Session 7i: Stripe test coverage gaps filled, dual-provider cutover documented (1042 tests)

docs/SYSTEM-MANIFEST.md

@@ -584,6 +584,29 @@ All frontend API paths discovered are either:
 handler. Spot-checked: `/api/players/search` (Next → Python),
 `/api/scan` (Next → Express), `/api/intelligence/feed` (Next direct DB).
 
+#### Payments: dual-provider divergence (Session 7h)
+
+The frontend `/api/checkout` (Next.js) creates **NexaPay** payment
+links and is what `web/src/components/Pricing.tsx` CTAs currently hit.
+The Express `POST /api/stripe/checkout` (Stripe Checkout Sessions) is
+fully wired, tested in test mode against real Stripe resources
+(products + prices + webhook all created), and ready for traffic —
+but no frontend caller invokes it yet. Cutover work for a follow-up
+session:
+
+1. Replace `web/src/app/api/checkout/route.ts` body to fetch
+   `${BACKEND_URL}/api/stripe/checkout` with the user's bearer token
+   instead of calling NexaPay's `createPaymentLink`.
+2. Wire `Pricing.tsx` CTAs through that same Next.js route (response
+   shape is already `{ url, ... }`-compatible; Express returns
+   `{ checkout_url, session_id }`, so the proxy needs to remap
+   `checkout_url → url`).
+3. Add `/upgrade/success?session_id=...` and `/upgrade/cancel` pages.
+   Current Stripe `success_url` points at `/scan?upgraded=true` and
+   `cancel_url` at `/#pricing` — those work but a confirmation page
+   reads better.
+4. Decide on NexaPay: keep as fallback, remove, or feature-flag.
+
 ---
 
 ## 9. How to update this manifest