40 Commits

Author	SHA1	Message	Date
iven	c82f7bda1d	fix: 系统性预防角色测试高频问题（5 方案落地） ... P0 — 默认拒绝 + 强制守卫: - 创建 routeConfig.ts 作为前端路由权限的单一真相源 - TypeScript 强制每个路由声明非空权限数组，不可能遗漏 - 自动生成 ROUTE_PERMISSIONS 和 FROZEN_ROUTES - 修正 3 个前端权限码不匹配后端 P0 — CI 权限扫描: - 新增 tools/check_permissions.py 校验脚本 - 发现并修复 tenant.manage 未注册问题 P1 — 聚合接口容错: - erp-core 新增 safe_aggregate 工具函数 - 仪表盘统计 handler 重构 P1 — 状态机一致性自检: - validation.rs 新增 3 个自检测试 fix: lint-staged eslint Windows 兼容性	2026-05-08 08:52:16 +08:00
iven	6d5a711d2c	fix: 修复测试发现的 7 个问题 + 全 workspace clippy 清零 ... 功能修复： 1. 患者创建空名称验证：后端添加 name.trim().is_empty() 检查 2. 仪表盘统计容错：单个查询失败返回零值而非 500 3. FHIR 路由修复：从 /fhir 移到 /api/v1/fhir 保持一致 4. 冻结模块后端中间件：新增 frozen_module_middleware 拦截冻结路径 5. 积分端点权限码：health.health-data.list → health.points.list 6. 角色权限迁移：护士补充 devices.list，运营补充 points.list/manage 7. 测试结果文档：R01-R05 角色测试 + T00/T10 结果归档 Clippy 全 workspace 清零（14→0 errors）： - erp-core: 修复 empty doc line、collapsible if、redundant closure 等 9 处 - erp-health: 修复 too_many_arguments、unused var、unnecessary parens 等 58 处 - erp-ai: 修复 dead_code、unused import 等 11 处 - erp-plugin: 修复 too_many_arguments、wildcard pattern 等 11 处 - erp-server-migration: 修复 enum_variant_names 5 处 - erp-auth/config/workflow/message: 各 1-3 处 工程改进： - lint-staged 配置迁移到 .lintstagedrc.js（函数式避免文件列表传给 clippy） - cargo fmt 统一格式化	2026-05-07 23:43:14 +08:00
iven	3412d807e3	fix(core): 跨 crate 小修复 — dto 合并、tracing 补全、死代码清理 ... - erp-ai: 删除孤立 dto.rs（已合并到子模块） - erp-core: audit_service tracing 优化 - erp-health: points_handler 补充返回值、alert_engine 修正日志级别 - erp-plugin: host/data_handler/market_handler tracing 统一 - erp-dialysis/event: 移除无用 import - erp-workflow/executor: tracing 格式统一	2026-05-03 19:31:46 +08:00
iven	603af83aa9	fix: P0 止血 — 消除崩溃风险 + 伪CAS修复 + 硬编码清除 + 晚间血压 ... - 新增 sea_orm_ext 模块: safe_version() / bump_version() 替代 14 处 unwrap() - 修复 points_service 伪 CAS 逻辑 bug: 在 Set() 前提取原始版本并重新验证 - AdminDashboard: API 失败时显示 unknown 状态而非虚假绿色 healthy - AdminDashboard: 今日操作改用真实数据，移除 "0 错误" 硬编码 - OperatorWorkbench: 移除硬编码 "美玲"，改用真实用户名 - Home.tsx: operator "内容发布" 从硬编码 0 改为真实积分统计 - 小程序体征录入: 新增晚间血压 indicator_type，映射到 evening 字段	2026-05-02 23:42:01 +08:00
iven	d8735eb45c	fix(test+web): 修复测试编译错误 + 前端构建问题 ... - 修复透析集成测试 TestApp.dialysis_state() 返回类型不匹配（39个错误） - 修复 erp-core test_helpers SeaORM Database::connect API 变更 - 修复 health_alert/article/data 集成测试函数签名不匹配 - 修复 DailyMonitoringTab 缺失 Input import - 修复 DeviceReadingsTab 未使用接口声明 - 修复 DialysisManageList keyword → search 参数名	2026-04-30 10:21:05 +08:00
iven	1c9e7ccf1d	feat(core+health): HealthDataProvider 扩展趋势分析预计算数据 ... - erp-core: 新增 get_trend_analysis_data() trait 方法和配套 DTO (TrendAnalysisDto, MetricTrendAnalysis, RegressionStats, AnomalyInfo) - erp-health: 实现 get_trend_analysis_data()，查询 vital_signs 时间序列 后调用 trend_stats 模块计算线性回归和异常检测，返回结构化统计摘要	2026-04-28 19:55:06 +08:00
iven	be8fca1d76	feat(core): EventBus dead-letter + consume_with_retry 辅助函数 ... - 新增 dead_letter_events 表 + Entity - consume_with_retry: 幂等检查 + 成功标记 + 失败转入 dead-letter - insert_dead_letter: 写入失败事件供后续排查和手动重试	2026-04-28 11:47:44 +08:00
iven	c556bda82b	test(core): 添加事务回滚测试基础设施	2026-04-28 11:17:46 +08:00
iven	22ef5b6d1f	feat(core): 审计日志哈希链 — prev_hash + record_hash + 完整性验证 ... - 迁移 087: audit_logs 表添加 prev_hash/record_hash 列 + 索引 - audit_service::record() 写入时查询前一条 record_hash 作为 prev_hash - SHA256(id+action+resource_type+resource_id+created_at+prev_hash) 计算 record_hash - verify_hash_chain() 验证链完整性，返回 (总记录数, 断链数)	2026-04-27 19:38:39 +08:00
iven	633bf8c62d	feat(auth): data_scope 行级数据权限 — DataScope 枚举 + 中间件加载 ... - TenantContext 新增 permission_data_scopes: HashMap<String, DataScope> - DataScope 枚举: All/SelfOnly/Department/DepartmentTree - JWT 中间件查询 role_permissions.data_scope 填充到上下文 - rbac::get_data_scope() 供 service 层按权限获取数据范围 - 默认 All，完全向后兼容现有行为	2026-04-27 19:31:19 +08:00
iven	3197dde33c	feat(core): 事件归档 + 消费者幂等性 — 迁移 084/085 + 清理任务 ... - 迁移 084: domain_events_archive 归档表 + cleanup_old_published_events() - 迁移 085: processed_events 去重表 + cleanup_old_processed_events() - erp-core: is_event_processed() / mark_event_processed() 幂等性辅助 - erp-server: tasks::start_event_cleanup() 每 24h 归档 >90 天事件	2026-04-27 18:12:43 +08:00
iven	97bb592688	feat(core): build_event_payload 统一信封 — 28 处事件发布全部迁移 ... - erp-core 添加 build_event_payload()，自动注入 schema_version + occurred_at - erp-health 12 个 service（25 处）、erp-auth（1 处）、erp-workflow（2 处） 全部迁移到统一信封格式	2026-04-27 18:01:05 +08:00
iven	d31d7beb1f	feat(server): outbox relay 改为 LISTEN/NOTIFY + 30s 兜底轮询 ... - EventBus::publish() 持久化后执行 NOTIFY outbox_channel - outbox relay 使用 sqlx::PgListener 监听 + tokio::select! 竞争 - 30s 兜底轮询防止 NOTIFY 丢失，断线自动重连 - 轮询间隔从 5s 提升到 30s，事件延迟降至 <100ms	2026-04-27 17:50:38 +08:00
iven	787e64d9a9	fix: 前端深度审计全量修复 — 安全/功能/代码质量 ... 严重 BUG 修复: - 修复 Token 过期后 hash 重定向导致无法跳转登录页 - 修复文章编辑器新建后提交审核使用错误 ID 安全加固: - HTML 清理函数替换为 ammonia 专业库（替代自定义解析器） - 文件上传添加 magic bytes 校验（防 Content-Type 伪造） - 登录添加账户级失败锁定（5次失败→15分钟锁定） - 审计日志 9 个关键更新操作补充变更前后值（with_changes） 功能缺陷修复: - 登录/登出时清理 API 缓存（防多账户数据污染） - 文章编辑器上传改用统一 HTTP 客户端（自动 token 刷新） - 添加全局 HTTP 错误处理和后端错误消息展示 - PrivateRoute 增加路由级权限检查（系统管理页面） - 健康数据三个 Tab 添加编辑/删除功能 - 预约创建增加排班可用性校验提示 - 医生详情 API 返回解密后的原始执照号 代码清理: - 删除未使用的 auth.ts refresh() 函数 - 删除重复的 AuthGuard.tsx 组件 - 删除未使用的 getHealthSummary API	2026-04-26 21:47:26 +08:00
iven	7ab57ea1b2	fix(health): PII 加密安全审计修复 — 2 Critical + 6 Medium + 4 Low ... 审计发现 55 检查点，46 PASS / 7 WARN / 2 FAIL，修复内容: Critical: - C1: 密钥轮换端点现在持久化新 DEK 到 tenant_crypto_keys 表 - C2: CachedDek 实现 Drop trait，释放时清零密钥材料 Medium: - M1: 密文格式添加版本前缀 0x01，向后兼容旧格式 - M2: HMAC 索引使用独立子密钥，与加密 KEK 分离 - M4: 脱敏函数使用 chars() 迭代器，UTF-8 安全 - M5-M6: 医生执业证号详情响应脱敏 (mask_license_number) Low: - L1: dek_manager 改为 pub(crate)，暴露 invalidate_dek() 方法 - L3: 合并 patient 列表搜索中冗余的重复 HMAC 计算 - L4: update_family_member/update_doctor 更新时设置 key_version	2026-04-26 13:34:25 +08:00
iven	a0b72b0f73	feat: Iteration 1 — 审计日志IP记录、文件上传、医护端API、小程序角色切换 ... Iteration 1 六项任务全部完成： 1. 审计日志IP记录 — task_local RequestInfo 自动注入 IP/user_agent 2. 文件上传服务 — multipart 上传 + ServeDir 静态文件服务 3. 医护端后端API — 医生工作台仪表盘 + 患者标签CRUD + 会话已读 4. 小程序角色切换 — 登录后根据角色跳转医护台/患者首页 5. 小程序安全加固 — secure-storage 开发模式警告 6. 讨论记录归档 — docs/discussions/	2026-04-26 13:13:25 +08:00
iven	ebc0f20e33	test(health): PII 加密集成测试 + 性能基准 + 编译修复 ... - 10 个集成测试: CRUD 加密流(8) + 多租户隔离(2) - 3 个性能基准: encrypt avg 17μs, decrypt avg 14μs, 批量50条 877μs - 8 个 key_manager 单元测试 + 4 个 masking 边界测试 - 迁移: 加宽 emergency_contact_phone/phone/license_number/result 列 - 修复: follow_up_service.create_record 返回密文改为解密返回 - 修复: consultation_service/patient_service HealthError::NotFound 引用	2026-04-26 13:10:53 +08:00
iven	49b8300fdc	feat(core): DEK 缓存 + 密钥轮换管理端点 ... - erp-core/crypto/key_manager: DashMap LRU DEK 缓存 (TTL 5min, 100条) - DekManager: get_or_create_dek, generate_new_dek, invalidate - PiiCrypto 集成 DekManager - POST /api/v1/admin/tenants/:id/rotate-key: 生成新 DEK + 缓存失效 - 权限: tenant.manage (仅超级管理员)	2026-04-26 12:40:25 +08:00
iven	4ab189283e	feat(health): P0 平台基座回顾 — 7项上线前必修 ... P0-1: 危急值告警消费者 — health_data.critical_alert 事件推送给责任医护 P0-2: 危急值阈值可配置化 — 硬编码改为数据库配置(critical_value_threshold表)，支持科室/年龄差异化 P0-3: daily_monitoring合并后告警验证 — update_vital_signs也触发危急值检测 P0-4: 随访逾期通知+幂等保护 — 只通知本次新标记的逾期任务，避免重复 P0-5: 知情同意记录(consent) — 新增实体/迁移/Service/Handler，PIPL合规 P0-6: 审计日志补全 — 患者更新记录前后值(过敏史/病史/状态变更) P0-7: EventBus持久化增强 — 两阶段提交(pending→published)+启动时outbox relay恢复	2026-04-26 03:37:31 +08:00
iven	eebfaac0d8	feat(core): 新增 HealthDataProvider trait + DTO 定义 ... Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-04-25 13:49:10 +08:00
iven	841766b168	fix(用户管理): 修复用户列表页面加载失败问题 ... 修复用户列表页面加载失败导致测试超时的问题，确保页面元素正确渲染	2026-04-19 08:46:28 +08:00
iven	5ba11f985f	fix(web,plugin): 前端审计修复 — 401 消除 + 统计卡片 crash + 销售漏斗 500 + antd 6 废弃 API ... - API client: proactive token refresh（请求前 30s 检查过期，提前刷新避免 401） - Plugin store: fetchPlugins promise 去重，防止 StrictMode 并发重复请求 - Home stats: 简化 useEffect 加载逻辑，修复 tagColor undefined crash - PluginGraphPage: valueStyle → styles.content, Spin tip → description（antd 6） - DashboardWidgets: trailColor → railColor（antd 6） - data_service: build_scope_sql 参数索引修复（硬编码 $100 → 动态 values.len()+1） - erp-core error: Internal 错误添加 tracing::error 日志输出	2026-04-18 20:31:49 +08:00
iven	62f17d13ad	feat(core): TenantContext 新增 department_ids 字段 ... 为行级数据权限做准备，TenantContext 新增 department_ids 字段 存储用户所属部门 ID 列表。当前阶段 JWT 中间件填充为空列表， 待 user_positions 关联表建立后补充查询逻辑。	2026-04-17 10:33:28 +08:00
iven	a6d3a0efcc	feat(plugin): 实现插件权限注册，install 时写入 permissions 表、uninstall 时软删除 ... 跨 crate 方案：erp-plugin 使用 raw SQL 操作 permissions 表， 避免直接依赖 erp-auth entity，保持模块间松耦合。 - erp-core: 新增 PermissionDescriptor 类型和 ErpModule::permissions() 方法 - erp-plugin service.rs install(): 解析 manifest.permissions，INSERT ON CONFLICT DO NOTHING - erp-plugin service.rs uninstall(): 软删除 role_permissions 关联 + permissions 记录	2026-04-16 12:42:13 +08:00
iven	ff352a4c24	feat(plugin): 集成 WASM 插件系统到主服务并修复链路问题 ... - 新增 erp-plugin crate：插件管理、WASM 运行时、动态表、数据 CRUD - 新增前端插件管理页面（PluginAdmin/PluginCRUDPage）和 API 层 - 新增插件数据迁移（plugins/plugin_entities/plugin_event_subscriptions） - 新增权限补充迁移（为已有租户补充 plugin.admin/plugin.list 权限） - 修复 PluginAdmin 页面 InstallOutlined 图标不存在的崩溃问题 - 修复 settings 唯一索引迁移顺序错误（先去重再建索引） - 更新 wiki 和 CLAUDE.md 反映插件系统集成状态 - 新增 dev.ps1 一键启动脚本	2026-04-15 23:32:02 +08:00
iven	d8a0ac7519	feat: implement on_tenant_created/deleted hooks and update ErpModule trait ... - ErpModule trait hooks now accept db and event_bus parameters - AuthModule.on_tenant_created: seeds default roles, permissions, and admin user for new tenants using existing seed_tenant_auth() - AuthModule.on_tenant_deleted: soft-deletes all users for the tenant - Updated all other modules (config, workflow, message) to match the new trait signature	2026-04-15 01:27:33 +08:00
iven	e44d6063be	feat: add utoipa path annotations to all API handlers and wire OpenAPI spec ... - Add #[utoipa::path] annotations to all 70+ handler functions across auth, config, workflow, and message modules - Add IntoParams/ToSchema derives to Pagination, PaginatedResponse, ApiResponse in erp-core, and MessageQuery/TemplateQuery in erp-message - Collect all module paths into OpenAPI spec via AuthApiDoc, ConfigApiDoc, WorkflowApiDoc, MessageApiDoc structs in erp-server main.rs - Update openapi_spec handler to merge all module specs - The /docs/openapi.json endpoint now returns complete API documentation with all endpoints, request/response schemas, and security requirements	2026-04-15 01:23:27 +08:00
iven	ee65b6e3c9	test: add 149 unit tests across core, auth, config, message crates ... Test coverage increased from ~34 to 183 tests (zero failures): - erp-core (21): version check, pagination, API response, error mapping - erp-auth (39): org tree building, DTO validation, error conversion, password hashing, user model mapping - erp-config (57): DTO validation, numbering reset logic, menu tree building, error conversion. Fixed BatchSaveMenusReq nested validation - erp-message (50): DTO validation, template rendering, query defaults, error conversion - erp-workflow (16): unchanged (parser + expression tests) All tests are pure unit tests requiring no database.	2026-04-15 01:06:34 +08:00
iven	9568dd7875	chore: apply cargo fmt across workspace and update docs ... - Run cargo fmt on all Rust crates for consistent formatting - Update CLAUDE.md with WASM plugin commands and dev.ps1 instructions - Update wiki: add WASM plugin architecture, rewrite dev environment docs - Minor frontend cleanup (unused imports)	2026-04-15 00:49:20 +08:00
iven	14f431efff	feat: systematic functional audit — fix 18 issues across Phase A/B ... Phase A (P1 production blockers): - A1: Apply IP rate limiting to public routes (login/refresh) - A2: Publish domain events for workflow instance state transitions (completed/suspended/resumed/terminated) via outbox pattern - A3: Replace hardcoded nil UUID default tenant with dynamic DB lookup - A4: Add GET /api/v1/audit-logs query endpoint with pagination - A5: Enhance CORS wildcard warning for production environments Phase B (P2 functional gaps): - B1: Remove dead erp-common crate (zero references in codebase) - B2: Refactor 5 settings pages to use typed API modules instead of direct client calls; create api/themes.ts; delete dead errors.ts - B3: Add resume/suspend buttons to InstanceMonitor page - B4: Remove unused EventHandler trait from erp-core - B5: Handle task.completed events in message module (send notifications) - B6: Wire TimeoutChecker as 60s background task - B7: Auto-skip ServiceTask nodes instead of crashing the process - B8: Remove empty register_routes() from ErpModule trait and modules	2026-04-12 15:22:28 +08:00
iven	685df5e458	feat(core): implement event outbox persistence ... Add domain_events migration and SeaORM entity. Modify EventBus::publish to persist events before broadcasting (best-effort: DB failure logs warning but still broadcasts in-memory). Update all 19 publish call sites across 4 crates to pass db reference. Add outbox relay background task that polls pending events every 5s and re-broadcasts them, ensuring no events are lost on server restart.	2026-04-12 00:10:49 +08:00
iven	db2cd24259	feat(core): add audit logging to all mutation operations ... Create audit_log SeaORM entity and audit_service::record() helper. Integrate audit recording into 35 mutation endpoints across all modules: - erp-auth: user/role/organization/department/position CRUD (15 actions) - erp-config: dictionary/menu/setting/numbering_rule CRUD (15 actions) - erp-workflow: definition/instance/task operations (8 actions) - erp-message: send/system/mark_read/delete (5 actions) Uses fire-and-forget pattern — audit failures logged but non-blocking.	2026-04-11 23:48:45 +08:00
iven	5d6e1dc394	feat(core): implement optimistic locking across all entities ... Add VersionMismatch error variant and check_version() helper to erp-core. All 13 mutable entities now enforce version checking on update/delete: - erp-auth: user, role, organization, department, position - erp-config: dictionary, dictionary_item, menu, setting, numbering_rule - erp-workflow: process_definition, process_instance, task - erp-message: message, message_subscription Update DTOs to expose version in responses and require version in update requests. HTTP 409 Conflict returned on version mismatch.	2026-04-11 23:25:43 +08:00
iven	b3c7f76b7f	fix(security): resolve audit findings and compilation errors (Phase 6) ... Security fixes: - Add startup warning for default JWT secret in config - Add enum validation for priority, recipient_type, channel fields - Add pagination size cap (max 100) via safe_page_size() - Return generic "权限不足" instead of specific permission names Compilation fixes: - Fix missing standard fields in ActiveModel for tokens/process_variables - Fix migration imports for Statement/DatabaseBackend/Uuid - Add version_field to process_definition ActiveModel Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-11 12:49:45 +08:00
iven	bddd33ac2f	feat(core): add audit log infrastructure (Phase 6) ... - Add audit_logs database migration with indexes - Add AuditLog struct in erp-core with builder pattern - Support old/new value tracking, IP address, user agent Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-11 12:31:27 +08:00
iven	0baaf5f7ee	feat(config): add system configuration module (Phase 3) ... Implement the complete erp-config crate with: - Data dictionaries (CRUD + items management) - Dynamic menus (tree structure with role filtering) - System settings (hierarchical: platform > tenant > org > user) - Numbering rules (concurrency-safe via PostgreSQL advisory_lock) - Theme and language configuration (via settings store) - 6 database migrations (dictionaries, menus, settings, numbering_rules) - Frontend Settings page with 5 tabs (dictionary, menu, numbering, settings, theme) Refactor: move RBAC functions (require_permission) from erp-auth to erp-core to avoid cross-module dependencies. Add 20 new seed permissions for config module operations.	2026-04-11 08:09:19 +08:00
iven	3afd732de8	feat(auth): add handlers, JWT middleware, RBAC, and module registration ... - Auth handlers: login/refresh/logout + user CRUD with tenant isolation - JWT middleware: Bearer token validation → TenantContext injection - RBAC helpers: require_permission, require_any_permission, require_role - AuthModule: implements ErpModule with public/protected route split - AuthState: FromRef pattern avoids circular deps between erp-auth and erp-server - Server: public routes (health+login+refresh) + protected routes (JWT middleware) - ErpModule trait: added as_any() for downcast support - Workspace: added async-trait, sha2 dependencies	2026-04-11 03:22:04 +08:00
iven	810eef769f	feat(server): integrate AppState, ModuleRegistry, health check, and graceful shutdown ... - Add AppState with DB, Config, EventBus, ModuleRegistry via Axum State - ModuleRegistry now uses Arc for Clone support, builder-pattern register() - Add /api/v1/health endpoint returning status, version, registered modules - Add graceful shutdown on CTRL+C / SIGTERM - erp-common utils: ID generation, timestamp helpers, code generator with tests - Config structs now derive Clone for state sharing - Update wiki to reflect Phase 1 completion	2026-04-11 01:19:30 +08:00
iven	5901ee82f0	feat: complete Phase 1 infrastructure ... - erp-core: error types, shared types, event bus, ErpModule trait - erp-server: config loading, database/Redis connections, migrations - erp-server/migration: tenants table with SeaORM - apps/web: Vite + React 18 + TypeScript + Ant Design 5 + TailwindCSS - Web frontend: main layout with sidebar, header, routing - Docker: PostgreSQL 16 + Redis 7 development environment - All workspace crates compile successfully (cargo check passes)	2026-04-11 01:07:31 +08:00
iven	eb856b1d73	feat: 初始化ERP平台底座项目结构 ... - 添加基础crate结构(erp-core, erp-common) - 实现核心模块trait和事件总线 - 配置Docker开发环境(PostgreSQL+Redis) - 添加Tauri桌面端基础框架 - 设置CI/CD工作流 - 编写项目协作规范文档(CLAUDE.md)	2026-04-10 23:40:38 +08:00