Phase 5 Xendit: Stages 1-7 (XENDIT_ENABLED=false; Stage 8 pending creds)

Backend
- payment_sessions → payment_requests rename across DB schema + 29 files
- payment.service.js becomes product-agnostic owner: EventEmitter +
  Xendit wrapper + requestPayment / confirmPayment public API; legacy
  aliases retained for existing chat callers
- Webhook handler at POST /api/shared/payment/webhooks/xendit, with
  constant-time token verification (8 vitest cases)
- Server-driven pairing: payment.service emits
  payment_request.confirmed → pairing subscriber starts the blast.
  Legacy POST /chat/request still works during the cutover.
- Reconciliation sweeper extended (re-emits events for confirmed rows
  with no chat session)
- SIGTERM drain + startup reconciliation pass in server.js

Customer app
- waiting_payment_screen opens xendit_invoice_url via
  LaunchMode.inAppBrowserView
- searching / no-bestie / targeted-waiting / pairing-notifier updated
  to consume the new payment_request_id contract
- pending_payments_provider + bestie-unavailable dialog migrated

Dev / testing
- XENDIT_ENABLED=false is the safe default; .env.example documents the
  four new vars
- backend/.dev/xendit-fake-webhook.sh exercises the handler without
  ngrok
- 90/92 backend tests pass (two pre-existing session-timer flakes,
  unrelated); client_app analyzer clean
- requirement/phase5-xendit-plan.md is the canonical reference

Stage 8 (live E2E) blocked on Xendit test-mode keys. The dashboard's
single-webhook-URL constraint will be worked around via a self-poll
script next session.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

backend/test/services/extension.service.test.js

@@ -70,7 +70,7 @@ describe('extension.service — EXTENSION_RESPONSE payload', () => {
     // Pending extension row tied to that payment.
     const [extension] = await sql`
       INSERT INTO session_extensions (
-        session_id, requested_duration_minutes, requested_price, status, payment_session_id
+        session_id, requested_duration_minutes, requested_price, status, payment_request_id
       )
       VALUES (${session.id}, 10, 9000, ${ExtensionStatus.PENDING}, ${extPay.id})
       RETURNING id
@@ -119,7 +119,7 @@ describe('extension.service — EXTENSION_RESPONSE payload', () => {
     await confirmPaymentSession(extPay.id, customer.id)
     const [extension] = await sql`
       INSERT INTO session_extensions (
-        session_id, requested_duration_minutes, requested_price, status, payment_session_id
+        session_id, requested_duration_minutes, requested_price, status, payment_request_id
       )
       VALUES (${session.id}, 10, 9000, ${ExtensionStatus.PENDING}, ${extPay.id})
       RETURNING id

backend/test/services/pairing.service.test.js

@@ -36,7 +36,7 @@ const { createPaymentSession, confirmPaymentSession } = await import('../../src/
 const {
   WsMessage,
   PairingFailureCause,
-  PaymentSessionStatus,
+  PaymentRequestStatus,
   SessionStatus,
 } = await import('../../src/constants.js')
 const { db, resetDb, resetAppConfig } = await import('../helpers/db.js')
@@ -72,7 +72,7 @@ describe('pairing.service', () => {
 
     // Act: customer fires the general blast — only one mitra is online.
     const session = await createPairingRequest(customer.id, {
-      paymentSessionId: pay.id,
+      paymentRequestId: pay.id,
     })
     expect(session.status).toBe(SessionStatus.PENDING_ACCEPTANCE)
 
@@ -83,15 +83,15 @@ describe('pairing.service', () => {
     // Assert: pairing_failures audit row carries ALL_MITRAS_REJECTED.
     const sql = db()
     const failures = await sql`
-      SELECT cause_tag FROM pairing_failures WHERE payment_session_id = ${pay.id}
+      SELECT cause_tag FROM pairing_failures WHERE payment_request_id = ${pay.id}
     `
     expect(failures).toHaveLength(1)
     expect(failures[0].cause_tag).toBe(PairingFailureCause.ALL_MITRAS_REJECTED)
 
     // Payment session stays CONFIRMED — the customer can re-blast on the same
     // payment via the S7 Timeout "coba cari lagi" CTA.
-    const [paySession] = await sql`SELECT status FROM payment_sessions WHERE id = ${pay.id}`
-    expect(paySession.status).toBe(PaymentSessionStatus.CONFIRMED)
+    const [payRequest] = await sql`SELECT status FROM payment_requests WHERE id = ${pay.id}`
+    expect(payRequest.status).toBe(PaymentRequestStatus.CONFIRMED)
 
     // Customer was notified with PAIRING_FAILED carrying is_terminal=false so
     // the client renders the retryable variant of the S7 timeout screen.
@@ -112,7 +112,7 @@ describe('pairing.service', () => {
     })
     await confirmPaymentSession(pay.id, customer.id)
     const session = await createPairingRequest(customer.id, {
-      paymentSessionId: pay.id,
+      paymentRequestId: pay.id,
     })
 
     // Act: customer cancels.
@@ -131,7 +131,7 @@ describe('pairing.service', () => {
     // Payment session is still terminated (CUSTOMER_CANCELLED) — the failure row exists
     // for ops accounting, just no real-time push to the customer who initiated the cancel.
     const sql = db()
-    const failures = await sql`SELECT cause_tag FROM pairing_failures WHERE payment_session_id = ${pay.id}`
+    const failures = await sql`SELECT cause_tag FROM pairing_failures WHERE payment_request_id = ${pay.id}`
     expect(failures).toHaveLength(1)
     expect(failures[0].cause_tag).toBe(PairingFailureCause.CUSTOMER_CANCELLED)
   })

backend/test/services/payment.service.test.js

@@ -5,7 +5,7 @@ import {
   getPaymentSession,
   getCustomerPendingPayments,
 } from '../../src/services/payment.service.js'
-import { PaymentSessionStatus, SessionStatus } from '../../src/constants.js'
+import { PaymentRequestStatus, SessionStatus } from '../../src/constants.js'
 import { resetDb, resetAppConfig, db } from '../helpers/db.js'
 import { createCustomer, createMitra } from '../helpers/fixtures.js'
 
@@ -35,7 +35,7 @@ describe('payment.service', () => {
       amount: 30000,
     })
 
-    expect(session.status).toBe(PaymentSessionStatus.PENDING)
+    expect(session.status).toBe(PaymentRequestStatus.PENDING)
     expect(session.customer_id).toBe(customer.id)
     expect(session.duration_minutes).toBe(15)
     expect(session.amount).toBe(30000)
@@ -47,7 +47,7 @@ describe('payment.service', () => {
     // Verify it's actually persisted (not just returned from the INSERT)
     const reloaded = await getPaymentSession(session.id)
     expect(reloaded.id).toBe(session.id)
-    expect(reloaded.status).toBe(PaymentSessionStatus.PENDING)
+    expect(reloaded.status).toBe(PaymentRequestStatus.PENDING)
   })
 
   it('confirmPaymentSession transitions pending → confirmed', async () => {
@@ -56,11 +56,11 @@ describe('payment.service', () => {
       durationMinutes: 30,
       amount: 60000,
     })
-    expect(session.status).toBe(PaymentSessionStatus.PENDING)
+    expect(session.status).toBe(PaymentRequestStatus.PENDING)
 
     const confirmed = await confirmPaymentSession(session.id, customer.id)
 
-    expect(confirmed.status).toBe(PaymentSessionStatus.CONFIRMED)
+    expect(confirmed.status).toBe(PaymentRequestStatus.CONFIRMED)
     expect(confirmed.confirmed_at).toBeTruthy()
     expect(new Date(confirmed.confirmed_at).getTime()).toBeGreaterThan(0)
   })
@@ -81,7 +81,7 @@ describe('payment.service', () => {
 
     // Row should still be pending — the failed confirm must not have side effects.
     const reloaded = await getPaymentSession(session.id)
-    expect(reloaded.status).toBe(PaymentSessionStatus.PENDING)
+    expect(reloaded.status).toBe(PaymentRequestStatus.PENDING)
     expect(reloaded.confirmed_at).toBeNull()
   })
 
@@ -148,7 +148,7 @@ describe('payment.service', () => {
 
       await sql`
         INSERT INTO session_extensions (
-          session_id, requested_duration_minutes, requested_price, status, payment_session_id
+          session_id, requested_duration_minutes, requested_price, status, payment_request_id
         )
         VALUES (${chatSession.id}, 10, 2500, 'pending', ${extPay.id})
       `
@@ -188,7 +188,7 @@ describe('payment.service', () => {
         isExtension: true,
       })
       await sql`
-        INSERT INTO session_extensions (session_id, requested_duration_minutes, requested_price, status, payment_session_id)
+        INSERT INTO session_extensions (session_id, requested_duration_minutes, requested_price, status, payment_request_id)
         VALUES (${chatSession.id}, 10, 2500, 'pending', ${extension.id})
       `
 
@@ -209,7 +209,7 @@ describe('payment.service', () => {
       // Manually move expires_at into the past — leaves status pending so this
       // simulates the gap between TTL expiry and the next sweep tick.
       await sql`
-        UPDATE payment_sessions
+        UPDATE payment_requests
         SET expires_at = NOW() - INTERVAL '1 second'
         WHERE id = ${pay.id}
       `