feat: onboarding + topic bank UI + channel limit handling

/onboarding: 3-шаговый вайзард (платформа → название/ниша → готово)
login/page.js: новый пользователь → /onboarding, существующий → /
TopicBank.js: просмотр/пополнение/добавление/удаление тем
ChannelEdit AI-стиль: TopicBank компонент внизу вкладки
channels/new: при 402 CHANNEL_LIMIT_REACHED → ошибка + redirect /plans
lib/engine.js: ENGINE_URL дефолт 3040 → 3030
API routes: /api/topics-bank/[channelId]/{refill,add}, /item/[id]

app/api/auth/login/route.js

@@ -25,7 +25,17 @@ export async function POST(req) {
     s.email = user.email;
     s.isAdmin = !!user.is_admin;
     await s.save();
-    return NextResponse.json({ ok: true, user });
+
+    // Инициализируем баланс нового пользователя (Free план, 50 кредитов)
+    try {
+      const ENGINE_URL    = process.env.ENGINE_URL    || 'http://127.0.0.1:3030';
+      const ENGINE_SECRET = process.env.ENGINE_SECRET || '';
+      await fetch(`${ENGINE_URL}/api/billing/balance`, {
+        headers: { 'x-internal-secret': ENGINE_SECRET, 'x-user-id': String(user.id) },
+      });
+    } catch {}
+
+    return NextResponse.json({ ok: true, user, isNew: true });
   }
 
   // login

app/api/channels/route.js

@@ -21,6 +21,7 @@ export async function POST(req) {
     const channel = await engine.createChannel(user.id, body);
     return NextResponse.json(channel);
   } catch (err) {
-    return NextResponse.json({ error: err.message }, { status: 500 });
+    const status = err.status === 402 ? 402 : 500;
+    return NextResponse.json({ error: err.message, code: err.code }, { status });
   }
 }

app/api/topics-bank/[channelId]/add/route.js

@@ -0,0 +1,17 @@
+import { NextResponse } from 'next/server';
+import { requireUser } from '@/lib/session';
+
+const ENGINE_URL    = process.env.ENGINE_URL    || 'http://localhost:3030';
+const ENGINE_SECRET = process.env.ENGINE_SECRET || '';
+
+export async function POST(req, { params }) {
+  const user = await requireUser();
+  if (!user) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
+  const body = await req.json();
+  const res = await fetch(`${ENGINE_URL}/api/generate/topics-bank/${params.channelId}/add`, {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json', 'x-internal-secret': ENGINE_SECRET },
+    body: JSON.stringify(body),
+  });
+  return NextResponse.json(await res.json());
+}

app/api/topics-bank/[channelId]/refill/route.js

@@ -0,0 +1,14 @@
+import { NextResponse } from 'next/server';
+import { requireUser } from '@/lib/session';
+
+const ENGINE_URL    = process.env.ENGINE_URL    || 'http://localhost:3030';
+const ENGINE_SECRET = process.env.ENGINE_SECRET || '';
+
+export async function POST(req, { params }) {
+  const user = await requireUser();
+  if (!user) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
+  const res = await fetch(`${ENGINE_URL}/api/generate/topics-bank/${params.channelId}/refill`, {
+    method: 'POST', headers: { 'x-internal-secret': ENGINE_SECRET },
+  });
+  return NextResponse.json(await res.json());
+}

app/api/topics-bank/[channelId]/route.js

@@ -0,0 +1,14 @@
+import { NextResponse } from 'next/server';
+import { requireUser } from '@/lib/session';
+
+const ENGINE_URL    = process.env.ENGINE_URL    || 'http://localhost:3030';
+const ENGINE_SECRET = process.env.ENGINE_SECRET || '';
+const h = { 'x-internal-secret': ENGINE_SECRET };
+
+export async function GET(req, { params }) {
+  const user = await requireUser();
+  if (!user) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
+  const { searchParams } = new URL(req.url);
+  const res = await fetch(`${ENGINE_URL}/api/generate/topics-bank/${params.channelId}?${searchParams}`, { headers: h });
+  return NextResponse.json(await res.json());
+}

app/api/topics-bank/item/[id]/route.js

@@ -0,0 +1,14 @@
+import { NextResponse } from 'next/server';
+import { requireUser } from '@/lib/session';
+
+const ENGINE_URL    = process.env.ENGINE_URL    || 'http://localhost:3030';
+const ENGINE_SECRET = process.env.ENGINE_SECRET || '';
+
+export async function DELETE(req, { params }) {
+  const user = await requireUser();
+  if (!user) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
+  const res = await fetch(`${ENGINE_URL}/api/generate/topics-bank/item/${params.id}`, {
+    method: 'DELETE', headers: { 'x-internal-secret': ENGINE_SECRET },
+  });
+  return NextResponse.json(await res.json());
+}