feat(sms): bring-your-own-provider — cafés use their own SMS account

The platform no longer sells SMS. Each café saves its OWN Kavenegar API
key + sender line (new Cafes columns + migration) and campaigns are sent
and billed through that account.

Backend:
- GET/PUT /sms/settings (Manager/Owner; key echoed masked, verified
  against the provider before saving)
- campaign + balance use the café's credentials; SMS_NOT_CONFIGURED
  error when missing; plan-tier SMS gating removed everywhere
  (PlanLimitChecker, SmsMarketingService, billing status)
- platform Kavenegar config stays ONLY for login OTPs (env/DB)
- design-time DbContext factory so `dotnet ef migrations add` works
  without booting the host

Dashboard:
- SMS screen: provider-settings card, not-configured callout, campaign
  form disabled until configured; quota bar removed (usage stays as info)
- subscription screen + plan comparison no longer show SMS limits

Admin panel:
- Kavenegar/SMS section removed from integrations (request field now
  optional; stored OTP config untouched)
- SMS limit field removed from the plan editor
- nav label "درگاه و پیامک" → "درگاه پرداخت و AI"

fa/en/ar translations. 86 tests pass; all tsc clean.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

src/Meezi.API/Controllers/SmsController.cs

@@ -7,33 +7,64 @@ using Meezi.Shared;
 
 namespace Meezi.API.Controllers;
 
+/// <summary>
+/// Marketing SMS — bring-your-own-provider. Each café configures its OWN
+/// Kavenegar API key + sender line; the platform does not sell SMS.
+/// </summary>
 [Route("api/cafes/{cafeId}/sms")]
 public class SmsController : CafeApiControllerBase
 {
     private readonly ISmsMarketingService _smsMarketingService;
-    private readonly ISmsService _smsService;
     private readonly IValidator<SendSmsCampaignRequest> _campaignValidator;
 
     public SmsController(
         ISmsMarketingService smsMarketingService,
-        ISmsService smsService,
         IValidator<SendSmsCampaignRequest> campaignValidator)
     {
         _smsMarketingService = smsMarketingService;
-        _smsService = smsService;
         _campaignValidator = campaignValidator;
     }
 
+    [HttpGet("settings")]
+    public async Task<IActionResult> GetSettings(string cafeId, ITenantContext tenant, CancellationToken cancellationToken)
+    {
+        if (EnsureCafeAccess(cafeId, tenant) is { } denied) return denied;
+        if (EnsureManager(tenant) is { } forbidden) return forbidden;
+
+        var data = await _smsMarketingService.GetSettingsAsync(cafeId, cancellationToken);
+        return Ok(new ApiResponse<SmsSettingsDto>(true, data));
+    }
+
+    [HttpPut("settings")]
+    public async Task<IActionResult> UpdateSettings(
+        string cafeId,
+        [FromBody] UpdateSmsSettingsRequest request,
+        ITenantContext tenant,
+        CancellationToken cancellationToken)
+    {
+        if (EnsureCafeAccess(cafeId, tenant) is { } denied) return denied;
+        if (EnsureManager(tenant) is { } forbidden) return forbidden;
+
+        var (success, data, code, message) = await _smsMarketingService.UpdateSettingsAsync(
+            cafeId, request, cancellationToken);
+        if (!success)
+        {
+            return code switch
+            {
+                "NOT_FOUND" => NotFound(new ApiResponse<object>(false, null, new ApiError(code, message!))),
+                _ => BadRequest(new ApiResponse<object>(false, null, new ApiError(code!, message!)))
+            };
+        }
+
+        return Ok(new ApiResponse<SmsSettingsDto>(true, data));
+    }
+
     [HttpGet("balance")]
     public async Task<IActionResult> GetBalance(string cafeId, ITenantContext tenant, CancellationToken cancellationToken)
     {
         if (EnsureCafeAccess(cafeId, tenant) is { } denied) return denied;
 
-        var info = await _smsService.GetAccountInfoAsync(cancellationToken);
-        var dto = info is not null
-            ? new SmsBalanceDto(info.RemainCredit, info.AccountType, true)
-            : new SmsBalanceDto(0, "master", false);
-
+        var dto = await _smsMarketingService.GetBalanceAsync(cafeId, cancellationToken);
         return Ok(new ApiResponse<SmsBalanceDto>(true, dto));
     }
 
@@ -41,10 +72,8 @@ public class SmsController : CafeApiControllerBase
     public async Task<IActionResult> GetUsage(string cafeId, ITenantContext tenant, CancellationToken cancellationToken)
     {
         if (EnsureCafeAccess(cafeId, tenant) is { } denied) return denied;
-        if (tenant.PlanTier is null)
-            return BadRequest(new ApiResponse<object>(false, null, new ApiError("INVALID", "Plan tier missing.")));
 
-        var data = await _smsMarketingService.GetUsageAsync(cafeId, tenant.PlanTier.Value, cancellationToken);
+        var data = await _smsMarketingService.GetUsageAsync(cafeId, cancellationToken);
         return Ok(new ApiResponse<SmsUsageDto>(true, data));
     }
 
@@ -56,20 +85,18 @@ public class SmsController : CafeApiControllerBase
         CancellationToken cancellationToken)
     {
         if (EnsureCafeAccess(cafeId, tenant) is { } denied) return denied;
-        if (tenant.PlanTier is null)
-            return BadRequest(new ApiResponse<object>(false, null, new ApiError("INVALID", "Plan tier missing.")));
 
         var validation = await _campaignValidator.ValidateAsync(request, cancellationToken);
         if (!validation.IsValid) return BadRequest(ValidationError(validation));
 
         var (success, data, code, message) = await _smsMarketingService.SendCampaignAsync(
-            cafeId, tenant.PlanTier.Value, request, cancellationToken);
+            cafeId, request, cancellationToken);
 
         if (!success)
         {
             return code switch
             {
-                "PLAN_LIMIT_REACHED" => StatusCode(StatusCodes.Status403Forbidden,
+                "SMS_NOT_CONFIGURED" => BadRequest(
                     new ApiResponse<object>(false, null, new ApiError(code, message!))),
                 "NOT_FOUND" => NotFound(new ApiResponse<object>(false, null, new ApiError(code, message!))),
                 _ => BadRequest(new ApiResponse<object>(false, null, new ApiError(code!, message!)))

src/Meezi.API/Models/Billing/BillingDtos.cs

@@ -15,8 +15,6 @@ public record BillingStatusDto(
     int? OrdersDailyLimit,
     int CustomersCount,
     int? CustomersLimit,
-    int SmsUsedThisMonth,
-    int SmsMonthlyLimit,
     bool Menu3dEnabled,
     bool MenuAi3dEnabled,
     int MenuAi3dUsedThisMonth,

src/Meezi.API/Models/Crm/SmsDtos.cs

@@ -13,3 +13,11 @@ public record SmsUsageDto(int UsedThisMonth, int MonthlyLimit, string Month);
 
 /// <summary>Kavenegar account credit balance returned to the dashboard.</summary>
 public record SmsBalanceDto(long RemainCredit, string AccountType, bool IsConfigured);
+
+/// <summary>
+/// Café's own SMS provider settings (bring-your-own-provider). The API key is
+/// returned masked — only the last 4 characters are ever echoed back.
+/// </summary>
+public record SmsSettingsDto(bool IsConfigured, string? ApiKeyMasked, string? SenderNumber);
+
+public record UpdateSmsSettingsRequest(string? ApiKey, string? SenderNumber);

src/Meezi.API/Services/BillingService.cs

@@ -379,12 +379,7 @@ public class BillingService : IBillingService
 
         var maxOrders = PlanLimits.MaxOrdersPerDay(cafe.PlanTier);
         var maxCustomers = PlanLimits.MaxCustomers(cafe.PlanTier);
-        var maxSms = PlanLimits.MaxSmsPerMonth(cafe.PlanTier);
-
-        var monthKey = $"sms:usage:{cafeId}:{DateTime.UtcNow:yyyy-MM}";
         var redis = _redis.GetDatabase();
-        var smsUsed = await redis.StringGetAsync(monthKey);
-        var smsUsedCount = smsUsed.HasValue ? (int)smsUsed : 0;
 
         var menu3d = await _platformCatalog.IsFeatureEnabledForCafeAsync(
             cafeId, cafe.PlanTier, FeatureMenu3d, cancellationToken);
@@ -406,8 +401,6 @@ public class BillingService : IBillingService
             maxOrders == int.MaxValue ? null : maxOrders,
             customersCount,
             maxCustomers == int.MaxValue ? null : maxCustomers,
-            smsUsedCount,
-            maxSms == int.MaxValue ? -1 : maxSms,
             menu3d,
             menuAi3d,
             ai3dUsedCount,

src/Meezi.API/Services/PlanLimitChecker.cs

@@ -114,26 +114,9 @@ public class PlanLimitChecker : IPlanLimitChecker
             }
         }
 
-        var smsCampaignPath = $"/api/cafes/{cafeId}/sms/campaign";
-        if (path.Equals(smsCampaignPath, StringComparison.OrdinalIgnoreCase) ||
-            path.Equals($"{smsCampaignPath}/", StringComparison.OrdinalIgnoreCase))
-        {
-            var limitsSms = await _platformCatalog.GetLimitsAsync(tier, cancellationToken);
-            var maxSms = limitsSms.MaxSmsPerMonth;
-            if (maxSms == 0)
-                return (false, "PLAN_LIMIT_REACHED", "SMS is not available on the Free plan. Please upgrade.");
-
-            if (maxSms == int.MaxValue)
-                return (true, null, null);
-
-            var monthKey = $"sms:usage:{cafeId}:{DateTime.UtcNow:yyyy-MM}";
-            var redis = _redis.GetDatabase();
-            var used = await redis.StringGetAsync(monthKey);
-            var usedCount = used.HasValue ? (int)used : 0;
-
-            if (usedCount >= maxSms)
-                return (false, "PLAN_LIMIT_REACHED", "Monthly SMS limit reached for your plan. Please upgrade.");
-        }
+        // NOTE: SMS is deliberately NOT plan-gated — marketing SMS is
+        // bring-your-own-provider (the café's own API key + sender line), so the
+        // café's provider account is the only limit.
 
         return (true, null, null);
     }

src/Meezi.API/Services/SmsMarketingService.cs

@@ -1,6 +1,4 @@
 using Meezi.API.Models.Crm;
-using Meezi.Core.Constants;
-using Meezi.Core.Enums;
 using Meezi.Core.Interfaces;
 using Meezi.Core.Utilities;
 using Meezi.Infrastructure.Data;
@@ -11,14 +9,25 @@ namespace Meezi.API.Services;
 
 public interface ISmsMarketingService
 {
-    Task<SmsUsageDto> GetUsageAsync(string cafeId, PlanTier planTier, CancellationToken cancellationToken = default);
+    Task<SmsUsageDto> GetUsageAsync(string cafeId, CancellationToken cancellationToken = default);
+    Task<SmsSettingsDto> GetSettingsAsync(string cafeId, CancellationToken cancellationToken = default);
+    Task<(bool Success, SmsSettingsDto? Data, string? ErrorCode, string? Message)> UpdateSettingsAsync(
+        string cafeId,
+        UpdateSmsSettingsRequest request,
+        CancellationToken cancellationToken = default);
+    Task<SmsBalanceDto> GetBalanceAsync(string cafeId, CancellationToken cancellationToken = default);
     Task<(bool Success, SmsCampaignResult? Data, string? ErrorCode, string? Message)> SendCampaignAsync(
         string cafeId,
-        PlanTier planTier,
         SendSmsCampaignRequest request,
         CancellationToken cancellationToken = default);
 }
 
+/// <summary>
+/// Marketing SMS is bring-your-own-provider: each café configures its OWN
+/// Kavenegar API key + sender line and pays its provider directly. The platform
+/// neither sells SMS nor meters it against plan limits; the monthly counter is
+/// informational only. (Login OTPs still go through the platform account.)
+/// </summary>
 public class SmsMarketingService : ISmsMarketingService
 {
     private readonly AppDbContext _db;
@@ -35,40 +44,111 @@ public class SmsMarketingService : ISmsMarketingService
         _redis = redis;
     }
 
-    public async Task<SmsUsageDto> GetUsageAsync(
-        string cafeId,
-        PlanTier planTier,
-        CancellationToken cancellationToken = default)
+    public async Task<SmsUsageDto> GetUsageAsync(string cafeId, CancellationToken cancellationToken = default)
     {
         var month = DateTime.UtcNow.ToString("yyyy-MM");
         var used = await GetUsedCountAsync(cafeId, month);
-        var limit = PlanLimits.MaxSmsPerMonth(planTier);
-        return new SmsUsageDto(used, limit == int.MaxValue ? -1 : limit, month);
+        // -1 = no platform limit; the café's own provider account is the only cap.
+        return new SmsUsageDto(used, -1, month);
+    }
+
+    public async Task<SmsSettingsDto> GetSettingsAsync(string cafeId, CancellationToken cancellationToken = default)
+    {
+        var cafe = await _db.Cafes.AsNoTracking()
+            .Where(c => c.Id == cafeId)
+            .Select(c => new { c.SmsApiKey, c.SmsSenderNumber })
+            .FirstOrDefaultAsync(cancellationToken);
+
+        if (cafe is null || string.IsNullOrWhiteSpace(cafe.SmsApiKey))
+            return new SmsSettingsDto(false, null, cafe?.SmsSenderNumber);
+
+        return new SmsSettingsDto(true, MaskApiKey(cafe.SmsApiKey), cafe.SmsSenderNumber);
+    }
+
+    public async Task<(bool Success, SmsSettingsDto? Data, string? ErrorCode, string? Message)> UpdateSettingsAsync(
+        string cafeId,
+        UpdateSmsSettingsRequest request,
+        CancellationToken cancellationToken = default)
+    {
+        var cafe = await _db.Cafes.FirstOrDefaultAsync(c => c.Id == cafeId, cancellationToken);
+        if (cafe is null)
+            return (false, null, "NOT_FOUND", "Cafe not found.");
+
+        var apiKey = request.ApiKey?.Trim();
+        var sender = request.SenderNumber?.Trim();
+
+        // Empty strings clear the configuration (turn SMS off for this café).
+        if (string.IsNullOrEmpty(apiKey) && string.IsNullOrEmpty(sender))
+        {
+            cafe.SmsApiKey = null;
+            cafe.SmsSenderNumber = null;
+            await _db.SaveChangesAsync(cancellationToken);
+            return (true, new SmsSettingsDto(false, null, null), null, null);
+        }
+
+        if (string.IsNullOrEmpty(apiKey) && string.IsNullOrEmpty(cafe.SmsApiKey))
+            return (false, null, "VALIDATION_ERROR", "API key is required.");
+        if (string.IsNullOrEmpty(sender))
+            return (false, null, "VALIDATION_ERROR", "Sender number is required.");
+
+        // A new key was provided — verify it against the provider before saving so
+        // the owner gets immediate feedback on a typo'd key.
+        if (!string.IsNullOrEmpty(apiKey))
+        {
+            var info = await _smsService.GetAccountInfoAsync(apiKey, cancellationToken);
+            if (info is null)
+                return (false, null, "SMS_KEY_INVALID", "The API key was rejected by the SMS provider.");
+            cafe.SmsApiKey = apiKey;
+        }
+
+        cafe.SmsSenderNumber = sender;
+        await _db.SaveChangesAsync(cancellationToken);
+
+        return (true, new SmsSettingsDto(true, MaskApiKey(cafe.SmsApiKey!), cafe.SmsSenderNumber), null, null);
+    }
+
+    public async Task<SmsBalanceDto> GetBalanceAsync(string cafeId, CancellationToken cancellationToken = default)
+    {
+        var apiKey = await _db.Cafes.AsNoTracking()
+            .Where(c => c.Id == cafeId)
+            .Select(c => c.SmsApiKey)
+            .FirstOrDefaultAsync(cancellationToken);
+
+        if (string.IsNullOrWhiteSpace(apiKey))
+            return new SmsBalanceDto(0, "master", false);
+
+        var info = await _smsService.GetAccountInfoAsync(apiKey, cancellationToken);
+        return info is not null
+            ? new SmsBalanceDto(info.RemainCredit, info.AccountType, true)
+            : new SmsBalanceDto(0, "master", false);
     }
 
     public async Task<(bool Success, SmsCampaignResult? Data, string? ErrorCode, string? Message)> SendCampaignAsync(
         string cafeId,
-        PlanTier planTier,
         SendSmsCampaignRequest request,
         CancellationToken cancellationToken = default)
     {
-        var maxSms = PlanLimits.MaxSmsPerMonth(planTier);
-        if (maxSms == 0)
-            return (false, null, "PLAN_LIMIT_REACHED", "SMS is not available on the Free plan.");
+        var cafe = await _db.Cafes.AsNoTracking()
+            .Where(c => c.Id == cafeId)
+            .Select(c => new { c.SmsApiKey, c.SmsSenderNumber })
+            .FirstOrDefaultAsync(cancellationToken);
+
+        if (cafe is null || string.IsNullOrWhiteSpace(cafe.SmsApiKey) || string.IsNullOrWhiteSpace(cafe.SmsSenderNumber))
+            return (false, null, "SMS_NOT_CONFIGURED",
+                "Configure your own SMS provider (API key + sender line) in the SMS settings first.");
 
         var phones = await ResolvePhonesAsync(cafeId, request, cancellationToken);
         if (phones.Count == 0)
             return (false, null, "NOT_FOUND", "No recipients found.");
 
-        var month = DateTime.UtcNow.ToString("yyyy-MM");
-        var used = await GetUsedCountAsync(cafeId, month);
-        if (maxSms != int.MaxValue && used + phones.Count > maxSms)
-            return (false, null, "PLAN_LIMIT_REACHED", "Monthly SMS limit would be exceeded.");
-
-        var result = await _smsService.SendBulkAsync(phones, request.Message, cancellationToken);
+        var result = await _smsService.SendBulkWithCredentialsAsync(
+            cafe.SmsApiKey, cafe.SmsSenderNumber, phones, request.Message, cancellationToken);
 
         if (result.SentCount > 0)
+        {
+            var month = DateTime.UtcNow.ToString("yyyy-MM");
             await IncrementUsageAsync(cafeId, month, result.SentCount);
+        }
 
         return (true, new SmsCampaignResult(result.SentCount, result.FailedCount), null, null);
     }
@@ -94,6 +174,9 @@ public class SmsMarketingService : ISmsMarketingService
         return await query.Select(c => c.Phone).Distinct().ToListAsync(cancellationToken);
     }
 
+    private static string MaskApiKey(string apiKey) =>
+        apiKey.Length <= 4 ? "****" : $"****{apiKey[^4..]}";
+
     private async Task<int> GetUsedCountAsync(string cafeId, string month)
     {
         var redis = _redis.GetDatabase();