Phase 4 Stage 2: onboarding redesign (client_app + mitra_app)

Verif Choice Sheet on display_name_screen drives the user into either
the verified or anonymous onboarding sub-flow. ESP screen (12 chips,
multi-select, info-only) + USP screen are shared between both branches;
selections persist through to chat_sessions.topics on session start.

OTP-blocked popup (HaloPopup) listens for the four real OTP-rate-limit
error codes (OTP_RATE_LIMIT_PHONE, OTP_RATE_LIMIT_IP, OTP_COOLDOWN,
OTP_ATTEMPTS_EXCEEDED) and drops the user onto the anonymous path with
ESP/USP state preserved.

Auth-providers gating replaces the --dart-define=ENABLE_SOCIAL_AUTH
build flag with server-driven discovery. authProvidersProvider preloads
GET /api/shared/auth-providers at cold start; welcome/register/
force-register screens render Google/Apple buttons only when the
backend reports enabled:true. Falls back to phone-OTP-only when both
providers are off. social_auth_enabled.dart deleted; client_app/CLAUDE.md
updated to reflect the new gating contract.

Mitra app: chat screen renders an ESP chip strip above the first message
bubble when chat_sessions.topics is non-empty.

Backend session.service.js getSessionById SELECTs cs.topics so the mitra
side can read the customer's selected topics.

Maestro flows 02_onboarding_verified.yaml + 03_onboarding_anon.yaml.

Deviation from plan: plan referenced OTP error code 'otp_retry_exhausted';
real codes are OTP_RATE_LIMIT_*/OTP_COOLDOWN/OTP_ATTEMPTS_EXCEEDED -
popup listens for all four. Plan said 'has_paid_first_session'; live
endpoint returns 'has_consulted_before' - used the live field.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

client_app/lib/core/auth/auth_providers_provider.dart

@@ -0,0 +1,51 @@
+import 'package:flutter_riverpod/flutter_riverpod.dart';
+import 'package:riverpod_annotation/riverpod_annotation.dart';
+import '../api/api_client_provider.dart';
+
+part 'auth_providers_provider.g.dart';
+
+class AuthProvidersConfig {
+  final bool google;
+  final bool apple;
+  final bool phone;
+
+  const AuthProvidersConfig({
+    required this.google,
+    required this.apple,
+    required this.phone,
+  });
+
+  /// Conservative fallback used when the network probe fails. Phone OTP is
+  /// always available; social sign-in is hidden until the backend confirms.
+  static const fallback = AuthProvidersConfig(
+    google: false,
+    apple: false,
+    phone: true,
+  );
+
+  bool get hasAnySocial => google || apple;
+}
+
+/// Cached server-driven flag set for which auth entry points are wired up.
+///
+/// Replaces the old `--dart-define=ENABLE_SOCIAL_AUTH` build flag: the client
+/// now reads `GET /api/shared/auth-providers` once on cold start and hides
+/// Google/Apple buttons when the corresponding flag is `false`.
+@Riverpod(keepAlive: true)
+Future<AuthProvidersConfig> authProviders(Ref ref) async {
+  try {
+    final response = await ref.read(apiClientProvider).get('/api/shared/auth-providers');
+    final data = response['data'] as Map<String, dynamic>?;
+    if (data == null) return AuthProvidersConfig.fallback;
+    final google = data['google'] as Map<String, dynamic>?;
+    final apple = data['apple'] as Map<String, dynamic>?;
+    final phone = data['phone'] as Map<String, dynamic>?;
+    return AuthProvidersConfig(
+      google: (google?['enabled'] as bool?) ?? false,
+      apple: (apple?['enabled'] as bool?) ?? false,
+      phone: (phone?['enabled'] as bool?) ?? true,
+    );
+  } catch (_) {
+    return AuthProvidersConfig.fallback;
+  }
+}

client_app/lib/core/auth/auth_providers_provider.g.dart

@@ -0,0 +1,33 @@
+// GENERATED CODE - DO NOT MODIFY BY HAND
+
+part of 'auth_providers_provider.dart';
+
+// **************************************************************************
+// RiverpodGenerator
+// **************************************************************************
+
+String _$authProvidersHash() => r'cadec65217f3280bbd1b36568eefb93a7fcdd6f9';
+
+/// Cached server-driven flag set for which auth entry points are wired up.
+///
+/// Replaces the old `--dart-define=ENABLE_SOCIAL_AUTH` build flag: the client
+/// now reads `GET /api/shared/auth-providers` once on cold start and hides
+/// Google/Apple buttons when the corresponding flag is `false`.
+///
+/// Copied from [authProviders].
+@ProviderFor(authProviders)
+final authProvidersProvider = FutureProvider<AuthProvidersConfig>.internal(
+  authProviders,
+  name: r'authProvidersProvider',
+  debugGetCreateSourceHash: const bool.fromEnvironment('dart.vm.product')
+      ? null
+      : _$authProvidersHash,
+  dependencies: null,
+  allTransitiveDependencies: null,
+);
+
+@Deprecated('Will be removed in 3.0. Use Ref instead')
+// ignore: unused_element
+typedef AuthProvidersRef = FutureProviderRef<AuthProvidersConfig>;
+// ignore_for_file: type=lint
+// ignore_for_file: subtype_of_sealed_class, invalid_use_of_internal_member, invalid_use_of_visible_for_testing_member, deprecated_member_use_from_same_package

client_app/lib/core/auth/social_auth_enabled.dart

@@ -1,7 +0,0 @@
-/// Build-time flag controlling whether Google / Apple sign-in buttons
-/// are shown. Default: false until backend OAuth credentials are
-/// provisioned. Enable with `--dart-define=ENABLE_SOCIAL_AUTH=true`.
-const bool kSocialAuthEnabled = bool.fromEnvironment(
-  'ENABLE_SOCIAL_AUTH',
-  defaultValue: false,
-);

client_app/lib/core/availability/mitra_availability_notifier.g.dart

@@ -6,9 +6,9 @@ part of 'mitra_availability_notifier.dart';
 // RiverpodGenerator
 // **************************************************************************
 
-String _$mitraAvailabilityHash() => r'7429862ccffbae1fc7bbe7368359e1624fe28ec9';
+String _$mitraAvailabilityHash() => r'036de8fea66c6a0114abd4a422af12186c1447d7';
 
-/// Phase 3.7 §1: customer-home availability poll.
+/// Customer-home availability poll.
 ///
 /// Polls `GET /api/client/mitra-availability` every 5 seconds while the home
 /// screen is in the foreground. Polling is gated by the home screen calling
@@ -16,10 +16,10 @@ String _$mitraAvailabilityHash() => r'7429862ccffbae1fc7bbe7368359e1624fe28ec9';
 ///   - resumed   → setActive(true)
 ///   - paused/inactive → setActive(false)
 ///
-/// On any HTTP error we emit `false` (PRD §1.3: never display stale state).
+/// On any HTTP error we emit `false` (never display stale state).
 ///
-/// The endpoint also returns a `count`, but per PRD §1.3 the customer UI must
-/// only read the binary `available` field — the count is for CC/debug only.
+/// The endpoint also returns a `count`, but the customer UI must only read the
+/// binary `available` field — the count is for CC/debug only.
 ///
 /// Copied from [MitraAvailability].
 @ProviderFor(MitraAvailability)

client_app/lib/core/chat/session_closure_notifier.g.dart

@@ -6,7 +6,7 @@ part of 'session_closure_notifier.dart';
 // RiverpodGenerator
 // **************************************************************************
 
-String _$sessionClosureHash() => r'f238e4098aefdd942314a13eb3fb77ed19cd2b77';
+String _$sessionClosureHash() => r'521e57f74805faf01f11778872cb37ceae683a5b';
 
 /// See also [SessionClosure].
 @ProviderFor(SessionClosure)

client_app/lib/core/pairing/pairing_notifier.g.dart

@@ -6,7 +6,7 @@ part of 'pairing_notifier.dart';
 // RiverpodGenerator
 // **************************************************************************
 
-String _$pairingHash() => r'0fe1e5646fe70b90f5489919ec8dd557c998daad';
+String _$pairingHash() => r'd39980fe5b82348d03485006d0534ab597b93ceb';
 
 /// See also [Pairing].
 @ProviderFor(Pairing)