feat(sms): bring-your-own-provider — cafés use their own SMS account

The platform no longer sells SMS. Each café saves its OWN Kavenegar API key + sender line (new Cafes columns + migration) and campaigns are sent and billed through that account. Backend: - GET/PUT /sms/settings (Manager/Owner; key echoed masked, verified against the provider before saving) - campaign + balance use the café's credentials; SMS_NOT_CONFIGURED error when missing; plan-tier SMS gating removed everywhere (PlanLimitChecker, SmsMarketingService, billing status) - platform Kavenegar config stays ONLY for login OTPs (env/DB) - design-time DbContext factory so `dotnet ef migrations add` works without booting the host Dashboard: - SMS screen: provider-settings card, not-configured callout, campaign form disabled until configured; quota bar removed (usage stays as info) - subscription screen + plan comparison no longer show SMS limits Admin panel: - Kavenegar/SMS section removed from integrations (request field now optional; stored OTP config untouched) - SMS limit field removed from the plan editor - nav label "درگاه و پیامک" → "درگاه پرداخت و AI" fa/en/ar translations. 86 tests pass; all tsc clean. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-06-12 09:23:50 +03:30
parent 615d5348de
commit 00649d0248
24 changed files with 3953 additions and 188 deletions
@@ -7,33 +7,64 @@ using Meezi.Shared;

 namespace Meezi.API.Controllers;

+/// <summary>
+/// Marketing SMS — bring-your-own-provider. Each café configures its OWN
+/// Kavenegar API key + sender line; the platform does not sell SMS.
+/// </summary>
 [Route("api/cafes/{cafeId}/sms")]
 public class SmsController : CafeApiControllerBase
 {
    private readonly ISmsMarketingService _smsMarketingService;
-    private readonly ISmsService _smsService;
    private readonly IValidator<SendSmsCampaignRequest> _campaignValidator;

    public SmsController(
        ISmsMarketingService smsMarketingService,
-        ISmsService smsService,
        IValidator<SendSmsCampaignRequest> campaignValidator)
    {
        _smsMarketingService = smsMarketingService;
-        _smsService = smsService;
        _campaignValidator = campaignValidator;
    }

+    [HttpGet("settings")]
+    public async Task<IActionResult> GetSettings(string cafeId, ITenantContext tenant, CancellationToken cancellationToken)
+    {
+        if (EnsureCafeAccess(cafeId, tenant) is { } denied) return denied;
+        if (EnsureManager(tenant) is { } forbidden) return forbidden;
+
+        var data = await _smsMarketingService.GetSettingsAsync(cafeId, cancellationToken);
+        return Ok(new ApiResponse<SmsSettingsDto>(true, data));
+    }
+
+    [HttpPut("settings")]
+    public async Task<IActionResult> UpdateSettings(
+        string cafeId,
+        [FromBody] UpdateSmsSettingsRequest request,
+        ITenantContext tenant,
+        CancellationToken cancellationToken)
+    {
+        if (EnsureCafeAccess(cafeId, tenant) is { } denied) return denied;
+        if (EnsureManager(tenant) is { } forbidden) return forbidden;
+
+        var (success, data, code, message) = await _smsMarketingService.UpdateSettingsAsync(
+            cafeId, request, cancellationToken);
+        if (!success)
+        {
+            return code switch
+            {
+                "NOT_FOUND" => NotFound(new ApiResponse<object>(false, null, new ApiError(code, message!))),
+                _ => BadRequest(new ApiResponse<object>(false, null, new ApiError(code!, message!)))
+            };
+        }
+
+        return Ok(new ApiResponse<SmsSettingsDto>(true, data));
+    }
+
    [HttpGet("balance")]
    public async Task<IActionResult> GetBalance(string cafeId, ITenantContext tenant, CancellationToken cancellationToken)
    {
        if (EnsureCafeAccess(cafeId, tenant) is { } denied) return denied;

-        var info = await _smsService.GetAccountInfoAsync(cancellationToken);
-        var dto = info is not null
-            ? new SmsBalanceDto(info.RemainCredit, info.AccountType, true)
-            : new SmsBalanceDto(0, "master", false);
-
+        var dto = await _smsMarketingService.GetBalanceAsync(cafeId, cancellationToken);
        return Ok(new ApiResponse<SmsBalanceDto>(true, dto));
    }

@@ -41,10 +72,8 @@ public class SmsController : CafeApiControllerBase
    public async Task<IActionResult> GetUsage(string cafeId, ITenantContext tenant, CancellationToken cancellationToken)
    {
        if (EnsureCafeAccess(cafeId, tenant) is { } denied) return denied;
-        if (tenant.PlanTier is null)
-            return BadRequest(new ApiResponse<object>(false, null, new ApiError("INVALID", "Plan tier missing.")));

-        var data = await _smsMarketingService.GetUsageAsync(cafeId, tenant.PlanTier.Value, cancellationToken);
+        var data = await _smsMarketingService.GetUsageAsync(cafeId, cancellationToken);
        return Ok(new ApiResponse<SmsUsageDto>(true, data));
    }

@@ -56,20 +85,18 @@ public class SmsController : CafeApiControllerBase
        CancellationToken cancellationToken)
    {
        if (EnsureCafeAccess(cafeId, tenant) is { } denied) return denied;
-        if (tenant.PlanTier is null)
-            return BadRequest(new ApiResponse<object>(false, null, new ApiError("INVALID", "Plan tier missing.")));

        var validation = await _campaignValidator.ValidateAsync(request, cancellationToken);
        if (!validation.IsValid) return BadRequest(ValidationError(validation));

        var (success, data, code, message) = await _smsMarketingService.SendCampaignAsync(
-            cafeId, tenant.PlanTier.Value, request, cancellationToken);
+            cafeId, request, cancellationToken);

        if (!success)
        {
            return code switch
            {
-                "PLAN_LIMIT_REACHED" => StatusCode(StatusCodes.Status403Forbidden,
+                "SMS_NOT_CONFIGURED" => BadRequest(
                    new ApiResponse<object>(false, null, new ApiError(code, message!))),
                "NOT_FOUND" => NotFound(new ApiResponse<object>(false, null, new ApiError(code, message!))),
                _ => BadRequest(new ApiResponse<object>(false, null, new ApiError(code!, message!)))
@@ -15,8 +15,6 @@ public record BillingStatusDto(
    int? OrdersDailyLimit,
    int CustomersCount,
    int? CustomersLimit,
-    int SmsUsedThisMonth,
-    int SmsMonthlyLimit,
    bool Menu3dEnabled,
    bool MenuAi3dEnabled,
    int MenuAi3dUsedThisMonth,
@@ -13,3 +13,11 @@ public record SmsUsageDto(int UsedThisMonth, int MonthlyLimit, string Month);

 /// <summary>Kavenegar account credit balance returned to the dashboard.</summary>
 public record SmsBalanceDto(long RemainCredit, string AccountType, bool IsConfigured);
+
+/// <summary>
+/// Café's own SMS provider settings (bring-your-own-provider). The API key is
+/// returned masked — only the last 4 characters are ever echoed back.
+/// </summary>
+public record SmsSettingsDto(bool IsConfigured, string? ApiKeyMasked, string? SenderNumber);
+
+public record UpdateSmsSettingsRequest(string? ApiKey, string? SenderNumber);
@@ -379,12 +379,7 @@ public class BillingService : IBillingService

        var maxOrders = PlanLimits.MaxOrdersPerDay(cafe.PlanTier);
        var maxCustomers = PlanLimits.MaxCustomers(cafe.PlanTier);
-        var maxSms = PlanLimits.MaxSmsPerMonth(cafe.PlanTier);
-
-        var monthKey = $"sms:usage:{cafeId}:{DateTime.UtcNow:yyyy-MM}";
        var redis = _redis.GetDatabase();
-        var smsUsed = await redis.StringGetAsync(monthKey);
-        var smsUsedCount = smsUsed.HasValue ? (int)smsUsed : 0;

        var menu3d = await _platformCatalog.IsFeatureEnabledForCafeAsync(
            cafeId, cafe.PlanTier, FeatureMenu3d, cancellationToken);
@@ -406,8 +401,6 @@ public class BillingService : IBillingService
            maxOrders == int.MaxValue ? null : maxOrders,
            customersCount,
            maxCustomers == int.MaxValue ? null : maxCustomers,
-            smsUsedCount,
-            maxSms == int.MaxValue ? -1 : maxSms,
            menu3d,
            menuAi3d,
            ai3dUsedCount,
@@ -114,26 +114,9 @@ public class PlanLimitChecker : IPlanLimitChecker
            }
        }

-        var smsCampaignPath = $"/api/cafes/{cafeId}/sms/campaign";
-        if (path.Equals(smsCampaignPath, StringComparison.OrdinalIgnoreCase) ||
-            path.Equals($"{smsCampaignPath}/", StringComparison.OrdinalIgnoreCase))
-        {
-            var limitsSms = await _platformCatalog.GetLimitsAsync(tier, cancellationToken);
-            var maxSms = limitsSms.MaxSmsPerMonth;
-            if (maxSms == 0)
-                return (false, "PLAN_LIMIT_REACHED", "SMS is not available on the Free plan. Please upgrade.");
-
-            if (maxSms == int.MaxValue)
-                return (true, null, null);
-
-            var monthKey = $"sms:usage:{cafeId}:{DateTime.UtcNow:yyyy-MM}";
-            var redis = _redis.GetDatabase();
-            var used = await redis.StringGetAsync(monthKey);
-            var usedCount = used.HasValue ? (int)used : 0;
-
-            if (usedCount >= maxSms)
-                return (false, "PLAN_LIMIT_REACHED", "Monthly SMS limit reached for your plan. Please upgrade.");
-        }
+        // NOTE: SMS is deliberately NOT plan-gated — marketing SMS is
+        // bring-your-own-provider (the café's own API key + sender line), so the
+        // café's provider account is the only limit.

        return (true, null, null);
    }
@@ -1,6 +1,4 @@
 using Meezi.API.Models.Crm;
-using Meezi.Core.Constants;
-using Meezi.Core.Enums;
 using Meezi.Core.Interfaces;
 using Meezi.Core.Utilities;
 using Meezi.Infrastructure.Data;
@@ -11,14 +9,25 @@ namespace Meezi.API.Services;

 public interface ISmsMarketingService
 {
-    Task<SmsUsageDto> GetUsageAsync(string cafeId, PlanTier planTier, CancellationToken cancellationToken = default);
+    Task<SmsUsageDto> GetUsageAsync(string cafeId, CancellationToken cancellationToken = default);
+    Task<SmsSettingsDto> GetSettingsAsync(string cafeId, CancellationToken cancellationToken = default);
+    Task<(bool Success, SmsSettingsDto? Data, string? ErrorCode, string? Message)> UpdateSettingsAsync(
+        string cafeId,
+        UpdateSmsSettingsRequest request,
+        CancellationToken cancellationToken = default);
+    Task<SmsBalanceDto> GetBalanceAsync(string cafeId, CancellationToken cancellationToken = default);
    Task<(bool Success, SmsCampaignResult? Data, string? ErrorCode, string? Message)> SendCampaignAsync(
        string cafeId,
-        PlanTier planTier,
        SendSmsCampaignRequest request,
        CancellationToken cancellationToken = default);
 }

+/// <summary>
+/// Marketing SMS is bring-your-own-provider: each café configures its OWN
+/// Kavenegar API key + sender line and pays its provider directly. The platform
+/// neither sells SMS nor meters it against plan limits; the monthly counter is
+/// informational only. (Login OTPs still go through the platform account.)
+/// </summary>
 public class SmsMarketingService : ISmsMarketingService
 {
    private readonly AppDbContext _db;
@@ -35,40 +44,111 @@ public class SmsMarketingService : ISmsMarketingService
        _redis = redis;
    }

-    public async Task<SmsUsageDto> GetUsageAsync(
-        string cafeId,
-        PlanTier planTier,
-        CancellationToken cancellationToken = default)
+    public async Task<SmsUsageDto> GetUsageAsync(string cafeId, CancellationToken cancellationToken = default)
    {
        var month = DateTime.UtcNow.ToString("yyyy-MM");
        var used = await GetUsedCountAsync(cafeId, month);
-        var limit = PlanLimits.MaxSmsPerMonth(planTier);
-        return new SmsUsageDto(used, limit == int.MaxValue ? -1 : limit, month);
+        // -1 = no platform limit; the café's own provider account is the only cap.
+        return new SmsUsageDto(used, -1, month);
+    }
+
+    public async Task<SmsSettingsDto> GetSettingsAsync(string cafeId, CancellationToken cancellationToken = default)
+    {
+        var cafe = await _db.Cafes.AsNoTracking()
+            .Where(c => c.Id == cafeId)
+            .Select(c => new { c.SmsApiKey, c.SmsSenderNumber })
+            .FirstOrDefaultAsync(cancellationToken);
+
+        if (cafe is null || string.IsNullOrWhiteSpace(cafe.SmsApiKey))
+            return new SmsSettingsDto(false, null, cafe?.SmsSenderNumber);
+
+        return new SmsSettingsDto(true, MaskApiKey(cafe.SmsApiKey), cafe.SmsSenderNumber);
+    }
+
+    public async Task<(bool Success, SmsSettingsDto? Data, string? ErrorCode, string? Message)> UpdateSettingsAsync(
+        string cafeId,
+        UpdateSmsSettingsRequest request,
+        CancellationToken cancellationToken = default)
+    {
+        var cafe = await _db.Cafes.FirstOrDefaultAsync(c => c.Id == cafeId, cancellationToken);
+        if (cafe is null)
+            return (false, null, "NOT_FOUND", "Cafe not found.");
+
+        var apiKey = request.ApiKey?.Trim();
+        var sender = request.SenderNumber?.Trim();
+
+        // Empty strings clear the configuration (turn SMS off for this café).
+        if (string.IsNullOrEmpty(apiKey) && string.IsNullOrEmpty(sender))
+        {
+            cafe.SmsApiKey = null;
+            cafe.SmsSenderNumber = null;
+            await _db.SaveChangesAsync(cancellationToken);
+            return (true, new SmsSettingsDto(false, null, null), null, null);
+        }
+
+        if (string.IsNullOrEmpty(apiKey) && string.IsNullOrEmpty(cafe.SmsApiKey))
+            return (false, null, "VALIDATION_ERROR", "API key is required.");
+        if (string.IsNullOrEmpty(sender))
+            return (false, null, "VALIDATION_ERROR", "Sender number is required.");
+
+        // A new key was provided — verify it against the provider before saving so
+        // the owner gets immediate feedback on a typo'd key.
+        if (!string.IsNullOrEmpty(apiKey))
+        {
+            var info = await _smsService.GetAccountInfoAsync(apiKey, cancellationToken);
+            if (info is null)
+                return (false, null, "SMS_KEY_INVALID", "The API key was rejected by the SMS provider.");
+            cafe.SmsApiKey = apiKey;
+        }
+
+        cafe.SmsSenderNumber = sender;
+        await _db.SaveChangesAsync(cancellationToken);
+
+        return (true, new SmsSettingsDto(true, MaskApiKey(cafe.SmsApiKey!), cafe.SmsSenderNumber), null, null);
+    }
+
+    public async Task<SmsBalanceDto> GetBalanceAsync(string cafeId, CancellationToken cancellationToken = default)
+    {
+        var apiKey = await _db.Cafes.AsNoTracking()
+            .Where(c => c.Id == cafeId)
+            .Select(c => c.SmsApiKey)
+            .FirstOrDefaultAsync(cancellationToken);
+
+        if (string.IsNullOrWhiteSpace(apiKey))
+            return new SmsBalanceDto(0, "master", false);
+
+        var info = await _smsService.GetAccountInfoAsync(apiKey, cancellationToken);
+        return info is not null
+            ? new SmsBalanceDto(info.RemainCredit, info.AccountType, true)
+            : new SmsBalanceDto(0, "master", false);
    }

    public async Task<(bool Success, SmsCampaignResult? Data, string? ErrorCode, string? Message)> SendCampaignAsync(
        string cafeId,
-        PlanTier planTier,
        SendSmsCampaignRequest request,
        CancellationToken cancellationToken = default)
    {
-        var maxSms = PlanLimits.MaxSmsPerMonth(planTier);
-        if (maxSms == 0)
-            return (false, null, "PLAN_LIMIT_REACHED", "SMS is not available on the Free plan.");
+        var cafe = await _db.Cafes.AsNoTracking()
+            .Where(c => c.Id == cafeId)
+            .Select(c => new { c.SmsApiKey, c.SmsSenderNumber })
+            .FirstOrDefaultAsync(cancellationToken);
+
+        if (cafe is null || string.IsNullOrWhiteSpace(cafe.SmsApiKey) || string.IsNullOrWhiteSpace(cafe.SmsSenderNumber))
+            return (false, null, "SMS_NOT_CONFIGURED",
+                "Configure your own SMS provider (API key + sender line) in the SMS settings first.");

        var phones = await ResolvePhonesAsync(cafeId, request, cancellationToken);
        if (phones.Count == 0)
            return (false, null, "NOT_FOUND", "No recipients found.");

-        var month = DateTime.UtcNow.ToString("yyyy-MM");
-        var used = await GetUsedCountAsync(cafeId, month);
-        if (maxSms != int.MaxValue && used + phones.Count > maxSms)
-            return (false, null, "PLAN_LIMIT_REACHED", "Monthly SMS limit would be exceeded.");
-
-        var result = await _smsService.SendBulkAsync(phones, request.Message, cancellationToken);
+        var result = await _smsService.SendBulkWithCredentialsAsync(
+            cafe.SmsApiKey, cafe.SmsSenderNumber, phones, request.Message, cancellationToken);

        if (result.SentCount > 0)
+        {
+            var month = DateTime.UtcNow.ToString("yyyy-MM");
            await IncrementUsageAsync(cafeId, month, result.SentCount);
+        }

        return (true, new SmsCampaignResult(result.SentCount, result.FailedCount), null, null);
    }
@@ -94,6 +174,9 @@ public class SmsMarketingService : ISmsMarketingService
        return await query.Select(c => c.Phone).Distinct().ToListAsync(cancellationToken);
    }

+    private static string MaskApiKey(string apiKey) =>
+        apiKey.Length <= 4 ? "****" : $"****{apiKey[^4..]}";
+
    private async Task<int> GetUsedCountAsync(string cafeId, string month)
    {
        var redis = _redis.GetDatabase();
@@ -55,8 +55,11 @@ public record PlatformIntegrationsDto(
 public record UpdatePlatformIntegrationsRequest(
    string ActivePaymentGateway,
    IReadOnlyList<UpdatePaymentGatewayRequest> PaymentGateways,
-    UpdateKavenegarRequest Kavenegar,
-    UpdateAiIntegrationsRequest Ai);
+    // Optional: the admin UI no longer manages SMS (marketing SMS is
+    // bring-your-own-provider per café). When null, the stored platform
+    // Kavenegar config — still used for login OTPs — is left untouched.
+    UpdateKavenegarRequest? Kavenegar = null,
+    UpdateAiIntegrationsRequest? Ai = null);

 public record UpdateOpenAiIntegrationRequest(
    bool IsEnabled,
@@ -107,23 +107,32 @@ public class PlatformIntegrationService : IPlatformIntegrationService
                await SaveCredentialsAsync(meta.Prefix, gw.Id, gw.Credentials, ct);
        }

-        await UpsertAsync(KeyKavenegarEnabled, request.Kavenegar.IsEnabled ? "true" : "false", "integrations", "فعال کاوه‌نگار", ct);
-        await UpsertAsync(KeyKavenegarOtpTemplate, request.Kavenegar.OtpTemplate.Trim(), "integrations", "قالب OTP", ct);
-        if (!string.IsNullOrWhiteSpace(request.Kavenegar.ApiKey) && !IsMaskedPlaceholder(request.Kavenegar.ApiKey))
-            await UpsertAsync(KeyKavenegarApi, request.Kavenegar.ApiKey.Trim(), "integrations", "API Key کاوه‌نگار", ct);
-        if (!string.IsNullOrWhiteSpace(request.Kavenegar.SenderNumber))
-            await UpsertAsync(KeyKavenegarSender, request.Kavenegar.SenderNumber.Trim(), "integrations", "شماره فرستنده کاوه‌نگار", ct);
+        // SMS (Kavenegar) is no longer managed from the admin UI — marketing SMS is
+        // bring-your-own-provider per café, and the platform OTP credentials live in
+        // env/appsettings (or the previously-stored DB values, left untouched here).
+        if (request.Kavenegar is { } kavenegar)
+        {
+            await UpsertAsync(KeyKavenegarEnabled, kavenegar.IsEnabled ? "true" : "false", "integrations", "فعال کاوه‌نگار", ct);
+            await UpsertAsync(KeyKavenegarOtpTemplate, kavenegar.OtpTemplate.Trim(), "integrations", "قالب OTP", ct);
+            if (!string.IsNullOrWhiteSpace(kavenegar.ApiKey) && !IsMaskedPlaceholder(kavenegar.ApiKey))
+                await UpsertAsync(KeyKavenegarApi, kavenegar.ApiKey.Trim(), "integrations", "API Key کاوه‌نگار", ct);
+            if (!string.IsNullOrWhiteSpace(kavenegar.SenderNumber))
+                await UpsertAsync(KeyKavenegarSender, kavenegar.SenderNumber.Trim(), "integrations", "شماره فرستنده کاوه‌نگار", ct);
+        }

-        await UpsertAsync(PlatformIntegrationKeys.OpenAiEnabled, request.Ai.OpenAi.IsEnabled ? "true" : "false", "integrations", "فعال OpenAI", ct);
-        await UpsertAsync(PlatformIntegrationKeys.OpenAiModel, string.IsNullOrWhiteSpace(request.Ai.OpenAi.Model) ? "gpt-4o-mini" : request.Ai.OpenAi.Model.Trim(), "integrations", "مدل OpenAI", ct);
-        await UpsertAsync(PlatformIntegrationKeys.OpenAiCoffeeAdvisorEnabled, request.Ai.OpenAi.CoffeeAdvisorEnabled ? "true" : "false", "integrations", "مشاور قهوه OpenAI", ct);
-        if (!string.IsNullOrWhiteSpace(request.Ai.OpenAi.ApiKey) && !IsMaskedPlaceholder(request.Ai.OpenAi.ApiKey))
-            await UpsertAsync(PlatformIntegrationKeys.OpenAiApiKey, request.Ai.OpenAi.ApiKey.Trim(), "integrations", "API Key OpenAI", ct);
+        if (request.Ai is { } ai)
+        {
+            await UpsertAsync(PlatformIntegrationKeys.OpenAiEnabled, ai.OpenAi.IsEnabled ? "true" : "false", "integrations", "فعال OpenAI", ct);
+            await UpsertAsync(PlatformIntegrationKeys.OpenAiModel, string.IsNullOrWhiteSpace(ai.OpenAi.Model) ? "gpt-4o-mini" : ai.OpenAi.Model.Trim(), "integrations", "مدل OpenAI", ct);
+            await UpsertAsync(PlatformIntegrationKeys.OpenAiCoffeeAdvisorEnabled, ai.OpenAi.CoffeeAdvisorEnabled ? "true" : "false", "integrations", "مشاور قهوه OpenAI", ct);
+            if (!string.IsNullOrWhiteSpace(ai.OpenAi.ApiKey) && !IsMaskedPlaceholder(ai.OpenAi.ApiKey))
+                await UpsertAsync(PlatformIntegrationKeys.OpenAiApiKey, ai.OpenAi.ApiKey.Trim(), "integrations", "API Key OpenAI", ct);

-        await UpsertAsync(PlatformIntegrationKeys.MeshyEnabled, request.Ai.Meshy.IsEnabled ? "true" : "false", "integrations", "فعال Meshy", ct);
-        await UpsertAsync(PlatformIntegrationKeys.MeshyMenu3dEnabled, request.Ai.Meshy.Menu3dEnabled ? "true" : "false", "integrations", "ساخت ۳D منو با Meshy", ct);
-        if (!string.IsNullOrWhiteSpace(request.Ai.Meshy.ApiKey) && !IsMaskedPlaceholder(request.Ai.Meshy.ApiKey))
-            await UpsertAsync(PlatformIntegrationKeys.MeshyApiKey, request.Ai.Meshy.ApiKey.Trim(), "integrations", "API Key Meshy", ct);
+            await UpsertAsync(PlatformIntegrationKeys.MeshyEnabled, ai.Meshy.IsEnabled ? "true" : "false", "integrations", "فعال Meshy", ct);
+            await UpsertAsync(PlatformIntegrationKeys.MeshyMenu3dEnabled, ai.Meshy.Menu3dEnabled ? "true" : "false", "integrations", "ساخت ۳D منو با Meshy", ct);
+            if (!string.IsNullOrWhiteSpace(ai.Meshy.ApiKey) && !IsMaskedPlaceholder(ai.Meshy.ApiKey))
+                await UpsertAsync(PlatformIntegrationKeys.MeshyApiKey, ai.Meshy.ApiKey.Trim(), "integrations", "API Key Meshy", ct);
+        }

        await _db.SaveChangesAsync(ct);
        _catalog.InvalidateCache();
@@ -48,6 +48,12 @@ public class Cafe : BaseEntity
    public decimal DefaultTaxRate { get; set; } = 9m;
    public bool AllowBranchTaxOverride { get; set; }

+    /// <summary>Café's own Kavenegar API key — marketing SMS is bring-your-own-provider;
+    /// the platform does not sell SMS. Null = SMS not configured for this café.</summary>
+    public string? SmsApiKey { get; set; }
+    /// <summary>Café's own SMS sender line number (e.g. 10004346).</summary>
+    public string? SmsSenderNumber { get; set; }
+
    public ICollection<Branch> Branches { get; set; } = [];
    public ICollection<Table> Tables { get; set; } = [];
    public ICollection<Employee> Employees { get; set; } = [];
@@ -20,4 +20,19 @@ public interface ISmsService

    /// <summary>Returns credit balance from the Kavenegar account, or null if not configured.</summary>
    Task<KavenegarAccountInfo?> GetAccountInfoAsync(CancellationToken cancellationToken = default);
+
+    /// <summary>
+    /// Bulk send using the CALLER's own provider credentials — marketing SMS is
+    /// bring-your-own-provider (each café configures its own API key + sender line).
+    /// Never throws — failures per batch are counted and returned.
+    /// </summary>
+    Task<BulkSendResult> SendBulkWithCredentialsAsync(
+        string apiKey,
+        string senderNumber,
+        IReadOnlyList<string> phones,
+        string message,
+        CancellationToken cancellationToken = default);
+
+    /// <summary>Credit balance for an EXPLICIT API key (a café's own account), or null on failure.</summary>
+    Task<KavenegarAccountInfo?> GetAccountInfoAsync(string apiKey, CancellationToken cancellationToken = default);
 }
@@ -0,0 +1,25 @@
+using Microsoft.EntityFrameworkCore;
+using Microsoft.EntityFrameworkCore.Design;
+
+namespace Meezi.Infrastructure.Data;
+
+/// <summary>
+/// Design-time factory so `dotnet ef migrations add` works without booting the
+/// full API host (which needs Redis etc.). Generating a migration never connects
+/// to the database, so a placeholder connection string is fine; for commands that
+/// DO connect (database update), set MEEZI_DESIGNTIME_DB to a real string.
+/// </summary>
+public class DesignTimeDbContextFactory : IDesignTimeDbContextFactory<AppDbContext>
+{
+    public AppDbContext CreateDbContext(string[] args)
+    {
+        var conn = Environment.GetEnvironmentVariable("MEEZI_DESIGNTIME_DB")
+                   ?? "Host=localhost;Database=meezi;Username=meezi;Password=design-time-only";
+
+        var options = new DbContextOptionsBuilder<AppDbContext>()
+            .UseNpgsql(conn)
+            .Options;
+
+        return new AppDbContext(options);
+    }
+}
@@ -0,0 +1,38 @@
+using Microsoft.EntityFrameworkCore.Migrations;
+
+#nullable disable
+
+namespace Meezi.Infrastructure.Data.Migrations
+{
+    /// <inheritdoc />
+    public partial class AddCafeSmsCredentials : Migration
+    {
+        /// <inheritdoc />
+        protected override void Up(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.AddColumn<string>(
+                name: "SmsApiKey",
+                table: "Cafes",
+                type: "text",
+                nullable: true);
+
+            migrationBuilder.AddColumn<string>(
+                name: "SmsSenderNumber",
+                table: "Cafes",
+                type: "text",
+                nullable: true);
+        }
+
+        /// <inheritdoc />
+        protected override void Down(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.DropColumn(
+                name: "SmsApiKey",
+                table: "Cafes");
+
+            migrationBuilder.DropColumn(
+                name: "SmsSenderNumber",
+                table: "Cafes");
+        }
+    }
+}
@@ -370,6 +370,12 @@ namespace Meezi.Infrastructure.Data.Migrations
                        .HasMaxLength(100)
                        .HasColumnType("character varying(100)");

+                    b.Property<string>("SmsApiKey")
+                        .HasColumnType("text");
+
+                    b.Property<string>("SmsSenderNumber")
+                        .HasColumnType("text");
+
                    b.Property<string>("SnappfoodVendorId")
                        .HasMaxLength(100)
                        .HasColumnType("character varying(100)");
@@ -123,6 +123,12 @@ public class KavenegarSmsService : ISmsService
    {
        var (apiKey, _, _) = await GetConfigAsync(cancellationToken);
        if (string.IsNullOrWhiteSpace(apiKey)) return null;
+        return await GetAccountInfoAsync(apiKey, cancellationToken);
+    }
+
+    public async Task<KavenegarAccountInfo?> GetAccountInfoAsync(string apiKey, CancellationToken cancellationToken = default)
+    {
+        if (string.IsNullOrWhiteSpace(apiKey)) return null;

        try
        {
@@ -140,6 +146,46 @@ public class KavenegarSmsService : ISmsService
        }
    }

+    /// <summary>
+    /// Bulk send with a café's OWN credentials — marketing SMS is bring-your-own-provider,
+    /// the platform account is only used for OTP and system messages.
+    /// </summary>
+    public async Task<BulkSendResult> SendBulkWithCredentialsAsync(
+        string apiKey,
+        string senderNumber,
+        IReadOnlyList<string> phones,
+        string message,
+        CancellationToken cancellationToken = default)
+    {
+        if (phones.Count == 0) return new BulkSendResult(0, 0);
+        if (string.IsNullOrWhiteSpace(apiKey))
+            return new BulkSendResult(0, phones.Count);
+
+        int sent = 0, failed = 0;
+
+        foreach (var batch in phones.Chunk(MaxBatchSize))
+        {
+            try
+            {
+                var receptors = batch.Select(NormalizePhone).ToList();
+                await RunSdkAsync(apiKey, api =>
+                {
+                    api.Send(senderNumber, receptors, message);
+                }, "BulkSendOwn");
+
+                sent += batch.Length;
+                _logger.LogInformation("Kavenegar own-credentials bulk batch: {Count} sent", batch.Length);
+            }
+            catch (Exception ex)
+            {
+                _logger.LogWarning(ex, "Kavenegar own-credentials bulk batch failed ({Count} recipients)", batch.Length);
+                failed += batch.Length;
+            }
+        }
+
+        return new BulkSendResult(sent, failed);
+    }
+
    // ── SDK runner ────────────────────────────────────────────────────────────

    /// <summary>