Phase 5 Xendit: Stages 1-7 (XENDIT_ENABLED=false; Stage 8 pending creds)

Backend
- payment_sessions → payment_requests rename across DB schema + 29 files
- payment.service.js becomes product-agnostic owner: EventEmitter +
  Xendit wrapper + requestPayment / confirmPayment public API; legacy
  aliases retained for existing chat callers
- Webhook handler at POST /api/shared/payment/webhooks/xendit, with
  constant-time token verification (8 vitest cases)
- Server-driven pairing: payment.service emits
  payment_request.confirmed → pairing subscriber starts the blast.
  Legacy POST /chat/request still works during the cutover.
- Reconciliation sweeper extended (re-emits events for confirmed rows
  with no chat session)
- SIGTERM drain + startup reconciliation pass in server.js

Customer app
- waiting_payment_screen opens xendit_invoice_url via
  LaunchMode.inAppBrowserView
- searching / no-bestie / targeted-waiting / pairing-notifier updated
  to consume the new payment_request_id contract
- pending_payments_provider + bestie-unavailable dialog migrated

Dev / testing
- XENDIT_ENABLED=false is the safe default; .env.example documents the
  four new vars
- backend/.dev/xendit-fake-webhook.sh exercises the handler without
  ngrok
- 90/92 backend tests pass (two pre-existing session-timer flakes,
  unrelated); client_app analyzer clean
- requirement/phase5-xendit-plan.md is the canonical reference

Stage 8 (live E2E) blocked on Xendit test-mode keys. The dashboard's
single-webhook-URL constraint will be worked around via a self-poll
script next session.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

client_app/lib/core/chat/session_closure_notifier.dart

@@ -48,14 +48,14 @@ class SessionClosure extends _$SessionClosure {
   SessionClosureData build() => const ClosureInitialData();
 
   /// Extension request is a 3-step flow with the extension cost held in its
-  /// own `payment_session` (never combined with a free trial). Server-side,
+  /// own `payment_request` (never combined with a free trial). Server-side,
   /// the extension service refuses requests without an
-  /// `extension_payment_session_id` on a confirmed, is_extension payment session.
+  /// `extension_payment_request_id` on a confirmed, is_extension payment session.
   ///
-  /// 1. POST `/api/client/payment-sessions` with `is_extension: true`
-  /// 2. POST `/api/client/payment-sessions/:id/confirm`
+  /// 1. POST `/api/client/payment-requests` with `is_extension: true`
+  /// 2. POST `/api/client/payment-requests/:id/confirm`
   /// 3. POST `/api/client/chat/session/:sessionId/extend` with the
-  ///    extension_payment_session_id from step 2.
+  ///    extension_payment_request_id from step 2.
   ///
   /// Charge timing is server-side: only on actual approve / auto-approve.
   /// If the mitra explicitly rejects within 10s the payment is failed back, no charge.
@@ -64,15 +64,15 @@ class SessionClosure extends _$SessionClosure {
     try {
       final api = ref.read(apiClientProvider);
 
-      final createResp = await api.post('/api/client/payment-sessions/', data: {
+      final createResp = await api.post('/api/client/payment-requests/', data: {
         'duration_minutes': durationMinutes,
         'is_extension': true,
       });
-      final paymentSessionId = (createResp['data'] as Map<String, dynamic>)['id'] as String;
+      final paymentRequestId = (createResp['data'] as Map<String, dynamic>)['id'] as String;
 
       // Backend rejects truly empty bodies on confirm, so always send `{}`.
       await api.post(
-        '/api/client/payment-sessions/$paymentSessionId/confirm',
+        '/api/client/payment-requests/$paymentRequestId/confirm',
         data: const <String, dynamic>{},
       );
 
@@ -81,7 +81,7 @@ class SessionClosure extends _$SessionClosure {
       await api.post('/api/client/chat/session/$sessionId/extend', data: {
         'duration_minutes': durationMinutes,
         'price': price,
-        'extension_payment_session_id': paymentSessionId,
+        'extension_payment_request_id': paymentRequestId,
       });
     } catch (e) {
       state = const ClosureErrorData('Gagal meminta perpanjangan.');