Phase 3.7: paid pairing flow + returning chat + extension flip

- Backend: payment_sessions + pairing_failures tables; payment.service.js
  and pairing-failure.service.js (new); rewritten pairing.service.js
  (payment-gated blast + targeted "Curhat lagi" + cancel + fallback);
  rewritten extension.service.js (data-driven auto-approve with offline
  safeguard, charge-at-approval); pricing.service.js (extension tiers
  without free trial); mitra-status.service.js (countAvailableMitras
  cached path); 60s sweeper for stale payment sessions
- Backend routes: client.payment.routes, client.mitra-availability.routes,
  internal/failed-pairings.routes; client.chat.routes rewritten for
  payment-gated start + /returning + /cancel + /fallback-to-blast;
  internal/config.routes adds 4 new keys with Valkey invalidate publish
- client_app: mitra-availability poll, payment screen + notifier, pairing
  notifier rewrite (PairingTargetedWaiting + PairingFailed states),
  targeted-waiting overlay + bestie-unavailable dialog, "Curhat lagi"
  CTA, failed-pairing terminal, extension via payment-session
- mitra_app: PairingRequestType enum, returning-chat 20s countdown
  auto-dismiss, extension card "otomatis disetujui" copy
- control_center: 4 new config rows in Settings, Failed Pairings page
  (filter + paginate + action menu), sidebar + route registered
- Test infrastructure: Vitest backend (7/7 pass), Playwright CC (4/4
  pass), Maestro mobile scaffold (CLI install pending)
- Bugs found via Playwright + fixed: LoginPage labels not associated
  with inputs (a11y); backend internal CORS missing PATCH/PUT/DELETE
  in allow-methods (silent settings breakage in browsers since Stage 4)
- Docs: phase3.7.md PRD, phase3.7-plan.md, phase3.7-questions.md (Q&A),
  phase3.7-testing.md (E2E checklist), phase3.7-test-run-2026-05-03.md
  (today's run results)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

mitra_app/.maestro/scripts/customer_blast_now.sh

@@ -0,0 +1,36 @@
+#!/usr/bin/env bash
+# Seed a confirmed payment_session for the test customer and fire a general blast.
+# Used by Maestro flows that drive the mitra side and need a customer's request to
+# arrive without running a second app.
+#
+# Reads from .maestro/config.yaml env (BACKEND_URL, TEST_CUSTOMER_ID, TEST_CUSTOMER_JWT).
+
+set -euo pipefail
+
+: "${BACKEND_URL:?BACKEND_URL must be set in .maestro/config.yaml}"
+: "${TEST_CUSTOMER_JWT:?TEST_CUSTOMER_JWT must be set in .maestro/config.yaml}"
+
+# Step 1: create a payment session (paid tier, 30 minutes)
+echo "Creating payment session..."
+ps_response=$(curl -fsSL -X POST "$BACKEND_URL/api/client/payment-sessions" \
+  -H "Authorization: Bearer $TEST_CUSTOMER_JWT" \
+  -H "Content-Type: application/json" \
+  -d '{"duration_minutes": 30}')
+payment_session_id=$(echo "$ps_response" | jq -r '.data.id')
+echo "  payment_session_id=$payment_session_id"
+
+# Step 2: confirm the payment session
+echo "Confirming payment session..."
+curl -fsSL -X POST "$BACKEND_URL/api/client/payment-sessions/$payment_session_id/confirm" \
+  -H "Authorization: Bearer $TEST_CUSTOMER_JWT" \
+  -H "Content-Type: application/json" \
+  -d '{}' > /dev/null
+
+# Step 3: fire the chat request (general blast)
+echo "Firing general blast..."
+curl -fsSL -X POST "$BACKEND_URL/api/client/chat-requests" \
+  -H "Authorization: Bearer $TEST_CUSTOMER_JWT" \
+  -H "Content-Type: application/json" \
+  -d "{\"payment_session_id\":\"$payment_session_id\",\"topic_sensitivity\":\"regular\"}" > /dev/null
+
+echo "OK — blast fired. Mitra should receive the WS event within ~1s."