feat: initialize Nuanji (Warm Notes) project

- Base platform from base.git (ERP base: auth, core, config, message, workflow, plugin)
- Created erp-diary module skeleton (lib.rs, dto.rs, error.rs, event.rs, state.rs)
- Integrated erp-diary into workspace and erp-server
- Added DiaryModule registration in main.rs
- Added DiaryState FromRef in state.rs
- Diary routes mounted (empty routes, ready for implementation)
- Product design spec v1.2 preserved in docs/
- Implementation plan preserved in plans/

Cargo check: OK
Cargo test: OK (78+ base tests passing)

crates/erp-workflow/src/handler/definition_handler.rs

@@ -0,0 +1,200 @@
+use axum::Extension;
+use axum::extract::{FromRef, Path, Query, State};
+use axum::response::Json;
+use validator::Validate;
+
+use erp_core::error::AppError;
+use erp_core::rbac::require_permission;
+use erp_core::types::{ApiResponse, PaginatedResponse, Pagination, TenantContext};
+use uuid::Uuid;
+
+use crate::dto::{CreateProcessDefinitionReq, ProcessDefinitionResp, UpdateProcessDefinitionReq};
+use crate::service::definition_service::DefinitionService;
+use crate::workflow_state::WorkflowState;
+
+#[utoipa::path(
+    get,
+    path = "/api/v1/workflow/definitions",
+    params(Pagination),
+    responses(
+        (status = 200, description = "成功", body = ApiResponse<PaginatedResponse<ProcessDefinitionResp>>),
+        (status = 401, description = "未授权"),
+        (status = 403, description = "权限不足"),
+    ),
+    security(("bearer_auth" = [])),
+    tag = "流程定义"
+)]
+/// GET /api/v1/workflow/definitions
+pub async fn list_definitions<S>(
+    State(state): State<WorkflowState>,
+    Extension(ctx): Extension<TenantContext>,
+    Query(pagination): Query<Pagination>,
+) -> Result<Json<ApiResponse<PaginatedResponse<ProcessDefinitionResp>>>, AppError>
+where
+    WorkflowState: FromRef<S>,
+    S: Clone + Send + Sync + 'static,
+{
+    require_permission(&ctx, "workflow.list")?;
+
+    let (defs, total) = DefinitionService::list(ctx.tenant_id, &pagination, &state.db).await?;
+
+    let page = pagination.page.unwrap_or(1);
+    let page_size = pagination.limit();
+    let total_pages = total.div_ceil(page_size);
+
+    Ok(Json(ApiResponse::ok(PaginatedResponse {
+        data: defs,
+        total,
+        page,
+        page_size,
+        total_pages,
+    })))
+}
+
+#[utoipa::path(
+    post,
+    path = "/api/v1/workflow/definitions",
+    request_body = CreateProcessDefinitionReq,
+    responses(
+        (status = 200, description = "成功", body = ApiResponse<ProcessDefinitionResp>),
+        (status = 401, description = "未授权"),
+        (status = 403, description = "权限不足"),
+    ),
+    security(("bearer_auth" = [])),
+    tag = "流程定义"
+)]
+/// POST /api/v1/workflow/definitions
+pub async fn create_definition<S>(
+    State(state): State<WorkflowState>,
+    Extension(ctx): Extension<TenantContext>,
+    Json(req): Json<CreateProcessDefinitionReq>,
+) -> Result<Json<ApiResponse<ProcessDefinitionResp>>, AppError>
+where
+    WorkflowState: FromRef<S>,
+    S: Clone + Send + Sync + 'static,
+{
+    require_permission(&ctx, "workflow.create")?;
+    req.validate()
+        .map_err(|e| AppError::Validation(e.to_string()))?;
+
+    let resp = DefinitionService::create(
+        ctx.tenant_id,
+        ctx.user_id,
+        &req,
+        &state.db,
+        &state.event_bus,
+    )
+    .await?;
+
+    Ok(Json(ApiResponse::ok(resp)))
+}
+
+#[utoipa::path(
+    get,
+    path = "/api/v1/workflow/definitions/{id}",
+    params(("id" = Uuid, Path, description = "流程定义ID")),
+    responses(
+        (status = 200, description = "成功", body = ApiResponse<ProcessDefinitionResp>),
+        (status = 401, description = "未授权"),
+        (status = 403, description = "权限不足"),
+        (status = 404, description = "流程定义不存在"),
+    ),
+    security(("bearer_auth" = [])),
+    tag = "流程定义"
+)]
+/// GET /api/v1/workflow/definitions/{id}
+pub async fn get_definition<S>(
+    State(state): State<WorkflowState>,
+    Extension(ctx): Extension<TenantContext>,
+    Path(id): Path<Uuid>,
+) -> Result<Json<ApiResponse<ProcessDefinitionResp>>, AppError>
+where
+    WorkflowState: FromRef<S>,
+    S: Clone + Send + Sync + 'static,
+{
+    require_permission(&ctx, "workflow.read")?;
+
+    let resp = DefinitionService::get_by_id(id, ctx.tenant_id, &state.db).await?;
+    Ok(Json(ApiResponse::ok(resp)))
+}
+
+#[utoipa::path(
+    put,
+    path = "/api/v1/workflow/definitions/{id}",
+    params(("id" = Uuid, Path, description = "流程定义ID")),
+    request_body = UpdateProcessDefinitionReq,
+    responses(
+        (status = 200, description = "成功", body = ApiResponse<ProcessDefinitionResp>),
+        (status = 401, description = "未授权"),
+        (status = 403, description = "权限不足"),
+        (status = 404, description = "流程定义不存在"),
+    ),
+    security(("bearer_auth" = [])),
+    tag = "流程定义"
+)]
+/// PUT /api/v1/workflow/definitions/{id}
+pub async fn update_definition<S>(
+    State(state): State<WorkflowState>,
+    Extension(ctx): Extension<TenantContext>,
+    Path(id): Path<Uuid>,
+    Json(req): Json<UpdateProcessDefinitionReq>,
+) -> Result<Json<ApiResponse<ProcessDefinitionResp>>, AppError>
+where
+    WorkflowState: FromRef<S>,
+    S: Clone + Send + Sync + 'static,
+{
+    require_permission(&ctx, "workflow.update")?;
+
+    let resp = DefinitionService::update(id, ctx.tenant_id, ctx.user_id, &req, &state.db).await?;
+    Ok(Json(ApiResponse::ok(resp)))
+}
+
+#[utoipa::path(
+    post,
+    path = "/api/v1/workflow/definitions/{id}/publish",
+    params(("id" = Uuid, Path, description = "流程定义ID")),
+    responses(
+        (status = 200, description = "成功", body = ApiResponse<ProcessDefinitionResp>),
+        (status = 401, description = "未授权"),
+        (status = 403, description = "权限不足"),
+        (status = 404, description = "流程定义不存在"),
+    ),
+    security(("bearer_auth" = [])),
+    tag = "流程定义"
+)]
+/// POST /api/v1/workflow/definitions/{id}/publish
+pub async fn publish_definition<S>(
+    State(state): State<WorkflowState>,
+    Extension(ctx): Extension<TenantContext>,
+    Path(id): Path<Uuid>,
+) -> Result<Json<ApiResponse<ProcessDefinitionResp>>, AppError>
+where
+    WorkflowState: FromRef<S>,
+    S: Clone + Send + Sync + 'static,
+{
+    require_permission(&ctx, "workflow.publish")?;
+
+    let resp =
+        DefinitionService::publish(id, ctx.tenant_id, ctx.user_id, &state.db, &state.event_bus)
+            .await?;
+
+    Ok(Json(ApiResponse::ok(resp)))
+}
+
+pub async fn deprecate_definition<S>(
+    State(state): State<WorkflowState>,
+    Extension(ctx): Extension<TenantContext>,
+    Path(id): Path<Uuid>,
+) -> Result<Json<ApiResponse<ProcessDefinitionResp>>, AppError>
+where
+    WorkflowState: FromRef<S>,
+    S: Clone + Send + Sync + 'static,
+{
+    require_permission(&ctx, "workflow.publish")?;
+
+    let resp =
+        DefinitionService::deprecate(id, ctx.tenant_id, ctx.user_id, &state.db, &state.event_bus)
+            .await?;
+
+    Ok(Json(ApiResponse::ok(resp)))
+}