fix: V1 测试版本端到端验证修复 — 6 CRITICAL + 3 HIGH 问题全量修复

修复项:
- fix(db): 迁移 149 — 修复 Admin 角色权限绑定被迁移链破坏 (FE-C1)
- fix(health): 4 个 handler 添加空名称验证 — Doctor/Article/AlertRule/Tag (API-C1~C4)
- fix(health): Stats 仪表盘 new_this_week 查询修复 — SeaORM date_trunc bug (FE-C2)
- fix(server): 添加安全响应头 — X-Frame-Options/CSP/XSS-Protection/Referrer-Policy (SEC-H1)
- fix(mp): 预约创建契约修复 — notes/reason 字段映射 + 移除 schedule_id (MP-H1)
- fix(mp): 咨询会话 subject/last_message 字段改为可选 (MP-H3)
- fix(ai): AiConfig Default derive 替代手写 impl (clippy)

测试报告:
- 8 维度端到端测试全部完成 (后端 87 用例 / 前端 30 页面 / 小程序 80+ API / 安全 20 项 / 性能 20 端点)
- 多角色 7 角色 49 检查 100% 通过
- 综合测试报告 + 专家评估报告

apps/miniprogram/src/pages/appointment/create/index.tsx

@@ -121,7 +121,7 @@ export default function AppointmentCreate() {
         appointment_date: appointmentDate,
         start_time: selectedSlot?.start_time || timeSlot,
         end_time: selectedSlot?.end_time || timeSlot,
-        reason: reason.trim() || undefined,
+        notes: reason.trim() || undefined,
       });
       Taro.showToast({ title: '预约成功', icon: 'success' });
       trackEvent('appointment_create', { doctor_id: selectedDoctor.id, date: appointmentDate });

apps/miniprogram/src/services/appointment.ts

@@ -45,11 +45,11 @@ export async function getAppointment(id: string) {
 export async function createAppointment(data: {
   patient_id: string;
   doctor_id: string;
-  schedule_id?: string;
   appointment_date: string;
   start_time: string;
   end_time: string;
-  reason?: string;
+  notes?: string;
+  appointment_type?: string;
 }) {
   return api.post<Appointment>('/health/appointments', data);
 }

apps/miniprogram/src/services/doctor/consultation.ts

@@ -9,8 +9,8 @@ export interface ConsultationSession {
   doctor_id: string | null;
   consultation_type: string;
   status: string;
-  subject: string | null;
-  last_message: string | null;
+  subject?: string | null;
+  last_message?: string | null;
   last_message_at: string | null;
   unread_count_doctor?: number;
   created_at: string;