Phase 4 Stage 1: backend foundation (additive endpoints + schema)

Schema (idempotent migration):
- payment_sessions.is_free_trial -> is_first_session_discount (data copied)
- payment_sessions.mode TEXT NOT NULL DEFAULT 'chat' CHECK (chat|call)
- chat_sessions.topics TEXT[] for ESP picks (info-only)

New endpoints:
- GET /api/client/onboarding-state (drives verif sheet + S6 paywall gate)
- GET /api/client/chat-pricing (rewrite: chat+call groups + first-session
  discount block, per-customer eligibility)
- GET /api/shared/auth-providers (env-probed; replaces ENABLE_SOCIAL_AUTH
  build flag — frontend cutover lands in stage 2)
- GET /api/client/support-handles (Tanya Admin handles, CC-config-driven)

session_warning WS event fires once at 180s remaining.

app_config seeds (mock pricing tiers, first-session discount, support
handles, payment method order, end-session 2-step toggle).

CC SettingsPage: 3 new sections (first-session discount, pricing tiers
JSON editors, support handles).

15/15 Vitest passing. chat_sessions.is_free_trial also renamed for
consistency (plan only specified payment_sessions; pairing.service.js
read both).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

backend/src/routes/public/client.onboarding.routes.js

@@ -0,0 +1,60 @@
+import { authenticate } from '../../plugins/auth.js'
+import { getCustomerById } from '../../services/customer.service.js'
+import { isCustomerEligibleForFirstSessionDiscount } from '../../services/pricing.service.js'
+import { getDb } from '../../db/client.js'
+import { UserType, SessionStatus } from '../../constants.js'
+
+const sql = getDb()
+
+/**
+ * Phase 4 onboarding-state endpoint. Drives:
+ *   - Verif Choice Sheet visibility on the post-name screen.
+ *   - S6 paywall vs Pilih cara routing decision.
+ *
+ * Eligibility predicate (server-authoritative — client never decides):
+ *   first_session_discount_enabled AND phone-verified AND no completed sessions.
+ *
+ * NOTE: deviates from the plan's `users.phone_verified_at` reference — there is no
+ * such column. `customers.phone IS NOT NULL` is equivalent in this schema (phone is
+ * only ever set by the OTP-verify path).
+ */
+export const clientOnboardingRoutes = async (app) => {
+  app.get('/onboarding-state', { preHandler: authenticate }, async (request, reply) => {
+    if (request.auth?.userType !== UserType.CUSTOMER) {
+      return reply.code(403).send({
+        success: false,
+        error: { code: 'FORBIDDEN', message: 'Customer account required' },
+      })
+    }
+    const customer = await getCustomerById(request.auth.userId)
+    if (!customer) {
+      return reply.code(404).send({
+        success: false,
+        error: { code: 'ACCOUNT_NOT_FOUND', message: 'Customer account not found' },
+      })
+    }
+
+    const isPhoneVerified = !!customer.phone
+
+    const [prior] = await sql`
+      SELECT id FROM chat_sessions
+      WHERE customer_id = ${customer.id}
+        AND status IN (${SessionStatus.COMPLETED}, ${SessionStatus.CLOSING})
+      LIMIT 1
+    `
+    const hasConsultedBefore = !!prior
+
+    // Use the same predicate the pricing endpoint uses, so the two stay in lock-step.
+    const isFirstSessionDiscountEligible = await isCustomerEligibleForFirstSessionDiscount(customer.id)
+
+    return reply.send({
+      success: true,
+      data: {
+        has_consulted_before: hasConsultedBefore,
+        is_phone_verified: isPhoneVerified,
+        is_first_session_discount_eligible: isFirstSessionDiscountEligible,
+        is_anonymous: !!customer.is_anonymous,
+      },
+    })
+  })
+}