@startanaicompany/dns 1.3.0

package/bin/saac_dns.js

@@ -0,0 +1,1340 @@
+#!/usr/bin/env node
+'use strict';
+
+const { Command } = require('commander');
+const Table = require('cli-table3');
+const readline = require('readline');
+const dns = require('../index');
+
+const program = new Command();
+
+program
+  .name('saac_dns')
+  .description('SAAC DNS — Programmatic Domain Registration & DNS Management CLI')
+  .version('1.0.0')
+  .option('--json', 'Output raw JSON')
+  .option('--quiet', 'Minimal output')
+  .option('--verbose', 'Verbose output');
+
+// ─── Helpers ─────────────────────────────────────────────────────────────────
+
+function isJson() { return program.opts().json; }
+function isQuiet() { return program.opts().quiet; }
+function isVerbose() { return program.opts().verbose; }
+
+/** Interactive yes/no prompt using readline (Node.js-safe replacement for browser confirm()) */
+function rlConfirm(question) {
+  // In non-TTY mode (pipes, --json, CI) auto-confirm to avoid hanging
+  if (!process.stdin.isTTY || isJson() || isQuiet()) return Promise.resolve(true);
+  return new Promise((resolve) => {
+    const rl = readline.createInterface({ input: process.stdin, output: process.stderr });
+    rl.question(`${question} [y/N] `, (answer) => {
+      rl.close();
+      resolve(answer.toLowerCase() === 'y' || answer.toLowerCase() === 'yes');
+    });
+  });
+}
+
+function output(data, tableRenderer) {
+  if (isJson()) {
+    console.log(JSON.stringify(data, null, 2));
+  } else if (isQuiet()) {
+    // --quiet: suppress all table/formatted output; only tick() messages are shown
+    return;
+  } else if (isVerbose()) {
+    // --verbose: show table AND raw JSON response
+    if (tableRenderer) tableRenderer(data);
+    console.error('\n[verbose] Raw response:');
+    console.error(JSON.stringify(data, null, 2));
+  } else if (tableRenderer) {
+    tableRenderer(data);
+  } else {
+    console.log(JSON.stringify(data, null, 2));
+  }
+}
+
+function handleError(err) {
+  if (isJson()) {
+    console.error(JSON.stringify({ error: err.message, code: err.code }));
+  } else {
+    console.error(`✗ ${err.message}`);
+  }
+  process.exit(1);
+}
+
+function tick(msg) { if (!isQuiet() && !isJson()) console.log(`✓ ${msg}`); }
+
+// ─── search ──────────────────────────────────────────────────────────────────
+
+program
+  .command('search <domains...>')
+  .description('Check domain availability and pricing')
+  .option('--buy', 'Register the domain if available')
+  .action(async (domains, opts) => {
+    try {
+      const results = await dns.search(domains);
+
+      output(results, (data) => {
+        const table = new Table({
+          head: ['Domain', 'Status', 'Price', 'TLD'],
+          style: { head: ['cyan'] }
+        });
+        data.forEach(r => {
+          table.push([
+            r.fqdn,
+            r.available ? '✓ Available' : '✗ Taken',
+            r.price ? `$${r.price}/yr` : '—',
+            r.tld
+          ]);
+        });
+        console.log(table.toString());
+      });
+
+      if (opts.buy) {
+        const available = results.filter(r => r.available);
+        for (const r of available) {
+          const confirmed = await rlConfirm(`Register ${r.fqdn} for $${r.price}/yr?`);
+          if (confirmed) {
+            const res = await dns.buy(r.fqdn);
+            tick(`Domain ${r.fqdn} registered!`);
+            if (isJson()) console.log(JSON.stringify(res, null, 2));
+          }
+        }
+      }
+    } catch (err) { handleError(err); }
+  });
+
+// ─── buy ─────────────────────────────────────────────────────────────────────
+
+program
+  .command('buy <domain>')
+  .description('Register a domain')
+  .option('--years <n>', 'Registration years', '1')
+  .option('--privacy', 'Enable WHOIS privacy', false)
+  .option('--no-auto-renew', 'Disable auto-renewal')
+  .action(async (domain, opts) => {
+    try {
+      const result = await dns.buy(domain, {
+        years: parseInt(opts.years),
+        privacy: opts.privacy,
+        autoRenew: opts.autoRenew !== false
+      });
+      if (result.status === 'pending_confirmation') {
+        tick(`Purchase initiated for ${domain} — awaiting human approval`);
+        output(result, (r) => {
+          console.log(`\n  A confirmation code has been sent to the account owner by email.`);
+          console.log(`  The code was NOT included here — only the account owner can see it.`);
+          console.log(`  Expires in ${Math.floor(r.expiresIn / 60)} min.`);
+          console.log(`\n  Once the account owner provides the code, run:`);
+          console.log(`  saac_dns buy-confirm <code>`);
+        });
+      } else {
+        tick(`Domain ${domain} registered successfully!`);
+        output(result, (d) => {
+          console.log(`  Domain:     ${d.domain?.fqdn || domain}`);
+          console.log(`  Status:     ${d.domain?.status || 'active'}`);
+          console.log(`  Expires:    ${d.domain?.expires_at ? new Date(d.domain.expires_at).toDateString() : 'in 1 year'}`);
+          console.log(`  Price:      $${d.price}/yr`);
+          console.log(`  Auto-renew: ${d.domain?.auto_renew ? 'on' : 'off'}`);
+          console.log(`  Nameservers: ${(d.domain?.nameservers || ['ns1.saac.dns','ns2.saac.dns']).join(', ')}`);
+        });
+      }
+    } catch (err) { handleError(err); }
+  });
+
+// ─── buy-confirm ─────────────────────────────────────────────────────────────
+
+program
+  .command('buy-confirm <token>')
+  .description('Confirm a pending domain purchase using the token from buy')
+  .action(async (token) => {
+    try {
+      const result = await dns.confirmPurchase(token);
+      tick(`Domain ${result.domain?.fqdn || result.domain} registered successfully`);
+      output(result, (r) => {
+        const d = r.domain;
+        if (d) {
+          console.log(`  Domain:  ${d.fqdn}`);
+          console.log(`  Status:  ${d.status}`);
+          console.log(`  Expires: ${d.expires_at}`);
+          console.log(`  Price:   $${r.price}/yr`);
+        }
+      });
+    } catch (err) { handleError(err); }
+  });
+
+// ─── buy-drop ─────────────────────────────────────────────────────────────────
+program
+  .command('buy-drop <domain>')
+  .description('Register an expiring/dropped domain (drop-catching)')
+  .option('--years <n>', 'Registration years', '1')
+  .option('--privacy', 'Enable WHOIS privacy', false)
+  .option('--no-auto-renew', 'Disable auto-renewal')
+  .action(async (domain, opts) => {
+    try {
+      const result = await dns.buyDrop(domain, {
+        years: parseInt(opts.years),
+        privacy: opts.privacy,
+        autoRenew: opts.autoRenew !== false
+      });
+      tick(`Drop registration initiated for ${domain}`);
+      output(result, (r) => {
+        if (r.order_amount) console.log(`  Order amount: $${r.order_amount}`);
+      });
+    } catch (err) { handleError(err); }
+  });
+
+// ─── list ─────────────────────────────────────────────────────────────────────
+
+program
+  .command('list')
+  .description('List all your domains')
+  .action(async () => {
+    try {
+      const domains = await dns.list();
+      output(domains, (data) => {
+        if (!data.length) { console.log('No domains found.'); return; }
+        const table = new Table({
+          head: ['Domain', 'Status', 'Expires', 'Auto-Renew', 'Locked'],
+          style: { head: ['cyan'] }
+        });
+        data.forEach(d => {
+          table.push([
+            d.fqdn,
+            d.status || 'active',
+            d.expires_at ? new Date(d.expires_at).toDateString() : '—',
+            d.auto_renew ? 'on' : 'off',
+            d.locked ? 'yes' : 'no'
+          ]);
+        });
+        console.log(table.toString());
+        console.log(`\nTotal: ${data.length} domain(s)`);
+      });
+    } catch (err) { handleError(err); }
+  });
+
+// ─── info ─────────────────────────────────────────────────────────────────────
+
+program
+  .command('info <domain>')
+  .description('Get full domain details')
+  .action(async (domain) => {
+    try {
+      const info = await dns.info(domain);
+      output(info, (d) => {
+        console.log(`\nDomain: ${d.fqdn}`);
+        console.log(`  Status:      ${d.status}`);
+        console.log(`  Registered:  ${d.registered_at ? new Date(d.registered_at).toDateString() : '—'}`);
+        console.log(`  Expires:     ${d.expires_at ? new Date(d.expires_at).toDateString() : '—'}`);
+        console.log(`  Auto-Renew:  ${d.auto_renew ? 'on' : 'off'}`);
+        console.log(`  Nameservers: ${(d.nameservers || []).join(', ')}`);
+      });
+    } catch (err) { handleError(err); }
+  });
+
+// ─── records ─────────────────────────────────────────────────────────────────
+
+const recordsCmd = program.command('records').description('DNS record management');
+
+recordsCmd
+  .command('list <domain>')
+  .description('List DNS records for a domain')
+  .option('--type <type>', 'Filter by record type (A, CNAME, MX, TXT...)')
+  .action(async (domain, opts) => {
+    try {
+      let recs = await dns.records.list(domain);
+      if (opts.type) recs = recs.filter(r => r.type === opts.type.toUpperCase());
+      output(recs, (data) => {
+        if (!data.length) { console.log('No records found.'); return; }
+        const table = new Table({
+          head: ['ID', 'Type', 'Name', 'Value', 'TTL', 'Priority'],
+          style: { head: ['cyan'] }
+        });
+        data.forEach(r => {
+          table.push([
+            r.id.slice(0, 8) + '...',
+            r.type,
+            r.name,
+            r.value.length > 40 ? r.value.slice(0, 37) + '...' : r.value,
+            r.ttl,
+            r.priority || '—'
+          ]);
+        });
+        console.log(table.toString());
+        console.log(`\nTotal: ${data.length} record(s)`);
+      });
+    } catch (err) { handleError(err); }
+  });
+
+recordsCmd
+  .command('add <domain> <type> <name> <value>')
+  .description('Add a DNS record  (e.g.: records add cool.io A @ 1.2.3.4)')
+  .option('--ttl <seconds>', 'TTL in seconds', '300')
+  .option('--priority <n>', 'Priority (for MX/SRV records)')
+  .option('--file <path>', 'Bulk import from JSON file')
+  .action(async (domain, type, name, value, opts) => {
+    try {
+      if (opts.file) {
+        const fs = require('fs');
+        const records = JSON.parse(fs.readFileSync(opts.file, 'utf8'));
+        const results = await dns.importRecords(domain, records);
+        tick(`Imported ${results.length} records to ${domain}`);
+        if (isJson()) console.log(JSON.stringify(results, null, 2));
+        return;
+      }
+      const record = await dns.records.add(domain, {
+        type, name, value,
+        ttl: parseInt(opts.ttl),
+        priority: opts.priority ? parseInt(opts.priority) : undefined
+      });
+      tick(`${type} record added to ${domain}`);
+      output(record, (r) => {
+        console.log(`  ID:    ${r.id}`);
+        console.log(`  Type:  ${r.type}`);
+        console.log(`  Name:  ${r.name}`);
+        console.log(`  Value: ${r.value}`);
+        console.log(`  TTL:   ${r.ttl}s`);
+      });
+    } catch (err) { handleError(err); }
+  });
+
+recordsCmd
+  .command('update <domain> <id>')
+  .description('Update a DNS record by ID')
+  .option('--type <type>', 'Record type')
+  .option('--name <name>', 'Record name/host')
+  .option('--value <value>', 'Record value')
+  .option('--ttl <seconds>', 'TTL in seconds')
+  .option('--priority <n>', 'Priority')
+  .action(async (domain, id, opts) => {
+    try {
+      const record = await dns.records.update(domain, id, {
+        type: opts.type,
+        name: opts.name,
+        value: opts.value,
+        ttl: opts.ttl ? parseInt(opts.ttl) : undefined,
+        priority: opts.priority ? parseInt(opts.priority) : undefined
+      });
+      tick(`Record ${id.slice(0,8)}... updated`);
+      output(record, (r) => {
+        console.log(`  ID:    ${r.id}`);
+        console.log(`  Type:  ${r.type}`);
+        console.log(`  Name:  ${r.name}`);
+        console.log(`  Value: ${r.value}`);
+        console.log(`  TTL:   ${r.ttl}s`);
+      });
+    } catch (err) { handleError(err); }
+  });
+
+recordsCmd
+  .command('delete <domain> <id>')
+  .description('Delete a DNS record by ID')
+  .action(async (domain, id) => {
+    try {
+      await dns.records.delete(domain, id);
+      tick(`Record ${id.slice(0,8)}... deleted from ${domain}`);
+    } catch (err) { handleError(err); }
+  });
+
+recordsCmd
+  .command('export <domain>')
+  .description('Export all DNS records as JSON (pipe to file: saac_dns records export cool.io > records.json)')
+  .option('--format <fmt>', 'Output format: json (default)', 'json')
+  .option('--out <file>', 'Write output to file instead of stdout')
+  .action(async (domain, opts) => {
+    try {
+      const records = await dns.exportRecords(domain);
+      const json = JSON.stringify(records, null, 2);
+      if (opts.out) {
+        const fs = require('fs');
+        fs.writeFileSync(opts.out, json, 'utf8');
+        tick(`${records.length} record(s) exported to ${opts.out}`);
+      } else {
+        // Always output raw JSON for export (suitable for piping)
+        console.log(json);
+        if (!isJson()) console.error(`  ✓ ${records.length} record(s) from ${domain}`);
+      }
+    } catch (err) { handleError(err); }
+  });
+
+// ─── ns (nameservers) ─────────────────────────────────────────────────────────
+
+const nsCmd = program.command('ns').description('Nameserver management');
+
+nsCmd
+  .command('set <domain> <nameservers...>')
+  .description('Set nameservers for a domain')
+  .action(async (domain, nameserverList) => {
+    try {
+      const result = await dns.nameservers.set(domain, nameserverList);
+      tick(`Nameservers updated for ${domain}`);
+      output(result, () => {
+        console.log(`  Nameservers: ${nameserverList.join(', ')}`);
+      });
+    } catch (err) { handleError(err); }
+  });
+
+nsCmd
+  .command('list <domain>')
+  .description('List nameservers for a domain')
+  .action(async (domain) => {
+    try {
+      const ns = await dns.nameservers.list(domain);
+      output(ns, (data) => {
+        console.log(`Nameservers for ${domain}:`);
+        data.forEach((n, i) => console.log(`  ${i + 1}. ${n}`));
+      });
+    } catch (err) { handleError(err); }
+  });
+
+nsCmd
+  .command('register <domain> <host> <ips...>')
+  .description('Register a private nameserver (e.g. ns register example.com ns1.example.com 1.2.3.4)')
+  .action(async (domain, host, ips) => {
+    try {
+      const result = await dns.nameservers.register(domain, host, ips);
+      tick(`Nameserver ${host} registered for ${domain}`);
+      if (isJson()) console.log(JSON.stringify(result, null, 2));
+    } catch (err) { handleError(err); }
+  });
+
+nsCmd
+  .command('modify <domain> <host> <ips...>')
+  .description('Modify a registered private nameserver IPs')
+  .action(async (domain, host, ips) => {
+    try {
+      const result = await dns.nameservers.modify(domain, host, ips);
+      tick(`Nameserver ${host} updated`);
+      if (isJson()) console.log(JSON.stringify(result, null, 2));
+    } catch (err) { handleError(err); }
+  });
+
+nsCmd
+  .command('unregister <domain> <host>')
+  .description('Unregister/delete a private nameserver')
+  .action(async (domain, host) => {
+    try {
+      await dns.nameservers.unregister(domain, host);
+      tick(`Nameserver ${host} unregistered from ${domain}`);
+    } catch (err) { handleError(err); }
+  });
+
+nsCmd
+  .command('list-registered <domain>')
+  .description('List registered private nameservers for a domain')
+  .action(async (domain) => {
+    try {
+      const hosts = await dns.nameservers.listRegistered(domain);
+      output(hosts, (data) => {
+        if (!data.length) { console.log('No registered nameservers.'); return; }
+        data.forEach((h, i) => console.log(`  ${i + 1}. ${h.host || h} — ${h.ip || ''}`));
+      });
+    } catch (err) { handleError(err); }
+  });
+
+// ─── whois ────────────────────────────────────────────────────────────────────
+
+program
+  .command('whois <domain>')
+  .description('WHOIS lookup for a domain')
+  .action(async (domain) => {
+    try {
+      const info = await dns.whois(domain);
+      output(info, (d) => {
+        console.log(`\nWHOIS: ${domain}`);
+        console.log(`  Registrar:  ${d.registrar || '—'}`);
+        console.log(`  Status:     ${d.status || '—'}`);
+        console.log(`  Created:    ${d.created || d.registered_at || '—'}`);
+        console.log(`  Updated:    ${d.updated || '—'}`);
+        console.log(`  Expires:    ${d.expires || d.expires_at || '—'}`);
+        console.log(`  Nameservers:`);
+        const ns = d.nameservers ? (d.nameservers.nameserver || d.nameservers) : [];
+        (Array.isArray(ns) ? ns : [ns]).forEach(n => console.log(`    - ${n}`));
+      });
+    } catch (err) { handleError(err); }
+  });
+// ─── prices ──────────────────────────────────────────────────────────────────
+
+program
+  .command('prices')
+  .description('Show domain registration prices')
+  .option('--tld <tlds>', 'Comma-separated TLDs (e.g. com,io,dev)')
+  .action(async (opts) => {
+    try {
+      const tlds = opts.tld ? opts.tld.split(',').map(t => t.startsWith('.') ? t : `.${t}`) : null;
+      const priceData = await dns.prices(tlds);
+      output(priceData, (data) => {
+        const table = new Table({
+          head: ['TLD', 'Price/yr'],
+          style: { head: ['cyan'] }
+        });
+        Object.entries(data).forEach(([tld, price]) => {
+          table.push([tld, `$${price}`]);
+        });
+        console.log(table.toString());
+      });
+    } catch (err) { handleError(err); }
+  });
+
+// ─── lock ────────────────────────────────────────────────────────────────────
+
+program
+  .command('lock <domain>')
+  .description('Lock a domain to prevent unauthorized transfers')
+  .action(async (domain) => {
+    try {
+      const result = await dns.lock(domain);
+      tick(`Domain ${domain} locked`);
+      if (isJson()) console.log(JSON.stringify(result, null, 2));
+    } catch (err) { handleError(err); }
+  });
+
+// ─── unlock ──────────────────────────────────────────────────────────────────
+
+program
+  .command('unlock <domain>')
+  .description('Unlock a domain (e.g. before initiating a transfer)')
+  .action(async (domain) => {
+    try {
+      const result = await dns.unlock(domain);
+      tick(`Domain ${domain} unlocked`);
+      if (isJson()) console.log(JSON.stringify(result, null, 2));
+    } catch (err) { handleError(err); }
+  });
+
+// ─── auto-renew ──────────────────────────────────────────────────────────────
+
+program
+  .command('auto-renew <domain> <on|off>')
+  .description('Toggle auto-renewal for a domain')
+  .action(async (domain, toggle) => {
+    try {
+      const enabled = toggle === 'on';
+      const result = await dns.autoRenew(domain, enabled);
+      tick(`Auto-renewal ${enabled ? 'enabled' : 'disabled'} for ${domain}`);
+      if (isJson()) console.log(JSON.stringify(result, null, 2));
+    } catch (err) { handleError(err); }
+  });
+
+// ─── privacy ─────────────────────────────────────────────────────────────────
+
+program
+  .command('privacy <domain> <on|off>')
+  .description('Toggle WHOIS privacy for a domain')
+  .action(async (domain, toggle) => {
+    try {
+      const enabled = toggle === 'on';
+      const result = await dns.privacy(domain, enabled);
+      tick(`WHOIS privacy ${enabled ? 'enabled' : 'disabled'} for ${domain}`);
+      if (isJson()) console.log(JSON.stringify(result, null, 2));
+    } catch (err) { handleError(err); }
+  });
+
+// ─── renew ───────────────────────────────────────────────────────────────────
+
+program
+  .command('renew <domain>')
+  .description('Renew a domain')
+  .option('--years <n>', 'Renewal years', '1')
+  .action(async (domain, opts) => {
+    try {
+      const result = await dns.renew(domain, parseInt(opts.years));
+      tick(`Domain ${domain} renewed for ${opts.years} year(s)`);
+      if (isJson()) console.log(JSON.stringify(result, null, 2));
+    } catch (err) { handleError(err); }
+  });
+
+// ─── account ─────────────────────────────────────────────────────────────────
+
+const accountCmd = program.command('account').description('Account management');
+
+accountCmd
+  .command('balance')
+  .description('Check account balance')
+  .option('--warn-below <amount>', 'Show warning if balance is below this amount (default: 20)', '20')
+  .action(async (opts) => {
+    try {
+      const data = await dns.account.balance();
+      output(data, (d) => {
+        const bal = parseFloat(d.balance || '0');
+        const warnThreshold = parseFloat(opts.warnBelow) || 20;
+        console.log(`\nAccount Balance: $${bal.toFixed(2)} USD`);
+        if (bal < warnThreshold) {
+          console.warn(`\nWARNING: Balance ($${bal.toFixed(2)}) is below warning threshold ($${warnThreshold.toFixed(2)}). Please top up your account.`);
+        }
+      });
+    } catch (err) { handleError(err); }
+  });
+
+accountCmd
+  .command('fund <amount>')
+  .description('Add funds to your account (requires a saved payment method ID)')
+  .option('--payment-id <id>', 'Saved payment method ID')
+  .action(async (amount, opts) => {
+    try {
+      if (!opts.paymentId) {
+        console.error('✗ --payment-id is required. Run: saac_dns account payment-methods');
+        process.exit(1);
+      }
+      const result = await dns.account.addFunds(parseFloat(amount), opts.paymentId);
+      tick(`$${amount} added to account`);
+      if (isJson()) console.log(JSON.stringify(result, null, 2));
+    } catch (err) { handleError(err); }
+  });
+
+accountCmd
+  .command('payment-methods')
+  .description('List saved payment methods')
+  .action(async () => {
+    try {
+      const methods = await dns.account.listPaymentMethods();
+      output(methods, (data) => {
+        if (!data.length) { console.log('No saved payment methods.'); return; }
+        const table = new Table({
+          head: ['ID', 'Type', 'Last 4', 'Expiry'],
+          style: { head: ['cyan'] }
+        });
+        data.forEach(m => table.push([m.id || m.payment_id || '—', m.type || '—', m.last4 || '—', m.expiry || '—']));
+        console.log(table.toString());
+      });
+    } catch (err) { handleError(err); }
+  });
+
+// ─── config ──────────────────────────────────────────────────────────────────
+
+program
+  .command('config')
+  .description('View or set default preferences')
+  .option('--privacy <on|off>', 'Default WHOIS privacy')
+  .option('--auto-renew <on|off>', 'Default auto-renewal')
+  .option('--ttl <seconds>', 'Default TTL for DNS records')
+  .option('--require-purchase-confirmation <on|off>', 'Require email confirmation before domain purchase (set off for agent/automation use)')
+  .action(async (opts) => {
+    try {
+      const me = await dns.account.me();
+      if (!opts.privacy && !opts.autoRenew && !opts.ttl && !opts.requirePurchaseConfirmation) {
+        output(me, (d) => {
+          console.log('\nCurrent config:');
+          console.log(`  Email:   ${d.email}`);
+          console.log(`  API Key: ${d.api_key ? d.api_key.slice(0,10) + '...' : '—'}`);
+          console.log(`  Domains: ${d.stats?.domains || 0}`);
+          console.log('\nEnvironment:');
+          console.log(`  SAAC_USER_API_KEY: ${process.env.SAAC_USER_API_KEY ? '✓ Set' : '✗ Not set'}`);
+          console.log(`  SAAC_USER_EMAIL:   ${process.env.SAAC_USER_EMAIL ? '✓ Set' : '✗ Not set'}`);
+        });
+      } else {
+        const prefs = {};
+        if (opts.privacy) prefs.default_privacy = opts.privacy === 'on';
+        if (opts.autoRenew) prefs.default_auto_renew = opts.autoRenew === 'on';
+        if (opts.ttl) prefs.default_ttl = parseInt(opts.ttl);
+        if (opts.requirePurchaseConfirmation) prefs.require_purchase_confirmation = opts.requirePurchaseConfirmation === 'on';
+        await dns.account.preferences(prefs);
+        tick('Preferences updated');
+      }
+    } catch (err) { handleError(err); }
+  });
+
+// ─── forward ─────────────────────────────────────────────────────────────────
+
+program
+  .command('forward <domain> <url>')
+  .description('Set up domain forwarding')
+  .action(async (domain, url) => {
+    try {
+      const result = await dns.forwarding.set(domain, url);
+      output(result, () => tick(`${domain} now forwards to ${url}`));
+    } catch (err) { handleError(err); }
+  });
+
+program
+  .command('forward-sub <subdomain> <url>')
+  .description('Set up subdomain forwarding (e.g. forward-sub blog.cool.io https://myblog.com)')
+  .action(async (subdomain, url) => {
+    try {
+      const parts = subdomain.split('.');
+      const sub = parts[0];
+      const domain = parts.slice(1).join('.');
+      const result = await dns.forwarding.setSub(domain, sub, url);
+      output(result, () => tick(`${subdomain} now forwards to ${url}`));
+    } catch (err) { handleError(err); }
+  });
+
+// ─── contacts ────────────────────────────────────────────────────────────────
+
+const contactsCmd = program.command('contacts').description('WHOIS contact management');
+
+contactsCmd
+  .command('list')
+  .description('List contact profiles')
+  .action(async () => {
+    try {
+      const contacts = await dns.contacts.list();
+      output(contacts, (data) => {
+        if (!data.length) { console.log('No contacts found.'); return; }
+        const table = new Table({
+          head: ['ID', 'Name', 'Email', 'Country'],
+          style: { head: ['cyan'] }
+        });
+        data.forEach(c => {
+          table.push([c.id.slice(0,8)+'...', `${c.first_name} ${c.last_name}`, c.email || '—', c.country || '—']);
+        });
+        console.log(table.toString());
+      });
+    } catch (err) { handleError(err); }
+  });
+
+contactsCmd
+  .command('add')
+  .description('Add a new WHOIS contact')
+  .option('--interactive', 'Interactive guided mode', false)
+  .option('--first-name <n>', 'First name')
+  .option('--last-name <n>', 'Last name')
+  .option('--email <e>', 'Email address')
+  .option('--org <o>', 'Organization')
+  .option('--address <a>', 'Street address')
+  .option('--city <c>', 'City')
+  .option('--state <s>', 'State/Province')
+  .option('--zip <z>', 'ZIP/Postal code')
+  .option('--country <cc>', 'Country code (e.g. US)')
+  .option('--phone <p>', 'Phone number (e.g. +1.3125551234)')
+  .action(async (opts) => {
+    try {
+      let contact = {};
+
+      if (opts.interactive) {
+        const readline = require('readline');
+        const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
+        const ask = (q) => new Promise(resolve => rl.question(q, resolve));
+
+        console.log('\nAdd Contact — Interactive Mode\n');
+        contact.first_name = await ask('First name: ');
+        contact.last_name  = await ask('Last name: ');
+        contact.email      = await ask('Email: ');
+        contact.org        = await ask('Organization (optional): ');
+        contact.address    = await ask('Street address: ');
+        contact.city       = await ask('City: ');
+        contact.state      = await ask('State/Province: ');
+        contact.zip        = await ask('ZIP/Postal code: ');
+        contact.country    = await ask('Country code (e.g. US): ');
+        contact.phone      = await ask('Phone (e.g. +1.3125551234): ');
+        rl.close();
+        console.log('');
+      } else {
+        contact = {
+          first_name: opts.firstName,
+          last_name:  opts.lastName,
+          email:      opts.email,
+          org:        opts.org,
+          address:    opts.address,
+          city:       opts.city,
+          state:      opts.state,
+          zip:        opts.zip,
+          country:    opts.country,
+          phone:      opts.phone
+        };
+      }
+
+      const result = await dns.contacts.add(contact);
+      tick(`Contact added (ID: ${result.id || result.contact_id || '—'})`);
+      if (isJson()) console.log(JSON.stringify(result, null, 2));
+    } catch (err) { handleError(err); }
+  });
+
+contactsCmd
+  .command('set <domain>')
+  .description('Assign a contact to a domain')
+  .option('--contact <id>', 'Contact ID')
+  .action(async (domain, opts) => {
+    try {
+      if (!opts.contact) { handleError(new Error('--contact <id> is required')); return; }
+      await dns.contacts.associate(opts.contact, domain);
+      tick(`Contact ${opts.contact.slice(0,8)}... assigned to ${domain}`);
+    } catch (err) { handleError(err); }
+  });
+
+
+contactsCmd
+  .command('update <id>')
+  .description('Update a contact profile')
+  .option('--first-name <name>', 'First name')
+  .option('--last-name <name>', 'Last name')
+  .option('--email <email>', 'Email address')
+  .option('--org <org>', 'Organization')
+  .option('--address <addr>', 'Street address')
+  .option('--city <city>', 'City')
+  .option('--state <state>', 'State/Province')
+  .option('--zip <zip>', 'ZIP/Postal code')
+  .option('--country <cc>', 'Country code (e.g. US)')
+  .option('--phone <phone>', 'Phone number')
+  .action(async (id, opts) => {
+    try {
+      const contact = await dns.contacts.update(id, {
+        first_name: opts.firstName, last_name: opts.lastName,
+        email: opts.email, org: opts.org, address: opts.address,
+        city: opts.city, state: opts.state, zip: opts.zip,
+        country: opts.country, phone: opts.phone
+      });
+      tick(`Contact ${id.slice(0,8)}... updated`);
+      output(contact, (c) => { console.log(`  ID: ${c.id}`); });
+    } catch (err) { handleError(err); }
+  });
+
+contactsCmd
+  .command('delete <id>')
+  .description('Delete a contact profile')
+  .action(async (id) => {
+    try {
+      await dns.contacts.delete(id);
+      tick(`Contact ${id.slice(0,8)}... deleted`);
+    } catch (err) { handleError(err); }
+  });
+
+// ─── Domain Transfer Suite ───────────────────────────────────────────────────
+
+program
+  .command('transfer <domain>')
+  .description('Initiate a domain transfer in')
+  .option('--auth <code>', 'EPP/auth code from current registrar')
+  .option('--years <n>', 'Transfer period in years', '1')
+  .action(async (domain, opts) => {
+    try {
+      if (!opts.auth) { handleError(new Error('--auth <code> is required')); return; }
+      const result = await dns.transfer(domain, opts.auth, { years: parseInt(opts.years) });
+      tick(`Transfer initiated for ${domain}`);
+      output(result, () => console.log(`  Status: Transfer in progress`));
+    } catch (err) { handleError(err); }
+  });
+
+program
+  .command('transfer-check <domain>')
+  .description('Check if a domain is transferable')
+  .action(async (domain) => {
+    try {
+      const result = await dns.transferCheck(domain);
+      output(result, (d) => {
+        console.log(`Domain: ${domain}`);
+        console.log(`Transferable: ${d.transferable || d.code === 300 ? 'Yes' : 'No'}`);
+      });
+    } catch (err) { handleError(err); }
+  });
+
+program
+  .command('transfer-status <domain>')
+  .description('Check the status of an in-progress domain transfer')
+  .action(async (domain) => {
+    try {
+      const result = await dns.transferStatus(domain);
+      output(result, (d) => {
+        console.log(`Domain: ${domain}`);
+        console.log(`Status: ${d.status || '(see JSON output)'}`);
+        if (d.step) console.log(`Step: ${d.step}`);
+        if (d.message) console.log(`Message: ${d.message}`);
+      });
+    } catch (err) { handleError(err); }
+  });
+
+// ─── transfer-update-epp ─────────────────────────────────────────────────────
+program
+  .command('transfer-update-epp <domain>')
+  .description('Update EPP/auth code for an in-progress transfer')
+  .option('--auth <code>', 'New EPP/auth code')
+  .action(async (domain, opts) => {
+    try {
+      if (!opts.auth) { console.error('✗ --auth <code> is required'); process.exit(1); }
+      const result = await dns.transferUpdateEpp(domain, opts.auth);
+      tick(`EPP code updated for ${domain} transfer`);
+      if (isJson()) console.log(JSON.stringify(result, null, 2));
+    } catch (err) { handleError(err); }
+  });
+
+// ─── transfer-resend ──────────────────────────────────────────────────────────
+program
+  .command('transfer-resend <domain>')
+  .description('Resend admin approval email for an in-progress transfer')
+  .action(async (domain) => {
+    try {
+      const result = await dns.transferResendEmail(domain);
+      tick(`Admin approval email resent for ${domain}`);
+      if (isJson()) console.log(JSON.stringify(result, null, 2));
+    } catch (err) { handleError(err); }
+  });
+
+// ─── transfer-resubmit ────────────────────────────────────────────────────────
+program
+  .command('transfer-resubmit <domain>')
+  .description('Resubmit a transfer to the registry')
+  .action(async (domain) => {
+    try {
+      const result = await dns.transferResubmit(domain);
+      tick(`Transfer resubmitted for ${domain}`);
+      if (isJson()) console.log(JSON.stringify(result, null, 2));
+    } catch (err) { handleError(err); }
+  });
+
+program
+  .command('auth-code <domain>')
+  .description('Retrieve EPP/auth code for outbound transfer')
+  .action(async (domain) => {
+    try {
+      const result = await dns.authCode(domain);
+      output(result, (d) => {
+        console.log(`Domain: ${domain}`);
+        console.log(`Auth Code: ${d.auth_code || d.code || '(see JSON output)'}`);
+      });
+    } catch (err) { handleError(err); }
+  });
+
+
+// ─── expiring ─────────────────────────────────────────────────────────────────
+
+program
+  .command('expiring')
+  .description('List domains expiring soon')
+  .option('--days <n>', 'Days ahead to check', '30')
+  .action(async (opts) => {
+    try {
+      const domains = await dns.expiring(parseInt(opts.days));
+      output(domains, (data) => {
+        if (!data.length) { console.log(`No domains expiring in the next ${opts.days} days.`); return; }
+        const table = new Table({
+          head: ['Domain', 'Expires At', 'Auto Renew'],
+          style: { head: ['cyan'] }
+        });
+        data.forEach(d => {
+          table.push([d.fqdn, d.expires_at ? new Date(d.expires_at).toLocaleDateString() : '—', d.auto_renew ? 'Yes' : 'No']);
+        });
+        console.log(table.toString());
+      });
+    } catch (err) { handleError(err); }
+  });
+
+// ─── key management ───────────────────────────────────────────────────────────────────────────
+
+const keyCmd = program.command('key').description('API key and security management');
+
+keyCmd
+  .command('rotate')
+  .description('Rotate your SAAC API key')
+  .action(async () => {
+    try {
+      const result = await dns.account.rotateKey();
+      tick('API key rotated');
+      output(result, () => {
+        console.log(`  New API key: ${result.api_key}`);
+        console.log(`  Update SAAC_USER_API_KEY in your environment.`);
+      });
+    } catch (err) { handleError(err); }
+  });
+
+const allowlistCmd = keyCmd.command('allowlist').description('IP allowlist management');
+
+allowlistCmd
+  .command('list')
+  .description('List allowed IPs')
+  .action(async () => {
+    try {
+      const result = await dns.account.allowlist.list();
+      output(result, (data) => {
+        if (!data.ip_allowlist || !data.ip_allowlist.length) {
+          console.log('No IP restrictions set (all IPs allowed)');
+        } else {
+          data.ip_allowlist.forEach((ip, i) => console.log(`  ${i + 1}. ${ip}`));
+        }
+      });
+    } catch (err) { handleError(err); }
+  });
+
+allowlistCmd
+  .command('add <ip>')
+  .description('Add IP or CIDR to allowlist')
+  .action(async (ip) => {
+    try {
+      const result = await dns.account.allowlist.add(ip);
+      tick(`${ip} added to allowlist`);
+      output(result, (data) => console.log(`  Total IPs: ${data.ip_allowlist.length}`));
+    } catch (err) { handleError(err); }
+  });
+
+allowlistCmd
+  .command('remove <ip>')
+  .description('Remove IP or CIDR from allowlist')
+  .action(async (ip) => {
+    try {
+      const result = await dns.account.allowlist.remove(ip);
+      tick(`${ip} removed from allowlist`);
+      output(result, (data) => console.log(`  Remaining IPs: ${data.ip_allowlist.length}`));
+    } catch (err) { handleError(err); }
+  });
+
+// ─── setup-web ───────────────────────────────────────────────────────────────
+
+program
+  .command('setup-web <domain>')
+  .description('Set up web DNS records (A + CNAME). Use --hosting for provider templates.')
+  .option('--ip <address>', 'IP address for A record')
+  .option('--hosting <provider>', 'Hosting provider: vercel, netlify, cloudflare, railway, render')
+  .action(async (domain, opts) => {
+    try {
+      const target = opts.hosting || opts.ip;
+      if (!target) {
+        console.error('✗ Provide --hosting <provider> or --ip <address>');
+        console.error('  Providers: vercel, netlify, cloudflare, railway, render');
+        process.exit(1);
+      }
+      const result = await dns.setupWeb(domain, target);
+      tick(result.message);
+      if (result.note) console.log(`  Note: ${result.note}`);
+      output(result, (r) => {
+        console.log(`  Records added: ${r.records ? r.records.length : 0}`);
+      });
+    } catch (err) { handleError(err); }
+  });
+
+// ─── setup-email ─────────────────────────────────────────────────────────────
+
+program
+  .command('setup-email <domain> [provider]')
+  .description('Set up email DNS records (MX + SPF + DMARC) for an email provider')
+  .option('--provider <name>', 'Email provider: gmail, office365, microsoft365, zoho, titan', 'gmail')
+  .action(async (domain, providerArg, opts) => {
+    try {
+      // Support both positional arg (setup-email domain.com titan) and --provider flag
+      const provider = providerArg || opts.provider || 'gmail';
+      const result = await dns.setupEmail(domain, provider);
+      tick(result.message);
+      if (result.note && !isJson()) console.log(`  Next step: ${result.note}`);
+      output(result, (r) => {
+        console.log(`  Records added: ${r.records ? r.records.length : 0}`);
+        if (r.note) console.log(`  Note: ${r.note}`);
+      });
+    } catch (err) { handleError(err); }
+  });
+
+// ─── clone-dns ───────────────────────────────────────────────────────────────
+
+program
+  .command('clone-dns <source> <target>')
+  .description('Clone all DNS records from one domain to another')
+  .action(async (source, target) => {
+    try {
+      const result = await dns.cloneDns(source, target);
+      tick(result.message);
+      output(result, (r) => {
+        console.log(`  Cloned: ${r.cloned}`);
+        if (r.failed) console.log(`  Failed: ${r.failed}`);
+      });
+    } catch (err) { handleError(err); }
+  });
+
+// ─── email-fwd ───────────────────────────────────────────────────────────────
+
+const emailFwdCmd = program.command('email-fwd').description('Email forwarding management');
+
+emailFwdCmd
+  .command('list <domain>')
+  .description('List email forwards for a domain')
+  .action(async (domain) => {
+    try {
+      const forwards = await dns.email.list(domain);
+      output(forwards, (data) => {
+        if (!data.length) { console.log('No email forwards configured.'); return; }
+        const table = new Table({
+          head: ['From', 'To'],
+          style: { head: ['cyan'] }
+        });
+        data.forEach(f => table.push([f.from_email || f.email2 || '—', f.to_email || f.forward2 || '—']));
+        console.log(table.toString());
+      });
+    } catch (err) { handleError(err); }
+  });
+
+emailFwdCmd
+  .command('add <domain> <from> <to>')
+  .description('Add email forward: <from>@domain → <to>')
+  .action(async (domain, from, to) => {
+    try {
+      const result = await dns.email.forward(domain, from, to);
+      tick(`Email forward ${from}@${domain} → ${to} configured`);
+      if (isJson()) console.log(JSON.stringify(result, null, 2));
+    } catch (err) { handleError(err); }
+  });
+
+emailFwdCmd
+  .command('delete <domain> <from>')
+  .description('Delete email forward for <from>@domain')
+  .action(async (domain, from) => {
+    try {
+      await dns.email.deleteForward(domain, from);
+      tick(`Email forward ${from}@${domain} deleted`);
+    } catch (err) { handleError(err); }
+  });
+
+// ─── dnssec ──────────────────────────────────────────────────────────────────
+
+const dnssecCmd = program.command('dnssec').description('DNSSEC management');
+
+dnssecCmd
+  .command('list <domain>')
+  .description('List DNSSEC records for a domain')
+  .action(async (domain) => {
+    try {
+      const records = await dns.dnssec.list(domain);
+      output(records, (data) => {
+        if (!data.length) { console.log('No DNSSEC records configured.'); return; }
+        const table = new Table({
+          head: ['Algorithm', 'Key Tag', 'Digest Type', 'Digest'],
+          style: { head: ['cyan'] }
+        });
+        data.forEach(r => table.push([r.algorithm || '—', r.key_tag || '—', r.digest_type || '—', (r.digest || '—').slice(0, 20) + '...']));
+        console.log(table.toString());
+      });
+    } catch (err) { handleError(err); }
+  });
+
+dnssecCmd
+  .command('add <domain>')
+  .description('Add a DNSSEC DS record')
+  .option('--algorithm <n>', 'Algorithm number')
+  .option('--key-tag <n>', 'Key tag number')
+  .option('--digest-type <n>', 'Digest type number')
+  .option('--digest <hash>', 'Digest hash value')
+  .action(async (domain, opts) => {
+    try {
+      if (!opts.algorithm || !opts.keyTag || !opts.digestType || !opts.digest) {
+        console.error('✗ All of --algorithm, --key-tag, --digest-type, --digest are required');
+        process.exit(1);
+      }
+      const result = await dns.dnssec.add(domain, {
+        algorithm: opts.algorithm,
+        key_tag: opts.keyTag,
+        digest_type: opts.digestType,
+        digest: opts.digest
+      });
+      tick(`DNSSEC record added to ${domain}`);
+      if (isJson()) console.log(JSON.stringify(result, null, 2));
+    } catch (err) { handleError(err); }
+  });
+
+dnssecCmd
+  .command('delete <domain>')
+  .description('Delete a DNSSEC DS record')
+  .option('--algorithm <n>', 'Algorithm number')
+  .option('--key-tag <n>', 'Key tag number')
+  .option('--digest-type <n>', 'Digest type number')
+  .option('--digest <hash>', 'Digest hash value')
+  .action(async (domain, opts) => {
+    try {
+      await dns.dnssec.delete(domain, {
+        algorithm: opts.algorithm,
+        key_tag: opts.keyTag,
+        digest_type: opts.digestType,
+        digest: opts.digest
+      });
+      tick(`DNSSEC record deleted from ${domain}`);
+    } catch (err) { handleError(err); }
+  });
+
+// ─── portfolio ────────────────────────────────────────────────────────────────
+const portfolioCmd = program.command('portfolio').description('Domain portfolio management');
+
+portfolioCmd
+  .command('list')
+  .description('List all portfolios')
+  .action(async () => {
+    try {
+      const portfolios = await dns.portfolio.list();
+      output(portfolios, (data) => {
+        if (!data.length) { console.log('No portfolios found.'); return; }
+        const table = new Table({ head: ['Name', 'Domains'], style: { head: ['cyan'] } });
+        data.forEach(p => table.push([p.name || '—', p.domains || 0]));
+        console.log(table.toString());
+      });
+    } catch (err) { handleError(err); }
+  });
+
+portfolioCmd
+  .command('create <name>')
+  .description('Create a new portfolio')
+  .action(async (name) => {
+    try {
+      const result = await dns.portfolio.create(name);
+      tick(`Portfolio '${name}' created`);
+      if (isJson()) console.log(JSON.stringify(result, null, 2));
+    } catch (err) { handleError(err); }
+  });
+
+portfolioCmd
+  .command('delete <name>')
+  .description('Delete a portfolio')
+  .action(async (name) => {
+    try {
+      await dns.portfolio.delete(name);
+      tick(`Portfolio '${name}' deleted`);
+    } catch (err) { handleError(err); }
+  });
+
+portfolioCmd
+  .command('assign <name> <domains...>')
+  .description('Assign domains to a portfolio')
+  .action(async (name, domains) => {
+    try {
+      const result = await dns.portfolio.assign(name, domains);
+      tick(`${domains.length} domain(s) assigned to '${name}'`);
+      if (isJson()) console.log(JSON.stringify(result, null, 2));
+    } catch (err) { handleError(err); }
+  });
+
+// ─── orders ──────────────────────────────────────────────────────────────────
+const ordersCmd = program.command('orders').description('Order management');
+
+ordersCmd
+  .command('list')
+  .description('List all orders')
+  .action(async () => {
+    try {
+      const orderList = await dns.orders.list();
+      output(orderList, (data) => {
+        if (!data.length) { console.log('No orders found.'); return; }
+        const table = new Table({ head: ['Order #', 'Domain', 'Amount', 'Date', 'Status'], style: { head: ['cyan'] } });
+        data.forEach(o => table.push([o.order_number || '—', o.domain || '—', o.amount ? `$${o.amount}` : '—', o.date || '—', o.status || '—']));
+        console.log(table.toString());
+      });
+    } catch (err) { handleError(err); }
+  });
+
+ordersCmd
+  .command('details <orderNumber>')
+  .description('Get details for a specific order')
+  .action(async (orderNumber) => {
+    try {
+      const order = await dns.orders.details(orderNumber);
+      output(order, (o) => {
+        console.log(`Order: ${o.order_number || orderNumber}`);
+        console.log(`  Domain: ${o.domain || '—'}`);
+        console.log(`  Amount: $${o.amount || '—'}`);
+        console.log(`  Date:   ${o.date || '—'}`);
+        console.log(`  Status: ${o.status || '—'}`);
+      });
+    } catch (err) { handleError(err); }
+  });
+
+// ─── push ─────────────────────────────────────────────────────────────────────
+program
+  .command('push <domain>')
+  .description('Push a domain to another NameSilo account')
+  .option('--to <email>', 'Target account email')
+  .action(async (domain, opts) => {
+    try {
+      if (!opts.to) { console.error('✗ --to <email> is required'); process.exit(1); }
+      const result = await dns.push(domain, opts.to);
+      tick(`Domain ${domain} pushed to ${opts.to}`);
+      if (isJson()) console.log(JSON.stringify(result, null, 2));
+    } catch (err) { handleError(err); }
+  });
+
+// ─── verify-status ───────────────────────────────────────────────────────────
+program
+  .command('verify-status')
+  .description('Check registrant verification status')
+  .action(async () => {
+    try {
+      const result = await dns.verificationStatus();
+      output(result, (r) => {
+        console.log(`Verified: ${r.verified ? '✓ Yes' : '✗ No'}`);
+        if (r.email) console.log(`Email: ${r.email}`);
+      });
+    } catch (err) { handleError(err); }
+  });
+
+// ─── verify-email ─────────────────────────────────────────────────────────────
+program
+  .command('verify-email <email>')
+  .description('Send email verification for registrant')
+  .action(async (email) => {
+    try {
+      const result = await dns.emailVerify(email);
+      tick(`Verification email sent to ${email}`);
+      if (isJson()) console.log(JSON.stringify(result, null, 2));
+    } catch (err) { handleError(err); }
+  });
+
+// ─── webhooks ─────────────────────────────────────────────────────────────────
+
+const webhooksCmd = program.command('webhooks').description('Webhook notification management');
+
+webhooksCmd
+  .command('list')
+  .description('List registered webhooks')
+  .action(async () => {
+    try {
+      const hooks = await dns.webhooks.list();
+      output(hooks, (data) => {
+        if (!data.length) { console.log('No webhooks registered.'); return; }
+        const table = new Table({ head: ['ID', 'URL', 'Events', 'Active', 'Last Status'], style: { head: ['cyan'] } });
+        data.forEach(h => table.push([h.id.slice(0, 8) + '...', h.url.slice(0, 40), (h.events || []).join(', '), h.active ? '✓' : '✗', h.last_status_code || '—']));
+        console.log(table.toString());
+      });
+    } catch (err) { handleError(err); }
+  });
+
+webhooksCmd
+  .command('add <url>')
+  .description('Register a webhook URL')
+  .option('--events <events>', 'Comma-separated events (default: domain.expiring,purchase.confirmed)', 'domain.expiring,purchase.confirmed')
+  .option('--secret <secret>', 'Signing secret for HMAC verification')
+  .action(async (url, opts) => {
+    try {
+      const events = opts.events.split(',').map(e => e.trim());
+      const result = await dns.webhooks.add(url, events, opts.secret);
+      tick(`Webhook registered (ID: ${result.id})`);
+      output(result, (r) => {
+        console.log(`  URL:    ${r.url}`);
+        console.log(`  Events: ${(r.events || []).join(', ')}`);
+        console.log(`  ID:     ${r.id}`);
+      });
+    } catch (err) { handleError(err); }
+  });
+
+webhooksCmd
+  .command('delete <id>')
+  .description('Delete a webhook by ID')
+  .action(async (id) => {
+    try {
+      await dns.webhooks.delete(id);
+      tick(`Webhook ${id} deleted`);
+    } catch (err) { handleError(err); }
+  });
+
+webhooksCmd
+  .command('test <id>')
+  .description('Send a test event to a webhook')
+  .action(async (id) => {
+    try {
+      const result = await dns.webhooks.test(id);
+      if (isJson()) console.log(JSON.stringify(result, null, 2));
+      tick(`Test event sent to ${result.url}`);
+    } catch (err) { handleError(err); }
+  });
+
+// ─── Parse & run ─────────────────────────────────────────────────────────────
+
+// Verbose timing interceptor: check --verbose directly in argv so it runs before parse
+const _verboseMode = process.argv.includes('--verbose');
+if (_verboseMode && typeof fetch !== 'undefined') {
+  const _origFetch = fetch;
+  global.fetch = async function(url, opts) {
+    const _t0 = Date.now();
+    const _res = await _origFetch(url, opts);
+    const _elapsed = Date.now() - _t0;
+    const _urlStr = String(url).replace(/^https?:\/\/[^/]+/, '');
+    console.error(`[verbose] ${(opts && opts.method) || 'GET'} ${_urlStr} → ${_res.status} ${_res.statusText} (${_elapsed}ms)`);
+    return _res;
+  };
+}
+
+program.parse(process.argv);
+
+// Show help if no command given
+if (!process.argv.slice(2).length) {
+  program.outputHelp();
+}