? (userObj.roles as Array<Record<string, string>>).map((r) => r.code || r.name || String(r))
         : [];
       secureSet('access_token', tokenData.access_token);
       secureSet('refresh_token', tokenData.refresh_token);